Re: [SRM] clamav 0.94.x EOL
On Wed, 07 Oct 2009 at 14:47:21 +0800, Paul Wise wrote: Just in case the stable release managers what to do something about it and don't know about this yet, clamav upstream are taking some interesting measures to encourage people to upgrade from the now EOLed 0.94.x series. The mail isn't fully clear, but it seems that clamav 0.94.x will not work at all from April 15th 2010 and will not recieve signature updates from May 2010, so I guess removal from stable/oldstable is in order as well as an announcement of some sort (DSA perhaps?). http://lurker.clamav.net/message/20091006.143601.d27bbd20.en.html Sorry, it may seem a little harsh, but the reason is that unless the majority of ClamAV users upgrade to = 0.95.x, old freshclams will put an excessive load on ClamAV database mirrors and that will harm *all* of ClamAV users, not only the ones running old versions. Best regards -- Tomasz Papszun | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: [SRM] clamav 0.94.x EOL
On Thu, 08 Oct 2009 at 13:09:02 +0200, Bastian Blank wrote: On Thu, Oct 08, 2009 at 12:25:51PM +0200, Tomasz Papszun wrote: Sorry, it may seem a little harsh, Why? Well, from the Paul's message I had an impression he felt so :-). but the reason is that unless the majority of ClamAV users upgrade to = 0.95.x, old freshclams will put an excessive load on ClamAV database mirrors and that will harm *all* of ClamAV users, not only the ones running old versions. And a _targeted_ fix is not possible? Bastian 0.94.x is no longer officially supported, however you can fix the problem on your own in Debian and update the internal functionality counter to mimic 0.95. Such versions will still be working after 15 April 2010. HTH -- Tomasz Papszun | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: first A record of security.debian.org extremely slow
On Mon, 06 Mar 2006 at 10:49:45 +, paddy wrote: On Fri, Mar 03, 2006 at 04:55:23PM +0100, Javier Fernández-Sanguino Pe?a wrote: I don't believe it does. Cron-apt is a pull mechanism (download the latest packages, check if there are upgrades and notify the admin). A mail filter which parses the DSAs and tells people to update is a push mechanism. Notice that in the later (push) you could have somebody review if the update is critical enough, or only tell systems to upgrade once the patch has been tested internally. That seems easier to me than, in the pull system, set up an intermediate mirror of security.debian.org with *approved* updates, have the systems update automatically and have a sysadmin move the updates from the official mirror over to that internal mirror based on whether the update is critical or not. Also, in my mind's view, a push mechanism is bound to be more effective than probing the security mirror daily and could also be capable of narrowing the time between patch release and installation (if automated) since you don't have to wait for a given point in time to make the check. Perhaps freshclam's dns based mechanism may also be of interest as a point of comparison ? (I'm sorry I'm not able to describe it in detail off the top of my head, but the paralell seems obvious) In case it's of any help, there's some documentation on how ClamAV mirrors are set - at http://www.clamav.net/doc/mirrors/ . HTH -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [sowood.co.uk #1151] Re: [sowood.co.uk #1150] AutoReply: [SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
On Wed, 02 Feb 2005 at 17:55:32 +0100, Giacomo Mulas wrote: On Wed, 2 Feb 2005, Tomasz Papszun via RT wrote: Please stop sending automated replies to Debian mailing lists. please, next time you (rightly) complain about noise on the list, avoid quoting a few pages of said noise just to write a one-line complaint: make sure your complaint is _at least_ as long as the noise you are quoting :) take it easy... Giacomo Please note that I did NOT send that complaint to debian-security ML. It's the sowood.co.uk's ticketing system which forwarded my message without my intention (to be precise: against it!). I sent it only to abel * support.sowood.co.uk. Regarding quoting the full message: I did it on purpose because it wasn't sent by a human but by the automated system, so there is a possibility that a person who would be reviewing the case could not understand what really was posted and where. Sorry for the noise anyway. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[sowood.co.uk #1151] Re: [sowood.co.uk #1150] AutoReply: [SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
