[BlueOnyx:26388] Re: Internet issues

[Ken Hohhof via Blueonyx]

Hey, don't paint us all with the same brush!

Also, if you're a small local ISP, there are a million ways for the big guys to 
screw you over and steal your customers.  I remember from about 2005 to 2009 we 
offered "lineshare" DSL on Verizon copper.  They would "accidentally" 
disconnect our customers, and then offer to hook them back up same day using 
Verizon as the ISP, or wait 3-5 days for them to reconnect our service.  Lesson 
- never buy wholesale services from a big vertically integrated competitor.

I also wonder if things have changed since I lived 2 years as a teenager in 
South America (Argentina) in the late 1960's.  A small bribe was often expected 
in everyday transactions, especially if civil servants were involved, and 
wasn't even viewed as particularly unethical or illegal.  More like a tip here 
in the U.S.  (Which, BTW, is really getting out of hand.  Soon vending machines 
will expect tips.)

Whenever I think of Michael living in Colombia, somehow I think of Patrick Jane 
in the TV series The Mentalist, on an island off the coast of Venezuela where 
he can't be extradited to the U.S.  (will only make sense if you've watched it) 
 Or maybe Rick Blaine in Casablanca.  Don't be insulted, either reference makes 
you out to be a dashing chick magnet.


-Original Message-
From: Blueonyx  On Behalf Of Chris Gebhardt 
- VIRTBIZ Internet via Blueonyx
Sent: Wednesday, August 2, 2023 1:47 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:26387] Re: Internet issues


On 8/2/2023 12:53 PM, Michael Stauber via Blueonyx wrote:
> You can get a new contract (with same day install) lined up in fifteen 
> minutes, or you have to wrestle with support for days until they send 
> a technician to fix damage in an existing installation.

So true.  Anyone who has ever dealt with consumer-grade ISP's knows this pain.

--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated www.virtbiz.com | toll-free (866) 4 
VIRTBIZ

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26338] Re: Backscatter / user not found bounce

[Ken Hohhof via Blueonyx]

Wait, that's an SMTP error code, is your server rejecting the email during the 
SMTP session, or sending a bounce email to the (probably spoofed) sender?  It 
should be doing the first one.  The second one is bad, I think the term is 
asynchronous bounce?

Are you using some sort of MX relay to do email filtering, so that by the time 
your BO server rejects the connection for no valid recipients, the outboard 
solution has already terminated its SMTP session and sends a bounce email?  
Otherwise, I don't see how an SMTP reject would be backscatter.

-Original Message-
From: Blueonyx  On Behalf Of Colin Jack via 
Blueonyx
Sent: Sunday, July 2, 2023 12:18 PM
To: Blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:26336] Backscatter / user not found bounce

We are having issues with spammers sending thousands of emails to non-existent 
users on our hosted domains and our BX server then bouncing them as "554 5.5.1 
Error: no valid recipients" and our IP consequently getting blacklisted for 
backscatter. 

Microsoft hate us now – Hotmail etc. and block all email from our subnet! :-/

5210R

Is there any practical way to stop “no valid recipient” email being sent out 
from the server?

Thanks

Colin


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26325] Re: negative AV-Spam score

[Ken Hohhof via Blueonyx]

Is this a problem that SPF is designed to solve?

-Original Message-
From: Blueonyx  On Behalf Of Chris Gebhardt 
- VIRTBIZ Internet via Blueonyx
Sent: Thursday, June 22, 2023 3:08 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:26322] Re: negative AV-Spam score


On 6/22/2023 2:42 PM, Meaulnes Legler @ MailList via Blueonyx wrote:
> Can someone help me to set up a rule that recognizes *the same from 
> and to address* in the header? I'm not very skilled for this...
>
Oh man.  Am I the only person who emails myself things from time to time?

Also, a lot of my IoT devices that send email are configured to send from/to 
the same address.   So for my purposes that rule would not be good.

That said, I do have a customer complaining today that he is getting a lot of 
messages about “I recorded you!" being sent from his own email address.I 
wonder if the efforts are better spent on analyzing other aspects of the 
messages for detection.

--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated www.virtbiz.com | toll-free (866) 4 
VIRTBIZ

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26307] Re: HTTPS redirect

[Ken Hohhof via Blueonyx]

Many thanks, that fixed it.  The AllowOverride checkboxes are what I was 
missing.

-Original Message-
From: Blueonyx  On Behalf Of Michael Stauber 
via Blueonyx
Sent: Tuesday, June 20, 2023 12:42 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:26305] Re: HTTPS redirect

Hi Ken,

> I’m embarrassed to ask about an old 5208R system we have, obviously it 
> is seriously out of date.  So if you ignore me or yell at me, I will 
> understand.

Nah, no yelling. It's high time to upgrade, but we all know how it goes. :o)

> I don’t particularly care what happens when someone types the IP 
> address as the URL, but if they type www.domain.com, I’d like them to 
> get https://www.domain.com just like when they type domain.com.

Yeah, with shared hosting the thing is that when someone goes to the IP and 
there are multiple Vsites on it? They land on the first VirtualHost that's 
configured in Apache for that IP.

For domain name redirects from HTTP to HTTPS a .htaccess is usually the 
simplest option.

However, usage of .htaccess files is not allowed by default in Vsites by 
default, as they can be used to reconfigure Apache and sometimes we might not 
want that siteAdmins can do that.

So first go to "Server Management" / "Network Services" / "Web" and make sure 
that under the grey heading "Options:" you have all checkboxes ticked. You can 
leave "MultiViews" and "SymLinksIfOwnerMatch" unchecked. 
Under "AllowOverride:" tick all checkboxes.

Then create a .htaccess in the /web directory of your Vsite and put the 
following three lines into it:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

That should do it.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:26304] HTTPS redirect

[Ken Hohhof via Blueonyx]

I'm embarrassed to ask about an old 5208R system we have, obviously it is
seriously out of date.  So if you ignore me or yell at me, I will
understand.

 

I enabled SSL for a vsite (actually our own website www.kwisp.com) and
installed a cert  from a CA.  We have the site name as www.domain.com, with
webserver alias domain.com.

 

Web browsers use HTTP or HTTPS and get redirected or not, depending on how
the visitor types the URL.

 

www.domain.com --> http://www.domain.com  (NOT SECURE)

domain.com --> https://www.domain.com  (SECURE)

IPaddress --> IPaddress  (NOT SECURE)

 

I don't particularly care what happens when someone types the IP address as
the URL, but if they type www.domain.com, I'd like them to get
https://www.domain.com just like when they type domain.com.  I know there
are supposedly automatic HTTPS features you can turn on in some browsers or
that are on by default in maybe Safari?  But expecting people to customize
their browser settings it not realistic, and I really don't want visitors
getting the "Not secure" warnings when we have a nice OV cert.

 

I've tried methods involving .htaccess as well as editing both the siteXX
and siteXX.include files in /etc/httpd/conf/vhosts.  Admittedly I lack the
expertise to be messing with any of that.

 

Any suggestions what I'm doing wrong, or the easiest/best way to do this?

 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25625] Re: Mail server problem with Outlook

[Ken Hohhof]

Probably because all the way back to the Cobalt RaQ this is a hosting appliance 
that provides web, mail, FTP and other services.  Most people using BlueOnyx 
are probably hosting at least web and email and maybe other services on the 
same server.

On a server that just does email, there's no reason that a username can't be 
pretty much whatever you want, @ is just another character.

-Original Message-
From: Blueonyx  On Behalf Of Michael Aronoff
Sent: Tuesday, September 20, 2022 2:36 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:25624] Re: Mail server problem with Outlook

Michael Stauber wrote:
 > There is another benefit: If the email address is also one part of the login 
 >  > credentials (and the remaining part being the password), then you're  > 
 > already exposing half of the login credentials to the whole world.

If you look at the attempted logins to hack email accounts you will see that 
almost all are trying the full email address as the username. I LOVE that 
BlueOnyx has just the username instead of the email address as it prevents 
virtually all the email hacks. I have other servers with the username as the 
full email and those email accounts get hacked very often.

Please do not change this!

Thanks,

M Aronoff Out – maron...@gmail.com

I'm a great believer in luck, and I find the harder I work the more I have of 
it.
   - Thomas Jefferson

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25622] Re: Mail server problem with Outlook

[Ken Hohhof]

We actually host mail on a separate mailserver not using BlueOnyx, but in
general it seems like bad practice to use bare usernames on a shared hosting
server.

What if we host mail for domains foo.com and bar.com, and we have a mail
account for j...@foo.com, what if there is also a j...@bar.com.  Sorry,
there can only be one "john" on the entire server.  So the second john has
to be john2?

Almost all modern mail systems use the full email address as the username
for login.  This is not the same as stripping the domain name.  Most
companies with their own domains will have a convention for email addresses,
like firstn...@domain.com or initial.lastn...@domain.com, and will not be
happy with the explanation they can't have their preferred email address
because someone at another domain has that username.


-Original Message-
From: Blueonyx  On Behalf Of Larry Smith
Sent: Tuesday, September 20, 2022 10:29 AM
To: blueonyx@mail.blueonyx.it
Cc: Darren Shea 
Subject: [BlueOnyx:25619] Re: Mail server problem with Outlook


Sorry, resulting line should read

auth_username_format = %Ln

(no leading #).

--
Larry Smith
lesm...@ecsis.net

On Tue September 20 2022 10:16, Larry Smith wrote:
> Darren,
>
>   On a 5208R box you would edit the /etc/dovecot/10-auth.conf file and 
> uncomment (remove leading #) from
>
> #auth_username_format = %Lu
>
> and change that line to read
>
> #auth_username_format = %Ln
>
> Note the ending n versus u.  This drops the domain from a login that 
> has user@domain format.
>
> Save and then restart dovecot.
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25553] Re: DKIM

[Ken Hohhof]

> SPF can cause myriad problems of its own 

Like what?

-Original Message-
From: Blueonyx  On Behalf Of Adam Lepp
Sent: Friday, July 29, 2022 1:15 PM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:25551] Re: DKIM

Thanks, but I really want to use DKIM as SPF can cause myriad problems of its 
own.

-Original Message-
From: Blueonyx  On Behalf Of Ken Hohhof
Sent: Friday, July 29, 2022 2:10 PM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:25550] Re: DKIM

SPF is even easier and doesn't require anything on the mailserver.
You just specify via a DNS TXT record what IP addresses are authorized to send 
mail from the domain, and what action you recommend for mail from any other IP 
addresses.
Perhaps the only action you would take on your own mailserver is what to do if 
you receive spam spoofing your domain as the sender.

-Original Message-
From: Blueonyx  On Behalf Of Adam Lepp
Sent: Friday, July 29, 2022 12:56 PM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:25549] Re: DKIM

A long-time client informed me today that RoundCube emails sent to Gmail bounce 
back, and the rejection message says no SPF or DKIM found.
This was never previously an issue.
I've installed DKIM on my DNS via a Plesk server, and it's quite easy.  Gmail 
problems were fixed immediately.
In referencing a previous thread, “yum install opendkim” says no package 
available.
5209R /  CentOS Linux release 7.9.2009 (Core) at Virtbiz.
Can anyone help, please?

---

From: Blueonyx  On Behalf Of Meaulnes Legler
Sent: Friday, July 8, 2022 10:56 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:25501] DKIM

hello
I presume some of you think that DKIM is more snake oil than an effective 
remedy against spam, but I still want to give it a try... So many e-mails sent 
from my server get tagged in the recipient's mailboxes that an improvement of 
that server's reputation in all those databases (they moan «not signed with 
DKIM») might maybe help.
Instructions at e.g. https://www.agari.com/email-security-blog/dkim-setup/ say 
that one has to install a DKIM package like OpenDKIM (http://opendkim.org/) 
Now, is this compatible with BlueOnyx? Has anyone done this before and could 
explain how-to? I don't want to mess around with stuff I'm not really used to 
like compiling and such...
Thank you and best regards

で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25550] Re: DKIM

[Ken Hohhof]

SPF is even easier and doesn't require anything on the mailserver.
You just specify via a DNS TXT record what IP addresses are authorized to send 
mail from the domain, and what action you recommend for mail from any other IP 
addresses.
Perhaps the only action you would take on your own mailserver is what to do if 
you receive spam spoofing your domain as the sender.

-Original Message-
From: Blueonyx  On Behalf Of Adam Lepp
Sent: Friday, July 29, 2022 12:56 PM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:25549] Re: DKIM

A long-time client informed me today that RoundCube emails sent to Gmail bounce 
back, and the rejection message says no SPF or DKIM found.
This was never previously an issue.
I've installed DKIM on my DNS via a Plesk server, and it's quite easy.  Gmail 
problems were fixed immediately.
In referencing a previous thread, “yum install opendkim” says no package 
available.
5209R /  CentOS Linux release 7.9.2009 (Core) at Virtbiz.
Can anyone help, please?

---

From: Blueonyx  On Behalf Of Meaulnes Legler
Sent: Friday, July 8, 2022 10:56 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:25501] DKIM

hello
I presume some of you think that DKIM is more snake oil than an effective 
remedy against spam, but I still want to give it a try... So many e-mails sent 
from my server get tagged in the recipient's mailboxes that an improvement of 
that server's reputation in all those databases (they moan «not signed with 
DKIM») might maybe help.
Instructions at e.g. https://www.agari.com/email-security-blog/dkim-setup/ say 
that one has to install a DKIM package like OpenDKIM (http://opendkim.org/) 
Now, is this compatible with BlueOnyx? Has anyone done this before and could 
explain how-to? I don't want to mess around with stuff I'm not really used to 
like compiling and such...
Thank you and best regards

で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25524] Re: Strange DNS goings on

[Ken Hohhof]

Not sure what that CNAME query at dnschecker.org does, but as long as a regular 
A query for autodiscover.flintevos.co.uk returns the correct results, does it 
matter? 

 

Here's what I get (I'm in the US):

 

C:\Users\khohhof>nslookup

Default Server:  ns2.dns.rcn.net

Address:  208.59.247.45

 

> autodiscover.flintevos.co.uk

Server:  ns2.dns.rcn.net

Address:  208.59.247.45

 

Non-authoritative answer:

Name:autodiscover.cloudplatform1.com

Addresses:  51.140.78.157

  51.140.253.155

Aliases:  autodiscover.flintevos.co.uk

 

> server 8.8.8.8

Default Server:  dns.google

Address:  8.8.8.8

 

> autodiscover.flintevos.co.uk

Server:  dns.google

Address:  8.8.8.8

 

Non-authoritative answer:

Name:autodiscover.cloudplatform1.com

Addresses:  51.140.253.155

  51.140.78.157

Aliases:  autodiscover.flintevos.co.uk

 

> server 1.1.1.1

Default Server:  one.one.one.one

Address:  1.1.1.1

 

> autodiscover.flintevos.co.uk

Server:  one.one.one.one

Address:  1.1.1.1

 

Non-authoritative answer:

Name:autodiscover.cloudplatform1.com

Addresses:  51.140.253.155

  51.140.78.157

Aliases:  autodiscover.flintevos.co.uk

 

> 

 

And if I specifically do a CNAME query, that seems to work also.

 

C:\Users\khohhof>nslookup

Default Server:  ns2.dns.rcn.net

Address:  208.59.247.45

 

> set type=CNAME

> autodiscover.flintevos.co.uk

Server:  ns2.dns.rcn.net

Address:  208.59.247.45

 

Non-authoritative answer:

autodiscover.flintevos.co.ukcanonical name = autodiscover.cloudplatform1.com

> 

 

-Original Message-
From: Blueonyx  On Behalf Of Colin Jack
Sent: Sunday, July 24, 2022 1:24 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:25523] Strange DNS goings on

 

We have customer’s IT guys having difficulty with CNAMES on our servers.

 

If they use something like dnschecker.org it doesn’t return any CNAME records. 
Returns all other records.

 

e.g 

autodiscover.flintevos.co.uk

 

If I look up  
 
https://dnschecker.org/cname-lookup.php?query=flintevos.co.uk&dns=google I get 
no result.

If however I use dig I get

 

colin@Colins-MacBook-Pro ~ % dig @8.8.8.8 autodiscover.flintevos.co.uk

 

; <<>> DiG 9.10.6 <<>> @8.8.8.8 autodiscover.flintevos.co.uk

 

;; ANSWER SECTION:

autodiscover.flintevos.co.uk. 3600 IN CNAME  
autodiscover.cloudplatform1.com.

autodiscover.cloudplatform1.com. 104 IN   A  51.140.78.157

autodiscover.cloudplatform1.com. 104 IN   A  51.140.253.155

 

Anybody any idea what's going on?

 

Thanks

 

Colin

 

 

___

Blueonyx mailing list

  Blueonyx@mail.blueonyx.it

  
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25521] Re: Have you ever wanted to run BlueOnyx on a Blue Onyx?

[Ken Hohhof]

Paul Bunyan has a Blue Ox named Babe.

-Original Message-
From: Blueonyx  On Behalf Of Meaulnes Legler 
@ MailList
Sent: Thursday, July 21, 2022 2:39 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:25519] Re: Have you ever wanted to run BlueOnyx on a Blue 
Onyx?

ha! isn't the name BlueOnyx trademarked? Even with one or two spaces in it?

What would happen if you would baptize 5211R something like RockyOnyx or 
AlmaOnyx? (I know you wouldn't anyway:-)

Best regards

ド⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660

On 21.07.22 05:02, Michael Stauber wrote:
> Hi all,
> 
> Small excerpt from an article on "The Register":
> 
> --
> The Rocky Linux Project has released version 9 of its RHEL-compatible distro 
> and debuted its new build service.
> 
> Rocky Linux 9, codenamed "Blue Onyx", is here at last, some two months after 
> the upstream distro on whose source code it is based. Its progenitor, Red Hat 
> Enterprise Linux 9, was announced on May 10. The best-known other modern 
> CentOS Linux replacement, AlmaLinux 9, went into beta in April, and shipped 
> just over a fortnight after Red Hat.
> 
> Some other RHEL rebuilds seem to be struggling with version 9, too. Oracle 
> released Oracle Linux 9 this month, and some of the lesser-known projects 
> still haven't released their final versions. For instance, Virtuozzo's 
> VzLinux 9 remains in beta.
> 
> Source: https://www.theregister.com/2022/07/18/rocky_linux_9/
> --
> 
> The Rocky Linux guys named their RHEL9 clone "Blue Onyx". How original! How 
> groundbreaking! What a nice choice. /slow_clapping.gif
> 
> Eventually when 5211R is released, you may be able to run BlueOnyx on a Blue 
> Onyx. I might even release a BlueOnyx 5211R package with two spaces in the 
> name, so that you can install Blue   Onyx on a BlueOnyx that runs on a Blue 
> Onyx. ;o)
> 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25486] Re: Lets Encrypt cert renewal and Website Redirect

[Ken Hohhof]

It seems service providers on this list spend a lot of time tinkering with Lets 
Encrypt to keep it working.  Out of curiosity, what is the reason not to just 
tell your customers to buy a cert from a certificate authority (one that 
actually charges money)?  Yes, I realize certs expire, but on the timeframe of 
years, not months.  Also the webhost doesn’t have to send emails, hope they 
work, etc.  The customer give you the keys, you install them on the server.

