Re: [Evolution] Bug#508479: evolution shows a SMIME signed messages as ok even if modified
On jeu, 2008-12-11 at 18:41 +0100, Joachim Breitner wrote: > please consider raising the Severity if appropriate. > > Attached are two very minimal test mails. you can drag’n’drop them in > evolution. The (self-signed) key.pem contains a certificate, you can > import it a signing authority. > > Both messages will be shown as correctly verfied, although one is just a > copy of the other, with the body modified. For the record, CVE-2009-0547 has been assigned to this issue. -- Yves-Alexis signature.asc Description: This is a digitally signed message part
Re: evolution
On Mon, 2003-06-30 at 00:29, Martynas Domarkas wrote: > Pn, 2003-06-27 05:59, Jean Christophe ANDRÉ rašė: > > Matt Zimmerman écrivait : > > > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > > > configuration options with that hosts. What could it be? > > > This is surely an evolution "feature" where it means to provide you with > > > news and information. > > > > I would call this a "pain" instead of a "feature"... > > 700 connections in 5 minutes is more than 2 in 1 second... > > I thought "modern programers" of "modern software" (say evolution) > > knew about twicing waiting time between each connection failure... > > > > J.C. > > Thats the best answer :- As far as I know evolution has no > configuration of proxy for WEB connection. So it very diligent tries > show me stupid pictures about "enlarge your..." and so on, but without > success. Hmmm, not bad. It's like kind of spam filter ;-) > > > I'm kidding of course. Thanks to all for your answers. Now I configured > evolution download pictures from WEB only if sender is in my address > book, and try all traffic going out of my box with destination port 80 > redirect to our proxy. > > And maybe somebody knows how to force evolution use proxy another (not > transparent) way? > Have you tried configuring Gnome to use a proxy? I think I remember reading that evolution obeys Gnome's setting somewhere... -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
Re: evolution
On Mon, 2003-06-30 at 00:29, Martynas Domarkas wrote: > Pn, 2003-06-27 05:59, Jean Christophe ANDRÉ rašė: > > Matt Zimmerman écrivait : > > > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > > > configuration options with that hosts. What could it be? > > > This is surely an evolution "feature" where it means to provide you with > > > news and information. > > > > I would call this a "pain" instead of a "feature"... > > 700 connections in 5 minutes is more than 2 in 1 second... > > I thought "modern programers" of "modern software" (say evolution) > > knew about twicing waiting time between each connection failure... > > > > J.C. > > Thats the best answer :- As far as I know evolution has no > configuration of proxy for WEB connection. So it very diligent tries > show me stupid pictures about "enlarge your..." and so on, but without > success. Hmmm, not bad. It's like kind of spam filter ;-) > > > I'm kidding of course. Thanks to all for your answers. Now I configured > evolution download pictures from WEB only if sender is in my address > book, and try all traffic going out of my box with destination port 80 > redirect to our proxy. > > And maybe somebody knows how to force evolution use proxy another (not > transparent) way? > Have you tried configuring Gnome to use a proxy? I think I remember reading that evolution obeys Gnome's setting somewhere... -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
Re: evolution
Pn, 2003-06-27 05:59, Jean Christophe ANDRÉ rašė: > Matt Zimmerman écrivait : > > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > > configuration options with that hosts. What could it be? > > This is surely an evolution "feature" where it means to provide you with > > news and information. > > I would call this a "pain" instead of a "feature"... > 700 connections in 5 minutes is more than 2 in 1 second... > I thought "modern programers" of "modern software" (say evolution) > knew about twicing waiting time between each connection failure... > > J.C. Thats the best answer :- As far as I know evolution has no configuration of proxy for WEB connection. So it very diligent tries show me stupid pictures about "enlarge your..." and so on, but without success. Hmmm, not bad. It's like kind of spam filter ;-) I'm kidding of course. Thanks to all for your answers. Now I configured evolution download pictures from WEB only if sender is in my address book, and try all traffic going out of my box with destination port 80 redirect to our proxy. And maybe somebody knows how to force evolution use proxy another (not transparent) way? > -- > Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ > Coordonnateur technique régional / Associé technologie projet Reflets > Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) > Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam > Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747 > / Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou > \ > \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html > / > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > Regards, Martynas
Re: evolution
Pn, 2003-06-27 05:59, Jean Christophe ANDRÉ rašė: > Matt Zimmerman écrivait : > > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > > configuration options with that hosts. What could it be? > > This is surely an evolution "feature" where it means to provide you with > > news and information. > > I would call this a "pain" instead of a "feature"... > 700 connections in 5 minutes is more than 2 in 1 second... > I thought "modern programers" of "modern software" (say evolution) > knew about twicing waiting time between each connection failure... > > J.C. Thats the best answer :- As far as I know evolution has no configuration of proxy for WEB connection. So it very diligent tries show me stupid pictures about "enlarge your..." and so on, but without success. Hmmm, not bad. It's like kind of spam filter ;-) I'm kidding of course. Thanks to all for your answers. Now I configured evolution download pictures from WEB only if sender is in my address book, and try all traffic going out of my box with destination port 80 redirect to our proxy. And maybe somebody knows how to force evolution use proxy another (not transparent) way? > -- > Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ > Coordonnateur technique régional / Associé technologie projet Reflets > Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) > Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam > Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747 > / Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou \ > \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html / > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > Regards, Martynas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Thu, 26 Jun 2003, Jon wrote: > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > > 4055/evolution-exec > > And... I'm not sure about this one, but it's probably another item on > the Summary page. # hinfo -n 63.236.73.20 Processing 63.236.73.20 (63.236.73.20) 63.236.73.20 is in selwerd XBL as 127.0.0.4 63.236.73.20 is in Five-Ten-SG Blackholes as 127.0.0.7 Refering data: Qwest Communications NET-QWEST-BLKS2 (NET-63-236-0-0-1) 63.236.0.0 - 63.239.255.255 Qwest Cybercenters QWEST-CYBERCENTER (NET-63-236-0-0-2) 63.236.0.0 - 63.236.127.255 Jupitermedia Corp. QWEST-EWR-JUPIT6 (NET-63-236-73-0-1) 63.236.73.0 - 63.236.73.255 Nic Handle Info: OrgName:Qwest Communications OrgID: QWST Address:950 17th Street Address:Suite 1900 City: Denver StateProv: CO PostalCode: 80202 Country:US NetRange: 63.236.0.0 - 63.239.255.255 CIDR: 63.236.0.0/14 NetName:NET-QWEST-BLKS2 NetHandle: NET-63-236-0-0-1 Parent: NET-63-0-0-0-0 NetType:Direct Allocation NameServer: DCA-ANS-01.INET.QWEST.NET NameServer: SVL-ANS-01.INET.QWEST.NET Comment:ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE Comment:NOTE: For abuse issues, please email [EMAIL PROTECTED] RegDate:1999-11-19 Updated:2001-04-12 TechHandle: QN-ARIN TechName: NOC, NOC TechPhone: +1-703-363-3001 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: QIA2-ARIN OrgAbuseName: Qwest IP Abuse OrgAbusePhone: +1-703-363-3001 OrgAbuseEmail: [EMAIL PROTECTED] OrgNOCHandle: QIN-ARIN OrgNOCName: Qwest IP NOC OrgNOCPhone: +1-703-363-3001 OrgNOCEmail: [EMAIL PROTECTED] OrgTechHandle: QIA-ARIN OrgTechName: Qwest IP Admin OrgTechPhone: +1-888-795-0420 OrgTechEmail: [EMAIL PROTECTED] Qwest Communications NET-QWEST-BLKS2 (NET-63-236-0-0-1) 63.236.0.0 - 63.239.255.255 Qwest Cybercenters QWEST-CYBERCENTER (NET-63-236-0-0-2) 63.236.0.0 - 63.236.127.255 Jupitermedia Corp. QWEST-EWR-JUPIT6 (NET-63-236-73-0-1) 63.236.73.0 - 63.236.73.255 hth, Cristian
Re: evolution
On Thu, 26 Jun 2003, Jon wrote: > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > > 4055/evolution-exec > > And... I'm not sure about this one, but it's probably another item on > the Summary page. # hinfo -n 63.236.73.20 Processing 63.236.73.20 (63.236.73.20) 63.236.73.20 is in selwerd XBL as 127.0.0.4 63.236.73.20 is in Five-Ten-SG Blackholes as 127.0.0.7 Refering data: Qwest Communications NET-QWEST-BLKS2 (NET-63-236-0-0-1) 63.236.0.0 - 63.239.255.255 Qwest Cybercenters QWEST-CYBERCENTER (NET-63-236-0-0-2) 63.236.0.0 - 63.236.127.255 Jupitermedia Corp. QWEST-EWR-JUPIT6 (NET-63-236-73-0-1) 63.236.73.0 - 63.236.73.255 Nic Handle Info: OrgName:Qwest Communications OrgID: QWST Address:950 17th Street Address:Suite 1900 City: Denver StateProv: CO PostalCode: 80202 Country:US NetRange: 63.236.0.0 - 63.239.255.255 CIDR: 63.236.0.0/14 NetName:NET-QWEST-BLKS2 NetHandle: NET-63-236-0-0-1 Parent: NET-63-0-0-0-0 NetType:Direct Allocation NameServer: DCA-ANS-01.INET.QWEST.NET NameServer: SVL-ANS-01.INET.QWEST.NET Comment:ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE Comment:NOTE: For abuse issues, please email [EMAIL PROTECTED] RegDate:1999-11-19 Updated:2001-04-12 TechHandle: QN-ARIN TechName: NOC, NOC TechPhone: +1-703-363-3001 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: QIA2-ARIN OrgAbuseName: Qwest IP Abuse OrgAbusePhone: +1-703-363-3001 OrgAbuseEmail: [EMAIL PROTECTED] OrgNOCHandle: QIN-ARIN OrgNOCName: Qwest IP NOC OrgNOCPhone: +1-703-363-3001 OrgNOCEmail: [EMAIL PROTECTED] OrgTechHandle: QIA-ARIN OrgTechName: Qwest IP Admin OrgTechPhone: +1-888-795-0420 OrgTechEmail: [EMAIL PROTECTED] Qwest Communications NET-QWEST-BLKS2 (NET-63-236-0-0-1) 63.236.0.0 - 63.239.255.255 Qwest Cybercenters QWEST-CYBERCENTER (NET-63-236-0-0-2) 63.236.0.0 - 63.236.127.255 Jupitermedia Corp. QWEST-EWR-JUPIT6 (NET-63-236-73-0-1) 63.236.73.0 - 63.236.73.255 hth, Cristian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Wed, 2003-06-25 at 22:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec --snipped-- Hi Martynas, These are connections to port 80, meaning a web server. Do you get a lot of spam? Do you get a lot of newsletters or other e-mails with images? Many spam and newsletter mailings contain images, both visible and invisible (small one pixel images used to track and/or verify if an e-mail has been viewed). You likely have Evolution set to display images so it's going out and trying to download all the images in the e-mails. A better option is to turn that off by default and enable it for individual images. That's what I do. On the menu bar go to Tools>Settings and go to Mail Preferences>HTML Mail. Select either "Never load images off the net" which is my preference, or "Load images if sender is in addressbook" so that you can receive HTML images from those you choose. I'm sure you'll see a sudden dropoff in connections as well as not automatically letting spammers know you're alive. Hope this helps, Kourosh -- Kourosh <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
(I'm subscriber of debian-security) Maybe Evolution is configured to collect new/weather from web ? []'s On Thu, 2003-06-26 at 02:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? > > > > -- > Pagarbiai > IT sistemų administratorius > Martynas Domarkas > tel.: +370 698 44331 > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Wed, 2003-06-25 at 22:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec http://ws.arin.net/cgi-bin/whois.pl?queryinput=205.156.51.200 Looks like it's trying to fetch the weather. > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > 40.209.14.206.in-addr.arpa domain name pointer www.salon.com. Salon.com's XML feed... > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > And... I'm not sure about this one, but it's probably another item on the Summary page. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec I would guess, just off the top of my head, that it's trying to load images for HTML mail that you've received. All the connections are going to port 80 on the remote machines. Check Tools->Mail Settings and look under the "Display" tab. Set "Never load images off the net" and see if the connections are still there. Evolution also uses HTTP to get the RDF data feeds for the summary page. -B -- Brandon High [EMAIL PROTECTED] '98 Kawi ZX-7R "Wasabi", '98 Kawi EX500 "Harlot", '02 BMW R1150RS "Troll" When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Wed, 2003-06-25 at 22:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec Martynas, I almost forgot that some of that traffic is likely your Summary page going out and getting updates. For example 205.156.51 is owned by NOAA. My previous mail still holds for some of the traffic but the summary page updates are also part of it. 205.156.51.200 is a National Weather Service page 206.14.209.40 is Salon.com 63.236.73.20 is Linux Today Regards, Kourosh -- Kourosh <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
Matt Zimmerman écrivait : > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > configuration options with that hosts. What could it be? > This is surely an evolution "feature" where it means to provide you with > news and information. I would call this a "pain" instead of a "feature"... 700 connections in 5 minutes is more than 2 in 1 second... I thought "modern programers" of "modern software" (say evolution) knew about twicing waiting time between each connection failure... J.C. -- Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ Coordonnateur technique régional / Associé technologie projet Reflets Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747 / Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou \ \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html / -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT [...] I don't use evolution, but if it displays HTML messages, those could be requests to retrieve some objects embedded in some messages (images for example). Just a thought. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Thu, 26 Jun 2003, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? Well judging from the names I'd think you have the weather and news features of the summary page enabled. $ host 205.156.51.200 200.51.156.205.in-addr.arpa domain name pointer tgftp.nws.noaa.gov. $ host 206.14.209.40 40.209.14.206.in-addr.arpa domain name pointer www.salon.com. $ host 63.236.73.20 Host 20.73.236.63.in-addr.arpa not found: 3(NXDOMAIN) Grx HdV -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
Matt Zimmerman écrivait : > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > > configuration options with that hosts. What could it be? > This is surely an evolution "feature" where it means to provide you with > news and information. I would call this a "pain" instead of a "feature"... 700 connections in 5 minutes is more than 2 in 1 second... I thought "modern programers" of "modern software" (say evolution) knew about twicing waiting time between each connection failure... J.C. -- Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ Coordonnateur technique régional / Associé technologie projet Reflets Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747 / Note personnelle : merci d'éviter de m'envoyer des fichiers PowerPoint ou \ \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > This appears to be the National Weather Services... Prolly cause it has a summary page that has weather info. > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > This appears to be Salon.com... Also I believe has a link for syndication postings on the summary page. > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > This appears to be Linux Today... Also I believe as a link on the summary page for news articles... > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? > > > > -- > Pagarbiai > IT sistem? administratorius > Martynas Domarkas > tel.: +370 698 44331 > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > This appears to be the National Weather Services... Prolly cause it has a summary page that has weather info. > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > This appears to be Salon.com... Also I believe has a link for syndication postings on the summary page. > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > This appears to be Linux Today... Also I believe as a link on the summary page for news articles... > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? > > > > -- > Pagarbiai > IT sistem? administratorius > Martynas Domarkas > tel.: +370 698 44331 > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec The (US) National Weather Service > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec salon.com > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec ?? > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? This is surely an evolution "feature" where it means to provide you with news and information. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT [...] I don't use evolution, but if it displays HTML messages, those could be requests to retrieve some objects embedded in some messages (images for example). Just a thought. Marcin -- Marcin Owsiany <[EMAIL PROTECTED]> http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec I would guess, just off the top of my head, that it's trying to load images for HTML mail that you've received. All the connections are going to port 80 on the remote machines. Check Tools->Mail Settings and look under the "Display" tab. Set "Never load images off the net" and see if the connections are still there. Evolution also uses HTTP to get the RDF data feeds for the summary page. -B -- Brandon High [EMAIL PROTECTED] '98 Kawi ZX-7R "Wasabi", '98 Kawi EX500 "Harlot", '02 BMW R1150RS "Troll" When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
Re: evolution
On Thu, Jun 26, 2003 at 08:40:38AM +0300, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec The (US) National Weather Service > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec salon.com > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec ?? > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? This is surely an evolution "feature" where it means to provide you with news and information. -- - mdz
Re: evolution
(I'm subscriber of debian-security) Maybe Evolution is configured to collect new/weather from web ? []'s On Thu, 2003-06-26 at 02:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? > > > > -- > Pagarbiai > IT sistemų administratorius > Martynas Domarkas > tel.: +370 698 44331 > >
Re: evolution
On Wed, 2003-06-25 at 22:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec http://ws.arin.net/cgi-bin/whois.pl?queryinput=205.156.51.200 Looks like it's trying to fetch the weather. > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > 40.209.14.206.in-addr.arpa domain name pointer www.salon.com. Salon.com's XML feed... > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > And... I'm not sure about this one, but it's probably another item on the Summary page. - Jon -- [EMAIL PROTECTED] Administrator, tgpsolutions http://www.tgpsolutions.com signature.asc Description: This is a digitally signed message part
Re: evolution
On Thu, 26 Jun 2003, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33932 206.14.209.40:80 SYN_SENT > 4055/evolution-exec > > tcp 0 1 192.168.0.1:33933 63.236.73.20:80 SYN_SENT > 4055/evolution-exec > > There are a LOT of connetcions: ~700 in a 5 minutes. I did not find any > configuration options with that hosts. > > What could it be? Well judging from the names I'd think you have the weather and news features of the summary page enabled. $ host 205.156.51.200 200.51.156.205.in-addr.arpa domain name pointer tgftp.nws.noaa.gov. $ host 206.14.209.40 40.209.14.206.in-addr.arpa domain name pointer www.salon.com. $ host 63.236.73.20 Host 20.73.236.63.in-addr.arpa not found: 3(NXDOMAIN) Grx HdV
Re: evolution
On Wed, 2003-06-25 at 22:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec Martynas, I almost forgot that some of that traffic is likely your Summary page going out and getting updates. For example 205.156.51 is owned by NOAA. My previous mail still holds for some of the traffic but the summary page updates are also part of it. 205.156.51.200 is a National Weather Service page 206.14.209.40 is Salon.com 63.236.73.20 is Linux Today Regards, Kourosh -- Kourosh <[EMAIL PROTECTED]>
Re: evolution
On Wed, 2003-06-25 at 22:40, Martynas Domarkas wrote: > Hi, it's me again and I have another stupid question: my evolution > mailer in a short period of time repeatedly tries connect to some > strange hosts: > > > tcp 0 1 192.168.0.1:33931 205.156.51.200:80 SYN_SENT > 4055/evolution-exec --snipped-- Hi Martynas, These are connections to port 80, meaning a web server. Do you get a lot of spam? Do you get a lot of newsletters or other e-mails with images? Many spam and newsletter mailings contain images, both visible and invisible (small one pixel images used to track and/or verify if an e-mail has been viewed). You likely have Evolution set to display images so it's going out and trying to download all the images in the e-mails. A better option is to turn that off by default and enable it for individual images. That's what I do. On the menu bar go to Tools>Settings and go to Mail Preferences>HTML Mail. Select either "Never load images off the net" which is my preference, or "Load images if sender is in addressbook" so that you can receive HTML images from those you choose. I'm sure you'll see a sudden dropoff in connections as well as not automatically letting spammers know you're alive. Hope this helps, Kourosh -- Kourosh <[EMAIL PROTECTED]>