MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
June
Sun Mon Tue Wed Thu Fri Sat
         
2007
Months
Jun


Tue, Jun 26, 2007 8:28 pm

Using ngrep to Monitor Email Transmissions

A user informed me that an email message she was trying to send was not going out; Outlook showed it remaining in her outbox and would show an error message regarding its attempted connection to the SMTP server eventually, because it couldn't send the message.

When I looked at bandwidth utilization at the SMTP server end with bwmon, I saw that almost all the available bandwidth was being consumed. When I checked to see what type of traffic was involved using IPTraf and pkstat, I saw that email traffic, i.e. connections to port 25 on the server, was consuming the bandwidth. A netstat -a | grep smtp command showed a lot of connections to the SMTP port, which is port 25. When I counted them with netstat -a | grep smtp | wc -l, I found there were 51 connections, which is far more than I would normally see to the server.

To try to get more information on that traffic, I installed ngrep. The author's description of the tool is listed below:

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

To see the "from" and "to" addresses being used in the transmissions, I used the command ngrep -i 'rcpt to|mail from' tcp port smtp, The -i option tells ngrep to ignore the case of characters when looking for pattern matches. The 'rcpt to|mail from' tells it to look for either rcpt to or mail from, which are the commands sent to an email server to specify the recipient and the sender of an email message. SMTP transmissions use the TCP, so the tcp parameter specifies that protocol and the smtp specifies that the SMTP port, port 25 is the one to monitor. Note: you will need to run the command as root or you will get the message "no suitable device found: Operation not permitted".

The command showed the followng output:

# ngrep -i 'rcpt to|mail from' tcp port smtp
interface: eth0 (66.22.186.48/255.255.255.240)
filter: (ip) and ( tcp port smtp )
match: rcpt to|mail from
###############
T 59.172.123.117:1625 -> 66.22.186.53:25 [AP]
  MAIL FROM: <kvocqcbrxzqxqs@fdvwiqrprdewt.logicbest.com>..
####
T 59.172.123.117:1625 -> 66.22.186.53:25 [AP]
  RCPT TO:<janesmith@moonpoint.com>..
###########################
T 216.188.126.165:57486 -> 66.22.186.53:25 [AP]
  MAIL FROM:<175419_VMTA12778-angel=MOONPOINT.COM@DPCTECHNOLOGIES.NET> BODY=8
  BITMIME..RCPT TO:<angelica1@MOONPOINT.COM>..DATA..
#############################
T 66.115.129.69:4852 -> 66.22.186.53:25 [AP]
  MAIL FROM:<>..
##
T 66.115.129.69:4852 -> 66.22.186.53:25 [AP]
  RCPT TO:<moonpointm@moonpoint.com>..

Most of the traffic had invalid "rcpt to" addresses, i.e. there was no such email address on the server. Many of the messages had no "mail from" address. The "mail from" and "rcpt to" addresses are for the "envelope" of the message, i.e., they aren't necessarily the same as the "from" and "to" addresses a recipient would see when viewing the message in an email client. Instead, they are part of the SMTP transmission protocol. An email server will use the "rcpt to" value to route a message to the appropriate mailbox.

While I was checking on the issue, the bandwidth utilization dropped back down to normal and I didn't take any further action.

References:

  1. Bandwidth Monitoring on a Linux System
    Date: September 15, 2004
    MoonPoint Support

  2. Using pktstat to Monitor Network Traffic
    Date: December 13, 2006
    MoonPoint Support

  3. ngrep - network grep
    By: Jordan Ritter
    Date: November 18, 2006
    SourceForge.net

  4. The MAIL, RCPT, and DATA verbs
    By D. J. Bernstein
    D.J. Bernstein - Mathematics and compuer science

  5. ngrep RPM for Red Hat, CentOS, and Fedora
    By: Dag Wiiers
    DAG: Field Commander Wieers

[/network/tools/ngrep] permanent link

Mon, Jun 25, 2007 7:10 am

Pentagon Takes 1,500 Systems Offline

A Time article dated Thursday, June 21, 2007, titled Cyber Attack Hits Pentagon states that the Pentagon took as many as 1,500 computers offline because of a cyber attack, which occurred on Wednesday. The article stated that Defense Secretary Robert Gates said the Pentagon sees hundreds of attacks a day and this one had no adverse impact on department operations. Employees whose computers were affected could still use their handheld BlackBerrys.

