Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 6/15/2012 9:10 PM, Gustavo Lacoste wrote:
Thanks guys!, John you can send me a simple filter for fail2ban+SMTP? I
tried use the following filters, but this is no sufficient for my yet.
*/etc/fail2ban/filter.d/sendmail.conf*
[Definition]
failregex = \[HOST\], reject.*\.\.\. Relaying denied
(User unknown)\n* \[HOST\]
badlogin: .* \[HOST\] plaintext .* SASL
reject=550 5.7.1 Blocked, look at
http://cbl.abuseat.org/lookup.cgi\?ip=HOST
ignoreregex =
*/etc/fail2ban/filter.d/dovecot-pop3imap.conf *
[Definition]
failregex = pam.*dovecot.*(?:authentication
failure).*rhost=(?:::f{4,6}:)?(?Phost\S*)
First, I switched to Postfix on my last CentOS 5 and all CentOS 6
installs. These rules are from v5 boxes, but are pretty old now. My
strongest rules were on CentOS 4 systems, which have been retired,
trashed or recycled. Make sure they match up to your logging.
Dovecot Auth Failures:
failregex = dovecot-auth: pam_unix\(dovecot:auth\): authentication
failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S*
rhost=HOST(?:\s+user=.*)?\s*$
Spamhaus Failures:
failregex = sendmail.*?(?:ruleset=check_relay).* relay=HOST .*
?reject=550 5\.7\.1 Email rejected due to Unsolicited Bulk Email \[xbl\]
policies see: http://spamhaus\.org/
Plug in what you want for xbl. This catches almost all of our blocks. I
cannot use pbl therefor zen due to outbound from pbl listed networks. Or
at least that is how I understand it. I never tried.
These systems were never what I would call production servers and
apparently there was never a need to catch the user unknown errors.
Unfortunately, my rules for that are gone now for Sendmail. Also, I'm
not good at regexs. Pretty much I started with the exact log containing
the failure and worked back from there to what I have.
I have noted that Fail2Ban maintainers seem to be supporting Postfix. I
think I've been grabbing it from epel or maybe dag. Most of the rules
work out of the box. But I'd never suggest that Postfix is better than
Sendmail, nor would I suggest you choose one over the other.
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 6/14/12 11:33 PM, Gustavo Lacoste wrote: Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=, size=3958, class=0, nrcpts=1, msgid=201206142307.q5en710u024...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:23 at6412 sendmail[24868]: q5EN7M6D024868: from= qmar...@qmarket.cl, size=2193, class=0, nrcpts=2, msgid= 20120614231448.1e99a13e...@smtp02qmarket.qmarket.cl, proto=ESMTP, daemon=MTA, relay=[200.1.174.121] Jun 14 19:07:24 at6412 sendmail[24961]: q5EN7OT4024961: from= nob...@2012.123icq.cl, size=4716, class=0, nrcpts=1, msgid= e1sfj8h-0005kv...@2012.123icq.cl, proto=ESMTP, daemon=MTA, relay= pc1.globalmac.cl [200.29.231.61] (may be forged) Jun 14 19:07:33 at6412 sendmail[25013]: q5EN7SqK025013: from= a.pfsv...@yahoo.com, size=760, class=0, nrcpts=1, msgid= 1531549-634033...@owfzdl.net, proto=SMTP, daemon=MTA, relay= h095159149119.ys.dsl.sakhalin.ru [95.159.149.119] Jun 14 19:07:37 at6412 sendmail[25065]: q5EN7bCj025065: from= en.viaimp...@gmail.com, size=4531, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=186-105-73-29.baf.movistar.cl [186.105.73.29] I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me With Kind Regards, Gustavo A. Lacoste Z. Curacautín - Chile Skype: knxroot Msn Gtalk: knx.root [at] gmail.com Home page: http://www.lacosox.org Hi, there are few solutions available to do this. 1.) install configure fail2ban 2.) Using IP Tables: i don't know if it is applicable to you # Fix in Place to Kick a User For 1 Minutes After Three Errors in The SMTP Session # And Limit The Number of Connections Someone Could Make With a Simple IP Tables Rule -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set i trust this helps, there is another solution but you do not use Postfix. # How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_count_limit = 3 # The maximal number of connection attempts any client is allowed to make to this service per time unit. smtpd_client_connection_rate_limit = 10 # The maximal number of message delivery requests that any client is allowed