 

I’m not arguing for one approach or the other, just want to know the reasoning 
behind incurring what is apparently a lot of trouble.

 

From: Blueonyx  On Behalf Of Tobias Gablunsky
Sent: Thursday, June 30, 2022 11:19 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:25485] Lets Encrypt cert renewal and Website Redirect

 

Hi there,

 

how do you proceed to renew lets encrypt certificates for websites that are 
permanent redirects only? Because automatic renewal doesn't work - the requests 
from lets encrypt for their files under ".wellknown/..." are forwarded as every 
other request.

 

So I always deactivate the forwarding, renew the cert manually and re-activate 
it afterwards. But that's not how it's meant to be, is it?

 

>From my point of view, this task has to be integrated into BlueOnyx: 
>deactivate redirect -> renew certificate -> reactivate redirect. Don't you 
>think so?

 

Regards,
Tobias

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25470] Re: New admin error: Forbidden You do not have permission to access the requested file on this server.

[Ken Hohhof]

Personally, I'd turn it back off, unless you actually intend to use it.

 

From: Blueonyx  On Behalf Of
f.ka...@fairtalk.com
Sent: Monday, June 13, 2022 2:35 PM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:25469] Re: New admin error: Forbidden You do not have
permission to access the requested file on this server.

 

Indeed. On port 9090 the AlmaLinux Cockpit of our BO server opens.

 

 

From: Blueonyx mailto:blueonyx-boun...@mail.blueonyx.it> > On Behalf Of Ken Hohhof
Sent: Monday, 13 June 2022 21:10
To: 'BlueOnyx General Mailing List' mailto:blueonyx@mail.blueonyx.it> >
Subject: [BlueOnyx:25468] Re: New admin error: Forbidden You do not have
permission to access the requested file on this server.

 

I think Cockpit is something different than the BO web GUI.  I know on
Fedora Cockpit runs by default on port 9090 and makes me nervous about
hackers.

 

From: Blueonyx mailto:blueonyx-boun...@mail.blueonyx.it> > On Behalf Of
f.ka...@fairtalk.com <mailto:f.ka...@fairtalk.com> 
Sent: Monday, June 13, 2022 1:44 PM
To: BlueOnyx General Mailing List mailto:blueonyx@mail.blueonyx.it> >
Subject: [BlueOnyx:25467] New admin error: Forbidden You do not have
permission to access the requested file on this server.

 

Hi 

On our 5210R we added a new Server Administrator. When trying to log in via
the GUI we get the error message: Forbidden You do not have permission to
access the requested file on this server.

Accessing the server via CLI we have no problem, although were requested to
"Activate the web console with: systemctl enable --now cockpit.socket". We
did that now. It took 3 steps:
 AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files 
Authentication is required to manage system service or unit files.
Authenticating as: Administrator (admin)
Password:
 AUTHENTICATION COMPLETE 
 AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon 
Authentication is required to reload the systemd state.
Authenticating as: Administrator (admin)
Password:
 AUTHENTICATION COMPLETE 
 AUTHENTICATING FOR org.freedesktop.systemd1.manage-units 
Authentication is required to start 'cockpit.socket'.
Authenticating as: Administrator (admin)
Password:
 AUTHENTICATION COMPLETE 

Still getting "Forbidden You do not have permission to access the requested
file on this server." On the GUI.

What could be the reason? How to fix it?

Best regards
Felix

[

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25468] Re: New admin error: Forbidden You do not have permission to access the requested file on this server.

[Ken Hohhof]

I think Cockpit is something different than the BO web GUI.  I know on
Fedora Cockpit runs by default on port 9090 and makes me nervous about
hackers.

 

From: Blueonyx  On Behalf Of
f.ka...@fairtalk.com
Sent: Monday, June 13, 2022 1:44 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:25467] New admin error: Forbidden You do not have
permission to access the requested file on this server.

 

Hi 

On our 5210R we added a new Server Administrator. When trying to log in via
the GUI we get the error message: Forbidden You do not have permission to
access the requested file on this server.

Accessing the server via CLI we have no problem, although were requested to
"Activate the web console with: systemctl enable --now cockpit.socket". We
did that now. It took 3 steps:
 AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files 
Authentication is required to manage system service or unit files.
Authenticating as: Administrator (admin)
Password:
 AUTHENTICATION COMPLETE 
 AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon 
Authentication is required to reload the systemd state.
Authenticating as: Administrator (admin)
Password:
 AUTHENTICATION COMPLETE 
 AUTHENTICATING FOR org.freedesktop.systemd1.manage-units 
Authentication is required to start 'cockpit.socket'.
Authenticating as: Administrator (admin)
Password:
 AUTHENTICATION COMPLETE 

Still getting "Forbidden You do not have permission to access the requested
file on this server." On the GUI.

What could be the reason? How to fix it?

Best regards
Felix



[

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:25323] Re: CVE-2021-4034 (PwnKit) *** IMPORTANT ***

[Ken Hohhof]

Michael, thanks.

Do we even need pkexec?

And does the "temporary mitigation" take care of it, or could a regular user
undo that?
chmod 0755 /usr/bin/pkexec


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Tuesday, January 25, 2022 11:33 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:25322] Re: CVE-2021-4034 (PwnKit) *** IMPORTANT ***

Hi all,

> Yes, the BlueOnyx YUM repositories are currently borked. :-(
> 
> Am on it. Should have them up again in a few minutes.

The BlueOnyx YUM repositories are working again. Sorry, that was a stupid
mistake unrelated to the "Polkit" fix. Somehow the toplevel YUM repo had
switched from running a fully configured Apache to a semi-configured Nginx.
I turned off (and disabled) Nginx and restarted Apache and that brought the
repositories back online.

One good good thing came from that, though: This allowed me to find a weak
link in our distributed repository architecture. The subsequent mirrors
should still work even if the toplevel repository doesn't. Which clearly
wasn't the case due to a callback whose "continue on error" 
didn't work. That's going to be fixed in a few minutes as well.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24899] Re: Web FTP interface

[Ken Hohhof]

IMHO this is like expecting the power company to install an icemaker on your 
refrigerator.  There are people called web designers you pay to do things like 
this.  People are always wanting their ISPs and hosting providers to do things 
for free rather than just pay some guy who does this for a living.  We are 
primarily an ISP and we run into this problem all the time with customers who 
want us to fix their computer and networking problems for free rather than pay 
the computer guy.

 

I vaguely recall a long time ago customers using their web browser (probably 
Internet Explorer) to upload files to their /~username personal websites, the 
problem we had was all these files with spaces in the filenames which were then 
difficult to delete using Linux.  Another concern I would have is you say it 
needs to be secure.

 

Sorry to be so grumpy, but when I hear customer doesn’t want users to have to 
install Filezilla, I want to reach for my tiny violin, and my reaction is how 
is this my problem?

 

 

From: Blueonyx  On Behalf Of Colin Jack
Sent: Friday, April 9, 2021 8:08 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:24898] Web FTP interface

 

Just a quick question. 

 

We have a client that wants to set up a simple to use web based FTP interface 
to allow customers to upload artwork securely.

Our customer doesn’t want users to have to install Filezilla etc. but to have a 
web page with login that allows simple upload – similar to  uploading photos to 
Photobox for example.

 

Does anybody have any suggestions?

I looked through the apps on BlueOnyx Shop to see if I could find anything 
suitable but couldn’t see anything?

 

Thanks

 

Colin

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24871] Re: FreeBSD 13 and pfSense drama (Off-Topic)

[Ken Hohhof]

OK, true, this doesn't reflect well on Netgate.

The fact that the guy is an ex-con makes for a good headline, but is perhaps
somewhat irrelevant to the story.  Here in the Chicago area we used to have
a hot dog place named "Felony Franks" that employed ex-cons.  I wonder which
is more worrisome, having felons cook your food or write your code?


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Sunday, March 28, 2021 12:39 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:24870] Re: FreeBSD 13 and pfSense drama (Off-Topic)

Hi Ken,

> The lesson of the article seems not to be that the convicted felon 
> wrote bad code (although he did), but that open source code being safe 
> because it is reviewed by the community is a myth.

There are quite a few lessons to be drawn from this. I'm more puzzled at
Netgate kicking pfsense 2.5.0 out of the door with this garbage included and
then having the audacity to yell at FreeBSD "You published zero-day-exploits
for our product!" when FreeBSD replaced the buggy code. :p

That's a real classy act.

And no: "reviewed by community" has always been a myth or is at least way
overrated. Usually nobody looks at pre-release code unless they have to for
very specific and narrow reasons.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24869] Re: FreeBSD 13 and pfSense drama (Off-Topic)

[Ken Hohhof]

The lesson of the article seems not to be that the convicted felon wrote bad
code (although he did), but that open source code being safe because it is
reviewed by the community is a myth.


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Saturday, March 27, 2021 11:43 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:24868] FreeBSD 13 and pfSense drama (Off-Topic)

Hi all,

This is not BlueOnyx related at all, but if you want a giggle at the expense
of others, say no more:

https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-a
nd-bad-code-freebsd-13s-close-call/

TL;DR: Netgate paid a convicted felon to port WireGuard into the FreeBSD
kernel to make it easier for them to use pfSense on FreeBSD for their stuff.
That guy eventually delivered and the code submission was merged into the
code tree for the upcoming release of FreeBSD 13.

Until the FreeBSD core maintainers found out what an unmitigated and
exploitable disaster that code was. "Bad" just doesn't cut it. It was a hell
of a lot worse.

So in a two week bender they rewrote it from scratch on their own. Which
gave Netgate the fits and put them into a rage-fit of accusations and easily
refutable denials. The reason for that unwise move was: They already had
merged the shitty pre-beta FreeBSD-code into pfSense 2.5.0 (released a month
before FreeBSD 13 was to come out) and FreeBSD's fixes now clearly showed
what an exploitable buggy mess pfSense 2.5.0 actually had become.

End result: FreeBSD and Netgate no longer seem to be "friends" and WireGuard
has been stripped from the upcoming FreeBSD 13 release entirely.

That went well. /facepalm

I actually liked pfSense a little. Now I'm wondering what other "surprises"
they have under the hood. :-/

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24601] Re: End of life of Centos 8?

[Ken Hohhof]

Michael, what do you know about Oracle Linux?  I had never heard of it, but
this blog post sounds very convincing:
https://blogs.oracle.com/linux/need-a-stable%2c-rhel-compatible-alternative-
to-centos-three-reasons-to-consider-oracle-linux

I assume this is in no way an outgrowth of Solaris.  I'll admit I have a
possibly prejudiced negative opinion of Larry Ellison and thought of Oracle
as buying companies to kill them.  Those opinions may be totally uninformed.
But it seems strange that Debian, Ubuntu and Fedora come to mind but I've
never even heard of Oracle Linux before.

It also seems like IBM buying RedHat is reminiscent of what happened when
Oracle bought Sun.  Again, maybe an uninformed opinion.


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Tuesday, December 8, 2020 7:09 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:24571] Re: End of life of Centos 8?

Hi Ernie,

> I wonder how Michael went with that experimental Debian port :)

It's still just that: A little side-show experiment.

Porting the build-environment from spitting out RPMs to building DEBs is a
colossal undertaking and I didn't get very far with it yet. :-/

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24286] Re: 5209R logins - More code archeology

[Ken Hohhof]

That's just a minor part of it.  People still measure their kids height in feet 
and their temperature in Fahrenheit, and buy things at the store by the quart, 
gallon, pound, foot and yard.  Even when their car has a 13 mm nut they use a 
1/2 inch wrench.  Wine does tend to come by the liter, so most people just 
assume that's a quart.

'mericans are very stubborn.


-Original Message-
From: Blueonyx  On Behalf Of Greg Kuhnert
Sent: Friday, September 11, 2020 2:52 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:24283] Re: 5209R logins - More code archeology



> On 11 Sep 2020, at 11:58 pm, Ken Hohhof  wrote:
> 
> Good luck fixing something that's been "wrong" for 20 years.  Here in 
> the U.S. we can't even get people to use the metric system.


You realise that the US has officially endorsed metric. They just can’t work 
out who will pay to change the street signs. Federal , state, county, city? The 
signs are all owned by cities, but they dont have budget. And if federal 
changed it, you’d have some yokel city planner who doesn’t like them new metric 
numbers who will change em back.

:)


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24280] Re: 5209R logins - More code archeology

[Ken Hohhof]

Good luck fixing something that's been "wrong" for 20 years.  Here in the
U.S. we can't even get people to use the metric system.

It reminds me of the ship captain demanding that a lighthouse change course.
https://en.wikipedia.org/wiki/Lighthouse_and_naval_vessel_urban_legend


-Original Message-
From: Blueonyx  On Behalf Of Ernie
Sent: Friday, September 11, 2020 8:27 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:24279] Re: 5209R logins - More code archeology

Hi Michael,
it's not hard to see what happened it's in the code comments.

Here is part of  /etc/admserv/conf/httpd.conf on a 5107R box.

# ssl is on for the admin server by default 
SSLEngine off RewriteEngine On
RewriteCond %{HTTP_HOST}^([^:]+)
RewriteCond %{DOCUMENT_ROOT}!-d
RewriteRule .*  http://%1:444/error/forbidden.html
[L,R
RewriteCond %{HTTP_HOST}^([^:]+)
RewriteRule ^/admin/?$  http://%1:444/login.php [L,R]
RewriteCond %{HTTP_HOST}^([^:]+)
RewriteRule ^/siteadmin/?$  http://%1:444/login.php [L,R]
RewriteCond %{HTTP_HOST}^([^:]+)
RewriteRule ^/personal/?$   http://%1:444/login.php [L,R]
RewriteCond %{HTTP_HOST}^([^:]+)
RewriteRule ^/login/?$  http://%1:444/login.php [L,R]



The comment says that "ssl is on for the admin server by default", hence
it's on port 444 but someone has snuck in "SSLEngine off", contridicting the
comment, and did not changed the port back to 81, so there it remains on the
wrong port for years.


- Ernie.


> Hi Ernie,
> 
> > eg. normal http is port 80, so http admin was port 81
> > normal https is port 443 so hrrps admin was port 444.
> > 
> > I am not sure when that was changed the other way around, it was 
> > several years ago that's for certain. I prefered the original cobalt
ports.
> 
> Nice catch. But as for
> https://www.mail-archive.com/cobaltfacts@list.cobaltfacts.com/msg03281
> .html ... that's from 2005 and doesn't mention anything with the 
> Sausalito GUI, but was a specifically catered response for a RaQ 1/2/3 
> related question. And by *now* I'm sure that the info there wasn't 
> correct to begin with. For the RaQ3 that answer is definitely wrong.
> 
> I just downloaded the Qube2 and Qube3 OS restore CD and took a look. I 
> also found a mirror of my old data.smd.net where I had all the Cobalt 
> related stuff hosted. I lost that data 10 years ago in a hard disk 
> crash, but I'm thankful to Arthur and Franklin for making that mirror, 
> so that I can get it back now.
> 
> Let us dive a bit into the early days: Recall that the Qube's were 
> billed as workgroup servers? They couldn't do multiple Vsites. So they 
> only had one (primary) Vsite. It also seems like the Qube 2 (at least 
> as far as the ISO from 1997 goes) couldn't do SSL - at all.
> 
> So as far as the Qube and Qube 2 go you had port 80 for reaching the 
> primary webpage. IF there was one. If there wasn't, then that would 
> lead to a landing page that redirected to http://:81, 
> where you found the GUI via HTTP.
> 
> I then checked the RPM repository of the RaQ2 and although it *does* 
> have OpenSSL-0.9.5a, neither Apache nor the AdmServ have any HTTPS 
> provisions. At all.
> 
> See: http://data.blueonyx.biz/ftp.cobalt.com/products/raq2/RPMS/
> 
> So RaQ, RaQ 2, Qube, Qube 2: No SSL Apache, no SSL GUI.
> 
> This seems to be supported by the screenshot from a PDF manual, which 
> shows a page of the RaQ 2 GUI with the URL bar *not* cropped out of 
> the picture.
> 
> And there it says: http://bert.cobaltnet.com:81/sysManage/index.html
> 
> So HTTP and port 81.
> 
> I couldn't find any OS restore CDs for the RaQ3 or RaQ4. So again 
> let's go and check the mirrored RPMs instead:
> 
> Qube2 Apache and AdmServ configs:
> http://data.blueonyx.biz/ftp.cobalt.com/products/qube2/eng/RPMS/apache
> -conf-q2-1.0-13.noarch.rpm
> --/etc/admserv/httpd.conf--
> Port 81
> ---
> No SSL provisions.
> 
> RaQ2 Apache and AdmServ configs:
> http://data.blueonyx.biz/ftp.cobalt.com/products/raq2/RPMS/apache-conf
> -raq2-1.0-17.noarch.rpm
> --/etc/admserv/httpd.conf--
> Port 81
> ---
> No SSL provisions.
> 
> RaQ3 Apache and AdmServ configs:
> http://data.blueonyx.biz/ftp.cobalt.com/products/raq3/RPMS/apache-conf
> -pacifica-14.noarch.rpm
> --/etc/admserv/httpd.conf--
> Listen 81
> Listen 444
> [...]
> 
> SSLEngine off
> 
> ---
> 
> RaQ4 Apache and AdmServ configs:
> http://data.blueonyx.biz/ftp.cobalt.com/products/raq4/RPMS/apache-conf
> -shinkansen-4.noarch.rpm
> --/etc/admserv/httpd.conf--
> Listen 81
> Listen 444
> [...]
> 
> SSLEngine off
> 
> ---
> 
> RaQ XTR Apache and AdmServ configs:
> http://data.blueonyx.biz/ftp.cobalt.com/products/raqxtr/eng/RPMS/apach
> e-conf-monterey-23.noarch.rpm
> --/etc

[BlueOnyx:24267] Re: 5209R logins

[Ken Hohhof]

I'm trying to remember, does 444 go all the way back to Sun Cobalt?

Hey, if I could get in a time machine and go back and change things in history, 
there's lots of things I would change.

-Original Message-
From: Blueonyx  On Behalf Of Ralf Quint
Sent: Thursday, September 10, 2020 3:24 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:24265] Re: 5209R logins

On 9/10/2020 1:10 PM, Chris Gebhardt - VIRTBIZ Internet wrote:
> Hi Ralph
>
> > Considering that TCP/443 is the default port for https and TCP/80 is
> the default port for http, this doesn't make much sense!
> > Why did you chose opposite "+1" ports for this =-O:-(
>
> These ports are for the BlueOnyx GUI.   Not for websites.You can't 
> very well have the control panel GUI on the same ports as regular 
> Apache (or whatever your webserver of choice).That's standard 
> across all hosting systems I've come into contact with.
>
Well, you did not pay attention, which starts already with my name...

I am fully aware that those are the ports for access the GUI and not for web 
sites (I am using the Internet before it was referred to as Internet).

What I was referring to is why the "+1" port for access to the GUI are swapped 
between https and http according to Michael's post.
More logically TCP/81 should be the http port and TCP/444 the https port for 
accessing the GUI just as TCP/80 is the http port and TCP/443 the default https 
port for web sites.

