←June→
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
|
|
|
|
|
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
|
|
Tue, Jun 26, 2007 8:28 pm
Using ngrep to Monitor Email Transmissions
A user informed me that an email message she was trying to send was not
going out; Outlook showed it remaining in her outbox and would show an
error message regarding its attempted connection to the
SMTP server eventually,
because it couldn't send the message.
When I looked at bandwidth utilization at the SMTP server end with
bwmon, I saw
that almost all the available bandwidth was being consumed. When I checked
to see what type of traffic was involved using
IPTraf and
pkstat, I saw that email traffic, i.e. connections to port 25 on the
server, was consuming the bandwidth. A netstat -a | grep smtp
command showed a lot of connections to the
SMTP port, which is port 25.
When I counted them with netstat -a | grep smtp | wc -l
, I
found there were 51 connections, which is far more than I would normally
see to the server.
To try to get more information on that traffic, I installed
ngrep. The author's
description of the tool is listed below:
ngrep strives to provide most of GNU grep's common features, applying
them to the network layer. ngrep is a pcap-aware tool that will allow
you to specify extended regular or hexadecimal expressions to match
against data payloads of packets. It currently recognizes IPv4/6, TCP,
UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token
Ring and null interfaces, and understands BPF filter logic in the same
fashion as more common packet sniffing tools, such as tcpdump and snoop.
To see the "from" and "to" addresses being used in the transmissions,
I used the command ngrep -i 'rcpt to|mail from' tcp port smtp
,
The -i
option tells ngrep to ignore the case of characters
when looking for pattern matches. The 'rcpt to|mail from'
tells it to look for either rcpt to
or mail from
,
which are the commands sent to an email server to specify the recipient
and the sender of an email message. SMTP transmissions use
the TCP, so
the tcp
parameter specifies that protocol and the smtp
specifies that the SMTP port, port 25 is the one to monitor.
Note: you will need to run the command as root or you will get the
message "no suitable device found: Operation not permitted".
The command showed the followng output:
# ngrep -i 'rcpt to|mail from' tcp port smtp
interface: eth0 (66.22.186.48/255.255.255.240)
filter: (ip) and ( tcp port smtp )
match: rcpt to|mail from
###############
T 59.172.123.117:1625 -> 66.22.186.53:25 [AP]
MAIL FROM: <kvocqcbrxzqxqs@fdvwiqrprdewt.logicbest.com>..
####
T 59.172.123.117:1625 -> 66.22.186.53:25 [AP]
RCPT TO:<janesmith@moonpoint.com>..
###########################
T 216.188.126.165:57486 -> 66.22.186.53:25 [AP]
MAIL FROM:<175419_VMTA12778-angel=MOONPOINT.COM@DPCTECHNOLOGIES.NET> BODY=8
BITMIME..RCPT TO:<angelica1@MOONPOINT.COM>..DATA..
#############################
T 66.115.129.69:4852 -> 66.22.186.53:25 [AP]
MAIL FROM:<>..
##
T 66.115.129.69:4852 -> 66.22.186.53:25 [AP]
RCPT TO:<moonpointm@moonpoint.com>..
Most of the traffic had invalid "rcpt to" addresses, i.e. there was no such
email address on the server. Many of the messages had no "mail from"
address. The "mail from" and "rcpt to" addresses are for the
"envelope"
of the message, i.e., they aren't necessarily the same as the "from" and
"to" addresses a recipient would see when viewing the message in an email
client. Instead, they are part of the SMTP transmission protocol.
An email server will use the "rcpt to" value to route a message to the
appropriate mailbox.
While I was checking on the issue, the bandwidth utilization dropped back
down to normal and I didn't take any further action.