I'm not surprised that the Pentagon sees hundreds of attacks a day, but It is hard for me to believe that taking 1,500 systems offline had no impact on department operations. Sure employees could still deal with email via their BlackBerry's, but, even if the systems were used solely for administrative purposes, I would expect the employees would be hampered by a lack of access to spreadsheets, presenations, and other documents normally used in an office environment. Hopefully, the attackers didn't glean sensitive data from any of those systems.

I was surprised by Mr. Gates response when he was asked if his own e-mail account was affected. He responded "I don't do e-mail. I'm a very low-tech person." I understand that for his generation (he's 63 years old) email may not be as much a part of the fabric of business life as for younger Americans, but I was surprised to hear him state he doesn't use it at all, especially since his prior position was president of Texas A&M University.

[/security/attacks] permanent link

Tue, Jun 19, 2007 8:12 pm

MPack Used to Compromise Thousands of Websites

I received a message from eWeek today titled MPack Trojan Attack Claims 10,000 Web Sites, which stated that as many as ten thousand websites may have been infected with malware that directs visitors to those websites to other sites where JavaScript code awaits that attempts to use a buffer overflow attack against vulnerable browser to cause malware to be downloaded to the systems of those visitors. I would have liked to have more detail in the eWeek article about what web server software was vulnerable to the MPack attack and what browsers might be vulnerable, but it appears many reports on the problem are just being posted today. The eWeek article was the first I had heard about the problem, so I appreciate the heads-up, though.

I also found information from Symantec at "Italy Under Attack: Mpack Gang Strikes Again!, after reading the eWeek article. There is another Symantec article titled MPack, Packed Full of Badness. I also located an ars technica article posted earlier today at " Security researchers uncover massive attack on Italian web sites, which had much more detail than the eWeek article.

According to that article the MPack software being used on compromised web servers "provides would-be malware installers with a complete package that can be installed on any web server that runs PHP with an SQL database." So that sounds like it can be used against both Apache web server software running on a variety of platforms, including Linux and Windows, as well as Microsoft's IIS web server software, since PHP along with MySQL or Microsoft's own SQL server software may be running on such systems. The article further states "The compromised web sites attempt to use exploits in unpatched versions of Internet Explorer, QuickTime, Windows 2000, Firefox, WinZip, and Opera, in order to install malware packages on end users' computers."

[/security/attacks] permanent link

Sun, Jun 17, 2007 8:21 pm

Troubleshooting With the Microsoft Exchange Troubleshooting Assistant

Microsoft provides the Microsoft Exchange Troubleshooting Assistant v1.1 to aid in troubleshooting problems with Microsoft Exchange Servers. I installed and ran the tool today to try to figure out why messages sometimes get stuck in SMTP queues on an Exchange 2003 server running on a Windows Small Business Server (SBS) 2003 system.

[ More Info ]

[/network/email/exchange] permanent link

Sun, Jun 17, 2007 2:43 pm

Links Without Underlining

Occasionally, I want a specific link to appear in a webpage without underlining. You can add style="text-decoration:none" with the link to prevent the text associated with the link from being underlined.

For instance, sometimes I use superscripts in a document to link to a reference. Normally a link will be underlined, which will look slightly odd. E.g., if I link back to the reference 1, I used for this blog entry, the number "1" has an underline below it. If I don't want it to appear I can use the HTML code below.

<a href="http://www.pageresource.com/html/link3.htm" style="text-decoration:none"><sup>1</sup></a>

Using that code the reference 1 superscrpt is not underlined.

