Tcpwrappers
Thanks for the suggestion to read about tcpwrappers. I have also read the Security Quick-start howto and found it useful. One problem I am still coming to grips with is email. I am running qmail out of xinetd and using tcp-env for the smtp service. I tried putting the qmail daemons into hosts.allow (ie: qmail-smtpd: ALL), and then ALL:ALL in hosts.deny, but it denied access to all incoming emails. At the moment, I have ALL: PARANOID set in hosts.deny, but this won't allow some incoming emails and gives an error on the line where I have the line .domain.com.au set in hosts.allow, where ns.domain.com.au is our nameserver. Anyone know how I let all emails to our domain through, whether or not I can do a lookup on them? I know that our DNS works fine as I get the same error using a machine at home from a different ISP and different DNS server. I am assuming that hosts that fall into the PARANOID category must not have their DNS files setup right, or they may not be legitimate users. I suppose the other option is to try and run qmail using daemontools and uspci as the qmail manuals and life with qmail suggests. Thanks Rob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Tcpwrappers
Thanks for the suggestion to read about tcpwrappers. I have also read the Security Quick-start howto and found it useful. One problem I am still coming to grips with is email. I am running qmail out of xinetd and using tcp-env for the smtp service. I tried putting the qmail daemons into hosts.allow (ie: qmail-smtpd: ALL), and then ALL:ALL in hosts.deny, but it denied access to all incoming emails. At the moment, I have ALL: PARANOID set in hosts.deny, but this won't allow some incoming emails and gives an error on the line where I have the line .domain.com.au set in hosts.allow, where ns.domain.com.au is our nameserver. Anyone know how I let all emails to our domain through, whether or not I can do a lookup on them? I know that our DNS works fine as I get the same error using a machine at home from a different ISP and different DNS server. I am assuming that hosts that fall into the PARANOID category must not have their DNS files setup right, or they may not be legitimate users. I suppose the other option is to try and run qmail using daemontools and uspci as the qmail manuals and life with qmail suggests. Thanks Rob
host DNS
Hi, I am trying to understand how the hosts.allow and hosts.deny files work as well as DNS. So far, I have a nameserver, but kept getting an error: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname (gomez.star.cd) failed I finally figured out that something was wrong as one of this ISP's user complained that they couldn't send an email to my mailserver (which is the nameserver as well). I did a host lookup and got the following: host 203.36.43.17 Name: gomez.star.cd Address: 203.36.43.17 then later: host gomez.star.cd gomez.star.cd does not exist, try again Why would cause this to fail? When I put ALL: 203. in the /etc/hosts.allow file and commented out the ALL: PARANOID in the /etc/hosts.deny file, it then allowed access to my mailserver. Incidentally, I did try to dig the address and hostname and it did work fine. I am using qmail as the mailserver, but know that it uses your DNS to resolve hostnames instead of /etc/resolv.conf. Also, I am using xinetd as well for mail and other services. Is there anywhere that tells you how these files actually work and what's the best way of making sure the system is reasonably secure without barring out legitimate servers? For example, I tried to do the following, but it didn't work. The man pages didn't really shed much light on this. in the /etc/hosts.allow file: ALL: ALL in the /etc/hosts.deny file: in.telnetd: ALL EXECEPT 192.168.1. I expected that you wouldn't be able to telnet to the machine unless you had the address 192.168.1.XXX, but I could still do it for some reason. In the /etc/hosts.allow file, I previously had ALL: .mydomain.com.au, and in the /etc/hosts.deny I had ALL:PARANOID, but this seemed to bounce everyone in the above category, which annoyed some of our users. I thought that the DNS server (bind) handled all these requests and that the host files didn't matter much, until I saw what was happening. Rob... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
host DNS
Hi, I am trying to understand how the hosts.allow and hosts.deny files work as well as DNS. So far, I have a nameserver, but kept getting an error: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname (gomez.star.cd) failed I finally figured out that something was wrong as one of this ISP's user complained that they couldn't send an email to my mailserver (which is the nameserver as well). I did a host lookup and got the following: host 203.36.43.17 Name: gomez.star.cd Address: 203.36.43.17 then later: host gomez.star.cd gomez.star.cd does not exist, try again Why would cause this to fail? When I put ALL: 203. in the /etc/hosts.allow file and commented out the ALL: PARANOID in the /etc/hosts.deny file, it then allowed access to my mailserver. Incidentally, I did try to dig the address and hostname and it did work fine. I am using qmail as the mailserver, but know that it uses your DNS to resolve hostnames instead of /etc/resolv.conf. Also, I am using xinetd as well for mail and other services. Is there anywhere that tells you how these files actually work and what's the best way of making sure the system is reasonably secure without barring out legitimate servers? For example, I tried to do the following, but it didn't work. The man pages didn't really shed much light on this. in the /etc/hosts.allow file: ALL: ALL in the /etc/hosts.deny file: in.telnetd: ALL EXECEPT 192.168.1. I expected that you wouldn't be able to telnet to the machine unless you had the address 192.168.1.XXX, but I could still do it for some reason. In the /etc/hosts.allow file, I previously had ALL: .mydomain.com.au, and in the /etc/hosts.deny I had ALL:PARANOID, but this seemed to bounce everyone in the above category, which annoyed some of our users. I thought that the DNS server (bind) handled all these requests and that the host files didn't matter much, until I saw what was happening. Rob...
