Re: Issue on disable ipv6
On Fri Jul 1 23:13:36 2016, Benny Pedersen wrote: > ::2 ipv6.localdomain ipv6 On IPv6, localhost is just ::1, not ::1/96 or something like that. alarig@pikachu ~ % ip -6 route get ::2 ::2 from :: via fe80::20d:b9ff:fe3a:1fa1 dev wlan1 src 2a01:cb08:898f:ab00:1c23:1474:a6ad:51c metric 309 pref medium alarig@pikachu ~ % mtr -c 1 -w ::2 Start: Fri Jul 1 23:51:04 2016 HOST: pikachu Loss% Snt Last Avg Best Wrst StDev 1.|-- 2a01cb08898fab01.ipv6.abo.wanadoo.fr 0.0% 13.2 3.2 3.2 3.2 0.0 2.|-- ??? 100.0 10.0 0.0 0.0 0.0 0.0 -- alarig signature.asc Description: Digital signature
Re: Reporting gmail spam to Google
On Thu May 19 00:00:31 2016, Byung-Hee HWANG (황병희) wrote: > As far as i know, they are doing those best to reduce spam by DMARC. DMARC is used to prevent incomming spam, not outgoing. -- alarig signature.asc Description: Digital signature
Re: Disabling spamcop plugin
On Wed Apr 13 15:50:27 2016, Reindl Harald wrote: > enough problems by wasting time if you have to maintain 10, 20, 30 or more > servers and in case of problems need fast downgrades - especially if you run > virtual machines where all the compile jobs share hardware > > besides that on a production server no compilers should be installed at all > - the generation of malware which compiles itself is only a question of time > > what gentoo would need to solve for professional environemnts is that you > have one machine which pulls the updates, compiles them and apckage them in > a way all other machines in the network can pull and apply them in > precompiled from over ftp, http or whatever network protocol > > we are doing the same even for Fedora servers where one machine which has > all package sinstalled moves them from yum/dnf-cache to a repo folder, run > createrepo and all other machines have only this repo enabled and so can do > a "yum -y upgrade" which can be triggered over SSH directly from the admin > machine with a "distribute-updates.sh" script and a own SSH key for that > task Hi, When you run several dozens of servers, you should use and orchestrator. By this way, you don’t spend time for each server. Also, you can have a compiler for your gentoo architecture that serves binary packages to other servers. -- alarig signature.asc Description: Digital signature
Re: Unable to resolve localhost
On Thu Mar 17 19:45:22 2016, RW wrote: > What do you have in resolv.conf? > > > I'm wondering if you have > > nameserver localhost > > rather than > > nameserver 127.0.0.1 That was this, thanks :) -- alarig signature.asc Description: Digital signature
Re: Unable to resolve localhost
> $ host localhost > localhost has address 127.0.0.1 > localhost has IPv6 address ::1 > > What does THAT say in your box? Seems normal: alarig@nemee:~$ dig localhost ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19114 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;localhost. IN A ;; ANSWER SECTION: localhost. 10800 IN A 127.0.0.1 ;; Query time: 0 msec ;; SERVER: 91.224.149.254#53(91.224.149.254) ;; WHEN: Thu Mar 17 12:33:47 2016 ;; MSG SIZE rcvd: 43 alarig@nemee:~$ dig -x 127.0.0.1 ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x 127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26530 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa.IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 10800 IN PTR localhost. ;; Query time: 0 msec ;; SERVER: 91.224.149.254#53(91.224.149.254) ;; WHEN: Thu Mar 17 12:34:28 2016 ;; MSG SIZE rcvd: 63 -- alarig signature.asc Description: Digital signature
Unable to resolve localhost
Hi, The daily spamassasin cron is failing because localhost is an unresolvable name: /etc/cron.daily/spamassassin: unresolvable name: localhost at /usr/bin/sa-update line 432. sa-update failed for unknown reasons But, I can perfectly ping it (and by the way, resolve it): alarig@nemee:~$ ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_req=1 ttl=64 time=0.029 ms ^C --- localhost ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.029/0.029/0.029/0.000 ms Does anybody already met the issue or know how to fix it? Thanks, -- alarig signature.asc Description: Digital signature
Re: DnsResolver warning
On Mon Mar 14 11:08:29 2016, Martin Puppe wrote: > Fri Mar 11 00:05:06 2016 [-8128] warn: dns: unable to connect to > [127.0.0.1]:53, failing over to [192.168.123.254]:53 Hi, Did you configured localhost as a resolver in /etc/resolv.conf or in the spamassassin conf? If so, do you have a recursive server listening on localhost? -- alarig signature.asc Description: Digital signature
Re: Matches non RFC headers that not begin with X-
On Wed Jan 6 11:48:12 2016, Axb wrote: > paste.swordarmor.fr uses an invalid security certificate. The certificate is > not trusted because it was signed using a signature algorithm that was > disabled because that algorithm is not secure. (Error code: > sec_error_cert_signature_algorithm_disabled) > > sorry... I use SHA-512/RSA for the signature and a 2048 bits RSA key, so it should be secure. Which browser are you using? On the other hand, I’m signed by CAcert, which is not included by default on most distribution. -- Alarig Le Lay signature.asc Description: Digital signature
Matches non RFC headers that not begin with X-
Hello, I would like to mark as spam some mails with some non-RFC headers, like deWBv5PD: offrespourlespros.net$ PFoRSKwhcmpngevb: 13716$ 3D2rJMSW: 57$ WbCMJZG5: Gfo9K3iRJMJfbUms0jMjfpCWb+Q6Cp8F67lfYgxMoVw=$ (You can get the full mail here: https://paste.swordarmor.fr/raw/EEgF) So, I’m looking for a test witch matches this kind of headers but I didn’t find it. Does it exist? I could be interesting to have a regex that matches all the headers not in https://tools.ietf.org/html/rfc4021. -- Alarig Le Lay signature.asc Description: Digital signature
Re: Barracuda / EmailReg.org protection racket? (OT, but help?)
On Sun Jun 21 16:22:26 2015, Dianne Skoll wrote: > I don't approve of Barracuda's behaviour. If they're blocking > /24s because of some bad machines, you should not have to pay for > delisting one IP. If they can prove that your specific IP was responsible > for a spam run, then it's legit to charge for delisting, but not > otherwise. I don’t know how Barracuda manages /24 blacklisting, but generally the abuse contact is contacted (in fact the ISP, unless you have your own IP block) and if there isn’t answer for some IPs, the block is blacklisted. -- Alarig Le Lay signature.asc Description: Digital signature