If you don't want any URLs in the webpage underlined, you can add the following code to the head section of the HTML for the webpage.

<STYLE type="text/css">
<!--
A { text-decoration:none }
-->
</STYLE>

With the above code placed between your <HEAD> and </HEAD> tags, you can code your links as you normally would, but none of them will be underlined. The style sheet in the head section will make them all non-underlined.

[/network/web/html] permanent link

Sun, Jun 17, 2007 12:29 pm

Email Stuck in Exchange SMTP Queues

When a user complained that her email was not reaching a mailing list, I checked the Exchange server that handles her email and found messages stuck in SMTP queues on the server. I was able to force Exchange to send the queued messages, but several messages had been stuck in a queue for days with one in a queue for six days.

[ More Info ]

[/network/email/exchange] permanent link

Sat, Jun 16, 2007 10:59 pm

Enabling Microsoft Exchange Message Logging

A Microsoft Exchange user reported to me that email she sent from Outlook was not reaching recipients, but Outlook was putting it in the Sent folder indicating it had been successfully sent from Outlook.

I found that message tracking was not enabled on the Exchange server, so I needed to turn it on to try to figure out what was happening.

[ More Info ]

[/network/email/exchange] permanent link

Sat, Jun 16, 2007 4:16 pm

Prevent Mailing List Email from Going Into Junk E-mail or Spam Folders

I posted instructions for Hotmail, Gmail, and Outlook users for steps that can be taken to prevent email sent from mailing lists from being automatically placed in junk email or spam folders.

[/network/email/mailing_list] permanent link

Tue, Jun 12, 2007 8:01 pm

Tcpdump Permission Denied on OS-X

I needed to use tcpdump to perform network troubleshooting on an Apple OS-X system (Darwin Kernel Version 7.9.0), but when I tried running it from my account, I received a "permission denied" message.
$ tcpdump
tcpdump: (no devices found) /dev/bpf0: Permission denied

I don't know the root password for the system, but my account has administrator privileges on the system. Without knowing the root password, though, I could not su to the root account. Fortunately, I found a solution at Ethereal "Turbo Charged", where Olivier Biot posted a solution, which I qoute below:

Do a "sudo chown Gurue /dev/bpf*" (or whatever your login name is on your Mac). Once you've done that, you can (at least until the machine is rebooted) run Ethereal or Tethereal or tcpdump or... as yourself, rather than as root. (Mac OS X's "/dev" is implemented with devfs, so the special files aren't persistent across reboots, and it's an older devfs so it can't be configured to set up particular devices with particular owners and permissions, so any ownership or permission changes you make don't survive across reboots.)

I checked the existing permissions on /dev/bpf* files first.

$ ls -l /dev/bpf*
crw-------  1 root  wheel   23,   0 12 Jun 18:32 /dev/bpf0
crw-------  1 root  wheel   23,   1 12 Jun 15:30 /dev/bpf1
crw-------  1 root  wheel   23,   2 12 Jun 15:30 /dev/bpf2
crw-------  1 root  wheel   23,   3 12 Jun 15:30 /dev/bpf3

I then used changed the permissions on just /dev/bpf0. I was prompted for a password when I used sudo chown myacct /dev/bpf0 and was able to change the permissions when I entered my password.

$ sudo chown jdoe /dev/bpf0

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:

I was then able to run tcpdump. When I disconnected and reconnected, I received the message tcpdump: (no devices found) /dev/bpf1: Permission denied when I tried running tcpdump again, so I changed the permission on /dev/bpf1 as well. I could have used sudo chown jdoe /dev/bpf* initially to change the permissions on all the /dev/bpf* files. Since I very infrequently need to run tcpdump on this system, it doesn't matter to me that I will have to reset the permissions on the files again whenever the system is rebooted.

