Spam will now be unconditionally delivered to the Spam folder of your mailbox. This change has been implemented after carefully analyzing average delivery scores for spam since the last change implemented that deleted spam above a 10. False positives are very rare and the immediate benefits for those who are inundated by a bevy of spam every day far outweigh the possible downsides.

All rules, which have not been modified from their original state, we amended:

# Global maildrop rules go here
# See http://www.courier-mta.org/maildrop/maildropfilter.html for syntax

if ($SIZE < 131072)
{
        exception {
                xfilter "/usr/bin/spamc -u $RECIPIENT"
        }
}

DELETE_THRESHOLD=10.0
if (/^X-Spam-Flag: YES/)
{
        /X-Spam-Score: (\d+)/
        if ($MATCH1 >= $DELETE_THRESHOLD)
        {
                to /dev/null
        }
        else
        {
               to Mail/.Spam/
        }
}

A new esprit update has been pushed to the servers to address a few bugs and implement some quick features:

• Added: select all checkbox to File Manager
• Added: toggle between raw and HTML editors in File Manager
• Added: toggle SSL link in Quick Menu bar to switch between HTTPS/HTTP
• Added: include count of number of Urchin profiles creatable within the account in Urchin 5
• Fixed: refactored Language Options to new AJAX system, query remote Rails gem after page load to avoid unnecessary delays from pulling YAML from RubyForge
• Fixed: all files defaulted to binary view in File Manager
• Fixed: modal warning box firing prematurely in Change Account Billing; cause “operation not permitted” error in IE
• Fixed: missing priority, subject names in ticket e-mails, URL better presented as full link to ticket
• Fixed: Quick Menu rendering problems in IE7, border cut-off
• Fixed: resend_host regex never matched in Majordomo::get_domain_from_list_name_backend() (bug #96)
• Fixed: Majordomo alias not removed after list deletion
• Fixed: missing loading image on tooltips
• Changed: updated icons to reflect current Apis theme
• Changed: upgraded FCKEditor from 2.6b1 to 2.6.2
• Changed: updated logo, background to reflect new theme

Hi folks, it’s time for another update on apnscp esprit and everything going on with Apis. As you may know, I have been busy rewriting and automating the account setup process after roughly three years of sidelining it in favor of other tasks, like writing apnscp esprit. esprit has matured into a well-featured product, so it’s back to the basics and hopefully this will, in the long run, free up more time for me to go back to what I do best— server engineering.

Be on the lookout for a voluntary survey within a week or two asking for your opinions on Apis and your views of esprit’s product positioning.  I have conducted a few focus group sessions with users in the metro Atlanta area to get a better understanding of what needs to be done with esprit.  Every time the major shortcoming appears to be common tasks tend to be more difficult while more difficult tasks tend to be easier.   I’ll be exploring this criticism in-depth within the coming weeks and I would like to ask everyone to please be sure to think about what can be done to improve esprit over the next few weeks.  Just jot it down on a piece of paper or in Notepad if you stumble across something that comes across as cumbersome.

Having said that, esprit will be in a feature freeze until the usability aspects are properly addressed.  Following the UI tweaks, I’ll be working on adding reseller support to the control panel and bring everything together, such as seamless user/account switching.  I would expect these changes to carry into at least October, with the first leg, the survey, coming in late July.

- Matt

Bandwidth has been upgraded across the board by 50% on all packages.  The Minimalist package is now touting 15 GB of transfer per month.  Happy six year anniversary, Apis!

After a two month long pilot of SPF checks on the inbound mail server, these have been removed. Despite being successful in further minimizing the incidence of spam that leaked through, a few high profile domains were terribly misconfigured resulting in false positives (legitimate mail being rejected for violating a SPF record). I saw everything from multiple SPF records, new SPF syntax directives, to even null terminators (officelive.com. 3600 IN TXT "v=spf1 include:hotmail.com ~all\000")… this isn’t a string in a C, folks.
Because shared hosting is such a high entropy environment, there is no surefire way to know that only a particular class of e-mail may come in, i.e. corporate messages or messages between a handful of companies. We all use our business and personal accounts for a variety of reasons and because of which, it’s impossible to directly communicate with everyone who may have an error in their published SPF records preventing delivery.