to make to this service per time unit, regardless of whether or # not Postfix actually accepts those messages. smtpd_client_message_rate_limit = 20 # The maximal number of recipient addresses that any client is allowed to send to this service per time unit, regardless of whether or not # Postfix actually accepts those recipients. smtpd_client_recipient_rate_limit = 500 # Clients that are excluded from connection count, connection rate, or SMTP request rate restrictions. smtpd_client_event_limit_exceptions = $mynetworks Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/15/12 9:25 AM, Shiv. Nath wrote: 1.) install configure fail2ban each of the connections shown in the log fragment was from a different IP. how would fail2ban help? -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 6/15/12 2:03 AM, Les Mikesell wrote: On Thu, Jun 14, 2012 at 7:58 PM, Gustavo Lacostegust...@lacosox.org wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). Give them logins/passwords and only rely if the connection is authenticated. Hi, The solution Les Mikesell offered is also good option, use sasldb function to authenticate before relay. http://postfix.state-of-mind.de/patrick.koetter/smtpauth/sasldb_configuration.html Thanks / Regards ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On Fri, Jun 15, 2012 at 11:25 AM, Shiv. Nath prabh...@digital-infotech.net wrote: I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me [...] i trust this helps, there is another solution but you do not use Postfix. Sendmail is nearly infinitely configurable - and not all that complicated if you do it in sendmail.mc instead of .cf. But, the really quick fix is to drop in a couple of milters. milter-greylist is in the rpmforge repo and will tempfail everything the first time it sees a new sender (exceptions/timing configurable, of course). Most spammers don't retry, all real mail servers do, so at the expense of an occasional delivery delay you avoid most of the problem. MimeDefang is in both EPEL and rpmforge. It lets you control most sendmail operations in a small snipped of perl and allows you to run any tests you want, including rbls and spamassassin before the message is accepted at the smtp level. MimeDefang is flexible enough that you could add your own greylisting there, but it isn't included out of the box (but the author has a commercial solution that is more complete). -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
Shiv. Nath wrote: On 6/14/12 11:33 PM, Gustavo Lacoste wrote: Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=, size=3958, class=0, nrcpts=1, msgid=201206142307.q5en710u024...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] snip I need help for STOP this spamers right now. there are few solutions available to do this. 1.) install configure fail2ban 2.) Using IP Tables: i don't know if it is applicable to you snip I strongly encourage you to use fail2ban. Which, btw, rewrites iptables rules on the fly Speaking of which... are other folks seeing a low-level (that is, hit, try later, hit, try later, etc, over weeks, rather than trytrytrytrytrytrytry in one shot) from inetnum: 91.201.64.0 - 91.201.67.255 netname: Donekoserv descr: DonEkoService Ltd country: RU This is explicitly against PMA, which I gather, is apache-pma. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
John R Pierce wrote: On 06/15/12 9:25 AM, Shiv. Nath wrote: 1.) install configure fail2ban each of the connections shown in the log fragment was from a different IP. how would fail2ban help? Interesting - I hadn't looked that closely. You're right - if it's one attack, it's a distributed one. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/15/2012 09:33 AM, John R Pierce wrote: On 06/15/12 9:25 AM, Shiv. Nath wrote: 1.) install configure fail2ban each of the connections shown in the log fragment was from a different IP. how would fail2ban help? If you were to switch to postfix, I believe that postscreen may be able to handle this type of spambot attack. http://www.postfix.org/postscreen.8.html Unless you happen to already be a sendmail guru, my sense is that postfix is easier to configure to deal with these complex situations. Nataraj ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 6/14/2012 8:58 PM, Gustavo Lacoste wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). That is the same problem I am dealing with. You have to set up a dual mailserver system with outbound set to not use the blacklist used on the inbound server or you will block some of your good users who happen to land on a dirty IP address from time to time. The situation is the same with SpamAssassin or any other anti-spam system in place. Sendmail and Postfix work the same in this regard. And I'm still not certain which one I like the most, after installing Postfix on our last 4 systems. I think the logging from Sendmail is way more logical (easier to comprehend), but maybe that is just because I have been reading those logs for many years. I would still take a look at Fail2Ban. You need to be very careful with your rules, but it is extremely flexible. You only provided about 30 seconds from your mail log. Fail2ban will look over a much greater time spam and activate whatever blocks you enable or write. I have written blocks based on not passing certain spam tests, such as the Spamhaus RBL (and yes we pay for that service). But I really didn't care for our systems to run the repeated DNS lookups. The rule blocks them at the firewall and over time, the number of blocks has decreased as many spammers have just quit trying. I have rules to block spammers mining for good email addresses (some of our domains were getting 10s of thousands of attempts per day). I also use Fail2Ban for FTP, SMTP and just about every service login, with adjusted numbers of attempts and shorter or longer times based on how the rules might adversely effect one of our actual users. Higher security risk services with low volume use by users, get blocked after fewer failed attempts and for much longer times. FYI, Spamhaus is blocking around 90% of all our inbound emails as spam. That number should actually be higher, but Fail2Ban does not allow a number of messages in due to the firewall blocks, so those don't get figured in to that total. Spamhaus is perfect in blocking IP addresses that positively were used to send spam, but dynamic addresses do get caught creating some false positives. -- John Hinton 877-777-1407 ext 502 http://www.ew3d.com Comprehensive Online Solutions ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
Thanks guys!, John you can send me a simple filter for fail2ban+SMTP? I
tried use the following filters, but this is no sufficient for my yet.
*/etc/fail2ban/filter.d/sendmail.conf*
[Definition]
failregex = \[HOST\], reject.*\.\.\. Relaying denied
(User unknown)\n* \[HOST\]
badlogin: .* \[HOST\] plaintext .* SASL
reject=550 5.7.1 Blocked, look at
http://cbl.abuseat.org/lookup.cgi\?ip=HOST
ignoreregex =
*/etc/fail2ban/filter.d/dovecot-pop3imap.conf *
[Definition]
failregex = pam.*dovecot.*(?:authentication
failure).*rhost=(?:::f{4,6}:)?(?Phost\S*)
With Kind Regards,
Gustavo A. Lacoste Z.
Curacautín - Chile
Skype: knxroot
Msn Gtalk: knx.root [at] gmail.com
Home page: http://www.lacosox.org
- -
*Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint.
Lea http://www.gnu.org/philosophy/no-word-attachments.es.html*
2012/6/15 John Hinton webmas...@ew3d.com
On 6/14/2012 8:58 PM, Gustavo Lacoste wrote:
The problem with my server is: I use it to offer webhosting services.
Some
customers using Outlook are blocked because they use black listed ips
(ips
simply are dynamic).
That is the same problem I am dealing with. You have to set up a dual
mailserver system with outbound set to not use the blacklist used on the
inbound server or you will block some of your good users who happen to
land on a dirty IP address from time to time. The situation is the same
with SpamAssassin or any other anti-spam system in place.
Sendmail and Postfix work the same in this regard. And I'm still not
certain which one I like the most, after installing Postfix on our last
4 systems. I think the logging from Sendmail is way more logical (easier
to comprehend), but maybe that is just because I have been reading those
logs for many years.
