[KLUG Members] Question about spam..
Owner
members@kalamazoolinux.org
Sun, 10 Mar 2002 10:30:05 -0500
Ive been reading the list for a while now, I was wondering if there was any
email programs out there for linux, that would help eliminate the massive
amounts of spam I recieve to my domain. Like maybe an incomming server that
checks the originating email address for validity before allowing the mail
to come thru? I have been subjected to thousands of spam a week, a few weeks
ago I had a server that got compromised by someone using the alias "MAILMAN"
and after tracking down some things that he uploaded and installed on my
server I
managed to track him down as comming from this domain. www.snipermail.com
Now im wondering how many times this has happend, and if he got ahold of my
users list? well any way. if anyone knows how to relieve me of massive
spamming please let me know.
you can reach me at hahah this list...by the way I was running redhat 7.2
with out telnet running also no smtp on this particular server. he used an
exploit to get root access.. only took him 2 mins to completely F&&* things
up.. pretty nice of him..
JP
----- Original Message ---- -
From: <members-request@kalamazoolinux.org>
To: <members@kalamazoolinux.org>
Sent: Saturday, March 09, 2002 12:01 PM
Subject: Members digest, Vol 1 #357 - 5 msgs
> Send Members mailing list submissions to
> members@kalamazoolinux.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> or, via email, send a message with subject or body 'help' to
> members-request@kalamazoolinux.org
>
> You can reach the person managing the list at
> members-admin@kalamazoolinux.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Members digest..."
>
>
> Today's Topics:
>
> 1. Meeting (Randall Perry)
> 2. Re: Firewall/Cisco oddities. (Bob Kanaley)
> 3. Re: Re:Samba reprocess config file questions (adam@morrison-ind.com)
> 4. Re: Re:Samba reprocess config file question (adam@morrison-ind.com)
> 5. Re: Meeting (adam@morrison-ind.com)
>
> --__--__--
>
> Message: 1
> From: "Randall Perry" <RandallP@domain-logic.com>
> To: <members@kalamazoolinux.org>
> Date: Fri, 8 Mar 2002 12:16:42 -0500
> Subject: [KLUG Members] Meeting
> Reply-To: members@kalamazoolinux.org
>
> Anyone carpooling from Elkhart, Goshen area for the meeting?
> Also, I have just started playing with SME server (was esmith)
> last week. It is a RedHat based distro that provides
> web/email/samba/firewall services in an easy to install and easy to
> administer web interface (ssl). There are lots of plugins (they call
> blades) that extend the functionality. (Of course, you can add whatever
> you want manually). It even includes a package to allow all of your
> users to view mail through their browsers (using IMP).
> I came across it looking for just web interfaces for email. I
> was thinking of migrating sites from one of my web servers to this box.
> Anyone have any pros or cons with this? I have also burned the ISOs for
> ASPLinux and will try that out.
>
> Randall Perry
> randallp@domain-logic.com
>
>
> --__--__--
>
> Message: 2
> From: "Bob Kanaley" <rvk@agdia.com>
> To: <members@kalamazoolinux.org>
> Date: Fri, 8 Mar 2002 13:39:49 -0500
> Subject: [KLUG Members] Re: Firewall/Cisco oddities.
> Reply-To: members@kalamazoolinux.org
>
> If I had to make a guess, I would suspect that you are seeing more open
> ports due to users behind the firewall opening them. IPTables is stateful
so
> it knows where open connections come from. If you want a simple but
complete
> firewall I would recommend a preconfigured LRP/LEAF distribution
> (http://leaf.sourceforge.net/ ).
>
> All you need is an old 486 with a good floppy to setup an LRP/LEAF
firewall.
> Although LRP/LEAF fits on a floppy, you can burn it to a bootable CD or
> install it on a disk if you really feel you have to.
>
> The real beauty of LRP is that it runs in memory from write protected
media.
> If somebody manages to crack your firewall, they have a very small
> playground. You hit the reset button and don't have to worry about
rootkits,
> backdoors or trojans.
>
> You download a basic firewall distribution that closely fits your needs,
> dump any unneccessary modules, add any additional LRP modules you want or
> need for your particular setup. Boot the disk and configure the modules
via
> menu and well commented configuration scripts. Write the configuration
back
> to disk, make a second copy for backup and re-boot.
>
> One page of instructions walks you through how to do all this. For
IPTables
> you would probably want something like the Bering distribution running
> Shorewall.
>
> The Bering distribution is based on a 2.4.x linux kernel
>
> It relies on Shorewall for extended firewalling facilities. Check all the
> Shorewall features here http://www.shorewall.net/shorewall_features.htm.
>
> The main objectives are:
>
> To benefit from the netfilter/iptables facilities
>
> To have access to the latest kernel device drivers & filesystems
>
> To keep everything available on a single floppy for the largest possible
> user's base (including serial modem, cable modem or ADSL PPP/PPPOE users)
>
> To keep the simplicity provided by Dachstein (an LRP 2.2 kernal IPChains
> based firewall)
>
> To stick to a standard linux kernel as much as possible. This allows LEAF
> "Bering" usage and developement in a virtual environment
>
> To stick as much as possible to the Debian distribution structure
>
> > Date: Thu, 7 Mar 2002 16:41:56 -0500 (EST)
> > From: Adam Bultman <adamb@glaven.org>
> > To: <members@kalamazoolinux.org>
> > Subject: [KLUG Members] Firewall/Cisco oddities.
