Posts Tagged ‘ip check’

How to exclude sorbs.net for a particular IP address in Qmail Mail server install / Fix to Thunderbird mail sent error (Exploitable Server See: http://www.sorbs.net/lookup.shtml?xx.xx.xx.xx) error

Tuesday, November 1st, 2011

In the office, some of my colleagues has started receiving error messages, while trying to send mail with Thunderbird and Outlook Express
The exact error they handed to me reads like this:

An error occured while sending mail. The mail server responded: Exploitable Server See:
http://www.sorbs.net/lookup?xx.xx.xx.xx. Please check the message recipient

Here is also a screenshot, I’ve been sent via Skype with the error poping up on a Thunderbird installed on Windows host.

Typing the url http://www.sorbs.net/lookup?xx.xx.xx.xx lead me to sorbs.net to a page saying that the IP address of the mail client which is trying to send mail is blacklisted . This is not strange at all condireng that many of the office computers are running Windows and periodically get infected with Viruses and Spyware which does sent a number of Unsolicated Mail (SPAM).

The sorbs.net record for the IP seems to be an old one, since at the present time the office network was reported to be clear from malicious SMTP traffic.

The error sorbs.net disallowing the mail clients to send from the office continued for already 3 days, so something had to be done.

We asked the ISP to change the blacklisted IP address of xx.xx.xx.xx , to another one but they said it will take some time and they can’t do it in a good timely matter, hence to make mail sending work again with POP3 and IMAP protocols from the blacklisted IPs I had to set in the Qmail install to not check the xx.xx.xx.xx IP against mail blacklisting databases.

On qmail install disabling an IP check in RBLSMTPD is done through editting /etc/tcp.smtp and following recreate of /etc/tcp.smtp.cdb – red by qmailctl script start.
The exact line I put in the end of /etc/tcp.smtp to disable the RBLSMTPD check is:

xx.xx.xx.xx:allow,RBLSMTPD="",RELAYCLIENT="",QS_SPAMASSASSIN="0"

Further on to recreate /etc/tcp.smtp.cdb and reload the new cdb db records:

qmail:~# qmailctl cdb
qmail:~# qmailctl restart
...

Onwards, the sorbs.net IP blacklist issue was solved and all office computers from xx.xx.xx.xx succeeded in sending mails via SMTP.

How to disable or remove completely Adobe (Macromedia) Flash Cookies on Linux

Monday, April 11th, 2011

As I’ve mentioned in my previous post, one of the greatest “evils” which prevents a good internet anonymization whether you surf online is Adobe Flash Player

There are two approaches you might partake to disable the privacy issues which might be related to Adobe Flash cookies saving data about flash banners or websites which stores their cookies to your computer.

To find out if flash websites has already saved their nasty flash cookies on your Linux, issue the commands:

hipo@debian:~$ cd .macromedia
hipo@debian:/home/hipo/.macromedia$ find -iname '*.sol'
./Flash_Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com/settings.sol
./Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
./Flash_Player/macromedia.com/support/flashplayer/sys/#ip-check.info/settings.sol

The returned output of the above find command clearly reveals the shitty flash has stored already 3 flash cookies on my Linux, 3 cookies which later can be easily requested by other flash banners.
The 3 flash cookies are:
1. Saved by Adobe’s Flash Configuration Manager
2. Saved by the website ip-check.info
3. Saved by s.ytimg.com’s website

Now to deal with the situation and get rid of flash cookies, there are possibly two ways of approach that one can take:

1. One is to use some kind of script like the one clear_flash_cookies.tsch the other one is to completely disable flash cookies.
Using the clear_flash_cookies.tcsh does get rid of flash cookie problems just temporary as it might be set to be executed either once the browser is starting up, or directly via some kind of cron job entry like:

01 11,19 * * * /home/hipo/scripts/clear_flash_cookies.tcsh

eHowever clearing up (removing) the flash cookies, still doesn’t completely proihibit saving up of flash cookies and in the time intervals between the clear ups of the flash cookies, still some websites might save information related to their use on your Linux host and expose this information for other external flash websites to read and retrieve information about your previous websites visits.

Therefore it might be a better solution in terms of browser security to;

2. completely disable the use of adobe flash cookies on your Linux powered desktop.

Disabling adobe flash cookies is possible by either using the online flash Global Storage Settings (Flash Settings Manager) by navigating to the URL:

http://www.macromedia.com/support/documentation/
en/flashplayer/help/settings_manager03.html

Adobe Flash Player online settings manager unticked option

And by removing the tick which is present to the option:

Allow third party Flash content to store data on your computer

Or by linking the local directory ~/.macromedia -> /dev/null

hipo@debian:~$ mv .macromedia .macromedia-bak
hipo@debian:~$ ln -s /dev/null .macromedia
hipo@debian:~$ ls -ald .macromedia
lrwxrwxrwx 1 hipo hipo 9 2009-03-30 09:56 .macromedia -> /dev/null

That’s all, Farewell nasty Flash cookies!