Tag Archive: spam


SORBS Bites Me Back

Filed under: IT CrowdLeave a comment
January 19, 2007

Last weekend I finally got around to putting my latest major hardware purchase into production. I got one of these SolidLogic GS-L02 Fanless Mini-ITX Systems. gs-l02_big1I called in my order to have it customized with the same hardware they used in one of their earlier firewalls with two nics and m0n0wall. I ordered mine without m0n0wall installed and added a 300GB hard drive instead of their flash disk. If I would have done more research, I would have found that only a i586 kernel could be installed with this vio processor. Hence no 2.6.x kernel. Not a problem as I was planning to install SmoothWall Express 2.0 which uses a 2.4.x kernel. It’s a sweet system using low power and the only sound is the hard drive motor and disk writes. One advantage of this system is it’s lack of tempting buttons to push by kids. That came with a problem however. Doing a ‘halt’, ‘shutdown’ or ‘reboot’ would power it down for good. Applying the power does not bring it back up. I had to open it up and short a couple pins to get it back on. After forgetting this a few times I went out and got a very tiny push button switch from RadioShack and mounted it under the AC jack. So I digress.

The move to a new firewall means a different nic/mac address to my ISP therefore I get a different dynamic IP address. My personal domain is hosted by another ISP but I have full control of setting it up for email and web services. I use it as my default SMTP but have to use a different port than the normal SMTP 25 as my ISP filters them to keep people from abusing and being abused by spammers.

My current email server runs Postfix, SpamAssassin, and MailScanner with ClamAV. (I’m lazy, forgive me for not linking all those.) I have tuned my MailScanner setting to check for spammers against SORBS-DNSBL, SBL+XBL, and ORDB-RBL lists. Lately I have tightened the grip by calling email spam if the sender is listed on even one of these lists. Low graded spam is forwarded to me and high spam gets dumped into another account I use for Bayesian filter training in Thunderbird. Missed spam can also get tagged and a cron-job picks it back up later in the day to train SpamAssassin’s Bayesian filter.

I installed the firewall last weekend and all is running well and smooth. Then on Monday my wife emails several people and I get a copy assuming I was one of the recipients not thinking much of it. Then on Thursday she emails directly to someone and I notice it tagged as Spam. My first thought is that I caused this by over training with some of the latest ‘pump-n-dump’ spam designed to poison Bayes filters. So I quickly retrain SpamAssassin and have her try again but it comes to me again as spam.

So what could it be? The only thing I did was change the firewall. I later discovered the current IP I was assigned was listed on SORBS and possibly other RBL lists. I assumed my previous IP was listed too so this wasn’t my initial conclusion of being the problem but the old IP was not listed. My initial thought for fixing this was to re-write the headers in order to get mail out but I needed to step one square back and understand that it was my server rejecting even tho I use SMTPAUTH to avoid relay rejection. To fix this problem I had to add my IP to the spam.whitelist.rules that MailScanner reads.

In conclusion: My email server started rejecting my own email due to the change of my connecting IP address which is listed in the SORBS database. This was resolved by adding my IP to the MailScanner whitelist.

Tags: , , , ,
Comment

Stranger Here

Filed under: IT CrowdLeave a comment
May 12, 2004

Yes it has been weighing on me that I have not posted is a long while. Thoughts of even giving it up came to mind. I think it is the thought of needing to fill in the gap in a huge effort to catch up. That is just not going to happen tho.

I have been trying to get a raise the past couple months. Seems I may have met my challenge in proving my worthiness. Also just that thought of having to prove myself may not be the point and that my boss may have a different idea of what I am worth to him. IMHO, he doesn’t reward based on your efforts but by your loyalty and social status. May be a sad mis-diagnosis of a fellow Christian… I know. However I will not stand down without a stiff answer. Seems as if business has kept us from meeting since my initial inquiry. That and the lack of courage and preparedness. So I suck! :P

I’m hoping that we will once and forever lose Made2Manage. The latest stunt is a stiff price for doing our customization. Somewhere about $67k and the kicker is the no liability warranty sticker to go with it! For just a bit more… $87k we can go with a much better IMO, ERP package called Abas. This includes our training, customization, setup, installation, and product. This is a German company and has thoroughly impressed me. Problem is I found this company without much effort. This may be bad based on the lack of research into other companies. My search was narrowed by Linux requirements tho. The next bet was an OpenSource project, but I just didn’t want to back it. If I had a team of supporters here in the office it would be different.