I would still take a look at Fail2Ban. You need to be very careful with
your rules, but it is extremely flexible. You only provided about 30
seconds from your mail log. Fail2ban will look over a much greater time
spam and activate whatever blocks you enable or write. I have written
blocks based on not passing certain spam tests, such as the Spamhaus RBL
(and yes we pay for that service). But I really didn't care for our
systems to run the repeated DNS lookups. The rule blocks them at the
firewall and over time, the number of blocks has decreased as many
spammers have just quit trying. I have rules to block spammers mining
for good email addresses (some of our domains were getting 10s of
thousands of attempts per day). I also use Fail2Ban for FTP, SMTP and
just about every service login, with adjusted numbers of attempts and
shorter or longer times based on how the rules might adversely effect
one of our actual users. Higher security risk services with low volume
use by users, get blocked after fewer failed attempts and for much
longer times.
FYI, Spamhaus is blocking around 90% of all our inbound emails as spam.
That number should actually be higher, but Fail2Ban does not allow a
number of messages in due to the firewall blocks, so those don't get
figured in to that total. Spamhaus is perfect in blocking IP addresses
that positively were used to send spam, but dynamic addresses do get
caught creating some false positives.
--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Sendmail SMTP Brute-Force Attack
Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=, size=3958, class=0, nrcpts=1, msgid=201206142307.q5en710u024...@myserver.com, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:23 at6412 sendmail[24868]: q5EN7M6D024868: from= qmar...@qmarket.cl, size=2193, class=0, nrcpts=2, msgid= 20120614231448.1e99a13e...@smtp02qmarket.qmarket.cl, proto=ESMTP, daemon=MTA, relay=[200.1.174.121] Jun 14 19:07:24 at6412 sendmail[24961]: q5EN7OT4024961: from= nob...@2012.123icq.cl, size=4716, class=0, nrcpts=1, msgid= e1sfj8h-0005kv...@2012.123icq.cl, proto=ESMTP, daemon=MTA, relay= pc1.globalmac.cl [200.29.231.61] (may be forged) Jun 14 19:07:33 at6412 sendmail[25013]: q5EN7SqK025013: from= a.pfsv...@yahoo.com, size=760, class=0, nrcpts=1, msgid= 1531549-634033...@owfzdl.net, proto=SMTP, daemon=MTA, relay= h095159149119.ys.dsl.sakhalin.ru [95.159.149.119] Jun 14 19:07:37 at6412 sendmail[25065]: q5EN7bCj025065: from= en.viaimp...@gmail.com, size=4531, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=186-105-73-29.baf.movistar.cl [186.105.73.29] I need help for STOP this spamers right now. Thanks in advance to anyone who can guide me With Kind Regards, Gustavo A. Lacoste Z. Curacautín - Chile Skype: knxroot Msn Gtalk: knx.root [at] gmail.com Home page: http://www.lacosox.org - - *Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint. Lea http://www.gnu.org/philosophy/no-word-attachments.es.html* ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/14/12 4:33 PM, Gustavo Lacoste wrote:
I need help for STOP this spamers right now.
Thanks in advance to anyone who can guide me
2 of the three relay IPs listed in your log fragment are listed on
spamhaus' Zen combined list, http://www.spamhaus.org/zen/
this is free for use by low volume non-commercial email servers. see the
terms linked on the above URL.
adding the following line to your sendmail.mc file, then rebuilding the
.cf and restarting sendmail would reject all mail connections from
servers listed via Spamhaus.
FEATURE(dnsbl,`zen.spamhaus.org',`Message from ${client_addr} rejected
- see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl
(note this file is in M4 syntax, and has to use 'funny' quoting, with a
` as the opening quote).
--
john r pierceN 37, W 122
santa cruz ca mid-left coast
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
You can use, also, fail2ban http://www.fail2ban.org/wiki/index.php/Sendmail http://www.fail2ban.org/wiki/index.php/HOWTOs Work over the filter. You can set that if 'x' connection from same IP in 'y' seconds, block in firewall -- Diego - Yo no soy paranoico! (pero que me siguen, me siguen) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
The problem with my server is: I use it to offer webhosting services. Some
customers using Outlook are blocked because they use black listed ips (ips
simply are dynamic).
With Kind Regards,
Gustavo A. Lacoste Z.
Curacautín - Chile
Skype: knxroot
Msn Gtalk: knx.root [at] gmail.com
Home page: http://www.lacosox.org
- -
*Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint.
Lea http://www.gnu.org/philosophy/no-word-attachments.es.html*
2012/6/14 John R Pierce pie...@hogranch.com
On 06/14/12 4:33 PM, Gustavo Lacoste wrote:
I need help for STOP this spamers right now.
Thanks in advance to anyone who can guide me
2 of the three relay IPs listed in your log fragment are listed on
spamhaus' Zen combined list, http://www.spamhaus.org/zen/
this is free for use by low volume non-commercial email servers. see the
terms linked on the above URL.
adding the following line to your sendmail.mc file, then rebuilding the
.cf and restarting sendmail would reject all mail connections from
servers listed via Spamhaus.
FEATURE(dnsbl,`zen.spamhaus.org',`Message from ${client_addr} rejected
- see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl
(note this file is in M4 syntax, and has to use 'funny' quoting, with a
` as the opening quote).
--
john r pierceN 37, W 122
santa cruz ca mid-left coast
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
If you have disabled open relaying then I would look at grey listing and
throttling to reduce the number of spam per hour that comes in.
Since your routing others emails there is no point in spam analysis cause your
customers are probably doing it already. Just need to dissuade spammers from
full throttling your edge severs.
-Ross
On Jun 14, 2012, at 8:58 PM, Gustavo Lacoste gust...@lacosox.org wrote:
The problem with my server is: I use it to offer webhosting services. Some
customers using Outlook are blocked because they use black listed ips (ips
simply are dynamic).
With Kind Regards,
Gustavo A. Lacoste Z.
Curacautín - Chile
Skype: knxroot
Msn Gtalk: knx.root [at] gmail.com
Home page: http://www.lacosox.org
- -
*Por favor, evite enviarme documentos adjuntos en formato Word o PowerPoint.
Lea http://www.gnu.org/philosophy/no-word-attachments.es.html*
2012/6/14 John R Pierce pie...@hogranch.com
On 06/14/12 4:33 PM, Gustavo Lacoste wrote:
I need help for STOP this spamers right now.
Thanks in advance to anyone who can guide me
2 of the three relay IPs listed in your log fragment are listed on
spamhaus' Zen combined list, http://www.spamhaus.org/zen/
this is free for use by low volume non-commercial email servers. see the
terms linked on the above URL.
adding the following line to your sendmail.mc file, then rebuilding the
.cf and restarting sendmail would reject all mail connections from
servers listed via Spamhaus.
FEATURE(dnsbl,`zen.spamhaus.org',`Message from ${client_addr} rejected
- see http://www.spamhaus.org/SBL/sbl-rationale.html') dnl
(note this file is in M4 syntax, and has to use 'funny' quoting, with a
` as the opening quote).
--
john r pierceN 37, W 122
santa cruz ca mid-left coast
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On Thu, Jun 14, 2012 at 7:58 PM, Gustavo Lacoste gust...@lacosox.org wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). Give them logins/passwords and only rely if the connection is authenticated. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Sendmail SMTP Brute-Force Attack
On 06/14/12 5:58 PM, Gustavo Lacoste wrote: The problem with my server is: I use it to offer webhosting services. Some customers using Outlook are blocked because they use black listed ips (ips simply are dynamic). They should be using smtp auth over SASL, or they should be using their ISP's smarthosts for forwarding outbound mail. -- john r pierceN 37, W 122 santa cruz ca mid-left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
