Weblogs for muondude
#7
Posted by muondude on Mon 24 Dec 2007 at 18:19
Over the last couple of days I've been experiencing a DOS attack on my mail server. I'm running Debian 3, exim3. The mainlog file is filled with the following:
... 2007-12-24 10:06:01 verify failed for SMTP recipient aaborkar@filemakerauction.com from <> H=web6.ci06.de (ci06.de) [193.143.122.10] 2007-12-24 10:06:02 verify failed for SMTP recipient harald@filemakerauction.com from <> H=(scmgateway1.reviewjournal.com) [12.9.217.24] 2007-12-24 10:06:04 Connection from 62.190.15.43 refused: too many connections 2007-12-24 10:06:04 Connection from 62.190.15.43 refused: too many connections 2007-12-24 10:06:05 verify failed for SMTP recipient eifmanl@filemakerauction.com from <> H=(mail2.e-servicesgroup.com) [65.183.1.213] 2007-12-24 10:06:05 Connection from 67.90.241.200 refused: too many connections 2007-12-24 10:06:05 Connection from 70.84.16.194 refused: too many connections ...And netstat gives:
... Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 1 192.168.2.2:3050 148.245.120.60:113 SYN_SENT tcp 0 0 192.168.2.2:25 148.245.120.60:31146 ESTABLISHED tcp 0 1 192.168.2.2:3049 148.245.120.60:113 SYN_SENT tcp 0 0 192.168.2.2:25 148.245.120.60:31144 ESTABLISHED tcp 0 1 192.168.2.2:3047 209.82.14.94:113 SYN_SENT tcp 0 0 192.168.2.2:25 209.82.14.94:30136 ESTABLISHED tcp 0 0 192.168.2.2:25 213.201.175.98:1574 TIME_WAIT tcp 0 1 192.168.2.2:3045 217.154.210.139:113 SYN_SENT tcp 0 0 192.168.2.2:25 217.154.210.139:43850 ESTABLISHED tcp 0 1 192.168.2.2:3044 217.154.210.139:113 SYN_SENT tcp 0 0 192.168.2.2:25 217.154.210.139:43231 ESTABLISHED tcp 0 1 192.168.2.2:3043 217.154.210.139:113 SYN_SENT tcp 0 0 192.168.2.2:25 217.154.210.139:43160 ESTABLISHED tcp 0 1 192.168.2.2:3042 80.219.58.34:113 SYN_SENT tcp 0 0 192.168.2.2:25 80.219.58.34:1605 ESTABLISHED tcp 0 1 192.168.2.2:3039 62.80.22.166:113 SYN_SENT tcp 0 0 192.168.2.2:25 62.80.22.166:2006 ESTABLISHED ... snip... 48 total connections on tcp & smtp. Ugh!I've tried googling for help, but nothing I could 'grok' or figure out. Also, it seems that exim4 might have some features to handle this, but I'm unsure about this and frankly afraid to break the server with the update doing on my own (yes I know it is hosed so how much more could I screw it up ;-) ). Any suggestions would be greatly appreciated. If there is a kind person willing to help I can contact you on a side channel (phone or IM). Thanks.
#6
Posted by muondude on Wed 25 Apr 2007 at 16:28
I need to run apt/aptitude behind a firewall that requires a username
and password.
All the examples I've seen require you to embed the username and password
in the proxy specification (either in apt.conf or an environment variable
not a good idea).
For example:
export http_proxy=http://username:password@proxyserver.net:port/
export ftp_proxy=http://username:password@proxyserver.net:port/
or you can configure this in the apt.conf file using a similar format
but it still requires one to include the u/p.
Is there a way to have apt/aptitude prompt the user for the username/password?
and password.
All the examples I've seen require you to embed the username and password
in the proxy specification (either in apt.conf or an environment variable
not a good idea).
For example:
export http_proxy=http://username:password@proxyserver.net:port/
export ftp_proxy=http://username:password@proxyserver.net:port/
or you can configure this in the apt.conf file using a similar format
but it still requires one to include the u/p.
Is there a way to have apt/aptitude prompt the user for the username/password?
#5
Posted by muondude on Tue 10 Apr 2007 at 18:51
Debian Stable (etch):
I thought there was a meta-package (virtual package) for installing all the C/C++ development libraries and header files, but can't seem to find it.
What is the currently recommended way to get all those files (libraries and headers) installed.
I recently had a problem under etch where we couldn't build an app and none of the headers/libs were installed and it seemed like a random process to figure out what we needed.
