Does anyone have DKIM+sendmail+spamassassin smarts?

[Steven W. Orr]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I had sendmail + spamass-milter + sendmail. All was good.

Then the spam started creeping up and I added clamav via clamav-milter. (When
I say levels were increasing, I mean to say that the levels of false negatives
that were getting through were getting through. The stuff that gets rejected
is rejected in the milters so I never even see it.)

Huge help. Then it started creeping up again. I added something called scamp
which added huge numbers of signatures to clamav. Life was good again. Then I
saw that the spam levels were again bumping up. I decided that the mail that
was rejected by clamav-milter (which came before spamass-milter) never got to
contribute to spamassassin's bayes and AWL tables.

So I looked around and found a clamav plugin for spamassassin. I got rid of
the clamav-milter and the difference is quite noticeable.

Now I want to use DKIM to have sendmail sign my mail. In addition, I

loadplugin Mail::SpamAssassin::Plugin::DKIM

in spamssassin because I see how important it is for spamassassin to be the
central place where countermeasures happen.

So what I want to do is to setup dkim-milter so that it will sign my outgoing
mail and serve the public key, but I don't want the milter to verify the
incoming mail because spamassassin is already doing that.

To be honest, I'm not even sure if I'm asking the question write.

Am I making sense?

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpYAx8ACgkQRIVy4fC+NySKCACdGizxHULU+nz+XBVvvdK7jWpa
34kAnjQ6c5JYejQ1DIYiNn9LorXyCOcP
=tK0F
-END PGP SIGNATURE-
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Finding *unfiltered* free WiFi?

[Joshua Judson Rosen]

Dave Johnson  writes:
>
> Bill McGonigle writes:
> > 
> > > We've got the `open database of general knowledge' (Wikipedia), the
> > > open database of maps (OpenStreetMap), the open database of
> > > speed-limit signs (Wikispeedia), the open database of GSM cell-sites
> > > (OpenBmap)..., why not one for WiFi-hotspots?
> > 
> > We actually talked about this a bit at the DLSLUG meeting on
> > OpenStreetMap.  A WiFi node is just another type of node, with a certain
> > tag.  I think somebody said wardrivers have already automated this?  It
> > makes more sense to add the data to OpenStreetMap than to create another
> > database.
> 
> Google has been recording location data of WiFi APs (no surpise
> there), too bad the data isn't exported in a friendly way.  From what
> I can tell, anywhere that has been Street View'ed has also had all
> WiFi AP's recorded as the car passed by taking pictures.

Man--not only do they show my wife's car in front of our apartment,
but they also show my AP? Are they advertising the ESSIDs somewhere?

> This was rather obvious when using the iPhone 2G (no GPS).  It would
> contact some server via HTTPS and (presumibily) send nearby WiFi AP
> data in an attempt to get a more precise location.
> 
> Worked great when driving down a street that had been Street View'ed.
> Whenever an AP from someone's house got in range, it would narrow down
> the location rather well.

Well, I guess *that's* OK :)

More seriously (and generally), there does some to be, at the very
least, a set of `political issues' to be encountered when we start
building a public DB of WiFi access-points--people may not appreciate
the idea that they could be `blitzkriegdriven' by the *whole world*,
even when they're happy to offer an open access-point for passers-by
wanting to do benign things like check e-mail.

I've had to deal with stationary freeloaders doing high-load
filesharing on my open WiFi network, am I going to have to deal with
transients who've planned out their road-trips around a WiFi
AP-hopping scheme so that they can run bittorrent on-the-go? I think
I'm going to tell myself that that's unreasonably paranoid--I hope I'm
right :)

-- 
Don't be afraid to ask (Lf.((Lx.xx) (Lr.f(rr.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Finding *unfiltered* free WiFi? (was: WAP/Router for use with OpenVPN)

[Dave Johnson]

Bill McGonigle writes:
> 
> > We've got the `open database of general knowledge' (Wikipedia), the
> > open database of maps (OpenStreetMap), the open database of
> > speed-limit signs (Wikispeedia), the open database of GSM cell-sites
> > (OpenBmap)..., why not one for WiFi-hotspots?
> 
> We actually talked about this a bit at the DLSLUG meeting on
> OpenStreetMap.  A WiFi node is just another type of node, with a certain
> tag.  I think somebody said wardrivers have already automated this?  It
> makes more sense to add the data to OpenStreetMap than to create another
> database.

Google has been recording location data of WiFi APs (no surpise
there), too bad the data isn't exported in a friendly way.  From what
I can tell, anywhere that has been Street View'ed has also had all
WiFi AP's recorded as the car passed by taking pictures.

This was rather obvious when using the iPhone 2G (no GPS).  It would
contact some server via HTTPS and (presumibily) send nearby WiFi AP
data in an attempt to get a more precise location.

Worked great when driving down a street that had been Street View'ed.
Whenever an AP from someone's house got in range, it would narrow down
the location rather well.  As soon as you went to a street with no
street view pictures, it would revert back to the less accurate cell
tower location.

-- 
Dave
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

[GNHLUG] Firefox 3.5 Release party at the Holodek / 506 US Rte. 1 Kittery, Maine Saturday 7/11 2-6pm

[Robert E. Anderson]

Celebrate the release of Firefox 3.5 with us at the HoloDek 
(http://www.myspace.com/holodek) in Kittery Maine.

The Firefox 3.5 Release Party at the HoloDek will feature:

* a live demo of Firefox 3.5

* usable versions of Firefox 3.5 on the HoloDek PCs.

* Firefox trivia will give attendees a chance to prove their knowledge, and 
win all sorts of Firefox swag.

* We will also be running mini-gaming tournaments for Firefox swag and more!

Since HoloDek is a LAN center, attendees can expect all types of multiplayer 
gaming!  

Show up any time during the event to check it out!  Live demo at 4:00 p.m.

For more information on the Holowdek visit their website 
"http://www.myspace.com/holodek":http://www.myspace.com/holodek

Thank you to Matthew Craig for putting this together for us.

-- 
--
 Robert E. Anderson email: r...@sr.unh.edu
 Systems Programmer phone: (603) 862-3489
 UNH Research Computing Centerfax: (603) 862-1761
--

___
gnhlug-announce mailing list
gnhlug-annou...@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: OpenSSH vulnerability?

[Neil Joseph Schelly]

On Thursday 09 July 2009 03:28:10 pm Dan Jenkins wrote:
> > I'm not sure how widespread it is, but I know that ANHosting (MidPhase)
> > is blocking it entirely.  And they've got no ETA for when they'll put it
> > back so far.  I guess they're waiting for details and patches about the
> > exploit to be released... ugh.
>
> HostGator has disabled OpenSSH support for now. No ETA for restoration
> either.

Damn.  I hadn't noticed HostGator did it.  And I just signed up with them 
recently.  Argh.  AN/Midphase has at least informed me they expect to turn it 
back on sometime today.
-N 
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: OpenSSH vulnerability?

[Michael ODonnell]

>> Hey!  cool - if this FUD approach is so effective maybe we can
>> use it to rid the world of some other scourges.  Like what if we
>> very coyly insinuated that there *might* be one or two flaws in
>> Microsoft Windows[...]
>
>It hasn't worked agains MS yet...


Right - that was my (possibly too-subtle) point - how frustrating
it is that a useful and robust tool like OpenSSH is thrown under
the bus by those ISPs after one unsubstantiated whiff of FUD, yet
despite the many documented Windows vulnerabilities they apparently
never consider using anything else.

And never once, BTW, in all the news accounts I've heard about
the ongoing DOS attacks, have any of the talking heads mentioned
that the zombie machines comprising the bot-nets are (mostly?)
all running Microsoft Windows.  Didn't their parents teach them
that it's important to give credit where it's due...  ;->
 
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Finding *unfiltered* free WiFi? (was: WAP/Router for use with OpenVPN)

[Tom Buskey]

On Thu, Jul 9, 2009 at 6:43 PM, Joshua Judson Rosen wrote:

> Bill McGonigle  writes:
> >
> > On 07/07/2009 12:54 PM, Neil Joseph Schelly wrote:
> > >
> > > I run my company's OpenVPN endpoint on both UDP and TCP.  I send
> > > out configurations using UDP because it works in almost all
> > > circumstances, but there was once, with an employee travelling
> > > somewhere in Europe, where the hotel firewall/NAT didn't do
> > > anything for UDP connections.
> [...]
> > I hit a couple of these recently, in two different hotels on the same
> > trip!  Both only allowed DNS and HTTP/S (most of their guests only use
> > wifi for facebook and porn?).
> [...]
> > I've since set up this kind of config for a couple clients with mobile
> > salesforces that have had similar symptoms.
> >
> > At this point it seems "free wireless internet" is an insufficient
> > advertisement for a business traveler, and there's probably nobody you
> > can talk to ahead of time who can tell you what they allow.
>
> Start a wiki project? :)
>
> We've got the `open database of general knowledge' (Wikipedia), the
> open database of maps (OpenStreetMap), the open database of
> speed-limit signs (Wikispeedia), the open database of GSM cell-sites
> (OpenBmap)..., why not one for WiFi-hotspots?
>
> Actually, it looks like OpenBmap  has
> already expanded their scope to include WiFi hotspots; it seems like
> access-restrictions might be just the sort of data that they'd want to
> include in their database--I don't know whether they've considered
> that prospect, yet.
>
>
 http://www.wigle.net/ is a map + wardriving mashup.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: WAP/Router for use with OpenVPN

[Tom Buskey]

On Thu, Jul 9, 2009 at 4:59 PM, Bill McGonigle wrote:

> On 07/07/2009 12:54 PM, Neil Joseph Schelly wrote:
> > I run my company's OpenVPN endpoint on both UDP and TCP.  I send out
> > configurations using UDP because it works in almost all circumstances,
> but
> > there was once, with an employee travelling somewhere in Europe, where
> the
> > hotel firewall/NAT didn't do anything for UDP connections.  That's the
> only
> > time it's ever been used and it may never be used again.  The TCP
> connection
> > is just too much slower to use on a regular basis.
>
> I hit a couple of these recently, in two different hotels on the same
> trip!  Both only allowed DNS and HTTP/S (most of their guests only use
> wifi for facebook and porn?).  I wound up on a $45/hr Internet
> connection at a nearby conference center for just long enough ($7 worth)
> to setup a TCP/443 OpenVPN instance on my pfSense firewall (running on
> Via C7 hardware).
>

FWIW, there are adaptations to tunnel SSH over HTTP (corkscrew), DNS, ICMP
among other things.  Corkscrew isn't too bad.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: OpenSSH vulnerability?

[Tom Buskey]

On Thu, Jul 9, 2009 at 4:03 PM, Michael ODonnell <
michael.odonn...@comcast.net> wrote:

>
>
>
> >> I'm not sure how widespread it is, but I know that ANHosting
> >> (MidPhase) is blocking it entirely.  And they've got no ETA for
> >> when they'll put it back so far.  I guess they're waiting for
> >> details and patches about the exploit to be released...  ugh.
> >
> > HostGator has disabled OpenSSH support for now.  No ETA for
> > restoration either.
>
> Hey!  cool - if this FUD approach is so effective maybe we can
> use it to rid the world of some other scourges.  Like what if we
> very coyly insinuated that there *might* be one or two flaws in
> Microsoft Windows that could allow millions of machines to become
> enslaved in botnets controlled by genuinely malicious people who
> rent them out to others bent on causing actual measurable harm?
>
> Ssss!   we could provide details but we're not gonna, cuz
> it's a secret...
>
> __
>

It hasn't worked agains MS yet...
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/