[luau] MP3 playing in Red Hat 8.0
MP3 player support was removed from the upcoming Red Hat 8.0 due to licensing legal concerns. http://www.gurulabs.com/downloads.html This page has an easy to install RPM that contains only the MP3 plugin for XMMS. They also have links to more information regarding this MP debacle. Please remember this URL and tell all future Red Hat 8.0 users, because they may be a bit annoyed that MP3 wont work out of the box anymore. http://news.com.com/2100-1001-959434.html This CNET article has a ton of information about this upcoming Red Hat release, including this MP3 issue, Bero's resignation from Red Hat over the Gnome/KDE unification controversy and more.
[luau] slapper worm
Dear All Recently, my redhat linux 7.3web server has been infected by slapper worm so that I need to upgrade openssl and modssl. Anybody did this job? RPM form redhat is not very helpful, and I can not figure out which executable file and directory should be upgraded for openssl and modssl. You help will be truly appreciated. Albert
Re: [luau] slapper worm
Why is RPM not very useful? Please be aware that the version numbers from Red Hat may be a bit confusing because Red Hat does not upgrade versions with these security updates. Instead they backport security patches without bumping up the version number, so it may not be clear at first glance if you are protected or not. For example my Red Hat 7.3 system has openssl-0.9.6b-28. (Use rpm -qi openssl to query the information) According to the advisory I'm at risk, however I know I applied the official security update from Red Hat back in July. I can confirm this with rpm -q openssl --changelog |less Why did you not use Red Hat's automatic updating feature? First thing you should do after you install Red Hat is subscribe to Red Hat Network and Entitle your system. Nobody has any excuse because everyone has one free Entitlement with RHN. Entitlement gives you the following convenient features: * They e-mail you whenever there is a security or bugfix update available for your system. * You can login to your RHN account at http://rhn.redhat.com and see at a glance which of your systems need what updates. You can optionally apply updates from this web based interface. * Optionally you can use the up2date client in the entitled system. The GUI up2date client is called Update Agent in your System menu, and it is as easy as point and click. * The command line up2date client is very simple. The following basic commands can be used: up2date -u Update all packages that need updating except potentially disruptive packages. up2date -uf Force an update of everything. May take some manual intervention (like rebooting) afterward in order to complete or fix minor configuration files. This is usually recommended because it doesn't often break things, and it will fully upgrade your system. Below is what it looks like when I typed up2date -uf to upgrade my kernel on my home firewall. All automatic! (Note that kernel updates install another kernel rather than remove the old kernel. This allows you to boot into the new kernel for testing in the GRUB menu. If the new kernel proves to be stable, you can remove the old kernel with another rpm command.) [EMAIL PROTECTED] root]# up2date -uf Retrieving list of all available packages... Removing installed packages from list of updates... Removing packages marked to skip from list... Getting headers for skipped packages... The following Packages were marked to be skipped by your configuration: NameVersionRel Reason --- kernel 2.4.18 10 Pkg name/pattern None of the packages you requested were found, or they are already updated. [EMAIL PROTECTED] root]# up2date -uf Retrieving list of all available packages... Removing installed packages from list of updates... Getting headers for available packages... Removing packages with files marked to skip from list... Testing package set / solving RPM inter-dependencies... Retrieving selected packages... kernel-2.4.18-10.i686.rpm: ## Done. Preparing...### [100%] 1:kernel ### [100%] up2date is also nice for installing additional official software. For example if you want to use emacs but it isn't installed, simply type up2date emacs and it will automatically download and install it for you. Most major distributions of Linux have some sort of automatic updating facility. If you're pissed off about the need for payment to Red Hat Network for additional entitlements, then consider using Mandrake or Debian instead which has free updates (though perhaps only 95% reliable rather than 99.99% reliable because it depends on 3rd party sources). You can alternatively install apt-rpm on Red Hat which allows it to use an APT enabled mirror (Videl is not APT enabled though I am considering it.) for automatic updating. I personally don't bother with the free alternatives up2date because $5 a month per machine is a small price for me to pay for my time. I just let Red Hat handle keep track of the security updates and send me e-mail notices. I can be fairly confident that Red Hat's update packages will download reliably and have gone through extensive QA, unlike similar update packages from Mandrake. It is cheap and just works. I never buy boxed sets of Red Hat, so this is my way of giving thanks to the company. Red Hat is unique in that it isn't free for
Re: [luau] sendmail question
currently office does a lot of email forwarding to other people in the office. When this happens, the forwarded email gets sent outside of the office to the ISP, and then comes back in. If I configure the linux machine to handle all incoming and outgoing email, is it possible to get it to recognize that all email for a cetain domain is local and thus goes straight to that person's inbox, thereby eliminating the need to send the email out and back in? Rodney --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002
Re: [luau] Blocking mail relayers
This doesn't look like a relay attempt but normal spam using an e-mail address generator destained for your domain and the user(s) didn't exist. - Original Message - From: Erich S. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 7:22 PM Subject: Re: [luau] Blocking mail relayers On Wed, 25 Sep 2002, Mike Ballon wrote: Sendmail does NOT need to be restarted when updating the access file, it does need to be built of course 'make access.db' but that's it. I'd like to see a snip of the maillog to see if he was actually being allowed to relay though. Hmmm I didn't do a 'make access.db', I did a '/sbin/service sendmail restart'. Does that force a 'make access.db'? Anyway, here's a partial snippet of maillog. There were quite a few attempts, each appearing to use different namesets within my domain. == Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: [EMAIL PROTECTED]... User unknown Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: from=[EMAIL PROTECTED], size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=rlkal1a046.comtech-data.se [194.198.208.46] (may be forged) == After putting in the hosts.deny entry, restarting XINETD and putting in the entry in /etc/mail/access, and restarting sendmail. This is what turns up in the log about every 20 minutes or so: == Sep 25 13:07:10 tiger sendmail[31999]: g8PN79P31999: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied Sep 25 13:07:11 tiger sendmail[31999]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Sep 25 13:51:22 tiger sendmail[32024]: g8PNpLP32024: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied Sep 25 13:51:25 tiger sendmail[32024]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Sep 25 14:36:46 tiger sendmail[32062]: g8Q0agP32062: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9, relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied Sep 25 14:36:47 tiger sendmail[32062]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA == Not sure what else I can do. Most Euro's I've dealt with are scum so being able to block this dood is at least gratifying in a small way. Euro's like to talk big about the evil USA but to date most problems I've had with outside intruders have been from Euro's who seem to have nothing better to do with their time. Thanks all for the comments and advice. And sorry if this type of dialogue isn't very interesting...I'll try and think of a obligatory MS Bash or Linux Boast later when I'm finished having fun learning this stuff. (tongue placed firmly in cheek) Sharky ___ LUAU mailing list [EMAIL PROTECTED] http://videl.ics.hawaii.edu/mailman/listinfo/luau
Re: More Mail Q's; was Re: [luau] Blocking mail relayers
On Thursday 26 September 2002 09:12 am, Erich S. wrote: -- Is it very complicated to set up IMAP to operate in a secure fashion? IE. be able to use Outlook Express from my work assigned laptop and have access to my mail folders remotely? (I an old skool PINEr myself when logged locally or through SSH). I use imap over ssl to check my mail on the gatherer. It is a debian box, and, I must confess that installation/configuration consisted of apt-get imapd-ssl (which removed my non ssl version while maintaining unencrypted logins) and nothing more. I was able to set Outlook on win2k, Evolution on rhat7.2, Kmail on ibookdebian, and mail.app on OSX on a fourth to login securely. I use wireless alot, so, this was my only permitted option. I think it is safe to assume that installation on another distribution is as simple as installing the appropriate package/port for secure imap (provided you have ssl installed). scott
[luau] Re: imap
vanilla imap is an insecure protocol, unless you only run it in secure mode (imaps, port 993). If anyone sniffs your regular unencrypted imap traffic they will not only be able to intercept your email, but possibly to login to your account (e.g. if you have ssh enabled and are only requiring password authentication (another good reason to require key authentication)). This does not apply if the account does not allow remote logins (e.g. cyrus imap). I HIGHLY recommend that if you access imap to a login account over the internet that you run it in secure mode, tunnel it over ssh, or in some way secure it. ***Note that this applies to squirrelmail over regular http too***. You should only run squirrelmail over secure http (https). On our server we do not allow squirrelmail to be accessed via http, only https. --Eric -- Eric Jeschke http://cs.uhh.hawaii.edu/~jeschke On Thu, 26 Sep 2002 [EMAIL PROTECTED] wrote: | From: Jim [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Subject: Re: [luau] Multiple E-Mail Accounts in KMail | | I used IMAP for years on Win with Pine,but shopping for a new ISP | (Big Island)I found very few will allow it; most claim security...they | don't want you logged on to the mail server.Even my old ISP Aloha.net | changed things and made it very painful to use IMAP,if you were reading | for a period the server would break connection,although POP3 was fast | and friendly.Mozilla supports IMAP. | | Eric Hattemer wrote: | Any email client should put imap accounts into separate folders. I know | OE, NS, eudora, kmail, evolution all do. See if your mail servers | support imap. Its a neat protocol, and most mail providers prefer you | to use it. snip
Re: [luau] sendmail question
On Thursday 26 September 2002 07:18 am, Rodney Kanno wrote: currently office does a lot of email forwarding to other people in the office. When this happens, the forwarded email gets sent outside of the office to the ISP, and then comes back in. If I configure the linux machine to handle all incoming and outgoing email, is it possible to get it to recognize that all email for a cetain domain is local and thus goes straight to that person's inbox, thereby eliminating the need to send the email out and back in? If your internal linux box has a legitimate domain name, then it can be your mail transfer agent (smtp). If you set it up to be your domain server, then your email requests for people on your lan will stay within your lan. You can probably set up your mta to keep this email internal without a dns server running, but I don't know it. If you don't have a legitimate domain name, you can setup accounts for your users on the linux box and use it for internal email. You can create a domain name for it and place this domain name in the lmhosts file of your clients. Then, you set up another, private email account for them in your favorite open sourced email app and teach them to use it for internal email. There is probably a better way that I don't know about. scott
Re: [luau] Re: imap
On Thu, 2002-09-26 at 10:16, Eric Jeschke wrote: I HIGHLY recommend that if you access imap to a login account over the internet that you run it in secure mode, tunnel it over ssh, or in some way secure it. Agreed. I personally always use IMAP through an SSH tunnel, even while I am at home. Yes TCP over TCP tunneling is extremely inefficient and broken in some cases, but it works well enough for me. ***Note that this applies to squirrelmail over regular http too***. You should only run squirrelmail over secure http (https). On our server we do not allow squirrelmail to be accessed via http, only https. --Eric Do you folks have a key with Verisign, or do you run your own CA? I was thinking about UH running a CA, free for Hawaii non-profit folks. Anyone else interested in this?
Re: [luau] Re: imap
Warren Togami wrote: snip Do you folks have a key with Verisign, or do you run your own CA? I was thinking about UH running a CA, free for Hawaii non-profit folks. Anyone else interested in this? I've long thought there needs to be some standard CA private key that's publicly available for people to sign their SSL keys with that would be Encrypted, but host authenticity not guaranteed without the incessent nagging of the browser (basically, a one time thing when entering SSL mode). Of course IE would probably blow it out of proportion just as much as they do the self signed certs in order to keep the Verisign cartel going. BTW, I think this thing would make a great wiki. I personally am not very good with mail stuff, especially configuring MTAs (yes, I know I don't technically need one for something like this...), so any help I could get would be useful. --MonMotha pgp7sEfoNgVWS.pgp Description: PGP signature
Re: [luau] Re: imap
On 26 Sep 2002, Warren Togami wrote: On Thu, 2002-09-26 at 10:16, Eric Jeschke wrote: I HIGHLY recommend that if you access imap to a login account over the internet that you run it in secure mode, tunnel it over ssh, or in some way secure it. Agreed. I personally always use IMAP through an SSH tunnel, even while I am at home. Yes TCP over TCP tunneling is extremely inefficient and broken in some cases, but it works well enough for me. ***Note that this applies to squirrelmail over regular http too***. You should only run squirrelmail over secure http (https). On our server we do not allow squirrelmail to be accessed via http, only https. --Eric Do you folks have a key with Verisign, or do you run your own CA? I was thinking about UH running a CA, free for Hawaii non-profit folks. Anyone else interested in this? Hiya! This sounds like a great idea. It'd be nice to have a CA for non-profit or personal use. The nag screens are something of a nuisance. Thanks, Sharky
Re: [luau] Re: imap
-- vanilla imap is an insecure protocol, unless you only run it in secure mode (imaps, port 993). If anyone sniffs your regular unencrypted imap traffic they will not only be able to intercept your email, but possibly to login to your account -- Don't forget about POP, it is no more secure/insecure then IMAP. Both will pass the plain text password and plain textemail. If your already using POP and not concerned about it, using IMAP is not going to be lesssecure. Same with ftp and telnet. Like Eric said, using IMAP with SSH is a very good idea if youare able to. Good example with the SquirrelMail also. My web server is a private IP so to access it from the outside, I tunnel my localhost:80 over SSH to my web server. Using IMAP andSSH is like an information swiss army knife.