The two biggest culprits that prompted the change were Office Live and Capital One, both very prominent, high volume senders. Office Live was the first one I handled in early June regarding its invalid syntax. In fact, not only was its SPF record junk, but all Office Live customers had junk SPF records! I escalated the problem through its help center as best as I could find,

From : msaladna@apisnetworks.com
Sent : Thursday, May 22, 2008 11:54:03 PM UTC
To : OFFLV.0000.00.00.EN.MSF.SEA.UA.T01.RTG.00.EM
Subject : Office Live Workspace Abuse

Service:
Office Live Workspace Abuse

What type of problem do you have?
Shared item URL: Copy the “Click here to view it” URL from the sharing invitation e-mail. To do this, right-click the link and select Copy Hyperlink.
http://www.openspf.org/Why?s=mfrom;id=a@officelive.com;ip=65.55.111.77;r=a@b.com;

Type of abuse
Other [Other]

Location of abusive content
File [File]

Please describe the issue and provide as many details as possible to help us investigate the issue quickly.
Please note that all published SPF records for Office Live customers are synt atically invalid due to the terminating null byte at the end. Please remove the null termination from the TXT records for customers:

;; QUESTION SECTION:
;officelive.com. IN TXT
;; ANSWER SECTION:
officelive.com. 702 IN TXT v=spf1 include:hotmail.com ~all\000

;; QUESTION SECTION:
;domain.com. IN TXT
;; ANSWER SECTION:
domain.com. 2901 IN TXT v=spf1 include:hotmail.com ~all\000

and so on. I assume this problem is present with all domains that have delegated authority to ns1/2.officelive.com. The garbage is causing rejects in both SPF packages for Postfix, pypolicyd-spf and perl-policyd-spf. I assume the problem exists in other software that correctly adhere to SPF specifications (RFC 4408) — http://ww w.openspf.org/Specifications

Thank you for your time and I hope this can be resolved in an efficient manner.

Your full name
Matt Saladna

Your e-mail address (for follow-up questions):
msaladna@apisnetworks.com

Which operating system are you using?Windows Server 2003: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9b4) Gecko/2008030714 Firefox/3.0b4
Which browser are you using: Firefox3.0
Location: en-us - English (United States)
Type of Support: E-mail Support
Browser Default Language: en-us,en;q=0.5

and for the response:

Hello Matt,

Thank you for contacting us at Microsoft Office Live Workspace Support.

This is Ajay Lal from Microsoft Office Live Workspace Support Team. We appreciate the time you took to send us your query and we know how important it is for you to have this addressed immediately.

With reference to your email, you have mentioned that all published SPF records for Office Live customers are syntactically invalid due to the terminating null byte at the end. I appreciate your feedback for Microsoft Office Live. At the same time I am forwarding this feedback to our Product Development Team and they will work upon your request.

Thank you for participating in Microsoft Office Live program. Your feedback is very important in the on-going effort to improve the service and ready it for the live release. We appreciate your assistance in making the Microsoft Office Live Product a great success.

Please continue to let us know your thoughts and suggestions as you use the service.

We also appreciate your solidarity with Microsoft Office Live Workspace. You may be selected to receive a survey. Your feedback is valuable to us as we are always interested in hearing about your support experience. Should you receive a survey, we appreciate you taking the time to respond.

Have a nice day, Matt!

Regards,
Ajay Lal
Microsoft Office Live Workspace Support

Three esprit updates have been pushed to the servers for bug fixes:

• Fixed: uid lookup entries are not populated if the username exists in Manage Mailboxes as an alias
• Fixed: Urchin site configuration variable, max_profiles, is inaccessible from the Web server as the info directory has 0700 permissions, pull from configuration cache to allow per-site profile limits (default: 2)
• Fixed: update esprit to correctly match against RubyGems’ gem output format in 1.x