References:
-
Bandwidth Monitoring on a Linux System
Date: September 15, 2004
MoonPoint Support
-
Using pktstat to Monitor Network Traffic
Date: December 13, 2006
MoonPoint Support
-
ngrep - network grep
By: Jordan Ritter
Date: November 18, 2006
SourceForge.net
-
The MAIL, RCPT, and DATA verbs
By D. J. Bernstein
D.J. Bernstein - Mathematics and
compuer science
-
ngrep RPM for
Red Hat, CentOS, and Fedora
By: Dag Wiiers
DAG: Field Commander Wieers
[/network/tools/ngrep]
permanent link
Mon, Jun 25, 2007 7:10 am
Pentagon Takes 1,500 Systems Offline
A
Time article dated Thursday, June 21,
2007, titled
Cyber Attack Hits Pentagon states that the Pentagon
took as many as 1,500 computers offline because of a cyber attack, which
occurred on Wednesday. The article stated that Defense Secretary
Robert Gates
said the Pentagon sees hundreds of attacks a day and this one had no adverse
impact on department operations. Employees whose computers were affected could
still use their handheld BlackBerrys.
I'm not surprised that the Pentagon sees hundreds of attacks a day, but
It is hard for me to believe that taking 1,500 systems offline had no
impact on department operations. Sure employees could still deal with email via
their BlackBerry's, but, even if the systems were used solely for
administrative purposes, I would expect the employees would be hampered by
a lack of access to spreadsheets, presenations, and other documents normally
used in an office environment. Hopefully, the attackers didn't glean
sensitive data from any of those systems.
I was surprised by Mr. Gates response when he was asked if his own e-mail
account was affected. He responded "I don't do e-mail. I'm a very low-tech
person." I understand that for his generation (he's 63 years old) email
may not be as much a part of the fabric of business life as for younger
Americans, but I was surprised to hear him state he doesn't use it at all,
especially since his prior position was president of Texas A&M University.
[/security/attacks]
permanent link
Tue, Jun 19, 2007 8:12 pm
MPack Used to Compromise Thousands of Websites
I received a message from
eWeek today
titled
MPack Trojan Attack Claims 10,000 Web Sites, which stated that
as many as ten thousand websites may have been infected with malware that
directs visitors to those websites to other sites where JavaScript code awaits
that attempts to use a buffer overflow attack against vulnerable browser to
cause malware to be downloaded to the systems of those visitors.
I would have liked to have more detail in the eWeek article about what
web server software was vulnerable to the MPack attack and what browsers
might be vulnerable, but it appears many
reports on the problem are just being posted today.
The eWeek article was the first I
had heard about the problem, so I appreciate the heads-up, though.
I also found information from Symantec at "Italy
Under Attack: Mpack Gang Strikes Again!,
after reading the eWeek article. There is another Symantec article
titled MPack, Packed Full of Badness. I also located
an ars technica article posted
earlier today at "
Security researchers uncover massive attack on Italian web sites,
which had much more detail than the eWeek article.
According to that article the MPack software being used on compromised web
servers "provides would-be malware installers with a complete package
that can be installed on any web server that runs PHP with an SQL
database." So that sounds like it can be used against both Apache web
server software running on a variety of platforms, including Linux and
Windows, as well as Microsoft's IIS web server software, since PHP along
with MySQL or Microsoft's own SQL server software may be running on such
systems. The article further states "The compromised web sites attempt
to use exploits in unpatched versions of Internet Explorer, QuickTime,
Windows 2000, Firefox, WinZip, and Opera, in order to install malware
packages on end users' computers."
[/security/attacks]
permanent link
Sun, Jun 17, 2007 8:21 pm
Troubleshooting With the Microsoft Exchange Troubleshooting Assistant
Microsoft provides the
Microsoft Exchange Troubleshooting Assistant v1.1 to aid in
troubleshooting problems with Microsoft Exchange Servers. I installed and
ran the tool today to try to figure out why messages sometimes get
stuck in
SMTP
queues on an Exchange 2003 server running on a Windows Small Business
Server (SBS) 2003 system.
[ More
Info ]
[/network/email/exchange]
permanent link
Sun, Jun 17, 2007 2:43 pm
Links Without Underlining
Occasionally, I want a specific link to appear in a webpage without
underlining. You can add
style="text-decoration:none"
with the link to prevent the text associated with the link from being
underlined.
For instance, sometimes I use superscripts in a document to link to
a reference. Normally a link will be underlined, which will look
slightly odd. E.g., if I link back to the reference
1, I
used for this blog entry, the number "1" has an underline below it.
If I don't want it to appear I can use the HTML code below.
