LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue14/answer.html

526 lines
19 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<title>The Answer Guy Issue 14</title>
</head>
<BODY>
<H4>&quot;Linux Gazette...<I>making Linux just a little more lovable!</I>&quot;
<IMG ALIGN=MIDDLE SRC="../gx/heart.gif">
</H4>
<P> <hr> <P>
<!-- ===================================================================== -->
<center>
<H1><A NAME="answer">
<img src="../gx/ans.gif" alt="" border=0 align=middle>
The Answer Guy
<img src="../gx/ans.gif" alt="" border=0 align=middle>
</A></H1> <BR>
<H4>By James T. Dennis,
<a href="mailto:jimd@starshine.org">jimd@starshine.org</a> </H4>
</center>
<p><hr><p>
<H3>Contents:</H3>
<ul>
<li><a HREF="./answer.html#block">Netscape Mail Block</a>
<li><a HREF="./answer.html#mail">Dealing with e-mail on a pop3 server</a>
<li><a HREF="./answer.html#secure">Security Problem</a>
<li><a HREF="./answer.html#more">More on Security Problem</a>
<li><a HREF="./answer.html#dialup">Dial-up Problem</a>
<li><a HREF="./answer.html#window">X Window Problem</a>
</ul>
<p><hr><p>
<!--================================================================-->
<a name="block"></a>
<h3><img align=bottom alt=" " src="../gx/ques.gif">
Netscape Mail Block
</h3>
<p>
Date: Sun, 15 Dec 1996 23:16:10 -0800 (PST)
<p>
<B>
hi... mitch here in mobile, alabama... <BR>
i need to refuse to accept email from a particular person...
how can i configure netscape and/or cnd1.0 to bounce the
person's mail back to them?
</B>
<P>
<img align=bottom alt=" " src="../gx/ans2.gif">
I'd use procmail. CND uses procmail as your
&quot;local delivery agent&quot; (by default). This means
that sendmail passes any mail to a local account
to procmail and lets procmail due the final delivery
to your mail box (/var/spool/mail/$YOUR_LOGIN_NAME).
<P>
However, when procmail does this, it checks for a
.procmailrc file in your home directory (and does
some ownership and permissions checks on it for you).
<P>
procmail is a little programming language specifically
for processing mail.
<P>
Your .procmailrc file can have a variety of settings
and clauses (which are called &quot;recipes&quot; by the author).
You can also modularize this by using a variety of
INCLUDE directives. Here's a simple example that
should get you started.
<PRE>
:0 hr
* ^From.*spammer.you.despise@spamhaven.com
* !^FROM_MAILER
* !^FROM_DAEMON
* !^X-Loop: ${USERNAME}@`hostname`"
| (formail -r -A"X-Loop: ${USERNAME}@`hostname`" \
-A"Precedence: junk" ;\
echo "Your mail is not welcome here."
echo "Please don't mail me again."
echo
cat ~/your.signature.or.flame
)
</PRE>
The :0 marks this as a new recipe (so each new
recipe starts with a :0 line). The 'h' on that
line is one of several flags to procmail about what
parts of the message to hand to your action line
(which comes up later). 'h' says: give me the header
'r' says: treat the incoming data as &quot;raw&quot; (so his
failure to put a blank line at the end of his message
won't cause your response to fail).
<P>
The four &quot;star&quot; lines after that are conditions --
the first specifies that the header indicates that
the message be &quot;from&quot; your spammer (or unwanted
sender). This will actually match any &quot;from&quot; or
&quot;From:&quot; line that contains your targets e-mail address.
The next two lines try to ensure that you don't respond
to daemons and mailers (mailing lists). The next one
(which you should fill in with your username and hostname)
makes sure that your don't respond to your own response.
<P>
Those three conditions are to protect your script from
being tricked into doing bad things. Consider them to
be the minimum overhead on any autoresponders that you
write.
<P>
The next line (starting with a &quot;|&quot; pipe character) is
the action to take.
<P>
In procmail there are three types of actions. A
filename simply specifies an mbox (elm, pine, or mailx
compatible) folder to file this away in. A directory
name specifies an mh or mmdf folder to store the message
in (mh and mmdf use different naming schemes for the
messages in their folder directories -- you don't need
to worry about this unless you use on of these mail
user agents). A '!' (bang) line specifies an e-mail
address to which to bounce the message. A '|' (pipe)
line specifies that the message should be filtered
through a local program.
<P>
formail is a program that comes with the procmail package.
It &quot;formats mail headers.&quot; This particular formail command
formats a &quot;reply&quot; (-r) header and adds two additional header
lines -- a standard &quot;Precedence: junk&quot; line and a personal
&quot;X-&quot; line (which the RFC822 spec allows you to use to embed
custom information into a header). This is where your
message adds the line that would prevent an attack by routing
your response back into your script (a mail loop).