Serving at the church has been picking up too! I am now a “Small Group Connector” who finds a group for individuals looking for Community Groups or Men’s Breakfast/Mentoring groups and such. I also have been helping out with a ToolBox project with the church website. Won’t be helping too much with this as they insist on using Microsoft products. So they are mostly interested in my direction I guess. The other thing is I have been meeting with two mentors quite regularly. Doing some workgroup type studies including some memory verse practice. I also have been helping out with Wednesday evening 4th grader classes. Tonight I have them by myself as the main teacher is out of town. I’m hopping next year I will have my own class. I like the 4th grade too. Not interested in moving up with my class. Still seeking an answer from the Lord on what to do about helping out with Summer Camp next month. It is looking more and more in favor tho!

I have been working on my old hard drive once again. I had been playing with some new partitioning tools from various CDs and ended up using the old standby fdisk for Linux. The trouble had been creating the same partitioning scheme I had written down at the time it was working. I have since figured out how to do this but also figured out a more damaging concept that may be the last straw… c/h/s. Cylinder/Heads/Sectors geometry. Seems I even documented this in the working stage before I doused it. What I wrote down was not the manufacture geometry shown on this drive. So I assume the geometry was changed about three times in the midst of all this. Testing on the documented and recommended geometries didn’t work. What doesn’t work is that I can’t mount the drive. It won’t recognize the system file type. This has not been formatted since either so there may be some extra levels I just don’t comprehend about it needing it. IMO that would be the last straw… in a sense wiping the drive.

This week I have tightened the noose on the spammers. I have been building a blacklisted.rules file that is now up to about 200 IPs and networks that have been blacklisted. With the rampant viruses and spyware out, this is a difficult task. Mutation through the networks seems to be never ending.

Tags: , , , , , , , ,
Comment

Week End

Filed under: IT CrowdLeave a comment
March 5, 2004

The Wifi saga had another story to tell. The WEP security did lock out the Orinoco clients. I guess I should have thoroughly checked it out. I got a call Wednesday morning with complaints of not getting access. Not much I can do while at home shaving! So when I got in I had swapped him with the D-Link card. All is well with him now. Next is the far back users… he is using a Linksys card but Windows 98. After switching to WEP, I again failed to follow through and reboot his to test. Now his card doesn’t authenticate until after logging in. So he can’t authenticate with the domain server and map network drives until after the initial logging in. I still need to do some research. So I wanted to improve the signal strength by using a booster. Low and behold… Linksys doesn’t sell the signal booster any longer due to FCC restrictions. The remainder of them were pulled off the retail shelves probably two months ago. :( The good thing is we have two! Since we ended up hooking up our bridge outside the buildings, both were not needed. This did increase the signal strength indeed by about 25%. Unfortunately it didn’t help the Win98 login issue.

Well with the increase in spam these days, I decided to reevaluate the spamassassin scores. I have dropped the high filter from 8 to 6 and the minimum filter from 5 to 4. Also found some settings to enhance the RBL blacklists. Changing this from 5 to 2 will create a better hit and deny more of them at the door.

More phone troubles. Been getting lots of calls that lag at the start of the conversation and causing the receptionists to hang up on ppl too fast. They are trained to wait longer however now but now we need to figure out what it’s coming from. We have 8 lines and it seems to be happening just on our main line for incoming calls. Learning more about our phone system almost daily now!

Seems to have been a rather slow week in some ways here at work. Got time to answer some backlog in the Gallery forums. This brought my status back up to #8 but not by much; something like a 7 post lead over #9.

Got to meet with both mentors this week for lunch! Even got a call from the men’s mentor ministry leader Wednesday night! It sure is wonderful to have great friends watching out for me. Laying all my troubles out for them on the table seems to help tremendously. Some troubles just can’t be fought alone. Having a group of friends praying for you helps fend off the evil one. On the flip side I find that I am not alone when it comes to the same kinds of struggles. Nothing worse than getting advice from someone who hasn’t been in your shoes before. This new toolbox is going to help me help others.