<a href="http://www.pageresource.com/html/link3.htm"
style="text-decoration:none"><sup>1</sup></a>
Using that code the reference
1 superscrpt is not
underlined.
If you don't want any URLs in the webpage underlined, you can add the
following code to the head
section of the HTML for the webpage.
<STYLE type="text/css">
<!--
A { text-decoration:none }
-->
</STYLE>
With the above code placed between your <HEAD>
and
</HEAD>
tags, you can
code your links as you normally would, but none of them will be underlined.
The style sheet in the head section will make them all non-underlined.
[/network/web/html]
permanent link
Sun, Jun 17, 2007 12:29 pm
Email Stuck in Exchange SMTP Queues
When a user complained that her email was not reaching a mailing list,
I checked the Exchange server that handles her email and found messages
stuck in
SMTP
queues on the server. I was able to force Exchange to send the queued messages,
but several messages had been stuck in a queue for days with one in a queue
for six days.
[ More Info ]
[/network/email/exchange]
permanent link
Sat, Jun 16, 2007 10:59 pm
Enabling Microsoft Exchange Message Logging
A Microsoft Exchange user reported to me that email she sent from Outlook
was not reaching recipients, but Outlook was putting it in the
Sent
folder indicating it had been successfully sent from Outlook.
I found that message tracking was not enabled on the Exchange server,
so I needed to turn it on to try to figure out what was happening.
[ More Info ]
[/network/email/exchange]
permanent link
Sat, Jun 16, 2007 4:16 pm
Prevent Mailing List Email from Going Into Junk E-mail or Spam Folders
I posted
instructions for Hotmail, Gmail, and Outlook users for steps
that can be taken to prevent email sent from mailing lists from being
automatically placed in junk email or spam folders.
[/network/email/mailing_list]
permanent link
Tue, Jun 12, 2007 8:01 pm
Tcpdump Permission Denied on OS-X
I needed to use tcpdump to perform network troubleshooting on an Apple OS-X
system (Darwin Kernel Version 7.9.0), but when I tried running it from
my account, I received a "permission denied" message.
$ tcpdump
tcpdump: (no devices found) /dev/bpf0: Permission denied
I don't know the root password for the system, but my account has
administrator privileges on the system. Without knowing the root
password, though, I could not su
to the root account.
Fortunately, I found a solution at
Ethereal "Turbo Charged", where Olivier Biot posted a solution,
which I qoute below:
Do a "sudo chown Gurue /dev/bpf*" (or whatever your login name is on your
Mac). Once you've done that, you can (at least until the machine is
rebooted) run Ethereal or Tethereal or tcpdump or... as yourself, rather
than as root. (Mac OS X's "/dev" is implemented with devfs, so the special
files aren't persistent across reboots, and it's an older devfs so it can't
be configured to set up particular devices with particular owners and
permissions, so any ownership or permission changes you make don't survive
across reboots.)
I checked the existing permissions on /dev/bpf* files first.
$ ls -l /dev/bpf*
crw------- 1 root wheel 23, 0 12 Jun 18:32 /dev/bpf0
crw------- 1 root wheel 23, 1 12 Jun 15:30 /dev/bpf1
crw------- 1 root wheel 23, 2 12 Jun 15:30 /dev/bpf2
crw------- 1 root wheel 23, 3 12 Jun 15:30 /dev/bpf3
I then used changed the permissions on just /dev/bpf0. I was
prompted for a password when I used sudo chown myacct /dev/bpf0
and was able to change the permissions when I entered my password.
$ sudo chown jdoe /dev/bpf0
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password:
I was then able to run tcpdump. When I disconnected and reconnected,
I received the message tcpdump: (no devices found) /dev/bpf1: Permission
denied
when I tried running tcpdump again, so I changed
the permission on /dev/bpf1 as well. I could have used
sudo chown jdoe /dev/bpf*
initially to change the permissions
on all the /dev/bpf* files. Since I very infrequently need to
run tcpdump on this system, it doesn't matter to me that I will have
to reset the permissions on the files again whenever the system is rebooted.