Re: [luau] Re: imap
Yuser wrote: snip Don't forget about POP, it is no more secure/insecure then IMAP. Both will pass the plain text password and plain textemail. If your already using POP and not concerned about it, using IMAP is not going to be lesssecure. Same with ftp and telnet. Like Eric said, using IMAP with SSH is a very good idea if youare able to. With POP, once you have the message, it's safe and sound on your desktop. It can't be read or deleted off the server at a later time. With IMAP, these kinds of things are possible. This doesn't mean you shouldn't use encrypted POP (speaking of crypto, RC5-64 takes about, oh, 1,757 days to break...see www.distributed.net :). snip --MonMotha pgpREYbAhvdkA.pgp Description: PGP signature
[luau] Compaq Link
This link has all the Compaq related software restore and driver files. Its a vast database that is helpful to anyone looking for Linux drivers also for their Compaqs. Dan http://cpnapp.compaq.com/pdf/us_con_pdf/tech/tech/index.html
Re: [luau] First Hawaiian Bank fixed their website
On Thu, 2002-09-26 at 20:43, Warren Togami wrote: http://fhbonline.fhb.com First Hawaiian Bank's website now works in Mozilla in Linux. As of earlier this week they redid their online banking website. Unfortunately due to some circumstance it seems to be broken in Konqueror while the old site worked fine with a spoofed User Agent. I intend on following up with the bank to resolve this particular problem. Before September 22nd FHB's online banking worked fine in any web browser including Konqueror with a spoofed user agent. Now they have redone their site, it works in Mozilla by default but completely breaks Konqueror even with a spoofed User Agent. Their redone site uses broken browser detection that redirects the user to either a welcomeie.asp or welcomenetscape.asp page. Both display a blank page in Konqueror 3.0.3. Can someone help me figure out why? The bank seems responsive to fix requests but I need solid technical reasoning before asking them again.
Re: [luau] First Hawaiian Bank fixed their website
Warren Togami wrote: Their redone site uses broken browser detection that redirects the user to either a welcomeie.asp or welcomenetscape.asp page. Both display a blank page in Konqueror 3.0.3. Can someone help me figure out why? The bank seems responsive to fix requests but I need solid technical reasoning before asking them again. I removed my IE spoofing from Konqueror 2.2.1 and now, after entering name and password, it brain-freezes at the Please Wait While We Process your Request screen. Before the redo, this version of Konqueror worked well with the FHB site using IE spoofing, although Mozilla didn't. -Jeff
[luau] SpamAssassin and Procmail question
Aloha, I am pondering SpamAssassin for my box. The volume I now get after becoming a moderator on a mailing list is pretty disgusting. I find it even more depressing that most of the UCE does not have opt-outs. Since I can't opt-out, I need a better filter. I read the fine docs and understand that I need procmail and a few Perl modules etc to work with SpamAssassin. What I am not sure of is whether or not I need to use a tool like fetchmail to fetch my mail form the ISP before can filter it. Anybody familiar with this process? Thanks, Ben
Re: [luau] SpamAssassin and Procmail question
On Thu, 2002-09-26 at 22:11, Ben Beeson wrote: Aloha, I am pondering SpamAssassin for my box. The volume I now get after becoming a moderator on a mailing list is pretty disgusting. I find it even more depressing that most of the UCE does not have opt-outs. Since I can't opt-out, I need a better filter. Please be aware that you should NEVER opt-out! In most cases it may stop that particular source of spam, but many sell their opt-out lists to other spammers because they are known and confirmed to be active addresses. This is also the reason why Linux mail clients do not display images in incoming mail by default. These images can easily have uniquely identifiable codes in the URL that can tell the spammers I'm an active legit address. Spam me more! I read the fine docs and understand that I need procmail and a few Perl modules etc to work with SpamAssassin. What I am not sure of is whether or not I need to use a tool like fetchmail to fetch my mail form the ISP before can filter it. Anybody familiar with this process? 1) fetchmail downloads mail from your POP3 accounts 2) procmail does general filtering, you can use simple regular expression matching to filter stuff into different mailboxes (like for mailing lists). 3) procmail can forward all remaining messages after your mailing list rules to spamassassin. 4) spamassassin uses intelligent analysis of the headers and body of the message to calculate a spam score. If the score is above a certain configurable threshold it can be filtered by procmail. I set my procmail to put score of 5.5 or higher into my SPAM folder, which I review every once in a while just to make sure spamassassin didn't guess wrong. If you set your spam threshold too low, there is a chance that it may incorrectly identify legit mail as spam so be careful. Most folks should probably set their threshold to perhaps 10 or 15, and add Vipul's Razor to spamassassin's checks in order to increase spam detection accuracy. I've seen perhaps 99.99% effective spam filtering, with only 2 out of 2000 filtered messages being false positives (incorrectly identified as being spam). Nobody should use SpamAssassin without studying how it works and carefully adjusting settings. I plan on deploying it site-wide for several organization e-mail servers this year. I will use more liberal settings that may only be 95% effective in spam filtering, but that should reduce the chance of false positives to nothing. http://www-106.ibm.com/developerworks/linux/library/l-spam/?t=gr%2clnxw03=StampSpam Here's a very helpful IBM article about SpamAssassin, with links to more helpful information. http://razor.sourceforge.net/ You should also take a look at how Vipul's Razor works, it is another very interesting spam filtering system that uses a distributed checksum network. Very advanced stuff, and it is fairly easy to add Razor filtering to SpamAssassin's several checks.
