Sniff mail traffic using WireShark (tshark) on eth0..4 
The Wireshark Network Analyzer

One of our client's masqueraded IP was banned several times as the source of spam. The problem was how to check a lot of smtp traffic going through the gateway from the local networks.

One method of investigation was to check what's going through the router. Because of relatively complex infrastructure we choosed to monitor the smpt connections and also traffic itself. On the gateway we checked for suspicious messagess via content filter.

As we were unsure about the source of spam, we had to catch all the mail traffic which was then passed to the filter. But how to assemble whole smtp message on gateway? The tool called Wireshark (tshark) was very handy in this case.


for i in {0..4};
do
echo eth${i}
nohup tshark -i eth${i} -d tcp.port==25,smtp -f "port 25" -w /var/smtp/eth${i} -a filesize:9048576 &
done


The example above stores all the smtp (header+body) traffic to file. The file is named after the interface the traffic goes through.




[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Finding the sizes of directories with 'du' command 
Following example will show you the actual size/usage in blocks for every directory in your active directory and it also sorts it out by size (in blocks).


# du -ks ./* | sort -n
1 ./inet
1 ./news
1 ./nfs
1 ./nis
1 ./opt
1 ./preserve
2 ./mail
3 ./vx
4 ./ld
4 ./statmon
...
53920 ./log
75183 ./ldap
245626 ./sadm
3336619 ./mps


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Denny Zeitlin 
Author of the soundtrack for Invasion of the Body Snatchers, psychiatrist and jazz piano player. I accidentally found video from 1983 Berlin Jazz Fest where Zentlin was performing his Quiet Now song. Enjoy.




[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Free HD encryption for Windows XP with FREE CompuSec® Software 
Need to cipher data on your hard disk? You can use well-known open-source solution - TrueCrypt. Unfortunately, you can't use TrueCrypt to protect your boot disk (to encrypt OS itself).

Of cource - Microsoft offers BitLocker in Vindows Vista Enterprise/Ultimate, but this is the most expensive Vista flavour. Plus, Vista still requires to create a new non-encrypted partition on your boot disk for kernel with crypto-support loading.

You can use fx. PGP Whole Disk Encryption (which seems to be widely used solution). But then you have to pay price which almost equals the price of Windows XP system.

While browsing the net I've found free (but not open-source) alternative to encrypt my boot disk. The software is available for Windows and Linux. The CompuSec's software uses 256-bit AES algorithm.

[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Here is a proof you can play piano in much less than 10 years of training ;o) 


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Determine processor type and speed (Solaris) 

# psrinfo -v
Status of virtual processor 0 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:04:10.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.
Status of virtual processor 1 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:04:10.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.
Status of virtual processor 2 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:04:10.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.
Status of virtual processor 3 as of: 12/28/2007 09:41:56
on-line since 12/14/2007 13:03:45.
The sparcv9 processor operates at 1062 MHz,
and has a sparcv9 floating point processor.


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Determine if the system is running in 32-bit or 64-bit mode (Solaris) 
Sparc with 64bit Solaris version

# isainfo -v
64-bit sparcv9 applications
vis2 vis
32-bit sparc applications
vis2 vis v8plus div32 mul32


Intel with 32bit version

# isainfo -v
32-bit i386 applications
sse sse2 sse fxsr mmx cmov sep cx8 tsc fpu


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Sun cluster commands (3.2) 

Setup commands

scinstall
install primary or next cluster node

clsetup
menu driven re-configuration utility

cluster
interactive command shell for cluster management

cluster status
status for all cluster components

cluster list-cmds
lists available commands


Quorum device commands

clq status
quorum votes summary, quorum votes by node/device status
clq list
list all the quorum elements (devices/hosts)
clq show
cluster nodes (with reservation keys) and quorum device/s path/s


SCSI commands and devices

/usr/cluster/lib/sc/scsi -c inkeys -d /dev/did/rdsk/device
shows reservation keys (all possible/available keys for device)
/usr/cluster/lib/sc/scsi -c inresv -d /dev/did/rdsk/device
shows active reservation (server accessing quorum device)

cldev
Administer Sun Cluster device instances

cldevice status
status of disk devices


Server node commands

clnode list
list servers in cluster
clnode show-rev
cluster software version
clnode status
shows status of the clustered servers (Online/Offline)


Heart-beat links

clintr
HB endpoint status

scstat -W
Cluster Transport Paths


Cluster resource commands

clrs status
(rs as for for resource) resource status
clrs show -v resouirce-name
shows values of all resource attributes for given resource-name (as Type/Group/Class)
clrs show -p NetIflist resource-name
shows NetIflist resource attribute value
clrs set -p netiflist=primary@1,primary@3,primary@4 resource-name
set attrinute value(s)


Resource group commands

clrg status
(rg as for resource group) resource group status
clrg manage resource-group
put resource group under cluster management
clrg online resource-group
bring it online
clrg add-node -n hostnameX resource-group
allow service/resource-group to migrate/failover even to hostnameX
clrg switch -n hostnameX resource-group
fail-over resource group to hostnameX


Resource types

clrt list
(rc as for resource types: SUNW.SharedAddress, SUNW.LogicalHostname ...) prints registered SUNW resource types


Checksum

/usr/cluster/lib/sc/ccradm -i infrastructure
compute new checksum after changing cluster config in /etc/cluster/ccr/infrastructure file



[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Bill Evans-My Foolish Heart 


[ add comment ]   |  [ 0 trackbacks ]   |  permalink
Spam protection in Postfix  
Decrease a huge amount of spam hitting your Postfix mail server is pretty easy. Prevent your server to accept mail from invalid domains and reject sites which are already on the spam-lists. Following piece of blurb with some additional option-steroids will help you keep the wires clean(er). Paste it to the bottom of your /etc/postfix/main.cf .


# SPAM control

smtpd_recipient_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit


If your Postfix is acting as a mail-forwarding gateway for another mail server (fx. for your internal Exchange server), you can add line "reject_unverified_recipient," to the config.

Postfix then tries to send a blank message (just init mail conection) to the destination and tests, if the destination server will accept mail address specified in message header. If the destination doesn't complain about non_existent recipient, the real message is accepted by Postfix and then forwarded. Postfix doesn't have to waste resources trying to send messages back to spammer. Of course, this solution will slow a bit your incoming mail traffic.


# SPAM control

smtpd_recipient_restrictions = permit_mynetworks,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
reject_unverified_recipient,
permit



[ add comment ]   |  [ 0 trackbacks ]   |  permalink

<<First <Back | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | Next> Last>>