Work in progress – UPDATED

Updated 27 Feb 2005: Grrr…I got the two Shuttle boxes (SV24 and SV25), only to discover that both have blown motherboards and power supplies. I’m working on the means to get them in usable order, but it’s going to take some fundage that I don’t currently have….can anyone help?



UPDATED 12 FEB 2005: I know people are waiting on this document! Gomennasai…but I will hopefully be much closer after this weekend. I should be picking up two shuttle systems this weekend, one of which will be my new mail server. I will be using this to finalize all the steps I will take to make this document finally useful.

I have Amavisd-new, SpamAssassin,ClamAV and Maia Mailguard all running now. I still need to get Mailman list manager tested and Squirrelmail running on https, but I promise! it’s getting closer!



UPDATED 13 OCT 2004: getting closer! See the bottom for the newest info…


Wednesday, September 29 2004 @ 12:02 AM CDT
Just a little heads-up…I’m currently working on a test mail server, incorporating Fedora Core 1, Postfix, Dovecot Imap, fetchmail, amavisd, and Maia Mailguard, with full SSL and virtual domain/user support tied into a MySQL database.



Like the title says, it’s a work in progress, so I don’t have a whole lot to give you yet, but I do have some success:
  1. Postfix is working to receive mail to users who only exist in the MySQL database.
  2. Dovecot will authenticate users via SSL, logging into the database.
  3. I can perform all IMAP functions with Dovecot and Mozilla Thunderbird as the client.
  4. I had to build custom RPMS for Postfix and Dovecot to incorporate the features I wanted (and remove Postgres support from Dovecot…grrrr)
Still to come:
  1. Installing and setting up Amavis, SpamAssassin, and ClamAV, and tying it into Maia Mailguard for per-user configuration.
  2. Setting up Fetchmail to POP several external accounts.
  3. Setting up name-based virtual hosting on Apache2.
  4. Probably other issues as they come up.
  5. Writing up coherent documentation on the process.

Doesn’t sound like much, really, but it’s been a big accomplishment for me so far, especially considering how badly certain applications (*cough*dovecot*cough*) are documented. To be fair, it is a fairly new app, and the userbase is not what it could be (many people sticking with Courier and Cyrus out of familiarity, I’m sure). I’m going to attempt to do my part by creating documentation on the process here, so others can benefit from my experimentation.

I’ll be writing up a static document for this site once everything is in place, so be watching for it!


UPDATE 13 OCT 2004: Process/Progress

Requirements:

  • SMTP-AUTH
  • IMAPS
  • all auth to sqldb
  • anti-spam
  • antivirus
  • web managable
  • virtual domain hosting
  • per-user config for antispam

Implementation:


  • Fedora Core 1
  • MySQL 3.23.58
  • Postfix 2.1.5 w/ pcre, MySQL, sasl2, tls, vda support
  • Dovecot 0.99.11 with MySQL support
  • Maildir-formatted mailboxes

Done and Notes:

  • OS – Fedora Core 1 and updates
  • MySQL
  • Postfix
    • set up SMTP via SASL/Pam for auth over TLS.
    • Requires Pam-mysql 0.5 module
    • User passwords in db must be in MySQL-Crypt format
    • Maildir mailbox format in /home/postbox/%domain/%name/

  • Dovecot
    • configured to only offer IMAPS for encrypted comms
    • User passwords in DB must be in PLAIN-MD5 format

  • PostfixAdmin
    • Web interface for virtual domains in Postfix
    • can set passwords in several formats. Set to md5crypt.
    • added new $CONF[‘postfix_smtp_pw’] set to mysql crypt for smtp-auth

  • PHPMyAdmin
    • MySQL administrator for the web.
    • simplified testing password crypt methods.


ToDo:

  • Amavis/SpamAssassin/ClamAV
  • Maia Mailguard
  • Fetchmail (for POPping external mailboxes)
  • Squirrelmail webmail client
]]>

Automotive Rant

Don’t get me wrong, I certainly don’t have any beef against Toyota the company, or with the vehicles themselves. My problem is with the people who buy Toyota cars, trucks and SUVs.

You see, in the last month I’ve noticed that almost every car that pulls out in front of me, or cuts me off on the freeway, or decides that they have something better to do than pay attention to the road, is a Toyota. Usually a Corolla, but often times a Sequoia or even one of the little trucks. It’s gotten so bad that I felt the need to say something to express my frustrations with the brainlessness that seems so prevalent.

The solution to my frustrations is so simple. If you drive a Toyota, pay attention to what’s going on around you. It’s that easy. If you simply do that, you won’t piss of nearly as many people, either.]]>

Belated updates….

First, we moved out of our apartment of three years into a house. A week and a half later, I had sinus surgery to remove a polyp that was blocking my left maxillary sinus and almost completely restricting airflow.

Saturday morning, was was awakened by a phone call from Terri…she was involved in a one-car auto accident on I-10 on her way to work. She’s not seriously injured, thank God, but she’s got some bumps and bruises and a stiff shoulder that she’ll be feeling for a while. (If you want to email her, you can use the site Contact form here….)
Saturday afternoon we went to the beautiful wedding for a friend of ours, which was the high point of the day. Unfortunately, at the end of the ceremony Terri got a phone call from her mom with the (expected, but saddening) news that her grandmother passed away.

So, all in all, we’ve had an exciting month. I’m really hoping that the Thanksgiving holiday and the upcoming Christmas season are much less hectic!

Speaking of Christmas season….[rant mode on] At what point did Christmas preparations and decorations and commercializing start BEFORE THANKSGIVING???? I have been sorely tempted to tell a few particular stores (Wal-mart and HEB, are you listening? yea, right) that if they don’t get over their collective cases of cranial rectumitis and at least PRETEND to respect what the Christmas season truly represents, that I’m going to start a boycott. I am truly offended by these displays showing up before HALLOWEEN, much less before Thanksgiving. I guess I find it strange that Christian people are willing to boycott stores that provide support to Planned (un)Parenthood, but don’t take any actions to combat the crass commercialism of this holy season. The Church (that is, the Roman Catholic Church) doesn’t make any overt gestures toward the Christmas season until Advent starts, four Sundays before the 25th of December. According to Macy’s (at least in the “old days”), Christmas season didn’t start until Santa came riding in at the end of the Thanskgiving Day Parade in New York City. So why is it that I could buy a Christmas tree in the October this year? It really, really bothers me…..
[rant mode off]
]]>

SpywareInfo Helper

SpywareInfo.Com’s Support Forums! This means that they think I known enough to not endanger anyone when it comes to cleaning malware off computers. If you need assistance with your computer, you are more than welcome to visit SWI. The volunteer helpers there certainly do their best to help you.

I’ve also been accepted for membership in the Alliance of Security Analysis Professionals. “ASAP is made up of website/forum owners and administrators, forum staff, individuals, companies and various organizations who all provide security related support to computer end users.”]]>

80’s Style

Like any decade, the 1980’s was marked by many different fashion trends. Here are several I found on a website when searching for “80’s clothing.” Preppy: Argyle sweater vest, polo shirt with the collar turned up, Izod, Tretorns, boat shoes, khakis… Miami Vice look: Pastel or Bright shirt with a white jacket, sunglasses Fluorescent: Lime green, orange, yellow and pink shirts, jelly bracelets, make-up… Jeans: cuffed, acid washed, stonewashed, pinstripe
Popular Brands: Jordache, Sergio Valenti…(I’m sure there were more, but these are the ones I remember) “Flashdance” look: Off the shoulder sweatshirt, leg warmers Big sweater or sweatshirt with leggings or stir-up pants White button-down shirt with a wide belt OP (Ocean Pacific) surf wear…this was really popular when I was in junior high…bright colored “jams” and t-shirts Madonna look: lace, black/white tank tops, poofy skirt, lace spandex capri leggings “Punky Brewster” look: Bandana around leg, double-mismatched socks and shirts Sneaker styles: Kangaroos (had a pair in Elementary school), Hightops (Reebok Princess hightops were everywhere…I had so many pairs of these over the years in junior high and high school), LA Gear, Keds (made a comeback after Dirty Dancing came out, but still very uncomfortable shoes with no padding). Jelly this Jelly that: bracelets, rings, necklaces, shoes, purses…. Hair styles: Feathered, crimped, Ponytail on the side of the head, Ponytail on top of the head and teased. Big hair with the help of mouse, gel, hairspray and a comb for teasing. Make-up: Heavy make up, baby blue eyeshadow, pink eyeshadow, fluorescent colors Sunglasses: Raybans were cool, Wayfarers, cat-eye, and the ones Tom Cruise wore in Top Gun Miscellaneous: Parachute pants, Slouch socks, fringed leather, tube tops, thin ties worn by men and women, RELAX and CHOOSE LIFE t-shirts from Frankie Goes to Hollywood and Wham! music videos If that’s not enough, rent any of the following: Pretty in Pink, Sixteen Candles, The Breakfast Club, Ferris Bueller’s Day Off, Adventures in Babysitting, Girls Just Want to Have Fun, Flashdance or Footloose to name a few. Or do a search online for “80’s Fashions or 80’s clothes”]]>

Creating a Mail Gateway for Microsoft Exchange

Setting Up a Spam-Filtering Mail Gateway


For Microsoft Exchange


Using Fedora Core 1, Postfix 2.0.19,


Amavisd-New and Razor2


If you find this document useful, or have any additions or corrections, please send a message to the Webmaster.

Document Conventions


Configuration filename–link to example file Command prompt Command typed by user Comments Input to text editor

Install Fedora Core 1


Use “server” configuration

(need to detail this…)

Install Fedora Core 1 Updates


[root]# rpm -ivh http://ftp.freshrpms.net/pub/freshrpms/fedora/linux/1/apt/apt-0.5.15cnc3-0.1.fr.i386.rpm [root]# vi /etc/apt/sources.list

add the lines: rpm http://apt.sw.be redhat/fc1/en/i386 dag

rpm-src http://apt.sw.be redhat/fc1/en/i386 dag

rpm http://ftp.WL0.org apt/fedora/fc1/i386 postfix

rpm-src http://postfix.WL0.org ftp/apt/fedora/fc1/i386 postfix

[root]# apt-get remove sendmail sendmail-cf [root]# apt-get update [root]# apt-get upgrade You may have to run this multiple times. After APT updates the first time, you may get an error about not finding sources.list. If so, do: [root]# mv /etc/apt/sources.list.rpmsave /etc/apt/sources.list (you can ignore errors about duplicate sources).

Compile and Install Postfix


[root]# apt-get source postfix [root]# apt-get install rpm-build gcc gawk sed ed patch [root]# apt-get install mysql mysql-devel (if using mysql) [root]# cd /usr/src/redhat/SOURCES [root]# export POSTFIX_MYSQL_REDHAT=1 (if using mysql) [root]# export POSTFIX_PCRE=1 [root]# export POSTFIX_SASL=2 (if using SASL for SMTP AUTH) [root]# export POSTFIX_TLS=1 (for SMTP AUTH) [root]# export POSTFIX_SMTPD_MULTILINE_GREETING=1 [root]# sh make-postfix.spec [root]# cd ../SPECS [root]# rpmbuild -ba postfix.spec you will probably get some errors about needed RPM devel packages. for each one, do: [root]# apt-get install [root]# cd ../RPMS/i386 [root]# rpm -ivh postfix.*.rpm (or: rpm -Uvh postfix.*.rpm if postfix is already installed) [root]# chkconfig postfix off [root]# postfix stop [root]# cd /etc/postfix [root]# vi main.cf (linked file) [root]# vi master.cf (linked file) [root]# ./postfix-chroot.sh enable

Install Amavisd-New and Pflogsumm (Postfix Log Summarizer)


[root]# apt-get install pflogsumm amavisd-new [root]# chkconfig amavisd off [root]# service amavisd stop [root]# vi /etc/amavisd.conf (linked file) [root]# vi /var/spool/amavis/notify-spam-sender.txt
(linked file) [root]# mkdir -p /var/spool/amavis/tmp [root]# mkdir -p /var/spool/amavis/lookups [root]# cd lookups [root]# touch blacklist_sender whitelist_sender
(edit as necessary) [root]# vi spam_lovers add: postmaster@domain.com abuse@domain.com [root]# vi virus_lovers (same thing – add postmaster and abuse) [root]# cd ../.. [root]# chown -R amavis:amavis amavis

Install Razor2


[root]# cd ~ [root]# wget http://aleron.dl.sourceforge.net/sourceforge/razor/razor-agents-2.40.tar.gz [root]# perl -MCPAN -e shell cpan> install Net::Ping cpan> install Net::DNS cpan> install Time::HiRes cpan> install Digest::SHA1 cpan> install GetOpt::Long cpan> install File::Copy cpan> install Digest::Nilsimsa cpan> install URI::Escape cpan> quit [root]# tar xvfz razor-agents-2.40.tar.gz [root]# cd razor-agents-2.40 [root]# perl Makefile.PL [root]# make [root]# make test [root]# make install [root]# su amavis [amavis]$ razor-client [amavis]$ razor-admin -create [amavis]$ razor-admin -register [amavis]$ cd /var/spool/amavis/.razor [amavis]$ vi razor-agent.conf debuglevel=1 [amavis]$ exit

Configure reporting tools


[root]# cd /usr/local/sbin [root]# vi pflogs.sh (attached file)

[root]# vi rejections.sh (attached file)

[root]# chmod a+x pflogs.sh
rejections.sh
[root]# cd /etc/logrotate.d [root]# vi maillog
add before “endscript”:
/usr/local/sbin/rejections.sh”

/usr/local/sbin/pflogs.sh

Configure SpamAssassin Rule updates


[root]# wget http://maxime.ritter.eu.org/Spam/rule-get [root]# vi rule-get change: my $real_path=”/etc/mail/spamassassin” [root]# chmod a+x rule-get [root]# cd /etc/mail/spamassassin [root]# rule-get get-rules [root]# rule-get install BackHair Weeds2 ChickenPox BigEvil TripWire EvilNumbers

$100 a plate?

Ed. Note: this is in regards to a celebration for the 100th Anniversary of St. Mary’s Catholic Center, the Catholic Campus Ministry for Texas A&M University. From a letter to the St. Mary’s Development Office.

Why did the planning committee for the 100 year anniversary of Catholic ministry to Texas A&M decide to place such a high price per person to attend this gala?

The committee is pricing out a large portion of former students from St Mary’s who would love to attend, but can’t because of the price. Many are young families with or without children who will not be able to justify the cost, even for such a good cause as St Mary’s. If the cost had been lower, say $30-40 a plate, I think that the Development Office would find that many more people might attend and even find that they are able to make a donation in addition to the cost of the Gala.

St Mary’s means so much to so many people. It would seem to me that an event like this would be cause to bring together as many former students as possible to share what St Mary’s meant to them while they attended Texas A&M. Setting the price at $100 a plate will likely turn people away who would otherwise attend. It sets the tone that only people who can afford to pay are welcome here, and that’s not what St Mary’s is about.

It is also a concern that only a handful of people may find out about this event. When the Aggie Awakening 20th Anniversary reunion came around last fall, it appeared that only those on St Mary’s mailing list found out about it. I talked to several people who were very active with Aggie Awakening who either did not know about the reunion or found out in too little time to plan to attend. To my knowledge, efforts were not made to place advertisements in diocesean newspapers around Texas or in the Texas Aggie Magazine to reach out to those who have lost contact with St Mary’s. By spending a relatively small amount of money in advertising this event, so many more people would have attended because of the opportunity to see old friends, not to mention how much Aggie Awakening touched their lives. In turn, by advertising and reducing the cost to attend the Gala, I feel that more people would feel welcome and want to attend a celebration of St Mary’s ministry to Texas A&M.

Sincerely,

Terri ’98]]>

Yahoo Protocol changes – business, bluster or bull?

Gaim chat client, so AOL, ICQ and Yahoo are in one easy-to-use, and free, program). Yahoo pulled a nice stunt on Thursday, changing the chat protocol so that “that spammers will be blocked from abusing our system to spam our
users”. Unfortunately, they failed to take into account that spammers will always find a way. They’re kinda like roaches. Click to read my letter to messenger-security@yahoo-inc.com, and the response I received….

Here’s what I sent to the email address I could find. For some reason, “messenger-security” seems like an appropriate recipient, as they’re claiming that the blocking is a “security measure”…. To: messenger-security[at]yahoo-inc.com Subject: Blocking third-party clients — bogus “security” argument is shameful The latest argument being used by Yahoo to block third-party clients from their IM service is one of the biggest crocks of bullhockey that I’ve heard. Security? Anti-spim? That’s already taken care of by the client, when the user chooses to accept messages only from his buddies. This sounds like another case of greed getting the better of the users’ (and thus the CUSTOMERS’) experience.

I have had a Yahoo! account for years (at least four, possibly closer to seven). I didn’t start using Yahoo’s Messenger services until I discovered a client I liked (Gaim, in this case) that allowed me to open ICQ, AIM, and Yahoo! together. If the client hadn’t been able to talk to Yahoo messaging protocol, I would still not be using Yahoo for messaging because having to download and install yet another chat client simply wasn’t worth my time.

If you want to increase the value of your instant messaging system, add features (such as AmiKai’s AmiChat: http://www.amikai.com/products/portal/amichat.jsp) instead of acting like the three-year-old who takes his ball and goes home when the game doesn’t go his way. The way to survive is to adapt and be open to changes that benefit you AND your customers.

Robert Cooper

quoted from:
http://news.com.com/Yahoo+to+Trillian%3A+Talk+to+the+hand/2100-1032_3-5245821.html “This time, however, Yahoo said it will continue changing its protocols to prevent clients such as Trillian from finding new ways to incorporate Yahoo. Again, the measure was cited by Yahoo as a way to prevent IM spam.

“By making frequent protocol changes, it is our expectation that spammers will be blocked from abusing our system to spam our users,” [Yahoo spokeswoman Mary] Osako said.”

-=-=-=-=- And the response I received…. -=-=-=-=-

Followup to my email to Yahoo. Here is their reply….

Hello,

Thank you for writing to Yahoo! Messenger.

Yahoo! does not support third-party applications. Please contact the manufacturer directly in regard to this issue.

Thank you again for contacting Yahoo! Customer Care.

Regards,

Minnie

Yahoo! Customer Care

-=-=-=-=-

Sounds like issue avoidance to me. I thought my message was pretty clear.
]]>

A-Kon 2004 pictures

Anti-Virus and Spyware Resources

Cleaning up Spyware and Viruses

First, gather the proper tools:


(Each of these is discussed in more detail below.)

Now, you’re going to run the listed tools. Each one performs a different function (although several of them are similar).

If you run into any problems with this process, visit any of the forums listed at the Alliance of Security Analysis Professionals.

The first tool to run is McAfee’s Stinger utility. Stinger is a stand-alone antivirus scanner that is regularly updated by McAfee that will catch and clean the most current viruses and worms. Simply double-click the S-T-I-N-G-E-R.EXE file, then click the Scan Now icon. Let the scanner run to completion.

As a checkpoint, now run HijackThis. It’s also a stand-alone utility that will scan for certain anomolies and make a list that can be analyzed. Double-click the HijackThis.exe icon, the click the Scan button. When the scan finishes, click the same button (now labeled Save Log) and save the file somewhere you can find it. Then you can exit the HijackThis utility.

The third step is to install and run Lavasoft’s Ad-Aware. Double-click the aawpersonal.exe file and click Next four times, then Finish. The installation program will put an icon on your desktop.

Close all open windows, especially any Explorer and Internet Explorer windows. Double-click the icon, then click on the Check for updates now link. In the update window, click the Connect button, then click OK to update the signature file. (Keep in mind the dates in this program are in European format, DAY.MO.YEAR.) After the update is done, click Finish, then Start and Next. When the scan finishes, click Next twice and say OK when prompted. After that, you can close Ad-Aware.

Step four: Spybot Search & Destroy. Double-click the spybotsd14.exe icon. click Next, Read and accept the license agreement and click Next twice. On the “Select Components” screen, uncheck everything except the “Main Files” component, then click Next twice. On the “Select Additional Tasks” screen, uncheck the “Create a Quick Launch icon”, then Next and Finish.

Double-click the Spybot – Search & Destroy icon. Select the language (English is the white flag with the red cross). On the next two dialog boxes, read the warnings and click OK. Then, click the Search for updates button. Install any updates found; the program will restart on it’s own. After it restarts, click
Check for problems.
When the scan finishes, click Fix selected problems and remove everything selected by default.

Last, run HijackThis again, and save the second log file with a new name (“hijack2.log” for example”). Then, if you have any questions or concerns about anything else installed on your computer, post the contents of the second log file to one of the ASAP member forums.

The last four tools, CWShredder is designed to clean up a specific strain of spyware, known under the name “Cool Web Search”. BHODemon, Startup Control Panel and MyTop are not specifically spyware or virus removal tools, but are useful for diagnostics.

CWShredder

From the original author of HijackThis: CWShredder is “a small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names)….This program is updated to remove the new variants once they come out.
Read my article with documentation on Coolwebsearch here.”
From Intermute: “CWShredder´┐Ż finds and destroys traces of CoolWebSearch. CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.”

BHODemon

From the author: “BHODemon scans your Registry for BHOs (Browser Helper Objects), and presents any it finds in a list. By highlighting a BHO in this list, and clicking the “Details” button, you can see information about this BHO, and even disable it if you wish.”

Startup Control Panel

From the Author: “Startup Control Panel is a nifty control panel applet that allows you to easily configure which programs run when your computer starts. It’s simple to use and, like all my programs, is very small and won’t burden your system. A valuable tool for system administrators!”

MyTop

Handy utility, especially with Windows 95/98 (and possibly ME) which do not have a task manager. MyTop lists all currently running processes on your computer and gives you the ability to kill them, without having to give a CTRL-ALT-DEL. Windows NT, 2000 and XP all have a built-in utility that performs the same function, the Task Manager, which can be accessed by either pressing CTRL-ALT-DEL and clicking “Task List”, right-clicking on the Taskbar and selecting “Task Manager”, or pressing SHIFT-CTRL-ESC.

Process Explorer

From the Author: “The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.”
Root Kit Detector

aports.exe

This set of tools is useful in removing a newer, nasty version of CoolWebSearch that uses a malicious hacker tool called Hacker Defender to prevent removal of it’s files and hide the processes and other means of identifying the offender. Instructions can be found at This page at the University of Wales at Swansea.

]]>