FW: Funny kernel antics
Good to know someone else saw the problem...I thought I was going crazy! :-) I will try a lower version of the kernel... I managed to get this from the logs: (don't know if this helps anyone to see the problem :) Rob... Aug 31 16:01:42 ns kernel: Unable to handle kernel NULL pointer dereference at virtual address 0 Aug 31 16:01:42 ns kernel: current-tss.cr3 = 00a3, %%cr3 = 00a3 Aug 31 16:01:42 ns kernel: *pde = 0 Aug 31 16:01:42 ns kernel: Oops: Aug 31 16:01:42 ns kernel: CPU: 0 Aug 31 16:01:42 ns kernel: EIP: 0010:[0] Aug 31 16:01:42 ns kernel: EFLAGS: 00010282 Aug 31 16:01:42 ns kernel: eax: 0 ebx: c10ae228 ecx: c064bad0 edx: c0c27f4 0 Aug 31 16:01:42 ns kernel: esi: c0e1ff38 edi: c0e1ff28 ebp: c0dcc000 esp: c0e1fef8 Aug 31 16:01:42 ns kernel: ds: 0018 es: 0018 ss: 0018 Aug 31 16:01:42 ns kernel: Process apache (pid: 4693, process nr: 91, stackpage= c0e1f000) Aug 31 16:01:42 ns kernel: Stack: 0 c0b2b840 080a675c bc3c bbbc c0131962 0 0 Aug 31 16:01:42 ns kernel: 07 bc3c bb7c 0 01 00 0 0 Aug 31 16:01:42 ns kernel: 0 0 0 0 0 c0c30620 1255 c0e1ff50 Aug 31 16:01:42 ns kernel: Call Trace: [fcntl_setlk+358/376] [sys_fcntl+772/984] [sys_socketcall+176/484] [system_call+52/56]\210F^G\211v^L\215V^P\215N^L\211\xf 3\xb0^K\xcd\200\xb0^A\xcd\200\xe8\177\xff\xff\xff Aug 31 16:01:42 ns kernel: Code: Bad EIP value. - Anyone know what causes this or seen this happen before? I have no idea why but I did have this happen to me running 2.2.19. Same exact symptoms. Only thing unusual was that I had patched the kernel to support an AACraid controller and made some modifications to run Oracle. At the time I was using 2.2.19 on 5 or 6 other boxen without problems. I was rushed for a solution, so I simply fell back to an older kernel without investigation. I'm sure this was completely un-helpful. Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
FW: Webalizer
On Tue, 28 Aug 2001, Craig wrote: only thing is its version 1.30 whereas if you download the source its 2.01 Martin then wrote: Ah -- OK. Thanks for clueing me in -- I hadn't realised. Is the difference worth it? (I.e. what can't-possibly-do-without goodies am I going to get that will persuade me to roll my own before = v2.01 makes it into testing?) I'm hoping it will help me...my webalizer gets an error about strings being too long. Rob... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Funny kernel antics
Hi! On my Internet server (running potato and kernel 2.2.19pre), I got a funny thing happening. The kernel started to spit out errors on the console. I can't reproduce them, but they are the CPU dump of registers that you get when unix normally crashes and then halts the machine. I kept getting this dump, then I tried to shut down the machine, but couldn't. It was dumping on qmail and apache processes and just causing havoc, although I could still ping the outside world. I had to press the reset button to get out of this situation. Luckily the machine came up ok. Some symptoms include: (a) I can't log in properly in the first console screen, but after Alt-F2 to the second screen, I can get in ok (b) I have had the machine hang with the screen being blank..had to press reset...this happens once every two weeks. Logs don't show up any errors. I had upgraded from the bo distribution to potato and suspect it must have been something done during the upgrade, as I updated heaps of packages. Previously, running on bo was very stable..hardly had a crash at all Anyone know what causes this or seen this happen before? I will probably install a fresh copy of potato on another hard disk and do the config again, just as a backup :-) Rob... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
FW: roaming with qmail and smtp-poplock
Try subscribing to the qmail mailing list at [EMAIL PROTECTED] They get heaps of mail, but someone should be able to help you there or point you in the right direction. Some other links you could try is: http://www.qmail.org/ http://cr.yp.to/qmail.html Cheers Rob -Original Message- From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, 21 August 2001 3:14 AM To: lista debian-isp Subject:roaming with qmail and smtp-poplock Hello. I'm in the need of implement roaming usage of a qmail server. I've been looking in qmail site and found smtp-poplock as the best tool for me ( http://www.davideous.com/smtp-poplock/ ), in a first, documental, evaluation. ?Any suggestion, tip, advice...? -- He pedido drivers para Linux. No 00073030: http://www.libralinux.com/petition.spanish.html Jose Esteban Granada. Spain. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: your mail
