NoIdea.US - We're Not Really Sure.

Creating a Mail Gateway for Microsoft Exchange

Tuesday 29 June 2004 0:14am by: admin	permalink \| 0 comments Computers

Setting Up a Spam-Filtering Mail Gateway For Microsoft Exchange Using Fedora Core 1, Postfix 2.0.19, Amavisd-New and Razor2 If you find this document useful, or have any additions or corrections, please send a message to the Webmaster. Document Conventions Configuration filename--link to example file Command prompt Command typed by user Comments Input to text editor Install Fedora Core 1 Use "server" configuration (need to detail this...) Install Fedora Core 1 Updates [root]# rpm -ivh http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/1/apt/apt-0.5.15cnc3-0.1.fr.i386.rpm [root]# vi /etc/apt/sources.list add the lines: rpm http://apt.sw.be redhat/fc1/en/i386 dag rpm-src http://apt.sw.be redhat/fc1/en/i386 dag rpm http://ftp.WL0.org apt/fedora/fc1/i386 postfix rpm-src http://postfix.WL0.org ftp/apt/fedora/fc1/i386 postfix [root]# apt-get remove sendmail sendmail-cf [root]# apt-get update [root]# apt-get upgrade You may have to run this multiple times. After APT updates the first time, you may get an error about not finding sources.list. If so, do: [root]# mv /etc/apt/sources.list.rpmsave /etc/apt/sources.list (you can ignore errors about duplicate sources). Compile and Install Postfix [root]# apt-get source postfix [root]# apt-get install rpm-build gcc gawk sed ed patch [root]# apt-get install mysql mysql-devel (if using mysql) [root]# cd /usr/src/redhat/SOURCES [root]# export POSTFIX_MYSQL_REDHAT=1 (if using mysql) [root]# export POSTFIX_PCRE=1 [root]# export POSTFIX_SASL=2 (if using SASL for SMTP AUTH) [root]# export POSTFIX_TLS=1 (for SMTP AUTH) [root]# export POSTFIX_SMTPD_MULTILINE_GREETING=1 [root]# sh make-postfix.spec [root]# cd ../SPECS [root]# rpmbuild -ba postfix.spec you will probably get some errors about needed RPM devel packages. for each one, do: [root]# apt-get install <develpackage> [root]# cd ../RPMS/i386 [root]# rpm -ivh postfix..rpm (or: rpm -Uvh postfix..rpm if postfix is already installed) [root]# chkconfig postfix off [root]# postfix stop [root]# cd /etc/postfix [root]# vi main.cf (linked file) [root]# vi master.cf (linked file) [root]# ./postfix-chroot.sh enable Install Amavisd-New and Pflogsumm (Postfix Log Summarizer) [root]# apt-get install pflogsumm amavisd-new [root]# chkconfig amavisd off [root]# service amavisd stop [root]# vi /etc/amavisd.conf (linked file) [root]# vi /var/spool/amavis/notify-spam-sender.txt (linked file) [root]# mkdir -p /var/spool/amavis/tmp [root]# mkdir -p /var/spool/amavis/lookups [root]# cd lookups [root]# touch blacklist_sender whitelist_sender (edit as necessary) [root]# vi spam_lovers add: postmaster@domain.com abuse@domain.com [root]# vi virus_lovers (same thing - add postmaster and abuse) [root]# cd ../.. [root]# chown -R amavis:amavis amavis Install Razor2 [root]# cd ~ [root]# wget http://aleron.dl.sourceforge.net/sourceforge/razor/razor-agents-2.40.tar.gz [root]# perl -MCPAN -e shell cpan> install Net::Ping cpan> install Net::DNS cpan> install Time::HiRes cpan> install Digest::SHA1 cpan> install GetOpt::Long cpan> install File::Copy cpan> install Digest::Nilsimsa cpan> install URI::Escape cpan> quit [root]# tar xvfz razor-agents-2.40.tar.gz [root]# cd razor-agents-2.40 [root]# perl Makefile.PL [root]# make [root]# make test [root]# make install [root]# su amavis [amavis]$ razor-client [amavis]$ razor-admin -create [amavis]$ razor-admin -register [amavis]$ cd /var/spool/amavis/.razor [amavis]$ vi razor-agent.conf debuglevel=1 [amavis]$ exit Configure reporting tools [root]# cd /usr/local/sbin [root]# vi pflogs.sh (attached file) [root]# vi rejections.sh (attached file) [root]# chmod a+x pflogs.sh rejections.sh [root]# cd /etc/logrotate.d [root]# vi maillog add before "endscript": /usr/local/sbin/rejections.sh" /usr/local/sbin/pflogs.sh Configure SpamAssassin Rule updates [root]# wget http://maxime.ritter.eu.org/Spam/rule-get [root]# vi rule-get change: my $real_path="/etc/mail/spamassassin" [root]# chmod a+x rule-get [root]# cd /etc/mail/spamassassin [root]# rule-get get-rules [root]# rule-get install BackHair Weeds2 ChickenPox BigEvil TripWire EvilNumbers sa-blacklist sa-blacklist-uri AntiDrug bogus-virus-warnings SARE_Random (all the above on one line) (The following moves three rulesets from autoupdate to static. These are no longer updated) [root]# mv 65_backhair.cf 90_backhair.cf [root]# mv 65_chickenpox.cf 90_chickenpox.cf [root]# mv 65_weeds2.cf 90_weeds2.cf [root]# vi 10_site_rules.cf (attached file) [root]# vi local.cf trusted_networks 10. use_razor2 1 [root]# crontab -e add: 5 23 * * * * /usr/local/sbin/rule-get update 33 1 * * * * /etc/postfix/exchange/update.sh Set up Exchange Server import First, on gateway PC [root]# cd /etc/postfix [root]# mkdir exchange [root]# cd exchange [root]# vi parse-exchange-users.pl (attached file) [root]# chmod a+x parse-exchange-users.pl [root]# vi update.sh (attached file) [root]# chmod a+x update.sh [root]# touch excludes (attached file) [root]# cd .. [root]# vi relay_local (attached file) [root]# vi transport (attached file) [root]# touch client_access helo_access recipient_access sender_access [root]# postmap relay_local transport _access [root]# vi aliases (change root alias to a real mail account) [root]# postalias aliases Now on the Exchange Server* d:> mkdir d:userexport d:> cd userexport d:userexport> create exportfields.txt (attached file) d:userexport> create userexport.ini (attached file) d:userexport> create runexport.bat (last line - copy file exchusers.txt to a web-accessible network drive) d:userexport> at 22:30 /every:M,T,W,Th,F "d:userexportrunexport.bat" d:userexport> runexport.bat Back to Linux Server [root]# /etc/postfix/exchange/update.sh [root]# chkconfig postfix on [root]# chkconfig amavisd on [root]# service amavisd start [root]# postfix start That's the end of it! References: FlakShack.Com's Fairly-Secure Anti-SPAM Gateway Using OpenBSD, Postfix, Amavisd-new, SpamAssassin, Razor and DCC Hoang Q. Tran's Configuring Mail Gateway Using Postfix Jim Seymour's Postfix Anti-UCE Cheat Sheet Amavisd-New documentation Scott L. Henderson's Creating a Spamfilter Relay Server Steve Friedl's Unixwiz.net Tech Tips Exporting MS Exchange 5.5 Users to Postfix

$100 a plate?

Monday 28 June 2004 10:27pm by: admin	permalink \| 0 comments Catholic Church

Ed. Note: this is in regards to a celebration for the 100th Anniversary of St. Mary's Catholic Center, the Catholic Campus Ministry for Texas A&M University. From a letter to the St. Mary's Development Office. Why did the planning committee for the 100 year anniversary of Catholic ministry to Texas A&M decide to place such a high price per person to attend this gala? The committee is pricing out a large portion of former students from St Mary's who would love to attend, but can't because of the price. Many are young families with or without children who will not be able to justify the cost, even for such a good cause as St Mary's. If the cost had been lower, say $30-40 a plate, I think that the Development Office would find that many more people might attend and even find that they are able to make a donation in addition to the cost of the Gala. St Mary's means so much to so many people. It would seem to me that an event like this would be cause to bring together as many former students as possible to share what St Mary's meant to them while they attended Texas A&M. Setting the price at $100 a plate will likely turn people away who would otherwise attend. It sets the tone that only people who can afford to pay are welcome here, and that's not what St Mary's is about. It is also a concern that only a handful of people may find out about this event. When the Aggie Awakening 20th Anniversary reunion came around last fall, it appeared that only those on St Mary's mailing list found out about it. I talked to several people who were very active with Aggie Awakening who either did not know about the reunion or found out in too little time to plan to attend. To my knowledge, efforts were not made to place advertisements in diocesean newspapers around Texas or in the Texas Aggie Magazine to reach out to those who have lost contact with St Mary's. By spending a relatively small amount of money in advertising this event, so many more people would have attended because of the opportunity to see old friends, not to mention how much Aggie Awakening touched their lives. In turn, by advertising and reducing the cost to attend the Gala, I feel that more people would feel welcome and want to attend a celebration of St Mary's ministry to Texas A&M. Sincerely, Terri '98

Yahoo Protocol changes - business, bluster or bull?

Saturday 26 June 2004 1:48am by: admin	permalink \| 0 comments Computers

I finally got reconnected to Yahoo! chat today (I use the Gaim chat client, so AOL, ICQ and Yahoo are in one easy-to-use, and free, program). Yahoo pulled a nice stunt on Thursday, changing the chat protocol so that "that spammers will be blocked from abusing our system to spam our users". Unfortunately, they failed to take into account that spammers will always find a way. They're kinda like roaches. Click to read my letter to messenger-security@yahoo-inc.com, and the response I received.... Here's what I sent to the email address I could find. For some reason, "messenger-security" seems like an appropriate recipient, as they're claiming that the blocking is a "security measure".... To: messenger-security[at]yahoo-inc.com Subject: Blocking third-party clients -- bogus "security" argument is shameful The latest argument being used by Yahoo to block third-party clients from their IM service is one of the biggest crocks of bullhockey that I've heard. Security? Anti-spim? That's already taken care of by the client, when the user chooses to accept messages only from his buddies. This sounds like another case of greed getting the better of the users' (and thus the CUSTOMERS') experience. I have had a Yahoo! account for years (at least four, possibly closer to seven). I didn't start using Yahoo's Messenger services until I discovered a client I liked (Gaim, in this case) that allowed me to open ICQ, AIM, and Yahoo! together. If the client hadn't been able to talk to Yahoo messaging protocol, I would still not be using Yahoo for messaging because having to download and install yet another chat client simply wasn't worth my time. If you want to increase the value of your instant messaging system, add features (such as AmiKai's AmiChat: http://www.amikai.com/products/portal/amichat.jsp) instead of acting like the three-year-old who takes his ball and goes home when the game doesn't go his way. The way to survive is to adapt and be open to changes that benefit you AND your customers. Robert Cooper quoted from: http://news.com.com/Yahoo+to+Trillian%3A+Talk+to+the+hand/2100-1032_3-5245821.html "This time, however, Yahoo said it will continue changing its protocols to prevent clients such as Trillian from finding new ways to incorporate Yahoo. Again, the measure was cited by Yahoo as a way to prevent IM spam. "By making frequent protocol changes, it is our expectation that spammers will be blocked from abusing our system to spam our users," [Yahoo spokeswoman Mary] Osako said." -=-=-=-=- And the response I received.... -=-=-=-=- Followup to my email to Yahoo. Here is their reply.... Hello, Thank you for writing to Yahoo! Messenger. Yahoo! does not support third-party applications. Please contact the manufacturer directly in regard to this issue. Thank you again for contacting Yahoo! Customer Care. Regards, Minnie Yahoo! Customer Care -=-=-=-=- Sounds like issue avoidance to me. I thought my message was pretty clear.

A-Kon 2004 pictures

Sunday 6 June 2004 10:33pm by: admin	permalink \| 0 comments Anime and Manga

I just added 112 pictures from A-Kon 2004 to the gallery. Most of them are Cosplay, but there are a few of the 15th birthday cakes! Enjoy!