way to remove open-whois.org as an rbl from /usr/share/spamassassin/50_scores.cf/usr/share/spamassassin/72_active.cfIt's creating a lot of false positives on a mail server i am using with ubuntu. i noticed only ubuntu lucid is using updated spamassassin 3.3.1 and all others are using 3.2.5i was on spamassassin's website and noticed this issue has been resolved on spamassassin 3.3.1 but not 3.2.5i tried looking in those files but they are too complicated for me to understand.i am assuming they manually have to be removed.can anyone help with the open-whois.org rbl removal from mail servers as it is currently squatted and creating false positives?
I have just been checking one of my machines with rkhunter and got the following result:
Code: [17:50:08] Warning: Checking for possible rootkit strings [ Warning ] [17:50:09] Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible rootkit: Xzibit Rootkit [17:50:09] Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit
Using a well known search engine shows that others have come across this before: [URL] I have installed the current version of rkhunter from Debian's Unstable repo,but i still have the same result as above. I now check the rkhunter wiki,which mentions the same problem: [URL]
Quote: Here is an example on my system to remove a false positive for a certain rootkit that hit hdparm.
Chkrootkit came back ok. Running ClamAV and will only add that here if it finds anything. I just neve remember seeing these before. This is in Ubuntu 10.10
Win XP is running ESET Nod32 AV and Comodo firewall, I'm having a big problem with Nod and Ubuntu, for some reason Nod is picking up the MBR on 0 physical disk (sda) as a virus "Probably unknown TSR.Boot Virus", and says is unable to clean. Since I've just that second installed XP I'm pretty sure it's not a virus or trojan, but is picking up GRUB as a false positive.
Trying to boot a mythdora (fedora 10 + mythtv) machine and several services can't start and are reporting disk full. Not sure how this is possible though:
[root@mythbox run]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00
I am currently running Ubuntu Server 9.10 and followed this HOWTO on setting up my email server.
[url]
Everything seems to work correctly. If I look in the Maildir the emails I send to test are there.
The problem is when I try to sync my email via IMAP from my windows box (on a different network) it doesn't show any of my email nor does it deliver new email. My email app doesn't give any errors nor does the logs on the server.
How can I get it so my email syncs to windows computer? I am sure it is something really small that I am over looking but I can't seem to find it anywhere. I don't know if you need to see any of my config files but I can post them if needed.
im using postfix with amavis and spamassassin as spam/virus filtering and its working great.However, i get a "lot"(1-5/day) of "bad header" messages beeing quarantined by the server. And most of theese bad headers are false positives that i manually have to deliver to the correct mailbox.How can i make amavis/spamassassin deliver bad header messages to the correct mailbox and not place them in quarantine?Theese are my amavis settings. (which file is used, 20-debian or 21-ubuntu??)
I keep finding packets that appear to be whois on port 44. they appear to originate from me to whois.arin.net (2 packets each time) and 199.212.0.43 (also 2 packets each time) when I put 199.212.0.43 in the URL box it says "Failure To Connect To Web Server". when I whois it it says:
Quote:
Available at [url] And yes, I did get the same packets when I used whois. Why is my computer randomly whoising stuff?
I used the Fedora 12 LiveCD to install Fedora on my lappy. Earlier today I tried to use the whois command. Failed both as user and root. Now I tried to 'yum install whois' and look for it in Add/Remove Software app. Nothing...
I have also looked for whois in /bin and /sbin. I am now at the moment out of ideas.
I am trying to write a script that will do a whois on a domain but only print out the email addresses and if there is not one listed than say something like "No Address on file" or something. Does anyone have any ideas on how to do that?
What I have been trying to do is something like: whois iamned.com | grep "Tech Email" > file -v
I was doing some testing which is required for some of my products
Here is the strange behaviour i observed
First i did set the timezone to PST 2010 (which is less than GMT basically negative timezone)
zdump -v /etc/localtime |grep 2010 /etc/localtime Sun Mar 14 09:59:59 2010 UTC = Sun Mar 14 01:59:59 2010 PST isdst=0 gmtoff=-28800 /etc/localtime Sun Mar 14 10:00:00 2010 UTC = Sun Mar 14 03:00:00 2010 PDT isdst=1 gmtoff=-25200
[Code]....
Note:in the above case when i did set time to 2:59:55 and said ok by then CEST became CET already. That could be the reason why DST is not happening.