> > Reply-To: members@kalamazoolinux.org
> >
> > Okay. I just switched from an OpenBSD firewall to an IPtables firewall.
> > Here's the deal.
> >
> > My firewall sits behind a Cisco 700 series router. The router itself
has
> > telnet and finger running ( I haven't turned it off yet, need to
remember
> > how) but for the most part, it blocks almost all ports. I have to
> > specifically turn ON port forwarding. When I had my openBSD firewall,
> > only a few services showed up: finger, telnet, smtp, SSH.
> >
> > Well, I switched to a linux box recently, and now, somehow more ports
are
> > showing up. Either something else has gone on, I'm not sure, but now
more
> > ports show up. I'm baffled. I'm writing more firewall rules (currently
> > it doesn't do much) but since the router SHOULDNT be port forewarding,
> > there has to be some mistake. Has to be. Currently, smtp, ldap, and
1002
> > show up as open, but I can ssh in, and go to my web page. this is
bizarre.
>
>
>
>
> --__--__--
>
> Message: 3
> Date: Fri, 8 Mar 2002 14:42:42 -0500
> From: adam@morrison-ind.com
> To: members@kalamazoolinux.org
> Subject: Re: [KLUG Members] Re:Samba reprocess config file questions
> Reply-To: members@kalamazoolinux.org
>
> >>>QUESTION1: Will sending a kill -sigusr1 samba.pid crash any open files
> >>>onmy samba server?
> >>>QUESTION 2: Will sending a kill -SIGHUP samba.pid crash any open files?
> >>You can "killall -1 smbd" safely. If you want do a smbstatus before and
> >>after, you'll see all the locked/open files stay around.
> >It is so hard to be productive when I have to hide for two days from a
> >bunch of really mad users trying to hunt me down for crashing their samba
> >sessions.
> >I think the killall -1 will just increase my logging level by one.
>
> ?
>
> -1 = -HUP
>
> SIGHUP 1 Hangup detected on controlling terminal
> or death of controlling process
> SIGINT 2 Interrupt from keyboard
> SIGQUIT 3 Quit from keyboard
> SIGILL 4 Illegal Instruction
> SIGABRT 6 Abort signal from abort(3)
> SIGFPE 8 Floating point exception
> SIGKILL 9 Kill signal
> SIGSEGV 11 Invalid memory reference
> SIGPIPE 13 Broken pipe: write to pipe with no readers
> SIGALRM 14 Timer signal from alarm(2)
> SIGTERM 15 Termination signal
> SIGUSR1 30,10,16 User-defined signal 1
> SIGUSR2 31,12,17 User-defined signal 2
> SIGCHLD 20,17,18 Child stopped or terminated
> SIGCONT 19,18,25 Continue if stopped
> SIGSTOP 17,19,23 Stop process
> SIGTSTP 18,20,24 Stop typed at tty
> SIGTTIN 21,21,26 tty input for background process
> SIGTTOU 22,22,27 tty output for background process
>
> >I also need to get smbd to re-read smb.conf without getting a whole lot
of
> >people irate.
> >I think it is safe to do a killall -HUP smbd to reload smb.conf without
> >crashing everyone.
>
> Yes.
>
> >While searching through the Samba docs looking for the oplocks syntax, I
> >saw a sample logrotate script for samba. I checked in the cron.daily and
> >logrotate.d directories and the cron logfile and found that the
fileserver
> >crond is running /etc/logrotate.d/samba on a nightly basis.
> >This file has the killall -HUP smbd command between postrotate and
> >endrotate. I think that means smbd is being forced to re-read smb.conf
> >everynight. Since I often run out of here at night leaving files open, I
> >think that must mean it is safe to do a kill -HUP during working hours.
>
> Log rotate does this because (according to UNIX symattics) one can't
remove or
> truncate an open file. Samba has the log files open for logging, thus it
> needs Samba to release them (which HUP does) so that it can rotate them.
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
> --__--__--
>
> Message: 4
> Date: Fri, 8 Mar 2002 15:14:50 -0500
> From: adam@morrison-ind.com
> To: members@kalamazoolinux.org
> Subject: Re: [KLUG Members] Re:Samba reprocess config file question
> Reply-To: members@kalamazoolinux.org
>
> >>>I have not been able to prevent a Win98 0E exception error that occurs
> >>>when certain Win98 clients accesses some specific Samba shares on my
cenral
> >>>file server. The error is reproducible and leads to a Win98 lockup some
time
> >>>after the blue screen, generally resulting in loss of data.
> >>I've never seen that one, but I've seen some strange things. I'd
> >>suspect oplocks, which are a bit wobbly in old versions of Samba.