I know the feelingI came from the qmail mailing list and there isn't any message appended to the bottom of the email messages. I had to go to their website to figure it out again after doing that trick. I stopped looking at debian-user as I got something of the order of 100 - 300 messages per day...Don't get much time to read them these days :-) Sometimes I prefer newsgroups as I can filter through the volume of messages without trashing all the ones I don't have time to read. Cheers Rob.. -Original Message- From: Thomas Fini Hansen [SMTP:[EMAIL PROTECTED]] Sent: Saturday, 18 August 2001 11:20 AM To: [EMAIL PROTECTED] Subject:Re: your mail On Sat, Aug 18, 2001 at 10:37:58AM +1000, [EMAIL PROTECTED] wrote: unsubscribe Amazing, I came directly from exim-users where someone else did the exact same thing and in consequence was being ridiculed. One thing is to be told to RTFM, but when people will ignore error messages (It doesn't work! What do you mean 'error message'?), don't read dialog boxes ('OK to wipe your entire hardrive?' *click*), or read what's appended to every damn message from a mailinglist, what can you do? I'll get my coat... --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Qmail errors
Currently I am having a problem with qmail. Our users are getting the following error when sending mail via SMTP: "No transport provider was available for delivery to this recipient" The client they are using is Microsoft Outlook. I can send via Outlook express, and it works fine on my machine. I check the qmail logs, but cannot find any bounce message. The error bounces back to the user with systems administrator as the user. With Microsoft Outlook, internet email is enabled as well as Microsoft Mail (the old win3.11 pop system) for internal mail. Any ideas? I am running a debian 1.3 server with qmail being v1.02. Thanks Rob..
Qmail errors
Currently I am having a problem with qmail. Our users are getting the following error when sending mail via SMTP: "No transport provider was available for delivery to this recipient" The client they are using is Microsoft Outlook. I can send via Outlook express, and it works fine on my machine. I check the qmail logs, but cannot find any bounce message. The error bounces back to the user with systems administrator as the user. With Microsoft Outlook, internet email is enabled as well as Microsoft Mail (the old win3.11 pop system) for internal mail. Any ideas? I am running a debian 1.3 server with qmail being v1.02. Thanks Rob..
Strange message in logs
Hi! I get the following error messages in my log: Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 Apr 9 06:56:54 ns tcp-env[17346]: connect from murphy.debian.org Apr 9 06:58:38 ns tcp-env[17364]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed Apr 9 06:58:38 ns tcp-env[17364]: refused connect from 209.140.0.114 Is this because my hosts.deny file is set to ALL: PARANOID (this is the only line apart from comments and is line 9) My hosts.allow has the following in line 11: ALL: .mydomain.com.au Is there a way to fix this, as I am assuming that the machine that is denied access cannot access my server to browse a web page or send e-mail. This message seems to crop up when someone tries to send email mainly. I am running Debian 1.3 (but some parts are Hamm (eg: libraries are lib.so.6), apache and qmail. Rob...
Re: Front Page Extensions :-(
Hi! Are there any security issues with Frontpage Extensions for 98 or 2000 in Debian? Also, what are the alternatives for simple cgi scripts? Cheers! Rob.. --- [EMAIL PROTECTED] ---
Potato and Modem
Hi! You could try connecting at a lower speed, say 56K or 38K and see if this works. Rob... Hello I have probem with Potato and modem. I had Slink and everything was great. Then I made upgrade to Potato and my modem dont work. Problem is after connect. Under minicom everything seems to be ok, I can send AT command and I have response. But when I am tring to connect I recive trash. On the screen is Connect and speed and then strange signs, there should be login prompt from the Unix machine. When I reboot to windows on the same machine and teh same modem everything is ok I can connect. Answering modem is US Robotisc Flash and dialing modem is US Rbotics K56. I tried with Lucent MAX 6000 but it was the same under win works, under Potado dont. So there is no hardware problem I think that setserial set samthing strange hades:~# setserial -a /dev/ttyS0 /dev/ttyS0, Line 0, UART: 16550A, Port: 0x03f8, IRQ: 4 Baud_base: 115200, close_delay: 50, divisor: 0 closing_wait: 3000 Flags: spd_vhi skip_test I swithed setserial from slink but it wasen it. I tested under 2.2.14 2.3.48 2.2.13 self made and from the debian install Linux hades 2.2.14 #1 Wed Mar 22 17:54:03 EST 2000 i686 unknown What is wrong, do you have the same probelm ? Please help. - Marcin user Jakubowski [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]