[/os/os-x]
permanent link
Sun, Jun 10, 2007 9:27 pm
Email From 166.102.165.166 and 65.54.246.172 Rejected
A family member reported that someone who had tried to send email to
her received a bounced message indicating the email was blocked because
of antispam provisions. I checked all email from the sender's email
address using the
find-recipients Perl script I created for such purposes. I saw that one
message she sent was rejected and one accepted.
# ./find-recipients.pl wendyvi21@alltel.net /var/log/maillog
Found 2 messages from wendyvi21@alltel.net in /var/log/maillog
Message recipients
Time Message ID Status Recipient
----------------------------------------------------------------
Jun 10 07:58:02 l5ABupmb001042 Rejected kittycat321@moonpoint.com
Jun 10 08:05:03 l5AC3omb001081 Sent kittycat321@moonpoint.com
When I checked the /var/log/maillog file for those two message
IDs, I found that the first message had been blocked by the
Spam and Open-Relay Blocking
System (SORBS) blocklist. SORBS is a
DNS Blacklist (DNSBL).
The message that was rejected was from ispmxmta05-srv.windstream.net
[166.102.165.166], while the one that was accepted was from
ispmxmta09-srv.windstream.net [166.102.165.170].
When I checked the SORBS list, it appeared that the 166.102.165.166
had been there for at least a week due to SORBS detecting spam
orginating from the email server at that address.
Database of servers sending to spamtrap addresses
Address: | 166.102.165.166 |
Record Created: | Tue Apr 17 01:00:04 2007 GMT |
Record Updated: | Mon Jun 4 01:00:03 2007 GMT |
Additional Information: |
[ Updated via: Spam 'o Matic ] Received: from
ispmxmta05-srv.windstream.net (ispmxmta05-srv.windstream.net [166.102.165.166]) by desperado.sorbs.net (Postfix) with ESMTP id EE4311144D for <[email]>;
Mon[email] 04 Jun 2007 10:40:27 +1000 (EST) |
Currently active and flagged to be published in DNS |
But when I looked up the other IP address, 166.102.165.170, it appeared it
was also in the SORBS blocklist.
Database of servers sending to spamtrap addresses
Address: | 166.102.165.170 |
Record Created: | Tue Oct 4 13:04:20 2005 GMT |
Record Updated: | Thu Apr 26 04:41:17 2007 GMT |
Additional Information: |
Received: from ispmxmta09-srv.windstream.net (ispmxmta09-srv.windstream.net
[166.102.165.170]) by desperado.sorbs.net (Postfix) with ESMTP id 69DC21143A
for <[email]>; Sat[email] 10 Feb 2007 13:52:40 +1000 (EST) |
Currently active and flagged to be published in DNS |
When I queried the SORBS database through the SORBS
Database Lookup
webpage, it appeared both addresses were present in the SORBS blocklist,
yet when I used
blq to query the SORBS blocklist, I found only the first .166 address listed
and not the .170 address, which was consistent with Sendmail's rejection of
the first message, but not the second one.
# ./blq sorbs 166.102.165.166
166.102.165.166 ispmxmta05-srv.windstream.net : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 166.102.165.170
166.102.165.170 ispmxmta09-srv.windstream.net : dnsbl.sorbs.net : ok
I received another report from a Hotmail sender
that she was finding email rejected as well. I went through the same process
as above. Again the SORBS website database query seemed to indicate that both
addresses would be blocked, but using blq showed only one was blocked, which
matched the entries I found in today's maillog file with the first message
from the sender being rejected and the second accepted. The first was from
bay0-omc2-s36.bay0.hotmail.com [65.54.246.172] and the second from
bay0-omc2-s37.bay0.hotmail.com [65.54.246.173].
When performing a database check via the website, I saw the following
for the IP address from which a message was rejected:
Database of servers sending to spamtrap addresses
Address: | 65.54.246.172 |
Record Created: | Thu Aug 3 02:30:03 2006 GMT |
Record Updated: | Sat Jun 9 09:00:04 2007 GMT |
Additional Information: |
[ Updated via: Spam 'o Matic ] Received: from
bay0-omc2-s36.bay0.hotmail.com (bay0-omc2-s36.bay0.hotmail.com [65.54.246.172])
by desperado.sorbs.net (Postfix) with ESMTP id 7EE241147D for <[email]>;
Sat, 09 Jun 2007 18:33:28 +1000 (EST) |
Currently active and flagged to be published in DNS |
But I also saw the following for the IP address of the server from which
a message was accepted:
Database of servers sending to spamtrap addresses
Address: | 65.54.246.173 |
Record Created: | Fri Aug 4 13:53:11 2006 GMT |
Record Updated: | Sat Mar 3 08:00:34 2007 GMT |
Additional Information: |
[ Updated via: Spam 'o Matic ] Received: from bay0-omc2-s37.bay0.hotmail.com
(bay0-omc2-s37.bay0.hotmail.com [65.54.246.173]) by desperado.sorbs.net
(Postfix) with ESMTP id 8E17F114AE for <[email]>; Wed, 28 Feb 2007
21:44:25 +1000 (EST)
|
Currently active and flagged to be published in
DNS |
Again, the information returned didn't seem to be consisttent with
what a blq query returned:
# ./blq sorbs 65.54.246.172
65.54.246.172 bay0-omc2-s36.bay0.hotmail.com : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 65.54.246.173
65.54.246.173 bay0-omc2-s37.bay0.hotmail.com : dnsbl.sorbs.net : ok
So the results I obtained through the website query don't seem to accurately
reflect what will be blocked, if I interpret seeing
"Currently active and flagged to be published in DNS" appearing in a red
block as an indication the address is in the blocklist as one to be blocked.
[/network/email/spam/blocklists]
permanent link
Sun, Jun 10, 2007 4:20 pm
Content Management System (CMS) Comparison
I need to set up a Content Management System (CMS) for a new website.
I've considered
Drupal and
Mambo, but wanted to find
information comparing the two. I found a site today,
The CMS Matrix that allows you to
compare the features of dozens of content management systems. You can select
up to 10 at a time to see a comparison chart of features.
A comparison of Drupal and Mambo can also be found at
Leading Open Source CMS: Mambo versus Drupal - A Comprehensive
Comparison. That article references a more comprehensive
comparison of Drupal and Mambo,
Drupal VS. Mambo written for Xaneon
Development, a company which developed Mambo extensions.
References:
- The CMS Matrix
-
Leading Open Source CMS: Mambo versus Drupal - A Comprehensive Comparison
By Angsuman Chakraborty
September 13, 2005
Simple Thoughts - Simple solutions
for complex problems
-
Drupal VS. Mambo
Originally written for Xaneon Development by Arto Bendiken
Submitted: January 12, 2006
Xaneon Development
[/network/web/cms]
permanent link
Sun, Jun 10, 2007 1:25 pm
OS-X Running on a PC
Enterprising OS-X hackers have found a way to run Apple's OS-X operating
system on standard PC hardware as related in
Wired's article
Mac Hacks Allow OS X on PCs. Despite Apple's use of a chip to
specifically prevent users from putting the operating system (OS) on a standard
PC, it is now possible to run the OS on standard
PC hardware.
[/os/os-x]
permanent link
Sun, Jun 10, 2007 1:17 pm
Apple's Core Animation
Wired has an article,
Kiss Boring Interfaces Goodbye With Apple's New Animated OS
about a new animation feature that will become available in the Leopard
version of OS-X. The feature will allow developers to provide an animated
interface to their applications.
[/os/os-x]
permanent link
Sun, Jun 10, 2007 12:28 am
Mailman Mailing List Messages Arriving with Unwanted Attachment
I set up a
Mailman
mailing list for a family member. After I set up the list, she sent
a message to the list. The message arrived with a .txt attachment,
ATT00088.txt, that was 251 bytes in size. The attachment
had only 3 lines. The first was the mailing list name, the next was
the mailing list email address, and the last was the listinfo URL for
the mailing list. She uses Outlook 2003
and this is apparently a problem that occurs with Mailman maling list messages
received by Outlook users
when a footer is added to messages, which is Mailman's default behavior.
Apparently Mailman adds the footer as an attachment if the
original message posted contains a message formatted in HTML MIME,
or a text/plain MIME bodypart using a different character set than
what Mailman would use for the footers.
To prevent the addition of a footer to messages,
from the main mailman administration page for the list, I clicked on
[Non-digest options] The text below appeared in the
"Footer added to mail sent to regular list members" field.
_______________________________________________
%(real_name)s mailing list
%(real_name)s@%(host_name)s
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
The information listed has the following meaning.
msg_footer (nondigest): Footer added to mail sent to regular list membersText appended to the bottom of every immediately-delivery
message. This text can include
Python
format strings which are resolved against list attributes. The
list of substitutions allowed are:
real_name
- The `pretty' name of the list; usually
the list name with capitalization.
list_name
- The name by which the list is
identified in URLs, where case is significant. (For backwards
compability, _internal_name
is equivalent.)
host_name
- The fully qualified domain name
that the list server runs on.
web_page_url
- The base URL for Mailman. This
can be appended with,
e.g. listinfo/%(internal_name)s
to yield the
listinfo page for the mailing list.
description
- The brief description of the
mailing list.
info
- The full description of the mailing
list.
cgiext
- The extension added to CGI scripts.
Since the list owner did not want any footer being sent with messages,
I removed all of the text from that field.
I also went to the digest options page and for the "Header added to
every digest" field, I removed all of the text in that field.
References:
-
[Mailman-Users] Why are footers sent as attachments?
Posted: January 29, 2006
The Mailman-Users
Archives
-
4.39. HELP! Mailman is munging HTML & MIME-formatted messages before they are
sent out? (problems with Mailman 2.1.x footers)
Mailman FAQ Wizard
[/network/email/mailing_list/mailman]
permanent link
Sun, Jun 10, 2007 12:15 am
Messages from Mailman Mailing List Appear From Listname-bounces
I set up a
Mailman
mailing list for a family member. When she receives messages from the
list they are arriving with a "from" address of
listname-bounces@listdomain.net On Behalf Of", with "listname" being the name
of the mailing list, followed by the sender's address. She uses Outlook
2003 and sees this as the "from" address, but when the same messages arrive
in a
Hotmail account, the "from" address
is the sender's email address. This behavior is apparently due to the fact
that Mailman creates, among other message headers, a "Sender" header of the form
"Sender: listname-bounces@listdomain". Some email clients, such as Outlook will
place the contents of that "sender" header in the "from" field when they
display the message.
By default, most email clients don't display the message headers, but if you
view the message headers for a message, you will see the "sender" header that
Mailman adds.
Viewing Message Headers in Outlook 2002
explains how to view those headers in Outlook
References:
-
Why do posts appear to be from listname-bounces@mailman.u.washington.edu?
Author: R. Skiver Thompson
August 2004
Frequently Asked Questions About Mailman
-
Viewing Message Headers in Outlook 2002
December 16, 2004
MoonPoint Support
[/network/email/mailing_list/mailman]
permanent link
Sat, Jun 09, 2007 10:04 pm
Email to Mailing List from 65.54.246.86 Rejected
I added a
Hotmail email address
to a mailing list for testing that mailing list. I found that messages
from the Hotmail address were being bounced though, because the
IP address of the sending Hotmail email server, 65.54.246.86, is
in the
Spam and Open-Relay Blocking
System (SORBS) blocklist. SORBS is a
DNS Blacklist (DNSBL).
When I checked the SORBS list, it appeared that the 65.54.246.86
had been there for at least a week due to SORBS detecting spam
orginating from the Hotmail email server at that address.
Database of servers sending to spamtrap addresses
Address: | 65.54.246.87 |
Record Created: | Sat Aug 12 12:30:09 2006 GMT |
Record Updated: | Fri Jun 1 19:30:05 2007 GMT |
Additional Information: |
[ Updated via: Spam 'o Matic ] Received: from
bay0-omc1-s15.bay0.hotmail.com (bay0-omc1-s15.bay0.hotmail.com [65.54.246.87])
by desperado.sorbs.net (Postfix) with ESMTP id F0C6311466 for <[email]>;
Sat, 02 Jun 2007 05:14:49 +1000 (EST) |
Currently active and flagged to be published in DNS |
I've been using SORBS as a blocklist for quite awhile, but I have
encountered problems many times due to the fact that AOL, Hotmail, EarthLink,
and email servers from some other large Internet Service Providers (ISPs)
tend to get on the SORBS list frequently and stay there for a long time.
I've contacted AOL and EarthLink support previously when I found one or more
of their email servers were on the SORBS blocklist. I've found that, though
the support personnel with which I communicated understand that their company
employs blocklists or other means of blocking spam, they never seem to
understand that other email providers may employ similar means. I've never been successful in getting the support personnel I've communicated with at AOL or
EarthLink to take any action and usually it doesn't appear that they even
understand the problem; I usually just get canned responses about how to stop
their service from blocking email rather than any response indicating that they
understand the problem is with email going from their systems to other
systems (See
SORBS Blocking AOL and EarthLink Servers and
Report of SORBS listing to EarthLink).
I've found reports by others using SORBS of similar problems with email
from Hotmail addresses (see
Hotmail on sorbs?!?).
I understand that SORBS policy charging server owners to remove systems does
drastically lessen the chances that systems will be removed quickly. I've
considered removing the SORBS list from the blocklists I employ to reduce
the deluge of spam in users' mailboxes, but it does block thousands of spam
messages daily on my server, so I haven't taken that step yet. Usually, I
add the sender's email address to the /etc/mail/access list used
by Sendmail to keep email from particular senders being checked against the
blocklists I employ.
In this case, though, I don't want any email addressed to the mailing list
to be checked against a blocklist to preclude this problem. The Mailman
mailing list software won't allow any email to the mailing list unless the
"from" address is for a member of the mailing list, so I don't need the
additional blocklist check.
Fortunately Sendmail, which is the
software that handles email on the server, does allow you to specify that
email to particular "to" addresses will always be accepted and won't be
checked against DNSBL's. You can allow email to a particular address to
bypass the blocklist checks by editing /etc/mail/access. Place
a line similar to the following in that file:
To:jsmith@example.com OK
The line above would ensure that email addressed to jsmith@example.com
would not be checked against any blocklists employed on the email server.
After editing /etc/mail/access, you need to recreate the access
database with a command similar to the following:
makemap hash /etc/mail/access </etc/mail/access
Once I added the mailing list address, I was able to send email to that
address from the Hotmail account without worrying that the Hotmail email
server used to transmit the messages might be on the SORBS blocklist or
another blocklist I'm employing to limit spam.
References:
-
Spam and Open-Relay Blocking System
-
DNSBL
Wikipedia, the free encyclopedia
-
SORBS Blocking AOL and EarthLink Servers
April 23, 2006
MoonPoint Support
-
Report of SORBS listing to EarthLink
April 23, 2006
MoonPoint Support
-
Hotmail on sorbs?!?
Posted: September 21, 2005
ReadList.com - Threaded Mailing List
Reader
-
Sendmail cf/README - Anti-Spam Configuration Control
sendmail.org
[/network/email/mailing_list]
permanent link
Sat, Jun 09, 2007 5:50 pm
Installing Yum on a RedHat 9 System
For a RedHat Linux 9 system,
I wanted to install
Yum,
which is an automatic updater and package installer/remover for Linux systems
that use
RPMs to manage
installed software.
I checked to see if
Yum was already installed, but it was not installed.
# rpm -qa | grep -i yum
The Yum Download
webpage listed the requirements for the latest version of Yum, version 3.2.0,
as python 2.4+ and rpm 4.3 and above. I checked the version of the python and
rpm packages on the system, but found they were not at the required versions.
# rpm -q --last rpm python
rpm-4.2-0.69 Sat 08 Nov 2003 02:37:24 PM EST
python-2.2.2-26 Sat 08 Nov 2003 02:37:22 PM EST
Instead I needed to get a much earlier version,
2.0.8,
which only required python 2.1+ and rpm 4.1.1-4.3.1. After downloading the rpm
file, I installed it with rpm --install yum-2.0.8-1.noarch.rpm
.
I then checked for updates for the system with yum check-update
.
