Re: Zero Day MySQL Buffer Overflow
Hi Daniel, On Tue, December 4, 2012 18:33, daniel curtis wrote: > Thank You, I should look there first (Security Tracker). But I see, > that two of three CVE's are marked as 'vulnerable' for all branches; > stable, testing and unstable. Frankly, only first CVE is Fixed for > Squeeze. > It is normal? They are indeed still pending a fix; because other issues in MySQL were reported in the mean time an update for those issues (see DSA text for id's) was released. The issue you mention will be fixed as soon as we have a working fix. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5c2a10f757fc106f71b0eff25df3a2cf.squir...@aphrodite.kinkhorst.nl
Re: Zero Day MySQL Buffer Overflow
Hi, Thank You, I should look there first (Security Tracker). But I see, that two of three CVE's are marked as 'vulnerable' for all branches; stable, testing and unstable. Frankly, only first CVE is Fixed for Squeeze. It is normal? Regards!
Re: Informazioni Log Analyzer Postfix
Le 04/12/2012 13:45, Jason Fergus a écrit : On Tue, 2012-12-04 at 11:35 +0100, Gilles Mocellin wrote: Le 27/11/2012 11:53, Zattara Stefano a écrit : Buongiorno a tutta la lista, vi chiedo un consiglio riguardo un log analyzer per postfix. Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili in python. Quello che mi interesserebbe è riuscire a ricostruitre la "vita" di una mail dall'ingresso alla consegna o allo scarto per qualche motivo ( ingresso->postfix->antispam->filtri->consegna ) Qualunco ha qualche dritta da darmi in merito? >Le 04/12/2012 07:36, Felix Berlakovich a écrit : >> He is asking the following: Stefano needs advice regarding a log analyzer for postfix. He already looked at pflogsum and various similar tools in written in python. But he is interested in reconstructing the 'life' of an email, from recieving up to the point of delivery, or rejecting for some reason (so recieving -> postifix -> antispam -> filters -> delivery) >> He asks if someone can give hime hints to some direction. Hello, This is really a must have tool. The best I found is a two step procedure. The script is postfix.transform.log that I found here (there is other nice scripts) : http://www.arschkrebs.de/postfix/scripts/ First step, Have a hash of the conversation : # postfix.transform.log /var/log/mail.info | grep em...@dom.tld [...] Second step, Show all log entries with that hash : # postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg [...] As you can see, it handles well amavisd-new intermediate delivery. We also have policyd-weight, but it does show it. Not so bad, because mails that are refused by policyd-weight don't have many lines in the logs. Hope it helps. I generally just use 'less /var/log/mail.log' for the times that I need to dive into a log to find the 'life' of it. I guess the 'analyzer' is my brain. I do this for a living, and it's always served me well. Sure I also have summaries, and awstats, etc. But when it comes to tracing where an email went and if it was blocked by spam, or rejected from our email server or from the destination, there really isn't much better than less. You can even pipe less through the syntax highlighting program to 'colorize' the logs. Though this seems to break the follow functionality of less. Of course the brain is always better. But, Especially when you have a lot of incoming connections, log lines are all messed up. A tool is really useful, and needed. Also, if you want to delegate level 1 support to non-engineer people, you can't ask them to understand what's happening in the postfix logs... PS: I've just seen that we're on the debian-security list. I don't think it's the place to discuss that. I cross post to debian-user, please respond here in case. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50bdfdcf.6020...@nuagelibre.org
Re: Informazioni Log Analyzer Postfix
On Tue, 2012-12-04 at 11:35 +0100, Gilles Mocellin wrote: > Le 27/11/2012 11:53, Zattara Stefano a écrit : > > Buongiorno a tutta la lista, > > vi chiedo un consiglio riguardo un log analyzer per postfix. > > Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili in > > python. > > Quello che mi interesserebbe è riuscire a ricostruitre la "vita" di > > una mail > > dall'ingresso alla consegna o allo scarto per qualche motivo > > ( ingresso->postfix->antispam->filtri->consegna ) > > > > Qualunco ha qualche dritta da darmi in merito? > > > > > > Grazie > > > > Stefano > > > Hello, > > This is really a must have tool. > The best I found is a two step procedure. > > The script is postfix.transform.log that I found here (there is other > nice scripts) : > http://www.arschkrebs.de/postfix/scripts/ > > First step, Have a hash of the conversation : > # postfix.transform.log /var/log/mail.info | grep em...