[/os/os-x] permanent link

Sun, Jun 10, 2007 9:27 pm

Email From 166.102.165.166 and 65.54.246.172 Rejected

A family member reported that someone who had tried to send email to her received a bounced message indicating the email was blocked because of antispam provisions. I checked all email from the sender's email address using the find-recipients Perl script I created for such purposes. I saw that one message she sent was rejected and one accepted.

# ./find-recipients.pl wendyvi21@alltel.net /var/log/maillog
Found 2 messages from wendyvi21@alltel.net in /var/log/maillog

Message recipients

Time            Message ID     Status        Recipient
----------------------------------------------------------------
Jun 10 07:58:02 l5ABupmb001042 Rejected      kittycat321@moonpoint.com
Jun 10 08:05:03 l5AC3omb001081 Sent          kittycat321@moonpoint.com

When I checked the /var/log/maillog file for those two message IDs, I found that the first message had been blocked by the Spam and Open-Relay Blocking System (SORBS) blocklist. SORBS is a DNS Blacklist (DNSBL).

The message that was rejected was from ispmxmta05-srv.windstream.net [166.102.165.166], while the one that was accepted was from ispmxmta09-srv.windstream.net [166.102.165.170].

When I checked the SORBS list, it appeared that the 166.102.165.166 had been there for at least a week due to SORBS detecting spam orginating from the email server at that address.

Database of servers sending to spamtrap addresses
Address:166.102.165.166
Record Created:Tue Apr 17 01:00:04 2007 GMT
Record Updated:Mon Jun 4 01:00:03 2007 GMT
Additional Information: [ Updated via: Spam 'o Matic ] Received: from ispmxmta05-srv.windstream.net (ispmxmta05-srv.windstream.net [166.102.165.166]) by desperado.sorbs.net (Postfix) with ESMTP id EE4311144D for <[email]>; Mon[email] 04 Jun 2007 10:40:27 +1000 (EST)
Currently active and flagged to be published in DNS

But when I looked up the other IP address, 166.102.165.170, it appeared it was also in the SORBS blocklist.

Database of servers sending to spamtrap addresses
Address:166.102.165.170
Record Created:Tue Oct 4 13:04:20 2005 GMT
Record Updated:Thu Apr 26 04:41:17 2007 GMT
Additional Information: Received: from ispmxmta09-srv.windstream.net (ispmxmta09-srv.windstream.net [166.102.165.170]) by desperado.sorbs.net (Postfix) with ESMTP id 69DC21143A for <[email]>; Sat[email] 10 Feb 2007 13:52:40 +1000 (EST)
Currently active and flagged to be published in DNS

When I queried the SORBS database through the SORBS Database Lookup webpage, it appeared both addresses were present in the SORBS blocklist, yet when I used blq to query the SORBS blocklist, I found only the first .166 address listed and not the .170 address, which was consistent with Sendmail's rejection of the first message, but not the second one.

# ./blq sorbs 166.102.165.166
166.102.165.166 ispmxmta05-srv.windstream.net : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 166.102.165.170
166.102.165.170 ispmxmta09-srv.windstream.net : dnsbl.sorbs.net : ok

I received another report from a Hotmail sender that she was finding email rejected as well. I went through the same process as above. Again the SORBS website database query seemed to indicate that both addresses would be blocked, but using blq showed only one was blocked, which matched the entries I found in today's maillog file with the first message from the sender being rejected and the second accepted. The first was from bay0-omc2-s36.bay0.hotmail.com [65.54.246.172] and the second from bay0-omc2-s37.bay0.hotmail.com [65.54.246.173].

