Re: [SLUG] TPG modem recommendation
Chris Barnes wrote: My suggestion, the Dlink DSL-500. They only cost about $200 from Harris Technology. I second that recommendation. The generation II ones have stacks of cool features and are rock solid dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] LAN Traffic Regulator
hai lookup traffic shaping on http://www.freshmeat.net On Thu, 2004-04-29 at 07:15, Luke (Terry) Vanderfluit wrote: Hi, I have a linux gateway connected to the net (RedHat 9), with a small network hanging off it. I'd like to be able to regulate the flow of traffic to the separate (fixed) ip addresses on the network. Because some computers are hogging bandwidth, I'd like to be able to dynamically change quota on separate workstations. ` * Sometime the best tool is a rock * Richard Neal [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] mandatory profiles
Hi people, If you had a bunch of Knoppix boxes, one the server and the rest workstations, anyone know of a nice way to have a HDD install, but have mandatory profiles. IE, if users stuff up stuff on the desktop, their profile is loaded fresh each time, on a per user basis. Any suggestions? I can think of a few ways, but thought there might be some funky tips I didn't know about. dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] mandatory profiles
On 29/04/2004, at 10:25 PM, David Kempe wrote: Hi people, If you had a bunch of Knoppix boxes, one the server and the rest workstations, anyone know of a nice way to have a HDD install, but have mandatory profiles. IE, if users stuff up stuff on the desktop, their profile is loaded fresh each time, on a per user basis. Any suggestions? I can think of a few ways, but thought there might be some funky tips I didn't know about. Perhaps a combo of pam_mkhomedir, /etc/skel and an 'rm -fr ~' in the .profile (or equiv)? -- Tony Green [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] mandatory profiles
Tony Green wrote: Perhaps a combo of pam_mkhomedir, /etc/skel and an 'rm -fr ~' in the .profile (or equiv)? yeah I was thinking that. this tool might help: http://extragear.kde.org/apps/kiosktool.php locks down a kde desktop.. hrmm, i think the script way is a bit more useful tho. dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
on Fri, Apr 30, 2004 at 11:32:01AM +1000, Jared Pritchard [EMAIL PROTECTED] wrote: Hi - Got a little problem. =) We are getting reports back from other servers on the net saying our message from something like [EMAIL PROTECTED] was rejected because of an attached virus. We get tonnes of these. Spammers and virus' forge the from address and so the mail bounce, either unknown user or virus attached message, comes to you. BB -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
On Fri, 2004-04-30 at 11:32, Jared Pritchard wrote: Hi - Got a little problem. =) We are getting reports back from other servers on the net saying our message from something like [EMAIL PROTECTED] was rejected because of an attached virus. [..snip..] Has anyone got ANY idea on what could be happening? Has our linux server got a virus? (!?!!?!!) Is someone using our machine as an open relay? (I did take steps to stop that, and abuse.net reports our server as fine) Are our WinXP machines infected regardless of our anti-virus software? [..snip..] Anyone can forge a From address, so its possible that someone you've contacted by email before has a virus and it's setting the from address as random chars@yourdomain.com.au. To the untrained eye they would immediately complain to whatever the domain is shown on the From address ([EMAIL PROTECTED]) but if you look closely at the headers, it would normally indicate which server was used to SPAM through. You should probably also check your mail server thoroughly to ensure it does not relay emails from strangers. You can do this by telnet'ing to relay-test.mail-abuse.org, make sure you do this from the mail server in question as it will telnet back to you on port 25 and perform a series of tests. HTH. Regards, Gonzalo -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
Jared Pritchard wrote:
Hi -
Got a little problem. =)
We are getting reports back from other servers on the net saying our message
from something like [EMAIL PROTECTED] was rejected because of an
attached virus.
Umm, you have a user 130Qe49y1 do you?
...snip.
Has anyone got ANY idea on what could be happening?
Did you look at the headers?
Are our WinXP machines infected regardless of our anti-virus software?
That is a possibility.
--
Terry Collins {:-)}}} email: terryc at woa.com.au www:
http://www.woa.com.au
Wombat Outdoor Adventures Bicycles, Computers, GIS, Printing,
Publishing
People without trees are like fish without clean water
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
On Fri, 30 Apr 2004, Jared Pritchard wrote: Hi - Got a little problem. =) We are getting reports back from other servers on the net saying our message from something like [EMAIL PROTECTED] was rejected because of an attached virus. we get these all the time. It's a result of spammers forging From addresses. Your domain has been chosen randomly. Sad, but you have to accept that there are bad people (spammers) and ignorant people (those who respond to spam) and stupid people (those who set up mail servers to respond to the bad people and thereby add to the noise). Our server is running Linux 7.3 and it has only started happening in the last few months. Our other workstations use our server as an outgoing mail server, but all workstations use 'VirusBuster II' which updates itself automatically at intervals as close as every 15 mins (usually once every couple days on average though) - workstations are running WindowsXP Has anyone got ANY idea on what could be happening? Has our linux server got a virus? (!?!!?!!) Is someone using our machine as an open relay? (I did take steps to stop that, and abuse.net reports our server as fine) Are our WinXP machines infected regardless of our anti-virus software? Can someone please help? I need to find some angles of attack to solve the problem. I guess it's not really urgent, but the sooner we fix it, the better! =) I will appreciate all help. If you have a good idea on what the problem may be, please email me directly (as well?) because sometimes I seem to miss some messages from the SLUG list... want to make sure I get it =) Thanks again! Jared Pritchard [EMAIL PROTECTED] -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
All right. What an explosive cocktail of themes! Did you make sure that representatives of the whole political spectrum will be there? To: Jared Pritchard [EMAIL PROTECTED] Cc: Slug List [EMAIL PROTECTED] Bcc: Subject: Re: [SLUG] Server being used to relay emails Reply-To: In-Reply-To: [EMAIL PROTECTED] X-Nihilism: Consistency is all I ask... Give us this day our daily mask. X-GPG-Key: 1024D/77625870 X-GPG-Fingerprint: B141 CD1A 4603 1CD7 6D64 EFBF D256 C568 7762 5870 On Fri, Apr 30, 2004, Jared Pritchard wrote: We are getting reports back from other servers on the net saying our message from something like [EMAIL PROTECTED] was rejected because of an attached virus. Has anyone got ANY idea on what could be happening? Has our linux server got a virus? (!?!!?!!) Is someone using our machine as an open relay? (I did take steps to stop that, and abuse.net reports our server as fine) Are our WinXP machines infected regardless of our anti-virus software? This message alone is not a positive sign that you're running an open relay. It's just as likely that this is happening: 1. Someone else totally unrelated to you, lets call him Billy, has a nasty Outlook virus. 2. A virus uses Billy's machine to send copies of itself to every email address in Billy's address book, web cache etc etc, including [EMAIL PROTECTED] BUT... the nasty virus also does not set the sender to [EMAIL PROTECTED] because that wouldn't be sufficiently nasty. (Insert evil laugh.) Instead, it chooses ANOTHER email address, [EMAIL PROTECTED], out of Billy's address book and sets the sender to [EMAIL PROTECTED] 3. example.net uses an over zealous virus filter that is unaware of the fact that the sender address was faked. Many commerical virus filters are pretty obtuse in this respect[1]. When the virus from Billy arrives for [EMAIL PROTECTED], the over zealous virus filter sends a warning to [EMAIL PROTECTED] informing it that it sent a virus, when in fact no such thing happened. Hence your message. This is the most likely scenario to explain what's going on. Other people may have suggestions about doublechecking that your mail server is not an open relay. It also wouldn't hurt to filter your users' incoming mail for viruses and dump any viruses BEFORE they arrive in users' mail boxes, for extra safety (and because your users won't have to delete virus after virus the next time a wave of them arrives). The combination of amavis and clamav is good for this, there's some tips in the last few months of slug archives. Don't set your own mail server to warn senders about viruses though! -Mary PS Incidently, note that most viruses these days bypass the set outgoing mail relay. If your user has told Outlook that their relay is mail.ourdomain.com.au, that doesn't mean that the virus will send its mail there too. Viruses tend to contain their own SMTP server and will try and connect directly to the recipient. [1] The most common conspiracy theory about why commercial virus checkers don't know about faked senders (when they've been happening for a few years and are now the norm for viruses) is that it's nice free advertising: convincing some totally innocent person that they have a virus and need a virus checker! -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
Ooops, sorry about the bogus mail content. This bit here is random insertions from the rest of my outbox (fortunately not too incrimination) :) The rest of the message is all good. On Fri, Apr 30, 2004, Mary Gardiner wrote: All right. What an explosive cocktail of themes! Did you make sure that representatives of the whole political spectrum will be there? To: Jared Pritchard [EMAIL PROTECTED] Cc: Slug List [EMAIL PROTECTED] Bcc: Subject: Re: [SLUG] Server being used to relay emails Reply-To: In-Reply-To: [EMAIL PROTECTED] X-Nihilism: Consistency is all I ask... Give us this day our daily mask. X-GPG-Key: 1024D/77625870 X-GPG-Fingerprint: B141 CD1A 4603 1CD7 6D64 EFBF D256 C568 7762 5870 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
John Clarke wrote: My usual response is something like this sent to the postmaster at the site which sent the virus notification: WARNING! Your message was infected by VIRUS: Worm.SomeFool.Z Well done. You bloody idiot. Bloody idiot indeed! You've notified the one person you can be absolutely certain did *not* send the message. This worm and pretty much every virus/worm released in the last couple of years are known to forge the sender address. Bounces to forged email addresses warning people of the virus should be considered in the same category as SPAM. This is a real nuisance, especially when some of the more successful email viruss start spreading their evil throughout the known world. Like SPAM, notifications waste the end users time, waste bandwidth, and waste mail server resources. Turn off notification. It's pointless, except to advertise the fact that you're too stupid to configure your AV scanner. I just want to accentuate this point. If you are a mail server administrator TURN OFF NOTIFICATION! -- Chris Freeman System Administration Team Ardec International www.ardec.com.au -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] clamdscan failing
Sluggers, just wondering if anyone can help out with a clamdscan problem. I'm using clamscan to scan incomming e-mails under qmail-queue-scanner.pl and it's all working fine detecting virii etc except for the fact that it takes around 2 secs to do the scan. So I wanted to use clamdscan (the front end to clamd) but it fails with this error Can't access the file ERROR If I run it on the command line # clamdscan msg.pif /root/msg.pif Can't access the file ERROR (yes the file exists with 744 permissions) Ok, so I appear to have some sort of permission problem but I can't figure it out, same error occurs in all directories and with non-root users. any cluesticks? (Fedora core btw) TIA's P. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] clamdscan failing
On Fri, Apr 30, 2004 at 01:49:58PM +1000, Peter Rundle wrote:
Can't access the file ERROR
This message only appears in the source (I'm looking at clamav-0.70-rc
but it's probably the same in other versions) in one place in
clamd/scanner.c:
/* check permissions */
if(access(filename, R_OK)) {
mdprintf(odesc, %s: Can't access the file ERROR\n, filename);
return -1;
}
# clamdscan msg.pif
/root/msg.pif Can't access the file ERROR
(yes the file exists with 744 permissions)
Are you running clamd as root or as a non-privileged user? Is the
directory containing the file readable by that user? /root is normally
only readable by root.
The solution, if you're running clamd as a non-privileged user, is to
put the files into a directory that the clamd user can read and scan
them from there.
Cheers,
John
--
I must be looking senile. Everyone's telling me what to do, when I
already know. Nod and smile, nod and smile, think, fuck off.
-- John the Unstable
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] clamdscan failing
John Clarke wrote: Are you running clamd as root or as a non-privileged user? Is the directory containing the file readable by that user? /root is normally only readable by root. The solution, if you're running clamd as a non-privileged user, is to put the files into a directory that the clamd user can read and scan them from there. Hi John, that's got it sorted, turned out to be a bit of a comedy of errors. I edited the /etc/clamav.conf file and changed the User to qscand but that didn't fix it when I was testing on the command line. Turned out that's because the file must be specified by it's full path so that clamd can find it. Thanks for the info, I think I'm sorted now. Cheers P. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
Thank you ppl - That puts my mind to rest - and thanks to the flood of fast responses!! Appreciated! =) In case anyone else has missed it - here's a summary A spammer or virus will forge (and most likely has in our case) a domain to mask their own presence, so when the recipient replies (individually, or by an automatic setup), the message gets sent to the forged domain, in this case being our server. I.E. Somewhere along the line, someone out there has decided to use waterexchange.com.au in the 'From' field in the email headers (with a randomly generated 'user' eg. [EMAIL PROTECTED]) so when the recipient gets the email, it appears as though it came from our server. Also advised, is that anyone with a system set up to automatically reply to emails such as these (with viruses, or considered to be spam), should consider turning them off because it is most likely to be a mask and responses only add to the unnecessary traffic, and annoy the (usually) innocent users from the domain that has been forged... =P or something.. =) Thanks again for all your help! Any idea how we might try and find the real source AND/OR should we report the abuse to some authority of some sort? Cheers, Jared Pritchard attachment: winmail.dat-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Server being used to relay emails
On Fri, Apr 30, 2004, Jared Pritchard wrote: Any idea how we might try and find the real source AND/OR should we report the abuse to some authority of some sort? You'd need the headers of the original mail to find the machine that passed the virus to the machine with the detector. You probably don't have those headers. As for reporting the abuse, you may wish to mail postmaster@ the domain that sent the virus warning and inform them that their virus scanner is misconfigured to reply to forged senders. I don't think there's any higher authority though. -Mary -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] clamdscan failing
clamdscan failing? maybe it clammed up! Stuart. Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
