Tag Archive: firewall


SORBS Bites Me Back

Filed under: IT CrowdLeave a comment
January 19, 2007

Last weekend I finally got around to putting my latest major hardware purchase into production. I got one of these SolidLogic GS-L02 Fanless Mini-ITX Systems. gs-l02_big1I called in my order to have it customized with the same hardware they used in one of their earlier firewalls with two nics and m0n0wall. I ordered mine without m0n0wall installed and added a 300GB hard drive instead of their flash disk. If I would have done more research, I would have found that only a i586 kernel could be installed with this vio processor. Hence no 2.6.x kernel. Not a problem as I was planning to install SmoothWall Express 2.0 which uses a 2.4.x kernel. It’s a sweet system using low power and the only sound is the hard drive motor and disk writes. One advantage of this system is it’s lack of tempting buttons to push by kids. That came with a problem however. Doing a ‘halt’, ‘shutdown’ or ‘reboot’ would power it down for good. Applying the power does not bring it back up. I had to open it up and short a couple pins to get it back on. After forgetting this a few times I went out and got a very tiny push button switch from RadioShack and mounted it under the AC jack. So I digress.

The move to a new firewall means a different nic/mac address to my ISP therefore I get a different dynamic IP address. My personal domain is hosted by another ISP but I have full control of setting it up for email and web services. I use it as my default SMTP but have to use a different port than the normal SMTP 25 as my ISP filters them to keep people from abusing and being abused by spammers.

My current email server runs Postfix, SpamAssassin, and MailScanner with ClamAV. (I’m lazy, forgive me for not linking all those.) I have tuned my MailScanner setting to check for spammers against SORBS-DNSBL, SBL+XBL, and ORDB-RBL lists. Lately I have tightened the grip by calling email spam if the sender is listed on even one of these lists. Low graded spam is forwarded to me and high spam gets dumped into another account I use for Bayesian filter training in Thunderbird. Missed spam can also get tagged and a cron-job picks it back up later in the day to train SpamAssassin’s Bayesian filter.

I installed the firewall last weekend and all is running well and smooth. Then on Monday my wife emails several people and I get a copy assuming I was one of the recipients not thinking much of it. Then on Thursday she emails directly to someone and I notice it tagged as Spam. My first thought is that I caused this by over training with some of the latest ‘pump-n-dump’ spam designed to poison Bayes filters. So I quickly retrain SpamAssassin and have her try again but it comes to me again as spam.

So what could it be? The only thing I did was change the firewall. I later discovered the current IP I was assigned was listed on SORBS and possibly other RBL lists. I assumed my previous IP was listed too so this wasn’t my initial conclusion of being the problem but the old IP was not listed. My initial thought for fixing this was to re-write the headers in order to get mail out but I needed to step one square back and understand that it was my server rejecting even tho I use SMTPAUTH to avoid relay rejection. To fix this problem I had to add my IP to the spam.whitelist.rules that MailScanner reads.

In conclusion: My email server started rejecting my own email due to the change of my connecting IP address which is listed in the SORBS database. This was resolved by adding my IP to the MailScanner whitelist.

Tags: , , , ,
Comment

More Hodge Podge Topics

Filed under: IT CrowdLeave a comment
February 18, 2004

Not a good start this morning. Didn’t even finish shaving this morning before my computer trouble found me! Kassie had trouble booting up the home PC. We have a Dell 2350 with a 15″ flat panel and a add in NIC and add in graphics card. Sometimes that on-board stuff is just crap! The on-board video couldn’t handle high end colors and resolution even in Windows. The on-board NIC kept freaking out in Linux causing me to restart the network to repair. All that got very tiring. So I looked at the Windows updates manually last night and saw a video driver was available. Installed and reboot… into Linux then and wrote yesterdays post and shutdown for the evening. So this morning as Kassie boots up, Windows sat at a black screen. I remove the driver in safe mode but upon entering normal mode again it reinstalled and instantly brought the PC to a crawl. 10 to 8AM and I just couldn’t wait to fix it. So no games for the kids today. However Linux is running just fine. Kassie hadn’t been in her profile for quite some time now. But I did see she had done some emailings. So this evening maybe I can get to that turtle and rip out the hotfix. If not then I’ll have to just reinstall the other drivers once again to override it.

Today at work… The banner ad cleanup seems to be working fair. Nobody has come complaining to me yet. I have seen a few blank spots on pages where the ad should have been but some of these folks need about a week to figure that something was wrong.

Looks like I’m going to get bumped down to #9 in the Gallery forum. Paour is firing off messages like a mad man! He has just released a major release for the Gallery Remote and of course, the trouble tickets come roaring in. I haven’t been in that arena for a bit. My last glitches were proven to be too much for me to debug with him.

I got on an online chat panel with Linksys this afternoon. Trying to troubleshoot the dang wireless access point. This gal didn’t provide a lick of knowledge on the the topic. All she could offer is restart the AP. Or can you ping it? I ended up changing it to use no WEP and it works. I did find that the authentication method had to be set to “both” as in open and (I assume) shared. Seems setting it to either one of those would not work. In that event of turning off WEP I had to re-enter the new keys and noticed key one was different. I should have known. Some how it was buggered up and that was probably it. But as usual around here… nothing ever goes without something else breaking. The QC dept. PC now connects to the secure AP but not after a reboot. So in attempts to go back to the insecure AP I can not get it to connect there at all now. I wrote a note to leave the PC powered one with it working on the secure network. Another priority job to tackle I guess.

The boss is leaving again tomorrow so I need to sync up his “My Documents”. This proves to be a slow and tedious task. I tried using rsync but then I would need to mount both PC’s and that proved to be another stumbling block. Cant seem to mount the damn XP laptop! I’m sure I had this idea once before, but I don’t recall what part I stumbled on. Transferring via MS Networking between XP and 2000 also proves to be tedious. Seems MS had a patch that screwed up network performance.

I just might not get to the home PC. I have church this evening and then a mens mentoring meeting afterword. That should be odd. Guys can’t do much before the comfort level increases. I have a feeling the place will be packed with guys who want to mentor rather be mentored. Well we all need some level of mentoring… it’s just a matter of pride I guess.

Tags: , , , , , , ,
Comment

Quick update

Filed under: Blessings, IT CrowdLeave a comment
January 26, 2004

I’m not going to do too much filling in from the past posts in the archives. I’ll just try elaborating when detail is lacking.

Today I wrestle once again with our M2M sistem upgrade from 5.02 SP5 to 5.5. I keep getting into trouble with the SQL2SQL conversion. Talking with M2M again today didn’t make me much happier. But they did spark a thought about the data I restored from previous restores. I had restored data prior to removing ADS’s IFE package which is what we are trying to get away from. So after that I had to once again go back to square one. Amazing how only 2 ppl can hold up the show between testing this thing out!

Other topics I have been working on are to flesh out the denied logs of ads in the squid-cache server. Tired of scrolling through those denies. So I think I need to make a firewall table for that. Also been researching some viruses that have been hitting pretty heavy. They must be new enough that they are not searchable yet on Google. Also was helping Scott out with his MailScanner to try getting rid of some pesky spam that doesn’t get detected on his system. Both my servers are detecting them but it’s not high enough to trash them. I need to get a tighter hold on trashing the same daily ones I get.

We had Gaven dedicate to the Lord this weekend! Prayed lots that he wouldn’t cry or do is normal tantrum up on the stage. He slept through the whole thing! I need to make a mp3 tract of all the kids’ dedications to email or post on the website. Cristina was gracious to watch Adea and Garidy while Kassie and I could go out to dinner for a date night. We took Gaven of course. He was not a happy little guy. I ran to Shop-Ko to get a pacifier and that didn’t work. Kassie fed him and changed him… that didn’t work. So by the time the food came we had them box it up and we left. :/ Don’t remember the last time we went out for a date. We will have to try again some time after Gaven is a bit older. We need to rekindle our marriage!

Tags: , , , ,
Comment

A new beginning

Filed under: IT CrowdLeave a comment
April 1, 2003

Lets see… what’s new since Friday?… Been tinkering with my new machine in the basement; planning to migrate my existing P200MMX box to this Athlon 900. I had installed RH8.0 on it via RedHat Install Server/NFS. I then rsynced the /home data over and migrated the groups and passwords and shadow files. All is well with the users! Now… once again… I’m having trouble with some lock down of the firewalling. I have since opened it all up and restarted. I was getting connected via ssh and http just fine… this morning I try logging in ssh remotely and no route! :-( I have a feeling it may have something to do with lokkit but not totally sure. Anyway I may not mess with it too much since I’m now pulling RH9 iso’s down as I type this.

Purchased an entitlement for $60 today! This is primarily for work since they paid for it but I juggle a couple entitlements around freely now without high load error 50 spitting in my face. Of course to get the new iso’s too! :-D

My workstation here at work is just about all configured to my liking again. Still haven’t gotten my old /home back. I did however get a new 80GB drive to install Linux to. I am hoping some time in the not so distant future I might find a way to recover my lost data. It’s only one years worth of stuff, but some personal stuff got lost too. Yeah I am backing it up to tape now… so spare me the lecture! :-(

During my many re installations of the same non-RH stock apps previously used, I discovered that RH8.0 still didn’t fix the video bug with ATI Rage 128 cards. What happens is with some types of apps (don’t ask), such as rdesktop you may experience a full X lockup by moving or scrolling a remote window. In RH7.3, it turns out to be the enabled DRI setting in the xconfig file. Disabled this again solved my problem.

Saturday I got a postcard from Dell telling me they “…did not receive a packing slip with…” my rebate request. I got a flat panel monitor with my latest purchase back in January and it was with a $100 rebate. Instructions were to send in the rebate form with the packing slip which I did not get. I had to go online and reissue that and in the mean time I had via snail-mail, another piece of paper I thought was the packing slip and it showed the info they were looking for. Now I’m thinking this was the invoice rather than the packing slip. So now yesterday I could not even get their site to find my orders online! Called them up and they tell me after 30 days you can’t reissue these. So they had me fax this postcard back and they’d manually reissue it. We’ll see :-\

Tags: , , , , ,
Comment
Follow

Get every new post delivered to your Inbox.