On Tue, 01 Feb 2005 at 15:20:36 +, Abel wrote: This message has been automatically generated in response to the creation of a ticket regarding: [SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities There is no need to reply to this message right now. Your ticket has been assigned an ID of [sowood.co.uk #1150]. Please include the string [sowood.co.uk #1150] in the subject line of all future correspondence about this issue. You can do this by replying to this message. Thank you, [EMAIL PROTECTED] - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 662-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze February 1st, 2005 http://www.debian.org/security/faq - -- Package: squirrelmail Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CAN-2005-0104 CAN-2005-0152 Debian Bug : 292714 Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-0104 Upstream developers noticed that an unsanitised variable could lead to cross site scripting. CAN-2005-0152 Grant Hollingworth discovered that under certain circumstances URL manipulation could lead to the execution of arbitrary code with the privileges of www-data. This problem only exists in version 1.2.6 of Squirrelmail. For the stable distribution (woody) these problems have been fixed in version 1.2.6-2. For the unstable distribution (sid) the problem that affects unstable has been fixed in version 1.4.4-1. We recommend that you upgrade your squirrelmail package. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2.dsc Size/MD5 checksum: 646 4900cffd3e5d45735f65c21476efc806 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2.diff.gz Size/MD5 checksum:21204 4614ece547701e83d640b5740bb59d51 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz Size/MD5 checksum: 1856087 be9e6be1de8d3dd818185d596b41a7f1 Architecture independent components: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-2_all.deb Size/MD5 checksum: 1840668 2d23a6986ab2862bb1acd160b5a2919c These files will probably be moved into the stable distribution on its next update. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show pkg' and http://packages.debian.org/pkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB/5XHW5ql+IAeqTIRAkpkAKCe9RF1LswG8hauggRbypCgsGxfygCeK10Z F2TH29V21YfxpuF3gCLIDxE= =KEhs -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Please stop sending automated replies to Debian mailing lists. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[sowood.co.uk #1151] Re: [sowood.co.uk #1150] AutoReply: [SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities
On Wed, 02 Feb 2005 at 17:28:53 +0100, Tomasz Papszun wrote: On Tue, 01 Feb 2005 at 15:20:36 +, Abel wrote: This message has been automatically generated in response to the creation of a ticket regarding: [SECURITY] [DSA 662-1] New squirrelmail package fixes several vulnerabilities [...] Please stop sending automated replies to Debian mailing lists. Sorry for my unneeded remark - I have read the apology from Barney Sowood only later. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unusual spam recently
On Thu, 03 Jun 2004 at 9:42:12 -0500, David Stanaway wrote: Has anyone else been receiving unusual spam recently which contains no content? Yes. Is this some spam engine checking MTAs to see if the addresses are accepted? It also wonders me. Quite possible. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Unusual spam recently
On Thu, 03 Jun 2004 at 9:42:12 -0500, David Stanaway wrote: Has anyone else been receiving unusual spam recently which contains no content? Yes. Is this some spam engine checking MTAs to see if the addresses are accepted? It also wonders me. Quite possible. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/iso/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
Re: Debian servers hacked?
On Fri, 21 Nov 2003 at 12:38:50 +0100, Thomas Sjögren wrote: Anyone to shed some light over this? Someone has cracked all the servers of the Debian Project. There has been a severe security mishap and guys should uninstall all stuff downloaded and installed in the past 2 days. Please do not apt-get anything right now! Please wait till an `official' release happens! http://article.gmane.org/gmane.linux.debian.user/117910 Server security mishap - you think?! This is exaggerated. I'm forwarding the official announcement from debian-announce mailing list: = Date: Fri, 21 Nov 2003 11:46:19 +0100 From: Martin Schulze [EMAIL PROTECTED] To: Debian Announcements [EMAIL PROTECTED] Subject: Some Debian Project machines have been compromised Message-ID: [EMAIL PROTECTED] The Debian Projecthttp://www.debian.org/ Some Debian Project machines compromised[EMAIL PROTECTED] November 21st, 2003 Some Debian Project machines have been compromised This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: . master (Bug Tracking System) . murphy (mailing lists) . gluck (web, cvs) . klecker (security, non-us, web search, www-master) Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it will become available again. Please note that we have recently prepared a new point release for Debian GNU/Linux 3.0 (woody), release 3.0r2. While it has not been announced yet, it has been pushed to our mirrors already. The announcement was scheduled for this morning but had to be postponed. This update has now been checked and it is not affected by the compromise. We apologise for the disruptions of some services over the next few days. We are working on restoring the services and verifying the content of our archives. Contact Information --- For further information, please visit the Debian web pages at http://www.debian.org/ or contact [EMAIL PROTECTED]. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] = -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian servers hacked?