<P>
The echo and cat statements after the formail line just
provide output that is appended after the mail header. This
becomes the body of your response. You can add additional
echo lines -- or you can create a file and just 'cat' it
here.
<P>
If you are new to procmail (which is almost certain given
your question -- autoresponders are some of the first things
procmail'ers learn) you may be nervous about 'breaking'
something and losing some of your mail. So -- to protect
yourself from that you might want start your .procmailrc
with the following simple recipe:
<PRE>
:0 c
fallback
</PRE>
Which (if it is the *first* recipe) simply appends a copy
of every incoming message to a file (in your ~/Mail directory
by default) named fallback. You can compare the contents of
that folder to your inbox until you're confident that things
are working as you expect.
<P>
Please read the procmail and procmailex
(examples) man pages for more details. The author
Stephen van der Berg, has also written an automated
mail list management package called SmartList -- which is
highly regarded among people who've tried it. I like
SmartList *much* more than majordomo.
<P>
--Jim
<p><hr><p>
<!--================================================================-->
<a name="mail"></a>
<h3><img align=bottom alt=" " src="../gx/ques.gif">
Dealing with e-mail on a pop3 server
</h3>
Date: Tue, 28 Jan 1997 04:02:06 -0800 (PST)
<P> <B>
From Moe Green:
<P>
Is there any way (or any program out there) which will not only get my
email from a pop3 server off of one account, then distribute it to
multiple users on my system by either the from: or subject: lines???
<P>
Example: Perhaps popclient could get the mail and save to temp, then is
there a program which would go through and say, hmmm...this mail is from
johndoe@linux.org and it goes to root...then the next message is from
mike@canoe.net and it goes to dave???
<P>
Thanks for your time, keep up the good work. <BR>
-Moe Green, <A HREF="mailto:starved@ix.netcom.com">
starved@ix.netcom.com</A>
</B> <P>
<img align=bottom alt=" " src="../gx/ans2.gif">
It is possible to write procmail scripts that can do
this sort of thing. However I don't recommend this
approach at all.
<P>
The current version of 'popclient' is called 'fetchmail'
(because it supports IMAP and some other mail store and
forward protocols).
<P>
It's default is to fetch the mail from your POP or IMAP
server and feed it to the smtpd (sendmail) on your
local host. This means that any special processing that
would be done by the aliases or .forward files (especially
any processing through procmail scripts) will be done
automatically.
<P>
It is possible to over-ride that feature and feed the
messages through a pipe or into a file. It is also
possible, using procmail or any scripting language,
to parse and dispatch the file. Using anything other
than procmail would require that you know *alot* about
RFC822 (the standard for internet mail headers) and
about e-mail in general.
<P>
I did write an article on procmail this month -- but
may have submitted it too late for inclusion into
this month's Linux Gazette. The gist of it is available
on my own mail server (send mail to info@starshine.org
with a subject of ``procmail'' or ``mailbot'').
<P>
The reason I don't recommend all of this is that it
violates the intentions and design of internet e-mail.
A better solution is to find a provider of UUCP services
(or at least SMTP/MX services). UUCP is the *right* way
to provide e-mail to disconnected (dial-up) hosts and
networks. It was designed and implemented over 25 years
ago and all of the mail systems on the Internet know how
to gateway to UUCP sites.
<P>
As for SMTP/MX services for disconnected hosts/networks.
Various ways of hacking sendmail and DNS configurations have
been developed in the last few years -- with a variety of
shell scripts and custom programs to support them. All of
these provide essentially the same services as mail via
UUCP over TCP -- but without conforming to any standard
(meaning that whatever you learn and configure with one
ISP probably won't work with the next one).
<P>
Glad I could help. I hope that article on procmail
helps.
<P>
--Jim
<p><hr><p>
<!--================================================================-->
<a name="secure"></a>
<h3><img align=bottom alt=" " src="../gx/ques.gif">
Security Problem
</h3>
Date: Tue, 28 Jan 1997 04:02:06 -0800 (PST)
<P> <B>
From Jay:
<P>
Recently a cracker got into my linux system on the internet.
He didn't do a lot of damage but he did turn off system logging.
I guess so I couldn't see what he'd done. Now I can't get it working
again....
<ol>
<li>I've made sure that the syslogd program is running using 'ps'
<li>I've read the syslogd.conf file to make sure it's logging everything,
and where it's going to.
<li>I've checked permissions on the log file
<li>I did a 'kill -HUP' on the syslogd process and it writes 'restart' to
the log
<li>'logger' does nothing when I run it (no log entry, no error)
<li>All my C programs that wrote to syslog don't anymore
</ol>
Anyone have any good ideas what to do from here?