An update was available for tcpdump among other utilities. An
rpm -q --last tcpdump
command showed the following information for
the version already installed on the system:
tcpdump-3.7.2-1.9.1 Sat 08 Nov 2003 08:39:55 PM EST
I tried updating tcpdump with
yum install tcpdump
, but received
the error message below:
# yum install tcpdump
Gathering header information file(s) from server(s)
Server: Red Hat Linux 9 - i386 - Base
Server: Red Hat Linux 9 - Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[update: tcpdump 14:3.7.2-7.9.1.i386]
Is this ok [y/N]: y
Downloading Packages
Getting tcpdump-3.7.2-7.9.1.i386.rpm
retrygrab() failed for:
http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9//x86/i386/tcpdump-3.7.2-7.9.1.i386.rpm
Executing failover method
failover: out of servers to try
Error getting file http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9//x86/i386/tcpdump-3.7.2-7.9.1.i386.rpm
[Errno 4] IOError: HTTP Error 404: Not Found
When I checked the Duke University wepage at
http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9/x86/,
I found it had only one file in that directory. So I needed to add another
repository for updates to software for RedHat 9 systems. I found a list of
such sites at
http://fedoralegacy.org/download/fedoralegacy-mirrors.php. Many of those
I checked in the US also no longer had the files available for download. But
the DataPipe one at
http://mirror.datapipe.net/fedoralegacy/ did still have files available.
I added the following line to the updates section of /etc/yum.conf
baseurl=http://mirror.datapipe.net/fedoralegacy/redhat/9/updates/i386/
The yum.conf file now has the following information in it:
[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1
[base]
name=Red Hat Linux $releasever - $basearch - Base
baseurl=http://mirror.dulug.duke.edu/pub/yum-repository/redhat/$releasever/$basearch/
[updates]
name=Red Hat Linux $releasever - Updates
baseurl=http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/$releasever/
baseurl=http://mirror.datapipe.net/fedoralegacy/redhat/9/updates/i386/
I then ran yum install tcpdump
again and this time was able
to update tcpdump. Checking the version of the rpm installed afterwards,
I saw the following:
# rpm -q --last tcpdump
tcpdump-3.7.2-7.9.4.legacy Sat 09 Jun 2007 05:08:22 PM EDT
References:
-
Yellow Dog Updater (YUM)
Linux@DUKE
-
RPM Package
Manager
Wikipedia, the free encyclopedia
-
RedHat 9 Updates - Using Fedora Legacy
-
Mirror sites by country
The Fedora Legacy Project
[/os/unix/linux/sysmgmt]
permanent link
Thu, Jun 07, 2007 9:01 pm
Skipping Download of Large Email Messages
An Apple eMAC user told me he had been waiting for over an hour to download
his email with no new messages yet appearing in his inbox of the 21 new messages
on the server. When I checked the email server, I did not see any problems
there, but did notice a lot of bandwidth to the server was being used by
a
POP3 connection
from the user's site.
POP3 is a
protocol used to download email. When I checked his mailbox, I found that the
first new message was over 90 MB, which was the source of the problem.
On an Apple system running the OS-X operating system, you can configure
the Mail program to prompt before downloading messages that are above
a specified size. To do so, take the following steps:
- Open the Mail program.
- Click on Mail on the program's menubar.
- Select Preferences.
- Click on the Advanced tab.
- Place a value in the "Prompt me to skip messages over [ ] KB" field.
E.g. to skip messages over 50 MB in size you could put 51200 in the
field (50 megabytes x 1024 kilobytes/megabyte = 51,200 KB).
- You can then close the Preferences window choosing Save
when prompted as to whether you wish to save the changes you have made.
[/os/os-x]
permanent link
Wed, Jun 06, 2007 9:03 pm
Backing Up a Specific Filetype with Tar
To backup a specific filetype, e.g. all
PHP
files in the current directory and all subdirectories beneath it,
you can use the following command:
tar -cvf example.tar $(find . -name "*.php")
The find
command will find all of the PHP files and pass them to
the tar
command. You can see that all of the PHP files are in the
tar backup file, example.tar with the command below:
tar -tvf example.tar
You can add HTML
files to the backup using the -u
option for tar to update the
archive file as below:
tar -uvf example.tar $(find . -name "*.html")
References:
-
tar find ssh
May 2004
Computing.Net
[/os/unix/commands]
permanent link
Privacy Policy
Contact