I tried with few other positive and negative timezone configuration all the negative time zones resets back properly where as all the positive timezones doesn't
All my timezone files are up to date,i am using fedora 9
I'm on ubuntu 10.4 and Cant seem to falsely authenticate myself with my AP. I am trying to break a wep key on one of my older linksys routers; It continues to say this:
Code: root@kevin-laptop:/home/kevin# aireplay-ng -1 1 -a xx:xx:xx:xx:xx:xx mon1 No source MAC (-h) specified. Using the device MAC (xx:xx:xx:xx:xx:xx) 11:39:16 Waiting for beacon frame (BSSID: xx:xx:xx:xx:xx:xx) on channel 6 11:39:16 Sending Authentication Request (Open System) [ACK] 11:39:18 Sending Authentication Request (Open System) [ACK] 11:39:20 Sending Authentication Request (Open System) [ACK]
Attack was unsuccessful. Possible reasons: * Perhaps MAC address filtering is enabled. * Check that the BSSID (-a option) is correct. * Try to change the number of packets (-o option). * The driver/card doesn't support injection. * This attack sometimes fails against some APs. * The card is not on the same channel as the AP. * You're too far from the AP. Get closer, or lower the transmit rate.
root@kevin-laptop:/home/kevin# I'm using an eeepc 701 it has an Atheros card and does injection. I have also tried it with backrack 4 and it works perfectly (it falsely authenticates with the ap and decrypts the wep key) I just cant seem to get it to work on ubuntu 10.4. Could it be a kernel issue? I found out that there is a bug in the new(er) kernel(s). If you use an older kernel (I used 2.6.31-14 which can be found here) and it magically works.
Just wondering how can one go about hiding their IP or displaying a false IP in Linux. Is this possible? Its not that I have anything to hide or any such things, I just like my privacy and don't like the idea that some one can track my actions and my location.
I have a 4 disk Raid 10 with Windows 7 installed & working. (Win 7 sees this as 1 disk.) I installed 9.10 onto a 5th disk, but I think that ubuntu saw the Raid 10 as 4 separate disks and wrote the boot loader to hd0- I had to rebuild my array & I couldn't load 9.10
For the second attempt, I disconnected my Raid 10 and 9.10 is now alive & well on the 5th disk, (presumably with the boot loader on the same disk). Both Win 7 & Ubuntu 9.10 now work but I have to steer to the required disk via the bios for loading.
I'm reluctant to play with the boot loader (GRUB?) from 9.10, because it doesn't seem to like my Windows disk array. Would something like EasyBCD (used from Win 7) be an option?
Recently a friend received a couple of emails from someone she knows with web links that purported to be about health issues. She clicked through on two of them; one gave an error, and the other went to a ****** site, so she believes these are "virus" sites. And the person who "sent" the email has just confirmed that his account was "hacked" (I'm guessing actually a virus on his computer). So, two questions:
1) She's running ubuntu 10.04. Is there any reason she should have concerns about her system's security? rkhunter gives no warnings.
2) She is also concerned that it could have compromised her email account (on gmail). I don't see how this is possible, but can anyone confirm about that?
I have added no data to my hard drive in the last few days. I saw a notification saying I had only 1.8Gb left on my drive. Shortly after I dismissed it and ran: Code: sudo apt-get clean like the notification suggested. Then, another poped up. Now it said I have 0 bytes left.
So, I opened the disk usage analizer and the data seemed normal, and not my full drive size. It still was saying I have no space so I checked the properties widow for / . It said / contained 128TB of data and the file counter showed no signs of stopping after a few minutes. Obviously my drive is not 128TB in fact it's only 500GB. Also the disk manager program (system volume information?) Said it has 28 bad sectors.
I'm migrating a mailserver from an old to a new mailserver. The new mailserver is based on ISPConfig 3.0.6.1. I would like to migrate what spamassassin learnt in the past from the old mailserver to the new one. Now the question:
- The 2 spamassassin versions are different. Is it a problem? - Can I just migrate the database with this commands??? Code: sa-learn --backup > sadb.bkp sa-learn --restore ./sadb.bkp
-how to migrate SpamAssasins Auto White List and all others SpamAssassins databases?
Upgraded my Debian server over the weekend - caught up on all the updates since January. One of them was Spamassassin, which was working fine before (3.2.5). After the upgrade to 3.3.1, it's NOT using Bayes anymore - and I'm now finding 200+ messages for male-enhancement/ED meds, knockoffs of expensive watches and no-study graduate degrees in my Inbox that previously would have gone to /dev/null. I have the following in /etc/spamassassin/local.cf:
Quote: Preconfiguring packages ... (Reading database ... 78720 files and directories currently installed.) Preparing to replace apt 0.7.25.3ubuntu9 (using .../apt_0.7.25.3ubuntu9.1_i386.deb) ... Unpacking replacement apt ... dpkg: error processing /var/cache/apt/archives/apt_0.7.25.3ubuntu9.1_i386.deb (--unpack): unable to create `/usr/share/locale/dz/LC_MESSAGES/apt.mo.dpkg-new' (while processing `./usr/share/locale/dz/LC_MESSAGES/apt.mo'): No space left on device No apport report written because the error message indicates a disk full error [Code]....
I wonder if anyone can help, I've got an annoying problem with an Acer Revo running Ubuntu 9.10 with the latest NVidia drivers. The Revo is connected to my TV via an amp by HDMI. The Revo didn't seem to like this, I'm assuming due to some handshaking issue with the HDMI which meant that no signal was being passed. Therefore, in Xorg.conf I have used
Code: Option"UseEDID" "False" This makes the a picture appear but the highest resolution available is 640x480 (if I connect directly to my TV and comment out the "UseEDID" line the resolution is the proper 1920x1080).I have tried editing xorg.conf (the file is posted at the bottom) to force 1920x1080 resolution but nothing seems to work.
Code: # nvidia-settings: X configuration file generated by nvidia-settings # nvidia-settings: version 1.0 (buildd@palmer) Sun Feb 1 20:21:04 UTC 2009 Section "ServerLayout"
I have vsftpd installed on my Debian (squeeze). I wish to let a local user (ftp) access the FTP server, but not login as normal user through SSH. In vsftpd.conf, I have enabed local user and chroot. I have also changed the shell of the local user (ftp) to /bin/false. The problem is that, I cannot login the FTP server from another computer (I login as "ftp" on a Windows machine). But when I change the shell of the local user (ftp) to /bin/sh, I can login the FTP successfully.
Is this the problem of Windows, or I should use something else instead of /bin/false if I want to prevent "ftp" login service other than FTP?
I have a new (few months) HP Compaq laptop where I run Fedora 13. A couple weeks ago, it started complaining about too many bad sectors in the HD. What I have done is to remove palimpsest from load-on-start list, so I don't get the annoying message. I know the palimpsest Disk Utility has given problems like this (false positives) in Ubuntu, and F11. So my concerns are:
Is it normal in F13 to get those palimpsest warnings? Or should I consider the idea that my new HD is really failing? If this is a bug in palimpsest, is it going to be fixed soon?
Due to all the "fun" I had upgrading spamassassin from 3.2.5 to 3.3.1 on C55 I thought I would detail it here so as to possibly save others from all the frustration I have endured. There are probably a zillion different ways to make this work but this is how I did it and it seems to work well.
1) Acquire spamassassin rpm. I downloaded several different versions from various sites and had problems with all of them so I ended up grabbing the SRPM from Fedora 13 spamassassin-3.3.1-2.fc13.src.rpm. This of course will not load onto C55 as rpmbuild has changed so I loaded it onto a FC13 box and then TARed the SPEC & SOURCES directories, copied them onto a C55 and built SRPM from there.
2) Install on C55 The new spamassassin requires several updated packages to make it happy. a) perl-Mail-DKIM greater than 0.31. I cheated and used this one from FC8 perl-Mail-DKIM-0.32-3.fc8.noarch.rpm b) perl-socket6 that is 2.0 or later. I got this one from DAG perl-Socket6-0.20-1.rf.x86_64.rpm c) perl-NetAddr-IP that is 4.0 or later. Again DAG saved the day perl-NetAddr-IP-4.007-1.rf.x86_64.rpm d) the spamassassin of course :) Actually I built them from the SRPMs as I needed both the 32 and 64 bit packages for various servers.
3) Run sa-update --D to get the latest rules then restart the spamassassin service. For those who do not have access to a FC13 box you can get a copy of the SRPM I made here [URL].
I have Centos 5.5 and using Postfix, procmail and Dovecot for sending and receiving emails. I have spamassassin installed too but not configured. I am getting lots of spams. I googled a lot to find if there is any configuration but I couldn't find.how to setup spamassassin to filter emails for spams.
Does a firewall exist, that shows "whois" info for ALL new connections that are attempted? Or even better, "smartwhois" info?New connections meaning, connections to IP blocks never connected to before. So you go to a site that belongs to owner A, and if an attempt is covertly made to connect to another site that belongs to owner B, an alert is shown and you choose if you trust this owner.
