RE: FW: [Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>...Real domain name required for sender address
This is my maillog at /var/log/maillog: Jun 2 13:12:24 uetheta sendmail[4085]: j525Bh7b004085: from=<[EMAIL PROTECTED]>, size=1483, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=uealpha [192.168.1.1] Jun 2 13:12:24 uetheta sendmail[4085]: j525Bh7b004085: Milter add: header: X-Virus-Scanned: ClamAV version 0.85.1, clamav-milter version 0.85 on uetheta Jun 2 13:12:24 uetheta sendmail[4085]: j525Bh7b004085: Milter add: header: X-Virus-Status: Infected with Eicar-Test-Signature Jun 2 13:12:45 uetheta sendmail[4097]: j525COLZ004097: from=clamav, size=359, class=0, nrcpts=2, msgid=<[EMAIL PROTECTED]>, [EMAIL PROTECTED] Jun 2 13:12:45 uetheta sendmail[4097]: j525COLZ004097: to=<[EMAIL PROTECTED]>, delay=00:00:21, mailer=relay, pri=60359, stat=queued Jun 2 13:12:45 uetheta sendmail[4097]: j525COLZ004097: to=<[EMAIL PROTECTED]>, delay=00:00:21, mailer=relay, pri=60359, stat=queued Jun 2 13:12:45 uetheta sendmail[4085]: j525Bh7b004085: Milter: data, reject=554 5.7.1 virus Eicar-Test-Signature detected by ClamAV - http://www.clamav.net Jun 2 13:12:45 uetheta sendmail[4085]: j525Bh7b004085: to=<[EMAIL PROTECTED]>, delay=00:00:21, pri=31483, stat=virus Eicar-Test-Signature detected by ClamAV - http://www.clamav.net And this is my clamav-milter startup : sudo /usr/local/sbin/clamav-milter -b -s 192.168.1.1 [EMAIL PROTECTED] -a [EMAIL PROTECTED] --max-children=9 -olb \ local:/var/milter/clmilter.sock And I still have this error: - The following addresses had permanent fatal errors - <[EMAIL PROTECTED]> (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address) (expanded from: <[EMAIL PROTECTED]>) postmaster (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address) (expanded from: postmaster) - Transcript of session follows - ... while talking to [127.0.0.1]: >>> MAIL From:<[EMAIL PROTECTED]> SIZE=609 [EMAIL PROTECTED] <<< 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address 501 5.6.0 Data format error For your information, there is no problem with sendmail coz whoever user try to sent an email, they will get [EMAIL PROTECTED] My sendmail config will disallow sender if the sender doesn't have real domain name to avoid spammers. Need your help gang. I've cracked my head -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Gran Sent: Thursday, June 02, 2005 11:22 AM To: clamav-users@lists.clamav.net Subject: Re: FW: [Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>...Real domain name required for sender address On Thu, Jun 02, 2005 at 10:53:01AM +0800, bonar said: > > Do anyone know bout this problems??? > Need advise how to configure this things... > Pleasee. > > My question is, how to change '[EMAIL PROTECTED]' to > '[EMAIL PROTECTED]'. I'm using sendmail on Fedora Core 3 box. All my > user account will get [EMAIL PROTECTED] Check the first option in the manpage. > Other question is, how to > change 'while talking to [127.0.0.1]' to 'while talking to > [192.168.1.1]'... Please Help. The MSA doesn't talk to 192.168.1.1, it talks to 127.0.0.1. Why would you try to change that? -- -- | Stephen Gran | You know you have a small apartment | | [EMAIL PROTECTED] | when Rice Krispies echo. -- S. Rickly | | http://www.lobefin.net/~steve | Christian | -- ___ http://lurker.clamav.net/list/clamav-users.html
Re: FW: [Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address
On Thu, Jun 02, 2005 at 10:53:01AM +0800, bonar said: > > Do anyone know bout this problems??? > Need advise how to configure this things... > Pleasee. > > My question is, how to change '[EMAIL PROTECTED]' to > '[EMAIL PROTECTED]'. I'm using sendmail on Fedora Core 3 box. All my > user account will get [EMAIL PROTECTED] Check the first option in the manpage. > Other question is, how to > change 'while talking to [127.0.0.1]' to 'while talking to > [192.168.1.1]'... Please Help. The MSA doesn't talk to 192.168.1.1, it talks to 127.0.0.1. Why would you try to change that? -- -- | Stephen Gran | You know you have a small apartment | | [EMAIL PROTECTED] | when Rice Krispies echo. -- S. Rickly | | http://www.lobefin.net/~steve | Christian | -- pgpDGw95uA3TF.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address
On Wed, 1 Jun 2005, Bonar wrote: - Transcript of session follows - ... while talking to [127.0.0.1]: MAIL From:<[EMAIL PROTECTED]> SIZE=609 [EMAIL PROTECTED] <<< 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address 501 5.6.0 Data format error Just a guess, but did you comment out the following line in your /etc/mail/sendmail.mc ? LOCAL_DOMAIN(`localhost.localdomain')dnl You shouldn't have [You should never change defaults unless you're sure of what you're doing (and save backup copies of the originals).] My question is, how to change '[EMAIL PROTECTED]' to '[EMAIL PROTECTED]'. I'm using sendmail on Fedora Core 3 box. All my user account will get [EMAIL PROTECTED] You can do so by adding a line like this to your sendmail.mc: MASQUERADE_AS(`mydomain.com')dnl I strongly suggest reading the comments in that file.. there's lots of information there. Also read /usr/share/sendmail-cf/README sometime. Other question is, how to change 'while talking to [127.0.0.1]' to 'while talking to [192.168.1.1]'... You could modify your submit.mc, and it might have that effect. But you should be asking yourself *why* you would want to do such a thing. That functionality is useful if you have a client that needs to submit mail to a remote mailserver. It doesn't make much sense to avoid the loopback interface when talking to localhost. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Re: FW: 553 5.5.4 ... Real domain name required for sender address
bonar wrote: > My question is, how to change '[EMAIL PROTECTED]' to > '[EMAIL PROTECTED]'. I'm using sendmail on Fedora Core 3 box. All my > user account will get [EMAIL PROTECTED] Other question is, how to > change 'while talking to [127.0.0.1]' to 'while talking to > [192.168.1.1]'... Please Help. I don't use FC but my guess is that you have those 2 defined in the clam-milter daemon startup script, it could be in /etc/init.d or /etc/rc.d and the name of the file could be clamav or clamd or clam-milter... somewhere inside that script youll find that email address and probably a --server=127.0.0.0 also. Sorry for not being more helpful but, as I said, I don't use FC3. Regards. -- René Berber ___ http://lurker.clamav.net/list/clamav-users.html
Re: FW: [Clamav-users] 553 5.5.4 ... Real domain name required for sender address
bonar said: > > Do anyone know bout this problems??? > Need advise how to configure this things... > Pleasee. > > It looks more like a configuration/masquerading problem in Sendmail than a ClamAV error. dp > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bonar > Sent: Wednesday, June 01, 2005 9:04 PM > To: clamav-users@lists.clamav.net > Subject: [Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>... Real > domain name required for sender address > > > I get this error while clamav want to report to me if it's detect a > mailvirusses. > > > The original message was received at Wed, 1 Jun 2005 20:33:47 +0800 from > [EMAIL PROTECTED] > >- The following addresses had permanent fatal errors - > <[EMAIL PROTECTED]> > (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain > name required for sender address) > (expanded from: <[EMAIL PROTECTED]>) > postmaster > (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain > name required for sender address) > (expanded from: postmaster) > >- Transcript of session follows - > ... while talking to [127.0.0.1]: MAIL From:<[EMAIL PROTECTED]> SIZE=609 > [EMAIL PROTECTED] > <<< 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name > required for sender address 501 5.6.0 Data format error > > > > My question is, how to change '[EMAIL PROTECTED]' to > '[EMAIL PROTECTED]'. I'm using sendmail on Fedora Core 3 box. All my > user account will get [EMAIL PROTECTED] Other question is, how to > change 'while talking to [127.0.0.1]' to 'while talking to > [192.168.1.1]'... Please Help. > > > ___ > http://lurker.clamav.net/list/clamav-users.html > > ___ > http://lurker.clamav.net/list/clamav-users.html > ___ http://lurker.clamav.net/list/clamav-users.html
FW: [Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address