When performing a database check via the website, I saw the following for the IP address from which a message was rejected:

Database of servers sending to spamtrap addresses
Address:65.54.246.172
Record Created:Thu Aug 3 02:30:03 2006 GMT
Record Updated:Sat Jun 9 09:00:04 2007 GMT
Additional Information: [ Updated via: Spam 'o Matic ] Received: from bay0-omc2-s36.bay0.hotmail.com (bay0-omc2-s36.bay0.hotmail.com [65.54.246.172]) by desperado.sorbs.net (Postfix) with ESMTP id 7EE241147D for <[email]>; Sat, 09 Jun 2007 18:33:28 +1000 (EST)
Currently active and flagged to be published in DNS

But I also saw the following for the IP address of the server from which a message was accepted:

Database of servers sending to spamtrap addresses
Address:65.54.246.173
Record Created:Fri Aug 4 13:53:11 2006 GMT
Record Updated:Sat Mar 3 08:00:34 2007 GMT
Additional Information: [ Updated via: Spam 'o Matic ] Received: from bay0-omc2-s37.bay0.hotmail.com (bay0-omc2-s37.bay0.hotmail.com [65.54.246.173]) by desperado.sorbs.net (Postfix) with ESMTP id 8E17F114AE for <[email]>; Wed, 28 Feb 2007 21:44:25 +1000 (EST)
Currently active and flagged to be published in DNS

Again, the information returned didn't seem to be consisttent with what a blq query returned:

# ./blq sorbs 65.54.246.172
65.54.246.172 bay0-omc2-s36.bay0.hotmail.com : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 65.54.246.173
65.54.246.173 bay0-omc2-s37.bay0.hotmail.com : dnsbl.sorbs.net : ok

So the results I obtained through the website query don't seem to accurately reflect what will be blocked, if I interpret seeing "Currently active and flagged to be published in DNS" appearing in a red block as an indication the address is in the blocklist as one to be blocked.

[/network/email/spam/blocklists] permanent link

Sun, Jun 10, 2007 4:20 pm

Content Management System (CMS) Comparison

I need to set up a Content Management System (CMS) for a new website. I've considered Drupal and Mambo, but wanted to find information comparing the two. I found a site today, The CMS Matrix that allows you to compare the features of dozens of content management systems. You can select up to 10 at a time to see a comparison chart of features.

A comparison of Drupal and Mambo can also be found at Leading Open Source CMS: Mambo versus Drupal - A Comprehensive Comparison. That article references a more comprehensive comparison of Drupal and Mambo, Drupal VS. Mambo written for Xaneon Development, a company which developed Mambo extensions.

References:

  1. The CMS Matrix
  2. Leading Open Source CMS: Mambo versus Drupal - A Comprehensive Comparison
    By Angsuman Chakraborty
    September 13, 2005
    Simple Thoughts - Simple solutions for complex problems
  3. Drupal VS. Mambo
    Originally written for Xaneon Development by Arto Bendiken
    Submitted: January 12, 2006
    Xaneon Development

[/network/web/cms] permanent link

Sun, Jun 10, 2007 1:25 pm

OS-X Running on a PC

Enterprising OS-X hackers have found a way to run Apple's OS-X operating system on standard PC hardware as related in Wired's article Mac Hacks Allow OS X on PCs. Despite Apple's use of a chip to specifically prevent users from putting the operating system (OS) on a standard PC, it is now possible to run the OS on standard PC hardware.

[/os/os-x] permanent link

Sun, Jun 10, 2007 1:17 pm

Apple's Core Animation

Wired has an article, Kiss Boring Interfaces Goodbye With Apple's New Animated OS about a new animation feature that will become available in the Leopard version of OS-X. The feature will allow developers to provide an animated interface to their applications.

[/os/os-x] permanent link

Sun, Jun 10, 2007 12:28 am

Mailman Mailing List Messages Arriving with Unwanted Attachment

I set up a Mailman mailing list for a family member. After I set up the list, she sent a message to the list. The message arrived with a .txt attachment, ATT00088.txt, that was 251 bytes in size. The attachment had only 3 lines. The first was the mailing list name, the next was the mailing list email address, and the last was the listinfo URL for the mailing list. She uses Outlook 2003 and this is apparently a problem that occurs with Mailman maling list messages received by Outlook users when a footer is added to messages, which is Mailman's default behavior. Apparently Mailman adds the footer as an attachment if the original message posted contains a message formatted in HTML MIME, or a text/plain MIME bodypart using a different character set than what Mailman would use for the footers.

To prevent the addition of a footer to messages, from the main mailman administration page for the list, I clicked on [Non-digest options] The text below appeared in the "Footer added to mail sent to regular list members" field.

_______________________________________________
%(real_name)s mailing list
%(real_name)s@%(host_name)s
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

The information listed has the following meaning.

msg_footer (nondigest): Footer added to mail sent to regular list members

Text appended to the bottom of every immediately-delivery message. This text can include Python format strings which are resolved against list attributes. The list of substitutions allowed are:

Since the list owner did not want any footer being sent with messages, I removed all of the text from that field.

I also went to the digest options page and for the "Header added to every digest" field, I removed all of the text in that field.

References:

  1. [Mailman-Users] Why are footers sent as attachments?
    Posted: January 29, 2006
    The Mailman-Users Archives
  2. 4.39. HELP! Mailman is munging HTML & MIME-formatted messages before they are sent out? (problems with Mailman 2.1.x footers)
    Mailman FAQ Wizard

[/network/email/mailing_list/mailman] permanent link

Sun, Jun 10, 2007 12:15 am

Messages from Mailman Mailing List Appear From Listname-bounces

I set up a Mailman mailing list for a family member. When she receives messages from the list they are arriving with a "from" address of listname-bounces@listdomain.net On Behalf Of", with "listname" being the name of the mailing list, followed by the sender's address. She uses Outlook 2003 and sees this as the "from" address, but when the same messages arrive in a Hotmail account, the "from" address is the sender's email address. This behavior is apparently due to the fact that Mailman creates, among other message headers, a "Sender" header of the form "Sender: listname-bounces@listdomain". Some email clients, such as Outlook will place the contents of that "sender" header in the "from" field when they display the message.

By default, most email clients don't display the message headers, but if you view the message headers for a message, you will see the "sender" header that Mailman adds. Viewing Message Headers in Outlook 2002 explains how to view those headers in Outlook

References:

  1. Why do posts appear to be from listname-bounces@mailman.u.washington.edu?
    Author: R. Skiver Thompson
    August 2004
    Frequently Asked Questions About Mailman
  2. Viewing Message Headers in Outlook 2002
    December 16, 2004
    MoonPoint Support

[/network/email/mailing_list/mailman] permanent link

Sat, Jun 09, 2007 10:04 pm

Email to Mailing List from 65.54.246.86 Rejected

I added a Hotmail email address to a mailing list for testing that mailing list. I found that messages from the Hotmail address were being bounced though, because the IP address of the sending Hotmail email server, 65.54.246.86, is in the Spam and Open-Relay Blocking System (SORBS) blocklist. SORBS is a DNS Blacklist (DNSBL). When I checked the SORBS list, it appeared that the 65.54.246.86 had been there for at least a week due to SORBS detecting spam orginating from the Hotmail email server at that address.

Database of servers sending to spamtrap addresses
Address:65.54.246.87
Record Created:Sat Aug 12 12:30:09 2006 GMT
Record Updated:Fri Jun 1 19:30:05 2007 GMT
Additional Information: [ Updated via: Spam 'o Matic ] Received: from bay0-omc1-s15.bay0.hotmail.com (bay0-omc1-s15.bay0.hotmail.com [65.54.246.87]) by desperado.sorbs.net (Postfix) with ESMTP id F0C6311466 for <[email]>; Sat, 02 Jun 2007 05:14:49 +1000 (EST)
Currently active and flagged to be published in DNS

I've been using SORBS as a blocklist for quite awhile, but I have encountered problems many times due to the fact that AOL, Hotmail, EarthLink, and email servers from some other large Internet Service Providers (ISPs) tend to get on the SORBS list frequently and stay there for a long time. I've contacted AOL and EarthLink support previously when I found one or more of their email servers were on the SORBS blocklist. I've found that, though the support personnel with which I communicated understand that their company employs blocklists or other means of blocking spam, they never seem to understand that other email providers may employ similar means. I've never been successful in getting the support personnel I've communicated with at AOL or EarthLink to take any action and usually it doesn't appear that they even understand the problem; I usually just get canned responses about how to stop their service from blocking email rather than any response indicating that they understand the problem is with email going from their systems to other systems (See SORBS Blocking AOL and EarthLink Servers and Report of SORBS listing to EarthLink).