Tags: , , , , ,
Comment

Virus Haven

Filed under: UncategorizedLeave a comment
January 27, 2004

It started yesterday… got a few new viruses called Worm.SCO.A by our ClamAV email scanner. Of course I couldn’t find any info by that name. Looked at Symantecs latest info on new viri and W32.Novarg.A@mm looked most promising. They rated it a category 4 out of 5 being the highest. Seems this one is a call to all zombies to attack www.sco.com. They are notorious for attacking Linux companies claiming ownership of Unix code. So I have spent part of the day looking for email statistical applications to start tracking some of this type of activity. Seems that this has been the heaviest hitting email I’ve ever seen.

M2M has closed my case last night. This doesn’t make me happy since every single problem listed still exists. Sometimes I feel they need to try desperately to close cases by a certain amount of time. They haven’t spent any time on this case of mine because any time spent on it was by my calling them because I was tired of waiting on them to call back on my mission critical issues. After meeting a lot of their staff when I went to Indianapolis last spring, I had a better appreciation for them. Now that they seem to have forgotten what we look like they tend to fall back into their routine of sell sell sell instead of fix fix fix.

Surprisingly a lot of spam containing links to their sites for unsubscribe instructions actually work! Some seem to host about a thousand different companies so you end up seeing the same screen but I think they are legit for each company. I definitely don’t use the ones who only accept unsubscribes via email only. For one I wouldn’t want to take the time forging the address. Was a little surprised to see one site today that sends back a email for confirmation. So my next thing will be to create a blacklist I think I mentioned yesterday with helping Scott out with. Man! Speaking of Scott… he still hasn’t added a virus scanner to his system. Just trusts the stripping of attachment types to do the work. So now with this sco virus he has to temporarily strip zip files even. Those are fairly acceptable files used to compress file or files contained for delivery on floppy or email. Pretty soon he’ll just have to strip all attachments because just about anything can contain virus these days. Hmm… if I were devious I’d have to create some virus that could be transmitted via jpg. The jpg would even be viewable, just that the header would contain some type of virus. They have already proven that cryptographic data could be stored in them.

Well it turns out that ADS IFE reinstall uninstall didn’t do the trick. So back to opening up that case!

Tags: , , ,
Comment

Quick update

Filed under: Blessings, IT CrowdLeave a comment
January 26, 2004

I’m not going to do too much filling in from the past posts in the archives. I’ll just try elaborating when detail is lacking.

Today I wrestle once again with our M2M sistem upgrade from 5.02 SP5 to 5.5. I keep getting into trouble with the SQL2SQL conversion. Talking with M2M again today didn’t make me much happier. But they did spark a thought about the data I restored from previous restores. I had restored data prior to removing ADS’s IFE package which is what we are trying to get away from. So after that I had to once again go back to square one. Amazing how only 2 ppl can hold up the show between testing this thing out!

Other topics I have been working on are to flesh out the denied logs of ads in the squid-cache server. Tired of scrolling through those denies. So I think I need to make a firewall table for that. Also been researching some viruses that have been hitting pretty heavy. They must be new enough that they are not searchable yet on Google. Also was helping Scott out with his MailScanner to try getting rid of some pesky spam that doesn’t get detected on his system. Both my servers are detecting them but it’s not high enough to trash them. I need to get a tighter hold on trashing the same daily ones I get.

We had Gaven dedicate to the Lord this weekend! Prayed lots that he wouldn’t cry or do is normal tantrum up on the stage. He slept through the whole thing! I need to make a mp3 tract of all the kids’ dedications to email or post on the website. Cristina was gracious to watch Adea and Garidy while Kassie and I could go out to dinner for a date night. We took Gaven of course. He was not a happy little guy. I ran to Shop-Ko to get a pacifier and that didn’t work. Kassie fed him and changed him… that didn’t work. So by the time the food came we had them box it up and we left. :/ Don’t remember the last time we went out for a date. We will have to try again some time after Gaven is a bit older. We need to rekindle our marriage!

Tags: , , , ,
Comment
Follow

Get every new post delivered to your Inbox.