Do anyone know bout this problems??? Need advise how to configure this things... Pleasee. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonar Sent: Wednesday, June 01, 2005 9:04 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address I get this error while clamav want to report to me if it's detect a mailvirusses. The original message was received at Wed, 1 Jun 2005 20:33:47 +0800 from [EMAIL PROTECTED] - The following addresses had permanent fatal errors - <[EMAIL PROTECTED]> (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address) (expanded from: <[EMAIL PROTECTED]>) postmaster (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address) (expanded from: postmaster) - Transcript of session follows - ... while talking to [127.0.0.1]: >>> MAIL From:<[EMAIL PROTECTED]> SIZE=609 [EMAIL PROTECTED] <<< 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address 501 5.6.0 Data format error My question is, how to change '[EMAIL PROTECTED]' to '[EMAIL PROTECTED]'. I'm using sendmail on Fedora Core 3 box. All my user account will get [EMAIL PROTECTED] Other question is, how to change 'while talking to [127.0.0.1]' to 'while talking to [192.168.1.1]'... Please Help. ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] undefined reference to `smfi_opensocket'
On Wed, 1 Jun 2005, Troy Ayers wrote: When compiling the latest snapshot of clam I too get clamav-milter.c:1573: undefined reference to `smfi_opensocket' I have sendmail 8.13.3 (with libmilter support of course) My current version of clamav-milter is .82c Debian linux kernel 2.4.22 What did I miss? Uhh, 0.82c? You sure this was a recent snapshot? 0.85e has been out for several days now, and anything 0.82 is months out-of-date. Something smells fishy. Damian Menscher -- -=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=- -=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=- -=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=- -=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=- -=#| The above opinions are not necessarily those of my employers. |#=- ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] undefined reference to `smfi_opensocket'
--- Troy Ayers <[EMAIL PROTECTED]> wrote: > When compiling the latest snapshot of clam I too get > > clamav-milter.c:1573: undefined reference to > `smfi_opensocket' > > > > I have sendmail 8.13.3 (with libmilter support of course) > My current version of clamav-milter is .82c > Debian linux kernel 2.4.22 > > What did I miss? I encountered the same problem over the weekend. How old was your snapshot? N. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] undefined reference to `smfi_opensocket'
When compiling the latest snapshot of clam I too get clamav-milter.c:1573: undefined reference to `smfi_opensocket' I have sendmail 8.13.3 (with libmilter support of course) My current version of clamav-milter is .82c Debian linux kernel 2.4.22 What did I miss? -- Troy ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] backward compatibility questions
On Wed, 1 Jun 2005 11:41:46 -0700 (PDT) in [EMAIL PROTECTED] Joanna Roman <[EMAIL PROTECTED]> wrote: > I dont think odd that the virus db format got changed > again is very low. BTW, what do you mean by 0.8x is > 'useless' ? What do you mean by 'useless' ? I mean that if you are using 0.8x when say 0.99 is available, it is very likely that 0.8x will be unable to recognise many threats that 0.99 can. It's one thing to have a database that can be read OK, but if the signatures cannot be recognised then the new database does not buy you very much. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] backward compatibility questions
--- Brian Morrison <[EMAIL PROTECTED]> wrote: > On Wed, 1 Jun 2005 09:16:06 -0700 (PDT) in > [EMAIL PROTECTED] > Joanna Roman > <[EMAIL PROTECTED]> wrote: > > > I am using 0.83. If I do not upgrade, will clamd > > eventually refuse to reload main.cvd and daily.cvd > ? I > > already noticed that the new sigtool refuses to > list > > sigs if I used it on older versions of virus > databases. > > The last time this happened I think that the > database format changed > about the time that 0.8x appeared and that meant > that 0.65 and earlier > would not be able to read the new versions. > > Yes, 0.8x will eventually be useless but by then new > versions will be > out and you will be seriously lacking in protection > if you have not > upgraded already. > > -- > > Brian Morrison > > bdm at fenrir dot org dot uk > > GnuPG key ID DE32E5C5 - > http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html > ___ > http://lurker.clamav.net/list/clamav-users.html > I dont think odd that the virus db format got changed again is very low. BTW, what do you mean by 0.8x is 'useless' ? What do you mean by 'useless' ? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] backward compatibility questions
On Wed, 1 Jun 2005 09:16:06 -0700 (PDT) in [EMAIL PROTECTED] Joanna Roman <[EMAIL PROTECTED]> wrote: > I am using 0.83. If I do not upgrade, will clamd > eventually refuse to reload main.cvd and daily.cvd ? I > already noticed that the new sigtool refuses to list > sigs if I used it on older versions of virus databases. The last time this happened I think that the database format changed about the time that 0.8x appeared and that meant that 0.65 and earlier would not be able to read the new versions. Yes, 0.8x will eventually be useless but by then new versions will be out and you will be seriously lacking in protection if you have not upgraded already. -- Brian Morrison bdm at fenrir dot org dot uk GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] backward compatibility questions
I am using 0.83. If I do not upgrade, will clamd eventually refuse to reload main.cvd and daily.cvd ? I already noticed that the new sigtool refuses to list sigs if I used it on older versions of virus databases. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address
I get this error while clamav want to report to me if it's detect a mailvirusses. The original message was received at Wed, 1 Jun 2005 20:33:47 +0800 from [EMAIL PROTECTED] - The following addresses had permanent fatal errors - <[EMAIL PROTECTED]> (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address) (expanded from: <[EMAIL PROTECTED]>) postmaster (reason: 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address) (expanded from: postmaster) - Transcript of session follows - ... while talking to [127.0.0.1]: >>> MAIL From:<[EMAIL PROTECTED]> SIZE=609 [EMAIL PROTECTED] <<< 553 5.5.4 <[EMAIL PROTECTED]>... Real domain name required for sender address 501 5.6.0 Data format error My question is, how to change '[EMAIL PROTECTED]' to '[EMAIL PROTECTED]'. I'm using sendmail on Fedora Core 3 box. All my user account will get [EMAIL PROTECTED] Other question is, how to change 'while talking to [127.0.0.1]' to 'while talking to [192.168.1.1]'... Please Help. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Memory limit per process hit
Pablo Alsina wrote: On 5/28/05, Matt Fretwell <[EMAIL PROTECTED]> wrote: If this is not your preferred solution, how do you suggest to stop those scumbags searching for my user-database? Remember I'm not stopping spammers, I'm stopping user-db harvesters (probably future spammers). My patch does this. And this is not a clear cut issue as you have no objective mechanism for determining what is plain and simple a wrong email address and what is probe attempts. All current mechanisms are subjective, to the tune of "If X bad rcpts, then probably probing" or "if bad Rcpts look to be random <-- (subjective), than it is probing" So you can make educated guesses but there is no way to be 100 percent certain 100 percent of the time (or any other close value for that matter) I would encourage you to use DNSBL blocklists intensively, they are currently the only (relatively) cheap mechanism for keeping unwanteds away from your system. (my patch works for those as well) Of course you will also need to couple that with aggressive whitelisting. I would recommend you setup a DNSWL for that exact purpose. One proposed solution was to run another SMTP box, redirect SMTP traffic to it, and stop those attempts there, either with tarpitting, or directly terminate connections that reach a certain ratio of bad rcpts (as Joe Maimon suggested with a provided patch). This seems OK, but introduces another single point of failure, as this works if I disable SMTP directly to my real box (no secondary MX register allowed). No new box needed for my patch The other thing with this is if I terminate the connection when a threshold is reached, what avoids having this client reconnect, and continue with its mission? The whole point of tarpitting is that it does not stop them, just make it more expensive. sendmail rate-limiting of connection attempts. Interesting concept would be to prejudice rate-limiting code against "previous offenders", but in practice, I have found the current setup to be more than effective without causing ANY reported issues. Regards. ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter dies
Try not to use this in /etc/clamd.conf # If an email contains URLs ClamAV can download and scan them. # WARNING: This option may open your system to a DoS attack. # Never use it on loaded servers. # Default: disabled #MailFollowURLs I've detect that in my clmd.log LibClamAV Warning: URL http://us.rd.yahoo.com/mail/uk/taglines/gmail_com/photos/*http://uk.photos.yahoo.com/ failed to download LibClamAV Error: Segmentation fault :-( Bye.. > > > [EMAIL PROTECTED] wrote: >> >>> >>> To clarify, the milter isn't dying... it's just refusing to accept >>> inputs (there's a difference). And the issue is with the milter, not >>> with libclamav. >> >> >> >> In my case the milter is dying, and needs to be re-started... (started >> should I say). >> >> ___ >> http://lurker.clamav.net/list/clamav-users.html >> >> > In the previous thread it was pointed out that due to the behavior of > sendmail libmilter, which is compiled either staticaly into the milter > or on some distributions as a shared object library, there is little > difference in refusing to accept connections and dying. > > This is because libmilter will abort a milter that has consecutive > errors responding to a sendmail's connection attempts. > > ( > > I was explored the possibility of changing this behavior but its not > quite clear what the absolute correct course of action is: for more > information see > > http://groups-beta.google.com/group/comp.mail.sendmail/browse_frm/thread/65658b2f5797c626/8a61ae5f825ca3aa > > ) > > Therefore milters must always do all that is neccesary to handle every > sendmail connection. If scanning is not possible they need to either > TEMPFAIL immediately or after a (very) short wait for resources to > become available or let the message pass through unscanned. > ___ > http://lurker.clamav.net/list/clamav-users.html > ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav-milter dies
[EMAIL PROTECTED] wrote: To clarify, the milter isn't dying... it's just refusing to accept inputs (there's a difference). And the issue is with the milter, not with libclamav. In my case the milter is dying, and needs to be re-started... (started should I say). ___ http://lurker.clamav.net/list/clamav-users.html In the previous thread it was pointed out that due to the behavior of sendmail libmilter, which is compiled either staticaly into the milter or on some distributions as a shared object library, there is little difference in refusing to accept connections and dying. This is because libmilter will abort a milter that has consecutive errors responding to a sendmail's connection attempts. ( I was explored the possibility of changing this behavior but its not quite clear what the absolute correct course of action is: for more information see http://groups-beta.google.com/group/comp.mail.sendmail/browse_frm/thread/65658b2f5797c626/8a61ae5f825ca3aa ) Therefore milters must always do all that is neccesary to handle every sendmail connection. If scanning is not possible they need to either TEMPFAIL immediately or after a (very) short wait for resources to become available or let the message pass through unscanned. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamdscan vs clamscan - detection
On Tue, 31 May 2005 at 9:57:13 -0700, Todd Lyons wrote: > Odhiambo Washington wanted us to know: > > >> Please, set the "Debug" flag in your clamd.conf, rescan the sample, and > >> send > >> us the logs. > >I cannot do that on the box where this phenomena is manifesting itself > >because it's a production box, processing large volumes of mail. I'll > > Very quickly, do these: > 1) Edit /etc/clamd.conf, uncommenting the Debug option. > 2) clamscan the file > 3) Edit /etc/clamd.conf, commenting the Debug option. I know that the issue has been solved already (ScanPE was disabled). I just want to point out the detail: clamscan does _not_ use clamd.conf. (That's why the config file's name was changed from clamav.conf to clamd.conf in one of previous versions - to help avoid similar confusions). So the suggested trick wouldn't work. HTH for the archives' sake. > The running clamd process will never read the Debug setting since it > doesn't get restarted. clamscan doesn't use the clamd daemon, so you > accomplish all that is asked without having to potentially damage the > flow of mail across your machine. -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html