Adding Certificates, Keys, etc

January 9, 2016

The technophobe tends to look at this topic as voodo (whodo?). Since this technophobe tends to look at the unix world and specifically Fedora OR CentOS From a top level [server] point of view one needs to address this for several of compatability, and other Network Reasons

  1.  port 22 provides secure SSH login
  2. port 443 can be used to provide secure http Secure Comm.
  3. port 993 (587?) secure access imap sessions

This rpm openssl-perl.i686 (or something like it)

openssl-perl contains the following script which is a must if you are cheaply intend on using self signed certificates  /etc/pki/tls/misc/

This script WAS NOT used since i am confused about which flags, and the crypto RPMs do come with some keys

usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify

the genkey procedure produced this:

Made a key
Opened tmprequest for writing
(null) Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/
Wrote the key to:

Edit /etc/httpd/conf.d/ssl.conf. Change the SSLCertificateFile and SSLCertificateKey lines to reflect these:

  1.          SSLCertificateFile /etc/pki/tls/certs/
  2.          SSLCertificateKeyFile /etc/pki/tls/private/

Probably not Germain, but i spent a lot of time chasing this

            [Mon Jan 11 12:53:21 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Jan 11 12:53:39 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Mon Jan 11 12:53:39 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

when i tried to configure 1 to also be the key and not the .cert

These Keys will certainly come into play in a couple of other places

  • TLS connections from imap clients on port 143/993 etc [dovecot|cyrus-imap]
  • TLS connections from SMTP machines entering port 25 (postfix)





smtp not really simple at all

January 21, 2010

what is really unclear in the smtp from below

is phone connecting to postfix or is myzvw ? the other thing that confuses me (easily confused)  is it complaining about

– localhost not qualified
– mrluciano not qualified

we may have to add myzvw as a relay, but doesn’t this open your phone up to spam ?

ex) i got a call from unassigned 2066005382 yesterday

Jan 19 09:27:46 gfe postfix/smtpd[22469]: connect from[]
Jan 19 09:27:56 gfe postfix/smtpd[22469]: NOQUEUE: reject: RCPT from[]: 504 5.5.2 <localhost>: Helo
command rejected: n                                            eed
fully-qualified hostname; from=<>
to=<> proto=ESMTP helo=<localhost>
Jan 19 09:27:57 gfe postfix/smtpd[22469]: lost connection after RCPT from[]
Jan 19 09:27:57 gfe postfix/smtpd[22469]: disconnect from[]
Jan 19 09:27:57 gfe postfix/smtpd[22469]: connect from[]
Jan 19 09:28:00 gfe postfix/smtpd[22469]: NOQUEUE: reject: RCPT from[]: 504 5.5.2 <localhost>: Helo
command rejected: n                                            eed
fully-qualified hostname; from=<>
to=<> proto=ESMTP helo=<localhost>

Programming in A->B->C

December 25, 2009

what are A B C ? what is -> .

To the mathematician A, B, C can be objects or quantities (maybe just a placeholder), but need definition and -> is a relationship. then he can talk about  some theories relating to the 3 objects and how the operators cause them to relate to each other.

to the programmer I can see the paradigm in 2 ways

  • A B C are procedural steps and -> are the method(s) to get there as in E T L
  • A B C represent “objects” so b and c are in some sense “controlled by A” but can act independently.

Lately i’ve been working with a pear package “structures datagrid formatter” (ironically also available in .NET) which if you’ve worked with pear the documents leave something to be desired

somewhat void in examples so here are some links


conceptually though it’s paradigm is a mixture of both which is very confusing

A == DataSource

B == Relate Source to Rendition

C == Renderer

Common sources are CSV, Excel files, or SQL, and Renderings can be HTML or Excel. The default Renderer consists of classes by the same author(s)

Structures_DataGrid_Renderer_HTMLTable ->

but this too is an inheritance relation, so the UML starts to look like A->B->C  with A->D->E thrown in. Oh and they say A and C are “drivers”.  The power here though is that the defaults are pretty good 80% of the time to get up some quick, and dirty ie. sortable/pagable row/columns web pages from a variety of data sources  (hire me to show you how )

Custom Rendering and Custom Data Sources

To me this gets back to ETL suppose i want to color (Render) only some cells in some colors in some ways based on the dynamics of the data . Do i call this dynamic rendering ??.  It produces some really unique design challenges. For DataSourcing is the vanilla CSV reader enough ? suppose i want to drop all precision beyond what is humanly interpretable (1234.56 no one [maybe a physicist ] cares about .56). Do i do this in the source or the rendering.

see also for customizing a DataSource Driver.