Ralf

-- 

--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24219] Re: Personal web pages in 5210R

[Ken Hohhof]

I agree, we haven't seen interest in this for literally 20 years.  Personal 
websites were replaced by social media (maybe Geocities in the early days of 
that timeline).  If these are web designers wanting to showcase their work, 
they should get a domain or you could offer subdomains, instead of user 
directories with the confusing tilde.  If you can't even afford a domain for 
your work, who would pay you to design a site for them?  It's like hiring an IT 
professional who has an AOL email address.

Actually, I'd say over 90% of problems we ever encountered with Cobalt/BQ/BO 
hosting was customers mistakenly uploading to the personal directory of the 
site admin rather than the public site.  So this was a feature people haven't 
wanted for many many years, that caused all sorts of problems.


-Original Message-
From: Blueonyx  On Behalf Of Chris Gebhardt 
- VIRTBIZ Internet
Sent: Thursday, August 27, 2020 7:30 AM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:24217] Re: Personal web pages in 5210R

Hi Ernie,

On 8/27/2020 7:10 AM, Ernie wrote:
> How does one go about adding personal web pages in 5210R like you can 
> do in 5209R and prior versions.
>
> There use to be a web directory in each users home they could put 
> pages into, that seems to be missing in 5210R and access via a url like"
> http://example.com/~bob or https://www.example.com/~ernie
>
I'm asking because I'm genuinely curious:  Is this still a useful function in 
this day and age, or is it more of an issue that you have some users who have 
had it since the dark ages and expect it will be carried over?In my 
experience, the /~userweb was a very seldom-used feature and given the relative 
inconvenience of using it vs. other publishing methods, I'm curious to know 
what the use case is these days.   Perhaps I'm being myopic?

--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated www.virtbiz.com | toll-free (866) 4 
VIRTBIZ

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24200] Re: 5210R recommendations

[Ken Hohhof]

Could you be logging HTTP requests by hostname and rDNS is timing out?

 

From: Blueonyx  On Behalf Of Colin Jack
Sent: Friday, August 21, 2020 11:20 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:24199] Re: 5210R recommendations

 

Hi Ken,

 

Wow, that’s difficult to answer without knowing the website design and what 
they are complaining about.  Does the site have a lot of dynamic content, PHP 
code, a CMS, a big database, or maybe a big image on the homepage?  Is their 
test server hosted or on the web designer’s LAN?

 

I have seen customer sites with a rotating carousel of high res images on the 
homepage, and the limiting factor is Internet speed.

 

Test server is on the internet using a Rackspace VPS. Ours is on a Virtbiz 
Aventurine Node Server. Decent spec.

 

Running the live site through https://webpagetest.org I get a very slow first 
byte speed (F). Everything else scores an A.

Their test site scores straight A’s with a very fast first byte.

 

We have 300mbps internet so that is not a limiting factor.

 

You should also probably add hard drive speed to your list, as well as type 
(HDD vs SSD), if the site has large images.

 

The site is not that big and images etc. have all been optimised. It is just 
the initial load speed.

 

Regards

 

Colin

 

 

From: Blueonyx mailto:blueonyx-boun...@mail.blueonyx.it> > On Behalf Of Colin Jack
Sent: Friday, August 21, 2020 10:42 AM
To: BlueOnyx General Mailing List mailto:blueonyx@mail.blueonyx.it> >
Subject: [BlueOnyx:24197] 5210R recommendations

 

Some guidance please.

 

We have just gone live with our first 5210R CT.

It has one live website so far and the customer’s website designer is 
complaining that it is slow compared to their test server. 

What would be the recommended initial spec for

 

CPU units

Ram

Swap

 

Thanks

 

Colin

 

 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24198] Re: 5210R recommendations

[Ken Hohhof]

Wow, that’s difficult to answer without knowing the website design and what 
they are complaining about.  Does the site have a lot of dynamic content, PHP 
code, a CMS, a big database, or maybe a big image on the homepage?  Is their 
test server hosted or on the web designer’s LAN?

 

I have seen customer sites with a rotating carousel of high res images on the 
homepage, and the limiting factor is Internet speed.

 

You should also probably add hard drive speed to your list, as well as type 
(HDD vs SSD), if the site has large images.

 

From: Blueonyx  On Behalf Of Colin Jack
Sent: Friday, August 21, 2020 10:42 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:24197] 5210R recommendations

 

Some guidance please.

 

We have just gone live with our first 5210R CT.

It has one live website so far and the customer’s website designer is 
complaining that it is slow compared to their test server. 

What would be the recommended initial spec for

 

CPU units

Ram

Swap

 

Thanks

 

Colin

 

 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:24055] Re: DNS servers not syncing.

[Ken Hohhof]

Sounds like BIND 9.9+ and zonefile in raw format instead of text.  There is a 
conversion utility
https://kb.isc.org/docs/aa-00608
or if your zone transfers are modest in size, I think there is a 
masterfile-format directive.

-Original Message-
From: Blueonyx  On Behalf Of Colin Jack
Sent: Tuesday, June 30, 2020 3:12 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:24054] Re: DNS servers not syncing.

Hi Michael,

> All are 5208R – I am loath to move to 5209R or 5210R because I find it
> useful to be able to check records by reading the plain text files in
> the named folder!

That's actually the same on 5210R, as it uses the same setup for DNS as
all previous versions of BlueOnyx.

What I meant was I can cat db.domain.com in /etc/named/named and get a text 
output that I can read (so for example can check the serial no. on the 
secondary.)

Can't do that on 5209R or 5210R ... :-/

Just tried on 5210R and get the same as 5209R which is not easily readable.

Regards

Colin




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23934] Re: Recent problems with mail delivery to some domains

[Ken Hohhof]

Before looking at technical fixes, I would first ask if I have mail
customers whose credentials have been compromises and are being used to send
spam.  This will get your server IP blacklisted for sending spam.  Are you
sure the webpage they are sending you to via the SMTP error code isn't
helpful?  I've seen some that tell you exactly why they are refusing mail
from you.

 

I suspect that SPF, DKIM and DMARC will be of little to no use in solving
this problem.

 

You could also check your mailserver IP address for blacklists at a site
like https://mxtoolbox.com/blacklists.aspx

 

From: Blueonyx  On Behalf Of Chuck Tetlow
Sent: Wednesday, June 3, 2020 5:12 PM
To: BlueOnyx Mail List 
Subject: [BlueOnyx:23933] Recent problems with mail delivery to some domains

 

Hello BlueOnyx experts,

 

Has anyone suddenly had problems delivering email to some domains - mostly
Hotmail, Outlook, and other Microsoft domains?  Over the last couple of
weeks - I find that I suddenly can't send email to Hotmail.  It bounces back
every time with a logged "service unavailable".  And the bounce error
message leads to a webpage with a very vague explanation - and essentially
no way to fix it.

 

I'm also beginning to get multiple inquiries from my customers - when their
users can't send mail to M$ domains.  So I've got to find a resolution. 

 

I've checked multiple sources, and neither the domain or the IP address is
blacklisted.  I've checked forward and reverse DNS records - all are
correct.  I already had a loose SPF record, now have tightened that up - no
difference.  So I went out to get info on DMARC - and created a DMARC
record.  Still no help.  Every message fails.

 

I considered (briefly) DKIM - but that seems to be a challenging system,
which appears to require changes to the MTA.  And I just don't know if
BlueOnyx supports DKIM, or will allow Sendmail to be modified to use DKIM.

 

So questions: Has anyone else experienced this problem with
Hotmail/Outlook/Microsoft.com/etc?  And has anyone found a resolution to the
problem?  I'd love to hear about your fix!

 

Second.  Does anyone know if we can implement DKIM in BlueOnyx?  I suspect
that sooner or later - everyone will HAVE to go to DKIM.  As more and more
strict SPAM fighting measures are put in place - I believe DKIM will be the
ultimate solution to combat spoofing FROM addressing.

 

Thanks everyone.  I appreciate any suggestions on fixing this problem.  

 

 

 

Chuck

 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23089] Re: error on 5208 vps

[Ken Hohhof]

Sounds like the same issue I was having after the proftpd yum update.  See 
Michael’s last message to me about adding a line to the conf files with

 

  DefaultChdir/web

 

 

From: Blueonyx  On Behalf Of Richard Barker
Sent: Sunday, August 4, 2019 9:51 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:23088] error on 5208 vps

 

Getting this error the week:

ROOT PRIVS: unable to setegid(): Operation not permitted
RELINQUISH PRIVS: unable to seteuid(PR_ROOT_UID): Operation not permitted
 
Thought
RC

-- 

Richard C. Barker Sr. 
CEO & President 
1-813-873-8942 
ProBass Networks Inc. 
www.probassnetworks.net   
www.probass.net   
*** 
DISCLAIMER : - 
This e-mail is confidential and intended only for the use 
of the individual or entity named above and may contain 
information that is privileged. If you are not the intended 
recipient, you are notified that any dissemination, distribution 
or copying of this e-mail is strictly prohibited. If you have 
received this email in error, please notify us immediately 
by return email or telephone and destroy the original message. 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23087] Re: fixproftpd_conf.pl

[Ken Hohhof]

OK, thanks for the clarification.

It still looks to me like we had those containers in the config from
2014-2019 via the yum updates.  (5208R version)  So even though we always
told siteadmins they needed to cd to /web, some probably ignored that and
got away with it.  You know how people are, instructions are taken as
optional recommendations, especially if there are no penalties.

It looks like the yum update saved a copy of the old config, and it would
probably be safe to cut and paste that into the new config.  Or just tell
the one customer having a problem (they had their site redesigned in 2016)
to change the path to /web.  Seems like either approach would work.


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Friday, August 2, 2019 6:16 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23086] Re: fixproftpd_conf.pl

Hi Ken,

> I see this script in /usr/Sausalito/sbin and it seems to do what is 
> says in the comments:
> 
> # $Id: fixproftpd_conf.pl Sat 25 Jan 2014 15:40:02 PM COT mstauber $

This script is deprecated.

Once upon a time we used it after ProFTPd upgrades to add the
-containers to proftpd.conf. But we eventually stopped using
the -containers altogether, as they were more trouble than it
was worth.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23085] fixproftpd_conf.pl

[Ken Hohhof]

I see this script in /usr/Sausalito/sbin and it seems to do what is says in
the comments:

 

#!/usr/bin/perl -I/usr/sausalito/perl -I/usr/sausalito/handlers/base/vsite

# $Id: fixproftpd_conf.pl Sat 25 Jan 2014 15:40:02 PM COT mstauber $

#

# This script prints out the VirtualHost containers that are supposed to 

# be present in your /etc/proftpd.conf - based on the IPs your sites are

# using.

 

It seems to just print the missing VirtualHost containers, not insert them
into proftpd.conf.

 

Are these indeed still supposed to be present?  Will running this script fix
the problem my one customer is having?  What about running the script and
then pasting the output into proftpd.conf?  Or was this script supposed to
be called by some other script that would modify the conf file?

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23082] Re: CushyCMS and ProFTPD

[Ken Hohhof]

This is probably a question for Michael.

I see on the server files that seem to be saved copies of the old
proftpd.conf, prior to yum updates:

-rw---   1 root root  6155 Nov 16  2014 proftpd.conf.pre-1.3.5
-rw---   1 root root 11618 Jul 24 06:00 proftpd.conf.pre-1.3.5e

The first one from 2014 does not have any of the entries that Tobias
mentions.  But the second one from a couple weeks ago has a bunch of entries
like this:


DefaultRoot / wheel
DefaultRoot / admin-users
DefaultRoot ~/../../.. site-adm
DefaultRoot ~ !site-adm
AllowOverwrite  on
DefaultChdir/web
DisplayLogin.ftphelp



DefaultRoot / wheel
DefaultRoot / admin-users
DefaultRoot ~/../../.. site-adm
DefaultRoot ~ !site-adm
AllowOverwrite  on
DefaultChdir/web
DisplayLogin.ftphelp


Currently my proftpd.conf has no VirtualHost containers at all.  It looks
like they appeared in 2014, and went away again in 2019.

I had RaQ, RaQ3, RaQ550, BlueQuartz and now BlueOnyx.  Through those 20
years, I always thought ftp users would have to cd to the /web directory.  I
think for a brief period I modified the DefaultRoot so siteadmins would
start out in the site web directory rather than their home directory, but
stopped that, I think because it would get blown away after updates.

So did something change in 2014?  I'm not sure if it was DefaultChdir as
mentioned by Tobias, or DefaultRoot, or both?  And did this get broken in
the recent update?  Or is it just my server?  If those VirtualHost entries
are supposed to be there, is there a script I can run to get them back?

-Original Message-
From: Blueonyx  On Behalf Of Tobias
Gablunsky
Sent: Friday, August 2, 2019 9:41 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:23078] Re: CushyCMS and ProFTPD

Hi Ken,

have you checked if the entra
"DefaultChdir/web"
is still included in your /etc/proftpd.conf (resp. /etc/proftpds.conf)?

This is the entry needed for changing directory to /web by default. Maybe
this has changed through the update of proftpd?

Regards,
Tobias


> -Original Message-
> From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of 
> Ken Hohhof
> Sent: Friday, August 02, 2019 2:48 PM
> To: 'BlueOnyx General Mailing List' 
> Subject: [BlueOnyx:23076] Re: CushyCMS and ProFTPD
> 
> It sounds like there was a genuine vulnerability that was fixed, so 
> I'm reluctant to roll back the update in order to accommodate one
customer.
> 
> Yesterday I signed up for a free Cushy account so I could reproduce 
> and troubleshoot the problem.  To my surprise ... no problem!
> 
> Here's my best guess, I think the customer's web designer who set up 
> the CMS probably used / as the path, while I used /web.  And perhaps 
> this was causing Cushy to explore directories not owned by the 
> siteadmin, like maybe php.d.
> 
> That still leaves the mystery of what changed in ProFTPd, because this 
> was working since 2016.  But I'm hoping the customer does not have the 
> path set to  /web, and that changing it will resolve the problem for 
> her.  (Note that I suspect the web designer has a branded pro account 
> from Cushy and the customer is just enrolled as an editor of her site 
> and therefore can't see or change the configuration.)
> 
> Web designers can be difficult to deal with.  They are artists!  And 
> hosting is just a commodity, low skill work by vendor scum who can be 
> replaced with the snap of a finger.
> 
> -Original Message-
> From: Blueonyx  On Behalf Of 
> Michael Stauber
> Sent: Thursday, August 1, 2019 1:09 PM
> To: blueonyx@mail.blueonyx.it
> Subject: [BlueOnyx:23063] Re: CushyCMS and ProFTPD
> 
> Hi Ken,
> 
> > Since the problem started with the ProFTPd bugfix, I'm starting to 
> > wonder if CushyCMS uses the site cpfr and site cpto commands.  That 
> > seems unlikely, but I can't know for sure without signing up for a 
> > CushyCMS account myself to try it.  The only other explanation I can 
> > think of is that the bugfix had some unanticipated consequences or
> collateral damage.
> 
> Yeah, it sure is related to the update. The ProFTPd we're using now is 
> a "release candidate" and I also observed that it does a few things 
> slightly different than the last stable version that we were using. 
> The code maturity seems to have dropped a notch or two.
> 
> I don't have any other or better solution at the moment, sorry. But 
> perhaps you

[BlueOnyx:23080] Re: CushyCMS and ProFTPD

[Ken Hohhof]

No, not there.  Is this supposed to be a global directive, or per virtual
host?  Actually there are no virtual host containers in /etc/proftpd.conf.
Should there be?

BlueOnyx version is 5208R.


-Original Message-
From: Blueonyx  On Behalf Of Tobias
Gablunsky
Sent: Friday, August 2, 2019 9:41 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:23078] Re: CushyCMS and ProFTPD

Hi Ken,

have you checked if the entra
"DefaultChdir/web"
is still included in your /etc/proftpd.conf (resp. /etc/proftpds.conf)?

This is the entry needed for changing directory to /web by default. Maybe
this has changed through the update of proftpd?

Regards,
Tobias


> -Original Message-
> From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of 
> Ken Hohhof
> Sent: Friday, August 02, 2019 2:48 PM
> To: 'BlueOnyx General Mailing List' 
> Subject: [BlueOnyx:23076] Re: CushyCMS and ProFTPD
> 
> It sounds like there was a genuine vulnerability that was fixed, so 
> I'm reluctant to roll back the update in order to accommodate one
customer.
> 
> Yesterday I signed up for a free Cushy account so I could reproduce 
> and troubleshoot the problem.  To my surprise ... no problem!
> 
> Here's my best guess, I think the customer's web designer who set up 
> the CMS probably used / as the path, while I used /web.  And perhaps 
> this was causing Cushy to explore directories not owned by the 
> siteadmin, like maybe php.d.
> 
> That still leaves the mystery of what changed in ProFTPd, because this 
> was working since 2016.  But I'm hoping the customer does not have the 
> path set to  /web, and that changing it will resolve the problem for 
> her.  (Note that I suspect the web designer has a branded pro account 
> from Cushy and the customer is just enrolled as an editor of her site 
> and therefore can't see or change the configuration.)
> 
> Web designers can be difficult to deal with.  They are artists!  And 
> hosting is just a commodity, low skill work by vendor scum who can be 
> replaced with the snap of a finger.
> 
> -Original Message-
> From: Blueonyx  On Behalf Of 
> Michael Stauber
> Sent: Thursday, August 1, 2019 1:09 PM
> To: blueonyx@mail.blueonyx.it
> Subject: [BlueOnyx:23063] Re: CushyCMS and ProFTPD
> 
> Hi Ken,
> 
> > Since the problem started with the ProFTPd bugfix, I'm starting to 
> > wonder if CushyCMS uses the site cpfr and site cpto commands.  That 
> > seems unlikely, but I can't know for sure without signing up for a 
> > CushyCMS account myself to try it.  The only other explanation I can 
> > think of is that the bugfix had some unanticipated consequences or
> collateral damage.
> 
> Yeah, it sure is related to the update. The ProFTPd we're using now is 
> a "release candidate" and I also observed that it does a few things 
> slightly different than the last stable version that we were using. 
> The code maturity seems to have dropped a notch or two.
> 
> I don't have any other or better solution at the moment, sorry. But 
> perhaps you might temporarily go back to the last ProFTPd version that 
> worked for you?
> 
> If so, please do this:
> 
> rpm -e --nodeps proftpd
> rm /etc/proftpd.conf
> rm /etc/proftpds.conf
> 
> That removes ProFTPd. Then you can grab the last good one. As I don't 
> know which version of BlueOnyx you're using I'll be pointing you to 
> the RPMs of the individual BlueOnyx versions:
> 
> 5209R:
> 
> http://updates.blueonyx.it/pub/BlueOnyx/5200R/el7/blueonyx/x86_64/RPMS
> /pro
> ft
> pd-1.3.5e-1BX7.x86_64.rpm
> 
> 5208R:
> 
> http://updates.blueonyx.it/pub/BlueOnyx/5200R/el6/blueonyx/x86_64/RPMS
> /pro
> ft
> pd-1.3.5-1BX5.x86_64.rpm
> 
> 5207R:
> 
> http://updates.blueonyx.it/pub/BlueOnyx/5200R/el6/blueonyx/i386/RPMS/p
> roft
> pd
> -1.3.5-1BX5.i386.rpm
> 
> Install the RPM of ProFTPd applicable to your BlueOnyx version this way:
> 
> rpm -hUv 
> 
> Then restart CCEd and xinetd:
> 
> /usr/sausalito/sbin/cced.init restart
> service xinetd restart
> 
> To prevent YUM from updating ProFTPd again please edit /etc/yum.conf 
> and find the lines that look like this:
> 
> ## start-yum-gui
> exclude=
> ## stop-yum-gui
> 
> Change it to this:
> 
> ## start-yum-gui
> exclude=proftpd
> ## stop-yum-gui
> 
> You actually can edit that via the GUI, too. It's under "Software Updates"
> /
> "YUM Updater" and in the "Settings" tab there is the form field 
> "Exclude these RPMS". Instead of editing /etc/yum.conf you can 
> directly write "proftpd" (without qu

[BlueOnyx:23076] Re: CushyCMS and ProFTPD

[Ken Hohhof]

It sounds like there was a genuine vulnerability that was fixed, so I'm
reluctant to roll back the update in order to accommodate one customer.

Yesterday I signed up for a free Cushy account so I could reproduce and
troubleshoot the problem.  To my surprise ... no problem!

Here's my best guess, I think the customer's web designer who set up the CMS
probably used / as the path, while I used /web.  And perhaps this was
causing Cushy to explore directories not owned by the siteadmin, like maybe
php.d.

That still leaves the mystery of what changed in ProFTPd, because this was
working since 2016.  But I'm hoping the customer does not have the path set
to  /web, and that changing it will resolve the problem for her.  (Note that
I suspect the web designer has a branded pro account from Cushy and the
customer is just enrolled as an editor of her site and therefore can't see
or change the configuration.)

Web designers can be difficult to deal with.  They are artists!  And hosting
is just a commodity, low skill work by vendor scum who can be replaced with
the snap of a finger.

-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Thursday, August 1, 2019 1:09 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23063] Re: CushyCMS and ProFTPD

Hi Ken,

> Since the problem started with the ProFTPd bugfix, I'm starting to 
> wonder if CushyCMS uses the site cpfr and site cpto commands.  That 
> seems unlikely, but I can't know for sure without signing up for a 
> CushyCMS account myself to try it.  The only other explanation I can 
> think of is that the bugfix had some unanticipated consequences or
collateral damage.

Yeah, it sure is related to the update. The ProFTPd we're using now is a
"release candidate" and I also observed that it does a few things slightly
different than the last stable version that we were using. The code maturity
seems to have dropped a notch or two.

I don't have any other or better solution at the moment, sorry. But perhaps
you might temporarily go back to the last ProFTPd version that worked for
you?

If so, please do this:

rpm -e --nodeps proftpd
rm /etc/proftpd.conf
rm /etc/proftpds.conf

That removes ProFTPd. Then you can grab the last good one. As I don't know
which version of BlueOnyx you're using I'll be pointing you to the RPMs of
the individual BlueOnyx versions:

5209R:

http://updates.blueonyx.it/pub/BlueOnyx/5200R/el7/blueonyx/x86_64/RPMS/proft
pd-1.3.5e-1BX7.x86_64.rpm

5208R:

http://updates.blueonyx.it/pub/BlueOnyx/5200R/el6/blueonyx/x86_64/RPMS/proft
pd-1.3.5-1BX5.x86_64.rpm

5207R:

http://updates.blueonyx.it/pub/BlueOnyx/5200R/el6/blueonyx/i386/RPMS/proftpd
-1.3.5-1BX5.i386.rpm

Install the RPM of ProFTPd applicable to your BlueOnyx version this way:

rpm -hUv 

Then restart CCEd and xinetd:

/usr/sausalito/sbin/cced.init restart
service xinetd restart

To prevent YUM from updating ProFTPd again please edit /etc/yum.conf and
find the lines that look like this:

## start-yum-gui
exclude=
## stop-yum-gui

Change it to this:

## start-yum-gui
exclude=proftpd
## stop-yum-gui

You actually can edit that via the GUI, too. It's under "Software Updates" /
"YUM Updater" and in the "Settings" tab there is the form field "Exclude
these RPMS". Instead of editing /etc/yum.conf you can directly write
"proftpd" (without quotes) into that formfield to have it excluded from YUM
Updates.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23067] Re: Time difference

[Ken Hohhof]

I once had a VoIP phone system where all the phones displayed the wrong time, 
off by a strange number of minuted.

Turned out it was getting time via NTP from a router that in turn was using an 
obscure public time server that was freerunning.

 Original Message 
From: "Franklin Werren" 
Sent: 8/1/2019 2:42:44 PM
To: "BlueOnyx General Mailing List" 
Subject: [BlueOnyx:23065] Re: Time difference

Did you check the hardware clock or is the battery on the motherboard weak or 
dead???

Just my 2 cents...


Sent from my iPhone
Franklin S Werren - N2JYG
PO Box 966
4017 Sherman - Ripley Rd
Sherman NY 14781-0966


> On Aug 1, 2019, at 2:40 PM, Colin Jack  wrote:
> 
> Hi Michael,
> 
>Hi Colin,
> 
>> I wonder if anybody can help with a weird time problem?
>> 
>> Customer has a webpage which writes to a MySQL database (for employee 
>> clocking on and off).
>> 
>> This has been working fine for a couple of years and now they are seeing  
>> a18- 20 minute difference between the time when the employee clocks in 
>> (showing on web page) and the time recorded on the database!
>> Server is not under any strain -- time zone is correct.
> 
>Twenty minutes is also an odd time-delta. If it was in full hours I
>might suspect that perhaps PHP or the server itself is operating on the
>wrong time zone. But 20 minutes? That's really odd.
> 
> I agree - this is what is strange. My initial thought was time zones.
> 
>The question here is: What generates the time stamps? Are these MySQL
>time stamps or are they generated by PHP or another application and are
>then inserted into MySQL as is?
> 
>If they're MySQL time stamps, then I'd suggest to restart MySQLd. Maybe
>it's internal clock is out of whack with the server time and a restart
>of MySQLd will fix that.
> 
> I will ask the question. Restarting MYSQLd didn't make any difference. 
> A server reboot brought everything into line and then about an hour later it 
> went back to a 20 minutes difference!!
> 
>If it doesn't, then you'd need to find out what actually generates the
>time stamps, because that's where the problem most likely comes from.
> 
> Many thanks
> 
> Colin 
> 
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23060] Re: CushyCMS and ProFTPD

[Ken Hohhof]

"Allow User(s) access to FTP" is ticked for the Vsite but the only user is
the siteAdmin.  The Vsite has no ordinary users.

Anonymous FTP is not enabled.  I notice that /web is owned by nobody.

The customer reports CushyCMS worked for 3 years until about 2 weeks ago.
The yum update took place on July 24, so it's pretty clear that was the
cause.  Unfortunately the customer's web designer refuses to spend any more
time troubleshooting and is pointing the finger at us.

Since the problem started with the ProFTPd bugfix, I'm starting to wonder if
CushyCMS uses the site cpfr and site cpto commands.  That seems unlikely,
but I can't know for sure without signing up for a CushyCMS account myself
to try it.  The only other explanation I can think of is that the bugfix had
some unanticipated consequences or collateral damage.


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Thursday, August 1, 2019 2:24 AM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23055] Re: CushyCMS and ProFTPD

Hi Ken,

> ]) - RELINQUISH PRIVS: unable to seteuid(PR_ROOT_UID): Operation not 
> permitted

I've just run into the same issue on 5210R and it took me a while to figure
out what that was:

Please check what user-account CushyCMS is using. You will get this exact
error message if you try to login with FTP when you aren't siteAdmin and
when the Vsite has "Allow FTP for non-siteAdmin's" unticked.

In that case the user can still login by FTP, but the .ftpaccess file in the
users home directory will prevent the FTP client from executing
*any* commands whatsoever.

siteadmin's will always be allowed to login by FTP for as long as the FTP
server is enabled and the Vsite or the siteAdmin itself isn't suspended.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23047] Re: CushyCMS and ProFTPD

[Ken Hohhof]

Thanks.

 

Everything in the web directory is owned by siteadmin:site, including
subdirectories and their contents.   Above the web directory in the site
home directory, it's different, not sure if this is a problem.  The logs
directory owned by SITE22-logs:site19 seems strange.

 

I know the most common problem that web designers have with FTP and BlueOnyx
is that the web directory isn't / it's /web.  But supposedly this CMS was
already configured and working for a couple years, so it should have been
configured right.

 

BTW, that php.d directory is empty.

 

 

drwxrwsr-x 8 nobody  site19  4096 Sep 20  2017 .

drwxrwxr-x 3 rootroot4096 Nov 17  2014 ..

drwxr-s--x 9 SITE22-logs site19  4096 Jan 27  2019 logs

drw-r-Sr-- 2 rootsite19  4096 Sep 20  2017 php.d

drwxrwsr-x 2 nobody  site19  4096 Nov 17  2014 users

drwxr-sr-x 3 rootsite19  4096 Nov 17  2014 .users

drwxrwsr-x 7 nobody  site19  4096 Oct 11  2016 web

drwxr-xr-x 2 apache  site19 20480 Jul 30 04:59 webalizer

 

 

 

-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Tuesday, July 30, 2019 6:31 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23046] Re: CushyCMS and ProFTPD

 

Hi Ken,

 

> I looked in var/log/messages and I see a bunch of lines like this, not 

> sure what they mean or why the are occurring now and not previously.  

> Customer would be using site admin credentials, wouldn't even know root
login.

> 

> Jul 30 14:31:06 blueonyx proftpd[5435]: 69.49.197.254

> (198.74.49.153[198.74.49.153

> ]) - ROOT PRIVS: unable to seteuid(): Operation not permitted Jul 30 

> 14:31:06 blueonyx proftpd[5435]: 69.49.197.254

 

Yeah, ProFTPd doesn't allow user "root" and never has. A seteuid() call
happens when a program drops privileges to do something as a lesser user and
when it's done it tries to regain the same UID/GID as before via seteuid().
It's something I'm sort of sure ProFTPd doesn't allow without full
reauthentication, because from a security point of view it's *very* tricky
to get right. In the nooks and crannies of such code usually there often is
room for exploits and that's why sensible people don't implement it - unless
they really *have* to. And then it's usually the best audited and most well
tested part of the code, because one false step and it can get exploited.

 

The last ProFTPd update only changed two things: mod_ban and mod_geoip got
activated by default. Other than that it's just ProFTPd 1.3.6-RC1 vs
ProFTPd-1.3.5.

 

Are the files in the webspace owned by that siteAdmin or by someone else?
This could be where the seteuid() call comes from. Say the files are owned
by nobody:siteX or apache:siteX and not by the siteAdmin:siteX.

 

--

With best regards

 

Michael Stauber

___

Blueonyx mailing list

  Blueonyx@mail.blueonyx.it

 
http://mail.blueonyx.it/mailman/listinfo/blueonyx

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23045] Re: CushyCMS and ProFTPD

[Ken Hohhof]

That stopped the messages in ban.log but didn't fix the problem.  I suspect
the excessive connections were a symptom not the cause.

I looked in var/log/messages and I see a bunch of lines like this, not sure
what they mean or why the are occurring now and not previously.  Customer
would be using site admin credentials, wouldn't even know root login.

Jul 30 14:31:06 blueonyx proftpd[5435]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - ROOT PRIVS: unable to seteuid(): Operation not permitted
Jul 30 14:31:06 blueonyx proftpd[5435]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - ROOT PRIVS: unable to setegid(): Operation not permitted
Jul 30 14:31:06 blueonyx proftpd[5435]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - RELINQUISH PRIVS: unable to seteuid(PR_ROOT_UID): Operation not
permitted
Jul 30 14:31:06 blueonyx proftpd[5434]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - ROOT PRIVS: unable to seteuid(): Operation not permitted
Jul 30 14:31:06 blueonyx proftpd[5434]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - ROOT PRIVS: unable to setegid(): Operation not permitted
Jul 30 14:31:06 blueonyx proftpd[5434]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - RELINQUISH PRIVS: unable to seteuid(PR_ROOT_UID): Operation not
permitted
Jul 30 14:31:06 blueonyx xinetd[4347]: START: ftp pid=5436
from=:::198.74.49.1
53
Jul 30 14:31:08 blueonyx proftpd[5436]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - ROOT PRIVS: unable to seteuid(): Operation not permitted
Jul 30 14:31:08 blueonyx proftpd[5436]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - ROOT PRIVS: unable to setegid(): Operation not permitted
Jul 30 14:31:08 blueonyx proftpd[5436]: 69.49.197.254
(198.74.49.153[198.74.49.153
]) - RELINQUISH PRIVS: unable to seteuid(PR_ROOT_UID): Operation not
permitted


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Tuesday, July 30, 2019 12:20 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23043] Re: CushyCMS and ProFTPD

Hi Ken,

> Given the timeframe, I am wondering if this is related to the recent 
> update to ProFTPD.  I am seeing a bunch of zero second connections 
> from the CushyCMS IP address and in ban.log I am seeing that IP 
> address getting banned due to excessive client connection rate.  I 
> have not edited those settings, it appears that >30 connections in 60 
> seconds will get the IP banned for 1 hour.  This only seems to have 
> started happening in the past week or so, but as near as I can 
> determine, the mod_ban configuration is not new, I don’t think the 
> recent update changed it.

What's different is that the new ProFTPd has mod_ban and mod_geoip activated
by default. In your case it's most likely mod_ban that is causing the
issues.

In both /etc/proftpd.conf and /etc/proftpds.conf you have that in this
section:

# mod_ban configuration:

BanEngine on
BanLog  /var/log/proftpd/ban.log
BanTable/var/log/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 30/00:10:00 00:30:00
BanOnEvent ClientConnectRate 30/00:01:00 01:00:00
BanControlsACLs all allow group wheel 

I stripped out the comments in this email as they would line wrap. Just
comment out this section in /etc/proftpd.conf and /etc/proftpds.conf by
putting a "#" at the beginning of each line of that block and restart
xinetd:

service xinetd restart
...or...
systemctl restart xinetd

Then see if that helps.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23044] Re: CushyCMS and ProFTPD

[Ken Hohhof]

Thanks, I'll try that.  I was reluctant to disable the ban feature if it had
been enabled all these years.


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Tuesday, July 30, 2019 12:20 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23043] Re: CushyCMS and ProFTPD

Hi Ken,

> Given the timeframe, I am wondering if this is related to the recent 
> update to ProFTPD.  I am seeing a bunch of zero second connections 
> from the CushyCMS IP address and in ban.log I am seeing that IP 
> address getting banned due to excessive client connection rate.  I 
> have not edited those settings, it appears that >30 connections in 60 
> seconds will get the IP banned for 1 hour.  This only seems to have 
> started happening in the past week or so, but as near as I can 
> determine, the mod_ban configuration is not new, I don’t think the 
> recent update changed it.

What's different is that the new ProFTPd has mod_ban and mod_geoip activated
by default. In your case it's most likely mod_ban that is causing the
issues.

In both /etc/proftpd.conf and /etc/proftpds.conf you have that in this
section:

# mod_ban configuration:

BanEngine on
BanLog  /var/log/proftpd/ban.log
BanTable/var/log/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 30/00:10:00 00:30:00
BanOnEvent ClientConnectRate 30/00:01:00 01:00:00
BanControlsACLs all allow group wheel 

I stripped out the comments in this email as they would line wrap. Just
comment out this section in /etc/proftpd.conf and /etc/proftpds.conf by
putting a "#" at the beginning of each line of that block and restart
xinetd:

service xinetd restart
...or...
systemctl restart xinetd

Then see if that helps.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:23037] CushyCMS and ProFTPD

[Ken Hohhof]

It turns out we have a webhosting customer who has been using a web-based
CMS app called CushyCMS to edit one page on their site.  I am not familiar
with CushyCMS but apparently it uses embedded HTML tags to define editable
elements on the pages, and the CushyCMS server pulls the pages from the
webserver via FTP and then pushes the edits back via FTP.

 

This customer says CushyCMS has stopped working, and is giving a generic
"FTP Error".  However their web designer is able to access the site manually
via FTP with no problem.

 

Given the timeframe, I am wondering if this is related to the recent update
to ProFTPD.  I am seeing a bunch of zero second connections from the
CushyCMS IP address and in ban.log I am seeing that IP address getting
banned due to excessive client connection rate.  I have not edited those
settings, it appears that >30 connections in 60 seconds will get the IP
banned for 1 hour.  This only seems to have started happening in the past
week or so, but as near as I can determine, the mod_ban configuration is not
new, I don't think the recent update changed it.

 

Is anyone familiar with CushyCMS, or have any insight into why it can no
longer access the site via FTP yet manual FTP works?  If we didn't break
this, I don't want to spend a lot of effort or ask any of you to do so in
order to debug this.  Since it's basically a robot, I don't expect we will
have access to error messages or other troubleshooting info like we would if
a human was trying to use FTP.

 

I am not sure if exceeding the 1 connection every 2 seconds limit is a cause
or a symptom.

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22873] Re: 5209R - can't create users

[Ken Hohhof]

Long time ago and not on 5209R, probably 5208, I remember having to try twice 
adding either a virtual site or a new user, I can't remember which.  The second 
time it would go through.  Unlikely this will solve your problem, but have you 
tried a second time?

-Original Message-
From: Blueonyx  On Behalf Of Colin Jack
Sent: Saturday, May 4, 2019 2:36 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22872] Re: 5209R - can't create users

Has anybody any ideas?

Colin

-Original Message-
From: Blueonyx  on behalf of Colin Jack 

Reply-To: BlueOnyx General Mailing List 
Date: Wednesday, 1 May 2019 at 12:20
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22865] 5209R - can't create users

I can’t create users on a new 5209R VPS that I have migrated to from 5208R.

GUI shows UNKNOWN ERROR DURING CREATE

Message log shows CREATE User failed (-7)

Quotas are all good.

Have run 

/usr/sausalito/sbin/fix_user_UID_and_GID.pl
/usr/sausalito/sbin/web_alias_redirects.pl --enabled
/usr/sausalito/sbin/fix_user_suspension.pl
/usr/sausalito/sbin/fix_web-and-email-server-aliasses.pl

Not all the users migrated across - hence trying to add them again.

What to do?

Thanks

Colin



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22838] Re: email username

[Ken Hohhof]

We don’t use BlueOnyx for email, just webhosting, but we moved away from using 
just usernames probably 15 years ago.  Hardly any email system does it that way 
anymore.  The reason is simple, once you have user john or mary, you can’t have 
another john or mary at a different domain.  This is maybe OK if you are just 
hosting mail for your own domain, but I don’t see how that will work if you are 
hosting mail for multiple customer domains.

 

Yes, you could have j...@foo.com   with username john, and 
j...@bar.com   with username john2, but that seems very 
confusing.

 

 

From: Blueonyx  On Behalf Of Greg Kuhnert
Sent: Sunday, April 21, 2019 6:01 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22837] Re: email username

 

I would suggest this is not a great idea. If you have a look at failed login 
attempts on your server, you will notice most of them are email address 
formats. Combine that with many of the password breaches in the wild (unrelated 
to blueonyx), it is likely that a percentage of your users have compromised 
accounts but they dont know it. I have seen attacks using these compromised 
lists… but the fact that our email systems dont use email address for login has 
more than likely prevented entry by the bad actors.

