Category Archives: Tips and Tricks

Safeguarding Your Domain from Spam & Spoofing

Leave a reply

Spam is something we all deal with. However, if you own the domain from which spam emails appear to originate, the consequences can be severe. Email spoofing is real, and every domain owner should take steps to ensure their domain is not exploited by spammers and scammers.

For business owners, it is crucial to implement basic security measures to prevent domain and email spoofing. Ensuring proper email authentication protocols are in place can help protect both your brand and your customers from malicious attacks.

A good writeup is available at the following links:

https://www.zoho.com/mail/help/adminconsole/spf-configuration.html

https://www.zoho.com/mail/help/adminconsole/dkim-configuration.html

https://www.zoho.com/mail/help/adminconsole/dmarc-policy.html

DKIM (DomainKeys Identified Mail)

DKIM is an email authentication method designed to detect forged sender addresses in email messages. It allows an organization to sign its outgoing emails with a cryptographic signature, which receiving mail servers can verify using the sender’s public key published in the domain’s DNS records.

How DKIM Works

  1. Signing Emails: The sending mail server generates a unique DKIM signature using a private key and embeds it in the email’s header.
  2. Publishing the Public Key: The domain owner publishes the corresponding public key as a TXT record in the domain’s DNS.
  3. Verifying Emails: The recipient’s mail server retrieves the public key from DNS and validates the email’s DKIM signature. If the signature is valid, the email is considered authentic.

SPF (Sender Policy Framework)

SPF is an email authentication protocol that helps prevent email spoofing by specifying which mail servers are authorized to send emails on behalf of a domain. It works by allowing domain owners to publish a TXT record in their DNS settings, listing the mail servers permitted to send emails using their domain.

How SPF Works

  1. DNS Record Setup: The domain owner publishes an SPF TXT record in their DNS settings, specifying allowed mail servers.
  2. Email Transmission: When an email is sent, the recipient’s server queries the sender’s domain for the SPF record.
  3. Verification: The recipient’s server checks if the sending server’s IP address matches the authorized list in the SPF record.
  4. Pass or Fail Decision: If the email comes from an authorized server, it is accepted. Otherwise, it may be rejected or marked as spam.

DMARC (Domain based Message Authentication, Reporting, and Conformance)

DMARC is an email security protocol that builds upon SPF and DKIM to prevent email spoofing. It provides domain owners with visibility into email activity and enforces policies to reject or quarantine unauthorized emails.

How DMARC Works

  1. Email Authentication: DMARC relies on SPF and DKIM to authenticate emails. The recipient server checks if the sender’s domain has valid SPF and/or DKIM signatures.
  2. Policy Enforcement: Based on the domain’s DMARC policy (none, quarantine, or reject), the receiving server determines how to handle unauthenticated emails:
    • p=none: The email is delivered normally, but reports are generated.
    • p=quarantine: Suspicious emails are sent to the spam folder.
    • p=reject: Unauthenticated emails are rejected outright.
  3. Reporting Mechanism: DMARC provides reports (rua for aggregate reports, ruf for forensic reports) to help domain owners monitor email authentication activity and detect unauthorized usage.

Developer productivity tools for iPad

Leave a reply

I have tried doing development on my iPad and I found some tools which I liked:
Python – Pythonista
Java – Jedona

I was able to write some interesting programs while on the go on both my iPhone and especially on iPad. However I have realised that for better productivity it is better to use remote desktop solution to login into my Windows and a VNC solution to login into my MacBook.

Windows Mobile App (Previously called RD Client)
RealVNC Client

I have a static IP available for my home network however one can easily use solution like noip.com to get static domain name to work using the DDNS client built in your home router. I usually configure a port forward on my router to RDP into my windows or VNC into my MacBook if the router does not support VPN server. For better security I have setup a VPN server on my router and I do a VPN connection into my home network effectively eliminating the need of opening ports / do port forwarding.

Using the above approaches I no longer have to carry my laptops around and I use my iPad to do some work directly on iPad or via remote connection to my computers back home.

