[qmailtoaster] Re: patch utility under Fedora 13
Jake can answer you question best. He manages the patch files. I gotta ask though, why F13? F14 is current, and F15 release is right around the corner (scheduled for 2011-05-24), which means that F13 will no longer be maintained in only a couple months (2011-06-24). See http://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule Fedora is generally not a good choice for a production server, due to its relatively short lifetime. CentOS is a more stable platform, and is recommended for production QMT use. CentOS5.6 just came out this past weekend, and will not reach end of life for another 3 years (2014-03-31). By then, Fedora will be up to release 20. I think you get the picture. At the same time, we do appreciate people who install QMT on Fedora, so we can get things like this worked out well in advance of them arriving in CentOS. Thanks. -- -Eric 'shubes' On 04/10/2011 05:46 PM, David Bray wrote: During the install process (amongst other things) the packages are installed from source and the patch utility applies patches then they are compiled .. The patch utility uses the switch p0 and this fails, but p1 works it fails on the new box: * it runs fine on the old box o the old box is Fedora release 12 (Constantine) 32bit o the new box is Fedora release 13 (Goddard) 64bit * patch is ... o patch-2.6.1-4.fc12.i686 o patch-2.6.1-8.fc13.x86_64 * it fails for assume all, but certainly the first 2 o daemontools o ucspi-tcp-toaster + /usr/bin/patch -s -p0 --fuzz=0 /usr/bin/patch: rejecting target file name with .. component: ../ucspi-tcp-0.88/error.h I've been able to successfully compile by changing the switch to p1 + /usr/bin/patch -s -p1 --fuzz=0 So do I need to mod all the srpms or is there something else ? Thanks in advance -- *David Bray* http://www.brayworth.com.au da...@brayworth.com.au - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Perl Bot
I don't know the answer to your question off hand. The owner of the file would probably give a clue. Given that it's in the /tmp directory, I think that webmail would be a good guess. Are you running your anti-virus program on mailboxes? Looking inside of archive file type attachments (.zip, etc)? -- -Eric 'shubes' On 04/10/2011 06:00 PM, Mike Canty wrote: To All, This is more of a general question in regards to attack against one of our servers. We have found that one server is continually being hit by Perl Bots. Initially this machine was compromised, so we rebuilt from scratch and altered any access via SSH, made sure the firewall was appropriate, etc., but we are still seeing instances of attack. To combat these attacks we have an Anti-Virus program running and it returns errors like to following. A virus classified as 'Mal/PerlBot-A' was detected in the file '/tmp/dude' when closing it at Sun Apr 10 03:08:29 2011 EST +2100 (2011-04-09 17:08:29 UTC). What I want to know, is where these Bots come from. Are they launched from an Email when it is accessed via Webmail? Or can they get to the server through an IMAP account. This machine is not running a web proxy, and the only we requirement is Webmail (and Qmail Toaster management), so where are these coming from. Any information would be appreciated. Cheers Mike Canty - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Automatic Account Expirations
I was looking at the script in the qmailtoaster wiki for Automatic account expirations. The script is not working for me and I am not all that great with bash scripts. Has anyone run this script on the list? When I modify the script with my server info and run the script, it logs me into mysql and then stops. when I press ctrl-c I get the following notice. mysql Aborted ./autodelete.sh: line 128: syntax error near unexpected token `newline' ./autodelete.sh: line 128: `$MYSQL_DATABASE -E -e $SQL_QUERY | $GREP email | $GAWK -F' ' '{print $2}' ' Can someone help me please or push me an alternative direction? Thank you, Gilbert Gutierrez - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Checking you DKIM/DomainKeys/SPF/ etc
Just for everyone's general knowledge, you can send an email to: check-a...@verifier.port25.com and it will email you back with a lot of valuable information. This is a free and fast service. The reply was back within 10 seconds of my clicking the send button. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Checking you DKIM/DomainKeys/SPF/ etc
Another useful link is this: http://www.brandonchecketts.com/ Martin Von meinem iPhone gesendet Am 11.04.2011 um 21:05 schrieb Scott Hughes sc...@renshawauto.net: Just for everyone's general knowledge, you can send an email to: check-a...@verifier.port25.com and it will email you back with a lot of valuable information. This is a free and fast service. The reply was back within 10 seconds of my clicking the send button. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] CentOS 5.6
Well I just took a leap of faith and upgraded and all is well. WHEW. qtp-whatami v0.3.7 Mon Apr 11 15:23:55 CDT 2011 DISTRO=CentOS OSVER=5.6 QTARCH=x86_64 QTKERN=2.6.18-238.5.1.el5 BUILD_DIST=cnt5064 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested Joel - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Automatic Account Expirations
The command posted in your mail needs to be in one line. Apparently, you have a line feed character in the script which causes the mysql command to fail. Martin Von meinem iPhone gesendet Am 11.04.2011 um 20:48 schrieb Gilbert T. Gutierrez, Jr. mailing-li...@phoenixinternet.net: I was looking at the script in the qmailtoaster wiki for Automatic account expirations. The script is not working for me and I am not all that great with bash scripts. Has anyone run this script on the list? When I modify the script with my server info and run the script, it logs me into mysql and then stops. when I press ctrl-c I get the following notice. mysql Aborted ./autodelete.sh: line 128: syntax error near unexpected token `newline' ./autodelete.sh: line 128: `$MYSQL_DATABASE -E -e $SQL_QUERY | $GREP email | $GAWK -F' ' '{print $2}' ' Can someone help me please or push me an alternative direction? Thank you, Gilbert Gutierrez - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Automatic Account Expirations
On 04/11/2011 11:48 AM, Gilbert T. Gutierrez, Jr. wrote: I was looking at the script in the qmailtoaster wiki for Automatic account expirations. The script is not working for me and I am not all that great with bash scripts. Has anyone run this script on the list? When I modify the script with my server info and run the script, it logs me into mysql and then stops. when I press ctrl-c I get the following notice. mysql Aborted ./autodelete.sh: line 128: syntax error near unexpected token `newline' ./autodelete.sh: line 128: `$MYSQL_DATABASE -E -e $SQL_QUERY | $GREP email | $GAWK -F' ' '{print $2}' ' Can someone help me please or push me an alternative direction? Thank you, Gilbert Gutierrez - Looks like that line got wrapped on to the next one at some point. I've edited it now so that doesn't happen. Be sure there's no spaces or anything after the \ character on that line. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Checking you DKIM/DomainKeys/SPF/ etc
Are these in the wiki??? ;) -- -Eric 'shubes' On 04/11/2011 12:57 PM, Martin Waschbüsch IT-Dienstleistungen wrote: Another useful link is this: http://www.brandonchecketts.com/ Martin Von meinem iPhone gesendet Am 11.04.2011 um 21:05 schrieb Scott Hughessc...@renshawauto.net: Just for everyone's general knowledge, you can send an email to: check-a...@verifier.port25.com and it will email you back with a lot of valuable information. This is a free and fast service. The reply was back within 10 seconds of my clicking the send button. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: CentOS 5.6
On 04/11/2011 01:25 PM, Joel Eddy wrote: Well I just took a leap of faith and upgraded and all is well. WHEW. qtp-whatami v0.3.7 Mon Apr 11 15:23:55 CDT 2011 DISTRO=CentOS OSVER=5.6 QTARCH=x86_64 QTKERN=2.6.18-238.5.1.el5 BUILD_DIST=cnt5064 BUILD_DIR=/usr/src/redhat This machine's OS is supported and has been tested Joel - I've been upgrading my devel hosts, with no real problems yet. Of course, those hosts don't really process any mail. ;) FWIW, if you're upgrading from a release earlier than 5.5, this is the recommended procedure (per the release notes): # yum clean all # yum update glibc\* # yum update yum\* rpm\* pyth\* # yum clean all # yum update mkinitrd nash # yum update selinux\* # yum update # shutdown -r now -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Checking you DKIM/DomainKeys/SPF/ etc
I don't think so. Scott Are these in the wiki??? ;) -- -Eric 'shubes' On 04/11/2011 12:57 PM, Martin Waschbüsch IT-Dienstleistungen wrote: Another useful link is this: http://www.brandonchecketts.com/ Martin Von meinem iPhone gesendet Am 11.04.2011 um 21:05 schrieb Scott Hughessc...@renshawauto.net: Just for everyone's general knowledge, you can send an email to: check-a...@verifier.port25.com and it will email you back with a lot of valuable information. This is a free and fast service. The reply was back within 10 seconds of my clicking the send button. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Checking you DKIM/DomainKeys/SPF/ etc
And ??? On 04/11/2011 01:56 PM, Scott Hughes wrote: I don't think so. Scott Are these in the wiki??? ;) -- -Eric 'shubes' On 04/11/2011 12:57 PM, Martin Waschbüsch IT-Dienstleistungen wrote: Another useful link is this: http://www.brandonchecketts.com/ Martin Von meinem iPhone gesendet Am 11.04.2011 um 21:05 schrieb Scott Hughessc...@renshawauto.net: Just for everyone's general knowledge, you can send an email to: check-a...@verifier.port25.com and it will email you back with a lot of valuable information. This is a free and fast service. The reply was back within 10 seconds of my clicking the send button. Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Automatic Account Expirations
That is correct. There was actually 2 line feeds in the script that caused it to fail. I figured it out and saw that you had already posted. Thank you, Gilbert - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Monday, April 11, 2011 1:36 PM Subject: [qmailtoaster] Re: Automatic Account Expirations On 04/11/2011 11:48 AM, Gilbert T. Gutierrez, Jr. wrote: I was looking at the script in the qmailtoaster wiki for Automatic account expirations. The script is not working for me and I am not all that great with bash scripts. Has anyone run this script on the list? When I modify the script with my server info and run the script, it logs me into mysql and then stops. when I press ctrl-c I get the following notice. mysql Aborted ./autodelete.sh: line 128: syntax error near unexpected token `newline' ./autodelete.sh: line 128: `$MYSQL_DATABASE -E -e $SQL_QUERY | $GREP email | $GAWK -F' ' '{print $2}' ' Can someone help me please or push me an alternative direction? Thank you, Gilbert Gutierrez - Looks like that line got wrapped on to the next one at some point. I've edited it now so that doesn't happen. Be sure there's no spaces or anything after the \ character on that line. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: patch utility under Fedora 13
THanks Eric Why Fedora ? * Well I like it ... * But overlying, with VM's which are off the shelf sort of things, It's more a case of what is available And with the toaster, I've been using it for a while and have got the machine scripted so I can migrate every few months to a later platform *David Bray* http://www.brayworth.com.au da...@brayworth.com.au On 12/04/2011 12:59 AM, Eric Shubert wrote: Jake can answer you question best. He manages the patch files. I gotta ask though, why F13? F14 is current, and F15 release is right around the corner (scheduled for 2011-05-24), which means that F13 will no longer be maintained in only a couple months (2011-06-24). See http://fedoraproject.org/wiki/Fedora_Release_Life_Cycle#Maintenance_Schedule Fedora is generally not a good choice for a production server, due to its relatively short lifetime. CentOS is a more stable platform, and is recommended for production QMT use. CentOS5.6 just came out this past weekend, and will not reach end of life for another 3 years (2014-03-31). By then, Fedora will be up to release 20. I think you get the picture. At the same time, we do appreciate people who install QMT on Fedora, so we can get things like this worked out well in advance of them arriving in CentOS. Thanks.
RE: [qmailtoaster] Re: Perl Bot
Eric, Thanks for the response. The Anti-Virus I am using is removing the files, as they are detected, so it's a bit hard to tell. They are actioned late at night, so we are not looking then, however, something must be setting them there. There is one text file still in the /tmp/ directory, that is infected and this is owned by apache. So is this a Webmail item? -rw-r--r-- 1 apache apache 28026 Apr 9 22:18 dude.txt Trying to cat the file brought back information from our AV cat: dude.txt: Operation not permitted [root@msrverpd tmp]# ** Sophos Anti-Virus Alert *** Virus Mal/PerlBot-A detected in file /tmp/dude.txt. Access to the file has been denied Please contact your IT department. ** At least we know we are protected. As for the AV on the mailboxes, are you talking about the server side or the client side? We run Sophos AV on all clients. Cheers -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, 12 April 2011 12:46 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Perl Bot I don't know the answer to your question off hand. The owner of the file would probably give a clue. Given that it's in the /tmp directory, I think that webmail would be a good guess. Are you running your anti-virus program on mailboxes? Looking inside of archive file type attachments (.zip, etc)? -- -Eric 'shubes' On 04/10/2011 06:00 PM, Mike Canty wrote: To All, This is more of a general question in regards to attack against one of our servers. We have found that one server is continually being hit by Perl Bots. Initially this machine was compromised, so we rebuilt from scratch and altered any access via SSH, made sure the firewall was appropriate, etc., but we are still seeing instances of attack. To combat these attacks we have an Anti-Virus program running and it returns errors like to following. A virus classified as 'Mal/PerlBot-A' was detected in the file '/tmp/dude' when closing it at Sun Apr 10 03:08:29 2011 EST +2100 (2011-04-09 17:08:29 UTC). What I want to know, is where these Bots come from. Are they launched from an Email when it is accessed via Webmail? Or can they get to the server through an IMAP account. This machine is not running a web proxy, and the only we requirement is Webmail (and Qmail Toaster management), so where are these coming from. Any information would be appreciated. Cheers Mike Canty - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Perl Bot
On 04/11/2011 04:40 PM, Mike Canty wrote: Eric, Thanks for the response. The Anti-Virus I am using is removing the files, as they are detected, so it's a bit hard to tell. They are actioned late at night, so we are not looking then, however, something must be setting them there. There is one text file still in the /tmp/ directory, that is infected and this is owned by apache. So is this a Webmail item? -rw-r--r-- 1 apache apache 28026 Apr 9 22:18 dude.txt That's what it appears to be. I'm a little surprised that clamav did not find this one. Do you have that turned off for some reason, or did it miss this? It's possible that if you got one in a mailbox that sneaked in before clamav had a signature for it, that every time it's opened by the user using webmail that it's putting the file back in the /tmp directory. The filename dude.txt is a little suspicious to me though. I would expect SM to use some sort of unique name for an attachment, if that's what it is. I'm thinking now that it's perhaps something not even coming from email. Could it be coming from apache via some other route? Do you have apache running anything besides the stock QMT stuff? Roundcube perhaps? Trying to cat the file brought back information from our AV cat: dude.txt: Operation not permitted [root@msrverpd tmp]# ** Sophos Anti-Virus Alert *** Virus Mal/PerlBot-A detected in file /tmp/dude.txt. Access to the file has been denied Please contact your IT department. ** At least we know we are protected. That's good. As for the AV on the mailboxes, are you talking about the server side or the client side? We run Sophos AV on all clients. Server side. /home/vpopmail/domains/*/*/Maildir/* files, recursively. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Perl Bot
Eric, We do have clamav installed and operational, but I agree this could be from something already in a mailbox. When we configured this machine we copied a lot of messages from POP accounts to IMAP. The tmp directory also has m, m.1, m.2 as well as dude.txt and all are infected. If this is already here, obviously we cannot check it, but I need to make sure we do not get any others. So ClamAV should find them, correct. Could they arrive via Web anomaly? We only have the Qmail-Toaster Admin and Webmail active on this machine. Cheers -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Tuesday, 12 April 2011 10:05 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Perl Bot On 04/11/2011 04:40 PM, Mike Canty wrote: Eric, Thanks for the response. The Anti-Virus I am using is removing the files, as they are detected, so it's a bit hard to tell. They are actioned late at night, so we are not looking then, however, something must be setting them there. There is one text file still in the /tmp/ directory, that is infected and this is owned by apache. So is this a Webmail item? -rw-r--r-- 1 apache apache 28026 Apr 9 22:18 dude.txt That's what it appears to be. I'm a little surprised that clamav did not find this one. Do you have that turned off for some reason, or did it miss this? It's possible that if you got one in a mailbox that sneaked in before clamav had a signature for it, that every time it's opened by the user using webmail that it's putting the file back in the /tmp directory. The filename dude.txt is a little suspicious to me though. I would expect SM to use some sort of unique name for an attachment, if that's what it is. I'm thinking now that it's perhaps something not even coming from email. Could it be coming from apache via some other route? Do you have apache running anything besides the stock QMT stuff? Roundcube perhaps? Trying to cat the file brought back information from our AV cat: dude.txt: Operation not permitted [root@msrverpd tmp]# ** Sophos Anti-Virus Alert *** Virus Mal/PerlBot-A detected in file /tmp/dude.txt. Access to the file has been denied Please contact your IT department. ** At least we know we are protected. That's good. As for the AV on the mailboxes, are you talking about the server side or the client side? We run Sophos AV on all clients. Server side. /home/vpopmail/domains/*/*/Maildir/* files, recursively. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Squirrel Mail Error
I just changed my own domain to the new server tonight and when I try to send a test message to my gmail account I keep getting this error. It's got me baffled. Any ideas what is causing it? Message not sent. Server replied: Unknown response 571 sorry, sender address has invalid format (#5.7.1 - chkuser) Joel - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Squirrel Mail Error
I think I've figured out some of the error. I added the defaultdomain file to /home/vpopmail/etc to allow login without the need for the domain part. Which squirrel mail allows but when I try to send mail from squirrel mail it doesn't like it. So the question is how to make squirrel mail work that way for my default domain? Joel - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com