I thought there was a meta-package (virtual package) for installing all the C/C++ development libraries and header files, but can't seem to find it.
What is the currently recommended way to get all those files (libraries and headers) installed.
I recently had a problem under etch where we couldn't build an app and none of the headers/libs were installed and it seemed like a random process to figure out what we needed.
#4
Posted by muondude on Sat 16 Sep 2006 at 22:00
I was looking at my procmail log file and noticed some spamassassin error messages. I did a little google search and I may have a broken install.
I am running Debian 3.1 which was an upgrade from Debian 2.
I've include some other information below.
the last part of my .procmail file looks like:
# removed -P at EOL
:0fw
| spamassassin
:0:
* X-Spam-Status: yes
spam
# deliver to local maildir mailbox
:0:
/home/sgasster/Maildir/
***
I'm wondering about how to fix this.
Is it simply a matter of telling spamassassin to look in the correct
config directory? I wasn't sure how to do this or where it should go?
In the spamassassin command in the .procmail file should I point to
the /usr/share/spamassassin directory, since it may be defaulting to
the "old - incorrect" /etc/spamassassin directory?
***
> spamassassin -VD
SpamAssassin version 3.0.3
running on Perl version 5.8.4
In /etc I have:
ll /etc/mail
total 0
lrwxrwxrwx 1 root root 15 Jun 14 22:08 spamassassin -> ../spamassassin
ls /etc/spamassassin/
10_misc.cf 25_body_tests_es.cf 30_text_pl.cf 65_debian.cf local.cf.dpkg-old
20_body_tests.cf 25_body_tests_pl.cf 40_spam_phrases.cf init.pre user_prefs.template
20_head_tests.cf 25_head_tests_pl.cf 50_scores.cf local.cf
20_uri_tests.cf 30_text_es.cf 60_whitelist.cf local.cf.bck
> whereis spamassassin
spamassassin: /usr/bin/spamassassin /etc/spamassassin /usr/share/spamassassin /usr/share/man/man1/spamassassin.1p.gz
> ls /usr/share/spamassassin/
10_misc.cf 20_fake_helo_tests.cf 20_ratware.cf 25_uribl.cf 60_whitelist.cf
20_anti_ratware.cf 20_head_tests.cf 20_uri_tests.cf 30_text_de.cf 65_debian.cf
20_body_tests.cf 20_html_tests.cf 23_bayes.cf 30_text_fr.cf languages
20_compensate.cf 20_meta_tests.cf 25_body_tests_es.cf 30_text_nl.cf triplets.txt
20_dnsbl_tests.cf 20_phrases.cf 25_hashcash.cf 30_text_pl.cf user_prefs.template
20_drugs.cf 20_porn.cf 25_spf.cf 50_scores.cf
*** so it seems like I have two sets of config files!
A sample of the procmail logs looks like:
...snip...
Failed to run LINES_OF_YELLING_2 SpamAssassin test, skipping:
(Can't locate object method "check_for_num_yelling_lines" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2340.
)
Failed to run BASE64_ENC_TEXT SpamAssassin test, skipping:
(Can't locate object method "check_for_base64_enc_text" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2340.
)
Failed to run RAZOR_CHECK SpamAssassin test, skipping:
(Can't locate object method "check_razor" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2340.
)
procmail: [28536] Sat Sep 16 13:27:43 2006
procmail: Match on "X-Spam-Status: yes"
procmail: Locking "spam.lock"
procmail: Assigning "LASTFOLDER=spam"
procmail: Opening "spam"
procmail: Acquiring kernel-lock
procmail: Unlocking "spam.lock"
...snip...
TAI...
I am running Debian 3.1 which was an upgrade from Debian 2.
I've include some other information below.
the last part of my .procmail file looks like:
# removed -P at EOL
:0fw
| spamassassin
:0:
* X-Spam-Status: yes
spam
# deliver to local maildir mailbox
:0:
/home/sgasster/Maildir/
***
I'm wondering about how to fix this.
Is it simply a matter of telling spamassassin to look in the correct
config directory? I wasn't sure how to do this or where it should go?
In the spamassassin command in the .procmail file should I point to
the /usr/share/spamassassin directory, since it may be defaulting to
the "old - incorrect" /etc/spamassassin directory?