<P>
Thanks <BR>
--Jay, <A HREF="mailto:jay@shadow.ashpool.com">jay@shadow.ashpool.com</A><BR>
</B> <P>
<img align=bottom alt=" " src="../gx/ans2.gif">
I do but they are rather too involved for me to type
up tonight.
<P>
I really recommend that you reinstall the OS and
all binaries from scratch whenever you think that
root has been compromised on a system. I realize that
this is a time-consuming proposition -- but it is the
only way to really be sure.
<P>
I also recommend tripwire (<a
href="ftp://ftp.cs.perdue.edu/">ftp.cs.perdue.edu</a>
in the COAST archive -- and it's mirrors).
<P>
Please feel free to write me if you continue to have
system security problems. <A HREF="mailto:jimd@starshine.org">
jimd@starshine.org</A>
<P>
Sorry to take so long to respond. I've been literally
swamped all month.
<P>
--Jim
<p><hr><p>
<!--================================================================-->
<a name="more"></a>
<h3><img align=bottom alt=" " src="../gx/ques.gif">
More on Security Problem
</h3>
Date: Tue, 28 Jan 1997 18:56:22 -0800 (PST)
<P> <B>
From Jay:<p>
&gt;&gt;&gt; Recently a cracker got into my linux system on the internet.<br>
&gt;&gt;<br>
&gt;&gt; Did you restart the whole system?<br>
&gt;&gt; I would consider replacing syslog from your CD's and<br>
&gt;&gt; restarting your system.<br>
&gt;<br>
I found that the cracker had replaced my syslogd with a packet
sniffer. I think he had copied the syslogd code and replaced parts
of it with his sniffer. It seemed to have some functionality but not
a lot...
<P>
I also found a SUID version of bash in my /tmp directory.
My thought is that this is how he originally got root access.
</B> <P>
<img align=bottom alt=" " src="../gx/ans2.gif">
Not too surprising. He was probably using a 'rootkit.'
However he obviously didn't do a very good job of
covering his tracks.
<P>
You should consider all passwords for all of the systems
on the local net to be compromised. Force password
changes across the board and consider installing ssh
or stelnet (secure, encrypted replacements to rlogin/rsh
and telnet respectively).
<P>
He probably got in through the "Leshka" sendmail
bug (allowing any shell user to create a root
owned SUID shell in /tmp/ on any system with an
SUID root copy of sendmail (version ~8.6.x to 8.7.x
???) using a bug in sendmail's handling of ARGV[0]
and it's subsequent SIGHUP handling.
<P>
Everyone using earlier versions of sendmail should
upgrade to 8.8.3 or later
(<a href="http://www.sendmail.org">www.sendmail.org</a>
for details).
<P>
How important are this system and the other systems
on the same LAN segment to your business?
<P>
I'd seriously consider hiring a qualified consultant
for a full day risk assessment and audit. Unfortunately
you'll probably pay at least $125/hr for anyone that's
worth talking to and many of the "security consultants"
out there are snake oil salesmen.
<P>
I personally trust Peter Shipley (<a
href="http://www.dis.org/">www.dis.org</a>) and
Brent Chapman (<a
href="http://www.greatcircle.com/">www.greatcircle.com</a>) (co-author of
the O'Reilly Firewalls book) Strat Rose (<a
href="http://www.virtual.net/">www.virtual.net</a>)
and Dan Farmer (<a href="http://www.trouble.org/">www.trouble.org</a>)
(co-author of SATAN).
Most of them are live in the SF Bay Area (silicon valley)
and most of them aren't available most of the time
(Brent is working on a large project to integrate
the SGI and Cray WAN's; Strata has accepted a full-time
position at synopsis.com, etc).
<P>
I only consider myself to be a student, at best an
apprentice, at data security. I'm willing to help --
but I can offer a list of satisfied clients for RASA
services and I have no official "credentials."
<P>
--Jim
<p><hr><p>
<!--================================================================-->
<a name="dialup"></a>
<h3><img align=bottom alt=" " src="../gx/ques.gif">
Dial-up Problem
</h3>
Date: Tue, 28 Jan 1997 22:56:35 -0800 (PST)
<P>
<B>
From Seth Vidal:
<p>I was reading your answer in LG(#13) to the individual who had slow rate
problems with ppp. Something which he did not mention that might be of
help is the MTU. Some isp's set the mtu or have ppp do the negotiation.
NOT all. Some of the newer ones have not quite figured out that a 14.4
or 28.8 is not going to get a packet size over 576 very often. If he
sets his mtu to 576 (or even 296 for a 14.4) he may be able to force the
provider's setting down. I have found that in a standard (slackware or
redhat) linux distribution that the mtu defaults to 1500 which will
result in slow downs and problems if your modem encounters errors
frequently. I know what ppp is "supposed to do" when set up correctly.
But he cannot control the ignorance of his ISP and therefore it would be
to his behest to give that a try. If you'd like to pass the information
along to the individual who wrote the message feel free.