On Fri, 21 Nov 2003 at 12:38:50 +0100, Thomas Sjögren wrote: Anyone to shed some light over this? Someone has cracked all the servers of the Debian Project. There has been a severe security mishap and guys should uninstall all stuff downloaded and installed in the past 2 days. Please do not apt-get anything right now! Please wait till an `official' release happens! http://article.gmane.org/gmane.linux.debian.user/117910 Server security mishap - you think?! This is exaggerated. I'm forwarding the official announcement from debian-announce mailing list: = Date: Fri, 21 Nov 2003 11:46:19 +0100 From: Martin Schulze [EMAIL PROTECTED] To: Debian Announcements debian-announce@lists.debian.org Subject: Some Debian Project machines have been compromised Message-ID: [EMAIL PROTECTED] The Debian Projecthttp://www.debian.org/ Some Debian Project machines compromised[EMAIL PROTECTED] November 21st, 2003 Some Debian Project machines have been compromised This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: . master (Bug Tracking System) . murphy (mailing lists) . gluck (web, cvs) . klecker (security, non-us, web search, www-master) Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it will become available again. Please note that we have recently prepared a new point release for Debian GNU/Linux 3.0 (woody), release 3.0r2. While it has not been announced yet, it has been pushed to our mirrors already. The announcement was scheduled for this morning but had to be postponed. This update has now been checked and it is not affected by the compromise. We apologise for the disruptions of some services over the next few days. We are working on restoring the services and verifying the content of our archives. Contact Information --- For further information, please visit the Debian web pages at http://www.debian.org/ or contact [EMAIL PROTECTED]. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] = -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner
Re: MS BS + Sorting out the virii
On Thu, 25 Sep 2003 at 08:43:46 +0200, Dariush Pietrzak wrote: ClamAV is supported in Debian and it's very well integrated with amavisd-new (which, in turn, can be used also with spamassassin). Yes, but where can I find clamav for woody? Sid's package depends on whole lot of sid stuff, so recompiling it on woody requires significant effort. Data from apt-get.org suggests that www.debian.org/~aurel32/BACKPORTS would be the best source, is that correct? people.debian.org/~aurel32/BACKPORTS/ The line for /etc/apt/sources.list is: deb http://people.debian.org/~aurel32/BACKPORTS woody main Aurelien Jarno makes the backports quickly. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MS BS + Sorting out the virii
On Wed, 24 Sep 2003 at 1:54:42 +0200, Thomas Ritter wrote: Just a note: Open Antivirus programs like clamav are not perfect, because the open virus database [1] is still too small... but for _sorting_ mail, clamav (it's in sid) is really good. It gives you [...] [1] http://www.openantivirus.org/ Sorry but I must say that this is an incorrect claim. Only in the very beginning, ClamAV had used just openantivirus.org's database. openantivirus.org hasn't been updated for months now. Currently ClamAV's own database is quite big and is updated even a couple of times a day if needed. It's quite good at new viruses caught in the wild, e.g. we had the signature for Gibe.F (alias Swen) at the same day that the virus appeared. Older viruses are gradually added to the database. Everyone is encouraged to submit samples of viruses unknown for ClamAV ( http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi ). It's a GPLed project and each of us can benefit of it, so developing it (among others by submitting samples of new viruses) is a Good Thing. ClamAV is supported in Debian and it's very well integrated with amavisd-new (which, in turn, can be used also with spamassassin). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MS BS + Sorting out the virii
On Wed, 24 Sep 2003 at 1:54:42 +0200, Thomas Ritter wrote: Just a note: Open Antivirus programs like clamav are not perfect, because the open virus database [1] is still too small... but for _sorting_ mail, clamav (it's in sid) is really good. It gives you [...] [1] http://www.openantivirus.org/ Sorry but I must say that this is an incorrect claim. Only in the very beginning, ClamAV had used just openantivirus.org's database. openantivirus.org hasn't been updated for months now. Currently ClamAV's own database is quite big and is updated even a couple of times a day if needed. It's quite good at new viruses caught in the wild, e.g. we had the signature for Gibe.F (alias Swen) at the same day that the virus appeared. Older viruses are gradually added to the database. Everyone is encouraged to submit samples of viruses unknown for ClamAV ( http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi ). It's a GPLed project and each of us can benefit of it, so developing it (among others by submitting samples of new viruses) is a Good Thing. ClamAV is supported in Debian and it's very well integrated with amavisd-new (which, in turn, can be used also with spamassassin). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: MS BS + Sorting out the virii
