waider dot i e

April 10: Surprisingly, Straight Outta Compton was not completely full of gratuitous nudity, nines, AKs, and 40s. There are apparently some grumblings about details left out, portrayals, etc. but I have to say they really sold the camaraderie in NWA early on and overall I really enjoyed this. I did think their Dre was too skinny, though.
April 07: Looks like I've managed to get the Postfix thing sorted out. Not 100% clear on which specific thing / things did the trick, but possibly leaving "permit" off the smtpd_sender_restrictions completely, and adding smtpd_relay_restrictions and smtpd_sender_login_maps may be key.
April 06: Hurrah, some new version of OpenHAB has implenented an actions menu for Z-Wave devices that provides access to network tools like "Ping" and "Is Node Dead?" but alas they've prematurely gated them on "can't do this to a battery device" which, my friends, may be true if you follow the specs, but the other tool I have for this has no problem with engaging in such activities.
April 03: We'd planned on watching The Lovely Bones but it turned out to be a purchase, not a rental, so we cast about for something else and landed on Mercy which, if you strip off the AI nonsense was actually a pretty decent whodunnit. I did correctly identify the perpetrator early on, but believed their alibi and the misdirection provided; I very much correctly identified the use for the missing chemical way before the plot got to it, and I wasn't taken in by the misdirection on that. And I mostly identified the motive, although didn't catch a minor Chekov's Gun that would've given me the last bit of the puzzle.

(Checkov's Gun seems not quite the right phrase to use here, but essentially, a piece of information was provided almost in passing that was both more or less irrelevant to the story being told and highly relevant to the ending; the only reason to introduce it was so that the attentive viewer would say, "hang on a sec" at the appropriate moment.)

Anyway. Yes, the panopticon is shitty, the "courtroom" visual effects are cute but stupid, and the premise is somewhat laughable (although you never know these days), but the actual puzzle was fun.
March 27: I'm not entirely clear why I added In The Electric Mist to my watchlist, but it was a really enjoyable movie with some excellent music and some perhaps intentional, perhaps unintentional humour.
March 24: Still haven't solved the Postfix config problem. It's nice that I've got debugging and a script to exercise the desired pass/fail scenarios, but it's frustrating that everthing I try to enable one condition breaks the other, and vice versa.
March 21: Well, on the upside, I now know how to do debug logging for a specific sender IP in Postfix. Alas, I have not managed to debug my specific problem: I want allmail@example.com to wind up in the waider mailbox, but I do not want to receive spam where someone purports to be someluser@example.com and thereby bypasses the various hurdles I am attempting to put in the way of this. It seems that as soon as you say "virtual domain goes to mailbox", even sender addresses are rewritten to check against the allowlist which is exactly what I don't want and also seems to contradict what the documentation says.

To be abundantly clear: I'm trying to block envelope-level spoofing. It appears that it will happily iterate over the rules I've provided, and at some point stumble on "oh, someluser@example.com is an example.com address and so maps to waider and is thereby permitted. Yay!" and I toss virtual config out the window again. This says nothing about virtual, canonical, rewrite, or aliases; this suggests that the rewriting only happens after the mail is queued, but the testing I'm doing doesn't even get to the point of submitting the mail, just the envelope headers, and I can see that's returning me a 250 response and the logs show it's done a virtual lookup in order to arrive at this conclusion. In fact I'm looking that page again right now and it says, "Virtual aliasing is applied only to recipient envelope addresses, [...]." (my underlining). Right there in black and white. LIES.

Maybe I'll figure it out tomorrow. Note, this is broken on a live server I own; I'm trying to fix it on the new server I'm setting up so I can never again see a faked-sender-envelope spam.
March 20: Dead of Winter, in which Emma Thomson does a sort of badass Frances McDormand. It's a good movie, with approximately the same sort of pacing as the speech in that part of the world - slow, but relentless. I was calling the shots a bit in places - there are a lot of Chekov's Guns in this movie - but that didn't detract from it.
March 18: Dammit, another one of my scrapers just had the format changed from out under it. Five minutes of hackery verifes that the replacement is parseable, but will need more work than e.g. a trivial renaming of CSS selectors.
March 16: Voyager, in which Star Trek does Stephen King's Christine. Kinda silly.

New mail server is up and configured with DKIM, DMARC and SPF outbound. No idea what's currently enabled inbound beyond Can't Spoof Me. Will find out shortly how regrettable that is, I imagine. I will say it's nice having a more-or-less throwaway domain to test this stuff out on, since if I screw it up it's no big deal.