Can't
> >>hurt to try and turn them off.
> >Until I can figure out how to migrate my users to the new Monarch server
> >running on RedHat 7.2, my Samba server is Samba 1.9.18p5 ala May 1998
> >running on Red Hat 5.1 Kernel 2.0.36.
>
> Yikes!!! Samba 1.9.x doesn't "support" anything much newer than NT4.0sp3.
> Running an old Samba with new/updated clients is as perilous as meddling
in the
> affairs of wizards. M$ is constantly "tweaking" and extending the CIFS
> protocol and their RPC suite, newer Samba's are aware of the tweaks and
adjust
> accordingly.
>
> >I will try turning off the oplocks to see if that helps, but I have made
> >some interesting observations on the problem.
> >The diabolical Samba share has logical links for company wide, read only
> >access to various files. These files have world read only permissions. To
> >be on the safe side, the Samba share is read only as well.
>
> I've seen M$ clients lock read-only files (even executables!). Use
smbstatus
> to see if any funny locking is going on.
>
> >The files being accessed via the share are Lotus 123 V5 .WK4 files. If I
> >open them from another computer using Lotus 123 V5, I get a repeatable
blue
> >screen 0E exception in VxD Vredir called from VxD IFSMGR. The error
message
>
> Do you have any "process no longer exists" messages in your log file? We
have
> Lotus users, and Lotus exhibits the most bizarre file management
techniques.
> We've actually unconvered and reported Samba bugs based upon Lotus 123
> Millenium. (It ain't much better sharing from a true M$ file server).
> Expidite your upgrade.
>
> >says it may be possible to continue normally if you press any key. When
you
> >press a key, often you can load the file and continue on.
>
> Sounds like an "I'm opening this read-only file read-write" problem.
>
> >However, Win98 becomes unstable and locks up sometimes hours later when
you
> >are putting the final touches on your presentation you have to make in 15
> >minutes.
>
> Of course, even Star Office does this. It is the pre-ordained punishment
for
> anyone adjusting their presentation within 7 hours of presenting it.
>
> >Today, I tried using Lotus Millenium edition (V9) to access the same
files
> >in the same diabolical share. The error message changed. Millenium does
not
> >generate a blue screen, rather a message box pops up saying the file you
> >are attempting to open cannot be found on the network. When you click on
OK,
> >the file magically appears in Lotus anyway!!!
>
> Set level 10 logging for one machine and record the session.
>
> In "main" smb.conf -
> [global]
> . . .
> include = /etc/samba/smb.conf.%m
> . . .
> debug level = 3
> . . .
> log file = /var/log/samba/log.%m
>
> In "smb.conf.{testmachine}" -
> [global]
> debug level = 10
>
> This way you can increase the log level to 10 (required for debugging) on
just
> ONE machine. If you raise it to 10 across the board your log files will
> ***EXPLODE***HUGE*** and performance drop down to somewhere around
glacial.
> The above "log file =" makes Samba keep a seperate log file for each
client,
> which is darn handy in a pinch. (adjust paths to taste, of course).
>
> >The windows clients who own the shared files are routinely and massively
> >massaging those files all day long with no errors. I don't understand why
> >sharing them in a common directory via a logical link in another samba
> >share should cause a networking error.
>
> Possibly the file is changing "beneath" the read-only client? This will
be
> *BAD*. IMHO, you need to look at a somewhat more sophisticated technique
> for "publishing" the files. Dealing with file-locking issues is tricky,
and
> due to partial writes performed by the read-write clients I don't think
you can
> arbitrarily just copy the files. You need to test for locks, and copy
> unlocked files periodically.
>
> Not to be a pin head, but it sort of sounds like your trying to use a
> spreadsheet to do the job of a database.
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
> --__--__--
>
> Message: 5
> Date: Fri, 8 Mar 2002 15:19:53 -0500
> From: adam@morrison-ind.com
> To: members@kalamazoolinux.org
> Subject: Re: [KLUG Members] Meeting
> Reply-To: members@kalamazoolinux.org
>
> >Anyone carpooling from Elkhart, Goshen area for the meeting?
> >Also, I have just started playing with SME server (was esmith)
> >last week. It is a RedHat based distro that provides
> >web/email/samba/firewall services in an easy to install and easy to
> >administer web interface (ssl). There are lots of plugins (they call
> >blades) that extend the functionality. (Of course, you can add whatever
> >you want manually). It even includes a package to allow all of your
> >users to view mail through their browsers (using IMP).
>
> If you haven't tried it, IMP is a very nice package. The new IMP3.0 plus
the
> Turba contact manager is an amazing chunk of code.
>
> Another one you might want to look at is phpgroupware
>
> >I came across it looking for just web interfaces for email. I
> >was thinking of migrating sites from one of my web servers to this box.
> >Anyone have any pros or cons with this? I have also burned the ISOs for
> >ASPLinux and will try that out.
>
> One (or more) of these "bundled" distributions would make an interesting
KLUG
> presentation.....
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
>
> --__--__--
>
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
>
>
>
> End of Members Digest
>