 

GK





On Apr 22, 2019, at 12:31 AM, Kasey Matejcek mailto:ka...@lkm.bz> > wrote:

 

Is there a way to setup the email so the user name includes the domain

For the username   u...@domain.com

Right it just username and no domain 

The new version of outlook is getting a hard to setup and imap account it want 
the username to be   someth...@domain.com

I know I can get around it be going to the mail icon in the control panel and 
set it up there

Just going to roll out a new server and figure if I could get this setup I 
could save me sometime when users setup there emails going forward on the new 
server

___
Blueonyx mailing list
  Blueonyx@mail.blueonyx.it
  
http://mail.blueonyx.it/mailman/listinfo/blueonyx

 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22831] Re: Backscatter

[Ken Hohhof]

If there is no such user on your system, the email should be rejected during 
the SMTP connection, which would not result in a bounce message to the spoofed 
sender.

 

Unless the spammer is actually sending from that sender’s mailserver using 
compromised credentials.  In which case you’re not really causing backscatter.

 

From: Blueonyx  On Behalf Of Colin Jack
Sent: Thursday, April 18, 2019 1:30 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22830] Backscatter

 

I know this is an old chestnut and I have tried to find solutions without 
success.

 

The problem is that we have long deleted email accounts on our servers that are 
still listed on the mega spam address lists.

So spam pours in – AV-Spam grabs some but lots still get through. An NDR then 
gets sent back to the poor b* whose email address is in the reply to.

Net result is we get listed as a backscatterer on RBLs. ☹

 

What is the suggested way forward on this?

 

Colin

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22784] Re: DNS Question

[Ken Hohhof]

Webserver alias = domain name without www

-Original Message-
From: Blueonyx  On Behalf Of Brian
TerBeek
Sent: Monday, March 18, 2019 5:00 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22782] DNS Question

Hi

When entering my url for a virtual site without the hostname (www) directs
the page to the system admin login page.

what have I messed up?

--
Best Regards

Brian Ter Beek

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22777] Re: Email Forwarding not working

[Ken Hohhof]

We highly discourage email autoforwarding because it may fail due to
SPF/DKIM/DMARC issues and because our mailserver gets blamed for any
forwarded spam and may be blacklisted.  Also to be honest, these issues have
become more complicated than I can afford to study and understand, but I
know there are often problems with list servers unless the reply addresses
and header rewriting are carefully configured.  The problem being that mail
is now coming from a different mailserver than the one authorized to send
mail for the originator's domain.

Is it possible you are running into this kind of problem?

Are all emails disappearing on the way to Gmail, or does it depend on the
sender?


-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Saturday, March 16, 2019 2:42 AM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22776] Re: Email Forwarding not working

Hi Felix,

> How can I troubleshoot this issue of disappearing emails? Any chance 
> that the missing emails can be found?

The logfile /var/log/maillog should tell you what happened. It should show
you if that the vacation messages were sent and what the response from
Google was.

Additionally for testing edit /usr/local/sbin/vacation.pl and find this
line:

# Debugging switch:
$DEBUG = "0";

Change the value to "1" instead:

$DEBUG = "1";

Then run "tail -f /var/log/maillog" and send an email to the user in
question. The maillog will then also contain debugging info from the
vacation message script.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22765] Re: Problem fix and potential feature request

[Ken Hohhof]

Wouldn’t it be simpler to handle this with a firewall rule instead of an 
alternate port number?

 

From: Blueonyx  On Behalf Of Brian Davis
Sent: Sunday, March 10, 2019 12:10 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22764] Problem fix and potential feature request

 

On my server, I don't allow any incoming mail on port 25 from outside.  I 
reconfigured mail to only come in on an alternate port in sendmail (we will 
call it port 2627) but allow connections on port 25 for localhost which keeps 
the blueonyx admin mail as well as php mailer functioning. My ironport which 
catches incoming mail and filters it then delivers it to port 2627.  I 
accomplish this with the following in sendmail.mc

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
DAEMON_OPTIONS(`Port=2627, Name=MTA')

This would be a great feature to add to the system allowing the admin to 
specify on which port sendmail listens.

The problem that I'm having at the moment is that after some updates and any 
reboot, blueonyx checks the sendmail configuration and sees that there isn't a 
default smtp connection so it adds one.  After it adds one, the process will 
fail since it tries to connect more than 1 to the socket.  In short, where is 
the configuration that adds this line so that I can disable that or at 
least give me some further insight on how I can accomplish the same process 
without breaking the mail on updates / reboots.

Thanks in advance for any insight.

 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22580] Re: 5209R: CGI-Wrapper working again

[Ken Hohhof]

Depending on which version of formmail.pl, no customer should be allowed to
run that script on their site.  It virtually guarantees that your sendmail
will be used by spammers to relay spam.  It is like a customer putting a
bomb in your office and you take a hands-off approach, refusing to call the
bomb squad because it is a customer bomb.  Just because it's a customer
doesn't mean you have to let them put any vulnerable script they want on
YOUR server.  Would you take the same position if they put malware on their
site, or an unpatched version of Wordpress that will get hacked?  The
customer is not always right.


-Original Message-
From: Blueonyx  On Behalf Of Dirk
Estenfeld
Sent: Friday, January 4, 2019 8:08 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22579] Re: 5209R: CGI-Wrapper working again

Hello,

it is not my script, it is a customer script. 
Yes I know that there are a bunch of better scripts. But it is not my
position to change customer owned websites.
I have changed the configuration from the wrapper to a ScriptAlias directive
in the apache configuration. So I do not have the error any longer. However
it should  be something like this:

CGIWrap Error: Server UserID Mismatch
CGIWrap Error: Server UserID Mismatch

The userid that the web server ran cgiwrap as does not match the userid that
was configured into the cgiwrap executable.

This is a configuration/setup problem with cgiwrap on this server.
Please contact the server administrator.

Best regards,
Dirk


---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel



-Ursprüngliche Nachricht-
Von: Blueonyx  Im Auftrag von Michael
Stauber
Gesendet: Donnerstag, 3. Januar 2019 19:39
An: blueonyx@mail.blueonyx.it
Betreff: [BlueOnyx:22578] Re: 5209R: CGI-Wrapper working again

Hi Dirk,

> hmm, unfortunately it is not working for me. I can name it formmail.pl 
> or formail.cgi, I can place it in cgi-bin directory or on some other 
> place. I always get the ownerchip error message...

Uuuuh. That formmail script? I'd bin it. Like Ken said: If it's what I think
it is, then it's really shitty.

What's the exact error message you get in the browser? I've seen two
different ones now in my tests and I'd like to know which of these you see.

FWIW: I've now found a 5209R where neither *.cgi nor *.pl works, even if
everything is configured correctly (UID, GID, permissions). And that runs
the same version of cgiwrap as the box where at least *.pl works.

So yeah, there is something is fishy with cgiwrap again. Maybe it's related
to a recent OS update. I'll have to dig into that.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22577] Re: 5209R: CGI-Wrapper working again

[Ken Hohhof]

If that's the 20 year old Matt's FormMail, don't use it, too easy for
spammers to hijack, even the "improved" version.  There are better
solutions.

I know that doesn’t answer your cgi-wrap question.


-Original Message-
From: Blueonyx  On Behalf Of Dirk
Estenfeld
Sent: Thursday, January 3, 2019 11:05 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22576] Re: 5209R: CGI-Wrapper working again

Hello Michael,

hmm, unfortunately it is not working for me. I can name it formmail.pl or
formail.cgi, I can place it in cgi-bin directory or on some other place. I
always get the ownerchip error message...

Best regards,
Dirk


---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel


-Ursprüngliche Nachricht-
Von: Blueonyx  Im Auftrag von Michael
Stauber
Gesendet: Donnerstag, 3. Januar 2019 15:55
An: blueonyx@mail.blueonyx.it
Betreff: [BlueOnyx:22575] Re: 5209R: CGI-Wrapper working again

Hi Dirk,

> Did I miss something. I have another perl script with the error.
> "The userid that the web server ran cgiwrap as does not match the 
> userid that was configured into the cgiwrap executable. This is a 
> configuration/setup problem with cgiwrap on this server. Please 
> contact the server administrator."
> 
> The /usr/cgiwrap/cgiwrap is from 10.01.2018, so it should be the "new"
> version. I did disable and enable cgi for the site. But the error is 
> still existing.

I just checked it:

http://5209r1.smd.net/test.pl?
http://5209r1.smd.net/test.cgi?

It's the same script - just with a different ending. The test.pl runs, but
the test.cgi throws an error. Ownerships and permissions are right:
Owned by a siteAdmin, the correct group and 755 permissions:

[root@5209r web]# ls -als|grep test
   4 -rwxr-xr-x  1 s28_admin site1 781  1. Mai 2018  test.cgi
   4 -rwxr-xr-x  1 s28_admin site1 781 10. Jan 2018  test.pl

The Apache config for that Vsite should associate both extensions with the
cgi-wrapper:

]# cat /etc/httpd/conf/vhosts/site1|grep cgi-wrapper AddHandler cgi-wrapper
.cgi AddHandler cgi-wrapper .pl

So I don't (yet) know what's wrong, but I'll see what I can find out. In the
meantime: If you can, please change the extension of the Perl-Script from
*.cgi to *.pl and see if that works.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22543] Re: suspending e-mail accounts

[Ken Hohhof]

If you are locking the subscriber out and bouncing incoming mail, why do you 
want to "suspend" the account and not just delete it?  Is this just temporary 
to get the subscriber to pay his bill?


-Original Message-
From: Blueonyx  On Behalf Of Larry Smith
Sent: Thursday, December 13, 2018 9:23 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22542] Re: suspending e-mail accounts

And the real bummer still exists in that the server still accepts the email up 
front, then cannot deliver and ends up trying to bounce to a likely bogus 
address or list that does not do bounces, so we end up with even more 
"mailer-daemon" email in queue.

--
Larry Smith
lesm...@ecsis.net

On Thu December 13 2018 08:52, Meaulnes Legler @ MailList wrote:
> On 12.12.18 01:52, Michael Stauber wrote:
> >> When an account is suspended a few things happen: - 
> >> /usr/sbin/usermod -L  is used to lock the account. - The 
> >> password-hash of the user gets prefixed with ! to disable logins. - 
> >> Email forwarding/autoresponder are turned off.
> >
> > That's now been fixed on 5207R, 5208R and 5209R. I also had to 
> > update the AV-SPAM, as a certain handler will run (if the AV-SPAM is 
> > installed) that messes with the home directory of users on 
> > suspend/unsuspend. That also wasn't applying the correct permissions 
> > when a user was getting suspended. Both updates are now available 
> > via YUM for all relevant platforms.
>
> thank you Michael!
>
> of course, users that were previously suspended had to *be enabled 
> again and then re-suspended* for a successful ban.
>
> But: isn't the Procmail bump message a bit too verbose? Why is the 
> full path of the user displayed?
>
> The original message was received at Wed, 12 Dec 2018 09:48:49 +0100 
> from mail-ed1-f43.google.com [209.85.208.43]
> - The following addresses had permanent fatal errors - 
> 
>  (reason: Can't create output)
> - Transcript of session follows -
> procmail: Lock failure on
> "/home/.sites/112/site7/.users/39/claude/mbox.lock" procmail: Error 
> while writing to "/home/.sites/112/site7/.users/39/claude/mbox" 550 
> 5.0.0 ... Can't create output
>
> Can one edit a configuration file to tamper this?
>
> I would prefer that the message would read «no such user here». Can I 
> achieve this?
>
> Or can I spoof Procmail/Sendmail to assume that that user doesn't exist?
> The not suspended user could still login and view his files, just not 
> send & receive e-mail... I tried User List > Basic Settings > Disable 
> User's Email [√] but it doesn't prevent the mbox to get mails...
>
> Thank you and best regards
>
> _~_
> '¿')
> `-´Meaulnes Legler
>
>   Zurich, Switzerland
>
> +41¦0 44 260 16 60

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22489] Re: Backscatter problem

[Ken Hohhof]

And plain email newsletters are outdated.

Mailing services can send an HTML version with a headline and 1-2 lines of
text for each article, click on the ones that interest you to open the whole
article.  I am subscribed to a newsletter from HowToGeek.com and that's how
they do it.  And in addition to managing unsubscribes and bounces for you,
they can provide analytics, so you know which articles are getting read, who
is reading them and when.

Even a nonprofit or government organization shouldn't be sending out emails
that look like they came from 1998.  Unless they don't really care if people
read them.


-Original Message-
From: Blueonyx  On Behalf Of Chris
Gebhardt - VIRTBIZ Internet
Sent: Tuesday, November 13, 2018 2:18 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22488] Re: Backscatter problem


On 11/13/2018 1:09 PM, Ken Hohhof wrote:
> Maybe they could afford something like Mailchimp?

Or, for $0.00 use Mailman, which is now standards with BlueOnyx?

I get what the boss is getting at.  I'm always sensitive to users wanting to
keep costs at a minimum but there are sometimes costs of doing business,
even for a not-for-profit organization.  And even if they're not exactly ace
computer techs over there, I bet they can pick up on a new and better system
for mailing list management.  It may even wind up saving them considerable
time and effort once they get comfortable.  Keep in mind, these are the very
same types of folks who will get (and figure out) a new smartphone or that
sort of thing.

--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated www.virtbiz.com | toll-free (866)
4 VIRTBIZ ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22486] Re: Backscatter problem

[Ken Hohhof]

Maybe they could afford something like Mailchimp?

 

 

From: Blueonyx  On Behalf Of Chuck Tetlow
Sent: Tuesday, November 13, 2018 12:14 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22485] Re: Backscatter problem

 

Hi Chris, 

You and Ken both have very good points.  And they are the exact points I've
made to the CEO of the hosting company I support.  I've complained about
this customer many times, as they've repeatedly gotten the hosting company's
servers Blacklisted.  Then I'd be responsible to move them to a new server,
or change the server's IP - so mail would start flowing again for other
sites on the server. 

But the CEO won't do anything, as they are a ministry and he's already lost
a lot of paying customers.  But then of course, when a server gets
blacklisted or backscatter problems start affecting other sites - BlueOnyx
and I get the blame.  And he won't listen when I say "I told you this would
happen"! 

I've also suggested Constant Contact or another bulk e-mailer.  But the
ministry doesn't want to pay $$, so I'm guessing my CEO is probably
providing service free for a 501C3, or at least a discounted rate. 

As for the idea of them using a different "Reply To" address - I'll suggest
that.  But from what I've observed - the ministry people are fairly computer
illiterate, and it would have to be office techs going out there to set that
up.  So it may not happen. 

So while I know I'd be treating symptoms, and not fixing the root of the
problem - I'm just hoping to do the easiest/quickest patch that I can do to
stop or at least slow the backscatter.  That's why I'd hoped to configure
Sendmail to stop sending bounces to the bounces it receives.  These errors
just keep going back and forth, building up and building up. 



Chuck 


-- Original Message --- 
From: Chris Gebhardt - VIRTBIZ Internet mailto:cobaltfa...@virtbiz.com> > 
To: blueonyx@mail.blueonyx.it   
Sent: Tue, 13 Nov 2018 11:47:00 -0600 
Subject: [BlueOnyx:22484] Re: Backscatter problem 

> Hi Chuck, 
> 
> On 11/13/2018 11:22 AM, Chuck Tetlow wrote: 
> > I can and have been dumping them into a separate folder, to get them out

> > of the queue - but I'd like to prevent them going there in the first 
> > [UTF-8?]place.� So I was wondering if anyone knew how to set Sendmail
so it 
> > would NOT generate a bounce message when it can't deliver a incoming 
> > message. 
> 
> Ooof!  That would be a massive misconfiguration.   Also, you'd be 
> treating the symptom, not the problem. 
> 
> As an alternative, why not simply set the reply-to address on the mass 
> e-mail to a specific return address.  That way, bounces would go into 
> that box and someone could go through and prune out addresses from their 
> list so they won't even get attempted the next time.   Simply set that 
> as a POP account and fetch all the messages out without leaving a copy 
> on the server. 
> 
> That way your server will receive the NDRs which could be used by the 
> sender and it won't be replying to the NDRs that a box is full. 
> 
> Also, you may want to have that organization consider an alternative 
> such as using Mailman or even a 3rd party mailing list rather than 
> copy/pasting a giant list of addresses in the "To" field of an email. 
> It is, after all, 2018. 
> 
> -- 
> Chris Gebhardt 
> VIRTBIZ Internet Services 
> Access, Web Hosting, Colocation, Dedicated 
> www.virtbiz.com   | toll-free (866) 4 VIRTBIZ 
> ___ 
> Blueonyx mailing list 
> Blueonyx@mail.blueonyx.it   
> http://mail.blueonyx.it/mailman/listinfo/blueonyx 
--- End of Original Message --- 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22483] Re: Backscatter problem

[Ken Hohhof]

OK, I realize you are asking a technical question which I'm not answering.

 

But if you or the customer is in the U.S., and they are sending out bulk
emails without checking and processing removal requests and bounce messages,
you need to fire this customer.  I don't care how worthy a cause their
organization may be.  If this is outside the U.S., I don't know what the
legal issues may be, but probably similar.  And legal issues aside, you
shouldn't tolerate a customer sending out bulk mail without accepting the
responsibilities of a bulk mailer.  And you risk getting your mailserver IP
address blacklisted as a spam-friendly ISP.

 

You can still host their website, but if they can't honor their obligation
to maintain their mailing list, they need to get a bulk mailing service that
will do this automatically for them.  It ain't rocket science.  There are
many bulk email services that will automatically process removal requests as
well as removing addresses for repetitive bounces.  Even if you set up a
list for them using Mailman, I believe it has bounce processing.

 

Have you tried increasing their mailbox quota?  Or some kind of script that
deletes messages older than X days, we don't use BO as our mailserver, but
we run a script like I describe on all the Junk mailboxes to automatically
delete anything older than 14 days.

 

From: Blueonyx  On Behalf Of Chuck Tetlow
Sent: Tuesday, November 13, 2018 11:22 AM
To: BlueOnyx Mail List 
Subject: [BlueOnyx:22482] Backscatter problem

 

Hi BlueOnyx experts, 

I've got a server with a customer who is a volunteer service organization.
They use their site to send out a LOT of email from their organization, to
all their members and visitors alike.  So I'd have to guess dozens of emails
each week with each message going to hundreds of people.  

Obviously some of those are going to bounce back, whether from SPAM measures
or just simple problems like closed accounts or quota reached on the other
end.  And here is my problem - the accounts they use to send out those
e-mails are not being checked/cleaned regularly, so they fill up and then
cause a bounces to the bounce message.  In fact, I've been checking that
server multiple times a day for the last two weeks - and it always has 30 to
100 message in the outgoing queue that are undeliverable.   When I first
noticed the problem - there were messages in the queue up to five days old,
with a total over 600 messages in that outgoing queue. 

I can and have been dumping them into a separate folder, to get them out of
the queue - but I'd like to prevent them going there in the first place.  So
I was wondering if anyone knew how to set Sendmail so it would NOT generate
a bounce message when it can't deliver a incoming message. 

I'd like to configure it so when something comes in to one of their central
accounts, which is full - Sendmail will NOT send back a error saying
undeliverable.  I'd like to configure that for just some accounts, not all.
But would seriously consider all of that site's accounts, or even all on the
server - just to eliminate this swamp of backscatter going back and forth. 

Thanks everyone.  And an early Happy Thanksgivings to all! 


Chuck 




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22466] Re: IBM to Acquire Linux Distributor Red Hat for $33.4 Billion

[Ken Hohhof]

OK, and pigs will fly.

-Original Message-
From: Blueonyx  On Behalf Of Michael
Aronoff
Sent: Monday, October 29, 2018 11:26 PM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:22464] Re: IBM to Acquire Linux Distributor Red Hat for
$33.4 Billion

Michael wrote:
> Yeah, it's too early to tell what impact (if any) that'll have on us.

A tech writer I like has a bit of a different perspective. 
https://www.cringely.com/2018/10/29/red-hat-takes-over-ibm/

For example he thinks it is possible that Red Hat’s Jim Whitehurst gets the
CEO job when the dust settles. If that is the case then the Red Hat culture
could take over and that would be a very good thing.

__
M Aronoff Out – maron...@gmail.com 

I'm a great believer in luck, and I find the harder I work the more I have
of it.
  - Thomas Jefferson 



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22415] Re: outlook 2016

[Ken Hohhof]

I'm not sure it correlates to your described symptoms, but the typical problem 
we have with Outlook SMTP is that Microsoft still thinks the default should be 
to use port 25 and no auth, rather than 587 with authentication..  We generally 
tell people not to mess with port numbers, but Outlook is the exception, 
everything else gets it right.  Well except that Apple offers stupid choices 
like Kerberos authentication.  Just make the default "horse" and if someone 
really wants "zebra", they can click the Advanced tab and find "zebra" in the 
dropdown menu.  But I digress.

-Original Message-
From: Blueonyx  On Behalf Of Janwillem Ronken
Sent: Sunday, September 23, 2018 4:43 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22414] Re: outlook 2016

Hi
Common problem with Microshit Outlook 2016 Try using the “old account setup 
interface” by using mail (32-bit) or mail (64-bit). This will allow you to 
setup IMAP and SMTP servers without Outlook messing up
Regards
Janwillem

> On Sep 23, 2018, at 22:04, neal pressman  wrote:
> 
> have a user trying to setup an account on windows 10 using outlook 
> 2016
> 
> it looks like its trying to use a login for SMTP i was able to blank 
> the user and password but it immediately fails the login test.
> 
> i do see that it at least made an attempt
> 
> Sep 23 17:00:10 XXX sendmail[78717]: w8NL0AuP078717: c-71-233-135- 
> 125.hsd1.ma.comcast.net [71.233.135.125] did not issue 
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> 
> --
> Open WebMail Project (http://openwebmail.org)
> 
> ___
> Blueonyx mailing list
> Blueonyx@mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22307] Re: Barracuda RBL

[Ken Hohhof]

It doesn't sound like the problem you are seeing, but I remember Barracuda
appliances used to have an option called something like "deep header scan"
that was on by default or recommended in the manual.  What it did was to
check the IP address of the sender, not just the MTA.  And if Barracuda
identified it as a dynamic pool address (which is what many residential
accounts have), it got blocked.  Very annoying.

-Original Message-
From: Blueonyx  On Behalf Of Michael
Stauber
Sent: Wednesday, August 1, 2018 12:19 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22306] Re: Barracuda RBL

Hi all,


> As recently reported here Barracuda has blacklisted the IP address of 
> the BlueOnyx mailing list server for no apparent reasons. I asked for 
> a delisting and never heard back.
> 
> Today we're still in the blacklist. I (again) asked for a delisting, 
> but as of yet haven't heard anything back.
> 
> As that's a bit ridiculous I just moved the BlueOnyx mailing list 
> server to another IP address for the time being.

Barracuda has now blacklisted the new IP as well. This is ridiculous.

Only explanation: Someone who is subscribed to this list is reporting the
list emails as SPAM to Barracuda.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22301] Re: site redirection unchecked, still redirecting.

[Ken Hohhof]

Some browsers permanently cache 301 redirects but you say this is a 302.

I remember having to visit the page with private browsing to clear the cache.

 Original Message 
From: "Fungal Style" 
Sent: 7/29/2018 5:14:41 PM
To: "BlueOnyx General Mailing List" 
Subject: [BlueOnyx:22300] site redirection unchecked, still redirecting.





Hi all,



I am having a problem at the moment where I set a vsite to redirect by enabling 
Redirect Website, with a 302, then once I disabled the redirection, it is still 
redirecting.



Any thoughts on where I can look?

I have tried a few things already including:Different computers and 
browsersDumping browser cacheFlushing dns cache



Regards

Brian___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22275] Re: additional MX options

[Ken Hohhof]

Surely in the era of Donald Trump you should not lack for superlatives to
choose from.

Or better yet, look to the US mobile carriers.  Verizon has "Go Unlimited",
"Beyond Unlimited", and "Above Unlimited".  AT&T has "Unlimited", "Unlimited
& More", and "Unlimited & More Premium".  Sprint and T-Mobile are less
creative, just adding "Plus" to their plans that are even more unlimited
than unlimited.  (Remember what Lewis Carroll wrote about the meaning of
words.)

But yeah, "Very Very" seems good.


-Original Message-
From: Blueonyx  On Behalf Of Michael
Aronoff
Sent: Friday, July 20, 2018 11:46 PM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:22274] Re: additional MX options

Michael wrote:
> So the "10" simply isn't there. This also makes it really shitty to 
> fix, because optically the "10" has to sit between "Extremely High 
> (0)" and
"Very High (20)".
> 
> How do we name that? "Very, very High (10)" or "Very damn High (10)"?

As a suggestion you could make Extremely High have a value of 10 instead.
if ($obj->{mail_server_priority} =~ m/^\s*Extremely_High/i) { $value = 10; }
And then add a new entry for "Highest Priority" of 0.
if ($obj->{mail_server_priority} =~ m/^\s* Highest_Priority /i) { $value =
0; }

That would make the locale files:

#-

msgid " highest priority"
msgstr " Highest Priority (0)"

msgid "extremely_high"
msgstr "Extremely High (10)"

msgid "very_high"
msgstr "Very High (20)"

msgid "high"
msgstr "High (30)"

msgid "low" 
msgstr "Low (40)"

msgid "very_low"
msgstr "Very Low (50)"

#-

__
M Aronoff Out – maron...@gmail.com 

I'm a great believer in luck, and I find the harder I work the more I have
of it.
  - Thomas Jefferson 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22183] Re: Jungle_Sec Ransomware

[Ken Hohhof]

Can you expand on "vulnerable websites"?

-Original Message-
From: Blueonyx  On Behalf Of Chris
Gebhardt - VIRTBIZ Internet
Sent: Tuesday, June 26, 2018 10:34 PM
To: Blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22182] Jungle_Sec Ransomware

Just thought I'd post a quick note.  Make sure you've got backups, your
backups are stored off-server, and you are enforcing strong passwords 
and cracking down on vulnerable websites.   We're working with a 
customer that has been infected by the new Jungle_Sec ransomware 
variant.   It's not just Windows machines that are vulnerable anymore.

And if you happen to know of someone expert in these matters (or you,
yourself may be) then hit me up offline.  I don't pretend to have all the
answers and have directed the customer to reach out to someone with
experience in this sort of thing.  We think there are clean backups, but 
it's a roughly 20TB site that got hit.   Yeah... it's big.  (To answer 
the obvious, I've already recommended against paying the .4 bitcoin
ransom.)

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22110] Re: Attn. German BlueOnyx users: DSGVO update (again!)

[Ken Hohhof]

Thanks for the link to the article.

I find it strange that someone visits my website, using an IP address from an 
ISP's allocated IP address space, and hypothetically I could through lawful 
means compel the ISP to reveal to  me account details like name and address of 
the ISP customer corresponding to that IP address at the time of the website 
visit.  And is the court worried that I can obtain those details, which are 
surely personal data?  No, the court is worried that I retain a logfile showing 
what IP address visited my website.

Not sure if it mattered that the website in the court case was a government 
website.

Also I am in the US, and here the most likely reason for serving an ISP with a 
court order to obtain customer account details corresponding to an IP address 
would be some sort of criminal activity like trafficking in child porn, 
soliciting minors online for sex, plotting a terrorist act,   And the 
entity wanting the information would be law enforcement.  I guess everybody has 
stuff like Facebook and Cambridge Analytica on the brain now, rather than 
kiddie porn or terrorists.  Or copyright trolls and bootleg music, that's 
ancient history.

Germany seems to be an outlier in all this, I saw an article recently about 
Facebook "deletion centers" in Germany, with the largest one in Berlin 
employing over 1,200 "content moderators".

https://www.nytimes.com/2018/05/19/technology/facebook-deletion-center-germany.html

Having "deletion centers" seems very  Orwellian.  I'm not sure which is more 
disturbing, the fact that we have government mandated deletion centers, or that 
social media has so much objectionable content that we need deletion centers.

I've got to go now, the Ministry of Truth is contacting me on the Telescreen.


-Original Message-
From: Blueonyx  On Behalf Of Michael Stauber
Sent: Thursday, May 24, 2018 9:58 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22109] Re: Attn. German BlueOnyx users: DSGVO update (again!)

Hi Ken,

> If website logfiles are to be purged after 7 or 14 days, are you 
> allowed to keep website analytics as long as they are anonymous, i.e. 
> divorced from visitor identification like IP addresses?  I'm talking 
> about counts of pageviews and unique visitors, top referrers and entry 
> pages, browsers, etc.

I am no lawyer, so I can only tell you what I *think* the law means and would 
ask you to get the solid facts from an GDPR expert or lawyer.

It is my impression that it's fine to keep anonymized website analytic data 
that has been sanitized of parts of the visitors IP. However: The thing here is 
that the degree of anonymization is debatable. Is it enough to strip the last 
octet off an IPv4 address? And the last segment of an IPv6 IP? Or does it need 
to more than that?

From what I read into the German implementation of the law this whole thing is 
such a vague and ambiguous shit-show that it will keep lawyers and courts well 
fed for the next 10-15 years.

> (Still not sure why an IP address is considered personal or private 
> information.)

That was established in the Court of Justice of the European Union (the
"CJEU") in the ruling of Case 582/14 – Patrick Breyer v Germany.

See:
https://www.whitecase.com/publications/alert/court-confirms-ip-addresses-are-personal-data-some-cases

The full court ruling can be found here:

http://curia.europa.eu/juris/document/document.jsf?text=&docid=184668&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22108] Re: Attn. German BlueOnyx users: DSGVO update (again!)

[Ken Hohhof]

If website logfiles are to be purged after 7 or 14 days, are you allowed to 
keep website analytics as long as they are anonymous, i.e. divorced from 
visitor identification like IP addresses?  I'm talking about counts of 
pageviews and unique visitors, top referrers and entry pages, browsers, etc.

(Still not sure why an IP address is considered personal or private 
information.)

 
-Original Message-
From: Blueonyx  On Behalf Of Michael Stauber
Sent: Thursday, May 24, 2018 6:35 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22107] Attn. German BlueOnyx users: DSGVO update (again!)

Hi all,

First of all I'd like to thank Dirk Estenfeld to bring this to my attention.

On 25th May 2018 the DSGVO (GDPR) comes into effect. To that end we already 
published updates for BlueOnyx which allow you to configure data retention and 
expiry.

German BlueOnyx operators need to pay special attention, though:
=

By default BlueOnyx keeps 14 days of logfiles in /var/log/.

And we know that German lawmakers are incompetent fuckwits who refrain from 
putting exact specifications into law. Instead the applicability and specifics 
of each law need to be contested in court.

The DSGVO does not expressly state how long server logfiles *may* be retained. 
The *consensus* on that stems from exemplary judicial court cases.

The case everyone seems to settle on (BGH · Urteil vom 3. Juli 2014 · Az. III 
ZR 391/13 - see: https://openjur.de/u/704445.html) established that in the 
circumstances given in *this* court case 7 days of logfile retention was fine.

It doesn't make 7 days the law, as there might be legitimate exceptions where 
longer logfile retention *may* have a legally acceptable basis like mentioned 
in § 100 Abs. 1 TKG. But it would require taking such a case to court (again) 
to test it for legal conformity. And even then it would just apply to these 
exact circumstances. Great, isn't it?

Long story short:
==

Another set of updates has been published for BlueOnyx 5207R, 5208R and 5209R. 
With that installed you can specify how long your server logfiles are kept and 
can choose a different period than the standard 14 days.

See: "System Settings" / "Data Retention" and then "Server Logfile Retention".

It's now possible to specify 1-90 days of logfile retention with 14 days 
remaining the standard value.

German BlueOnyx operators are encouraged and advised to configure 7 days 
logfile retention unless their legal counsel has a better idea than that.

--
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:22066] Re: Encrypted FTP

[Ken Hohhof]

I would not feel comfortable using anything "similar to Wordpress" to solve a 
security problem.


-Original Message-
From: Blueonyx  On Behalf Of Colin Jack
Sent: Tuesday, May 15, 2018 9:44 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:22063] Re: Encrypted FTP

Hi Michael,
> 
> Hi Colin,
> 
> My suggestion would also have been OwnCloud, as you can encrypt the 
> files it stores and it can easily create password protected shares 
> that even have an expiry date.

We advise clients to zip and password protect before uploading and you can set 
an expiry on the upload in PS.
None of this stuff is super sensitive anyway, but under GDPR everybody is 
having to at least show 'best effort' even with just a list of email addresses!
 
> > ProjectSend looks very similar in structure to Wordpress and would 
> > probably be quite an easy port for Michael to add to his portfolio 
> > of webapps. 😊
> 
> Sounds good. I'll look into it.

I think you would find it a doddle to implement (as I said, pretty much the 
same as WP)and it is really easy for non IT literate people (and we have a lot 
of those!).
If they can use eBay they can use this. 😉

All the best

Colin


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21986] Re: SPF error

[Ken Hohhof]

String exceeding 255 characters? Break into 2 strings and concatenate?

 Original Message 
From: "Colin Jack" 
Sent: 4/29/2018 5:13:27 AM
To: "BlueOnyx General Mailing List" 
Subject: [BlueOnyx:21985] SPF error





I have a customer with a long SPF record  lots of IP4 entries.

It has one include and they want to add another, but when I add it the named 
service wont start.

Assuming a syntax error I tested it using a syntax validator on the internet 
(https://vamsoft.com/support/tools/spf-syntax-validator) and it says the syntax 
is correct. Can anybody see what am I getting wrong?



v=spf1 mx a ip4:205.201.139.0/24 ip4:198.2.180.0/24 ip4:198.2.179.0/24 
ip4:205.201.131.128/25 ip4:205.201.134.128/25 ip4:205.201.136.0/23 
ip4:198.2.128.0/24 ip4:198.2.132.0/22 ip4:198.2.136.0/23 ip4:198.2.186.0/23 
include:spf.giacomcp.com include:sparkpostmail.com ~all



VPS is 5208R



Many thanks



Colin___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21958] Re: BO5209 - increased outbound UDP traffic

[Ken Hohhof]

This message was originally HTML formatted.  View in a HTML capable client to 
see the original version.\r\n\r\nWhat is the from port? If you're not being 
used for a DNS or NTP amplification attack, sounds like a site or the server is 
compromised. Any Drupal sites?

 Original Message 
From: "John" 
Sent: 4/21/2018 9:50:14 AM
To: blueo...@blueonyx.it
Subject: [BlueOnyx:21957] BO5209 - increased outbound UDP traffic



Hello all,




On Tuesday night I began to see an increase in UDP traffic on 3 5209 boxes.  I 
shut down 2 of the 3 as they were development boxes, but one has a live site.  
All 3 were producing about 600k outbound traffic continuously.  Normal outbound 
traffic averages about 30k.




I checked my log files and didn't find anything too far out of norms.  I did a 
TCPDump and saw hundreds of records of UDP to different ports.




I have been searching for the last few days for a solution, but wanted to check 
here before I did something foolish as I have done so many times in the past.




So any recommendations would be greatly appreciated.




Thanks,




John ___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21888] Re: EU-DSGVO - anonymize ip addresses in apache logfiles / other logfiles?

[Ken Hohhof]

Here in the US of A, it seems common for big ISPs, content providers and 
hosting companies to retain log data for a long time, 1 year or more. I suspect 
this is more for LEA requests and copyright holder threat letters than for 
advertising and data mining revenue. My view is the opposite, if I no longer 
have the data, I can't be forced to cough it up, so delete it as soon as I no 
longer need it for a legitimate operational purpose.

It sounds like deleting logfiles containing IP addresses after a reasonable 
period like maybe 1 month would satisfy the EU requirements?

I know that low level LEA requests can come in 6 or 12 months after the fact. 
But terrorist, hostage, kiddie porn, soliciting minors for sex, etc will happen 
within hours or days. And any network attack investigations I will have 
completed in a month.

 Original Message 
From: "Michael Stauber" 
Sent: 3/23/2018 12:00:37 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:21887] Re: EU-DSGVO - anonymize ip addresses in apache 
logfiles / other logfiles?

Hi Dirk,

> So obfuscating must not be the solution. Hold it for some short time (maybe 
> configurable) and inform what time will be good enough.
> 
> Yes the deadline is 25th of May this year.

I'll see what I can do until then. It'll get to it after I wrap up the
Nginx stuff and that should still give me plenty of time to get it done.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21881] Re: EU-DSGVO - anonymize ip addresses in apache logfiles / other logfiles?

[Ken Hohhof]

This is an EU requirement?

How strange, that an IP address would be considered "personal data".
Especially since it belongs to your ISP, not you.  And in a part of the
world where  you can't walk or drive 30 meters without your face or license
plate being recorded by security cameras (and probably processed by
recognition software).

In the context of the Facebook / Cambridge Analytica fiasco, worrying about
IP addresses in webserver logfiles seems so quaint.

If they make a sequel to Minority Report, will John Anderton need a new IP
address in addition to new eyeballs?

What's next, anonymizing street addresses on postal mail?



-Original Message-
From: Blueonyx  On Behalf Of Dirk
Estenfeld
Sent: Friday, March 23, 2018 10:38 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:21880] EU-DSGVO - anonymize ip addresses in apache
logfiles / other logfiles?

Hello Michael,

EU-DSGVO is coming...
Is there a possibility for you to add a feature to blueonyx to anonymize ip
addresses in apache logfiles or any other logfiles which collect ip
addresses of individuals?

Maybe a feature to activate in GUI like "anonymize ip addresses in logfiles"
and a function that ip addresses will be changed to 123.234.x.x (anonymize
last two segments).
If you have to debug something you can disable the feature or enable it to
not record this kind of personal data.
Of course pam_abl have to work with complete addresses.

Best regards,
Dirk


---

blackpoint GmbH - Friedberger Straße 106b - 61118 Bad Vilbel


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx



___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21684] Re: mailserver; possible security issue?

[Ken Hohhof]

Dirk, I am not understanding the issue.  Mailservers will generally accept 
messages from anyone for a local mailbox, that is their purpose.

Is the issue that the mailserver is accepting external mail from a sender 
address at a domain local to the mailserver?  Maybe you are wanting something 
like SPF to specify the official mailserver for that domain and force all 
senders to authenticate and relay via the official mailserver?

Or is the issue that the CEO was fired and his/her email address deleted, yet 
the mailserver accepted messages from a sender address at a local domain that 
it should have known was an invalid user at that domain?  If I handle mail for 
a domain, and I receive a message purporting to be from a user at that domain, 
yet there is no such user (or alias) at that domain, maybe the SMTP session 
should fail as soon as I receive the sender data.


-Original Message-
From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Dirk 
Estenfeld
Sent: Thursday, January 25, 2018 7:19 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:21683] Re: mailserver; possible security issue?

Hello Brian,

thank you for your email.
Yes, I am aware of this. But in this case some of your suggestions are not 
applicable.
For example for an official mailserver it makes no sense to limit the ip 
address for port 25.
Yes smtp_auth is enabled at the server of course. But you can try. It is not 
working if you use an email address which is existing at the server and the 
recipient address also.

I did also try with an exchange server and this was working. Also with a 
sendmail at freebsd. So it seems to be a more  or less general "feature" which 
in my opinion is a security issue in our days.

Best regards
Dirk


---

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel

Tel.: +49 6101 65788 20
Fax: +49 6101 65788 99
eMail: dirk.estenf...@blackpoint.de

Vertretungsberechtigt Dirk Estenfeld und Mario Di Rienzo HRB 50093 Frankfurt am 
Main USt.-IdNr. de210106871

CRM on Demand – eine gute Idee

Besuchen Sie uns im Internet unter www.blackpoint.de Problemlos Domains 
registrieren: www.edns.de Einfach und günstig Daten sichern: www.back2web.de 
Mitglied im:




Confidentiality Notice:
This e-mail message, including any attachments,is for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message. 


-Ursprüngliche Nachricht-
Von: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von Fungal 
Style
Gesendet: Donnerstag, 25. Januar 2018 13:55
An: BlueOnyx General Mailing List 
Betreff: [BlueOnyx:21682] Re: mailserver; possible security issue?

Hi Dirk,

Well, there are often a few things that can be done, although normally you need 
to also consider email is one of the (if not the) most insecure methods of 
communication.

Simple things which some you may have enabled already include:
- Limiting the IP ranges that can send email (of course can be spoofed, but it 
requires more work from the scammer side)
- Authenticated sending (to ensure they do not send via your server, if they do 
then look for the account being exploited)
- SPF records can help a little too I believe (have nto played too much with 
them)


Note: I am no expert myself but the above should get you pointed in the right 
direction to start with.

I am sure there are other ways to harden the security like with RBLs, SPAM 
filetering such as SPAM ASSASIN, etc. I suppose some geo blocking may also 
help, which would go more hand in hand with the initial comment on limiting the 
IP ranges.

As always, staff training on cyber threats in invaluable.

Hope this helps for the future.

I suspect someone with more knowledge will reply also soon enough, but thought 
this may provide a little light reading to start with.

Regards
Brian


On 25/1/18, 11:07 pm, "Blueonyx on behalf of Dirk Estenfeld" 
 
wrote:

Hello,

we have one customer who was victim of a CEO fraud.
Some of his employees got a message from the email address of the CEO with 
the order to send xx money to a specific bank account. He did :(

Now we found out that it is possible to send email with sendmail at 
centos/blueonyx (also other distributions) from an existing email address to an 
existing email address.

Example:
telnet 208.77.xx.xx 25
Trying 208.77.xx.xx...
Connected to 208.77.xx.xx
Escape character is '^]'.
220 sol ESMTP Sendmail Ready; Thu, 25 Jan 2018 06:37:59 -0500
EHLO blackpoint.de
250-sol.xxx Hello ns3.xxx [xx.xx.xx.xx], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
MAIL FRO

[BlueOnyx:21561] Re: Attack by a botnet.

[Ken Hohhof]

Wp-login.php and xmlrpc.php both look like dictionary attacks trying to guess 
Wordpress passwords

 

 

From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Fungal 
Style
Sent: Monday, December 4, 2017 2:52 PM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:21560] Attack by a botnet.

 

Hi all,

 

Just want to get some ideas on anything I can do as they are quite literally 
filling up log files with spam entries of hits from an IP then rotating to a 
new IP.

 

It is a form of brute force attack from what I can tell and it is low bandwidth 
as they are requesting part of a file (possibly to go undetected as it is 
2/10’s of bugger all data).

 

As I am only using the domain for testing currently I placed a 301 on it and 
renamed the files it is requesting, but they are still going. 

 

Here is some of the apache log:

www.it-malls.com   112.202.163.181 - - 
[05/Dec/2017:07:38:58 +1100] "GET /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   112.202.163.181 - - 
[05/Dec/2017:07:39:05 +1100] "POST /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   66.249.79.70 - - 
[05/Dec/2017:07:39:09 +1100] "GET 
/ukgb4/trne.php?recipe-for-homemade-window-cleaner HTTP/1.1" 301 265 "-" 
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

www.it-malls.com   182.181.141.253 - - 
[05/Dec/2017:07:39:12 +1100] "POST /xmlrpc.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   89.64.36.121 - - 
[05/Dec/2017:07:39:32 +1100] "POST /xmlrpc.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   89.64.36.121 - - 
[05/Dec/2017:07:39:33 +1100] "GET /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   89.64.36.121 - - 
[05/Dec/2017:07:39:33 +1100] "POST /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   66.249.79.72 - - 
[05/Dec/2017:07:39:34 +1100] "GET 
/ukgb4/trne.php?famous-sun-valley-id-trout-recipes HTTP/1.1" 301 265 "-" 
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

www.it-malls.com   182.181.141.253 - - 
[05/Dec/2017:07:39:43 +1100] "GET /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   88.230.246.176 - - 
[05/Dec/2017:07:39:44 +1100] "POST /xmlrpc.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   176.240.142.162 - - 
[05/Dec/2017:07:39:45 +1100] "POST /xmlrpc.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   88.230.246.176 - - 
[05/Dec/2017:07:39:46 +1100] "GET /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   88.230.246.176 - - 
[05/Dec/2017:07:39:47 +1100] "POST /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   176.240.142.162 - - 
[05/Dec/2017:07:39:47 +1100] "GET /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   176.240.142.162 - - 
[05/Dec/2017:07:39:48 +1100] "POST /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   182.181.141.253 - - 
[05/Dec/2017:07:39:52 +1100] "POST /wp-login.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   212.237.119.209 - - 
[05/Dec/2017:07:39:59 +1100] "POST /xmlrpc.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com   66.249.79.72 - - 
[05/Dec/2017:07:40:00 +1100] "GET 
/vvbni5/td.php?bed-and-breakfast-weston-super-mare HTTP/1.1" 301 266 "-" 
"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

www.it-malls.com   220.245.195.62 - - 
[05/Dec/2017:07:40:01 +1100] "POST /xmlrpc.php HTTP/1.1" 301 230 "-" 
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"

www.it-malls.com 

[BlueOnyx:21427] Re: localhost sending 14K emails in a month?

[Ken Hohhof]

This message was originally HTML formatted.  View in a HTML capable client to 
see the original version.\r\n\r\nThose should be rejected during the smtp 
session, any bounce message should be generated by the sender's server. Maybe 
you are generating delivery failure messages for local users?


 Original Message 
From: "Chuck Tetlow" 
Sent: 9/27/2017 11:57:38 PM
To: "BlueOnyx General Mailing List" 
Subject: [BlueOnyx:21426] Re: localhost sending 14K emails in a month?

Probably backscatter. 

Someone sends a message to a random address on your server, and the server send 
back a error reply if that username/e-mail address doesn't exist. The addresses 
are compiled by using the book of names for babies, and other lists - all 
trying to guess valid e-mail address names. If it fails or bounces - no big 
deal to them. If it works, then they have a valid e-mail address they can sell 
for a few pennies.

Unfortunately, in the meantime - your server is kept busy sending out 
ridiculous numbers of error messages. And sometimes, can even get blacklisted 
for all those error messages.


Chuck


-- Original Message ---
From: Lewis Gardner lew...@iglou.com 
To: BlueOnyx General Mailing List blueonyx@mail.blueonyx.it 
Sent: Thu, 28 Sep 2017 00:01:17 -0400 
Subject: [BlueOnyx:21425] localhost sending 14K emails in a month? 

 According to Usage Information, Email, Senders localhost on one of my 
 5209R servers has sent 13,990 emails this month. Mostly during one week 
 and one other day. 

 Is there any reasonable explanation for this behavior? 

 What to do? 
 ___ 
 Blueonyx mailing list 
 Blueonyx@mail.blueonyx.it 
 http://mail.blueonyx.it/mailman/listinfo/blueonyx 
--- End of Original Message ---
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21280] Re: how to add the correct DKIM with an external mailserver

[Ken Hohhof]

Put the part starting with v= in quotes?

Like "v=DKIM1;p=MIIBIjANBgkqhkiG9w0BA etc. etc."

 

From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of PESJA
A & A
Sent: Wednesday, August 23, 2017 7:39 AM
To: 'BlueOnyx General Mailing List' 
Subject: [BlueOnyx:21279] how to add the correct DKIM with an external
mailserver

 

Hi All,

 

We are almost completed the  migration from Virtualmin to BlueOnyx. One of
the steps left is integrating DKIM into the DNS records of BX.

 

Maybe not relevant, but we don't use the mailserver within BX. 
The external mailserver provide us the correct DKIM key and in Virtualmin I
ony had to set up an TXT record and it worked fine after that.

Unfortunately there is no documentation of insert DKIM in general within BX,
but maybe the forum can help me out

 

I tried to copied that TXT record into the DNS of the BX server, like this
example:

---

Host Name -> mail._domainkey.domain.com

Domain Name -> domain.com

Tekst Record v=DKIM1;p=MIIBIjANBgkqhkiG9w0BA etc. etc.

--

 

But no luck. 

 

Also the layout of BX with a filled DKIM key (392 alfanumeric characters)
stretched out tot the rigt. It's a litle annoying, but I can overcome that.

 

Can anyone help me to sort out the correct implementation of a record for
DKIM?

 

Thank's in advance.

 

Kind regards,

 

PESJA

 

 

 

 

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21168] Re: Spammer

[Ken Hohhof]

This message was originally HTML formatted.  View in a HTML capable client to 
see the original version.\r\n\r\nYou mean the site owner or the spammer? Good 
luck tracking down a spammer.

 Original Message 
From: "Colin Jack" 
Sent: 7/16/2017 11:52:33 AM
To: "BlueOnyx General Mailing List" 
Subject: [BlueOnyx:21167] Re: Spammer





I would be very surprised  but what I need to do is track down who is 
responsible.





From: Blueonyx blueonyx-boun...@mail.blueonyx.it on behalf of Ken Hohhof 
khoh...@kwom.com
Reply-To: BlueOnyx General Mailing List blueonyx@mail.blueonyx.it
Date: Sunday, 16 July 2017 at 16:41
To: 'BlueOnyx General Mailing List' blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:21166] Re: Spammer





Any chance a customer has loaded a 10 year version of formmail.pl on their 
site?  The original version was vulnerable to abuse by spammers.  I havent seen 
that problem in a long, long time though.









From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it]On Behalf Of Colin Jack
Sent: Sunday, July 16, 2017 10:31 AM
To: BlueOnyx General Mailing List blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:21165] Spammer



Looking for ideas.

We suspect we have a compromised website on one of our servers  being used for 
spam.

What is the easiest way to track this down? Can see spam being sent via 
localhost but cant pin it down.



Thanks



Colin___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:21166] Re: Spammer

[Ken Hohhof]

Any chance a customer has loaded a 10 year version of formmail.pl on their 
site?  The original version was vulnerable to abuse by spammers.  I haven’t 
seen that problem in a long, long time though.

 

 

From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Colin 
Jack
Sent: Sunday, July 16, 2017 10:31 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:21165] Spammer

 

Looking for ideas.

We suspect we have a compromised website on one of our servers – being used for 
spam.

What is the easiest way to track this down? Can see spam being sent via 
localhost but can’t pin it down.

 

Thanks

 

Colin

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:19016] Re: 5208R - Curious behavior of cced - fix isin the making

[Ken Hohhof]

Everything in /var/log/messages up to the point of the lockup seem ordinary, 
just the usual every 5 minutes cced client has admin rights stuff.

I am not smart enough to decipher the dmesg log, especially wtihout 
timestamps.  And since the machine was unresponsive even via local keyboard 
and monitor, I couldn't do any troubleshooting without a hard reboot.

The last entry in /var/log/messages was a failed proftpd login attempt, but 
that was 90 minutes before the lockup.

If no one else is seeing this symptom since the memcache changes, I will 
have to assume it is unrelated.  Memory problem seems unlikely since it has 
ECC memory.  I would be suspicious if it was immediately after a yum update, 
but last one was Jan 15 to remove memcache.



-Original Message- 
From: Michael Stauber
Sent: Monday, January 18, 2016 12:06 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:19008] Re: 5208R - Curious behavior of cced - fix isin 
the making

Hi Ken,

> Not saying it couldn't be a hardware problem, but it's not overheating.

Any clues or anything out of the ordinary in the "dmesg" output or in
/var/log/messages or /var/log/secure?

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:19007] Re: 5208R - Curious behavior of cced - fix isin the making

[Ken Hohhof]

It's in a data center, no dust visible on anything, temperature constant 20 
C, and it's on an APC Symmetra battery backup (dual conversion).  I have 3 
other servers in the rack with it that are fine.

Not saying it couldn't be a hardware problem, but it's not overheating.


-Original Message- 
From: wcst...@webcoast.com
Sent: Sunday, January 17, 2016 4:25 PM
To: 'BlueOnyx General Mailing List'
Subject: [BlueOnyx:19006] Re: 5208R - Curious behavior of cced - fix isin 
the making

> Has anyone else had their server lock up and need a hard reboot since
around
> Christmas which I believe is around when the memcache adventure started?
>
Hi Ken,
Have you got it on a good Battery Backup UPS? Also, if it has been running
for a while, have you cleaned it? Random lockups with no errors can be
caused by heat or interruptible power.  So the 2 things we always check are
that the UPS has good batteries and can handle brownouts and surges, and we
blow out all the dust inside the server box and check the fans, to make sure
it is properly cooling.
Just some ideas.
Tom


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:19005] Re: 5208R - Curious behavior of cced - fix is in the making

[Ken Hohhof]

Has anyone else had their server lock up and need a hard reboot since around 
Christmas which I believe is around when the memcache adventure started?

I have a 5208R server that was put in service about a year ago and ran 
without problems until it froze up on Dec. 23, it did it again today.  There 
is nothing unusual in the logs right before the lockup, and we didn't get a 
yum update last night, so I have no specific reason to suspect it is related 
to the software changes, other than the timeframe.

This is a lightly loaded i5 server with an SSD array and not running 
anything other than BlueOnyx, it hosts a couple dozen websites and isn't 
even used for DNS or email, so it seems strange to have lockups, especially 
in the middle of the night.  I believe the BlueQuartz server this replaced 
did occasionally need a power cycle, but that was a fairly old Tyan box with 
regular hard disk drives so I chalked it up to hardware.


-Original Message- 
From: Michael Stauber
Sent: Thursday, January 14, 2016 4:35 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:18998] Re: 5208R - Curious behavior of cced - fix is in 
the making

Hi Chris and all,

>> I'm currently preparing a rollback. Which will bring back the (working)
>> sausalito-cce* we had before the memcache update. This update will also
>> uninstall the base-memcache module for now.
>
> I think that's the wise move.

Yeah. There is no other choice but to remove it for now.

> Thanks for continuing to hammer on this, Michael.   I recognize the work
> ain't easy.   Just know it is appreciated by guys like me who are
> working to keep the support ticket volume to a reasonable level.

Indeed. Thank you for that! I'm already flooded with emails from grumpy
clients who've done their fair share of waiting for something or other.

I just published the roll-back updates to YUM for 5207R/5208R and 5209R.
They're on YUM now.

I'll publish a top-post to the list (and the BlueOnyx news) in a moment
so that this news doesn't get lost in the clutter.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:18992] Re: 5208R - Curious behavior of cced

[Ken Hohhof]

I am seeing pretty much the same thing with a 5208R machine.  I am having to 
restart cced every time I want to log in to the admin interface.  I do not 
see a lot of cced processes running, but I either cannot get the login page, 
or once I enter the login credentials, I get PHP errors like in your post.

After a cced restart it seems to work, but a few hours later I have to do it 
again.


-Original Message- 
From: Richard Morgan :: Morgan Web
Sent: Wednesday, January 13, 2016 1:09 PM
To: 'BlueOnyx General Mailing List'
Subject: [BlueOnyx:18982] Re: 5208R - Curious behavior of cced

> there is an side effect.
> If a lot of cced processes are running the customer also gets an error and
not the login page:

> A PHP Error was encountered
> Severity: Notice
> Message: Undefined index: isLicenseAccepted
> Filename: controllers/login.php
> Line Number: 353

> A PHP Error was encountered
> Severity: Warning
> Message: Cannot modify header information - headers already sent by
(output started at
/usr/sausalito/ui/chorizo/ci/system/core/Exceptions.php:185)
> Filename: controllers/login.php
> Line Number: 355

We've been faced with the same issue; clearing cced processes and restarting
cced.init sorted the problem initially but it has occurred again since.

The reason for this post is our line numbers are different:

A PHP Error was encountered
Severity: Notice
Message: Undefined index: isLicenseAccepted
Filename: controllers/login.php
Line Number: 135

A PHP Error was encountered
Severity: Warning
Message: Cannot modify header information - headers already sent by (output
started at /usr/sausalito/ui/chorizo/ci/system/core/Exceptions.php:185)
Filename: controllers/login.php
Line Number: 137

This may just be down to different versions of the GUI but I wanted to
mention it in case it is relevant.

Richard

-Ursprüngliche Nachricht-
Von: blueonyx-boun...@mail.blueonyx.it
[mailto:blueonyx-boun...@mail.blueonyx.it] Im Auftrag von Dirk Estenfeld
Gesendet: Mittwoch, 13. Januar 2016 07:47
An: BlueOnyx General Mailing List 
Betreff: [BlueOnyx:18972] 5208R - Curious behavior of cced

Hello,

on several 5208R systems I have a strange behavior of cced and admserv.
Symptoms: I cannot reach the Blueonyx admin at http://server.name:444/login.
Cause: There a several cced tasks running:

5242 ?SNs0:00 /usr/sausalito/sbin/cced
7058 ?SN 0:00 /usr/sausalito/sbin/cced
7059 ?SN 0:00 /usr/sausalito/sbin/cced
7135 ?SN 0:00 /usr/sausalito/sbin/cced
7540 ?SN 0:00 /usr/sausalito/sbin/cced
7627 ?SN 0:00 /usr/sausalito/sbin/cced
7762 ?SN 0:00 /usr/sausalito/sbin/cced
7825 ?SN 0:00 /usr/sausalito/sbin/cced
7894 ?SN 0:00 /usr/sausalito/sbin/cced
7959 ?SN 0:00 /usr/sausalito/sbin/cced
8006 ?SN 0:00 /usr/sausalito/sbin/cced
8013 ?SN 0:00 /usr/sausalito/sbin/cced
8096 ?SN 0:00 /usr/sausalito/sbin/cced
8129 ?SN 0:00 /usr/sausalito/sbin/cced
8136 ?SN 0:00 /usr/sausalito/sbin/cced
8245 ?SN 0:00 /usr/sausalito/sbin/cced

Sometimes it is enough to killall -9 /usr/sausalito/sbin/cced ; service
cced.init start ; service admserv restart Sometimes a reboot is helping if
the problem occurs again after 1-2 hours.

In the messages log I can only see

Jan 13 06:30:05 server cced(smd)[6892]: client [0:6891] has admin rights Jan
13 06:35:01 server cced(smd)[6928]: client [0:6920] has admin rights Jan 13
06:40:01 server cced(smd)[7009]: client [0:7001] has admin rights Jan 13
06:45:01 server cced(smd)[7050]: client [0:7049] has admin rights Jan 13
06:45:02 server cced(smd)[7058]: client [0:7038] has admin rights Jan 13
06:45:02 server cced(smd)[7059]: client [0:7057] has admin rights Jan 13
06:50:01 server cced(smd)[7135]: client [0:7126] has admin rights Jan 13
06:55:01 server cced(smd)[7540]: client [0:7536] has admin rights Jan 13
07:00:01 server cced(smd)[7619]: client [0:7618] has admin rights Jan 13
07:00:01 server cced(smd)[7627]: client [0:7609] has admin rights Jan 13
07:05:01 server cced(smd)[7762]: client [0:7757] has admin rights Jan 13
07:10:01 server cced(smd)[7825]: client [0:7817] has admin rights Jan 13
07:15:01 server cced(smd)[7886]: client [0:7885] has admin rights Jan 13
07:15:01 server cced(smd)[7894]: client [0:7878] has admin rights Jan 13
07:20:02 server cced(smd)[7959]: client [0:7951] has admin rights Jan 13
07:25:01 server cced(smd)[8006]: client [0:8002] has admin rights Jan 13
07:30:01 server cced(smd)[8087]: client [0:8086] has admin rights Jan 13
07:30:01 server cced(smd)[8096]: client [0:8076] has admin rights Jan 13
07:35:01 server cced(smd)[8129]: client [0:8125] has admin rights Jan 13
07:40:02 server cced(smd)[8245]: client [0:8238] has admin rights

Some ideas / suggestions why cced runs so much and admserv is not
responding?

Best regards,
Dirk


---
blackpoint GmbH - Friedbe

[BlueOnyx:18981] Re: grep -R "class Memcache"/usr/sausalito/ui/chorizo/ci/

[Ken Hohhof]

I’ve been going nuts here this morning with a 5208R machine, had to restart 
cced to even log in to the web GUI, no status in Active Monitor, click on Cache 
and the GUI hangs again and have to restart cced.  The first time there were a 
lot of cced processes running, but after that no cced processes yet the GUI 
would not respond until we restarted cced again (which takes a long time, even 
though this is a relatively fast machine with a SSD.)

We saw a yum update take place a couple hours ago and after one more cced 
restart, things seem to be normal, we are able to bring up the Cache page, and 
the enable checkbox is now unchecked by default.

I’m hoping this latest yum update fixed the problems and they don’t come back.  
Things were not good at all there for awhile this morning.


From: kmrichard...@rogers.com 
Sent: Wednesday, January 13, 2016 11:48 AM
To: blueonyx@mail.blueonyx.it 
Subject: [BlueOnyx:18980] grep -R "class Memcache"/usr/sausalito/ui/chorizo/ci/

/usr/sausalito/ui/chorizo/ci/application/modules/base/memcache/controllers/memcache.php:class
 Memcache extends MX_Controller {

Click on Cache in the Admin and you get the error message

Fatal error: Cannot redeclare class Memcache in 
/usr/sausalito/ui/chorizo/ci/application/modules/base/memcache/controllers/memcache.php
 on line 3

This is only on one machine out of 5





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:18918] Re: Can't figure out site redirect problem

[Ken Hohhof]

Does this happen even for someone who has never visited the site before?

I ask because Internet Explorer caches HTTP 301 redirects and can be very 
stubborn about clearing the cached redirect, something like clear the 
browser cache and then go to the site using InPrivate browsing.  Probably 
not your problem, but it has bit me in the past when I redirected customers 
to a past due payment page.


-Original Message- 
From: Rod Morgan
Sent: Tuesday, January 05, 2016 10:21 AM
To: blueo...@blueonyx.it
Subject: [BlueOnyx:18916] Can't figure out site redirect problem

Richard,

Thanks for the response.  There are/were not changes in the wp-config or
wp-settings file.  I don't think this is a wordpress issue.  Even
browsing to a simple phpinfo.pho page causes the redirect.  This feels
like it's related to apache config, vhosts, etc.

Rod
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:17386] Re: SMTP; 554 5.4.6 Too many hops

[Ken Hohhof]

Number of Received: headers exceeds MaxHopCount?

Probably a mail loop between two mailservers.


From: Richard Barker 
Sent: Saturday, March 28, 2015 10:22 AM
To: BlueOnyx General Mailing List 
Subject: [BlueOnyx:17383] SMTP; 554 5.4.6 Too many hops

What is the basic cause for this error

SMTP; 554 5.4.6 Too many hops

I have googled it but really don't see and answer 

RC 


-- 

Richard C. Barker Sr. 
CEO & President 
1-800-510-3139 
ProBass Networks Inc. 
www.probassnetworks.net 
www.probass.net 
*** 
DISCLAIMER : - 
This e-mail is confidential and intended only for the use 
of the individual or entity named above and may contain 
information that is privileged. If you are not the intended 
recipient, you are notified that any dissemination, distribution 
or copying of this e-mail is strictly prohibited. If you have 
received this email in error, please notify us immediately 
by return email or telephone and destroy the original message. 





___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:17377] webhosting only, email hosted on another server

[Ken Hohhof]

What is the recommended way to configure BlueOnyx for webhosting only, where 
email for the domains is hosted separately?  Yet websites may want to use 
sendmail to email form data.

Unchecking the email box for the domain doesn't seem to accomplish what I 
want, I still see entries in local-host-names, virtusertable and access 
database.  And manual mods to those files are likely to get overwritten by 
the GUI or by yum updates.

Two specific problems are driving me crazy:

1)  Some legacy websites have contact forms that use a CGI script and 
sendmail to send an email.  And of course the recipient address is at the 
same domain as the website.  So the BlueOnyx server is bouncing the email 
for no such user, instead of sending it to the MX host.  So I have to 
manually edit local-host-names, which I assume will get overwritten by the 
GUI at some point.

2)  New problem, I think this started with a yum update some time within the 
past month or two.  Unless I modify the customer's CGI script to use the 
sendmail -f option, the envelope sender is apache@server_hostname.domain.com 
which sendmail rejects because that's not a valid sender address.

Luckily newer sites use PHP libraries to send email rather than sendmail. 
But we have legacy sites that have been moved from RaQ to RaQ3 to RaQ550 to 
BlueQuartz to BlueOnyx and the customer thinks the same code should work 
forever.  Same sites that have server side includes in files without a 
.shtml extension. 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:17188] Re: TalkTalk bounce

[Ken Hohhof]

I have seen this as well (but a few years ago) when some administrator 
mis-configured a Barracuda to look at the sender's IP address.  Barracuda 
has a name for this option, I can't remember it now.  But yes it will block 
all sorts of mail from dynamic IP blocks (DSL, etc.) for poor reputation. 
It is a configuration mistake, it is the reputation of the mail relay that 
should be taken into account, and in turn the operator of the mail relay 
determines who to trust (typically via SMTP AUTH).

But it is common for the mail system administrator to proclaim to their 
customers that they are right to block this evil mail from bad actors with 
poor reputations.  They will blame the sender, saying "tell them to stop 
spamming".

The solution is probably to tell the sender to use webmail, so his IP 
address does not show up in the headers.  Most of the big mailbox providers 
like GMail and Yahoo Mail I think have gone to this approach even for SMTP 
mail, they suppress the headers from before it hit their system.  So a badly 
misconfigured Barracuda or similar anti-spam appliance has nothing to look 
at and get upset over.


-Original Message- 
From: Chris Gebhardt - VIRTBIZ Internet
Sent: Wednesday, March 04, 2015 12:17 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:17179] Re: TalkTalk bounce


On 3/4/2015 9:31 AM, Colin Jack wrote:
> We are seeing mail sent from one of our relay servers to TalkTalk email 
> addresses bouncing off their mail servers:
>
> "554 Your access to this mail system has been rejected due to the sending 
> MTA's poor reputation."

This wouldn't, by chance, be a Barracuda system that is throwing the
error?I've never been impressed with those devices, but it appears
they are especially inept at identifying the actual relay instead of the
origination point...

Unfortunately I don't have any great advice to help you fix something
that is broken on the receiver's side.   My take would be to pass the
obvious error to them, and let their service provider sort it.  After
all, it's their service provider's problem.  The trouble isn't with your
box.  (My guess is you're just easier to reach!)
-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:17177] Re: Installing BlueOnyx on a Qube 3 can be possible?

[Ken Hohhof]

If I can ask, why would you want to put that much work into repurposing 
outdated hardware?  There are inexpensive ATOM and i3 devices today, or 2-3 
year old used servers, that would allow a straightforward standard install 
of BlueOnyx, and would outperform the Qube.

I have tons of old hardware, including some very nice HP/Compaq servers, as 
well as some RaQ550 and Tyan servers that used to run Cobalt or BlueQuartz 
software.  Every time I try to convince myself to reload them and put them 
back in service, it just doesn't make sense.  They are going to the 
recycler.


-Original Message- 
From: heat...@trans-world.org
Sent: Wednesday, March 04, 2015 11:08 AM
To: blueo...@blueonyx.it
Subject: [BlueOnyx:17175]Installing BlueOnyx on a Qube 3 can be possible?

It seems after some web research that Installing BlueOnyx on a Qube 3
can be possible,
could you please check this pdf downlad and confirm me please

Here is the pdf download document on how to instal BlueOnyx on a Qube 3

http://www.google.be/url?sa=t&rct=j&q=&esrc=s&source=web&cd=24&cad=rja&uact=8&ved=0CDIQFjADOBQ&url=http%3A%2F%2Fwww.martin-hoefer.de%2FQube3%2FBlueOnyx-Installation%2FINSTALLING_BlueOnyx_on_Qube3_by_Martin.pdf&ei=L_vxVIfJG9DkatiGgPgK&usg=AFQjCNFfnbHetN4k7a7XK3hYuMCL0YN7uQ&sig2=EmhSqw7b5iB_lMgXrp1i9w&bvm=bv.87269000,d.d24

___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:16875] Re: 5208R - Bug with function Services -> FTP -> Allow User FTP in Sitemanagement

[Ken Hohhof]

I believe 5107R does that as well.

-Original Message- 
From: Dirk Estenfeld
Sent: Tuesday, January 20, 2015 3:35 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16874] 5208R - Bug with function Services -> FTP -> Allow 
User FTP in Sitemanagement

Hello,

I think I found another bug in 5208R (do not know if it is also existent in 
other versions).
If you create some users and activate Services -> FTP -> Allow User FTP in 
Virtual Site management. Everything works well.
But if you leave the box checked and create new users a .ftpaccess file with 
the content


DenyAll


is created in the user folder and this prevents the user for listing / 
creating / uploading / doing anything.
My understanding is that this file should not be created if "Allow User FTP" 
is active.
If you untick the checkbox -> save -> tick the checkbox again -> safe the 
file .ftpaccess have vanished in the userdir and user ftp is working well.
But if you create a new user, file is existant in the new user directory. 
Result: For "old" user it is still working, for the new user not.

Michael, can you please check this and if I am correct fix this?

Best regards,
Dirk


---
Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 
Frankfurt


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:16635] Re: access phpMyAdmin

[Ken Hohhof]

Hey Michael, I've meant to ask a couple questions about the phpMyAdmin 
"WHAM" module in the Blue Onyx store.  I got it for the convenience of 
installing from the GUI, but immediately got a complaint from a site admin 
because it requires PHP 5.5.  So it won't run with the PHP that comes with 
Blue Onyx.  This made me look a little stupid to the hosting customer.

My questions are:

1)  Is the recommended solution to also buy the PHP and MySQL upgrades?  I 
host mostly legacy sites and am not eager to upgrade to PHP 5.5 and see if 
it breaks any of the sites.

2)  What is the recommended way to keep the phpMyAdmin version updated on 
virtual sites?  I thought the way it would work is that one copy would be 
installed on the server with something like symlinks from the vsites, then 
yum updates would automatically propagate to the vsites.  Or that the WHAM 
installer would automatically update all the copies after a yum update.  But 
I'm getting the impression neither of these happens.


-Original Message- 
From: Michael Stauber
Sent: Sunday, December 07, 2014 10:08 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16634] Re: access phpMyAdmin

Hi Meaulnes,

> it's a long time I haven't used mySQL... besides from the command
> line, one could also access it over www.domain.tld/phpMyAdmin
>
> But this doesn't work anymore, I guess the webalias changed somehow.

Yeah, "once upon a time". ;-)

The thing here is that newer versions of phpMyAdmin started to get
pretty selective in regards to the PHP version. We could no longer run
them on the "stock" PHP of AdmServ.

So we started doing this:

a.) In the GUI we use an older (but sill good) phpMyAdmin that's
modified to automatically log you into phpMyAdmin with suitable
credentials. In the new GUI this is found in the "Programs" tab.

b.) There is a WebApp-Module in the BlueOnyx shop that installs the
latest phpMyAdmin as Web-Application into Vsites of your choosing. That
way Vsites can have their own (modern) phpMyAdmin install that's
reachable outside of the GUI.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:16611] Re: Trouble with users ftp

[Ken Hohhof]

The checkbox I see is labeled "Allow User(s) access to FTP" and it is 
checked.

The tooltip does explain it as FTP for regular users who are not site 
administrators.


-Original Message- 
From: Michael Stauber
Sent: Tuesday, December 02, 2014 5:14 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16604] Re: Trouble with users ftp

Hi Ken,

> I posted something similar about a week ago.  Look for a .ftpaccess
> file in the user directory.  I think there is a bug in the software,
> it should only put that there if FTP is disabled for the user.

This behavior is entirely intentional.

Go to the site in question in the GUI. Go to "Services" & "FTP". There
you fine "Allow FTP for non-SiteAdmin".

If this is *not* ticked (which is the default), then only siteAdmin's
can FTP. All other users get access denied via the .ftpaccess files.

If the checkbox is ticked, everyone can FTP and the .ftpaccess files are
removed and won't get created.

-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:16593] Re: Trouble with users ftp

[Ken Hohhof]

I posted something similar about a week ago.  Look for a .ftpaccess file in the 
user directory.  I think there is a bug in the software, it should only put 
that there if FTP is disabled for the user.


From: Brian TerBeek 
Sent: Saturday, November 29, 2014 2:49 PM
To: blueonyx@mail.blueonyx.it 
Subject: [BlueOnyx:16592] Trouble with users ftp

5207R

 

After creating a new user I'm trying to test the new users ftp login , however 
ftp fails as I get a 550 PWD permission denied after ftp successfully logs in

 

Any help would be appreciated. Thanks in advance

 

Best Regards 


Brian Ter Beek

 




___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:16570] Re: .ftpaccess file being placed in newuserdirectories

[Ken Hohhof]

Update - I tried adding a regular user to a virtual site that had PHP (not 
suPHP) enabled, and the same problem occurred.


-Original Message- 
From: Ken Hohhof
Sent: Tuesday, November 25, 2014 11:12 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16569] Re: .ftpaccess file being placed in 
newuserdirectories

Actually, for the site in question, "Enable PHP scripting" is set to
"Disabled".  This particular customer uses it as an FTP site, so there are
no webpages and no need for PHP.

I could try on another virtual site that has PHP enabled, or create a test
site.

Would having PHP disabled also disable FTP access for non siteadmins?  Note
the way the .ftpaccess file works, even the siteadmin cannot see the user
folders via FTP.


-Original Message- 
From: Michael Stauber
Sent: Tuesday, November 25, 2014 10:19 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16565] Re: .ftpaccess file being placed in new
userdirectories

Hi Ken,

> I have a new 5208R installation, we migrated sites from a BQ server using
> CMU.  Migrated users are OK, but if we add new regular users, there is a
> .ftpaccess file being placed in their directory that denies FTP access by
> everyone.  (Took awhile to find the cause since it is a dot file.)
>
> This happens even though we have the "Allow User(s) access to FTP" box
> checked.
>
> Is this a bug, or are we doing something wrong?

If you have suPHP enabled for the website, then this will do two things:

a.) User Owned Webs will be disabled
b.) FTP access for anyone who is not a siteAdmin will be disabled.

The reason here is that when suPHP is enabled, PHP functionality for
user owned webs simply does not work due to OpenBasedir restrictions.

Other than that: If suPHP is disabled and/or you use "normal" PHP, then
both "User Owned Webs" and "FTP access for non-siteAdmins" can be turned
on or off separately.


-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:16569] Re: .ftpaccess file being placed in new userdirectories

[Ken Hohhof]

Actually, for the site in question, "Enable PHP scripting" is set to 
"Disabled".  This particular customer uses it as an FTP site, so there are 
no webpages and no need for PHP.

I could try on another virtual site that has PHP enabled, or create a test 
site.

Would having PHP disabled also disable FTP access for non siteadmins?  Note 
the way the .ftpaccess file works, even the siteadmin cannot see the user 
folders via FTP.


-Original Message- 
From: Michael Stauber
Sent: Tuesday, November 25, 2014 10:19 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16565] Re: .ftpaccess file being placed in new 
userdirectories

Hi Ken,

> I have a new 5208R installation, we migrated sites from a BQ server using
> CMU.  Migrated users are OK, but if we add new regular users, there is a
> .ftpaccess file being placed in their directory that denies FTP access by
> everyone.  (Took awhile to find the cause since it is a dot file.)
>
> This happens even though we have the "Allow User(s) access to FTP" box
> checked.
>
> Is this a bug, or are we doing something wrong?

If you have suPHP enabled for the website, then this will do two things:

a.) User Owned Webs will be disabled
b.) FTP access for anyone who is not a siteAdmin will be disabled.

The reason here is that when suPHP is enabled, PHP functionality for
user owned webs simply does not work due to OpenBasedir restrictions.

Other than that: If suPHP is disabled and/or you use "normal" PHP, then
both "User Owned Webs" and "FTP access for non-siteAdmins" can be turned
on or off separately.


-- 
With best regards

Michael Stauber
___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx

[BlueOnyx:16564] .ftpaccess file being placed in new user directories

[Ken Hohhof]

I have a new 5208R installation, we migrated sites from a BQ server using 
CMU.  Migrated users are OK, but if we add new regular users, there is a 
.ftpaccess file being placed in their directory that denies FTP access by 
everyone.  (Took awhile to find the cause since it is a dot file.)

This happens even though we have the "Allow User(s) access to FTP" box 
checked.

Is this a bug, or are we doing something wrong?

I think I found the PERL script that places the .ftpaccess file in the 
user's home directory, but I'm not sure why it is being triggered.  My guess 
is the checkbox is not working. 


___
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx