RE:SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON)
Heh, what's funny is that SpamAssassin tagged this message you sent as spam and sent it to my spam folder. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bryan Andersen Sent: Thursday, January 24, 2002 7:04 PM To: [EMAIL PROTECTED] Subject: *SPAM* SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON) [snip] My ISP uses SpamAssassin and it works quite nicely. Not perfectly, but well enough that I like it. It's filtered out about 8M bytes of spam in the past 16 days. SpamAssassin puts some new headers into the message that tell it's spam status. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE:SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON)
Heh, what's funny is that SpamAssassin tagged this message you sent as spam and sent it to my spam folder. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bryan Andersen Sent: Thursday, January 24, 2002 7:04 PM To: debian-security@lists.debian.org Subject: *SPAM* SpamAssassin (Was Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON) [snip] My ISP uses SpamAssassin and it works quite nicely. Not perfectly, but well enough that I like it. It's filtered out about 8M bytes of spam in the past 16 days. SpamAssassin puts some new headers into the message that tell it's spam status.
RE: Debian security being trashed in Linux Today comments
It renders fine in IE. :) The binary data is, I presume, the two files that Javier attached, as stated in the message: quote I adjoint some data: - a Gnumeric spreadsheet with all the information - a PNG graphic with this year's distribution of time-to-fix (in days) made by gnuplot with the previous data /quote j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Lupe Christoph [mailto:[EMAIL PROTECTED]] Sent: Monday, January 14, 2002 12:17 PM To: Javier Fernández-Sanguino Peña Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Debian security being trashed in Linux Today comments On Monday, 2002-01-14 at 15:12:48 +0100, Javier Fernández-Sanguino Peña wrote: On Mon, Jan 14, 2002 at 01:15:16PM +0100, Wichert Akkerman wrote: Previously Adam Warner wrote: Someone with better knowledge of all the facts might want to comment on the claim that Debian is always the last to fix security holes and the tag team follow up I've been fighting for months now to try to convince them to release an advisory or fix for ftpd... Someone should point them to Javier's analysis of security response times.. Thanks' I was about to say so... BTW pointer is: http://lists.debian.org/debian-security/2001/debian-security-200112/msg0 0257.html I'm going to add this to the info available in the Debian Security Manual seems to be a FAQ I hope you provide a cleaned-up version. .../msg00257.html is full of binary crap. And the link .../bin0.bin could be stored as the PNG file it is supposed to be. The way it is now, I get a MIME-type of application/octet-stream, which Mozilla won't display. Maybe you can put the text, the spreadsheet, and the graph on a website? Archive maintainers, what happens to attachments like those in the mentioned mail? I don't keep debian-security mails around, so I can't see what MIME-type the attachments had. The binary crap must be the spreadsheet which has been inlined. Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Debian security being trashed in Linux Today comments
It renders fine in IE. :) The binary data is, I presume, the two files that Javier attached, as stated in the message: quote I adjoint some data: - a Gnumeric spreadsheet with all the information - a PNG graphic with this year's distribution of time-to-fix (in days) made by gnuplot with the previous data /quote j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Lupe Christoph [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2002 12:17 PM To: Javier Fernández-Sanguino Peña Cc: debian-security@lists.debian.org; [EMAIL PROTECTED] Subject: Re: Debian security being trashed in Linux Today comments On Monday, 2002-01-14 at 15:12:48 +0100, Javier Fernández-Sanguino Peña wrote: On Mon, Jan 14, 2002 at 01:15:16PM +0100, Wichert Akkerman wrote: Previously Adam Warner wrote: Someone with better knowledge of all the facts might want to comment on the claim that Debian is always the last to fix security holes and the tag team follow up I've been fighting for months now to try to convince them to release an advisory or fix for ftpd... Someone should point them to Javier's analysis of security response times.. Thanks' I was about to say so... BTW pointer is: http://lists.debian.org/debian-security/2001/debian-security-200112/msg0 0257.html I'm going to add this to the info available in the Debian Security Manual seems to be a FAQ I hope you provide a cleaned-up version. .../msg00257.html is full of binary crap. And the link .../bin0.bin could be stored as the PNG file it is supposed to be. The way it is now, I get a MIME-type of application/octet-stream, which Mozilla won't display. Maybe you can put the text, the spreadsheet, and the graph on a website? Archive maintainers, what happens to attachments like those in the mentioned mail? I don't keep debian-security mails around, so I can't see what MIME-type the attachments had. The binary crap must be the spreadsheet which has been inlined. Lupe Christoph -- | [EMAIL PROTECTED] |http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: sshd sending packets outside lan during local connection