[ I'm resending it because yesterday try didn't appear on the list. Thomas Ritter has already answered to the copy which I sent directly to him. ] On Wed, 24 Sep 2003 at 1:54:42 +0200, Thomas Ritter wrote: Just a note: Open Antivirus programs like clamav are not perfect, because the open virus database [1] is still too small... but for _sorting_ mail, clamav (it's in sid) is really good. It gives you [...] [1] http://www.openantivirus.org/ Sorry but I must say that this is an incorrect claim. Only in the very beginning, ClamAV had used just openantivirus.org's database. openantivirus.org hasn't been updated for months now. Currently ClamAV's own database is quite big and is updated even a couple of times a day if needed. It's quite good at new viruses caught in the wild, e.g. we had the signature for Gibe.F (alias Swen) at the same day that the virus appeared. Older viruses are gradually added to the database. Everyone is encouraged to submit samples of viruses unknown for ClamAV ( http://clamav.sourceforge.net/cgi-bin/sendvirus.cgi ). It's a GPLed project and each of us can benefit of it, so developing it (among others by submitting samples of new viruses) is a Good Thing. ClamAV is supported in Debian and it's very well integrated with amavisd-new (which, in turn, can be used also with spamassassin). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing users to use sasl on postfix
On Tue, 02 Sep 2003 at 18:43:28 -0300, Leandro Rodrigo Saad Cruz wrote: Hi all. Let me know if I'm on the wrong list. Probably yes. I suggest the postfix-users mailing list. I want all users that send email on my smtp gateway to use sasl authentication. Here is my main.cf main.cf ... broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_recipient_restriction = permit_sasl_authenticated, reject ... /main.cf and I set up /etc/postfix/sasl/smtpd.conf to use pam with pwcheck_method: pam. But I still can send email from my local network. Any thing I have missed ?? Any packages ? Probably wrong config. Local network you said... Maybe you've got permit_mynetworks somewhere in the config and mynetworks parameter too wide. Oh, remember to always show the result of 'postconf -n' when asking at the postfix-users list. HTH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Forcing users to use sasl on postfix
On Tue, 02 Sep 2003 at 18:43:28 -0300, Leandro Rodrigo Saad Cruz wrote: Hi all. Let me know if I'm on the wrong list. Probably yes. I suggest the postfix-users mailing list. I want all users that send email on my smtp gateway to use sasl authentication. Here is my main.cf main.cf ... broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_recipient_restriction = permit_sasl_authenticated, reject ... /main.cf and I set up /etc/postfix/sasl/smtpd.conf to use pam with pwcheck_method: pam. But I still can send email from my local network. Any thing I have missed ?? Any packages ? Probably wrong config. Local network you said... Maybe you've got permit_mynetworks somewhere in the config and mynetworks parameter too wide. Oh, remember to always show the result of 'postconf -n' when asking at the postfix-users list. HTH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: Hi, is there any documentation on securing a postfix server readily available? I didn't find anything much at the postfix homepage, nor in the postfix-doc package. I'd be especially interested in chrooting postfix processes. In Debian, postfix is chrooted by default. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 12:59:39 +0200, Lupe Christoph wrote: Quoting Tomasz Papszun [EMAIL PROTECTED]: On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: is there any documentation on securing a postfix server readily available? I didn't find anything much at the postfix homepage, nor in the postfix-doc package. I'd be especially interested in chrooting postfix processes. In Debian, postfix is chrooted by default. Not true. A number of processes are chrooted, but not all. Please look at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix. Sure, I know it. == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # == smtp inet n - - - - smtpd #628 inet n - - - - qmqpd pickupfifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 nqmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce flush unix n - - 1000? 0 flush smtp unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp But I think that (almost?) all process that _can_ be chrooted, _are_ chrooted. How could the 'local' process deliver mail to user mailboxes if it would be chrooted?? If I'm wrong and it's possible somehow, someone may correct me of course. Sven, do you want to chroot *all* processes? Postfix is supposed to be secure out of the box I think the same :-) . (except for programming errors, as we recently saw :-( ). Even those, they were just vulnerable to DoS and bounce scans, not break-ins. So improving Postfix security should be done inside of Postfix. You may want to you the Postfix mailing list (warning: lots of traffic!) and ask there. Lupe Christoph -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: Hi, is there any documentation on securing a postfix server readily available? I didn't find anything much at the postfix homepage, nor in the postfix-doc package. I'd be especially interested in chrooting postfix processes. In Debian, postfix is chrooted by default. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 12:59:39 +0200, Lupe Christoph wrote: Quoting Tomasz Papszun [EMAIL PROTECTED]: On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: is there any documentation on securing a postfix server readily available? I didn't find anything much at the postfix homepage, nor in the postfix-doc package. I'd be especially interested in chrooting postfix processes. In Debian, postfix is chrooted by default. Not true. A number of processes are chrooted, but not all. Please look at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix. Sure, I know it. == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # == smtp inet n - - - - smtpd #628 inet n - - - - qmqpd pickupfifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 nqmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce flush unix n - - 1000? 0 flush smtp unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp But I think that (almost?) all process that _can_ be chrooted, _are_ chrooted. How could the 'local' process deliver mail to user mailboxes if it would be chrooted?? If I'm wrong and it's possible somehow, someone may correct me of course. Sven, do you want to chroot *all* processes? Postfix is supposed to be secure out of the box I think the same :-) . (except for programming errors, as we recently saw :-( ). Even those, they were just vulnerable to DoS and bounce scans, not break-ins. So improving Postfix security should be done inside of Postfix. You may want to you the Postfix mailing list (warning: lots of traffic!) and ask there. Lupe Christoph -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: postfix security configuration
On Sun, 10 Aug 2003 at 10:26:16 +, Fallen Angel wrote: my config: debian stable 3.0r1 postfix qpopper I have a small problem: my smtp after pop3 configuration works fine, no open relay possible, but the authentificated users can fake their own e-mail address. How can I stop it, so they can only use the adress which were set up for them. thx for help Konstantin If you want to prevent them from using non existing sender addresses from your domain, you can do it by creating a file (lookup table) for postmap(1), containing all allowed addresses with OK and another table containing your domainname with REJECT. If you want to prevent them from using sender addresses from other domain, it's also possible with properly prepared config. If you want to prevent them from using other (not their own) sender addresses from your domain, you must use SMTP AUTH, I'm afraid. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: postfix security configuration
On Sun, 10 Aug 2003 at 10:26:16 +, Fallen Angel wrote: my config: debian stable 3.0r1 postfix qpopper I have a small problem: my smtp after pop3 configuration works fine, no open relay possible, but the authentificated users can fake their own e-mail address. How can I stop it, so they can only use the adress which were set up for them. thx for help Konstantin If you want to prevent them from using non existing sender addresses from your domain, you can do it by creating a file (lookup table) for postmap(1), containing all allowed addresses with OK and another table containing your domainname with REJECT. If you want to prevent them from using sender addresses from other domain, it's also possible with properly prepared config. If you want to prevent them from using other (not their own) sender addresses from your domain, you must use SMTP AUTH, I'm afraid. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: OT: An Idea for an IDS
On Tue, 01 Jul 2003 at 15:13:00 -0400, Matt Zimmerman wrote: On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote: On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote: Not really a good idea. Consider what happens when someone forges the IP addresses. One can predefine trusted or other very important IP addresses which cannot be blocked. In fact, such an utility exists and is present in Debian Woody: fwlogwatch. Which ones are important? For example, one could forge packets from Everyone must decide it for himself :-) . millions of random IP addresses, popular web sites, etc. and easily DoS such a system. Sure, I am aware of cons of similar technique and I know that it's _very_ far from perfectness. I wrote the previous message only because someone wondered about creating similar utility, so I pointed to one of already existing one :-) . -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: OT: An Idea for an IDS
On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote: On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote: A daemon sits running in the background listening to a special device (/dev) or an IPC which would originate from syslog-ng. This daemon would then parse the log and look for suspicious things. If it found something suspicious it would use regular expression to grab out pertinent parts of the log (say the IP address) and act on the log accordingly (in real time) by say dropping an IPTABLE rule down on the IP address. Are there any projects out there to do this right now. If not, is this a good idea? If it is who would be a person/group that would be qualified and have the time/interest to develop it. Not really a good idea. Consider what happens when someone forges the IP addresses. One can predefine trusted or other very important IP addresses which cannot be blocked. In fact, such an utility exists and is present in Debian Woody: fwlogwatch. HTH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: OT: An Idea for an IDS
On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote: On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote: A daemon sits running in the background listening to a special device (/dev) or an IPC which would originate from syslog-ng. This daemon would then parse the log and look for suspicious things. If it found something suspicious it would use regular expression to grab out pertinent parts of the log (say the IP address) and act on the log accordingly (in real time) by say dropping an IPTABLE rule down on the IP address. Are there any projects out there to do this right now. If not, is this a good idea? If it is who would be a person/group that would be qualified and have the time/interest to develop it. Not really a good idea. Consider what happens when someone forges the IP addresses. One can predefine trusted or other very important IP addresses which cannot be blocked. In fact, such an utility exists and is present in Debian Woody: fwlogwatch. HTH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Someone scanned my ssh daemon
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote: On 16 Jun 2003 at 7:00, Halil Demirezen wrote: To be brief, I don't usually come accross that there is an exploit for only effective to debian boxes. Plus, There are lots of ways to learn what distribution you are running on your machine. telnet .com 80 and do some returns and you get the info you are running apache with php xxx support on debian box. This is not only ssh case. Well, but for e.g. php I don't see why this is necessary. Anybody wrote a doc on how to suppress unnecessary version-messages? I'd be really interested in such things ... In apache's config: ServerTokens ProductOnly ServerSignature Off -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Someone scanned my ssh daemon
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote: On 16 Jun 2003 at 7:00, Halil Demirezen wrote: To be brief, I don't usually come accross that there is an exploit for only effective to debian boxes. Plus, There are lots of ways to learn what distribution you are running on your machine. telnet .com 80 and do some returns and you get the info you are running apache with php xxx support on debian box. This is not only ssh case. Well, but for e.g. php I don't see why this is necessary. Anybody wrote a doc on how to suppress unnecessary version-messages? I'd be really interested in such things ... In apache's config: ServerTokens ProductOnly ServerSignature Off -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: antivirus scanning facility
On Fri, 07 Feb 2003 at 11:41:51 +0100, Mathieu Laurent wrote: My mail servers use exiscan with exim3 on woody. The antivirus scanner is uvscan from McAfee. Since the beginning of this week, I see that there are virus not detected by uvscan (with virus signature file up-to-date). There are a new version of uvscan on McAfee Website. This release use libstdc++.so.2.8 and the lib in debian is libstdc++.so.3.x. When I launch this new version, the program stops because the libstdc++.so.2.8 doesn't exists. My questions are: How I can install this library without break the libraries on my servers and which antivirus programs do you use to scan your mail. There are commercial solutions as McAfee uvscan, Sophos Sweep, ... Exist there antivirus free and opensource? I don't know the answer for your question on libraries. For free antivirus: there are some free antivirus programs; the most popular are ClamAV and OpenAntiVirus (they can be somehow related, I don't know the details). Check http://www.linux-sec.net/Mail/antivirus.gwif.html#AntiVirus -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: antivirus scanning facility
On Fri, 07 Feb 2003 at 11:41:51 +0100, Mathieu Laurent wrote: My mail servers use exiscan with exim3 on woody. The antivirus scanner is uvscan from McAfee. Since the beginning of this week, I see that there are virus not detected by uvscan (with virus signature file up-to-date). There are a new version of uvscan on McAfee Website. This release use libstdc++.so.2.8 and the lib in debian is libstdc++.so.3.x. When I launch this new version, the program stops because the libstdc++.so.2.8 doesn't exists. My questions are: How I can install this library without break the libraries on my servers and which antivirus programs do you use to scan your mail. There are commercial solutions as McAfee uvscan, Sophos Sweep, ... Exist there antivirus free and opensource? I don't know the answer for your question on libraries. For free antivirus: there are some free antivirus programs; the most popular are ClamAV and OpenAntiVirus (they can be somehow related, I don't know the details). Check http://www.linux-sec.net/Mail/antivirus.gwif.html#AntiVirus -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Portsentry issue/problem
On Wed, 24 Jul 2002 at 22:47:32 +, Crawford Rainwater wrote: I was experimenting with Portsentry for the first time in a while, using nmap to help scan for the open ports on a beta test box (Debian 3.0 upgraded). What I noticed beforehand, ports were closed beyond 1024 (did nmap -sU -sT IP addy). After installing Portsentry, there were about 10-20 ports open beyond that, including the bo2k and Trinod cracker ports. I removed Portsentry, ran nmap again, ports are closed. Is this a known issue with Portsentry? I have not yet reference the Portsentry site at this point, but figured that this may be a common occurance. Yes, that's the way portsentry works. It listens on some ports to detect illegal connections to them. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SMTP problem.
On Tue, 23 Jul 2002 at 10:11:31 +0200, Lars Roland Kristiansen wrote: On Tue, 23 Jul 2002, Vineet Kumar wrote: [...] This doesn't look particularly harmful, but if it is the unknown part that is scaring you, try adding an entry for 192.168.2.1 in /etc/hosts. Other than that, it just looks like that host is making an smtp connection and then later disconnecting. This will happen each time it relays a message through you, and is nothing to be alarmed about (unless you don't intend to be accepting mail from this host, but as I understood your setup, that's exactly what you intend to be doing). Well maby you are right it is only a littel strange that when it ralays a mail it says somthing like this. Jul 23 10:10:12 mail postfix/cleanup[7634]: 1B8CC43C024: message-id=[EMAIL PROTECTED] Jul 23 10:10:12 mail postfix/qmgr[284]: 1B8CC43C024: from=[EMAIL PROTECTED], size=794, nrcpt=1 (queue active) Jul 23 10:10:12 mail postfix/smtpd[7633]: disconnect from unknown[192.168.2.1] Jul 23 10:10:13 mail postfix/smtp[7636]: 1B8CC43C024: to=[EMAIL PROTECTED], relay=imf.math.ku.dk[130.225.103.32], delay=1, status=sent (250 2.0.0 g6N89Qx26308 Message accepted for delivery) So if this is when it is duing somthing what is the rest and is there a way to track it down. If I understand you correctly, you wonder what goes on when this host connects and later disconnects _without_ sending anything. You can have more details in log about this host's activity if you add to main.cf: debug_peer_list = 192.168.2.1 and possibly: debug_peer_level = 2 (or maybe bigger number - I don't know what range of numbers is accepted by this parameter). Hope it helps -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Generating Mail passwords
On Fri, 24 May 2002 at 15:04:50 +0200, Lars Roland Kristiansen wrote: [...] I have 200 users and whant some new more secure passwords (not to long though). Is there a simple way to generate secure passwords so i can use them with adduser pwgen, makepasswd, apg (since Woody). [ 11 lines deleted ] You could shorten your .sig. It should not exceed 4-5 lines. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Generating Mail passwords
On Fri, 24 May 2002 at 15:04:50 +0200, Lars Roland Kristiansen wrote: [...] I have 200 users and whant some new more secure passwords (not to long though). Is there a simple way to generate secure passwords so i can use them with adduser pwgen, makepasswd, apg (since Woody). [ 11 lines deleted ] You could shorten your .sig. It should not exceed 4-5 lines. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hosts deny, alow
On Mon, 11 Feb 2002 at 22:10:38 +0700, [EMAIL PROTECTED] wrote: I am new user debian linux, 1. i try to configure in hosts.deny : ALL:[EMAIL PROTECTED] and try in hosts.allow : ALL : 202.xxx.xxx.xx1, 202.xxx.xxx.xx2 But when i try from 202.xxx.xxx.xx1 and 202.xxx.xxx.xx2 the message is Connection closed by remote host. how to configure in close all and allow from that ip? First of all check that your tcpd configuration is formally correct: use tcpdchk (see the manual). Then use tcpdmatch (as above) to make sure how tcpd is going to handle connections to particular daemons from particular addresses. 2. I try to close port 111 in services and give # on port sunrpc 111/tcp, and inetd but allways be open. Don't edit services to achieve this. It depends on version of Debian so I'm not sure which way is the best in your case but uninstall portmap or '/etc/init.d/portmap stop' and edit this file so that it exits before starting the service (it may be not the most debianish way but it acts as a workaround). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: central administration techniques
On Fri, 19 Oct 2001 at 17:54:28 +0300, Juha Jykk wrote: [...] case, which is the safest option? Currently I am considering configuring sudo to enable the admin user to execute a single script (mods 0700) without a password or just chmod that script 4700. I am not ^^^ certain about the first, but the latter would be as secure as my connection (ssh2) and my real password. The real password being broken [...] 3. Break into one of the other machines, use the suided script to ^ I can't answer your questions - I know too little. Just one remark: AFAIK, Linux doesn't support suided shell scripts. At least it didn't do that a few years ago when I tried to use a suided script. I haven't checked that since then. Hope it helps -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: central administration techniques
On Fri, 19 Oct 2001 at 17:54:28 +0300, Juha Jäykkä wrote: [...] case, which is the safest option? Currently I am considering configuring sudo to enable the admin user to execute a single script (mods 0700) without a password or just chmod that script 4700. I am not ^^^ certain about the first, but the latter would be as secure as my connection (ssh2) and my real password. The real password being broken [...] 3. Break into one of the other machines, use the suided script to ^ I can't answer your questions - I know too little. Just one remark: AFAIK, Linux doesn't support suided shell scripts. At least it didn't do that a few years ago when I tried to use a suided script. I haven't checked that since then. Hope it helps -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: named: bad referral x from y?
On Wed, 10 Oct 2001 at 10:38:22 +0300, Mikko Kilpikoski wrote: I'm getting a lot of following message in named log: bad referral (x.x.x.x.in-addr.arpa ! *.x.x.in-addr.arpa) from [y.y.y.y].53 Where x is some host in a some network owned by X and y is my ISP's nameserver. I've gotten this message about two hosts from different networks. The networks in question are owned by same individual. What does it mean? Should I be worried? Logcheck considers it a security I don't think so. I've got from a couple of hundreds to a thousand of such messages each week. Evidences od misconfigured nameservers. Maybe someone could explain it in detail?... violation. What can I do about it? Violation is because of word bad. As long as zones mentioned are not yours, you can safely ignore such messages, I think. If I'm wrong, corrections are welcome. HIH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: named: bad referral x from y?
On Wed, 10 Oct 2001 at 10:38:22 +0300, Mikko Kilpikoski wrote: I'm getting a lot of following message in named log: bad referral (x.x.x.x.in-addr.arpa ! *.x.x.in-addr.arpa) from [y.y.y.y].53 Where x is some host in a some network owned by X and y is my ISP's nameserver. I've gotten this message about two hosts from different networks. The networks in question are owned by same individual. What does it mean? Should I be worried? Logcheck considers it a security I don't think so. I've got from a couple of hundreds to a thousand of such messages each week. Evidences od misconfigured nameservers. Maybe someone could explain it in detail?... violation. What can I do about it? Violation is because of word bad. As long as zones mentioned are not yours, you can safely ignore such messages, I think. If I'm wrong, corrections are welcome. HIH -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Creating a logfile for Netfilter
On Tue, 12 Jun 2001 at 8:44:53 +0100, Tim Haynes wrote: found at http://spodzone.org.uk/packages/secure/iptables.sh. 404 Not Found The requested URL /packages/secure/iptables.sh was not found on this server. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Creating a logfile for Netfilter
On Tue, 12 Jun 2001 at 8:44:53 +0100, Tim Haynes wrote: found at http://spodzone.org.uk/packages/secure/iptables.sh. 404 Not Found The requested URL /packages/secure/iptables.sh was not found on this server. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.