I hope this helps him and any others.
<P>
cheers,<br>
Seth Vidal, <A HREF="mailto:skvidal@terminus.ehc.edu">
skvidal@terminus.ehc.edu </A>
</b>
<p><hr><p>
<!--================================================================-->
<a name="window"></a>
<h3><img align=bottom alt=" " src="../gx/ques.gif">
X Window Problem
</h3>
Date: Tue, 28 Jan 1997 04:02:06 -0800 (PST)
<P> <B>
From: Chris Lee, <A HREF="mailto:techno@usa.net">techno@usa.net</A>
<P>
1.) X Windows
I got a Cirrus 5434 1mb video card, whenin 640x480x8bit the video is
*fine* not great, I get little specs once in awhile on the screen, they
go away with a simple [refresh] but still... When in 800x600x8bit I get
lines, not specs anymore, alomst allways horizontial, and about 3pixels
high, and allways croos the entire screen, not the virtual screen
though, and they also go away with a simple [refresh] thses line occur
alot more then the specs did. My vid card works fine in DOS/Windows. Any
suggestions ?
</B> <P>
<img align=bottom alt=" " src="../gx/ans2.gif">
You can look for the SuperProbe utility that comes with most
recent distributions. This will provide info that can be
autodetected about your video card.
<P>
Frankly XWindows configuration under XFree86 is black magic.
A few people are really good at it and mere mortals
(such as I) just plug along and hope for the best.
<P>
The new XFree86 3.1.2 release seems to be better about
this but I'm sure that I'm not getting the optimal
color and clock settings from my various X installations
either.
<p>
<B>
2.)Is there any Linux or X-Windows mailing-lists ? would help alot for
me.
</B> <P>
There are many Linux mailing lists -- and some of them
and some independent ones cover XFree86 (which is used by
Linux, FreeBSD and the rest of the free BSD derivatives
(NetBSD and OpenBSD).
<P>
The three best web sites for information about
Linux seem to be:
<ul>
<li><a href="http://www.li.org/">http://www.li.org/</a>, Linux International
<li><a href="http://www.ch4549.org/lust/">http://www.ch4549.org/lust/</a>, L.U.S.T. (Linux User's Support Team)
<li><a href="http://www.ssc.com/linux/">http://www.ssc.com/linux/</a>, SSC Inc.
</ul>
<P>
I don't know much about X Windows and the XFree86 project
but I think they maintain a web site -- probably at
www.xfree86.org.
<P>
It's an often overlooked fact that there are competitors
to Linux in the field of freely available Unix for PC's.
You can look at
<a href="http://www.freebsd.org/">
www.freebsd.org</a>,
<a href="http://www.netbsd.org/">
www.netbsd.org</a> and
<a href="http://www.openbsd.org/">
www.openbsd.org</a>
for some of those.
<P> <B>
Thanks for your time :) <BR>
Chris Lee, Computer Science <BR>
P.S. Damn you Linux people are great, so much out there, so many people
helping you, nothing like this for DOS/Windows
</B> <P>
DOS heralded the "sharing" of software (shareware)
while Linux and the GNU project has promoted a *giving*
of software -- and support.
<P>
I think one is largely and extension of the other.
<P>
Personally some of the best news I've heard for die hard
PC users in the last year is the announcement that
Caldera purchased DR-DOS and intends to release the sources
as soon as the clean up the code enough to compile cleanly
in a sane production environment. Look at
<a href="http://www.caldera.com">www.caldera.com</a>
for details about that.
<P>
OpenDOS will be one of the final pieces in the puzzle of
how we (PC users, IS managers, and others) can truly
protect the investment we've made in our legacy software.
(Currently, with dosemu -- the BIOS emulator, you have to
install a copy of DOS unto your system in addition to installing
and configuring the Linux interface to your DOS programs
-- which is want dosemu provides).
<P>
-- Jim
<!--================================================================-->
<P> <hr> <P>
<center><H4>Previous "Answer Guy" Columns</H4></center>
<P>
<A HREF="../issue13/answer.html">Answer Guy #1, January 1997</A><BR>
<P><HR><P>
<center><H5>Copyright &copy; 1997, James T. Dennis <BR>
Published in Issue 14 of the Linux Gazette</H5></center>
<P> <hr> <P>
<!--================================================================-->
<A HREF="./index.html"><IMG SRC="../gx/indexnew.gif" ALT="[ TABLE OF
CONTENTS ]"></A> <A HREF="../index.html"><IMG SRC="../gx/homenew.gif"
ALT="[ FRONT PAGE ]"></A>
<A HREF="lg_bytes14.html"><IMG SRC="../gx/back2.gif" ALT=" Back "></A>
<A HREF="./clueless.html"><IMG SRC="../gx/fwd.gif" ALT=" Next "></A>
</td></tr></table>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink