Re: [expert] lm sensors
On Wednesday 19 November 2003 05:42 pm, Dick Gevers wrote: > There`s easier ways to tackle that; IMHO. Proberbly failsafe is safe, but > why bother, if you`re careful and consider beforehand what you do, go to > init 1 and cd to where you want to make your changes. Of course, vi may be > the preferred editor for that, but I didn`t have the time to learn it yet. > Still mc has a pretty easy editor which will easily access what you need to > change. Well, at the point that the machine hard locks, keyboard doesn't respond, can't SSH into it and it becomes an effective doorstop, there is not much else to do but restart the machine and remove the lm_sensors script from the init process to troubleshoot the problem which is effectively what I did. When manually loading, it still causes the hard lock, again, no choice but to powercycle the machine which involves rebooting. > I would follow following scenario: a. make sure sensorsd service is not > running. b. Run the script provided, don`t allow it to modify your > conf.modules or whichever they suggest. You already know which modules the > script found, so check no modules are loaded, and if they that they are not > added by modules.conf. If no modules are listed in the output of lsmod > continue, if they are start service lm_sensors and with, for instance > Gkrellm see if you get any readings. That means the kernel gives them > direct. Only those modules which the kernel might not provide data output > for should be loaded as modules via modules.conf. Before any adjustment to > the modules stop the service and restart after added (or removing) any > modules which do not show up useful values. I tried manually loading an unloading one at a time but I might not have done it often enough to get the hard lock. Now it appears that the culprit is linked to one of the modules and since removing it, I no longer have the problem. > Compare your kernel logs, particularly /var/log/kernel/errors. It will show > bus collisions, if any. I was lucky I did not get hard locks when I ran too > many modules, but the logs filled alright. Well, all I got was hard locks and there was nothing in the logs to show what was causing it. I checked and there is nothing from the start until it shows the hard reboot with kernel reloading. > >I have just edited my modules file to load the i2c-proc module at bootup > >rather than letting it load from the lmsensors init script. If anyone has > >any suggestions for me, I would really appreciate it. > > So you appear to be infected by the reboot philosophy of certain O/S`s > (sometimes I am guilty of similar behaviours to analyze prob ;-), but with > this (unless hardlocked), I see no need to reboot. Since the only issue that I spoke of was the hardlock, not sure I follow your analysis about my troubleshooting style. I don't reboot my machine on a whim and certainly know how to init 1 and then back to init 3 if all I wanted was to test the init process. > >BTW, sensors.conf is stock and I did not add any lines to > > /etc/modules.conf > > You should, that is the only way for the service which this package > provides will read any data that are not provided by the kernel. Unless, > naturally, the kernel provides *all* for your particular mobo. Well, I will probably have to edit that eventually to get the temps for Vcore accurately reported but the stock conf file appears to be doing a great job so far on CPU temp, MB temp and fan speed. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] lm sensors
On Wednesday 19 November 2003 02:52 pm, Greg Meyer wrote: > I only load the it87. The lm75 driver may be causing your problem, there > isn;t one on that board. Also, on the Soyo, I only got accurate readings > by specifying a socket type when modprobing the driver. the differnet > types are in the docs, but I figured out the Soyo is type 38. The voltages > are a little messy too. This can be fixed by making a few changes to the > sensors.conf file, but I haven't taken the time to figure out the > adjustments and do it. Here are the relevant lines that I added to my > rc.local file. Thanks very much for the info Greg. That must have been it. I removed the lm75 module and now it is starting and stopping fine. Also, I moved the i2c-proc module startup to the actual /etc/modules file so that it is started automatically at bootup. That appears to be much better for the script startup method and whether it helps or not, seems to be a little more elegant. I also added an options line in /etc/modules.conf for the it87 temp_type=0x38 option. I will check later to see how accurate the temps are. Again, thanks much for the info, it has probably saved me from a few more hard boots. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] lm sensors
On Wednesday 19 November 2003 02:03 pm, Thomas Backlund wrote: > in order to solve wich one kills your system, you should use the modprobe > command > and try to load one module at a time until it hangs... Originally, the problem module was the adm1021 module and that was due to the options line included in /etc/modules.conf that was suggested by sensors-detect. However, I removed that module and am no longer trying to load that one. Now, I can manually load all of them and then unload all of them. Running the script, I can also load all and then unload all, it is on the second attempt to load that I get problems. I am going to work on this more tonight, I am beginning to wonder if the problem may stem from trying to unload the i2c-proc module along with the others. For the most part, I don't see a reason to remove the proc module, even if you want to remove the individual sensor modules when shutting the system down. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] lm sensors
I have recently started trying to install lm sensors on my computer which has a Soyo KT400 Dragon Ultra Platinum motherboard. I have had very mixed results with the sensors including some very hard to diagnose hard locks on the machine when I attempt to load the sensor modules. Does anyone here have any experience working with lmsensors and want to take a crack at helping me figure out the problem. Scenario, I installed lmsensors by RPM, ran sensors-detect and let it create the /etc/sysconfig/lmsensors configuration file. When I restarted the computer, the lmsensors init script kicked off, showed loading modules and then nothing, hard lock. I power cycled the machine, booted into failsafe mode, disabled lmsensors init script and went back into Linux. I manually tried to load lmsensors init script and it hard locked again. I rebooted, went back and tried to manually load the modules that are loading from the script and they loaded fine. I then manually unloaded the modules and they also unloaded fine. I rewrote the lmsensors init script so that it was manually loading the modules rather than pulling them from the /etc/sysconfig/lmsensors file. I ran the script and it loaded the modules, then stopped the script and it unloaded the modules. When I went to restart it, the machine hard locked again. I am currently trying to load only the i2c-viapro, i2c-isa, i2c-it87 and it2-lm75 modules and skipping the adm1021 and eeprom modules since my machine appears to have the most issues with the adm1021 module and I don't really need the eeprom one. I have just edited my modules file to load the i2c-proc module at bootup rather than letting it load from the lmsensors init script. If anyone has any suggestions for me, I would really appreciate it. BTW, sensors.conf is stock and I did not add any lines to /etc/modules.conf except the alias for char-major-89 i2c-dev because the other adm1021 line should not be needed since I am not loading adm1021. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] I think it's safe to say the 2.4.22 kernel series is screwed
On Wednesday 19 November 2003 11:50 am, Praedor Atrebates wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Your sound system is virtually identical to mine. I have also installed > aumix and maxed out all the sliders. > > All I can say is that when I use 2.4.21 kernels, sound works flawlessly. > If I use anything in the 2.4.22 list, no sound. Sound works in windoze. > Sound works for SuSE 9.0, mandrake 9.1, and 9.0. Nothing changes when > installing 9.2 at all except that sound magically quits working. > > praedor But you also said that you were having issues with APIC. Since APIC handles IRQ interrupts for a lot of devices when it is enabled, it is possible that this is causing an interrupt conflict that is preventing sound from working. In 9.1, I initially turned APIC off in the BIOS when I did my install and had numerous problems with MB ethernet, USB ports, and mb sound because of inherent problems with installing Linux with conflicting interrupts. I thought that the install had gone well because of a lack of visible errors but then nothing ever worked right. Only be enabling APIC in the BIOS and using the noapic flag in lilo was I able to get an install going that actually worked with all of my devices. You may want to try enabling APIC in BIOS, reinstalling Linux using the noapic on the lilo load line for the install disk and then seeing if your results are better. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] /dev/dsp always in use
On Sunday 16 November 2003 05:34 pm, elPunishar wrote: > high all! > > i've got a problem on mandrake 9.1 with my nforce onboard soundcard. > > /dev/dsp seems to be alway in use, even when theres no other program > running that has anything to do with sound. > > this means, Xine doesn't play sound because of that. > mplayer brings a error at the start of a movie, but then plays with sound, > but i can't control the volume on mplayer. > most games bring an error on /dev/dsp and some of them can play sound with > "artsdsp -m quake3" if i'm lucky. > and sound in flash movies doesn't work.. i suspect its also because of > that. > > as /dev/dsp seems to be the default sound device (which in my case has got > some problem), maybe i need to change this somewhere and set another sound > device for default ? > i'm very confused.. can somebody clear it for me please ? If you are running KDE desktop, the artsd which is the Arts Sound daemon is running and that will cause dsp to always be busy. You can configure Xine to use arts sound and then it should coexist peacefully with artsd, and the same is true for mplayer. Never had a problem with flash, so I don't know why that would be a problem. I do have problems with realplayer and in most cases, need to kill artsd before running any real media files and then just start it back up again. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Problems retrieving mail: fetchmail: smtp listener protocol error
On Wednesday 12 November 2003 03:43 pm, HaywireMac wrote: > On Wed, 12 Nov 2003 18:31:24 -0500 > > Bryan Phinney <[EMAIL PROTECTED]> uttered: > > No, 9.1 had it too but most people who didn't need it disabled > > zeroconf by setting tmdns to not start on boot. You should be able to > > check to see if tmdns is running by doing a ps -A. > > I did no such thing, had no such problem. Am back in 9.1 now, and am > happy as a clam ;-) > > Got a lot of rebuilding to do, but I learned my lesson, always listen to > your instincts. If it ain't broke, don't fix it. Rats, and here I was hoping that I had a new Guinea Pig to help me troubleshoot stuff before I upgrade my machine. ;-} -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Problems retrieving mail: fetchmail: smtp listener protocol error
On Wednesday 12 November 2003 06:07 pm, HaywireMac wrote: > Is this specific to 9.2? I checked in there, but i cancelled out because > I wasn't even sure what "Zeroconf" is You know, one thing that you might want to do, just to firmly identify or eliminate one piece of this is to fully test whether Postfix is operating properly or not. One way to do that is to fire up Kmail or another email client, configure it to send via SMTP straight and then send a mail to yourself, [EMAIL PROTECTED] That should automatically bypass whatever relay is setup and deliver directly to your username account on the local machine. If you get the mail, then it means that Postfix is working. If you do not get it, it means that Postfix is definitely not working and you may need to try to work on it. One other item to try rather than trying to force an uninstall/reinstall of Postfix is to check the startup scripts in /etc/init.d. See if you have postfix.rpmnew files in there because it is possible that a new version needs to have some changes made to correctly start but I think that urpmi defaults to trying to leave the original scripts in place when you install new versions. I know that I have upgraded a couple of apps previously and found myself completely uninstalling and then reinstalling until I finally figured out that newer packages were changing the locations of some of the files and I just needed to alter the startup scripts to reflect the new locations. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] postfix headers
On Wednesday 12 November 2003 07:18 pm, Michael Holt wrote: > I'm wondering if they have something set on their server to drop any > email that doesn't show an fqdn in the received string. Maybe to keep > from getting email from a server that's been taken over as a relay? If > this is the case, how would I set postfix so that emails originating > from other boxes on my lan would appear to be the server sending them? > So that the above headers taken from both webmail and client machines > would look identical? Michael, is it possible that you are using a different "From:" address when using Squirrelmail versus when you use Evolution? They may be whitelisting based on the From listed as the sender. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Problems retrieving mail: fetchmail: smtp listener protocol error
On Wednesday 12 November 2003 06:07 pm, HaywireMac wrote: > Is this specific to 9.2? I checked in there, but i cancelled out because > I wasn't even sure what "Zeroconf" is No, 9.1 had it too but most people who didn't need it disabled zeroconf by setting tmdns to not start on boot. You should be able to check to see if tmdns is running by doing a ps -A. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Problems retrieving mail: fetchmail: smtp listener protocol error
On Wednesday 12 November 2003 04:42 pm, HaywireMac wrote: > master (pid 2211) is running... Okay, that should be good. > Postfix starts OK on boot, and when I issue the command "service postfix > restart", it does restart, but just gives me those warnings. Warnings aren't errors and IIRC, I was running Postfix on my system for a full month before I added my fake domain name just to get the warning to stop and even now it is still not a FQHN but that doesn't seem to matter to anyone, certainly not Postfix. I am pretty sure that Postfix will run even without a hostname as long as your machine has a name. > The funny thing is, I have no idea how it knew to name the machine > node1, unless it got that from my DHCP server, but I don't think that > hands out hostnames (?). Right after install, it booted up with "node1", > just like it was before, and this was a *clean* install, I mean total > wipeout, man. Could it be the zeroconf stuff in 9.2. If you ran the network setup utility, it might have set a hostname for you with the tmdns stuff. > Thanks for replyin', man, maybe it's my ISP, I'm even having trouble > loading web pages, even though my router shows me connected, and I can > connect to my other box no prob. > > Well, I wanted a challenge... ;-)-- How about CLI again and run a nmap on localhost. Check to see if it says your SMTP on port 25 is open or filtered. You might have some firewall stuff that is stopping Fetchmail from connecting. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Problems retrieving mail: fetchmail: smtp listener protocol error
On Wednesday 12 November 2003 02:48 pm, HaywireMac wrote: > Starting postfix: postalias: warning: My hostname node1 is not a fully > qualified name - set myhostname or mydomain in /etc/postfix/main.cf > postmap: warning: My hostname node1 is not a fully qualified name - set > myhostname or mydomain in /etc/postfix/main.cf Haywire, can you open up a CLI and su to root and then issue the command "/etc/init.d/posftix status" and tell us what it says. If it says something like, postfix is dead but the subsys is locked, then we will know that Postfix is actually dying when you try to start it and that would explain why Fetchmail is unable to inject mail into the localhost. I don't think the problem is your hostname because localhost should always be valid regardless of what your hostname or even mail server name is. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] chkrootkit and mailing results to root
On Wednesday 12 November 2003 01:14 pm, J.C. Woods wrote: > You have two different issues at work on this tread. One issue is > basically about setting up postfix. What params to use in main.cf, and > what params not to use. If you choose a do a "hack", just be aware of > the consequences. Agreed. PA's setup is different from mine, in that I am not attempting to originate mail directly through my own MX, I am always relaying through a real MX that belongs to my ISP. I do not and can not do direct to MX mail on my system as outgoing port 25 is blocked. > As for the Mandrake mail servers, they are simply setup with the > "smtpd_recipient_restrictions = reject_unknown_client" param. And what > the hell does this mean? It means, for one thing, you must have rDNS for > the sending mail server's name. See the many postings, made by myself, > Pierre, et. al., in the archives about this issue. You are right about > one thing. This is a setting that cuts down on spam... That is not it. Incoming client is Earthlink SMTP server which DOES have rDNS setup and is a registered MX and does have an A record associated with it, etc. The fact that mail that is sent directly through the mail server from a client versus being relayed through the mail server from a local MX should be completely immaterial to the reject_unknown_client param on the mail server. In fact, the helo record is disregarded completely because the client header comes in the initial negotiation which is handed by Earthlink's mail server in both cases, never by Postfix on my end which only ever communicates to Earthlink's mail server and never to the mail server on Mandrake's end. The only difference in those two messages is the addition of one more Received header showing Postfix in the chain when I smart relay through Postfix as opposed to using my client directly to Earthlink's mail server. I can post headers from both types of messages to show that. What I suspect is happening is that Mandrake has some type of filtering system setup and is actively checking for forged Received headers of any type and trashing anything that has a Received header that is not valid. Since my local Postfix server is NOT a real MX, it's Received line appears to be forged because there is not a valid domain to originate there. I suspect that the culprit on the mail server is not the mail server itself, but an actual filtering program that is separate, perhaps a procmail recipe or a mail filter. The reason that I suspect that is that I don't get a bounce message and Postfix, when it rejects a message sends a bounce message back informing you of why. If the reject_unknown_client_param were the culprit, I should be receiving a 553 bounce message when I send. Postfix does not trash invalid messages without a response, it communicates back to the sender so that you can correct your message. I do NOT receive a bounce, my message just never gets posted to the mailing list. Usually, when a message just gets trashed without any response at all, the culprit is almost always some type of body filter that takes over after the message is passed through the MX. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] chkrootkit and mailing results to root
On Wednesday 12 November 2003 08:56 am, Pierre Fortin wrote: > On Wed, 12 Nov 2003 07:49:26 -0500 Bryan Phinney > > <[EMAIL PROTECTED]> wrote: > > It rejects mine the same as his even though I use a smarthost to relay > > my messages so that they pass through my ISP mail servers. For some > > reason, Mandrake mailing list doesn't accept those. My only solution > > was to pass the mails directly through the ISP mail server for only the > > Mandrake mailing list and use Postfix for all my other mail which works > > fine. > > > > If I had to guess, I would guess that the mailing list is setup with > > some pretty rabid anti-spam rules of some kind, but that would be just a > > guess. > > Not very rabid at all... looking at your first header: > > Received: from user-11fa01q.dsl.mindspring.com ([66.245.0.58] > > helo=Neo.matrix) > > by heron.mail.pas.earthlink.net with asmtp (Exim 3.33 #1) > > id 1AJuR7-0003SW-00 > > for [EMAIL PROTECTED]; Wed, 12 Nov 2003 04:49:29 -0800 > >"neo.matrix" is not a valid [host.]domain which would cause the most > basic of failures to deliver to Mdk's servers... you could not deliver > mail directly to mine either as postfix rules (and a few blacklisted > servers) are my sole anti-spam measures. If you have a permanent IP, > setting myhostname to user-11fa01q.dsl.mindspring.com would be a quick, > self-admin'ed, hack to verify this is the problem. This is obviously not a problem since you actually saw the message, right? If it were a problem, you would not have seen the message because Mdk would have refused to accept it right? If you want to try to troubleshoot the problem that I spoke of, you would need to see an email that I sent to you through my Postfix server and smart relayed through Earthlink to try to figure out what is causing the message to be blocked. The message you quoted was sent directly through Earthlink's mail server from my mail client. The machine name is obviously not valid, most dial-up and dynamic DSL customers don't own their own domain so they will not be using a FQH for their machine name. If Mdk was blocking every user that didn't operate their own MX, the mailing list would be pretty empty. > Your mailhost is either not responding or port 25 is blocked, so I can't > check that it's the source of neo.matrix... I am running a firewall and do NOT have port 25 open since I do not operate a public MX and outgoing port 25 is blocked by the ISP directly. No point allowing someone to connect to my mail server when I don't run an MX and can't originate mail anyway. So, in the header that you mention, the helo is ignored (obviously) since it is trivial to forge and relying on it would be pretty dumb. However, the IP address is a local range assigned to Earthlink and that is why the mail server at heron.mail.pas.earthlink.net accepts the mail (that and the fact that I authenticated with smtpauth when I sent it) and routes it to Mandrake which accepts it because it comes from Earthlink MX which is an authorized mail origination point with a valid MX record. When I smarthost relay through Earthlink, the same thing happens, the only difference is that there is an additional chain of headers showing the local Postfix server as the origination point. Received: by neo.matrix (Postfix, from userid 501) id 9BB48DD5; Wed, 12 Nov 2003 10:45:08 -0500 (EST) which sits at the end of the chain but for some reason, Mandrake sees that additional line and rejects the message and doesn't deliver it. It doesn't bounce the message as invalid, it just drops it into the bit bucket without comment. Again, I don't know why since I don't get a bounce on it, it is impossible for me to know what settings they are using but whatever it is, it is more aggressive than most other mail servers because messages that I send to other people at other ISP's going through my local Postfix server and smarthost relayed to Earthlink get delivered, but Mdk mailing list ones don't. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] chkrootkit and mailing results to root
On Wednesday 12 November 2003 06:54 am, Derek Jennings wrote: > > Well, you could do as I do and set up an alternate transport in Kmail to > > send to the list using your ISP SMTP server rather than trying to bounce > > messages through Postfix which the Mandrake mailing list appears to > > dislike, and then send all other messages through Postfix. I figure it > > has something to do with references to internal networks in the Received > > headers. > > If you set > MAIL_WARN=yes > MAIL_USER=emailaddy > > in /etc/security/msec/security.conf then the results of chkrootkit will be > amalgamated into the daily security emails msec will start sending you. > The security mails will also include lists of :- > config files altered, world writable files, ports > opened/closesd/authentication violations, and firewall hits. He is running Postfix, the problem is that the Mandrake Mailing list does not like messages that are bounced through local mail servers for some reason. It rejects mine the same as his even though I use a smarthost to relay my messages so that they pass through my ISP mail servers. For some reason, Mandrake mailing list doesn't accept those. My only solution was to pass the mails directly through the ISP mail server for only the Mandrake mailing list and use Postfix for all my other mail which works fine. If I had to guess, I would guess that the mailing list is setup with some pretty rabid anti-spam rules of some kind, but that would be just a guess. My solution to this problem was to cut out the local MX from my chain of headers and it appears that PA's solution was to masquerade as a regular MX host to get past that limitation and his current dilemma is a side-effect of that solution. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] chkrootkit and mailing results to root
On Tuesday 11 November 2003 04:23 pm, Praedor Atrebates wrote: > As I was sitting here staring at "tail -f /var/log/syslog" I saw my > chkrootkit anacronjob fly by. At the end of the check, I noticed an email > sent to [EMAIL PROTECTED] An outtake from my syslog post chkrootkit: The message is being sent to [EMAIL PROTECTED], not [EMAIL PROTECTED] > Sending email to [EMAIL PROTECTED] will fail and go to nobody. What is > actually sending this message and where do I find the config file so I can > correct it to send messages to [EMAIL PROTECTED] or [EMAIL PROTECTED] Set your hostname appropriately and all messages sent to root should be delivered to the right person. You may also create an alias in Postfix assuming that you have no reason to actually send messages to [EMAIL PROTECTED] > Is it postfix itself? In order to avoid having the mandrake list bounce > all my mails back at me, I had to setup my local postfix to set "myorigin = > yahoo.com". If I set it to be my actual localdomain (ravenhome.net) I will > lose the ability to post to the expert list. Is this [EMAIL PROTECTED] > originating from postfix via this "myorigin" setting? Well, you could do as I do and set up an alternate transport in Kmail to send to the list using your ISP SMTP server rather than trying to bounce messages through Postfix which the Mandrake mailing list appears to dislike, and then send all other messages through Postfix. I figure it has something to do with references to internal networks in the Received headers. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Frickin spam and spamassassin
On Monday 10 November 2003 02:27 pm, Praedor Atrebates wrote: > OK, this really irritates me. I have the latest spamassassin. It is > running in daemon mode. I have procmail setup to /dev/null anything that > is identified as spam. I have trained the Bayesian filter (supposedly) to > identify certain messages as spam...BUT THEY KEEP GETTING THROUGH! You are relying too much on pure filtering checks. Spammers run their messages against SA in order to figure out what types of changes can make it past the stock filters. I rely much more heavily on DNSBL checks, and filter out messages from known spam sources, open relays, open proxies, etc. As a result, I get much less spam passing by my SA filters. As of one week from yesterday, I have ~2000 messages, about 1600 of those are spam and only 1 was a false negative that managed to squeak past the filter. Only 4 false positives and those were trivial matches from the mailing list where someone is sending through a known open relay. Beef up your DNSBL scores and I guarantee that the number that squeak by will drop. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] (OT)Uh..... Am I alone in noticing the insanity?
On Sunday 09 November 2003 03:17 pm, James Sparenberg wrote: > Basically I interpret what he said as, "Thanks to your devotion over the > last 8 years we have a solid product, now fsck off and don't bother us > anymore. Your work, time and effort we didn't pay for, has been of > tremendous value to us and we no longer think you are worth being > concerned about." Maybe I'm wrong, but I'm not alone in this feeling. > So to all former RH users "Welcome to Mandrake". It is possible that they are doing exactly that. It is also possible that RH is acknowledging what a lot of other people have been slowly coming to realize, including myself, that MS sold the public a bill of goods when they convinced them that with the right OS, they could administer and manage a computer without gaining any real knowledge about what they are doing. Consumers won't get that message from a community effort like Fedora, but they have come to expect it from a commercial software company like RH. For better or worse, and as so many newcomers to Linux point out, people are looking for a replacement for MS Windows that does everything that it promises to do but doesn't just promise to do it but delivers. It is possible that there is some OS that will deliver on that, but I have yet to see it and don't believe that it will ever appear. In point of fact, that is precisely what MS has also been selling enterprises on for even server administration. Shows why a lot of MSCE's are so woefully unprepared to do real troubleshooting and actually fix problems versus the reinstall/reboot crap that MS teaches. And also why so many companies find it now so easy to outsource support to 3rd world locations at low wage rates. How hard is it to teach someone to say "reboot and if that doesn't work then reinstall." If RH plans to throw away the desktop market and only sell servers, then they will soon find themselves marginalized in much the same fashion that Sun is currently marginalized to a very niche market. That doesn't really seem the way to expand and grow your business, and I wouldn't expect them to succeed at that either. If, however, they manage to keep enough ties between their server offering and the community sponsored desktop offering to convince companies that they can implement Fedora on the desktop, and RH in the enterprise and still get seamless integration between the two, compatibility and shared knowledge among support staff, then they may be able to actually sell a value proposition that actually delivers what it promises to deliver and not the load of bunk that MS has up to now been selling. I look at it this way. You can pay a higher price and get promises, support and accountability which is worth it for a business by buying RH. You can get the same functionality, but with more accountability placed on you to talk to the community and figure your problems out with Fedora. You get the same software either way, but the "free" version is only financially free, it requires personal responsibility. The pay version requires less responsibility and more money. Same choices that people have always had with Linux. Only now, they have slapped a different name on each just to make it more clear to the PHB types. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] (OT)Uh..... Am I alone in noticing the insanity?
On Sunday 09 November 2003 09:54 am, Jack Coates wrote: > That's good strategy in the proprietary world, but the open source > community around both distributions has to buy into the idea for it to > work in this case. Well, it is new but I think that once the community realizes that RH is continuing to support Open Source and continuing to make an investment in Fedora, they will come to accept the differentiation. If you look at it as a way to clearly separate the desktop product from the server product, it begins to be seen as mostly a marketing move. In some ways, this may also help them combat the FUD from MS. With less frequent software updates and longer testing periods before new releases of RH, they will show a more low-key track record of security vulnerabilities and patches than they might if they were more cutting edge like Fedora. For those of us who understand IT, we know that frequency of patches is not necessarily an indicator of low quality, in many cases, it can be an indicator of high quality as the number of testers and developers patch things before they even become known issues. However, MS appears to be ready to use desktop numbers to recommend against certain Linux distributions, so this may just be a way for RH to combat that type of activity. > How long before "scratch-an-itch" leads to Fedora > being a pretty good server platform? It may already be a "pretty good" server platform. I guess the main question then becomes, how many companies want to rely on a "pretty good" server platform for their enterprise production level systems that will cause them to actually lose money if they go down. Red Hat has never compared well in the desktop market because of their reputation as having less cutting edge packages, less consumer hardware support, etc. This whole thing may just be a case of RH wanting people to compare apples to apples. I have always liked Mandrake more than RedHat because it does have more cutting edge software that I liked, at the price of some bugs that I could either work around or figure out how to fix myself. However, I am not running an enterprise wide banking system on it either. If I were, I might consider the ramifications of frequent software updates, less dedicated testing, and more unknown quantities in the mix. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] (OT)Uh..... Am I alone in noticing the insanity?
On Sunday 09 November 2003 02:42 am, Jack Coates wrote: > Anyone interested in this mess should have a look at this article: > http://www.theregister.co.uk/content/4/33823.html > > They're trying to increase revenues by preventing use of their "desktop" > offering in the server room. They've chosen a method that cuts off the > nose to spite the face, but I still think they'll continue to be quite > successful in the Fortune 500 space for inertial reasons. Only thing is, > when the Fortune 500 begins to seriously evaluate Linux desktops, they > won't be running RH. The question is, once they bring in Mandrake or > SuSE or Fedora for the desktops, what's going to stop them from bringing > it into the server room too? My take on this is that it is more of a branding issue. Desktops need much more cutting edge, in most cases, than do servers and certainly different types of supported hardware. RH appears to be attempting to fully differentiate its offerings, Fedora on the desktop with more cutting edge releases and by necessity, more buggy software, and the staid, old tried and true Redhat that goes into the server, has paid support and doesn't depend as much on the community. I don't necessarily think that any of this is a bad idea, at least from the perspective of creating an OS that is designed for a specific segment. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Dell laptop hangs with 9.2 when lid closed.
On Saturday 08 November 2003 12:43 am, Mofeed Shahin wrote: > G'day all, > > I've just put 9.2 onto my Dell inspiron 8200, which is a Intel 2.2 Mobile > chip, and ati radeon video. > > As soon as the lid is closed the the machine has a complete lock up. ie no > keyboard, no mouse, and no screen updates > > I just tried upgrading the kernel to kernel-2.4.22.21mdk-1-1mdk.i586.rpm, > and it still happens. > > I tried closing and opening the lid quickly, and it still locks up. > > The laptop worked fine under 9.1, if that helps... I suspect that ACPI may have problems. When you close the lid, it might be attempting to go into suspend mode and that may be blocked by improper or non-existant instance of ACPI on your laptop. Can you check to see if acpid is active, or apmd? -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] promise raid pdc20276 issues
On Thursday 06 November 2003 05:27 am, [EMAIL PROTECTED] wrote: > I have a dvd-rom player attached to an onboard promise raid controller ( > pdc20276), but i am not able to see it. I've had a look on the web for > answers and the promise website for drivers but cannot find any > solutions. Does anyone have any ideas? I don't have specific info about your particular RAID controller, but my understanding is that regular ATAPI devices like DVD-ROM, CD-ROM, etc. will NOT work from a RAID controller. Only hard drives. You might want to move the DVD/CD devices to a regular IDE controller and put only hard drives on the RAID controller. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] help - my box might be a relay
On Wednesday 05 November 2003 01:23 am, David E. Fox wrote:
> hey - help!
>
> it's seemingly apparent that in the last week or two there seems to
> be an increasing number of mails of a dubious nature being sent to
> a large number of bogus addresses by yours truly :(.
Do you have any bounces or copies of the messages with full headers intact?
If so, I can help you to decipher exactly what systems those messages have
gone through and possibly, their origination, be it a proxy or open system.
> I'm not a spammer but it seems that my mailing system (postfix) is
> misconfigured -- but I was under the impression that postfix was
> relay-proof. I have seen evidence though of some chinese sites
> "masquerading" as m206-157.dsl.tsoft.com, probably forging headers
> somewhere along the line. It further seems that mail is injected here
> and then attempts are made to send the sh*t off to other places.
Well, by default, Postfix will only originate mail for localhost. That means
that an account on the actual mail server would need to be used to originate
mail if it were going to be sent out. Is it possible that you inadvertently
made some changes by adding a trusted IP range that caused your system to
become open to relay? Or, is is possible that a user account has been
compromised that some person is using to inject mail? Lastly, do you have
any windows machines sharing the same connection and is is possible that they
were compromised and are originating the mail with their own SMTP engine?
> I have not gotten any complaints but as of now 22:30pm pst 11/4 there is
> approximately 2.3 megabytes' worth of mail trying to get out.
>
> 1) I want to simply remove these messages. How do I do this? I have not yet
> come across a queue removal program - like lprm - for mail. Can (or should)
> I just delete all the files underneath
> /var/spool/postfix/{defer,etc,deferred, etc} - i.e, keep the directory
> structure intact but do somehting like
>
> find /var/spool/postfix -type f | xargs grep rm
>
> Is that dangerous?
If you have Webmin installed on your system, you should be able to use the
control panel to look at the mail queue individually and cull out messages
that you want to delete from those that are valid. If you have a large
number in the queue, it could be that postfix has actually caught those
before they went out and prevented them from being sent. You might be able
to flush those automatically bouncing them back to the sender.
> Secondly, using a fairly stock configuration for postfix, is there some-
> thing I've missed? I can attach my configuration if needed. I have
> basically kept the same one intact since I initially reinstalled 9.0
> and upgraded to various levels of cooker over the past few months.
Attaching the config might be helpful. If you have made changes from the
default, there is no way to know how it is now configured without seeing it.
--
Bryan Phinney
Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] POP filters in KMail don't work
On Monday 03 November 2003 04:17 am, Artemio wrote: > During the past month I was getting 5-10 "M$ Security Patch" messages per > day. Damn those fsck&^% who send them - each message is 150Kb huge! Those weren't spammers, those were worms. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] fstab question (was broken xmms)
On Sunday 02 November 2003 10:19 pm, [EMAIL PROTECTED] wrote: > I'm reposting this under an improved title. What should I change in the > following fstab line to allow non-root users read/write access to the > drive? > > /dev/hdd2 /mp3 vfat iocharset=iso8859-1,codepage=850 0 0 > > TIA Add umask=0. /dev/hdd2 /mp3 vfat iocharset=iso8859-1,codepage=850 umask=0 0 0 -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] single hd on onboard raid controler
On Sunday 02 November 2003 07:55 pm, Evaristo Ferrari wrote: > Hi > I'm tring to install RC1 on a single hd connected with Ite ata 133 raid > controler of my GA-7N400 Pro2 mb and it can't see any disk. > I got iteraid.o driver by Gigabyte web site but if I try "expert" mode, > installation ask me for non dos > disk driver. I have looking for raid.image or other.image for making > boot floppy but have found none. > Is there a solution? Not for what you are trying to do. The RAID controller that is on your motherboard supports 0,1, and 0+1 RAID levels. However, in order to do any of these, you need two identically sized disk drives connected to the RAID controller. You can NOT do RAID with only a single hard drive. The whole point is to use multiple drives to provide some level of backup, failover modes. You can use your RAID controller as an additional IDE controller for a single hard drive but that is not the same thing as trying to create RAID striping on a single hard drive. In order to install on the RAID controller (using it as a normal IDE controller) using a single hard drive, boot the Mandrake Linux CD as you normally would and hit the function key to bypass the automatic installer. On the command line, you would enter "linux ide=reverse" along with whatever other parameters you need, like noapic, acpi=off, etc. It might look like "linux noapic acpi=off ide=reverse" and boot it up. You should then get into the normal installer and be able to install on your single hard drive. You should insure that you always boot up with ide=reverse no matter what version of the kernel you boot up with. That should work for you, it does for me and I am using a HPT374 RAID controller built onto my SOYO motherboard. I don't think that there is any solution that will allow you to boot from a RAID array using Linux. No matter how you do it, you will need to create a boot image that includes a RAID driver and will have to boot from that which means that the RAID drives are not available until the kernel loads in memory. It must be loaded from somewhere other than the RAID drives by definition. Perhaps a boot floppy, if there is one big enough, or a CD that you create especially for that purpose. You might also be able to do that from a network drive, not sure. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Fetchmail problem
On Thursday 30 October 2003 08:49 pm, Praedor Atrebates wrote: > Thanks. Unfortunately, that doesn't make it any better than running it as > a cron job. My desire is that no matter how many users are using, only ONE > fetchmail process is needed. Instead of all users running their own > fetchmail, have the system run ONE and have this one process check for > ~/.fetchmailrc files in all user directories and go from there. As a new > user creates a .fetchmailrc, the fetchmail daemon would simply find it and > use it on the next fetch. Fetchmail can be run as a user and will pull from the ~/.fetchmailrc file of the user it is run as. So, you can have user controlled processes of fetchmail. You can not have user controlled daemon processes of fetchmail because this would violate security features to not allow users to have root access. > > From your answer I assume that fetchmail is not capable of this. To my > thinking, this is a flaw in design. Instead of designing a system that > requires each and every user run independent instances of fetchmail, it is > self evident that a single process handling the mail for any and all users > is more logical and clean in design. Well, not giving users root access to a daemon may seem like a design flaw to you, but it certainly doesn't to me. And I also agree that a single process handling mail for all users is more logical which is why fetchmail is designed to do exactly that. It does not, however, include giving control of that process to the user themselves, since that would provide a hook for a user to potentially gain higher than their user level of access. Centralized processing should always be controlled by a central administrator with access handed out only as needed and as limited as it can be. > Fetchmail can't do this? Is there a > fetchmail-alike that can? I do not know of any. You may want to inquire on the Fetchmail mailing-list, they would be experts and might have some suggestions. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Fetchmail problem
On Thursday 30 October 2003 08:25 pm, Praedor Atrebates wrote: > OK. On my laptop I use a global /etc/fetchmailrc file because I like the > cleanliness of running fetchmail as a daemon at startup rather than as a > cron job as a user (Ugh. Crude. Ugly). I decided to experiment on my > desktop and try to use fetchmail in daemon mode but instead of an > /etc/fetchmailrc, I have a ~/.fetchmailrc file. Naturally, no worky. > > Is there a way to get fetchmail, the DAEMON, to use my ~/.fetchmailrc file > or am I going to have to copy it to /etc/fetchamilrc again? Simply run fetchmail with the -f option and specify the exact fetchmailrc file that you want it to use. IE. fetchmail -d 180 -f /home/user/.fetchmailrc -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Firewall questions
On Thursday 30 October 2003 07:01 am, Anne Wilson wrote: > So installing iptables will have no 'built-in' rules? That's what I > want, so that I can build it up a little at a time. Yes, that is the way that I am running it, to supplement the hardware router because hardware routers are not really suitable for filtering as opposed to blocking. > The problem for me is that the hardware router does not allow > GnomeMeeting to have a range of ports open (it uses h.323 tunneling), > so I'm thinking that I will need, eventually, to set my box dmz and > rely on the software one, suitably configured. I am quite prepared > to make the switch to dmz for the duration of a session (it won't be > too frequent), but I want the second layer in first. Consequently, I > can use dmz to test the rules, going back behind the hardware f/w as > necessary. What kind do you have? You should be able to open up an entire range, as small or large as you want and configure GnomeMeeting to simply confine to that range. I have a range open for passive ftp and it appears to work fine. > My experience with using it to set up samba does not encourage me to > do it that way, but I thought that browsing the interface might give > me a better idea of the questions I need answering before actually > doing any configuration. As your rules get extended, Webmin will evenually break down and time out trying to display them all. At least, it does in my case, so I simply keep a bash script to issue the commands and periodically update and rerun the script to repopulate changes to my firewall. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] msec level 4
On Sunday 26 October 2003 09:33 am, Michael Holt wrote: > Good morning, > I´ve got another msec question. I was working on a different > computer on my lan and hadn´t put it´s id in my hosts file on my > server yet. I was lazy and didn´t feel like getting on a system > which had access (for ssh that is) so I was trying different toys > to see which had access. I couldn´t get on user accounts using > ftp, or ssh, etc, but then I tried telnet and got right in. I > though, ´hmm, that´s odd...´ > I´m also able to get in using my domain name - which I´m not able > to do using ssh. I´m confused; why can I telnet get right in but > ssh is blocked? I know the obvious answer - remove telnet from > the server - but I would like more information about this before > removing the symptom. I would guess that something is either not configured correctly, you have installed some software that has changed the default settings, or you are hitting a different machine than you think you are hitting. I have tried this on my web server which is also set to msec level 4 and it does NOT work. Telnet connections are refused, just like SSH was initially until I opened that up using hosts.allow. It is possible that you have altered your hosts.deny file and the cron job that is supposed to change it back simply hasn't run yet, but it should get around to it. However, default at msec level 4 is to create a hosts.deny file that denies all. Until you explicitly allow connections in hosts.allow or remove hosts.deny, it should be refusing all connections. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: [export] DVD stuff
On Friday 24 October 2003 02:10 pm, Rodrigo Sanchez Olavarria wrote: > R/RW I guess I am not being clear. The cdrecord-dvdhack is used to write to a DVD-R or a DVD-RW type of drive and media. In order to write to a DVD+R or DVD+RW media, you need to use the dvd+rw tools. If you try to write to a DVD+R disk with the cdrecord-dvdhack, it will fail. So, in order for us to tell you whether you are using the right tool or not, we need to know if you are using +R/+RW disks, or if you are using -R/-RW disks. Of course, I am assuming that you mean actual DVD media and not CDROM as well. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Increading /mnt/cdrom size?
On Thursday 23 October 2003 05:20 pm, deedee wrote: > On Thu, 23 Oct 2003 17:53:26 -0400, Bryan Phinney wrote: > > Actually, he is quite correct. /mnt/cdrom is a directory located off > > of /mnt which in turn is located off of /. > > I believe you are confusing how a directory tree is set up to interface > with you as a user in order to help you find your files with the actual > devices where files are being stored. No, I am clearly stating that the directory that is used as a mount point for the cdrom device is an actual directory and can exist independent of the device that is associated to it by the mount command up until the mount command redirects the mount point to point to the device file instead of a directory on the file system. If you simply go out and look at it yourself, you will see that until the mount command is issued for a cdrom, there is clearly a directory present on the root drive in the /mnt folder that you can access with absolutely no disc mounted in the cdrom drive. For that matter, I can simply enough create a directory directly under root called cdrom and alter the fstab with a simply edit and any cdroms mounted on the drive will then be mounted in the directory cdrom off of the root drive. I accept that after I mount the drive, I am no longer hitting the directory in the filesystem when I access the cdrom, but up until I mount the media, I am. > Check your /etc/fstab. That defines your file system table and says > where the directories in your directory tree are really located. Actually, no. fstab merely designates the device file and mount point for devices when the mount command is issued. Much like a mapped network drive in NFS, the actual directory that is used for the mount point actually exists prior to remapping the location to point to the network resource and does not actually point to the device until the mount command points the directory to the device. > > Experiment: As root, with no cd mounted, cp a file to /mnt/cdrom and > > you will note that the file is copied and then exists in /mnt/cdrom. > > It actually exists in memory. [EMAIL PROTECTED] mnt]# ls -l total 9 drwxr-xr-x2 root root 48 Oct 23 17:49 cdrom/ drwxrwxrwx1 root root0 Oct 22 19:13 floppy/ dr-x--1 root root 8192 Oct 20 18:31 winxp/ Doesn't look like memory to me > I don't want to get into a fruitless debate about this. I know it is a > difficult concept. I'm only responding because I believe you are asking > for problems if you treat all the places on the directory > tree/interface as if they are actually all places on your hard drive. Neither do I. Why don't we agree to accept an answer from a disinterested third party. "Linux does not have different letters for the drives. Linux integrates floppy, hard disk, CD-ROM ... (the common name for all of them is "devices") into the directory tree. You simply "plug" the device in a subdirectory. The default directory for mounting removable media devices is /mnt/. There you create the subdirectories for all devices (e.g. /mnt/zip for the zip-drive), /mnt/windows/ for the WINDOWS partition. For the CD-ROM the directory /cdrom is as common as /mnt/cdrom/. Any needed directories can be created with "mkdir". To access the CD-ROM drive you have to register it in the system. This happens with the command mount" You can access the entire page at: http://www.linuxnetmag.com/en/issue3/m3mount1.html The blurb clearly states that mounting a device "simply 'plug'[s] the device in a subdirectory" that is either already created or is created when you issue the mount command. Either way, once the device is unmounted, the directory remains, in the file system, not in memory. I am not trying to be argumentative, but I also wouldn't want someone getting incorrect information either. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Increading /mnt/cdrom size?
On Thursday 23 October 2003 02:26 pm, deedee wrote: > On Thu, 23 Oct 2003 00:38:57 -0700, KevinO wrote: > > /mnt/cdrom is a real directory, until you mount something there. Since > > the /mnt directory is part of the / filesystem (not on a separate > > partition), its' size is limited to the free space available on / . > > After something is mounted there, its' size will be that of whatever > > you mounted there. > > I believe you are incorrect. This has nothing to do with whether > something is on the same partition or not. / is /dev/hda or whatever. > /mnt/cdrom is /dev/cdrom. They are completely different devices. Each > gets a spot on the directory tree so you can view what's on it. Actually, he is quite correct. /mnt/cdrom is a directory located off of /mnt which in turn is located off of /. Until you mount a cdrom in which case /mnt/cdrom actually starts pointing to the /dev/cdrom device which is then the size of whatever media is mounted. Experiment: As root, with no cd mounted, cp a file to /mnt/cdrom and you will note that the file is copied and then exists in /mnt/cdrom. Clearly with no media mounted, it can not be stored on /dev/cdrom but the directory does exist independent of the device as long as no device is mounted. You can also open up konqueror as root and navigate to /mnt and then check properties on /mnt/cdrom and it will show you how much space is available on root. > Turgut is correct -- /mnt/cdrom is on the CD drive which is not the same > device as / is on. Only after a cd is mounted, until then it is a directory called /mnt/cdrom which is stored off of /. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] [export] DVD stuff
On Thursday 23 October 2003 09:51 am, Rodrigo Sanchez Olavarria wrote: > Hello Experts .. > I have a DVD writer... and I want to backup some big files, > but cdrecord/cdrecord-dvdhack doesn't work ... (A error message > related to image size, in the beginig of the process ..) > > am I using the rigth tool ? What drive are you using as in DVD-R/-RW/+R/+RW? -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] RANT: vicious viruses
On Wednesday 22 October 2003 12:56 pm, Anne Wilson wrote: > > Since the worm uses it's own smtp engine or co-opts the Windows one > > it may not matter whether she sent anything, and it would have been > > possible for the worm to send copies of itself to any system that > > it could find with it's own scanning facility. With her address I > > do believe. Without any record in sent mail. > > Not a nice thought. > > Anne Not sure if anyone else is aware of this or not, but discussions on the net.admin.abuse.email newsgroups are pointing to a new spammer scam going around. Some not-very-nice hackers in former Soviet states, including Bulgaria, Latvia, and others have gotten together with spammers for financial reasons. Might also be related to Russian organized crime, etc. At any rate, they have created a couple of different trojan horse programs, these do not show up on anti-virus scanners because they do not self-propagate. They get installed when people visit certain seeded websites that cause unsecure installations of IE (which they all are to my knowledge) to download and install the trojan code. Once the machine has been compromised, it basically broadcasts its IP to select locations or IRC channels and these hackers add it to a list of zombied hosts that they use to route DNS requests as well as install unsecured open proxy software to in order to bounce spam through to avoid DNS blacklists. Estimates by one Polish member of one of these gangs is that they are now in control of about 400,000 windows machines running broadband connections in the US. The only way to find them is to portscan the entire machine looking for listening SOCKS proxies. Traffic from these machines is responsible for the shutdown of Osirusoft.com due to a DDoS attack from massive numbers of zombie PC's. Monkeys.com is also offline after withstanding the first wave of attacks, only to be hit again. Anyone running broadband on Windows that doesn't have a firewall that denies incoming connections on all but known ports is probably open to be compromised since you will never know that the site that you go to does not have nasty code waiting. Currently, there is one known exploit for IE that remains unpatched so no version of that software can be considered secure against the installation of a trojan. The patch that was put out by MS was confirmed to not actually fix the vulnerability. If someone starts having issues and antivirus software doesn't locate the problem, they may want to consider that the machine may have been compromised by a trojan. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virus?