I've found reports by others using SORBS of similar problems with email from Hotmail addresses (see Hotmail on sorbs?!?).

I understand that SORBS policy charging server owners to remove systems does drastically lessen the chances that systems will be removed quickly. I've considered removing the SORBS list from the blocklists I employ to reduce the deluge of spam in users' mailboxes, but it does block thousands of spam messages daily on my server, so I haven't taken that step yet. Usually, I add the sender's email address to the /etc/mail/access list used by Sendmail to keep email from particular senders being checked against the blocklists I employ.

In this case, though, I don't want any email addressed to the mailing list to be checked against a blocklist to preclude this problem. The Mailman mailing list software won't allow any email to the mailing list unless the "from" address is for a member of the mailing list, so I don't need the additional blocklist check.

Fortunately Sendmail, which is the software that handles email on the server, does allow you to specify that email to particular "to" addresses will always be accepted and won't be checked against DNSBL's. You can allow email to a particular address to bypass the blocklist checks by editing /etc/mail/access. Place a line similar to the following in that file:

To:jsmith@example.com         OK

The line above would ensure that email addressed to jsmith@example.com would not be checked against any blocklists employed on the email server.

After editing /etc/mail/access, you need to recreate the access database with a command similar to the following:

makemap hash /etc/mail/access </etc/mail/access

Once I added the mailing list address, I was able to send email to that address from the Hotmail account without worrying that the Hotmail email server used to transmit the messages might be on the SORBS blocklist or another blocklist I'm employing to limit spam.

References:

  1. Spam and Open-Relay Blocking System
  2. DNSBL
    Wikipedia, the free encyclopedia
  3. SORBS Blocking AOL and EarthLink Servers
    April 23, 2006
    MoonPoint Support
  4. Report of SORBS listing to EarthLink
    April 23, 2006
    MoonPoint Support
  5. Hotmail on sorbs?!?
    Posted: September 21, 2005
    ReadList.com - Threaded Mailing List Reader
  6. Sendmail cf/README - Anti-Spam Configuration Control
    sendmail.org

[/network/email/mailing_list] permanent link

Sat, Jun 09, 2007 5:50 pm

Installing Yum on a RedHat 9 System

For a RedHat Linux 9 system, I wanted to install Yum, which is an automatic updater and package installer/remover for Linux systems that use RPMs to manage installed software. I checked to see if Yum was already installed, but it was not installed.

# rpm -qa | grep -i yum

The Yum Download webpage listed the requirements for the latest version of Yum, version 3.2.0, as python 2.4+ and rpm 4.3 and above. I checked the version of the python and rpm packages on the system, but found they were not at the required versions.

# rpm -q --last rpm python
rpm-4.2-0.69                                  Sat 08 Nov 2003 02:37:24 PM EST
python-2.2.2-26                               Sat 08 Nov 2003 02:37:22 PM EST

Instead I needed to get a much earlier version, 2.0.8, which only required python 2.1+ and rpm 4.1.1-4.3.1. After downloading the rpm file, I installed it with rpm --install yum-2.0.8-1.noarch.rpm. I then checked for updates for the system with yum check-update.

