Archive | November, 2004
November 29, 2004

SCO defaced

The SCO site has been quite subtly defaced. One of the images on the main page of the site has been replaced with the one below:
SCO defacement
The image that *should* have been there is below:
SCO post-defacement

Related Posts:

  • No Related Posts
November 19, 2004

Spam reporting for outlook

A handy little utility that integrates with Outlook 2003 (and older versions) is Spam Source
Install the plugin and setup your spamcop (or other) reporting addresses and off you go.

Related Posts:

  • No Related Posts
November 19, 2004

Common Windows Software alternatives

There was an interesting post to ILUG this morning with links to alternatives for a lot of common Windows applications. Ken Guest's list of applications is an excellent starting point. I'll definitely be adding that to the resources section when I get a chance.
There are still a couple of areas that it is hard for linux to compete, but things are definitely improving.
I only wish the AIB would make their online business banking compatible with other browsers and OS!

Related Posts:

  • No Related Posts
November 16, 2004

ICANN and domains ….

As of last Friday ICANN's rules on domain transfers have been changed quite dramatically. Whether this should be seen in a positive light or not is hard to say, however the potential for abuse is all too real.
Some of the registrars make it relatively easy to edit domains "en masse", so locking isn't an issue. Others don't seem to understand why updating several hundred domains manually is a painful exercise :cry:

Related Posts:

  • No Related Posts
November 13, 2004

DNS Blacklists – Setting up a local mirror


Introduction
I am currently mirroring a number of DNS blacklists, often referred to as RBLs, on our network in order to speed up mail processing. By keeping the queries local not only do we get a definite speed increase, faster processing and fewer timeouts but we also reduce our bandwidth usage.
In order to setup a local mirror (or caching server) you will need the following:

  • Rsync
  • Rsync access to a number of data sources
  • A DNS server - preferably BIND
  • RBLDNSD - a DNS daemon designed to serve DNSBLs (DNS blacklists). Although it is fast it uses quite a lot of memory depending on the size of the data set you are using, so make sure you run it on a machine with plenty of RAM

Rsync is available on all distros of linux but it might not be installed by default.
In order for this to work you will need to have been granted rsync access to one or more DNSBLs. Some of the DNSBLs have an "open" policy on rsync, so you can simply access it directly, however it is more common to have to ask explicitly for permission and supply the DNSBL maintainer(s) with your IP(s). In the case of SpamHaus you will need to pay a fee.
For the purposes of this document I will be looking at only one DNSBL - dsbl.org. , as they allow rsync access freely.
Setting up RBLDNSD
Grab a copy of the daemon from the site. Packages for a number of distros are available or you can install from source. The server I am using is running WhiteBox linux, so I was able to use one of the rpm packages:
wget http://www.corpit.ru/mjt/rbldnsd/rbldnsd-0.993.1-1.i386.rpm
rpm -ivh rbldnsd-0.993.1-1.i386.rpm

NB: The latest version of the packages are available here
We do not want to run the daemon as root, so we add a user for it.
adduser dnsbl
We'll need to get some data before we can start using it, so let's do that.
Setting up Rsync
DSBL provides quite clear instructions on setting up rsync with their data.
After choosing which data you want to use write a small script to "grab" the data as the user dnsbl:

su - dnsbl
vim dsblscript
#!/bin/sh
cd /home/dnsbl
rsync -tvPz rsync.dsbl.org::dsbl/rbldns-list.dsbl.org /home/dnsbl/data/

Don't forget to make the script executable:
chmod 500 dsblscript
you can test it by running it directly from the command prompt:
./dsblscript
If it is working correctly you should have some data in your "data" directory.
A DNSBL is only as good as its last update, so we'll setup a cronjob to automatically update our data:
10,40 * * * * /home/dnsbl/dsblscript
Every 30 minutes we will check to see if there are any changes. Doing it more frequently is neither required nor advisable.
Now that we have our data we need to do something with it, so let's finish setting up RBLDNSD.
For some odd reason the rpm version does not ship with a fully functional init script, so I had to put together my own based on a few documents I found online:
#!/bin/bash
#
# chkconfig: 2345 85 15
# description: rbldnsd is a DNS server designed for dnsbls.
# processname: rbldnsd
# pidfile: /var/run/rbldnsd.pid
# source function library
. /etc/init.d/functions
[ -e /etc/sysconfig/rbldnsd ] && . /etc/sysconfig/rbldnsd
RETVAL=0
start() {
echo -n $"Starting rbldnsd service: "
daemon /usr/sbin/rbldnsd $OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/rbldnsd
}
stop() {
echo -n $"Shutting down rbldnsd service: "
killproc rbldnsd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/rbldnsd
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/rbldnsd ]; then
stop
start
RETVAL=$?
fi
;;
status)
status rbldnsd
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $RETVAL

This will give you:

  • start
  • stop
  • restart
  • status
  • condrestart

which you can call as /etc/rc.d/init.d/rbldnsd $option
Before we can use it we need to tell it what data to use and where to publish it:
vim /etc/sysconfig/rbldnsd
OPTIONS="-u dnsbl -r /home/dnsbl/data -t 21600 -c 60
-p /var/run/rbldnsd.pid -b xxx.xxx.xxx.xx/53
list.dsbl.org:ip4set:rbldns-list.dsbl.org
multihop.dsbl.org:ip4set:rbldns-multihop.dsbl.org
unconfirmed.dsbl.org:ip4set:rbldns-unconfirmed.dsbl.org"

The option -u defines the user to run as, -r the data directory, -p the process ID and -b which IP and port to bind to. As I've set this to run on port 53 it could not be run on the same machine as our main nameserver.
Make sure you use the backslashes () at the end of lines as the syntax is vital.
You can now try to start your daemon:
/etc/rc.d/init.d/rbldnsd start
If you get any errors read them carefully and modify your config to fix them.
NB: It will not work if there is no data present.
Adding the Zone(s) to BIND
The last step is putting the new mirror live on your network. To do this you will create forwarding zone(s) in your BIND DNS server (it will work with other DNS servers, but I am not familiar with their configuration).
Open your named.conf in vim and go to the end of the file.
Add the following:

zone "list.dsbl.org" IN {
type forward;
forward first;
forwarders {
xxx.xxx.xxx.xx;
};
};

The example above is for the zone list.dsbl.org, so you can replace that with the zones you are using ie. create a separate entry for each one.
Replace the "xxx.xxx.xxx.xx" with the IP of the server running RBLDNSD.
Reload BIND:
rndc reload
If you want to see the queries against your DNS you can turn on logging in BIND or you could turn on logging in RBLDNSD's config.
NB: Do not leave logging on for more than a short period while verifying. The log files grow exponentially.
You should now have a working DNSBL mirror.
DISCLAIMER:
This configuration and setup works for me. Your mileage may vary.
DNS and BIND Cookbook

Related Posts:

  • No Related Posts
November 9, 2004

IRC Support

Vasiliy Boulytchev has setup a MailScanner IRC channel over on freenode:
#mailscanner
ipv4: irc.freenode.net
ipv6: irc.ipv6.freenode.net
I've also setup a "paste bin" if you need to share your config or other code with users.
If you need a good IRC client use Xchat

Related Posts:

  • No Related Posts
November 9, 2004

Firefox 1.0 released

Well if you haven't heard it already (where have you been hiding?) Firefox 1.0 has finally been released.
I've been using it on both Windows and Debian for the last few months and love it. Why?
Tabbed browsing is the main thing for me, but it's not the only one.
I made a few comments on it in the past when PR1 was released. I also ran into a few issues with getting its links to work in evolution
Needless to say quite a few people in the "techie" community have been talking about this today.
Tom should be providing a review later, while Slashdot et al have been raving all day (they might also have been ranting, but we'll ignore that)
So far I have found one minor "bug", which was not an issue in previous versions. For some odd reason FF cannot communicate properly over SSL with sites like amazon, so you have to do some messing with your settings!!
Under Tools>Options>Advanced>Validation >Enable OSCP
Enabling OSCP in Firefox 1.0 on windows xp pro
If you're having problems downloading from the main site you should have a look for a torrent source. There seem to be a few floating around...
If you want to design or develop for Firefox you should really learn to use standards compliant coding:
HTML for the World Wide Web with XHTML and CSS: Visual QuickStart Guide, Fifth Edition Designing with Web Standards

Related Posts:

  • No Related Posts
November 8, 2004

Silly Email Disclaimer

Some are silly ... Some are just very very long
Have a look at some of these

Related Posts:

  • No Related Posts
November 8, 2004

Skype

Niall has packaged Skype for Debian. It works perfectly!
More details on his site here

Related Posts:

  • No Related Posts
November 6, 2004

Marketing speak gone mad

Are you sick of hearing meaningless marketing speak?
I know I am.
While we were working on our new company site we had to come up with quite a lot of new content and replace a lot of the older content.
Looking over some of the information that was available online to describe our partners' services made me almost cry.
Why do people think that they can string together meaningless words to build coherent sentences?
If the words are meaningless grouping them won't help.
I suppose they are trying to numb people into buying their products, or maybe they feel obliged to use senseless babble instead of clear English.
A couple of links:
The Elements of Appalling Style - an inciteful glance at misuse of the English language in business
Web Economy Bullshit Generator - very funny, but also very realistic

Related Posts:

  • No Related Posts
css.php