How can i make the default rendering more pleasing ? Are style sheets enough ?? clearly not if  the changes are dynamic. Although one might create `classes` of cells suitable for grouping into stylesheet classes.  Someone still needs to change HTML ‘cells’ to make reference to the style sheet.  Perhaps a picture of A result will obviate more verbage

Using cyrus-imap w/postfix Milter mgmt

January 20, 2016

For me this is a somewhat ambitious Undertaking so I am masking the effort around creating a mxbackup server [something we have never had]. The problem is vast when one considers the list of components on the current primary mail server

  1.  Postfix
  2. DoveCot
  3.  SpamAssassin
  4.  MailScanner
  5.  MailWatch
  6.  clamav
  7.  postsrsd
  8.  opendkim

cyrus-imap is meant to replace DoveCot, and for the time being I was going to skip 4, and 5 since they are shells around 1, and 3, and 6. Which Add a layer of configuration complexity i’d like to avoid. In fact i find it hard to justify putting in mysql `in a pure mailserver setup`

The history of this setup is MailScanner was chosen to replace amavisd (or -new i forgot) as a means of enhancing SpamAssassin. I do remember looking for alternatives {ClamSmtpD?} at that time,  and with this choice i had no need to run spamd as a milter, but doing that might well have been faster.

So on this go i thought i would give MilterManager a go so following these simple Instructions

 rpm  --install milter-manager-release-1.2.0-1.noarch.rpm

tthis only installs the yum repo stuff for milter-manager
one still needs the actual milter manager SW

 yum install milter-manager.x86_64

After Installing, and Configuring the milters (chkconfig on etc...) One needs
to add all components to the milter manager Group for ex)

usermod -G milter-manager -a postfix  usermod -G milter-manager -a sa-milt usermod -G sa-milt -a milter-manager usermod -G clam -a milter-manager usermod -G opendkim -a milter-manager usermod -G spamd -a milter-manager

To configure cyrus-imapd two(2) files need to be modified

  1.    /etc/sasl2/smtpd.conf
    pwcheck_method: auxprop
    auxprop_plugin: sasldb
    virtdomains:            yes
    configdirectory:        /var/lib/imap
    partition-default:      /var/spool/imap
    admins:                 chuck cyrus gelgin
    sievedir:               /var/lib/imap/sieve
    sendmail:               /usr/sbin/sendmail.postfix
    hashimapspool:          true
    allowanonymouslogin:    no
    allowplaintext:         yes
    sasl_pwcheck_method:    auxprop
    sasl_mech_list:         CRAM-MD5 DIGEST-MD5 PLAIN
    tls_cert_file:          /etc/pki/cyrus-imapd/cyrus-imapd.pem
    tls_key_file:           /etc/pki/cyrus-imapd/cyrus-imapd.pem
    tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
    autocreatequota:                -1
    createonpost:                   yes
    autocreateinboxfolders:         spam
    autosubscribeinboxfolders:      spam

Now going back to Milter Manager configuration the beauty of which is it identifies ALL the milters you have previously installed so…


if we create one of these ie.

/usr/sbin/milter-manager -u milter-manager –show-config >  /etc/milter-manager/milter-manager.local.conf

we can then see what was configured ie.

  1.    grep milter.conn /etc/milter-manager/milter-manager.local.conf
  2.    grep milter.conn /etc/milter-manager/milter-manager.local.conf
  3.    grep  grep milter.ena  /etc/milter-manager/milter-manager.local.conf

which for this last best be `= True` for all entries

well i haven’t totally given up but this `project` certainly isn’t going easily. I had so many problems with miltermanger [it’s a top down thing] i gave up. Same with cyrus-imapd [went to the the devil i know sic dovecot]. Postsrsd isn’t even availabe as an rpm [at least for CentOS]. So… many problems using Clam,Spamd without MailScanner ……

I am actually toying with the thought of going back to amavisD [perhaps with a graphical interface this time ?]. MailScanner works well, but like any shell around Clam,SpamScan it’s configuration is

  1.   OBscure
  2.   DBdependent

which if i go that route there are then many graphical TOOLs out there , so stay tuned …



if i were starting from scratch i would definitely consider this package


yum repository handling and rpm usage

January 9, 2016

This article gives you a steps to install and enable RPMForge repository under RHEL/CentOS 7, 6, 5, 4 systems.

As an example of using rpmbuild from source rpm’s usage


/usr/bin/rpmbuild –rebuild postfixadmin-2.3.8.src.rpm
rpm  -i postfixadmin-2.3.8.src.rpm
rpmbuild -ba postfixadmin.spec

To then list the contents of this new ly created Target `binary` RPM
rpm -qlp rpmbuild/RPMS/noarch/postfixadmin-2.3.8-1.1.noarch.rpm

here are details on enabling ALL the respositories, and prioritizing them

Dovecot Adding CA certificate TLS to Postfix

January 7, 2016

The current dovecot.conf only supports a Public/Private Keypair so when this is added:


with this ssl_key = </etc/pki/dovecot/private/dovecot.pem

we in turn see tons of imap certificate errors sic

Lv3 read client certificate A []
Jan  6 16:53:32 gfee dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A []
Jan  6 16:53:32 gfee dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A []
Jan  6 16:53:32 gfee dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A []
Jan  6 16:53:32 gfee dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A []

since we are in fact NOT using a Certificate this appears to be one of chuck’s imap apple clients causing postfix/dovecot to log these warnings.

The Nickel solution is to just NOT use verbose_ssl so as to ignore the warning. The $100 solution is to actually implement the handling of certificates from the imap dovecot server so….

In directory: /etc/postfix

these kinds of changes have been documented elsewhere:

smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_recipient_restrictions = permit_mynetworks,
broken_sasl_auth_clients = yes

In directory : /etc/pki/dovecot

we can run This Command

[root@gfee dovecot]# openssl req -config dovecot-openssl.cnf -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650
Generating a 1024 bit RSA private key
writing new private key to ‘private/cakey.pem’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:

this creates a TLS CA aware certifcate [the cacert.pem ] for use by the SSL portion of dovecot. ie back to dovecot.conf

The pass pharase above needs to be communicated to dovecot with this option:

ssl_key_password =

so that dovecot can access the private key associated with the certificate you just created. So here is what else was added/changed:

ssl_cert = </etc/pki/dovecot/cacert.pem
ssl_key = </etc/pki/dovecot/private/cakey.pem

to reflect the newly created SSL cert.

Now what remains is to modify postfix.conf to reflect the newly created (cert,key) the first step is to remove the passphrase from postfix’s copy of the cacert.pem

openssl rsa -in /etc/pki/dovecot/private/cakey.pem -out /etc/postfix/cakey.pem

cp  /etc/pki/dovecot/cacert.pem /etc/postfix/

Then change ownership/perms on these new postfix copies:

[root@gfee postfix]#  chmod 0640 cakey.pem cacert.pem
[root@gfee postfix]# chown postfix:postfix cakey.pem cacert.pem

service MailScanner restart

reloads our postfix after modifying postfix’s, and to reflect these new smtpd changes. A couple of afterthoughts which would have saved a LOT of misery:

  •  yum list available crypto* then yumm update that list.
  • dovecot can use a key with a passphrase, but postfix can’t
  • the internet has a plethora of test tools

, but the local Test for TLS is still telnet from the outside:

[gelgin@cjll ~]$ telnet 25
Connected to
Escape character is ‘^]’.
220 ESMTP Postfix
ehlo localhost                                                                           <—- u  have to type
250-SIZE 10240000
250 DSN
STARTTLS                                                                                <—- u  have to type
220 2.0.0 Ready to start TLS



dkim as XMIT/RCV Spoof Advisor

January 6, 2016

I still have an Advertisement @ where i had proclaimed myself as a professional who can help you install dkim. Unfortunately most of the emails i get go something like this:

I am under spoofing attacks and would like to know how DKIM could help. I would also like to know is this a paid service. The detail for implantation at the DKIM.ORG web site described how to add the key. Generating the key was not included in the description. I have an Office 365 premium account and have the DMARC set up. Can you help me to understand what is needed to start using the DKIM key with my exchange environment. 

Sometimes i do quote a rate (which involves a retainer), but in this case my response was  terse sic

i doubt it would help that much maybe 1%,, no i doubt you would get it

, but since he wasn’t ever going to pay me for what he and others think is “free” [like Grits] here is some detail from one of my mail headers:

not spam, SpamAssassin (score=-1.311, required 4.1, autolearn=not spam, ALL_TRUSTED -1.00, BAYES_20 -0.00, DKIM_SIGNED -0.01, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, DKIM_VERIFIED -0.10)

In our email setup spam is rated as a number based on Bayesian Scoring

as a number where anything above 4 or so is spam and above 5 or so just ain’t delivered :/

The point i didn’t wish to persue with him is

  • Why would anybody go to the trouble to ip spoof you
  • if you are using SPF or it’s Microshucks equivalent why is it not getting tagged already

I don’t doubt that this guy is “under attack” though Most of the enquieries i get are probably from people who wish to implement dkim XMIT `transmitters` as opposed to dkim RCV `receivers`. This first customer type view themselves as legitimate “marketeers”, but wish their spam [hm… advertisements ?] to bypass such bayesian spam erradication which was never what Dkim was intended to do.

Which i suppose gets into the issue of whether your MTA only checks Dkim on reciept or signs outgoing e-mail or both. One of the reasons we had never implemented dkim on the sender side is because of the use of Multiple Domains on the same mail Server made implementing that many public/private keypairs painful.

The recent implementation of SRS made this downside much less painful so in fact this gentlemen’s email motivated me to “do the right thing”, but back the recieving side:

; Generic TXT RR format
name  ttl  class   TXT     "text"
;DKIM TXT RR format
selector._domainkey ttl class TXT "DKIM-specific-text"

is from the zytrax book and a little more explicative than the RFC 4871. The specifics for the “DKIM-specific-text” includes stuff like the version, key type, p=publickeystring; , granularity

There are actually many APPs out on the internet that can generate this given a public key

“v=DKIM1; n=AkeyGen; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjf6l7P5/VJcSxmhEerk1zN5Dm4QEWSZRvY694dLcFK6mCGvia7CWdh/r7hvXasFxalOjjd0+1uZawizz5rf4AP65QXqhFMCnMTgfhDsGnz00Lbfkieh9lG8aJEdceLOdPBLNX+NSferT8GTWZ8p8TN9RHULk9PrxN9t6i05kA9wIDAQAB; s=email; t=s:y”

shows you how The DNS record could be generated, but the thing to note is t=s:y This tells the world (sic the MTA RCV reciever) that we are really only TESTing dkim and don’t Trust it or “Please DONT” reject email on that basis alone.

However this stuff can be very subtle for example if t=y (instead of s:y) That Tool  points out that subdomains are allowed [subdomain spoofing anyone ?]

Another thing i would had to spend hours trying to explain to this potential “customer” is that DKIM is much more forgiving than say SPF. Many MTA Recievers rather than giving a FULL Stop on DKim check Will give a Full STOP on SPF faults.

Perhaps a short note pointing out that opendkim is NOT the only one system for signing outgoing emails, and interpreting incoming dkim signatures. Others I have played with from time to time include

This last i include since it does much more than dkim signing, and has it’s own way of configuring keys and provides some pretty interesting build in tools to “pre-test”

# amavisd showkeys
; key#1, domain, /etc/opendkim/keys/default.private  3600 TXT (
“v=DKIM1; h=sha256:sha1; k=rsa; s=default; t=s:y; p=”

# amavisd testkeys
TESTING#1:     => invalid (public key: OpenSSL error: bad base64 decode)

to fix this last

[root@maintenance opendkim]# amavisd convert_keysfile /etc/opendkim/KeyTable    dkim_key(‘default’,         ‘default’,   ‘/etc/opendkim/keys/default.private’);

@dkim_signature_options_bysender_maps = (new_RE(
[ qr/^default\._domainkey\.weboir\.com weboir\.com\@\z/is => { d=>’default’} ],

aparently worked around amavisd 2.2 or so , but it was easier just to start fresh:

# amavisd  genrsa /etc/amavisd/ 1024
Private RSA key successfully written to file “/etc/amavisd/” (1024 bits, PEM format)


Is DKIM going to accomplish your goal ?. I dunno do you thinK signing on XMIT  your outgoing mail header with a private Key that can’t be compromised  is a good thing ? Conversely is Decoding someone else’s Incoming Mail Header RCV with their Public Key which is virtually uncompromisable a guarentee of Authenticity ??. These are subtle questions of ethics that i think the Banks & Financial companies do take seriously.

Use to be putting a .41c stamp on a piece of mail Gave some Federal Protection against Tampering. Me not so sure  == Technophobe ==.




install DKIM w/SRS On Fedora

December 26, 2015

this is the template I followed:

A tutorial for Debian installations w/POSTFIX

SRS which is STEP 2 in their procedure; had already been installed previously from source ie.

unzip -l
cd /usr/local/src/postsrsd-master/
then the typical

make install

, but where the rubber meets the road is integrating this into postfix

Add the following to /etc/postfix/

# PostSRSd settings.
sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:localhost:10002
recipient_canonical_classes= envelope_recipient,header_recipient


Step 1  The DKIM install  (after about a Month)

yum install opendkim.i686

which creates the operating environ for the DKIM daemon sic

[root@gfee postfix]# ls -ld /var/run/opendkim
drwxr-xr-x 2 opendkim opendkim 4096 Sep 22  2011 /var/run/opendkim

modify /etc/opendkim.conf for Your Domain.

Create the directory /etc/opendkim.d and put the following in /etc/opendkim.d/TrustedHosts

modify  /etc/opendkim.d/TrustedHosts with inside network ip's

The next step is to generate the Keys

$ cd /etc/opendkim.d
$ opendkim-genkey -s mail -d
$ chmod 600 mail.private
$ chown opendkim:opendkim mail.private

This Utility produces 2 files

The next step is to Publish the public KEY as a dns TxT record:

  • mail.txt
  • mail.private

which is as expected the public & private dkim keyes v=DKIM1; k=rsa; p=<> where <alphabetical soup> comes from the previously created mail.txt

Since we have a somewhat unusal dns setup to add this DNS TXT record requires accessing a mydns DB on “Master”, and once that is committed one needs to force the zone transfer to the BIND slaves with something like this

         cd  /var/named/chroot/var/named/slaves/; ls -1 /var/named/chroot/var/named/slaves/ | xargs rm ; service named restart

 v=DKIM1; r=postmaster; t=y; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjf6l7P5/VJcSxmhEerk1zN5Dm4QEWSZRvY694dLcFK6mCGvia7CWdh/r7hvXasFxalOjjd0+1uZawizz5rf4AP65QXqhFMCnMTgfhDsGnz00Lbfkieh9lG8aJEdceLOdPBLNX+NSferT8GTWZ8p8TN9RHULk9PrxN9t6i05kA9wIDAQAB

The final Steps are to modify /etc/postfix/ to accomodate opendkim

# Milter settings.
milter_protocol = 2
milter_default_action = accept
# OpenDKIM runs on port 12301.
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

Again in Our setup bouncing Postfix probably not sufficient something like this

/etc/init.d/MailScanner restart

then to actually start the Milter

service opendkim
Usage: /etc/init.d/opendkim {start|stop|status|reload|restart|condrestart}

As a Test there are Several Places which will echo back a verification e-


Dec 26 17:26:10 gfee opendkim[18728]: 3D6AE41C4E: DKIM verification successful
Dec 26 17:26:10 gfee postfix/smtpd[19004]: disconnect from[]

One more suggestion is to verify your Published Key with this Tool

which in my case uncovered an issue. Specifically i did NOT terminate the Key  p=  with ‘;’ . The utility did complain about the choice of the selector name, but mails do work so i take this to be a bug in the tool.

Egyptian Fraction Decomposition of -1 into A sum of 10 components

October 20, 2015


Like China, as a country of a long history, Egypt has a different way  handling fractions. In most cases Egyptians Fractions use 1 as  numerator when using factions, for example, using 1/3 + 1/15 to indicate  2/5; 1/4 + 1/7+ 1/28 to indicate 3/7 etc…. Now the question is that there are 90 Egyptian fractions, going like: 1/2, 1/3, 1/4, 1/5,…,1/90 ,

can you  pick ten out of them and put on plus or minus signs, to make their final sum become -1?

if that means EXACTly 10 is a vERY difffcult lemma to PROVE or disprove,, these days i would write a computer program that tries all possible combinations,, but that won’t work since the computer would convert fractions to decimals and with that double conversion there would be round off error

Study:         my approach would to be to find 3 decompositions of 1 into Egyptian’s which fulfill the requirement of 10 Egyptians total

1/2 + 1/3 + 1/6 = 1 is one possibility

1/8 + 3/8 + 5/8  = 1 is a 2nd in Egyptian becomes 1/8 + (1/3 + 1/24) + (1/2 + 1/8)

As ancient man “Invented the hammer” as a tool to Convert Angular Momentum into Linear Force. Modern man has developed Fraction to Egyptian java app to study such Numerical problems.

1/10 +2/10 +3/10 + 4/10  = 1 which in Eqyptian is 1/10 + 1/5 + (1/4 + 1/20) + (1/3 + 1/15)

using the help of the App above we can now try 12ths

1/12 + 2/12 + 3/12 + 6/12 = 1 which converts to 1/12+ 1/6 + 1/4 + 1/2 which again falls short of 10


well is 1/1 itself Usable ? then A solution is

1 – [ 1/10 + 1/5 + (1/4 + 1/20) + (1/3 + 1/15)] – [1/2 + 1/3 + 1/6]

u know to me the whole excercise sounded like some chinese mathematician trying to prove something on the cheap…

Corn a measure of economic health ?

June 6, 2011

This quote/commentary came from American Century Investments

Corn Price Increases Tell a Story About Why Commodity Prices Are Rising

In case you haven’t been watching, the price of corn for delivery in July (a futures price set on the Chicago Board of Trade) rose 35% just in the month of April from $216 to $293 per metric ton (or if you like to think in terms of bushels, from $5.50 to $7.45 per bushel). As both a commodity and agricultural product, the demand and pricing of corn can provide interesting insights into whether inflation is rising, why and (if so) what factors are driving it. In this Weekly Market Update, we’ll take a look at the market dynamics for corn, what is driving recent price increases and how this is likely to unfold over the remainder of this year and beyond.

Corn is the single largest agricultural product produced in the U.S. with a total crop value last year of $66 billion. In comparison, soybeans (the second largest U.S. crop) had a value of $39 billion while wheat (the third largest U.S. crop) had a value of $12 billion. And as the table below illustrates, it is a business largely focused on a few Midwest states which dedicate millions acres to corn farming.

13+State Acres
for Grain
of Metric Tons)
1 Iowa 13,400 13,050 165 2,153,250 54,711 17.3%
2 Illinois 12,600 12,400 157 1,946,800 49,465 32.9%
3 Nebraska 9,150 8,850 166 1,469,100 37,327 44.7%
4 Minnesota 7,700 7,300 177 1,292,100 32,830 55.1%
5 Indiana 5,900 5,720 157 898,040 22,818 62.3%
6 Kansas 4,850 4,650 125 581,250 14,769 67.0%
7 South Dakota 4,550 4,220 135 569,700 14,475 71.6%
8 Ohio 3,450 3,270 163 533,010 13,543 75.9%
9 Wisconsin 3,900 3,100 162 502,200 12,760 79.9%
10 Missouri 3,150 3,000 123 369,000 9,376 82.9%
U.S. Total 88,192 81,446 153 12,446,865 316,804 100.0%

Source: USDA National Agricultural Statistics Service and National Corn Growers Assocation

The U.S is not only the world’s largest producer of corn but also its largest market. Last year, the per capita consumption of corn in the U.S. was 2,074 pounds per person. And by the way, that doesn’t count the weight of the cob since corn statistics measure only the weight of the corn kernel–which is where all the value is. You may be thinking “I can’t imagine I eat that much corn” and you don’t (I hope). But if you eat pork, beef or chicken (which are fed corn prior to slaughter) or drive a car with a gasoline engine (where 10% of the fuel now consists of corn-based ethanol) you “consume” corn in these activities too. And because corn has so many (and diverse) uses that course through our economy, it makes this agricultural commodity a valuable one for studying its price and how price changes in corn affect many of the consumer and industrial products we manufacture and purchase every day.

U.S. Corn Supply and Demand Balance Years Change
Food, Seed and Industrial (FSI) Uses 1985 2010 Change % Change
Fuel Ethanol 6.9 124.5 +117.6 1708%
High Fructose Corn Syrup 8.3 13.1 +4.8 57%
Starch 4.8 6.4 +1.5 32%
Sweeteners 4.3 6.6 +2.3 54%
Beverage Alcohol 2.1 3.4 +1.3 63%
Seed 0.5 0.6 +0.1 15%
Cereal/Other 2.4 5.0 +2.6 112%
Total FSI 29.3 159.6 +130.3 445%
Food Animal (Pork, Chicken, Beef) Feed and Residual 104.5 132.1 +27.6 26%
Total U.S. Consumption 133.8 291.7 +157.0 118%
Direct Export 31.2 49.5 +18.4 59%
Total Use 164.9 341.2 +176.3 107%
Plus/Minus: Change in Ending Stocks 60.7 -24.5 N/A N/A
Total U.S. Production 225.6 316.8 +91.1 40%

Actually this points out some stunning information. Use of Corn represents

    consumption people or machines
    growth inflation OR deflation

A great deal of oil is used in the production of corn, but there is a feed back mechanism into the production of ethanol based fuel additives for gasoline as well. So to the energy market corn is both a consumer and a producer.

Another feed back is in the consumption of food. Both as a measure of consumption, but in the productivity of people 2074 lbs per person seems like an exagerated amount. If one looked at only the second table from 1985-2010 we have become a nation of predominated by:

    alcoholic drinkers
    breakfast foot eaters
    gasoline guzzling by 10x’s those

What is even more disturbing is how fast corn futures have accelerated in their price change (when calculated in USD) !!. One interpretation here is that we are either headed towards massive inflation OR huge food shortages. The idea that there was enough corn available to process into bio-fuel on any large scale seemed absurd since as the second table shows it has choked off all other demand even as a predominately 10% gasoline additive.

By the way I would hesitate to speculate on how much of that 2074 lbs per person is actually allocated towards pork production since the numbers are skewed by so much ethanol production.

So it may in fact be the american farmer who indeed saves the american economy once again.

MailWatch and MailScanner

March 29, 2011

Mailwatch is the php gui for use with MailScanner. When it became time to upgrade amavisd spamassassin postfix clamav from MailZu installation this became the obvious choice. Amavisd while functional has a very cryptic configuration file, and had severe limitations in how it interfaced to spamassassin.

Particularly I wanted MailScanner to be able to better control the Mail header and the subject line content for spam.

X-Nomenware-Info: Please contact Admin chuck@mrluciano for more information
X-Nomenware-ID: 4819941007.A8CF2
X-Nomenware-Mail: Found to be clean
X-Nomenware-SpamCheck: not spam, SpamAssassin (not cached, score=-7.501, required 4.5, autolearn=not spam, BAYES_00 -1.50, NO_RELAYS -0.00, USER_IN_WHITELIST_TO -6.00)

Another feature is MailScanner actually controls the starting and stopping of postfix subject to the caveat below. While the MailScanner.conf modifications are extensive, and shown in many tutorials I mention a few features here.

  1. I prefer that spam be shown as a number
    SpamScore Number Instead Of Stars = yes
  2. The subject line modification is controlled with this
    Spam Subject Text = {Spam _SCORE_}
  3. beginning of spam score
    Required SpamAssassin Score = 5.5
  4. and a high watermark for really dangerous spam
    High SpamAssassin Score = 8.5
  6. I am conservative with spam lists so
    Spam Lists To Be Spam = 1
    Spam Lists To Reach High Score = 2

Notice how easy adding realtime RBLs was as opposed to modifying Postfix configuration files under amavisd auspices. As in amavisd emails’ above the High Score can probably be deleted after a certain amount of debug time with:

High Scoring Spam Actions = delete

I would in turn not recommend something like

High Scoring Spam Actions = forward

2 very definite problem areas for debug were

  • the permissions on the quarentine directory
  • logging spam into the database to be read
  • first was fixed using a script fix_quarantine_permissions. The second was a configuration item ie.

    Always Looked Up Last = &MailWatchLogging

    It is advisable to run both these commands post installation

  • MailScanner -V
  • MailScanner –lint
  • the first to check for any missing perl Modules, and the second to check clamav, and spamassassin for correct functionality.

    Before deciding on the choice of amavisd or postfix for your installation it is key that you understand the operation of these 2 configuration items.

    Incoming Queue Dir = /var/spool/postfix/hold
    Outgoing Queue Dir = /var/spool/postfix/incoming

    A lot of folks (including the postfix inventor) have NOT recommended using MailScanner with this MTA because it defeats some mechanisms within postfix. In our case i saw the advantages of MailWatch outweighed that consideration, with this caveat:

    While still experimenting with Basic MailScanner.conf i used MailWatch to release a quarantined message that appeared to have:

    Quarantine: /var/spool/MailScanner/quarantine/20110329/7B6C0411DB.ADD2F
    Report: MailScanner: Message attempted to kill MailScanner

    because i thought it to be from a trusted source. This had the VERY NASTY side effect of bringing postfix to a complete stop. It was running and everything seemed fine, but nothing was being delivered. So as in all things free BBW Buyer Be Ware.

    The MailWatch GUI is so much more sophisticated than MailZu. It automates not only quarantine handling, and Bayesian learning, but thanks to php-gd, and some very talented programming puts system wide reports at the finger tips.

    Discrete Topology MBTI

    July 14, 2010

    The area of multivariate statistics has 2 mathematical methodologies that were developed by social scientists over 100 years ago

    1. Principle Component Analysis
    2. Factor Analysis

    Both are a way of looking at Characteristics of sets, and trying to find some minimal way of uniquely identifying set members. The application that impressed me the most was identifying counterfeit bills. Some 30 characteristics of all the bills were statistically collected. However it turns out that only 5 or 6 of those `measurements` are enough to predict that any given bill in the population is counterfeit. Principle Component analysis provides a pleasing mathematical means of reducing this set of 30 measurements to 6 which simply stated involves taking the eigenvalues of that 30×30 covariance matrix and picking the largest ones and then only using those vectors sic component
    measurement to extract maximum information.

    MBTI Myers and Briggs personality test is perhaps an example of the reverse problem. Given some statistical population how can i create dimensional tiling boxes to sort (if not provide order) on that collection. It even provides it’s own coding system so that 4 binary values 2**4 or 16 boxes based on personality characteristics (measurements).

    To understand yourself is to code yourself. ISTP becomes

  • Introvert (vs extrovert)
  • Sensing (vs intuition)
  • Thinking (vs feeling)
  • Perception (vs judgement)
  • what is pleasing about this model is no numerical values are assigned to each only a predominant characteristic. So based on this 4 tuple each person (type) can be placed in one of 16 boxes. I provided a link to the English description of each of these boxes, and i don’t suppose it is coincident that it looks (feels) like one of those chinese menu’s where it is your birth year that describes who you should marry and what kind of job you should do.

    In other words while your match probably won’t be in the same box it certainly wouldn’t be ENFJ for the above instance. I suppose though to `correctly` interact with people is to acknowlege this inverse (diametrically opposite) category. I say correctly since the point of MBTI is that it has no value bias. Which side of each of the 4 vectors you fall on is OK. There are not wrong answers to this test.

    If however you want to understand how that human being in front of you percieves and thinks about his world. Her box is as good a starting point as it gets relative to the total population.

    Free Jung Personality Test (similar to Myers-Briggs/MBTI)

    Tags: , , ,
    Posted in Psychology | Leave a Comment »