@dom.tld > > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]: > 7E1627E003: to=, relay=our-MX-IP[our-MX-IP]:25, > delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 > <497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail > for delivery) > > Second step, Show all log entries with that hash : > # postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg > > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:48 servername > postfix/smtpd[14202]: E5F187E002: client=clientserver[x.clientIP] > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:50 servername > postfix/cleanup[14414]: E5F187E002: > message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:54 servername postfix/qmgr[17373]: > E5F187E002: from=, size=19568, nrcpt=1 (queue active) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtpd[9961]: > 7E1627E003: client=localhost[127.0.0.1] > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername > postfix/cleanup[14075]: 7E1627E003: > message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: > 7E1627E003: from=, size=20035, nrcpt=1 (queue active) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/lmtp[14421]: > E5F187E002: to=, relay=127.0.0.1[127.0.0.1]:10024, > delay=9.3, delays=7.6/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok, > id=14533-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as > 7E1627E003) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: > E5F187E002: removed > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]: > 7E1627E003: to=, relay=our-MX-IP[our-MX-IP]:25, > delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 > <497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail > for delivery) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: > 7E1627E003: removed > > As you can see, it handles well amavisd-new intermediate delivery. > We also have policyd-weight, but it does show it. Not so bad, because > mails that are refused by policyd-weight don't have many lines in the logs. > > Hope it helps. > > > I generally just use 'less /var/log/mail.log' for the times that I need to dive into a log to find the 'life' of it. I guess the 'analyzer' is my brain. I do this for a living, and it's always served me well. Sure I also have summaries, and awstats, etc. But when it comes to tracing where an email went and if it was blocked by spam, or rejected from our email server or from the destination, there really isn't much better than less. You can even pipe less through the syntax highlighting program to 'colorize' the logs. Though this seems to break the follow functionality of less. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1354625106.1559.3.camel@localhost.localdomain
Re: Informazioni Log Analyzer Postfix
Le 27/11/2012 11:53, Zattara Stefano a écrit : Buongiorno a tutta la lista, vi chiedo un consiglio riguardo un log analyzer per postfix. Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili in python. Quello che mi interesserebbe è riuscire a ricostruitre la "vita" di una mail dall'ingresso alla consegna o allo scarto per qualche motivo ( ingresso->postfix->antispam->filtri->consegna ) Qualunco ha qualche dritta da darmi in merito? Grazie Stefano Hello, This is really a must have tool. The best I found is a two step procedure. The script is postfix.transform.log that I found here (there is other nice scripts) : http://www.arschkrebs.de/postfix/scripts/ First step, Have a hash of the conversation : # postfix.transform.log /var/log/mail.info | grep em...@dom.tld [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]: 7E1627E003: to=, relay=our-MX-IP[our-MX-IP]:25, delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 <497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail for delivery) Second step, Show all log entries with that hash : # postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:48 servername postfix/smtpd[14202]: E5F187E002: client=clientserver[x.clientIP] [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:50 servername postfix/cleanup[14414]: E5F187E002: message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:54 servername postfix/qmgr[17373]: E5F187E002: from=, size=19568, nrcpt=1 (queue active) [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtpd[9961]: 7E1627E003: client=localhost[127.0.0.1] [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/cleanup[14075]: 7E1627E003: message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: 7E1627E003: from=, size=20035, nrcpt=1 (queue active) [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/lmtp[14421]: E5F187E002: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=9.3, delays=7.6/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=14533-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7E1627E003) [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: E5F187E002: removed [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]: 7E1627E003: to=, relay=our-MX-IP[our-MX-IP]:25, delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 <497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail for delivery) [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: 7E1627E003: removed As you can see, it handles well amavisd-new intermediate delivery. We also have policyd-weight, but it does show it. Not so bad, because mails that are refused by policyd-weight don't have many lines in the logs. Hope it helps. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50bdd1e0.3090...@nuagelibre.org