To manage my personal Linux servers on cloud I use Blink. Combined with Mosh I have found Blink to be a solid solution to SSH into my Linux boxes and do my work.

Blink

This type of setup has greatly reduced the amount of hardware I need to carry around. With one iPad and an iPhone I can work on most of my hobby projects and also do some of my office work.

Viewing files in hex mode

Leave a reply

Sometimes I need to look at files in their actual hexadecimal format. I use the combination of vi and hexdump to fulfill this requirement.

To simply view a file’s content in hex format I use this command on my mac.

hexdump -C <file_name>

This typically is enough for the job at hand. However there is also another trick of using hexdump by leveraging vi command. I follow the following steps:

  • Start vi by typing “vi <file_name>” on the command line.
  • Type “:%!hexdump -C”
  • This will replace the contents of the vi screen with the hex view of the current file.
  • Save the file for future use.

Bash Shell – Folder as tree

Leave a reply

I like using tree command in Linux, thankfully it has been ported to Mac as well and it is quite easy to get tree representation of files and folders inside a directory on a shell. An article on StackOverFlow talks about it aptly. The original site is here.

In case you are using brew then it is quite easy peasy as shown below:

brew install tree

The following commands generate a tree view:

Generates a tree of all files and folders in the current directory:

tree

Generates a tree containing only folders in the current directory:

tree -d

Generates a tree containing only folders for 3 levels depth. 

tree -d -L 2 .

In case you want to use vanilla shell without installing anything. (doesn’t generate a tree though).

find . -maxdepth 3 - type d

Throttling & Tuning Spring Boot

Leave a reply

One of my Spring-Boot projects was battling with overloaded CPU and unresponsive / slow server response at times when there is more traffic. I have explored and implemented caching but my problem was with excessive connections coming in and server itself becoming slow. I could have setup multiple instances and do some kind of auto-scaling but given limited budget and hardware I wanted to put in some hard limits on my Spring-Boot app as to how much traffic it can take in and when it can give up gracefully (there is no shame in rejecting traffic with HTTP status 503 if the server infrastructure is overloaded).

I found a blog post entry from Netflix on how to tune Apache Tomcat and another article on how to tune Rest Controller code itself to implement a rudimentary Rate Limiter. I was glad to find the RateLimiter implementation in Goggle Guava library which I ultimately ended up using (for now). However I think the annotation driven RateLimiter is also a very good solution which is certainly very powerful and I will take it out for a spin sometime in near future.

The basic lesson learnt from this exercise:
– Tweak Tomcat and keep a watch on the acceptCount parameter which technically puts in a limit of how much traffic reaches your Rest controller.
– Use a RateLimiter on your hot APIs (which have higher latency) and don’t let your application get abused beyond a limit.
– Scale horizontally if the limits set above result in lot of traffic getting rejected.

Block a shell script till a server boots up

Leave a reply

This small script blocks a shell script / docker compose command script till a dependent server boots up.

#!/usr/bin/env bash

while :
do
  response=$(curl --write-out %{http_code} --silent --output /dev/null -X GET "$1")
  if [[ "$response" -ne 200 ]] ; then
    echo "Server is not yet up >> $1 >> $response"
    sleep 1
  else
    echo "Server is up >> $1 >> $response"
    exit 1
  fi
done

Taking backup zip from multi-module Java project

Leave a reply

I like to keep an archive of my code on a monthly basis. I wrote a small bash script to create zip out of my multi module Java projects. It gets the job done and can be improved to include resources and test folders as well. As of now I am only interested in the Java code zip backup.

!/bin/bash
 if [ -d "combined" ]; then
     echo "Removing existing zip files in combined .."
     rm combined/*.zip
 else
     echo "Creating combined folder.."
     mkdir combined
 fi
 for d in */ ; do
     if [ -d "$d/src/main/java" ]; then
         var="$(echo $d | sed 's/.$//')"
         echo "Processing $var .."
         cd $d/src/main/java
         zip -r ../../../../combined/$var.zip com
         cd ../../../..
     else
         echo "Ignoring .. $d"
     fi
 done