Category: Proofpoint

Quarterly inventory – 2024 Q3

Dear FutureMe,

Today would be a good day to do a quarterly inventory.

How is your personal life going?

How is your work life going?

How is your Volunteer Service life going?

Future me

Personal Life

Not really a whole lot going on. I have flat feet, and so when I recently got to be Master of Ceremonies at a volunteer service event, I wore my nicest shoes, but all that time in them injured my left foot something fierce. Here a week later, my foot still hurts.

I’d injured my foot several weeks back. My son had told me about Hoka shoes, and indeed they are like walking on marshmallows. Between them and keeping my foot elevated while sitting, I’d recovered. But then I felt the need to dress as sharp as I could for the event, and I re-injured my foot.

Yesterday I was rather depressed. That shows up rarely, maybe two times in a quarter, but it was present yesterday.

I had a ton of fun about a month ago, migrating one of my volunteer service websites to a new host. I moved from Amazon Lightsail to Linode. I was thrilled that the move went so smoothly, so I did it again, this time to my internal Proxmox server, documenting the whole thing for that blog post.

Oh – and I gave up on OpenSuSE and moved my main machine to Manjaro.  Manjaro has been pretty good.  I wish the KDE tilling window manager script worked on it; although I can keep hitting meta+arrow to tile windows, it is kind of dumb that I have to.  This is a KDE problem, not a Manjaro problem – but because I did migrate, I also got the KDE “upgrade”.  That would have happened had I stayed on OpenSuSE too.

Work Life

If $34,000 dropped into my lap today, I would retire tomorrow. I did finally clear my retirement service credit buy-back. I talked about that in Quarterly Inventory 2023 Q2. It is done. Magically, I gained 6.1 years of service credit overnight. The better part is that it frees up $300 per month, which I need because of inflation.

We added a new product, Kiteworks, to replace a service that Proofpoint exited. So far, the Kiteworks company and support are terrible. Because Proofpoint has been going down in quality because of the sell-out to Thoma Bravo, I wouldn’t be surprised if the reason they (Proofpoint) recommended Kiteworks is that they got a kickback. I have zero evidence of that, but it seems to me like the kind of thing Thoma Bravo would do. Anyway, Kiteworks sucks: would not recommend. I’ll probably do a blog post about it later; but there are four problems:

  • The interface is somewhat opaque, and difficult to figure out where particular things are, when I need to change them.
  • There is no documentation. What documentation there is, is from three years ago when the service was vastly different: it in no way applies to the product today.
  • The implementation engineer didn’t explain to us what the effects of the choices were, so we deployed badly to 2,200 of 5,000 users. 5,000 users would have been blindsided with a surprise “what the hell?” situation, except that we caught it some 1,800 users in.
  • So … we’ve had a stable environment for several years now, we’ve deployed Kiteworks, and 1% of machines the Outlook Plugin is deployed to are now crashing randomly and silently, losing all work, … and your technical support is blaming Outlook? Repair Outlook and the problem will go away? Re-image the machine to a fresh image and the problem will go away? Y’all are clowns. How many sets of log files do I have to upload before y’all will start looking at the problem? The problem is Kiteworks Outlook Plugin. We did not have this problem prior to installing your program. If there were a virtual clue-by-4 I could deploy over the Internet, you’d be badly bruised right now.

I’m not really enjoying work right now. I’m thankful I have a good boss, though. He’s great.

Volunteer Service Life

I very much enjoyed being Master of Ceremonies at our Fall event. The speaker was wonderful. It didn’t hurt that he grew up and joined our fellowship 45 miles north of here. The whole event was great.

I don’t know if I’ve mentioned that this year I get to be President of the Board on our little 501(c)(3) here. That job title, plus $5, will get you a fancy coffee at Starschmucks.1

Anyway, it weighs on me that our finances are not sound. We previously had a member who contributed $1,200 per month to our Central Office, and he died three years ago. We’d gotten a $6,000 refund on taxes due to Covid-19 and keeping our employee on the payroll, so it looked like we had money. During Covid-19 a meeting started up in a shack, off-the-record, to avoid government interference. Well, last August, they hooked up a second air conditioning unit in serial (electrically) and then overnight the shack burned to the ground. People showed up for the 7:00 AM meeting to find smoke and embers. No injuries, thankfully. Well, that meeting contributed $300 per month, and poof, that’s gone. Between this and inflation putting the hurt on everyone, our Central Office contributions are not meeting our expenses. We’re going to have to fire or reduce the hours of our single part-time employee. It is depressing.

I’ve got another website, which hosts recordings of speaker meetings. Something in WordPress 6.6 caused it trouble, so I downgraded to WordPress 6.5. But now the login screen takes two minutes to complete. That box is on Ubuntu, and I’d like to migrate to Debian instead. So I need to do a migration again (mentioned above), but I also need to schedule that with the guy who does most of the uploads to it. I don’t have analytics running on it, either, so I don’t have a good feel for what days / times of day it is least used.

  1. I first read that joke in 1981 or 1982, in the Garfield comic, where Jim Davis was commenting on inflation. A cup of coffee went from 25 cents to a dollar at restaurants. Jon made some inane observation and Garfield replied with “that, and a buck will get you a cup of coffee.” When Starbucks became popular in the mid 1990’s I revived the joke with the Starbucks attribution. I still see it being used once in a while on Slashdot or Reddit. ↩︎

I was really annoyed at Proofpoint; but really it was (partially) my fault

sudo postconf -e 'maximal_queue_lifetime = 1d'

I get it: some random guy sets up a new mail server, and you don’t know him from Adam, so you block his email.

They blocked me with a 400 series error. My new Postfix server had the default configuration of waiting five days before giving up. That wasn’t great, because I thought I’d sent an email, but the recipient never got it.

This failure was particularly irritating because my financial advisor needed me to sign an actual piece of paper to change the business relationship. She emailed me a document. It came across in her email that she was concerned about timing, this was rather urgent. I printed the document, signed it, and then emailed her back (on January 4) that I signed the document, but my schedule was such that I wouldn’t be able to bring the document to her office until Friday the 6th. Now I find out that Proofpoint never let my server send her that email; from her point of view I just completely shined her on.

That explains the weird look the receptionist gave me when I showed up on Friday with the signed document. They thought I had ghosted her. I didn’t: Proofpoint had decided to be a bully by stringing my mail server along with a 400 series error, until my mail server gave up and I finally got the 500 series error: blocked.

500 series errors are “it didn’t work, and it’s never going to work, what you are trying failed, we’re done.” 400 series errors on the other hand are “whoops – something went wrong, but it may be on our end rather than yours.”

I think it is a little disingenuous for Proofpoint to reply with a 400 series error “whoops – something went wrong, but it may be on our end rather than yours” when it was never going to get better. They blocked me because my mail server is new, and doesn’t have any reputation with them. That’s not going to get better on it’s own.

The big difference between 400 and 500 series errors is that 500 series errors are known problems. Because they are known problems, the results should be sent back immediately. 400 series errors have traditionally been allowed five days before the sending mail server reports an error. The idea behind 400 series errors was that perhaps you need time to fix a problem: so the sending mail server will try for five days before giving up. Perhaps you are moving to a new data center and you need a whole weekend to migrate. If you start Friday night and are done my Monday morning, the people sending you email will still get their messages to your users. It took several days, but eventually the email got there.

On the other hand, if I am sending an email to not-an-actual-user@some-real-domain.tld then the receiving mail server can immediately give me a 500 series error: not-an-actual-user does not exist. It didn’t work, it’s never going to work, what you are trying failed, we’re done. The sender (me) learns immediately that I mis-typed the email address or something.

I’ve recently gotten some DSN Fails trying to send to @icloud.com users. Same reason: they don’t know my mail server from Adam; but at least Apple was kind enough to let me know immediately that the mail didn’t go. I can at least text the person what I was going to send them in email.

Off-topic but mildly interesting: I had a user at work mis-type an email address by tacking on an extra period at the end. Like they finished a sentence with a period, but this was an email address. DNS has a top level, but to climb the tree means adding a trailing period and doing another DNS query. In other words, my computer could try to look up “mybox” and if that doesn’t resolve, tack a period on the end and look again. That would resolve to “mybox.mydomain”. If that doesn’t resolve, tack a period on the end and look again. That would resolve to “mybox.mydomain.tld” So when the resolution process finally gets to the very top Top Level Domain (TLD), searching stops. Those TLDs are a defined list; which is how DNS knows that there’s no more searching to be done. But whoops if the user asked for mybox.mydomain.tld. <—notice the trailing period. Then DNS is going to keep returning a 400 series error: it looks like there should be an upper level domain, but nothing responded, so maybe that box is just down right now? Try again in a few minutes. Five days later, my user finally got the DSN Fail. He was ticked off: why couldn’t the computer tell him he’d mistyped the email address? Well, because it kept looking for a mail server higher up in the DNS name hierarchy than .com