***
> spamassassin -VD
SpamAssassin version 3.0.3
running on Perl version 5.8.4
In /etc I have:
ll /etc/mail
total 0
lrwxrwxrwx 1 root root 15 Jun 14 22:08 spamassassin -> ../spamassassin
ls /etc/spamassassin/
10_misc.cf 25_body_tests_es.cf 30_text_pl.cf 65_debian.cf local.cf.dpkg-old
20_body_tests.cf 25_body_tests_pl.cf 40_spam_phrases.cf init.pre user_prefs.template
20_head_tests.cf 25_head_tests_pl.cf 50_scores.cf local.cf
20_uri_tests.cf 30_text_es.cf 60_whitelist.cf local.cf.bck
> whereis spamassassin
spamassassin: /usr/bin/spamassassin /etc/spamassassin /usr/share/spamassassin /usr/share/man/man1/spamassassin.1p.gz
> ls /usr/share/spamassassin/
10_misc.cf 20_fake_helo_tests.cf 20_ratware.cf 25_uribl.cf 60_whitelist.cf
20_anti_ratware.cf 20_head_tests.cf 20_uri_tests.cf 30_text_de.cf 65_debian.cf
20_body_tests.cf 20_html_tests.cf 23_bayes.cf 30_text_fr.cf languages
20_compensate.cf 20_meta_tests.cf 25_body_tests_es.cf 30_text_nl.cf triplets.txt
20_dnsbl_tests.cf 20_phrases.cf 25_hashcash.cf 30_text_pl.cf user_prefs.template
20_drugs.cf 20_porn.cf 25_spf.cf 50_scores.cf
*** so it seems like I have two sets of config files!
A sample of the procmail logs looks like:
...snip...
Failed to run LINES_OF_YELLING_2 SpamAssassin test, skipping:
(Can't locate object method "check_for_num_yelling_lines" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2340.
)
Failed to run BASE64_ENC_TEXT SpamAssassin test, skipping:
(Can't locate object method "check_for_base64_enc_text" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2340.
)
Failed to run RAZOR_CHECK SpamAssassin test, skipping:
(Can't locate object method "check_razor" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/share/perl5/Mail/SpamAssassin/PerMsgStatus.pm line 2340.
)
procmail: [28536] Sat Sep 16 13:27:43 2006
procmail: Match on "X-Spam-Status: yes"
procmail: Locking "spam.lock"
procmail: Assigning "LASTFOLDER=spam"
procmail: Opening "spam"
procmail: Acquiring kernel-lock
procmail: Unlocking "spam.lock"
...snip...
TAI...
#3
Posted by muondude on Fri 12 May 2006 at 18:56
I've been looking at the Dell PowerEdge 850 rack servers.
I'm interest in RAID and they use the CERC SATA RAID controller.
Anyone know if there are drivers under Debian for this device?
I've done some searching but have not found any clear documentation that helps me understand this controller and if it works under Debian.
I'm interest in RAID and they use the CERC SATA RAID controller.
Anyone know if there are drivers under Debian for this device?
I've done some searching but have not found any clear documentation that helps me understand this controller and if it works under Debian.
#2
Posted by muondude on Thu 22 Sep 2005 at 04:17
Some handy command line scripts that I have often found useful.
Search for files with extension .tex starting in current directory and
below, print result to stdout, which then get passed to script;
./bin/test.sh (just a dummy script I created to print the filename out):
find . -path '*.tex' -print -exec ./bin/test.sh {} \;
Command Line file renaming: rename a group of files with extension .html to .shtml extensions:
perl -e 'for (@ARGV) { ($new=$_) =~ s/(.+)(.)\.html$/$1$2.shtml/; rename $_, $new unless -e $new }' *.html
Convert a bunch of file names from UPPER case to lower case
perl -e 'for (@ARGV) { ($new=$_) =~ tr/[A-Z]/[a-z]/; rename $_, $new unless -e $new }' *.html
Command line file editing:
perl -p -i -e 's/\.html/\.shtml/g' j*.shtml
perl -p -i -e 's/VLINK="\#FF0066"/VLINK="\#009900"/g' *.shtml
list lines with specified text (kinda like grep):
perl -n -e 'print if /VLINK="\#FF0066"/;' *.shtml
Edit the file in place and make a backkup copy with extension .orig
this one line command replaces the Mac newline with a Unix newline:
perl -p -i.orig -e 's/\r/\n/g' testfile.txt
[0 Comments
| Add Comment
|
]
]
#1
Posted by muondude on Tue 20 Sep 2005 at 06:26
I upgraded from Woody to Sarge and I'm trying to find a 'safe' way to remove all the X-windows related packages/files and keep the server running.
I only access the server from the console or via SSH and so don't need X11.
I only access the server from the console or via SSH and so don't need X11.
[0 Comments
| Add Comment
|
]
]