Turn BIND's query logging on and see what it's trying to lookup. You can do this from the shell (as root) by entering ndc querylog. Then take a look at your log files and see exactly what it's doing. As someone pointed out, I would also guess that it's attempting to perform lookups on the IP that you're connecting from. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Jeff Stevens [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 13, 2002 10:27 PM To: [EMAIL PROTECTED] Subject: sshd sending packets outside lan during local connection I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for a local network. It has 2 nic cards, one with an internal ip and one with an external ip. When I ssh locally (to the internal ip)to this firewall it sends out packets to my ISP. If I unplug the external ip nic before entering the password then the connection pauses for about a minute before connecting. I am no expert as I have just started using Debian, but it seems like the password is being sniffed. I'm not exactly sure what the tcpdump output shows (ATTACHED with route info) but it seems to be doing a domain name look up (but I could be wrong). I have no idea why it would have to do a domain look-up because I connect via ip address (ssh [EMAIL PROTECTED]) which is inside the local network. Earlier I made the mistake of offering bind publicly. I recently changed this but I don't know if I was compromised during the time it was public. I am hoping this is just a misconfiguration problem. Any suggestions would be greatly appreciated. Thanks in advance. --Jeff Debian user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: sshd sending packets outside lan during local connection
Turn BIND's query logging on and see what it's trying to lookup. You can do this from the shell (as root) by entering ndc querylog. Then take a look at your log files and see exactly what it's doing. As someone pointed out, I would also guess that it's attempting to perform lookups on the IP that you're connecting from. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Jeff Stevens [mailto:[EMAIL PROTECTED] Sent: Sunday, January 13, 2002 10:27 PM To: debian-security@lists.debian.org Subject: sshd sending packets outside lan during local connection I am using Debian Potato 2.2.19ide-pci and running openssh (3.0.2p1) and bind (version: 1:8.2.3-0.potato.1). It is also being used as a firewall for a local network. It has 2 nic cards, one with an internal ip and one with an external ip. When I ssh locally (to the internal ip)to this firewall it sends out packets to my ISP. If I unplug the external ip nic before entering the password then the connection pauses for about a minute before connecting. I am no expert as I have just started using Debian, but it seems like the password is being sniffed. I'm not exactly sure what the tcpdump output shows (ATTACHED with route info) but it seems to be doing a domain name look up (but I could be wrong). I have no idea why it would have to do a domain look-up because I connect via ip address (ssh [EMAIL PROTECTED]) which is inside the local network. Earlier I made the mistake of offering bind publicly. I recently changed this but I don't know if I was compromised during the time it was public. I am hoping this is just a misconfiguration problem. Any suggestions would be greatly appreciated. Thanks in advance. --Jeff Debian user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
RE: configuring Checksecurity to email reports to root
I've never used checksecurity, but I assume any reports it creates will be sent to root. Assuming you have root aliased to a regular user account, that's where the reports will end up. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Stefan Srdic [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 12, 2002 5:59 AM To: Stephen Gran; [EMAIL PROTECTED] Subject: Re: configuring Checksecurity to email reports to root On January 12, 2002 02:28 pm, Stephen Gran wrote: Thus spake Stefan Srdic: Hi, I was going through the Securing Debian HOW-TO and noticed the section on setuid check (4.11). I would like for the checksecurity script to email root of any changes to the system. Will this work if I have exim installed? Currently, exim forwards all mail from root to my day-to-day user. I would like to be able to read any information that this script would have for me through kmail :D Has anybody set this up? Stef I'm fairly sure this is handled by /etc/aliases for exim. I have lines like: postmaster: root root: steve #Steve being my ordinary account, obviously and it works great. I think this is part of eximconfig, although I don't remember exactly. HTH, Steve You might have misunderstood me, my question was, will the checksecurity script that runs from cron e-mail it's report to root if I have exim installed? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: configuring Checksecurity to email reports to root
I've never used checksecurity, but I assume any reports it creates will be sent to root. Assuming you have root aliased to a regular user account, that's where the reports will end up. j. -- Jeremy L. Gaddis [EMAIL PROTECTED] -Original Message- From: Stefan Srdic [mailto:[EMAIL PROTECTED] Sent: Saturday, January 12, 2002 5:59 AM To: Stephen Gran; debian-security@lists.debian.org Subject: Re: configuring Checksecurity to email reports to root On January 12, 2002 02:28 pm, Stephen Gran wrote: Thus spake Stefan Srdic: Hi, I was going through the Securing Debian HOW-TO and noticed the section on setuid check (4.11). I would like for the checksecurity script to email root of any changes to the system. Will this work if I have exim installed? Currently, exim forwards all mail from root to my day-to-day user. I would like to be able to read any information that this script would have for me through kmail :D Has anybody set this up? Stef I'm fairly sure this is handled by /etc/aliases for exim. I have lines like: postmaster: root root: steve #Steve being my ordinary account, obviously and it works great. I think this is part of eximconfig, although I don't remember exactly. HTH, Steve You might have misunderstood me, my question was, will the checksecurity script that runs from cron e-mail it's report to root if I have exim installed? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]