xxx Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ – Faith, Computing, Diary

Posts Tagged ‘xxx’

How to track (catch) mail server traffic abusers with tcpdump

Thursday, July 7th, 2011

If you're an administrator of a shared hosting server running mail server on localhost, you've definitely come across to issues with your mail server ip entering into public blacklists like spamhaus's CBL,XBL, PBL etc.

The usual procedure after one's ip gets listed in blacklists is to delist it manually following spamhaus or any other blacklist website's web interface, however often even after delisting yourself from blacklists you get back into them in a couple of hours, since your mail server continues to send a mass amounts of spam.

To track issues like as a system administrator I always use the good old network swiss army of knife tool tcpdump

tcpdump is really precious in tracking all kind of traffic oddities or mail server traffic.
To check if there are oddities with traffic flowing from a mail server on localhost after I login to a mail server with issues I use tcpdump command with following options:

tcpdump -nNxXi eth0 -s 0 proto TCP and port 25

The usual output of it should look something like:

root@hosting:/home/hipo/public_html:# tcpdump -nNxXi eth0 -s 0 proto TCP and port 25 tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 11:37:51.692685 IP xxx.xxx.xxx.xxx.smtp > 212.235.67.205.53745: P 2645817175:2645817203(28) ack 31168958 win 7632 0x0000: 4500 0044 92b4 4000 4006 9ae8 5511 9f4d E..D..@.@...U..M 0x0010: d4eb 43cd 0019 d1f1 9db3 f757 01db 99be ..C........W.... 0x0020: 5018 1dd0 0d4e 0000 3235 3020 4f4b 2069 P....N..250.OK.i 0x0030: 643d 3151 656c 3150 2d30 3033 7666 412d d=1Qel1P-003vfA- 0x0040: 4730 0d0a G0.. 11:37:52.175038 IP 212.235.67.205.53745 > xxx.xxx.xxx.xxx.smtp: . ack 28 win 65064 0x0000: 4500 0028 1bb4 4000 7706 db04 d4eb 43cd E..(..@.w.....C. 0x0010: 5511 9f4d d1f1 0019 01db 99be 9db3 f773 U..M...........s 0x0020: 5010 fe28 a1c8 0000 0000 0000 0000 P..(..........

In this example the xxx.xxx.xxx.xxx is the IP address of the hosting server (my mail server) and the other IP is the interaction of my mail server's smtp port 25 with tther machine 212.235.67.205.

If after issuing this command there are tons of repeating address IPs the mail server interacts with this is possible sign of spammers who sent traffic via the mail server.
Of course this is not always the case as sometimes, some clients use to send large newsletters or just some planned advertisements, however in most cases as I said it's a spammer.

To futher get the abuser I check Apache logs and the mail server logs. Also in many cases a spammer can be catched via observing the mail server logs (/var/log/maillog, /var/log/qmail/current or wherever the mail server logs it's interactions).

In the above tcpdump output you can even read some of the information flowing in between mail servers in a very raw form for example in above tcpdump output notice the 250.OK . This is obviously an interaction between the two mail servers where the server running on my hosting server with ip (xxx.xxx.xxx.xxx) sends to the remote mail server the command 250 OK

Hope this article is helpful to somebody 😉

Tags: ack, blacklists, cbl, command, course, delisting, eth, hipo, host, hosting server, How to, interaction, Knife, knife tool, localhost, log, login, logs, look, machine, mail server, mail servers, mass, mass amounts, n 250, oddities, PBL, proto, Qel, root, server ip, server traffic, size, smtp, something, spamhaus, spammer, swiss army, system administrator, tcpdump, tool, tther, verbose, vv, web interface, xxx
Posted in Linux, Monitoring, Networking, Qmail, System Administration | 3 Comments »

How to solve “[crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /var/lib/ejabberd/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://jabber.mydomain.com/” – Error Cause and Solution

Thursday, January 5th, 2012

While configuring JWchat domain, I've come across around an error:

pcfg_openfile: unable to check htaccess file, ensure it is readable

The exact error I got in /var/log/apache2/error.log looked like so:

[crit] [client xxx.xxx.xxx.xxx] (13)Permission denied: /var/lib/ejabberd/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://jabber.mydomain.com/

The error message suggested /var/lib/ejabberd/.htaccess – is missing or not readable, however after checking i've seen .htaccess existed as well as was readable:

debian:~# ls -al /var/lib/ejabberd/.htaccess -rw-r--r-- 1 www-data www-data 114 2012-01-05 07:44 /var/lib/ejabberd/.htaccess

At first glimpse it seems like the message is misleading and not true, however when I switched to www-data user (the user with which Apache runs on Debian), I've figured out the error meaning of unreadability is exactly correct:

www-data@debian:$ ls -al /var/lib/ejabberd/.htaccess ls: cannot access /var/lib/ejabberd/.htaccess: Permission denied

This permission denied was quite strange, especially when considering the .htaccess is readable for all users:

debian:~# ls -al /var/lib/ejabberd/.htaccess -rw-r--r-- 1 www-data www-data 114 2012-01-05 07:44 /var/lib/ejabberd/.htaccess

After a thorough look on what might go wrong, thanksfully I've figured it out. The all issues were caused by wrong permissions of /var/lib/ejabberd/.htaccess .You can see below the executable flag for all users (including apache's www-data) is missing :

debian:/var/lib# ls -ld /var/lib/ejabberd/drw-r--r-- 3 ejabberd ejabberd 4096 2012-01-05 07:45 /var/lib/ejabberd/

Solving the error, hence is as easy as adding +x flag to /var/lib/ejabberd :

debian:/var/lib# chmod +x /var/lib/ejabberd

Another way to fix the error is to chmod to 755 to the directory which holds .htaccess:

From now onwards pcfg_openfile: unable to check htaccess file, ensure it is readable err is no more 😉

Tags: apache, Auto, Cannot, cause and solution, client, domain, Draft, drw, ejabberd, ERROR, error message, exact error, first glimpse, glimpse, htaccessAfter, jwchat, ld, lib, log, look, message, pcfg, Permission, readableThe, solution, unreadability, var, way, www data, xxx
Posted in Linux, System Administration, Various, Web and CMS | No Comments »

Fix 503 AUTH first (#5.5.1) mail receive errors in Qmail

Friday, September 2nd, 2011

I have one qmail rocks install based on Thibbs Qmalrocks tutorial

I had to do some changes, to:
/etc/service/qmail-smtpd/run and /etc/service/qmail-smtpdssl/run init scripts.

After a qmail restart suddenly qmail stopped receiving any mail messages and my sent messages was returned with an error:

Connected to xx.xxx.xx.xx but sender was rejected. Remote host said: 503 AUTH first (#5.5.1)

After investigating the issue I finally found, that one value I’ve changed in /etc/service/qmail-smtpd/run and /etc/service/qmail-smtpdssl was causing the whole mess:

The problematic variable was:

REQUIRE_AUTH=1

To solve the issue I had to disable the value which it seems, I have enabled by mistake.

Below is a quote from http://qmail.jms1.net which explains what REQUIRE_AUTH shell variable does:

Setting REQUIRE_AUTH=1 will make the service not accept ANY mail unless the client has sent a valid AUTH command. This also prevents incoming mail from being accepted for your own domains, so do not use this setting if the service is accepting “normal” mail from the outside world.
Restarting via qmailctl restart and qmail started receiving messages normal 😉

Tags: ANY, Below, client, command, Connected, host, incoming mail, issue, mail, mail messages, mess, mistake, Qmail, qmailctl, quot, quote, receiving messages, Remote, REQUIRE, rocks, run, scripts, sender, Shell, shell variable, Thibbs, value, xxx
Posted in Linux, Qmail, System Administration, Various | 3 Comments »

Search for:
Contact Me
Daily Bible quote

And Isaac went out to meditate in the field at the eventide: and
he lifted up his eyes, and saw, and, behold, the camels were coming.
-- Genesis 24:63
GET ARTICLE UPDATES

Enter your email address:
Useful blog? Help it:
Links to Other Places
- My ShellScripts
- Pc Freak Solutions – Web hosting, Dedicated Servers Offshore, VPS hosting, Website Creation and SEO
- Cheap Remote System Administration
- Play Cool FreeBSD ASCII games
- Pc-Freak Security
- My Personal Twitter like Buddypress on Theology and Politics
- Българска Православна Библия
- Пророчествата на нашите Православни Светии
- Древни Църковно Славянски Книги
- Всичко за Всеки – Блог
- The Largest Holy Orthodox Christian Icons Collection on the Internet
- Pc-Freak Homepage
- Electronic Frontier Foundation – Defending your rights in the digital world
- gnu.org
- exploit-db.com
- Linux Weekly News
- Online Computer Museum
Recent Posts
- Improve haproxy logging with custom log-format for better readiability
- How to RIP audio CD and convert to MP3 format on Linux
- Dormition of Saint Methodius excerpt from the Biography letter on Saint Methodius from Saint Clement of Ohrid
- Second Sunday of Great Lent Saint Gregory Palamas – Hesychasm as a mean of Theosis (Union of of God and Man through Deification) and the Orthodox Christian Teaching of God’s Energies
- A Biography of one big Heart + His Holiness Patriarch Neophyte (Neofit) head of Bulgarian Orthodox Church
- DNS Monitoring: Check and Alert if DNS nameserver resolver of Linux machine is not properly resolving shell script. Monitor if /etc/resolv.conf DNS runs Okay
- How to count number of ESTABLISHED state TCP connections to a Windows server
- Big Church Scandal in the Bulgarian Orthodox Church the developments on how the Church basic law Establishment document is illegally broken and hope and action for truth to be restored
Ads
Categories
- AIX (5)
- Anti-Malware Tools (3)
- Apache (1)
- Arcade Games (2)
- Backups (3)
- Bash Scripting (8)
- Bluetooth (5)
- Business Management (60)
- CentOS (8)
- Christianity (277)
- Cloud services (9)
- Clusters (2)
- Company onboarding basics (5)
- Computer Security (120)
- Conspiracy theories (11)
- Curious Facts (191)
- Cygwin (1)
- Debian (5)
- dhcpd (1)
- DNS (1)
- Docker (1)
- Economy (7)
- Educational (59)
- Email clients (3)
- Entertainment (166)
- Everyday Life (694)
- Exim (5)
- File Convert Tools (10)
- Firefox (7)
- Firewall (1)
- Flash Player (2)
- Free Software Graphical Environments (3)
- Free Software Social Networks (1)
- FreeBSD (123)
- Freedom Endangered (3)
- Games (2)
- Games Linux (38)
- Gnome (22)
- Hacks (11)
- Haproxy (12)
- Hardware (1)
- History (1)
- IBM AIX UNIX (3)
- IIS (6)
- Internet Explorer (2)
- IRC (1)
- Java (9)
- Joomla (25)
- Keepalived (1)
- LDAP (1)
- Linux (759)
- Linux and FreeBSD Desktop (358)
- Linux Audio & Video (88)
- Linux Backup tools (11)
- Linux on Laptops (11)
- Linux Package Management (9)
- Mac OS X (21)
- Marketing (1)
- Migration (3)
- Mobile Phone Apps & Games (39)
- Monitoring (35)
- Movie Reviews (55)
- MySQL (51)
- Networking (34)
- News (14)
- NFS (1)
- Nginx (9)
- OS Update (2)
- Outlook (5)
- Performance Tuning (13)
- PHP (8)
- Politics (2)
- PosgreSQL (2)
- Postfix (12)
- Postgresql (1)
- Programming (48)
- Psychology (9)
- Qmail (43)
- Rant (11)
- Remote System Administration (37)
- Samba (1)
- Security (7)
- Self Healing (6)
- Sendmail (4)
- SEO (32)
- Skype on Linux (16)
- Storage (3)
- SuSE Linux (3)
- System Administration (963)
- System Optimization (5)
- Tomcat (4)
- Trainings and Exams (2)
- Travel (1)
- Uncategorized (10)
- Various (775)
- Video Streaming (2)
- vim editor (2)
- Virtual Machines (30)
- VNC (1)
- Web and CMS (271)
- Weblogic (1)
- Windows (188)
- Wine – Windows Emulation (3)
- Wordpress (52)
- Zabbix (19)
April 2024

M T W T F S S

1 2 3 4 5 6 7

8 9 10 11 12 13 14

15 16 17 18 19 20 21

22 23 24 25 26 27 28

29 30

« Mar
About Myself
Recent Comments
- devs Env on How to install GNOME 2 desktop environment on Xubuntu / Substitute Xubuntu’s XFCE desktop manager with GNOME
- admin on A Biography of one big Heart + His Holiness Patriarch Neophyte (Neofit) head of Bulgarian Orthodox Church
- admin on A Biography of one big Heart + His Holiness Patriarch Neophyte (Neofit) head of Bulgarian Orthodox Church
- admin on Christ is Risen Eastern Orthodox Resurrection Paschal Greeting in Different Languages
- stan on Christ is Risen Eastern Orthodox Resurrection Paschal Greeting in Different Languages
Tags
Auto check com command configure Debian Desktop download Draft end file freebsd Gnome gnu linux host How to information Install Linux linux? make nbsp necessery number package password place quot reason root script servers software something system text time tool type Ubuntu use var Windows work www
Top Post Views
- DOOM 1, DOOM 2, DOOM 3 game wad files for download / Playing Doom on Debian Linux via FreeDoom open source doom engine - 350,875 views
- IQ world rank by country and which are the smartest nations - 70,693 views
- Some of the most important Symbols for Orthodox Christians in The Eastern Orthodox Church – Symbols in the Eastern Orthodox Christian Faith (Eastern Orthodox Symbolism) and Christian Symbolism in the ... - 47,727 views
- Howto Remove (delist) your mail server IP from Hotmail, Live.com and MSN mail server blacklist - 44,225 views
- Resolving “nf_conntrack: table full, dropping packet.” flood message in dmesg Linux kernel log - 37,249 views
- How to change / reset lost or forgot TightVNC administrator password - 30,363 views
- How to connect to WiFi network using console or terminal on GNU / Linux - 24,113 views
- Installing the phpbb forum on Debian (Squeeze/Sid) Linux - 22,083 views
- Restoring sudden disappeared (deleted) Android Phone Contacts and Data on ZTE, Samsung, LG and Huawei mobile phones - 19,722 views
- How to download books from Books Google with Google Book Download stand alone program and Greasemonkey with Google Books Downloader script - 15,925 views
blogtopsites

best computers blogs

blog directory