Re: splitting a subnet in an odd way
On Wednesday 24 September 2003 10:47, Leonardo Boselli wrote: > I have a /24 subnet. > .1 is the gateway and almost all IP from 2 to 254 are occupied. > I would like to split the host in three groups: > 12 that can have full access, 12 thought one firewall and the other 205 > throught a second firewall. > I cannot chanmge the number of some machines, so the only option is > that the first 12 and the two firewalls are .2 to .14 > the second group is .18 to .29 and the third vould keep is present > numbers between .36 and .254. Why not have a single firewall? If you want to have two firewalls make an HA cluster out of them. If you are interested in physically separating the subnets then I would just put extra interfaces on the firewall (basically multiple DMZs). - assume subnet is 1.1.1.0/24 - all machines behind firewall get 1.1.1.0/24 subnet - firewall gets 1.1.1.2/24 assigned to it's external interface (side facing router) - firewall does proxy arp for all IPs in the subnet on it's external interface - if you like, firewall does proxy arp for 1.1.1.1 on it's internal interface and then machines shouldn't even have to change their gateway - firewall rules are written as you require. Even though the subnet 1.1.1.0/28 doesn't really exist you can write your firewall rules in that way The firewall will probably need an IP on it's internal interface, you might be able to use the same IP on both inside and outside interfaces. If you're using 1.1.1.1 as the gateway and proxy arping for it on the internal interface then I have a suspicion that no IP would be needed. You can avoid doing any proxy arp if you setup the routing correctly on your router at 1.1.1.1. If these computers are Internet hosts (webservers, mailservers, etc.) I prefer to stick with private IPs on the hosts and to use DNAT to forward traffic to the machines. On another note, shorewall is an excellent framework for managing iptables rules, it will even manage proxy arp for you when you need to use that. -- Fraser Campbell <[EMAIL PROTECTED]> http://www.wehave.net/ Halton Hills, Ontario, Canada Debian GNU/Linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix: Multiple recipients alias?
Hi there, one way that comes to mind is to run incoming mail for this account through a filter of some sort (mailfilter, procmail etc.) that would check for the sender address. This, of course, would also let spam emails through that "pose" as local senders but are, in fact, fake. Just my 2 cents... - Cheers, Peter On Friday, September 26, 2003, at 1:40 PM, R.M. Evers wrote: Hi, This could be a stupid question, but I'm trying to accomplish the following: In our company, we run a Debian mailserver with Postfix. The server runs a lot of accounts and virtual domains for our customers, but also for our own employees. Now, what i want to do, is make some sort of alias for our employees, so that they can send an e-mail to, for example "[EMAIL PROTECTED]", which would deliver to all of our mailboxes. But, I only want this alias to be available for our own employees. Not for the outside world, of course.. Would this be possible? Regards, -- R.M. Evers <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Dipl.-Ing. Peter Burgstaller Technical Director @ all information network & services gmbh email: [EMAIL PROTECTED] phone: +43 662 452335 fax : +43 662 452335 90 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix: Multiple recipients alias?
I just did something similar for one of our customers. I used mailman to create a mailing list, and added all the employees. I'm sure there's a way to do it without mailman, but I reckon if you're going to send something to "everyone" there ought to be a decent archive for it somewhere. What I wanted was something along the lines of "if I wouldn't relay mail for these people, I won't send messages to this address." Primary concern is spam. So incredibly easy to do in postfix. smtpd_recipient_restrictions does the access checks in order. For me, I put my sasl checks, then my network checks, then a check_recipient_access directive. Like so: smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_recipient_access hash:/etc/postfix/internal,check_relay_domains made a simple access file (/etc/postfix/internal): [EMAIL PROTECTED]REJECT postmap it, and postfix reload. Done. If you have employees that want to send stuff from home, or whatever, you can do something more complicated with check_sender_access or whatever it's called, but spam (and viruses!) fake that stuff all the time. Another nice thing about making it a mailing list, must easier to strip stuff, if you want to. Hope that helps... Pulu Afe.to ANTS POB 1478 Nuku'alofa, Tonga Ph: Country code 676 - 27946 or 878-1332 http://www.afe.to http://svcs.affero.net/rm.php?r=pulu Quoting "R.M. Evers" <[EMAIL PROTECTED]>: > Hi, > > This could be a stupid question, but I'm trying to accomplish the > following: > > In our company, we run a Debian mailserver with Postfix. The server runs > a lot of accounts and virtual domains for our customers, but also for > our own employees. Now, what i want to do, is make some sort of alias > for our employees, so that they can send an e-mail to, for example > "[EMAIL PROTECTED]", which would deliver to all of our > mailboxes. But, I only want this alias to be available for our own > employees. Not for the outside world, of course.. > > Would this be possible? > > Regards, > > -- > R.M. Evers <[EMAIL PROTECTED]> > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > - This mail sent from Tonga's Premiere Internet Cafe Visit us online at http://www.cafe.afe.to discussions @ http://www.nomoa.com/index.php generic info @ http://www.tongatapu.net.to -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Squid Refresh ?
Em Qui, 2003-09-25 às 05:19, Dave escreveu: > Hi all, Hi Dave Directly from :http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.13 5.13 IE 6.0 SP1 fails when using basic authentication When using basic authentication with Internet Explorer 6 SP1, you may encounter issues when you first launch Internet Explorer. The problem will show itself when you first authenticate, you will receive a "Page Cannot Be Displayed" error. However, if you click refresh, the page will be correctly displayed. This only happens immediately after you authenticate. This is not a Squid error or bug. Microsoft broke the Basic Authentication when they put out IE6 SP1. There is a knowledgebase article ( KB 331906) regarding this issue. The fix is to call Microsoft, open an incident referencing this KB article and they will send you a "hot fix". They do warn that this code is not "regression tested" but so far there have not been any reports of this breaking anything else. The problematic file is wininet.dll. According to Joao Coutinho, this simple solution also corrects the problem: * Go to Tools/Internet * Go to Options/Advanced * UNSELECT "Show friendly HTTP error messages" under Browsing. > > We are running squid proxy server with user authentication and every time I > log on, I get a blank screen/timeout and have to refresh to load my startup > address. Most of us in the building are running Internet Explorer 6. Is this > a common problem? > > Thanks, > > Dave -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
perdition - squirrelmail (pop3 and imap)
Hi Guys We have squirrelmail running on our mail gateway for remote users to access their mail from, however sometimes the users mailboxes reside on other mailservers throughout the WAN. Is there a way to configure squirrelmail to use something like perhaps perdition to point to the users /var/mail/mbox on another mail server ? At the moment we are having to creating accounts on the gateway mail server when the user travels and then re-route their mail once they are back again. Thanks Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Squid Refresh ?
Hi all, We are running squid proxy server with user authentication and every time I log on, I get a blank screen/timeout and have to refresh to load my startup address. Most of us in the building are running Internet Explorer 6. Is this a common problem? Thanks, Dave -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix: Multiple recipients alias?
Not an alias, strictly speaking, but Procmail's recipes might do what you've asked. Have a look at procmail, procmailrc, procmailex and formail man pages. Regards Jon Wood ha scritto: On Fri, 2003-09-26 at 12:40, R.M. Evers wrote: Hi, This could be a stupid question, but I'm trying to accomplish the following: In our company, we run a Debian mailserver with Postfix. The server runs a lot of accounts and virtual domains for our customers, but also for our own employees. Now, what i want to do, is make some sort of alias for our employees, so that they can send an e-mail to, for example "[EMAIL PROTECTED]", which would deliver to all of our mailboxes. But, I only want this alias to be available for our own employees. Not for the outside world, of course.. Would this be possible? I looked into this recently, and as far as I can tell, you'll need some sort of mailing list manager in place to do that, although I may be hideously wrong. Regards, -- R.M. Evers <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix: Multiple recipients alias?
Hi, > I looked into this recently, and as far as I can tell, you'll need > some sort of mailing list manager in place to do that, although I may > be hideously wrong. I believe the effect can be had with a combo of smtpd_restriction_classes combined with smtpd_recipient_restrictions, smtpd_client_restrictions and what not. This is one of the reasons why postfix is such an excellent program, imho. You can define e-mail addresses that may only receive mail from within the network that way. Not a big deal really, but it can make for a nice mind twister every now and again. Good luck... Nico -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
proftpd exploit
I have just discovered this exploit report but couldn't find anything about other distros than Slackware http://proftpd.linux.co.uk/index.html Does any body know if the debian version is affected too? All I could think of for the moment was disabling donwloading via FTP globally. Any ideas? Thanks Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where to get 'DCC' and 'pyzor' packages from?
On Wed, Sep 24, 2003 at 07:40:22PM +0200, Tomasz Papszun wrote: > > checksum clearinghouse) und pyzor were not installed. So I've started > > ^ Should be razor. Pyzor is "Razor in Python". Wanted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
vmware server with multiple Server OS's on blade servers
I was wondering if anyone is running multiple versions of Linux atop of vmware's enterprise server ? Supposedly, Vmware's enterprise server is its own OS. I watched an IBM presentation yesterday where they were pushing server consolidation. IBM is recommending that we [ the customer ] purchase high performance machines and run vmware's [enterprise] server and then install multiple OS's on top of them. Currently blade servers allow for logical assignment of computing power, for example you can assign blade one and two to 'real machine A' and blade three,four,five to 'real machine B'. With VMWARE enterprise server the logical breakdown of machines can then be taken to a lower level. For example, you can run 64 virtual machines on each of the 'real machines'. Additionally, each virtual [server] machine can be assigned a fixed amount of real cpu, bandwidth, and disk space. For example, you can give the web-server 5% of the total real machines power. Although this sounds a little crazy and complex, there are some advantages of running with all the eggs in one basket. For example, the blade servers save on space, reduce power and heat. VMWARE would make a great test or training environment for duplicating a data center on a few machines. I was just wondering if anyone had started on this journey of fragmented virtual machine ? IBM Blade Servers http://www-1.ibm.com/servers/eserver/bladecenter/scod/more_info.html VMWARE Enterprise Server http://www.vmware.com/products/server/gsx_features.html -- -- Ted Knab Chester, MD 21619 -- 940216d6021602a41607166696c656c202778696368602d65616e637 02940226c696e646c69702c6f667560256675627478696e67602a416 0716e6563756e2a0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix: Multiple recipients alias?
On Fri, 2003-09-26 at 12:40, R.M. Evers wrote: > Hi, > > This could be a stupid question, but I'm trying to accomplish the > following: > > In our company, we run a Debian mailserver with Postfix. The server runs > a lot of accounts and virtual domains for our customers, but also for > our own employees. Now, what i want to do, is make some sort of alias > for our employees, so that they can send an e-mail to, for example > "[EMAIL PROTECTED]", which would deliver to all of our > mailboxes. But, I only want this alias to be available for our own > employees. Not for the outside world, of course.. > > Would this be possible? > I looked into this recently, and as far as I can tell, you'll need some sort of mailing list manager in place to do that, although I may be hideously wrong. > Regards, > > -- > R.M. Evers <[EMAIL PROTECTED]> -- Jon^^^ (0 0) jellybob.co.uk ---o0O-O0o -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Postfix: Multiple recipients alias?
Hi, This could be a stupid question, but I'm trying to accomplish the following: In our company, we run a Debian mailserver with Postfix. The server runs a lot of accounts and virtual domains for our customers, but also for our own employees. Now, what i want to do, is make some sort of alias for our employees, so that they can send an e-mail to, for example "[EMAIL PROTECTED]", which would deliver to all of our mailboxes. But, I only want this alias to be available for our own employees. Not for the outside world, of course.. Would this be possible? Regards, -- R.M. Evers <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where to get 'DCC' and 'pyzor' packages from?
On Wed, 24 Sep 2003 at 19:05:33 +0200, Dominik Schulz wrote: > Dear List, > since Spam is becoming more and more unpleasant I'm currently looking > deeper into configuring SpamAssassin better. > When running spamd in Debug mode I realized that dcc (distributed > checksum clearinghouse) und pyzor were not installed. So I've started ^ Should be razor. There is a Debian package. I don't know anything about dcc as I don't use any of them. > looking for Debian packages ... and now I'm still looking. > > Anyone knows of deb packages of one (or both) of these two programs? > Shall I install them from source? > Or shouldn't I use them at all? -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Where to get 'DCC' and 'pyzor' packages from?
On Wed, 24 Sep 2003, Dominik Schulz wrote: > Dear List, > since Spam is becoming more and more unpleasant I'm currently looking > deeper into configuring SpamAssassin better. > When running spamd in Debug mode I realized that dcc (distributed > checksum clearinghouse) und pyzor were not installed. So I've started > looking for Debian packages ... and now I'm still looking. > > Anyone knows of deb packages of one (or both) of these two programs? > Shall I install them from source? > Or shouldn't I use them at all? > > Mit freundlichen Gruessen / Best regards > Dominik Schulz > I have found some old versions of DCC packaged over at http://warmerbythelake.com/dcc-stuff/ and an even older version at http://people.debian.org/~bas/dcc/ Pyzor is in sarge and sid at the moment, I seem to remember it was easy enough to rebuild it on woody using the sarge source packages. I would be interested if anyone manages to get any newer versions of DCC packaged. Rgrds, Ben White -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: splitting a subnet in an odd way
On Thu, 25 Sep 2003 00:47, Leonardo Boselli wrote: > I have a /24 subnet. > .1 is the gateway and almost all IP from 2 to 254 are occupied. > I would like to split the host in three groups: > 12 that can have full access, 12 thought one firewall and the other 205 > throught a second firewall. > I cannot chanmge the number of some machines, so the only option is > that the first 12 and the two firewalls are .2 to .14 > the second group is .18 to .29 and the third vould keep is present > numbers between .36 and .254. If you want to subnet it then you'll need a router to have an IP address in each subnet. But that shouldn't be a problem. Have 1..14 as one subnet (15 is broadcast) and have 17..30 as another. For the rest the best thing to do is to have a router that sends fake ARP responses so that the rest of the machines can consider themselves to be in a /24. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]