On Wednesday 22 October 2003 12:31 pm, Charlie M. wrote: > > I don't know about your own experiences, but everytime I have been > > involved in a product development effort designed by a committee, I have > > not been overly impressed with the final results. Again, YMMV. > > My own personal experiences with anything involving committees forces me to > fall back on an old quote: > > "A committee is the only lifeform in the known universe with many limbs, > many eyes, many mouths.. > > and no brains." > > Sorry but I thought the discussion was becoming too intense. > > No offence intended. (-: No offense taken here, I was just plugging my .02 pence in to the discussion. Everytime that I see someone suggesting that open source developers cooperate with industry more, work with committees, etc., I almost always get visions of a pack of wolves inviting the sheep in for dinner. Not that I distrust business, mind you, but traditional corporations' entire business models are diametrically opposed to what open source is trying to do, so I think that you have to keep your eyes wide open when they start to make nice. Such suggestions sound a lot like SCO's recent letter asking open source developers to let them help monetize Linux. Or Forbes Magazine's dismissal of open source because the FSF doesn't put a price tag on licensing but instead demands that Cisco contribute back to the same movement that they benefited from by releasing its source based on Linux. At a certain point, you have to just recognize that some people are just never going to "get it." Move on, do what we do best and let them join in once they realize that people aren't buying buggy whips because they already bought an automobile and they simply aren't interested in discussing ways to incorporate buggy whips into cars. > > In my experience, nothing is secure. If you want absolute security, load > > software on the box, rip out all the disk drives, network connections, > > external interfaces and the keyboard and you are now secure. I used to > > have an old XT computer chassis, no disk drives, no keyboard and no > > working ports, that was a pretty secure box. > > I don't disagree with what you say, but I understand Haywire's point. Well, if you understand Haywire, then I wouldn't think we would be in disagreement, my point was that Open Source appears to be secure, it appears to be more secure than any other source developed with traditional centralized, from the ground-up models, and until someone provides a practical example of a superior product that was built using a centralized, from the ground-up model, I am perfectly willing to take my chances with good old Linux, open source, disjointed, hacked together as it may be. > For > the average non-technically inclined computer user any GNU/Linux/Open > Source system is easier to secure and maintain as secure. Simply because > there are so many ways to work toward the goal and so many available tools > and layers of defence to use. Fact is, I personally feel that the unified architecture of centralized products is a disadvantage when it comes to security. I like the chaotic nature of current varied distributions of Linux. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virus?
, rip out all the disk drives, network connections, external interfaces and the keyboard and you are now secure. I used to have an old XT computer chassis, no disk drives, no keyboard and no working ports, that was a pretty secure box. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simply Brilliant
On Tuesday 21 October 2003 10:56 am, HaywireMac wrote: > He actually did get direct replies from some of the recipients of his > scripted mails, and was informed of exactly what action they took as a > result, up to and including disconnection. Must be my cynical nature. Happy to know that someone actually cares about keeping the Internet clean for some reason besides money. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Simply Brilliant
On Tuesday 21 October 2003 09:07 am, HaywireMac wrote: > Guy on the Toronto LUG list posted this. Sends a mail to [EMAIL PROTECTED] > every time he gets one of those MS worms that are clogging so many > people's servers. > > Apparently, a few "lusers" have already been taken offline 'til they > clean their boxes as a result of this script. > > Personally, I don't have much of a prob with this, but I thought it > might be of interest at least to see how it was done. > > http://www.wehave.net/spam/ My guess would be it is NOT because of his complaints or the script but because ISP's are being swamped by all the traffic from their exploited machines and are now figuring out that they need to fix it before it bankrupts them or gets their ranges blacklisted by the rest of the net. Bigpond has reported troubles as well as Telstra from exploited machines on their networks, I am only surprised that more of them didn't figure out the impact sooner and start closing targeted ports, at least for outgoing traffic. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: [SOLVED] Burning bin/cue files
On Monday 20 October 2003 11:48 pm, stefmit wrote: > Replying to myself ;) - just as I wrote the previous reply, I thought of > starting to play with the parameters of cdrdao, and - lo and behold - the > following simplified version of the command line worked! : > > $ /usr/bin/cdrdao write --device 0,0,0 --driver generic-mmc --speed 24 > --eject /home/scm/downloads/.bin > > Left to figure out: how do I make k3b to produce the above? ... though it > sounds really stupid to even attempt that (i.e. emulating the GUI to > produce a one-liner)... Sounds like maybe the wrong device driver is configured in K3B. Also, you can turn off the overburn parameter in K3B. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Burning bin/cue files
On Monday 20 October 2003 09:53 pm, stefmit wrote: > On Monday 20 October 2003 08:01 pm, Bryan Phinney wrote: > > On Monday 20 October 2003 08:21 pm, stefmit wrote: > > > Anybody having ever tried and succeeded in burning bin/cue files? > > > > Yes, repeatedly. Using K3B amongst others. > > ... what others?!? There is a commercial Linux burning application called Gear Pro Linux from gearsoftware.com that supports bin/cue. I have used it in the past but not lately. > It looks to me that k3b is just a frontend to cdrdao, > and that looks like being the culprit, as I used the command line: Well, just as a test, let's try something else assuming that you have other CD burning applications on your machine. Use bchunk to convert the bin/cue file to an ISO and then you can either mount the ISO as a loopback to make sure that it is good or you can burn the ISO using another app to make sure that your devices are all set up properly. If you can burn the ISO but not bin/cue, we can begin to look at other possibilities for a cause. If you don't have bchunk installed you can get it here: http://he.fi/bchunk/ command is : bchunk *.bin *.cue mybin which will create a mybin01.iso file. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Virus?
On Monday 20 October 2003 09:41 pm, Cy Kurtz wrote: > > C'mon, I'll give you ten to one on the Windows box... ;-) > > no no no wait a minute! > > What happens when Linux becomes as popular as windows? Most people > writing virii are aiming at windows boxen, because they are more > numerous. People writing virii want to do as much damage as possible, so > they are going to go after the most popular OS. Every time I see this comparison, I wince. Explain to me how you can compare a single OS built by a monolithic entity that controls all of the source code and releases only the information that puts them in the best possible light with an OS built by literally dozens of different teams, each to their own specifications that basically share a common kernel but have different directory structures, package managers, peripheral drivers, etc. As much as I think that Linux will become a bigger target eventually, I do NOT think that anyone can generalize and say that one virus that exploits a vulnerability on one distribution of Linux will automatically propagate to every distribution. Ever tried to get a package that was built to be portable to actually port over to a different distribution? And they are trying to make it portable and can include code specifically designed to do so. Viruses have to be small and compact. Linux is not the same as Windows and comparisons of this nature only serve to make people forget WHY MS products have a tendency to be compromised more often and it has a lot to do with the unified environment, the same thing that MS is quick to take credit for when it works in their favor, and anxious to make people forget when you point out that it also works against them. I would not go so far as to say that Linux can not be compromised but given the age of the system, the fact that a lot more businesses run Linux which makes it a more attractive target for ego purposes, and the fact that with open source, MS could have been publishing exploits on Linux, if they were there, instead of funding dubious analyst research on ROI that nobody pays attention to, I feel pretty confident that Linux is much more secure than average Windows. The fact is that it is MUCH easier to write viruses for Linux, (something that these "journalists" often overlook) because of the fact that the source code is published so that virus writers can go through line by line and look for vulnerabilities. With Windows, they have to decompile and reverse engineer to find weak points that may end up being dead ends. Given the different nature of open source, we should be seeing many more viruses written for Linux than for Windows, if only because it is so much easier to do it. As for social engineering, based on my own experience, I would trust a Linux user to do the smart thing well before trusting the average Windows user, but hey, that might be just me. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Backing up my DVDs in 9.2
On Monday 20 October 2003 09:55 pm, [EMAIL PROTECTED] wrote: Well, the dvd tools being what they are in their current state, I would not want to make the process any more difficult for myself and purchasing a USB drive simply adds that much more to the potential problems. > > > You will have to look at something to that effect but you may want to > > query > > someone off of a public mailing list before asking someone to recommend a > > method for bypassing Digital Rights Management encryption. > > Oh, in that case I shelve my question. Thanks for the heads up. There are people around who can and will help you with this, just some of them would not wish to do so in a public, googled forum. ;-} -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Burning bin/cue files
On Monday 20 October 2003 08:21 pm, stefmit wrote: > Anybody having ever tried and succeeded in burning bin/cue files? Yes, repeatedly. Using K3B amongst others. > I am > getting the following error (I have "google-d" for it, obviously, but > nothing came out of relevance to my problem, as a possible answer ... just > some similar complaints ... ): Never seen this error. You sure that the Cue file is correct for this bin and that both are in a directory that is writeable and that you have correct permissions. Also, K3b needs to have a temp directory that is writeable as well. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Backing up my DVDs in 9.2
On Monday 20 October 2003 07:53 pm, [EMAIL PROTECTED] wrote: > I know this is *possible*, and I've read several HOWTOs on the net. I'm > just curious whether anybody on this list has experimented with the > various options out there, and which worked better than others. For making VCD backups, you will want to look at Video::DVDRip interface, you can find it on http://www.exit1.org/dvdrip/ > > At the moment I just have a CD-burner so will be making VCDs; in the near > future I will also have a DVD-burner, so would appreciate help on that > also. http://www.theorie.physik.uni-goettingen.de/~ostreich/transcode/html/dvd.html#tccat http://www.bunkus.org/dvdripping4linux/single/ http://dvd-create.sourceforge.net/index.shtml > Also, what should I look out for when purchasing my DVD-burner? Which > play better with Linux? If you buy DVD-R, DVD-RW, you need to use a CDrecord hack to record dvds. If you buy DVD+R or DVD+RW, you need to use the dvd+rw tools. You can find all of these on the web googling. Given that there are current versions of drives that support all four standards available for about $200-250, I would recommend that you simply get one that does everything and then pick a format that you prefer. I prefer +RW myself, YMMV. At any rate, I would recommend getting a standard IDE drive and not one of the external USB ones. I don't know of anyone that has gotten the external ones to work under Linux although it is possible I am just not aware of it. > Finally, given that I have european family who don't "get" region > encoding and send us DVDs as xmas gifts, do I want to look at decss, or > other? You will have to look at something to that effect but you may want to query someone off of a public mailing list before asking someone to recommend a method for bypassing Digital Rights Management encryption. At least in the US, discussing such methods violates the DMCA and is punishable under Federal law. The MPAA has shown no reluctance to prosecute either. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Help please! Cannot stop this spam
On Monday 20 October 2003 03:23 pm, David Guntner wrote: > Bryan Phinney grabbed a keyboard and wrote: > > The fetchmail log should be telling you what the error code is from > > Postfix but if I had to guess, I would say it is a 501, fetchmail > > normally counts 55? codes as spam rejects by default. > > Not on *my* system, it didn't. :-) I had to put it in to cause fetchmail > to behave itself when running into those. I think that you have to up the logging level on fetchmail to get all the details. When troubleshooting the messages that were left on the ISP, I did up the detail level. However, on my system, the error code is definitely 501 and not 554 for malformed addresses, although you can change it in the postfix configuration. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamd and sa-learn
On Monday 20 October 2003 12:37 pm, Praedor Atrebates wrote: > I suppose I could bring the /etc/procmailrc to .procmailrc in my home > directory. As I am the only user on my system, I didn't see much need to > setup individual procmail and fetchmail settings. Besides which, I HAD to > do the global setup for fetchmail (and thus defaulted to doing it with > procmail too) because I wanted to run fetchmail as a daemon rather than as > a cron job. If run as a daemon, it will not use ~/.fetchmailrc and will > complain and error out if there isn't an /etc/fetchmailrc. This is not totally correct. I currently run fetchmail as a daemon and it uses /root/.fetchmailrc as its configuration file. I do this by altering the startup script to point fetchmail to this configuration file rather than the /etc/fetchmailrc file which is the default (only of the included startup script). Making the change is trivial and insures compatibility with Fetchmailconf. You can also edit the modules for Webmin to point at the correct config file so that you will be compatible there as well. I do this only because the fetchmail author produced fetchmailconf so it would appear that his preferences is for the /root/.fetchmailrc location. I want to make sure that if I upgrade later on, I will already be compatible with whatever settings he is likely to use. > In any case, I suppose I feared that procmail would do the same thing and > complain if there wasn't an /etc/procmailrc (and having a .procmailrc in my > home directory would essentially be redundant). > > The /etc/procmailrc file is setup specifically for me. Can I simply get > away with moving /etc/procmailrc to $HOME/.procmailrc (and change the perms > to be for me rather than root)? Procmail wont complain if there is no > /etc/procmailrc file the way fetchmail does...or...if procmail is called > from the fetchmail daemon (not a user-initiated cron job) will procmail > still use $HOME/.procmailrc? If procmail runs as you, and needs to access some file that it does not have permissions for, you will get additional errors and some of your recipes may not work. If it is working now, why would you change it? -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamd and sa-learn
On Monday 20 October 2003 11:47 am, Praedor Atrebates wrote: > Simple question. Originally I used spamassassin directly from kmail (spamc > to work through spamd). Since it was I who was making the call I could > assume that whenever I did a "sa-learn --spam --dir Mail/Spam/cur" that > whatever was learned was used in subsequent spam analysis. > > Now I use spamd with spamc called from a procmail recipe. The user is > "nobody" instead of me. So, does doing "sa-learn", etc still work? Does > user root or nobody make use of the learning I give to spamassassin via > sa-learn? If you are sticking mail into a certain directory, you can actually specify which directory for it to check when learning messages. I used to have it learn from my "might be spam" folder but since I haven't gotten any of those in the last few days, I am currently not "learning" on anything. Since I was running SA process as root, it had access to whatever folder it needed for that, you would need to put your spam messages into a folder where "nobody" actually has read privileges. Just create a script like so: #!/bin/bash sa-learn --no-rebuild --spam --dir /home/user/Mail/spam/cur sa-learn --no-rebuild --ham --dir /home/user/Mail/notspam/cur sa-learn --rebuild Stick the messages in the appropriate mail folder or add others and run the script with a cron job as the user that you run SA as, it will add the learning into the root folder of that account. You can also send a copy of the message into a neutral folder and use it for learning. BTW, it does little good to have SA try to learn on messages that it correctly classified. It already got those. You should only have it learn on messages where it got it wrong, either spam that was not classified as spam or false positives that were classified as spam but were not. Keep in mind that you are trying to get it to learn to do what it doesn't do better, not trying to get it to learn to do what it already does right better. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Help please! Cannot stop this spam
On Monday 20 October 2003 11:52 am, Praedor Atrebates wrote: > Thank you, that appears to have done the trick. > > I was getting filled up with a new spam, producing the same type of > message, but adding that line to fetchmailrc did the trick. It is gone. > > I was getting quite angry and frustrated with this nonsense. > > Until a few days ago, I didn't receive any sort of message like this. Spam > came in and was dumped into /dev/null via spamd and procmail. Nothing was > getting through. These messages weren't getting through, per se, but they > were certainly causing just as much problems as normal spam by filling my > box with error messages. What's up with the misconfigured messages all of > a sudden? Why wouldn't I have run into this before now? Is something new > going on (the originating IP was completely different, as was the Subject, > than the previous viagra garbage) Well, again just a guess, but a little while ago, you were complaining about the amount of time that it was taking to route mail from Kmail through SA for filtering and I (perhaps others) suggested that you use Postfix and procmail instead so that you could process in the background. Postfix is the culprit here since Postfix is denying delivery of improperly formatted and addressed messages. Personally, I think that this is a good thing, although you can configure Postfix to not check and just deliver messages regardless of formatting. My guess would be that Kmail or whatever other client you were using does not check format or syntax but just makes a "best guess" as to the recipient based upon whatever info is there. Because there is no validation, there was no error and therefore all messages were delivered. Personally, I think that you are in better shape now, improperly formatted messages are almost always going to be generated by crappy spamware rather than real mail clients and servers, so deleting them sight unseen is in your best interest given that you are filtering. As to why it took several days, only the crappiest spamware and dumbest spammers generate such messages since ISP's often bounce them themselves so you may have just not run into any of them in that time. My own versions were rare as well, I got perhaps 2 such improper messages per month. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Help please! Cannot stop this spam
On Monday 20 October 2003 09:38 am, Praedor Atrebates wrote: > I have logged directly into my popmail server (yahoo) via the web and find > that the spam message isn't being repeatedly sent - the same message is > causing a problem over and over. Yahoo tagged it as spam and put it in my > bulk mail folder on their site. When fetchmail retrieved messages, it > would apparently have problems with that message and send me the error > message email instead of the actual spam. > > I am not sure why...is there a way to fix fetchmail so it wont do this > anymore? Instead of having a problem with a message and sending me a > bazillion error messages every time it sees the undelivered/undeliverable > message/spam, can I not just set fetchmail to dump the message? > > If I had not logged directly into the yahoo webmail site and deleted the > spam message there, fetchmail would continue generating that annoying > message forever, procmail would have had to process that same message > forever, and yet the original message would still exist on the server. For > the moment, I have elected to turn off yahoo's spamguard and let my system > handle the crap and hope that whatever the problem was, it will now be > handled properly and directly on my end. That probably won't help. Your Postfix system is configured to reject with an error, misconfigured messages regardless of the source. Whether they are in your regular inbox or in the bulk folder, they will still be rejected if they are not configured correctly. The only way to fix it permanently is to instruct fetchmail to discard messages when it receives an error code from Postfix. That will drop the message sight unseen from the pop mailbox and is exactly what I do after getting much the same behavior from dopey misconfigured spam messages. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Help please! Cannot stop this spam
On Monday 20 October 2003 09:11 am, Praedor Atrebates wrote: Okay, we don't see the Postfix error code but based upon the text of the message, my guess is that Postfix is rejecting this message upon the delivery attempt by Fetchmail, fetchmail is then sending a failure message to let you know but the message is not being deleted so upon the next poll attempt, it tries to deliver the message again. The fetchmail log should be telling you what the error code is from Postfix but if I had to guess, I would say it is a 501, fetchmail normally counts 55? codes as spam rejects by default. So, one way to deal with this is to add the 501 error message to your fetchmail config file as a spam reject, in which case, it will delete the message from the server. That is what I do for my accounts since I don't want to receive improperly formatted or addressed messages anyway. Your mileage may vary. Under your poll line in .fetchmailrc, add the option antispam 554,550,501 Line should show: poll mail.whatever.com with proto whatever user '[EMAIL PROTECTED]' there with password 'password' is 'localuser' here antispam 554,550,501 Add that line and you should no longer see those errors or have misconfigured spam piling up in your inbox. Only other way that I know of is to run Fetchmail configured to flush the box which removes all messages that were seen but no delivered. This is dangerous and could result in your losing messages due to Postfix being down when fetchmail tries to pick up mail. Another option is to periodically run fetchmail to pick up mail, then reload fetchmail in flush mode to flush misconfigured messages, then rerun fetchmail in normal mode. You could do this once a week but in the meantime would get all those errors in your syslog. Last option is to simply bitbucket all fetchmail-daemon notifications with procmail. Again, all of this is just a guess on my part without having access to the logs running at a sufficient detail level to record the actual error. The changes I have suggested will only result in your dropping messages that are not correctly configured or addressed or coming from valid hosts. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] msec???
On Monday 20 October 2003 07:30 am, Michael Holt wrote: > Yeah, that makes sense. I was reading different posts on HOW to > allow things though, and trying to find which way would stick > which was confusing. I put ´All: All´ in my allow file just so I > can make it work and I found a sample allow file on the web that > I´m going to play with when I get home from work today. Since > you´re running a web server, would you mind posting a copy of > yours? (/etc/hosts.allow file, that is). I wouldn't really mind but I don't think that it would do you any good. I do run a separate web server and since it is a public facing server, it would bear the brunt of most potential attacks, therefore, I purposefully keep it fairly locked down. I only allow SSH from within the local network, not from remote sites, and I purposefully limit the services run on it to known services. You have a more general purpose setup, so would have to open up more stuff. If you are not running a hardware router, I would highly suggest that you get one. Also, there are several security packages available that you should consider installing, portsentry, tripwire, logcheck, snort and perhaps even nessus to scan your own machine for possible exploits. If you have a hardware router, most of these should show up as negative unless you are actively running services. My current hosts.allow file might have something like the following: sshd: 192.168.0.? :ALLOW pureftpd: 192.168.0.? :ALLOW And that would be it. Other traffic is denied by default so any type of telnet or other connection would be dropped. Couple that with the firewall software and about the only traffic that can get through from outside is web traffic. > I´ve got kind of an ´all-in-one´ type of server - I don´t really > have the resources to split things up. I´m running apache, > webmail (postfix, squirrelmail, etc), samba, ftp, ssh, blah; just > pretty much everything - on the same box. It would be nice to > setup a firewall (other than port fowarding on my router), get > msec all hardened up, and make everything all secure - but I think > I have too many things going to do that. Anyway, all suggestions > excepted :) Unfortunately, you don't have much of a choice, with all of those services opened up, there is no substitute for a good firewall/hardware router and at minimum, several other security tools including, IMO, Snort (Intrusion detection), tripwire (checksum on files and changes), portsentry (detects and disables port scans), chkrootkit (checks for root kits), and logcheck (checks for modifications to the log file). Other suggestions, don't allow anonymous ftp access (that makes your server a target for script kiddies/warez kiddies), use RSA key encoding for SSH which provides an additional layer of security, Disallow Samba from external access with the firewall (I don't trust anything even if not MS but built to mimic MS stuff), and I would suggest tunneling the postfix and squirrelmail through SSH and disallowing those ports externally so that you get encryption and extra layers of security on the mail server. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] msec???
On Sunday 19 October 2003 11:25 pm, Michael Holt wrote: > Ok, I´ve read all the posts I could find and it looks like no one > has had any luck with msec? I´ve been doing fine forever at > ´high´ security; now a friend from work is dogging me about making > things more secure. Since he´s an m$ guy, I want to prove how > much better *nix can do things and so I am off and ready to make > that server of mine so secure that you can´t get ANYTHING done! > Well, I´ve succeeded! I can´t get anything done! > > Ok, sorry ´bout that; now here´s my problem: > When I go to msec level 4 - I can´t login to squirrelmail, use > ssh, use ftp - I´m just about completely locked out. I´ve tried > commenting out the line msec put in /etc/hosts.deny denying all, > but it gets overwritten. I read a post about using chattr +i, but > I´m using xfs so that´s no good. I tried adding > ´authorize_services (all)´, but that didn´t help. I would really > like to have secure level 4 or maybe even 5, but I need to be able > to use my computer and I don´t know how to manually set the same > environments without using msec. What can I do to fix this mess? > I want the wheel group, etc. Msec level 4 denies everything by default. Therefore, you must explicitly allow the things that you want to allow in the hosts.allow file. This will override the hosts.deny file so that anything that is not allowed is denied. I had the same problem with my web server, once you understand that the default behavior is to deny, it makes perfect sense. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Help please! Cannot stop this spam
On Sunday 19 October 2003 09:17 pm, Praedor Atrebates wrote: > I have receive over 100 of these today alone. Nothing i've tried with > procmail recipes has worked. I cannot stop this nonsense. The from > address is my own fetchmail-daemon: > [EMAIL PROTECTED] > > I am considering having all fetchmail-daemon emails sent to dev/null but > fear the repercussions. You should probably try to see what the exact message is. If Fetchmail is encountering an error, you may need to fix the error. For instance, my Postfix mail server is set to reject messages with invalid From headers and sometimes malformed spam is sent to my ISP mailbox with just such invalid headers. Since the ISP mail server is not as picky, Fetchmail tries to deliver to Postfix which rejects the message and then Fetchmail, doesn't delete the message because it did not recieve an ack from the mail server. It will try to do this repeatedly until the message is cleared. If you know what is causing the problem, you can instruct Fetchmail to regard the error code generated by Postfix as a bounce and then Fetchmail will discard the message. Your message may be something similar. Why not attach a copy so that we can see it? -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is this garbage?
On Sunday 19 October 2003 12:26 pm, Praedor Atrebates wrote: > OK, so how might I setup procmailrc to have any/all messages from this IP > be dumped into /dev/null? Since sending my message to the list, I have > received 8 more of these damn things in my trash folder. Create a recipe for that IP address. Something like: :0: * ^(Received:).*[^0-9a-z](105.183.205.243) /dev/null Although you might be better off to simply up the score on the spamcop blacklist in SpamAssassin to something that would trigger all of the IP's on that RBL to go to your spam list. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] What is this garbage?
On Sunday 19 October 2003 11:58 am, Praedor Atrebates wrote: > Is someone trying to use me as a relay? Is this just some badly designed > spam that contains nothing and is getting past spamassassin on my system? It is badly designed spam. The IP address in the received header is in spamcop as a spam source. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Postfix and Mandrake 9.1/Webmin
On Thursday 16 October 2003 06:44 am, James wrote: > I want to thank everyone for my previous Proftpd problems.. all is fixed > regarding that. > > Now.. I am trying to get Postfix to work via Webmin. I was able to start > Postfix using webmin, but I am not familiar with what settings need to be > set to send email and to receive email. I clicked on the various icons, > but still don't understand what I need to do to get email working so I can > send and receive email. > > I am using a number of virtual servers. > > I had postfix working wonderfully on Mandrake 7.1. I don't know why it is > more difficult to set up on Mandrake 9.1. =( James, you might want to give us a little more info about how you are going to be setting things up. Do you plan to relay through an ISP smarthost, direct MX mail server, do you have your own domain, with DNS MX records setup? That kind of stuff. Some ISP's don't allow outgoing port 25 from dynamic ranges, etc. Postfix is not hard to get started, IIRC, it will run almost out of the box but in order for it to do what you want it to do, you may need to do more complex things. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] DVD backup
On Wednesday 15 October 2003 09:51 pm, lorne wrote: > Either I misunderstood the original question or the answer was misguided, > since the URL mentioned talks of copying to a CD. How about something that > does like DVDXcopy for winblows? DVD to DVD? Moving from DVD to CD, either VCD or SVCD is more involved than moving from DVD to DVD. One would need to simply omit several additional steps involved in reducing the video from 640x720 to the smaller format of whatever the target was (SVCD is 640x640) and skip encoding the video from 5.1 to stereo. In other words, rip the vob files, edit the ifo files and burn to target. DVD::Rip supports doing all of that and much more. The DVD::Rip interface may not support doing the direct burn but if you have a DVD burner working under Linux, you already have the necessary tools to do that yourself, you don't need it to do it for you. I have a CLI script that can build a DVD ISO image for burning to media, all you need to do is create the directory structure and then build the ISO and burn with the tool of your choice. If someone is looking to get someone to explain the process of doing this type of thing step by step (especially for commercial DVDs that are encrypted and thus covered under DMCA), they should contact them person to person, off-list so that such discussions are not taking place in a public forum (which is also archived by Google) where any member of the MPAA can note them for future reference in yet another DMCA related lawsuit. (hint, hint) ;-} -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] DVD backup
On Wednesday 15 October 2003 09:44 pm, lorne wrote: > I can tell you one VERY good reason to do this. Well more than one. :) > My children are not old enough to jump through all the hoops of wide > format, normal format and all of other 7 minutes worth of hoop jumping to > just watch the blame movie! I had a brand new Shrek. My 3 year old put it > in on top of another disk in my juke box. It scratched it so badly it no > longer plays. So from now on I use a windows product (until I find > something like it for linux) called DVDXcopy Gold. Wonderful product. Now I > keep my originals safely tucked away, and the kids pop this sucker in and > it starts playing like a tape. It is GREAT! I really doubt that you are going to find an open-source Linux replacement for that type of software. Currently, IIRC, the manufacturers are being sued by the MPAA for DMCA violations relating to their reverse engineering of the CSS system. Open-source developers simply don't have the funds from sales to fight those types of lawsuits. Shouldn't be hard to duplicate the functionality though, there are several projects that could be coupled together that will duplicate that. Matter of fact, as long as you aren't wanting to deCSS or deMacrovision the copy, I could probably do this from a command line without very many problems at all, just by ripping the vob files for the main movie, pulling the ifo file, editing the ifo to remove the extra features and then building the iso image and burning to a DVD. BTW, if you put a DVD in a player, regardless of how many menus or alternate features are on the disk, hitting the play button a couple of times will cause the movie to play in all of the cases that I know of. With kids, it is better to teach them to use the player play button and keep them away from the remote. Wouldn't help with 3 year-olds handling the media though. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Vanishing mail, postfix, procmail, or spamassassin?
On Wednesday 15 October 2003 12:27 pm, Praedor Atrebates wrote: > OK, the changes appear to have fixed things. I am actually receiving > emails again from other than the expert list or other members of my > do-not-process list. The lost messages are still lost but at least I'll > (apparently) receive future ones. Take a look in your /var/spool/mail directory and see if you see any lockfiles there. If so, you may be able to recover the lost messages. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Vanishing mail, postfix, procmail, or spamassassin?
On Wednesday 15 October 2003 11:57 am, Praedor Atrebates wrote:
> Thanks Bryan. It arrived (in my logs only). I have not actually seen it
> and cannot see it. I do NOT understand what the deal is here.
>
> My syslog for your last direct email:
>
> Oct 15 11:54:02 stonekeep postfix/cleanup[31348]: E25CD831:
> message-id=<[EMAIL PROTECTED]>
> Oct 15 11:54:02 stonekeep postfix/nqmgr[31222]: E25CD831:
> from=<[EMAIL PROTECTED]>, size=1540, nrcpt=1 (queue active)
> Oct 15 10:54:02 stonekeep spamd[1910]: connection from localhost
> [127.0.0.1] at port 37327
> Oct 15 10:54:02 stonekeep spamd[31355]: info: setuid to root succeeded
> Oct 15 10:54:02 stonekeep spamd[31355]: Still running as root: user not
> specified with -u, not found, or set to root. Fall back to nobody.
> Oct 15 10:54:02 stonekeep spamd[31355]: processing message
> <[EMAIL PROTECTED]> for root:65534.
> Oct 15 10:54:03 stonekeep spamd[31355]: clean message (0.0/5.0) for
> root:65534 in 0.1 seconds, 1666 bytes.
> Oct 15 10:54:03 stonekeep postfix/local[31349]: E25CD831:
> to=<[EMAIL PROTECTED]>, orig_to=<[EMAIL PROTECTED]>,
> relay=local, delay=1, status=sent ("|/usr/bin/procmail -Y -a $DOMAIN")
> Oct 15 11:54:03 stonekeep postfix/smtpd[31347]: disconnect from
> localhost.localdomain[127.0.0.1]
>
> So, it arrived and passed through spamd as it should. It was cleared as
> nonspam (0.0/5.0). It doesn't exist after this on my system.
Do a ps -A and see how many SA threads you have running currently. With the
lockfile, it is possible that processing is just tied up trying to process
the message and it is never being released back to Postfix for delivery.
--
Bryan Phinney
Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] My procmailrc - any problems with this?
On Wednesday 15 October 2003 11:26 am, Praedor Atrebates wrote: > I just do not ever see messages that pass through spamassassin regardless > of whether they are spam or not. > > My current /etc/procmailrc contains: > --- > > :0: > > * ! > * ! > * ! > * <256000 > > | spamc -f > > I would suggest changing this slightly to | /usr/bin/spamc -f instead, make sure that you are explicitly giving it the command just in case your path variables aren't set right and it can't find the command or worse, finds the wrong one. Also, is the procmail lockfile working with SpamAssassin. I always get error messages when SpamAssassin runs as root and Procmail tries to use the default lockfile, usually I just don't use a lockfile with SA since by the time mail gets to that, I want it to pass through all remaining recipes. (that would be the trailing ":" character on the recipe. Mine just shows as: :0f * <256000 | /usr/bin/spamc -f -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Vanishing mail, postfix, procmail, or spamassassin?
On Wednesday 15 October 2003 11:14 am, Praedor Atrebates wrote: > OK Bryan, your message has still not arrived and I see no sign of it in my > syslogs so I think it is either bogged down on the net somewhere or has > simply vanished. Okay, check your mail one more time, I just sent a message and show it going out in my logs. Tell me if you get that one. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] More postfix testing...help?
On Wednesday 15 October 2003 10:13 am, Praedor Atrebates wrote: > As it would be "dangerous" to make a broad request and potentially fill up > my inbox with helpful replies, I direct this to a few specific individuals: > > James Sparenberg, Bryan Phinney, and Jack Coates. I request that the three > of you send me a simple reply to this list posting, directed to my email > address ([EMAIL PROTECTED]) and not the list. I have sent you the requested email reply. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] DVD backup
On Wednesday 15 October 2003 09:12 am, Daniel Axtell wrote: > Hello, > > I was wondering if it's possible to make backups of dvd's under linux, e.g. > keep the original pristine and play the backup dvd-r copy. I haven't been > able to find out much about this. Is there any software that makes this > easy? There is software to do this but making backups of commercial (in most cases double density) DVD's that are playable on consumer DVD players is not trivial. That is true for both Linux and Windows. Doing this involves identifying the vob files that contain the movie that you want, ripping the vob files from the DVD, passing it through a decoder or plugin to DeCSS the vob file, removing Macrovision and Country code (if desired) at the same time, editing the .ifo file to remove references to vob files that are no longer present and rewriting the decoded vobs and .ifo file to the DVD blank in the correct format. I also can't imagine why you would want to, playing a DVD in a player is not the same as playing a vinyl record, there is no wear on the DVD and it should remain fairly pristine (assuming that you don't manhandle the media) for your lifetime if not longer. Take a look at the DVDRip interface from PLF. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Help! Something's wack with my mailserver
On Tuesday 14 October 2003 09:14 pm, Praedor Tempus wrote: > A little more info from my syslog, showing what > happens when I try a test > message to myself (to my yahoo account): > > Oct 14 21:07:50 stonekeep postfix/smtp[3396]: > 208C882E: > to=<[EMAIL PROTECTED]>, relay=none, delay=3849, > status=deferred (connect to > mx4.mail.yahoo.com[66.218.86.253]: Network is > unreachable) > Oct 14 21:07:50 stonekeep postfix/smtp[3398]: connect > to > mx2.mail.yahoo.com[64.156.215.6]: Connection timed out > (port 25) > Oct 14 21:07:50 stonekeep postfix/smtp[3398]: connect > to > mx1.mail.yahoo.com[64.156.215.5]: Network is > unreachable (port 25) > > What's with the timeouts? I get the same thing for > messages sent from my > local box to the expert list. I can only send > messages now if I go to the > yahoo web interface. Local-sent messages timeout in > every single case as > above so I end up with a growing deferred mail list. > > Any ideas? Actually, I am surprised that Yahoo was allowing direct to MX mail at all on their networks, most ISP's stopped allowing that due to spammers a few years ago. If I had to guess, I would guess that they are dropping your packets because you are coming in from an external network and they basically don't recognize you as an authorized mail server. I am assuming that you don't own your own domain and have an MX record for said domain. Please correct me if I am wrong. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to Block IE from a Website
On Monday 13 October 2003 11:24 am, Jack Coates wrote: > On Mon, 2003-10-13 at 06:17, Bryan Phinney wrote: > > ... > > > This really depends on what the web site or application is doing. If you > > code for Opera, then you can be 98% sure that it will work with other > > browsers because Opera only supports W3 Consortium standards which are > > industry standards. Now, you may not be able to use that neato-cool > > proprietary technology to do your work which might mean that the > > developers have to put more effort into their coding, but you will be > > fairly certain of compatibility. > > you make the fatal assumption that IE supports the standard. It doesn't. > Standard code works on IE if it's really really simple, but frequently > breaks in ugly ways. > > Transparent PNGs. > PNGs at all (color is off). > Advanced CSS features, like flow. > Many advanced Javascript form functions. W3C is constantly publishing new standards and it often takes time to implement those in new products. Until I become aware of any software developer purposefully deviating from a published standard, I do not plan to deal with it. Not every technology currently available works with IE, nor Netscape, nor Opera or any other particular browser. I don't think that IE is particularly different in this regard than any other browser. If you want maximum interoperability, you have to code for the lowest common denominator. So, CSS1, not CSS2 features unless you know that they are all supported, etc. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to Block IE from a Website
On Monday 13 October 2003 01:13 am, rikona wrote: > Hello Eric, > > Sunday, October 12, 2003, 9:40:03 PM, you wrote: > > EH> That's the silly part: we're not really even asking for > EH> development. We just want them to get rid of the rejection of non > EH> IE browsers. It would mean *less* work and less code if they > EH> didn't put it in to begin with. > > I think it would be more work. They'd have to test it with other > browsers, and since different ones DO act differently, they'd have to > develop code to work in all of them. It seems to be easier (= cheaper) > to just put in a check and ask users to use IE. This really depends on what the web site or application is doing. If you code for Opera, then you can be 98% sure that it will work with other browsers because Opera only supports W3 Consortium standards which are industry standards. Now, you may not be able to use that neato-cool proprietary technology to do your work which might mean that the developers have to put more effort into their coding, but you will be fairly certain of compatibility. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] All I want to do is FTP
On Sunday 12 October 2003 10:57 pm, Dan Gordon wrote: > This interests me Bryan, it sounds like what im looking for. Could i > have a look at the config file you mentioned? Also have you looked at > kcmpureftpd ? is it worth trying ? I will send you a munged copy of my config file separately. Yes, I have looked at kcmpureftpd but had trouble getting it to run after I compiled it and noticed that it provides nothing that you can't get with the webmin module add-in for pureftpd so I am not using it. Currently, I use the webmin module for stuff like adding users and changing default directories and the like. It supports some very advanced functions and I can't think of anything that I would need to do that I can't do with it. BTW, I run pure-ftpd as a xinetd function which means that the daemon does not always run in memory but is called only as someone tries to connect. I prefer this method although it is probably slightly easier to set it up to run in daemon mode. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] KMail doesn't seem to delete anything
On Sunday 12 October 2003 04:35 pm, dfox wrote: > Somebody scribbled about Re: [expert] KMail doesn't seem to delete > anything > > >-BEGIN PGP SIGNED MESSAGE- > >Hash: SHA1 > > > >Which version of kmail are you using? I use v1.5 with KDE 3.1.3 and > > have no problems. If I use the keyboard delete key, it places the > > selected mail into the trash folder. If I use the X icon (right next > > I'm using the same version as yours. But haven't you noticed that the > messages in inbox don't ever get deleted? Is your inbox (assuming of > course you keep the messsages there) still growing ever larger if you > delete the messages? The messages are gone in the sense they never show > up in kmail, but the disk space is still being consumed by them. At least > this is still true with respect to inbox, and it's too soon to tell if it > is the case with my temp folder. even trash will grow periodically if i > don't delete the folder and recreate it periodically. This is configurable behavior. Go to Settings, Configure Kmail and click on the Folders tab. You will see an entry for "On Program Exit perform" and there is a check box next to empty trash. If you check that box then the trash will be emptied each time you exit Kmail. If you don't, you must manually empty the trash by right-clicking on the trash folder and choosing empty. Kmail does not automatically delete your trash, just in case you want to recover a message that you trashed by mistake. It does allow you to automagically delete it by choosing to override the default behavior in the settings. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] All I want to do is FTP
On Sunday 12 October 2003 05:07 am, James wrote: > Ok.. thank you all for your help. I now have ProFTPD installed. Though, > I still don't know what to do to get it working. I typed "service proftpd > start" and it started ok. > > The config is the original base set up for anonymous login. I don't want > that. I just want to allow certain individuals, such as myself, ftp > access. > > All of the previous suggestions made here on this mail list have been > lost. My hard drive crashed a few days ago, and I have lost everything > not saved on CD, including emails. > > Anyway, I have ProFTPD running, I just need a good configuration file to > allow specific users. I can't offer any help with Proftpd, I always had trouble getting that one configured and working correctly, along with some concerns about security since a lot of my reading pointed out some well known security implications with that ftp daemon. If you are interested in installing pure-ftpd and getting it to work, I can send you a configuration file that with some slight alterations will allow you to grant anyone with a userid on your system access to ftp, or to easily add some additional users that only have ftp access. You can find more information about pure-ftpd at: http://www.pureftpd.org/ They do have RPM's for that ftp server with Mandrake Linux so you won't have to compile or search them down. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to Block IE from a Website
On Friday 10 October 2003 06:21 pm, HaywireMac wrote: > Again, this is just a small gesture, and not just aimed at IE. It's > intended to expose Windows users to alternatives to not just IE, but to > Windows itself, which is why I point to documentation which highlights > the inherant problems with using Windows in general. Even if people > don't take this info as a reason to switch from Win to Lin, it just > might make them think of putting some pressure on MS to make a better > effort at security, or change the direction MS is taking. > > I plan on expanding the offensive to include the objects you mention, > such as Palladium, and the idea of even further integrating, and > therefore exposing to vulnerabilities, Windows OS components. > > MS is going in the wrong direction. I hope I can do my part, however > small, to make people see this, if there's any recommendations you or > anyone else can contribute, I'm certainly open to that. Well, there is a favorite link that I like to send people to when I want to give them a few reasons to consider switching to Linux from Windows. http://aaxnet.com/editor/edit029.html The write-up is rather long but very comprehensive and it explains without a doubt why personal users and small businesses need to start creating a plan to migrate away from Windows in the next few years. If you are interested in being able to give someone some concrete reasons, he pretty much covers the bases. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] This Host Wont Die/Shutdown!!
On Friday 10 October 2003 04:05 pm, Ricardo (Tru64 User) wrote: > Greetings, > > shutdown -h now, halt, reboot, shutdown -r now, kill > -9 1, kill -KILL 1, init 6, system still going > strong!!! > Finally, pulled out power plug!! > > Anyway to troubleshoot this further...?? > Second shutdown in 6monthssame problem. If you are using ACPI instead of APM, it is possible that the drivers are not quite right for your hardware. ACPI is not well supported on my fairly new motherboard. When I first installed it, I got the same behavior that you report. I removed ACPI and let it default to using APM and it now shuts down fine. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to Block IE from a Website
On Friday 10 October 2003 02:23 pm, HaywireMac wrote: > > That depends on your pages. If you use a CGI method, each page that > > can be reached via URL must be CGI based. If you use a PHP method, > > the same holds true. If you mix html, dhtml, CGI, etc. it is not a > > simple cut and paste function. > > Well there, the site linked above seems to differ with you. The claim is > that it is impossible to bypass (unless you spoof the browser ID or go > through a proxy, etc.) > > Quote: > > " It has the added advantage that it doesn't require CGI execution or > redirection, and can't be circumvented by knowing the URL for the "real" > page. It's pretty simple, actually. Place this code at or near the top > of your code, before any output has occurred." No, actually, I suspect that they are confirming what I said. They assume that all of your pages are PHP and that you include the detection mechanism on all pages. If you were running something like post-nuke or nuke, or another PHP type of content management system, you could simply add the code to a template and it would automatically be placed on every page that was pulled from that template. Since all pages are created from the same template and generated dynamically, the code would be on all pages. If you had both HTML as well as PHP pages and I had the URL to one of the HTML pages, I could bypass the code, correct? > All of my pages are .php, so this is the method I'll try. Anyhow, we'll > see how it goes, I have Wine installed and IE so I can test it. > > > The fact is that if I can load a page without loading the specific > > redirect code that you created, I can bypass the detection. Also, if > > I use a proxy server that doesn't pass a browser id header, I can > > bypass the redirect. If you are trying to lock out a specific > > browser, it is easier to bypass than if you only accepted a particular > > one. Without a browser header, the default behavior is probably to > > display the normal page. With most detection mechanisms, the default > > is to not display unless the browser identifies itself as a certain > > type. Even that can be spoofed, although not trivially with IE. > > I'm not lookin' fer a 100% blockade, I'll be happy if even 1 or 2 people > get the message, esp. considering the pathetic level of traffic my site > generates. > > Even if just a few people did this kind of thing, it could catch on and > generate quite a stir, IMHO. Not so much, as I say, to make it > *impossible*, but very difficult to ignore, knowwhatimsayin'? Well, I probably disagree with what you are doing having the result you intend. There is no point in attempting to get anyone to abandon IE at this point. MS has already announced that 6.0 will be the last standalone version of IE. All future versions will only be available as an integrated part of the Windows OS. So, within a few years, we will see people moving away from IE if they want to continue to move forward with technology but still keep running their old OS, be it windows or otherwise. People who move to the new versions of Windows are likely not to have any choice since MS plans to close down the OS to outside development as soon as the Palladium stuff gets going. I suspect that third-party applications will only be approved if they do not directly compete with internal MS applications and browsers do. Given that, it is inevitable that Opera, Mozilla and others will be the de-facto standards for browsers and IE will only maintain what marketshare they get from the OS itself. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to Block IE from a Website
On Friday 10 October 2003 09:36 am, HaywireMac wrote: > On Fri, 10 Oct 2003 09:34:38 -0400 > > Bryan Phinney <[EMAIL PROTECTED]> uttered: > > > Considering the effects of compromised home computers running XP on > > > the'net, I would like to start a campaign to essentially "lock out" > > > IE from accessing websites. > > > > > > Of course, one would still be able to use Windows, but have to use > > > an alternate browser such as Mozilla. > > > > You can test for an explicit browser string but the code must be added > > to every virtual server run from Apache. You can't just add it to a > > configuration setting, it has to be in the page or application code. > > I haven't even got Virtual Servers to work yet, even after following the > multitude of examples on this and the Newb list, I'll be happy if I can > just get some momentum going on this. > > So what you are saying is the the Apache config is useless? On their > docs page they seem to say otherwise... I do not know of any method of detecting the browser and altering the default page displayed based on that browser that does not entail creating code on the default display page and possibly subsequent pages of the site. I also do not know of any method of doing this that I would be unable to bypass in some manner. Figuring out what happens when you bypass the detection code is part of QA and I have yet to see any site that is capable of locking me out based on my browser. I have been working in software QA for about 8 years, the last 4-5 has been spent almost entirely on web-based applications. I would consider myself somewhat knowledgable in that area. YMMV. > > Also, if someone has a page under the actual index bookmarked, they > > can still bypass the detection string. I use that all the time to > > bypass detection and enforcement of IE only. > > I don't have many pages to edit, so adding it to each and every page > would be a simple matter of copy and paste. That depends on your pages. If you use a CGI method, each page that can be reached via URL must be CGI based. If you use a PHP method, the same holds true. If you mix html, dhtml, CGI, etc. it is not a simple cut and paste function. The fact is that if I can load a page without loading the specific redirect code that you created, I can bypass the detection. Also, if I use a proxy server that doesn't pass a browser id header, I can bypass the redirect. If you are trying to lock out a specific browser, it is easier to bypass than if you only accepted a particular one. Without a browser header, the default behavior is probably to display the normal page. With most detection mechanisms, the default is to not display unless the browser identifies itself as a certain type. Even that can be spoofed, although not trivially with IE. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to Block IE from a Website
On Friday 10 October 2003 08:46 am, HaywireMac wrote: > How would one configure Apache so that anyone using IE would be met with > a "nice friendly message" that they are not welcome? > > Considering the effects of compromised home computers running XP on the > 'net, I would like to start a campaign to essentially "lock out" IE from > accessing websites. > > Of course, one would still be able to use Windows, but have to use an > alternate browser such as Mozilla. You can test for an explicit browser string but the code must be added to every virtual server run from Apache. You can't just add it to a configuration setting, it has to be in the page or application code. Also, if someone has a page under the actual index bookmarked, they can still bypass the detection string. I use that all the time to bypass detection and enforcement of IE only. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamassassin help request: Resolved
On Wednesday 08 October 2003 12:30 pm, Praedor Atrebates wrote: > Thanks all, I have it working in a desireable fashion now. > > I am once again using fetchmail + postfix and, now, spamassassin to deal > with my incoming mail. Procmail is properly directing a subset of my mail > to my mailbox directly and passing the rest through spamassassin - and a > 30+ second delay for spamassassin processing isn't a problem. Procmail is > also /dev/nulling all emails identified as spam so I never have to see any > of it. Nice. > > A new question now. Fetchmail gave me a bit of a fit at first. I ran > fetchmailconf as user and then ran fetchmail as user and this was fine, > except I'd rather not have to start fetchmail myself every time I start my > laptop up - I'd rather have it run as a daemon. I DID get the fetchmail > daemon working eventually, but only after manually editing > /etc/fetchmailrc. As root or user, all running fetchmailconf would do is > create a > ~/.fetchmailrc file while daemon mode requires /etc/fetchmailrc. I tried > doing it from webmin as well to no avail. In the end, I copied my > ~/.fetchmailrc file to /etc/fetchmailrc so that I could run the fetchmail > daemon. How does one normally setup the daemon instead of running personal > instances of fetchmail, that is, how is /etc/fetchmailrc normally created? > I am assuming that I should not have to do what I did above and copy my > personal .fetchmailrc to /etc/fetchmailrc. > The init script for fetchmail normally tries to use /etc/fetchmailrc as a systemwide default fetchmail configuration file. You can however, change this to point to wherever you want it to draw from. So, on the run line, simply add the -f option so that the run command looks like: daemon fetchmail -d 180 -f /root/.fetchmailrc or if running as user daemon fetchmail -d 180 /home/user/.fetchmailrc although once you get the rc file setup, I am not sure why you would want to change it. The init script, if you want to change it is /etc/init.d/fetchmail -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] New Drive Woes...
On Tuesday 07 October 2003 09:50 am, Dalton Calford wrote: > I have a new ide drive in my system, and it is recognized by harddrake2, > but, it does not show up in /dev/ide/host0/bus1/target1/lun0/ (the disc > special block file is not there) > and obviously the link /dev/hdd is not there either. > > Disk drake does not see the drive, but it is in /proc/ide/ > > What are the steps to create the block files > > (I know that mknod does it, I just don't know the options and the man and > info pages are useless) > > thanks Not sure that you can do this manually with Mandrake without a lot of trouble. If you are running the new hardware detection daemon at startup and it is not detecting the harddrive, it will probably just remove the block file at every reboot, even after you create it. I have a similar problem when I hook up an IDE drive to my ide 3/4 - raid controller on the motherboard but haven't needed to mess around with it enough to make it work yet. You sure that you have the jumpers set right on the drive. If you are using cable select, it is possible that Mandrake is simply misreading the slave/master settings and ignoring the conflicting drive. Or they could actually be set wrong with both set to Master. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamassassin help request
On Monday 06 October 2003 04:46 pm, Praedor Atrebates wrote: > > listed do not get processed by spamassassin. The second recipe is: > :0fH: > > * ^X-Spam-Status: Yes > > | /dev/null > > I have tried several different variations of this with regards to the :0f > entry. I have tried :0f, :0fw, :0fW, and so on to no avail. How do I get > procmail to use this second recipe? Use: :0 * ^X-Spam-Flag: YES /dev/null BTW, you might want to not top-post before one of the other sticklers brings it up. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamassassin help request
On Monday 06 October 2003 03:48 pm, Praedor Atrebates wrote: > I am not real up on procmail filter writing (or the cryptic language of > procmail). I have run postfix locally in the past but haven't lately...I > have set it up to run again now. I have never had it work with > spamassassin or procmail before. Procmail is not that hard to work with, however, if you want to simply the process and have webmin installed, it has a control panel for procmail in the servers tab. You can create recipes there using easy stuff like ^From: whoever and then filter that way for people that you know. I use the List owner header for Expert and Newbie mailing list so I don't need to worry about spoofing, they are more likely to spoof the From header than to spoof the list-owner header. > > Here's what I'm interested in then, and perhaps you could provide hints(?): > > I want all email that _doesn't_ come from someone in my email addressbook > or the expert mailing list to pass through spamassassin. I assume I would > still be using spamd/spamc? How might I create a procmailrc "recipe" to do > the above? Just dinking around I produced something like: > > This first is intended to sidestep spamassassin: > :0f > > * [EMAIL PROTECTED] > * [EMAIL PROTECTED] > * ! > * ! > * ! ...etc... I would write some of these directly to the spool :0H * ^List-Owner: <mailto:[EMAIL PROTECTED]> /var/spool/mail/user That way, you not only skip the spamassassin check but any other recipes that you add subsequently. If you are pretty sure that you want to see the message, that allows you to do so without worrying about extra recipes getting tagged or wasting time routing the mail through any extraneous activities. This is useful for stuff like virus checking recipes like nkvir, if you ever want to use them. So, stuff from my local domain/machine skips the virus check since I am not in the habit of sending viruses to myself. Other messages go through the virus check but may skip spamassassin. Others go through the whole thing. > > | spamc > > This part is intended to have spam routed to /dev/null (based on something > I saw on the web, though I don't know how it would work wrt > spamassassin...perhaps I should have procmail look for some spam tag in the > > headers that spamassassin places?): > :0 H: > > * ^(X-UCIRVINE-SpamCheck:) I use: :0 * ^X-Spam-Flag: YES for spamassassin and then put in dev/null or you can route to a spam folder and screen it before deletion. For myself, anything with a score of 8 or more goes to dev/null and between 4 and 8 goes to a spam folder for checking. > > | /dev/null > > Is this workable or totally offbase? It is workable although you may want to split the email addresses up into separate recipes. It checks them one at a time and once routed, it doesn't need to check them again. If you use procmail to route the mail, put the most frequent sender first, then lesser as follows and that should cut down on processing time, not that you will notice any more anyway since it will all be done in the background. If you are concerned about speed, the faster you dispose of a message, the less time it takes procmail to process and deliver it. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamassassin help request
On Monday 06 October 2003 11:58 am, Praedor Atrebates wrote: > I also run spamassassin (daemon mode) on my desktop system (much better > hardware: Athlon XP2700+, 512 MB Ram vs Celery 366 and 256 MB Ram in my > laptop, for instance) and even though my desktop is stuck with a dialup it > still processes emails in one second or less - using bayes and the same > rules. My laptop uses an ethernet connection and takes no less than 20 > seconds per message. The main difference between the systems with regards > to spamassassin is that the laptop has had a lot more sa-learn data > applied. I use the laptop to acquire the vast bulk of my emails so it has > had more opportunity to learn spam. Are you downloading messages? If so, to two separate machines? How do you reconcile which machine, laptop or desktop, gets which mail? Or do you have multiple accounts, each going to a different machine? On my desktop machine, I run Postfix and retrieve mail with fetchmail and use Postfix to deliver locally. I then use IMAP to allow me to read mail remotely while leaving mail stored on the local machine. Because the spamassassin check is done as mail is received, I don't need to worry about the specific timing of how long spamassassin takes per message. > > As your reply did help out a bit with my understanding of the checks, I > altered my rbl check to 5 instead of 10. > > I would consider no more than about 2 or 3 seconds per messages the max, > given what it does to the usability of kmail. Again, if you pull your mail from the spool after spamassassin has been run with procmail (via fetching mail, filtering with procmail and then delivering to the local spool), Kmail's performance becomes immaterial because the filtering is done prior to retrieval by Kmail. I would recommend some similar setup on your laptop, that way, your mail is all stored in a central place, but you still have access to it from remote as long as you have a connection to the machine. If you need to pull mail down to your laptop machine, why not let fetchmail pull the mail, run through procmail and then use procmail to deliver directly to the local spool and you can use Kmail to retrieve from the local spool. You won't need to worry about process time that way since mail is processed in the background, separate from what Kmail is doing. > > In any case, concomittent to sending the first message, I altered my filter > list so that list mails are before spam analysis (using kmail). The expert > list is good about not receiving spam in it but other lists I am a member > of get spam posted fairly regularly so I have been passing all messages > through spamd to hit them. > > The main problem with the long processing times is that kmail is entirely > unusable while the check is ongoing. You cannot even write an email > because the entire app is is limbo while the spam analysis (per message) > goes on. If it didn't hang kmail for the length of time the spam check was > ongoing I wouldn't mind as much as I could read emails that made it through > and send/queue messages for sending but as it is... See above. Having Kmail route to procmail would appear to be your complaint, not spamassassin. If you let procmail do it's business with spamassassin prior to attempting to gather mail with Kmail, the delay becomes a non-issue and Kmail is always usable. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamassassin help request
On Monday 06 October 2003 10:41 am, Praedor Atrebates wrote: > I have fiddled some with my spamassassin but it is still just too slow. I > am running it in daemon mode (spamd and spamc) with bayes filtering on. > Spamassassin email analysis on my laptop is too slow to live with (about 20 > seconds per message). Several questions with the first: How do I add a > mailing list like this one to my whitelist? The whitelist appears setup to > deal with "from" addresses, not "to" addresses. Since all list mail is > "To: [EMAIL PROTECTED]" or some other variation of this, I can't > see how to setup my whitelist for this. A lot of this depends on what you consider "slow". My own setup takes about 40-60 seconds per message for filtering, I figure a lot of that is from the RBL checking, I use RBL lists extensively and some of them are a little slow to respond to queries. One suggestion, if you know that you want to whitelist mailing list messages, why send them through spamassassin at all? Simply setup a procmail recipe to put those messages directly in your spool, that way, you don't waste time doing header and body checks on messages that you would have whitelisted to reduce the score of those checks on anyway. In short, why do the checks if your whitelisting score will reduce the score to the point that the checks are superfluous? Something like: :0H * ^List-Owner: <mailto:[EMAIL PROTECTED]> /var/spool/mail/user will put all Mandrake Expert messages into user's mail spool and will essentially bypass spamassassin if that recipe is used first, before the one that sends all remaining mail to spamassassin. > My next question is about how to > reduce spam analysis time down from 20+ seconds to something more > realistic. Here are the entries to my user_prefs file, exluding whitelist: > > score RCVD_IN_RBL 10 > score RCVD_IN_RSS 1 > score RCVD_IN_DUL 1 > score RCVD_IN_BL_SPAMCOP_NET 4 > > use_bayes 1 > score BAYES_00 0 0 -6.400 -6.400 > score BAYES_01 0 0 -6.600 -6.600 > score BAYES_10 0 0 -6.400 -5.801 > score BAYES_20 0 0 -5.801 -3.101 > score BAYES_30 0 0 -1.246 -1.604 > score BAYES_60 0 0 2.002 2.002 > score BAYES_70 0 0 2.637 2.637 > score BAYES_80 0 0 4.1 4.1 > score BAYES_90 0 0 4.2 4.2 > score BAYES_99 0 0 4.300 4.3 > > What should I add or remove from the above to make this work faster? It might help if you told us what you consider "realistic" to be. I would suggest removing the RBL checks altogether if you really want to speed things up. With those, you are always going to be limited by the speed of the Internet and the DNS servers you are querying. Even with RBL timeout set relatively low, I think that it is cumulative, so a 10 second time out with 4 RBL checks adds up to a potential 40 second delay. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Cant Delete File
On Tuesday 30 September 2003 04:55 pm, Ronald J. Hall wrote: > On Tuesday 30 September 2003 10:33 am, Bryan Phinney wrote: > > or as Root "rm -rf .Mail-old" from the directory it is in. I am not > > aware of anything that an rm -rf won't get rid of. Just be sure you want > > to do it and that you specify exactly what you want to target. > > Umm, have you read the earlier messages in this thread? (not being a > smart-aleck - just curious) because you'd see where everytime I try to rm > this directory I get a hard reset of the entire system. I saw a message where you had tried rm and it said you didn't have permission, I did not see the ones where it was giving you a hard reset of the system. Sorry. > > Been awhile since I done it, I guess you can see my reluctance but what the > hey, nothing exciting happening here today: > > BOOM! Same result. I closed everything I could before I tried it - system > hard reset/rebooted and I lost all my Kmail settings. (redoing them now). > > Guess its the one critter "rm" can't handle, eh? > > Can't wait for 9.2, I'm gonna send .Mail-old to bit-bucket Hell. :-) You coming up in init 5 or 3. I mean, graphical login or CL login? If KDE is up and active, could explain why trying to get rid of an active and open directory is causing problems. You could always boot up in single user mode, init 1 and then try to remove it there. Although, if the directory is actually active and in use, removing it might be a mistake. Curious if you might be storing a lock file there rather than /var/subsys for some KDE process Have you tried doing a ls -a from within that directory to see what is in there? -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Those sms messages
On Tuesday 30 September 2003 01:07 pm, HaywireMac wrote: > On Tue, 30 Sep 2003 16:59:24 +0100 > > Anne Wilson <[EMAIL PROTECTED]> uttered: > > Yes, of course, I forgot that. So why, I wonder does this show as > > what seems to be the first hop? > > > > Received: (from anydomain [10.2.131.4]) > > by rtc_srv_nt.kaluga.mts (NAVGW 2.5.1.13) with SMTP id > > M2003093018540303984 > > like BP was saying, that's just the internal server, maybe a proxy > server? If I had to make a guess, I would say it is an internal messaging or mail server, like Lotus Notes that is forwarding smtp messages out through a public gateway machine. With sms, they probably have a large number of accounts and segregate them internally by using multiple machines but routing public messages out through a central gateway. Therefore, if you sent an sms from one cellphone to another for the local provider, it would never go public but would be routed internally. Only messages destined for public email go through the gateway. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Those sms messages
On Tuesday 30 September 2003 11:02 am, Anne Wilson wrote: > Going back through some of my old posts, I came upon the thread where > I tried to find out why kmail's pop filter didn't work on them. > Bryan suggested that maybe the originator was not the .ru name that > we saw. Looking again at the headers the originator appears to be > anydomain [10.2.131.4]). Passing this to whois brings up > > NetRange: 10.0.0.0 - 10.255.255.255 > CIDR: 10.0.0.0/8 > NetName:RESERVED-10 > NetHandle: NET-10-0-0-0-1 > Parent: > NetType:IANA Special Use > NameServer: BLACKHOLE-1.IANA.ORG > NameServer: BLACKHOLE-2.IANA.ORG > Comment:This block is reserved for special purposes. > Comment:Please see RFC 1918 for additional information. > Comment: > RegDate: > Updated:2002-09-12 > > Is this just that it is reserved for the cellphone range, or does it > mean something more? Move forward in the trail of headers. That is an internal server that is passing a message to an outward facing gateway machine that will have a valid IP address. Either one forward or two forward in the chain should give you the correct originating machine. I have been dropping all of those to /dev/null so I am afraid I can't help to track down the originating machine but they probably wouldn't respond to inquiries anyway. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Cant Delete File
On Tuesday 30 September 2003 10:24 am, ed tharp wrote: > On Tue, 2003-09-30 at 08:47, Ronald J. Hall wrote: > > On Monday 29 September 2003 10:26 pm, Damian Gatabria wrote: > > > WAIT!! this gives me an idea.. :oP > > > since you could move the file.. how about mv .Mail-old /dev/null ?? > > > > > > Same for you Jack, try `mv chrome /dev/null` > > > > > > ... /dev/null being in a different partition, i doubt it will > > > actually work, but what the hell.. > > > > > > HTH > > > > > > Damian > > > > Nice try, I believe I did get that suggestion before - here is the > > result: > > > > [EMAIL PROTECTED] darklord]$ mv .Mail-old/ /dev/null > > mv: cannot overwrite non-directory `/dev/null' with directory > > `.Mail-old/' > > > > ditto as root. :-) > > have you considered this " mv .Mail-old/ /dev/null/" or as Root "rm -rf .Mail-old" from the directory it is in. I am not aware of anything that an rm -rf won't get rid of. Just be sure you want to do it and that you specify exactly what you want to target. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Spamassassin question
On Wednesday 24 September 2003 06:26 pm, Praedor Atrebates wrote: > I think I'll answer myself. Doing some digging about, I see that one > likely needs to be part of the razor network to use razor filters in > spamassassin...is this correct? If so, it would appear an odd default > setting to have it set to use razor checking when one must (apparently) go > to some length to join the razor network. > > Am I offbase on this? You don't really need to do too much to do razor checking, you need to do a bit more to actually submit checksums to the razor project for spams that are not already there. I do the checking myself but don't have enough spams that get by the filters to bother with submitting the hash's to razor, although I do submit complaints to get the accounts used to spam shut down. I think that the extent that you have to go through is to issue the command to create the account on razor and all it needs is an email address for that. However, I do know that it took me a little while to get razor working correctly. I used to get the same error that you are getting when I used the spamd/spamc commands, but did not get it when I routed mail directly through spamassassin. Eventually I figured out that you need to create and run spamd as root rather than as a user account because it looks for the razor account info in the home directory of the user account used to run spamd. Or, I suppose you could configure it properly, I just never bothered with it since I don't mind spamd running as root. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Privoxy stopped - slightly oT
On Wednesday 24 September 2003 03:43 pm, Bryan Phinney wrote: > > I've seen privoxy recommended many times. I've been working on the > > TWiki site this afternoon, but didn't see anything about privoxy > > there. Any offers? > > Not sure what there is to offer. Privoxy is a pretty basic install, it is > just another proxy server like Squid only with prebuilt filters for ad and > privacy stuff. Anne, I just registered, I will try to add a quick blurb about it tonight if I can figure out how to work adding a topic under Desktop Applications for Proxy servers. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Privoxy stopped - slightly oT
On Wednesday 24 September 2003 11:44 am, Anne Wilson wrote: > On Wednesday 24 Sep 2003 3:24 pm, Bryan Phinney wrote: > > On Wednesday 24 September 2003 08:52 am, Miark wrote: > > > Hi all, > > > > > > I've been trying Privoxy for the last several days using the > > > default configuration. So far I like it, but last night it just > > > stopped. I looked for clues in /var/log. messages and syslog" > > > said nothing about it, and the Privoxy log files indicate nothing > > > other that it was re-started. > > > > > > Anybody else experienced this? Any ideas as to what might have > > > happened? > > > > I run privoxy all the time and have not experienced the same > > problem. My version of privoxy, however, logs to > > /var/log/privoxy/logfile, not to syslog. You may want to look there > > for answers or in a similar directory. > > I've seen privoxy recommended many times. I've been working on the > TWiki site this afternoon, but didn't see anything about privoxy > there. Any offers? Not sure what there is to offer. Privoxy is a pretty basic install, it is just another proxy server like Squid only with prebuilt filters for ad and privacy stuff. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Privoxy stopped
On Wednesday 24 September 2003 08:52 am, Miark wrote: > Hi all, > > I've been trying Privoxy for the last several days using the default > configuration. So far I like it, but last night it just stopped. I > looked for clues in /var/log. messages and syslog" said nothing about > it, and the Privoxy log files indicate nothing other that it was > re-started. > > Anybody else experienced this? Any ideas as to what might have happened? I run privoxy all the time and have not experienced the same problem. My version of privoxy, however, logs to /var/log/privoxy/logfile, not to syslog. You may want to look there for answers or in a similar directory. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] 9.2 pre-orders
On Monday 22 September 2003 09:33 am, Carroll Grigsby wrote: > BTW, from what I read elsewhere, I doubt that your mother/grandmother would > be able to install any breed of Windows without some serious problems, let > alone all of the other apps that are needed before Windows can do anything > useful. I think that they could install it, albeit with major security holes and problems soon to come. I would not recommend that any casual user install an OS, no matter what brand. MS is only saved by having the OS pre-installed by the OEM. I think that Mandrake is in most cases superior to Windows, at least if you get it installed it is secure, but neither should not be done by a casual user who is not prepared to learn how things work in order to get it right. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] 9.2 pre-orders
On Monday 22 September 2003 12:16 am, Vincent Danen wrote: > I really have nothing to add to this thread other than one thought (I'm > taking a back seat in this one... it's not worth it for me to open my mouth > since I'm not in marketing... I've also only begun to read the thread for > "moderator" purposes). > > If most people in North America, or the US, feel this way, then let me pose > this question. Why has Red Hat then, the most well-known Linux vendor in > the US, decided that they are getting out of the retail box market, if this > is in fact the case? Seems to me that if Mandrake has stupid marketing > folks, then Red Hat must as well. However, considering Red Hat's revenues > are also increasing, it would seem to me that they think this is viable and > will not hurt the business. > > So which is right? Not that I want to get drawn into this conversation but comparisons with Red Hat only work if the targeted market is the same. Red Hat, IIRC markets its distribution to businesses, specializing in corporate and small business environments and specifically target servers. Those customers probably purchase retail boxed sets pretty rarely, they have dedicated IT personnel to install and support, in most cases, and they are probably not sending the local CEO or owner out to a store to buy a boxed Red Hat set and install it on all of their business servers. Not to mention that a pre-packaged installation is probably not valid for most servers in any case. Mandrake, IIRC, is marketing itself more to consumers and as a desktop alternative, not simply as a server alternative. On the desktop, one is more likely to see a consumer go to a retail store and purchase a boxed set than for a business. That having been said, I still don't see this as being applicable to the discussion. Unless we are suggesting that Mandrake Linux is installable and configurable by an unsophisticated user who would be the person most likely to purchase an OS from a retail chain, the the existence of retail boxed sets is immaterial. Assume for an instant that your mother or grandmother were to purchase Mandrake from a retail chain, do you think that the experience installing and configuring will be fair to the distribution and recommend further purchases by others? I like Mandrake and think that it is one of the easiest of all Linux distributions to work with and I have worked with several others including Red Hat, Knoppix, Debian, Mepis, etc. Still, knowing end users as I do, I would not expect a casual user to get very far trying to properly configure Linux of any flavor. I am not the most technical of persons, but I do work in the IT field and run Linux. I do NOT buy software from retail outlets. I research packages and either buy online or find open source alternatives. Either way, I do not know anyone that I would expect to be able to configure and run Linux adequately that would purchase software from a retail outlet. If I were trying to market this, I would attempt to get the OS pre-loaded, as others have suggested and as I believe that Mandrake is trying to do with HP (a very good move, IMHO). I might also try to produce some easy to use scripts to ease mass installation and configuration in a business environment (perhaps use a script that draws from a text file that contains properties like Samba shares, domain names, machine names, email address, other options) so that admins could quickly setup new machines by pre-populating with the auto install disk and then running the configuration script. The script would place the correct info into configuration files to ease the process of individual personalization of the machine. With the auto install disk and a personalization script, I think that the Mandrake experience would be even better than current disk imaging of alternative-OS (evil-empire) machines. This might make Mandrake more attractive to the corporate desktop crowd and even if Red Hat is the choice for the server, they may choose Mandrake for the desktop. Eventually, desktop might influence server and Mandrake might extend throughout the enterprise. Keep in mind, this is nothing that a savvy admin couldn't do themselves, but having something already made would simply be one more reason to choose this particular distribution. All of that assuming that the corporate desktop is the targeted segment. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How do I get ext3 journal available on initial mount of /?
On Friday 19 September 2003 01:02 pm, Peter Møller Neergaard wrote: > I am running Mandrake on laptop. Unfortunately my APM suspend is not > flawless so occasionally my laptop powers off when I try to suspend. > Obviously this results in unsynchronized file systems and a check at > boot time. > > For that reason I have formatted all my partitions (including /) as > ext3 to have a journal to recover from. This does however not work > for / where es2fsck is scanning the whole disk looking for errors. > > I presume that it is because ext3 is not build into the Mandrake > kernel and thus have to be loaded as a module. Consequently the file > system will only be mounted as ext2 and an old type scan will take > place. > > One possible solution would of course be to compile the kernel with > ext3 build. I would however prefer a solution where I could just use > Mandrake's kernel. Is this possible? AFAIK, support for Ext3 and ReiserFS, both journaling file systems are built into the Mandrake kernel, either integrated or as modules that are available at boot. My own / drive is ReiserFS and on those few occasions that I have had a power outage, the machine has recovered nicely without any major problems using the Reiser journal. You might want to give us a little more info about why you think that ext3 is not working correctly. I have one drive formatted as ext3, just on the off chance that I need to mount it from a boot CD that doesn't support ReiserFS and it takes longer to recover than the Reiser ones from the journal but it does recover from the journal. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SpamAssassin processing black hole
On Thursday 18 September 2003 06:02 pm, Praedor Atrebates wrote: > I am using spamassassin in daemon mode for spam processing. Not too long > ago it was pretty quick but lately, it is painfully slow...on my laptop, on > my desktop it is currently still quite fast. > > Here is the processing time on a typical message (this is a typical time > for ALL emails and I get about 150 a day so it is SLOOW): > > Sep 18 16:52:27 lapdog spamd[6218]: processing message > <[EMAIL PROTECTED]> for > praedor:501. > Sep 18 16:52:58 lapdog spamd[6218]: clean message (0.7/5.1) for praedor:501 > in 31.4 seconds, 2919 bytes. > > 31.4 seconds to process a single message. ALL messages are taking about > 30+ seconds each. I haven't yet figured out what file I need to delete so > I can start over (with bayesian filtering - I am assuming that this is the > holdup right now - too much processing to go through the spam vs ham > files). What file do I delete, and where is it, so I can retrain > spamassassin? One other suggestion, how are you routing mail to SpamAssassin? Are you using the spamc/spamd combination or are you sending mail directly to spamassassin? For performance reasons, especially on busy servers, you should use the spamc/spamd combinations, not send mail directly to spamassassin. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] SpamAssassin processing black hole
On Thursday 18 September 2003 06:02 pm, Praedor Atrebates wrote: > I am using spamassassin in daemon mode for spam processing. Not too long > ago it was pretty quick but lately, it is painfully slow...on my laptop, on > my desktop it is currently still quite fast. > > Here is the processing time on a typical message (this is a typical time > for ALL emails and I get about 150 a day so it is SLOOW): > > Sep 18 16:52:27 lapdog spamd[6218]: processing message > <[EMAIL PROTECTED]> for > praedor:501. > Sep 18 16:52:58 lapdog spamd[6218]: clean message (0.7/5.1) for praedor:501 > in 31.4 seconds, 2919 bytes. > > 31.4 seconds to process a single message. ALL messages are taking about > 30+ seconds each. I haven't yet figured out what file I need to delete so > I can start over (with bayesian filtering - I am assuming that this is the > holdup right now - too much processing to go through the spam vs ham > files). What file do I delete, and where is it, so I can retrain > spamassassin? You might want to check to make sure that it is the bayesian filtering first. You can turn that off in the configuration file and then see what the processing time drops down to if any. Another possibility. Are you currently doing the RBL checks? One of the major ones, osirusoft.com has recently gone under and is no longer functional. It is possible that this particular RBL check is taking long amounts of time to return a response due to the problems with that list. If you are doing RBL checks, change or comment out the scores associated with this list, or better yet, disable the checks on that particular RBL and see if your timing improves. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] IE6 masquerading
On Thursday 18 September 2003 05:27 am, Douglas Bainbridge wrote: > Hi, > A particular website I want to access insists on IE6 (or just possibly > it may be satisfied with Netscape Navigator 6), reckoning this is needed > for 128-bit encryption of contributions. > I think there's been some discussion about Opera masquerading as IE6, > but is it possible to set Galeon (1.3.3) to masquerade, or failing that, > Konq? Yes, Under Konqueror, Settings, Browser Identification. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Mysql problem
On Wednesday 17 September 2003 09:27 am, Timothy Brown wrote: > Mandrake crashed on me last night with the errors: > Sep 16 20:00:02 off186ods kernel: Unable to handle kernel NULL pointer > dereference at virtual address 0094 > Sep 16 20:00:02 off186ods kernel: *pde = > I had to restart the computer and it did a file system check and now > everything on the computer seems to work except mysql it says in linux > conf that it is running but whenever I try to access it I get this error: > [EMAIL PROTECTED] root]# mysql > ERROR 2002: Can't connect to local MySQL server through socket > '/var/lib/mysql/mysql.sock' (111) > > I have tried do a mysql restart and I still get the same errors any ideas? > Tim Sounds like the crash left the sock file open on the drive and now when you try to start, it is unable to overwrite it. To test, simply go into the directory and if that mysql.sock file is there, issue the command mv mysql.sock mysql.sock.backup and then try to start mysql. If it starts, delete the backup file and have a beer. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: SOYO + AMD XP2500: new mobo
On Sunday 14 September 2003 05:10 am, Philip Webb wrote: > [ cc to Mdk Expert, in case anyone else has helpful advice ] > > the retailer -- to whom i returned the Soyo Dragon Ultra KT400 mobo -- > told me that Soyo had recalled them & were replacing them with new ones. > last week, i picked up a mobo, which i assume is a replacement > (i forgot to make a note of the serial numbers) > & i have now reassembled the box & tried it out. > > it seems to be an improvement at the BIOS level: > it recognises the processor as 'AMD XP 2500+' (correctly) > & defaults the DRAM clock to 166 MHz (previously it set it to 133 MHz ). > > however, there's a new problem: Linux won't start! > i had installed Mdk 9.1 , which is still there of course, > & Lilo comes up properly & tries to boot the system, > but fails with a kernel panic, which is quite new (Linux was ok before). > the lines on the screen are as follows: > > Unable to handle kernel NULL pointer dereference >at virtual address > printing eip: c02360d0 > *pde = Ooops: Not really sure which board you have. I have a Soyo Dragon KT400 Ultra Platinum. Not aware of any recalls surrounding this board and from what I have read on their site, they are not either. However, I have always had problems with the Hpt372 RAID controller on the board and Mandrake. I get a kernel panic everytime I try to boot when the RAID option is enabled in the BIOS. I did uninstall the hpt366 drivers and install hpt372 drivers and rebuild the kernel and this removed that particular problem but the stock kernel always gives a kernel panic. I just flashed the BIOS today to the latest version from SOYO and reenabled RAID just to try it out and got the kernel panic again. If you have RAID on your motherboard, try to turn it off and boot with the startup disk just to see if it makes a difference. Also, be sure to boot with noapic and acpi=off. Lastly, if you have more than 1 gig of RAM and a video card with more than 32 meg of memory, be sure to use the boot options mem=860M when booting. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] VNC server bad display on all MDK 9.1 machines
On Wednesday 10 September 2003 05:16 pm, James D. Parra wrote: > Thank you for all of your responses. One question though, update the gt on > the host vnc machines or the clients? My vncviewer works well from my > Mandrake box to any non-Mandrake 9.1 vnc host. > > Thanks again. > > James Host. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] VNC server bad display on all MDK 9.1 machines
On Wednesday 10 September 2003 01:03 pm, James D. Parra wrote: > Hello, > > When running VNC server (and tightvnc server) from any Mandrake 9.1 > machine, any attempt to connect to vnc host results in only the wallpaper > displaying and nothing else. This appears to be an inherent problem with > the MDK 9.1 build; how is this resolved? Your responses are greatly > appreciated. I suspect that this is the infamous anti-aliased fonts compiled into the qtlibraries bug. Suffered from this one myself. If you go to the Texstar repository off of http://pclinuxonline.com site, you should be able to download a fix for this issue which will remove the AA fonts from the qt libraries and enable tightvnc to work. If you have problems, let me know and I will send a direct link to the source repository for those rpm's. -- Bryan Phinney Software Test Engineer Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
