Re: protecting mail server from DOS
Words by Lucas Albers [Tue, Feb 17, 2004 at 12:25:17AM -0700]: Just recently I had my mail server swamped by a single virus machine that kept resending a virus message, ignoring my 5xx rejection code. Is it possbile to block this via an iptables smtp max connection throttle code? How do you handle this? Via iptables?, or via qmail/postfix/exim/sendmail internal coding? Null route 'em. That will keep them busy for quite a long time. Does anyone else encounter this problem on a regular basis? No. And I find it hard that a client machine can so easily disturb your service. How do you solve this? null route. -- Jose Celestino | http://xpto.org/~japc/files/japc-pgpkey.asc ...the law, cold and aloof by its very nature, has no access to the passions that might justify the cruel act of murder. -- SADE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: protecting mail server from DOS
Words by Lucas Albers [Tue, Feb 17, 2004 at 12:25:17AM -0700]: Just recently I had my mail server swamped by a single virus machine that kept resending a virus message, ignoring my 5xx rejection code. Is it possbile to block this via an iptables smtp max connection throttle code? How do you handle this? Via iptables?, or via qmail/postfix/exim/sendmail internal coding? Null route 'em. That will keep them busy for quite a long time. Does anyone else encounter this problem on a regular basis? No. And I find it hard that a client machine can so easily disturb your service. How do you solve this? null route. -- Jose Celestino | http://xpto.org/~japc/files/japc-pgpkey.asc ...the law, cold and aloof by its very nature, has no access to the passions that might justify the cruel act of murder. -- SADE
Re: postfix oddities.... 220 *******
Words by Roger Abrahamsson [Fri, Jan 10, 2003 at 03:38:47PM +0100]: A PIX Firewall was the reason.. thank you all for the quick help.. Now I shall have a little talk with the guy who configured that one ,-) Or failed to configure it as fixup protocol smtp 25 comes by default. Hello. Currently trying to set up a test postfix server with smtp auth, with sasl and tls. Got everything working eventually, at least from localhost. I can login, authenticate with plaintext etc. However, when trying to access that server from a host not in mynetworks it echos a funny 220 header like this: Escape character is '^]'. 220 -- Jose Celestino | http://xpto.org/~japc/files/japc-pgpkey.asc Don't summarize. Don't abbreviate. Don't interpret. -- djb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH Debian Woody
Is your loopback device (lo) up ? /sbin/ifconfig lo Thus spake James Mclean, on Mon, Dec 17, 2001 at 11:58:26AM +1030: All, I am building a debian woody machine as we speak, and i have installed the latest .deb of OpenSSH... Installed fine, but it fails to authenticate a remote login, and if i try a login from the same machine's command line it also fails. This is the message from the command line... # ssh -l jamesmc xxx.xxx.xxx.xxx Neighbour Table Overflow ssh: connect to address xxx.xxx.xxx.xxx port 22. No Buffer Space I recieve no errors when attempting to login remotely, but fails to authenticate and continues to ask for the password... I cannot see anything the messages or syslog logfiles. # ssh -V OpenSSH_3.0.1p1, SSH Protocols 1.5/2.0, OpenSSL 0x0090602f I am tempted to install from source next. Any Ideas? Regards, James Mclean Windows didn't get as bad as it is overnight -- it took over ten years of careful development. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jose Celestino [EMAIL PROTECTED] Systems Administration || Networks Eng. SAPO - PT Multimedia || http://www.sapo.pt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SSH Debian Woody
Is your loopback device (lo) up ? /sbin/ifconfig lo Thus spake James Mclean, on Mon, Dec 17, 2001 at 11:58:26AM +1030: All, I am building a debian woody machine as we speak, and i have installed the latest .deb of OpenSSH... Installed fine, but it fails to authenticate a remote login, and if i try a login from the same machine's command line it also fails. This is the message from the command line... # ssh -l jamesmc xxx.xxx.xxx.xxx Neighbour Table Overflow ssh: connect to address xxx.xxx.xxx.xxx port 22. No Buffer Space I recieve no errors when attempting to login remotely, but fails to authenticate and continues to ask for the password... I cannot see anything the messages or syslog logfiles. # ssh -V OpenSSH_3.0.1p1, SSH Protocols 1.5/2.0, OpenSSL 0x0090602f I am tempted to install from source next. Any Ideas? Regards, James Mclean Windows didn't get as bad as it is overnight -- it took over ten years of careful development. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jose Celestino [EMAIL PROTECTED] Systems Administration || Networks Eng. SAPO - PT Multimedia || http://www.sapo.pt
Re: Fw: Primary question about cbq
net/iproute Thus spake Rodrigo Cesar Herefeld, on Fri, Dec 07, 2001 at 09:41:01AM -0200: Wich package on debian provides cbq and advanc routing?? -- Rodrigo Cesar Herefeld Analista de Sistemas Consultoria de Informatica Cathedral [EMAIL PROTECTED] -BEGIN PGP MESSAGE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Gnome PGP version 0.4 owJ4nDsdWcJg/fn6pqD8lKLM9HwF59TixCIFj9Si1LTUnBReriKIeIZDTmZeaUVSkV5yfq5eUhEvly5BAADsyBus=Ng6+ -END PGP MESSAGE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jose Celestino [EMAIL PROTECTED] - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fw: Primary question about cbq
net/iproute Thus spake Rodrigo Cesar Herefeld, on Fri, Dec 07, 2001 at 09:41:01AM -0200: Wich package on debian provides cbq and advanc routing?? -- Rodrigo Cesar Herefeld Analista de Sistemas Consultoria de Informatica Cathedral [EMAIL PROTECTED] -BEGIN PGP MESSAGE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Gnome PGP version 0.4 owJ4nDsdWcJg/fn6pqD8lKLM9HwF59TixCIFj9Si1LTUnBReriKIeIZDTmZeaUVSkV5yfq5eUhEvly5BAADsyBus=Ng6+ -END PGP MESSAGE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jose Celestino [EMAIL PROTECTED] -
Re: qmail
Thus spake Pedro Braga, on Mon, Oct 15, 2001 at 06:10:16PM +0100: Hello, I've Debian 2.2 r3 on my servers and I use sendmail, but I want to try qmail! I've been on http://www.qmail.org; and the .deb link in the top.html page leads me to top.html#200101270 instead of the file .deb. Q.: is there a deb package with qmail? Yep, a src package: stable qmail-src 1.03-14 (266.2k) Source only package for building qmail binary package http://packages.debian.org/stable/mail/qmail-src.html I can always get the tgz file, but it would me much better the debian package... :-) Blame djb. -- Pedro Braga Eng. Telec./Programador http://www.iportalmais.pt -- Jose Celestino [EMAIL PROTECTED] - Weekends were made for programming. - Karl Lehenbauer
Re: Qmail errors
Outlook ignores the SMTP spec by not enclosing the e-mail addresses in angle brackets (although microsoft blames older mail server systems): http://support.microsoft.com/support/kb/articles/Q197/4/17.ASP?LN=EN-USSD=gnFR=0 Djb did a workaround for this (stupid RFC ignorant clients) on qmail version 1.03, install it. Thus spake Robert Ruzbacky, on Mon, Jul 02, 2001 at 08:59:28PM +1000: Currently I am having a problem with qmail. Our users are getting the following error when sending mail via SMTP: No transport provider was available for delivery to this recipient The client they are using is Microsoft Outlook. I can send via Outlook express, and it works fine on my machine. I check the qmail logs, but cannot find any bounce message. The error bounces back to the user with systems administrator as the user. With Microsoft Outlook, internet email is enabled as well as Microsoft Mail (the old win3.11 pop system) for internal mail. Any ideas? I am running a debian 1.3 server with qmail being v1.02. Thanks Rob.. -- Jose Celestino [EMAIL PROTECTED] - Existence takes is toll, extinction unfolds, The Colossus falls back from its threshold -- Borknagar - Colossus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Qmail errors
Outlook ignores the SMTP spec by not enclosing the e-mail addresses in angle brackets (although microsoft blames older mail server systems): http://support.microsoft.com/support/kb/articles/Q197/4/17.ASP?LN=EN-USSD=gnFR=0 Djb did a workaround for this (stupid RFC ignorant clients) on qmail version 1.03, install it. Thus spake Robert Ruzbacky, on Mon, Jul 02, 2001 at 08:59:28PM +1000: Currently I am having a problem with qmail. Our users are getting the following error when sending mail via SMTP: No transport provider was available for delivery to this recipient The client they are using is Microsoft Outlook. I can send via Outlook express, and it works fine on my machine. I check the qmail logs, but cannot find any bounce message. The error bounces back to the user with systems administrator as the user. With Microsoft Outlook, internet email is enabled as well as Microsoft Mail (the old win3.11 pop system) for internal mail. Any ideas? I am running a debian 1.3 server with qmail being v1.02. Thanks Rob.. -- Jose Celestino [EMAIL PROTECTED] - Existence takes is toll, extinction unfolds, The Colossus falls back from its threshold -- Borknagar - Colossus
Re: Help needed on MASQUERADE
On Sun, Jun 03, 2001 at 11:39:29PM +0200, Luc MAIGNAN wrote: HI all, I have an internet connection on eth0 (10.0.0.1) and a private network connection on eth1 (192.168.0.1). I put the masquerade configuration on a kernel 2.4.4 : iptables -t nat -s 192.168.0.0/24 -o ppp0 -j MASQUERADE echo 1/proc/sys/net/ipv4/ip_forward And this gave you no error? Try: # iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE -o eth0 because an internet connection on eth0 (10.0.0.1)... Byes. A workstation on my network succeeded to ping both eth0 and eth1, but didn't succeed to go out of my network to reach the internet. Anyone can help me ? Best regards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jose Celestino [EMAIL PROTECTED] - The paradox render and the merge in complete, Nothing but the process is infinite -- Borknagar - Colossus pgpl9BlkbCEW8.pgp Description: PGP signature
Re: Help needed on MASQUERADE
On Sun, Jun 03, 2001 at 11:39:29PM +0200, Luc MAIGNAN wrote: HI all, I have an internet connection on eth0 (10.0.0.1) and a private network connection on eth1 (192.168.0.1). I put the masquerade configuration on a kernel 2.4.4 : iptables -t nat -s 192.168.0.0/24 -o ppp0 -j MASQUERADE echo 1/proc/sys/net/ipv4/ip_forward And this gave you no error? Try: # iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE -o eth0 because an internet connection on eth0 (10.0.0.1)... Byes. A workstation on my network succeeded to ping both eth0 and eth1, but didn't succeed to go out of my network to reach the internet. Anyone can help me ? Best regards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Jose Celestino [EMAIL PROTECTED] - The paradox render and the merge in complete, Nothing but the process is infinite -- Borknagar - Colossus PGP signature
