Wandering Thoughts: Recent Entries For 2007/03/11

I consider __dict__ an implementation detail

Almost all Python objects implement their namespace as a Python dictionary, which they expose as their __dict__ member. You can do interesting things by playing around with this dictionary directly, for example adding bulk name/value mappings to an object by just doing something like obj.__dict__.update(pairs).

I don't like doing this, because I consider __dict__ to be an implementation detail, or at least fairly magical, and thus I feel that I shouldn't be playing around with it; I prefer to get the same results with more general higher-level things like setattr. Seeing code that uses __dict__ makes me vaguely twitchy.

In some sense __dict__ isn't merely an implementation detail, because it is sufficiently well documented (and necessary for things like __setattr__) that it will be sticking around. In another sense it is, because not all objects have a __dict__ (and even when they have one, not all of their attributes necessarily show up there), so you can't assume that you can use it to fish around in an arbitrary object. If you do anyways, you're making assumptions about how other code implements its objects that may come to bite you someday.

(The most obvious case of objects without a __dict__ is instances of classes that use __slots__.)

I'm aware that this is just a personal twitch, and possibly a silly one at that. A lot of Python programmers are perfectly happy to use __dict__, and I've committed worse hacks in my own code without thinking too hard.

Weekly spam summary on March 10th, 2007

This week, we:

• got 14,862 messages from 263 different IP addresses.
• handled 21,019 sessions from 1,246 different IP addresses.
• received 197,155 connections from at least 66,752 different IP addresses.
• hit a highwater of 11 connections being checked at once.

Volume is definitely down from last week, although the session volume is up slightly. The per day numbers have some significant fluctuations:

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes
206.223.168.238       39471   2165K
213.29.7.0/24         24821   1488K
205.152.59.0/24       14936    677K
213.4.149.12          11163    581K
66.16.116.241          5392    259K
71.8.237.114           5374    273K
81.215.229.141         3248    156K
64.83.75.188           3207    154K
64.208.191.0/24        3121    187K
193.202.89.232         2898    155K

This is up from last week, although it's unevenly distributed; the low end is about the same, but the high end is much more active.

• 206.223.168.238 and 213.4.149.12 return from last week.
• 66.16.116.241 kept trying with a bad HELO.
• 71.8.237.114 is a charter.com something or other.
• 81.215.229.141 has inconsistent reverse DNS.
• 64.83.75.188 is a place we no longer talk to because it sent us phish spam.
• 193.202.89.232 kept trying with an origin address that had already tripped our spamtraps.

64.208.191.0/24 deserves special mention: various hosts in there slammed us as part of an aggressive spam run, and then once they had tripped our spamtraps they demonstrated that they were partially ignoring SMTP responses. This is a quick recipee for getting your own set of kernel packet filtering rules; if they come back this week, I'll probably make the block permanent.

Connection time rejection stats:

  62956 total
  37668 dynamic IP
  17559 bad or no reverse DNS
   5173 class bl-cbl
   1049 class bl-sbl
    353 acceleratebiz.com
    198 class bl-dsbl
    132 class bl-pbl
    121 cuttingedgemedia.com
    112 class bl-sdul
     78 class bl-njabl
     27 verticalresponse.com

Overall volume is slightly down from last week. The SBL breakdown is as uninteresting as last week; 962 hits from SBL50892 (colocentral.com, who apparently feel spammer hosting is fine with them), then the next highest is 18 hits from SBL43107 (listed February 16th as 'Gestour Portal spam source').

Four of the top 30 most rejected IP addresses were rejected 100 times or more: 81.51.111.171 (2,190 times, a wanadoo.fr dynamic IP address), 200.88.30.51 (114 times, no reverse DNS), 24.158.104.204 (106 times, a charter.com cablemodem or something), and 71.101.60.68 (106 times, a verizon.net DSL something or other). Fourteen of the top 30 are currently in the CBL, 11 are currently listed by bl.spamcop.net, 11 are in the Spamhaus PBL, and a grand total of 17 are in zen.spamhaus.org.

This week Hotmail managed:

• 3 messages accepted.
• no messages rejected because they came from non-Hotmail email addresses.
• 26 messages sent to our spamtraps.
• no messages refused because their sender addresses had already hit our spamtraps.
• 1 message refused due to its origin IP address being in the CBL.

This is a lot better than their numbers last week.

And the final numbers:

Now that's the sort of numbers on bad bounces that I like to see. There were no really big sources of bad HELOs this week; the highest were 64.3.170.46 (113 times), 69.15.31.193 (82 times), 64.122.66.34 (76 times), and 64.171.104.2 (75 times).

Bad bounces came from four different places to four different usernames; three of the bad usernames are ex-users, and one is a reasonably plausible username.