An update was available for tcpdump among other utilities. An rpm -q --last tcpdump command showed the following information for the version already installed on the system:

tcpdump-3.7.2-1.9.1                           Sat 08 Nov 2003 08:39:55 PM EST

I tried updating tcpdump with yum install tcpdump, but received the error message below:


# yum install tcpdump
Gathering header information file(s) from server(s)
Server: Red Hat Linux 9 - i386 - Base
Server: Red Hat Linux 9 - Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[update: tcpdump 14:3.7.2-7.9.1.i386]
Is this ok [y/N]: y
Downloading Packages
Getting tcpdump-3.7.2-7.9.1.i386.rpm
retrygrab() failed for:
  http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9//x86/i386/tcpdump-3.7.2-7.9.1.i386.rpm
  Executing failover method
failover: out of servers to try
Error getting file http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9//x86/i386/tcpdump-3.7.2-7.9.1.i386.rpm
[Errno 4] IOError: HTTP Error 404: Not Found

When I checked the Duke University wepage at http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9/x86/, I found it had only one file in that directory. So I needed to add another repository for updates to software for RedHat 9 systems. I found a list of such sites at http://fedoralegacy.org/download/fedoralegacy-mirrors.php. Many of those I checked in the US also no longer had the files available for download. But the DataPipe one at http://mirror.datapipe.net/fedoralegacy/ did still have files available.

I added the following line to the updates section of /etc/yum.conf

baseurl=http://mirror.datapipe.net/fedoralegacy/redhat/9/updates/i386/

The yum.conf file now has the following information in it:


[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1

[base]
name=Red Hat Linux $releasever - $basearch - Base
baseurl=http://mirror.dulug.duke.edu/pub/yum-repository/redhat/$releasever/$basearch/


[updates]
name=Red Hat Linux $releasever - Updates
baseurl=http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/$releasever/
baseurl=http://mirror.datapipe.net/fedoralegacy/redhat/9/updates/i386/

I then ran yum install tcpdump again and this time was able to update tcpdump. Checking the version of the rpm installed afterwards, I saw the following:

# rpm -q --last tcpdump
tcpdump-3.7.2-7.9.4.legacy                    Sat 09 Jun 2007 05:08:22 PM EDT

Yum 2.0.8-1 Download Sites
Duke University
MoonPoint Support

References:

  1. Yellow Dog Updater (YUM)
    Linux@DUKE
  2. RPM Package Manager
    Wikipedia, the free encyclopedia
  3. RedHat 9 Updates - Using Fedora Legacy
  4. Mirror sites by country
    The Fedora Legacy Project

[/os/unix/linux/sysmgmt] permanent link

Thu, Jun 07, 2007 9:01 pm

Skipping Download of Large Email Messages

An Apple eMAC user told me he had been waiting for over an hour to download his email with no new messages yet appearing in his inbox of the 21 new messages on the server. When I checked the email server, I did not see any problems there, but did notice a lot of bandwidth to the server was being used by a POP3 connection from the user's site. POP3 is a protocol used to download email. When I checked his mailbox, I found that the first new message was over 90 MB, which was the source of the problem.

On an Apple system running the OS-X operating system, you can configure the Mail program to prompt before downloading messages that are above a specified size. To do so, take the following steps:

  1. Open the Mail program.
  2. Click on Mail on the program's menubar.
  3. Select Preferences.
  4. Click on the Advanced tab.
  5. Place a value in the "Prompt me to skip messages over [   ] KB" field. E.g. to skip messages over 50 MB in size you could put 51200 in the field (50 megabytes x 1024 kilobytes/megabyte = 51,200 KB).
  6. You can then close the Preferences window choosing Save when prompted as to whether you wish to save the changes you have made.

[/os/os-x] permanent link

Wed, Jun 06, 2007 9:03 pm

Backing Up a Specific Filetype with Tar

To backup a specific filetype, e.g. all PHP files in the current directory and all subdirectories beneath it, you can use the following command:

tar -cvf example.tar $(find . -name "*.php")

The find command will find all of the PHP files and pass them to the tar command. You can see that all of the PHP files are in the tar backup file, example.tar with the command below:

tar -tvf example.tar

You can add HTML files to the backup using the -u option for tar to update the archive file as below:

tar -uvf example.tar $(find . -name "*.html")

References:

  1. tar find ssh
    May 2004
    Computing.Net

[/os/unix/commands] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo