There *is* something worse than that.
A MCSE thinking that they can administer a *nix system because they can setup a NT machine with IIS. These insist on running telnet, X and a shitload of other stuff that shouldn't exist on a production machine exposed to the Internet.
Oh, and they won't use the copmmand line, not know shell scripting and will not work as any user other than root (and demand the root password).
At least the programmer can be expected yto learn to admin (and every good programmer becomes a sysadmin, maybe not a very good one, but still good enough to let him/her admin his/her own machine).
I suggest going through the registry. there are some extensions with NeverShow next to them. Removew that, since show all extensions still ignores these extensions.
India and Pakistan haven't been in a conventional war since 1965. If you wish, the 1971 liberation of Bangladesh *may* be considered to be conventional war, but definitely not after that.
Pakistan is attempting to bleed India to death by sponsoring terrorism in Kashmir. they have been trying this from ~1989.
Three or four rooms? Thats not much;)
I have the choice of staying in my house, or getting new books.
Oh well, guess I need a bigger house(Yes, one room in my house is dedicated to books, and I'm getting a new cabinet built in another one for more ones currently no housable in the current single room).
No, the entire genome is the OS. The genes are userland programs, while the rest is kernel code, and no-ops.
Currently we are hacking at the Userland programs, then we will become kernel hackers;).
Hehe, You know the algorithm. The entire strength of my password lies in the private keys.
good luck getting those, because I don't even remember them. Those goddamn uptimes.
Re:qmail vs postfix vs sendmail vs ms
on
Postfix
·
· Score: 1
For sendmail, the program that deals with the user is the same as that hands off to the any other external program and the same that delivers to user mailboxes.
For postfix and qmail, these are separate programs which don't trust their input.
The Postfix delivery agent does not deal with the external world except through the smtpd process.
This modularization makes for a greater extent of security than for sendmail, where the interactions are possibly more complex.
Re:Does Postfix support Maildir like Exim or Qmail
on
Postfix
·
· Score: 3
They aren't the default, but all you have to do to enable them is to add a / at the end of your spool directory.
/var/mail -- mbox format.
/var/mail/ -- Maildir
Re:qmail vs postfix vs sendmail vs ms
on
Postfix
·
· Score: 2
It depends on what you need.
Essentially:
Sendmail: A single bulk monolithic program that runs as root, has a history of cruft and security holes. Has a very complex config file, which you can easily mess up and turn to an open relay.
Earlier versions used to have relaying turned on, the newer versions are far more secure.
Qmail: A very paranoid MTA. Designed to be secure.
Very much in line with the authors preferences. Mainly delivers to maildir formats, will send single recipient mails. Wastes bandwidth, and since that is expensive, I don't use it.
Postfix: As paranoid as Qmail, unde active development, and doesn't waste all that bandwidth.
MS: I have no idea.
[OT]Re:Some errors in the book
on
Postfix
·
· Score: 1
I don't know about you, but I have been doing this for the past three years, and the people just need to learn to RTFM. I'm close to burnout, I need a vacation, and I have two NT machines to secure properly, where smb *must* be available. I have been trying to get the local MCSE to learn to use Linux, and they will not learn unless I read out each line of the manual, grep through the two relevant man pages for what they need, and then have them abuse me for taking so long to show them exactly what to do.
They want to install X and VNC to admin a Linux machine, want telnet and will not use ssh. I have tried not to be a BOFH, but now I am going to be one.
Yes, I need a life, and I am going to get it.
Your sarcasm is deserved in the comment, and I am sorry for the whining, but I really can't help it right now.
I have had a bad week, fixing those NT boxen, and I really mind the customer support division tossing customers to me when I am trying to fix problems.
and to the AC who flamed me for not posting a link, I copied from my mailbox, something whichI will not provide a link to.
Re:Some errors in the book
on
Postfix
·
· Score: 1
It wasn't the entirety, just the relevant portion./. removed about half that post also.
There have been a few reviews on the Postfix mailing list of the book. The overall recommendation is: The book is not as good as the mailing list, but better than the docs. It doesn't maintain consistency throughout, and has a few typos.
Search the mailing list archives for details.
(Yes, I know I should be posting links, but I have now decided to get people to RTFM and learn to search. I am tired of spoon feeding lusers, and need a break).
Quoting Ralf Hildebrandt:
Today "The" book arrived. I flew over the first 11 chapters and found
the following errors/omissions:
b) p 48: What is the "spawn" program?
c) p 32, table 2.2: mail is NOT a queue. It's the mailspool, or a mbox
file, but not a queue.
d) p 31, listing 2.3: column chroot() shows "never" instead of the
default "yes" that I know.
Quoting Jeffrey Taylor:
It is more tutorial than reference. However, it repeats running
postmap everytime a new map is introduced and telnet sessions for most
forms of sender/relay/spam restrictions. THis makes in a reference
where you may not have read the previous examples. It gets tedious in
a tutorial that is read cover to cover.
IMHO: It is worthwhile, I'm not unhappy I bought the book. It feels
padded (see above). It is beginner thru intermediate, not much
advanced or tricky. I found it more useful than the docs and less
useful (and less over my head) than this e-mail list. I have a small
system, 200-300 messages per day and the chapters on MySQL and LDAP
only served to convince me I don't need them.
e) p 29, figure 2.2 is wrong: Lookup tables interact with the "utility
programs" (e.g. postmap, postalias!)
f) p 97 lists non-RFC conformal command syntax ("RCPT TO:haley"
instead of the correct "RCPT TO: ")
g) p 97ff list lots of bizarre SMTP commands, but the text never
actually tells the read if Postfix implements those. Lots of
bla-bla.
h) p 108 says for "The AUTH command": "The administrator must maintain a
separate username and password database that allows authentication of
remote SMTP clients."
This is not true, it can use any PAM authentication method!
i) p 171 The text for relay_host fails to mention that [] prevents a
MX Lookup of the address/hostname in the brackets!
j) p 174, table 8.1: append_at_myorigin appends (obviously) $myorigin,
not $mydomain
k) p 204, table 9.6 fails to list an all numeric LHS being equivalent
to "OK"
l) p 214 table 9.8 "virtual domain record types" fails to list the
form "@domain @otherdomain"
Jeez, I know when a statement is tongue in cheek..
If you notice the original article, the submitter was saying RFCs are too hard to read.
This was a neat opportunity to point out that RFCs should be mandatory reading, for techies, at least.
(And also to prevent any bright kid out of law school from taking the idea seriously).
And the +2 was because I have earned it, and on merit. I haven't karma whored yet.
No, AFAIK, ipf is out of current, but stioll in 2.9. (I think I read this on Bugtraq, but since I cleaned up my mailbox just about 30 minutes back, I can't do a local grep.). Sorry about that.
With provider assigned space in the network address, how does any organisation do multi-homing?
Or do they change addresses each time a link goes down?
Or will we have a similar situation as of today, where we lease provider space from APNIC/ARIN/RIPE?
And for smaller organizations which do not have that large requirements?
Probe for a rpc.statd attack.
Redhat Linux 6.x boxen have protmap runing by default, and rpc.statd has a hole in the defult install. Exploited by Lion, and adore (IIRC).
Slashdot Mirror
There *is* something worse than that.
A MCSE thinking that they can administer a *nix system because they can setup a NT machine with IIS. These insist on running telnet, X and a shitload of other stuff that shouldn't exist on a production machine exposed to the Internet.
Oh, and they won't use the copmmand line, not know shell scripting and will not work as any user other than root (and demand the root password).
At least the programmer can be expected yto learn to admin (and every good programmer becomes a sysadmin, maybe not a very good one, but still good enough to let him/her admin his/her own machine).
The AC wrote:
I realise this is probably sad, but I don't get the reference. Someone care to clue me in?
It refers to the SirCam virus.
This one comes with a body beginning with:
Hi! How are you?
I send you this file to have your advice.
............
I suggest going through the registry. there are some extensions with NeverShow next to them. Removew that, since show all extensions still ignores these extensions.
First
/etc/shadow?
/chroot/user/tmp
$strings suspicious.exe|more
/etc/shadow
Why does this need to access
$cp suspicious.exe
$su - chroot_user
chroot_user@host]$ gdb suspicious.exe
gdb>
India and Pakistan haven't been in a conventional war since 1965. If you wish, the 1971 liberation of Bangladesh *may* be considered to be conventional war, but definitely not after that.
Pakistan is attempting to bleed India to death by sponsoring terrorism in Kashmir. they have been trying this from ~1989.
I think he means rogue
3001: The last Odessey
Definitely not "The God Themselves".
Against Stupidity, the gods themselves content in vain.
Three or four rooms? Thats not much ;)
I have the choice of staying in my house, or getting new books.
Oh well, guess I need a bigger house(Yes, one room in my house is dedicated to books, and I'm getting a new cabinet built in another one for more ones currently no housable in the current single room).
No, the entire genome is the OS. The genes are userland programs, while the rest is kernel code, and no-ops. ;).
Currently we are hacking at the Userland programs, then we will become kernel hackers
You are referring to SuSE. Sorry, no URLs, but I guess googling might help.
Search here
Hehe, You know the algorithm. The entire strength of my password lies in the private keys.
good luck getting those, because I don't even remember them. Those goddamn uptimes.
For sendmail, the program that deals with the user is the same as that hands off to the any other external program and the same that delivers to user mailboxes.
For postfix and qmail, these are separate programs which don't trust their input.
The Postfix delivery agent does not deal with the external world except through the smtpd process.
This modularization makes for a greater extent of security than for sendmail, where the interactions are possibly more complex.
They aren't the default, but all you have to do to enable them is to add a / at the end of your spool directory.
/var/mail -- mbox format.
/var/mail/ -- Maildir
It depends on what you need.
Essentially:
Sendmail: A single bulk monolithic program that runs as root, has a history of cruft and security holes. Has a very complex config file, which you can easily mess up and turn to an open relay.
Earlier versions used to have relaying turned on, the newer versions are far more secure.
Qmail: A very paranoid MTA. Designed to be secure.
Very much in line with the authors preferences. Mainly delivers to maildir formats, will send single recipient mails. Wastes bandwidth, and since that is expensive, I don't use it.
Postfix: As paranoid as Qmail, unde active development, and doesn't waste all that bandwidth.
MS: I have no idea.
I don't know about you, but I have been doing this for the past three years, and the people just need to learn to RTFM. I'm close to burnout, I need a vacation, and I have two NT machines to secure properly, where smb *must* be available. I have been trying to get the local MCSE to learn to use Linux, and they will not learn unless I read out each line of the manual, grep through the two relevant man pages for what they need, and then have them abuse me for taking so long to show them exactly what to do.
They want to install X and VNC to admin a Linux machine, want telnet and will not use ssh. I have tried not to be a BOFH, but now I am going to be one.
Yes, I need a life, and I am going to get it.
Your sarcasm is deserved in the comment, and I am sorry for the whining, but I really can't help it right now.
I have had a bad week, fixing those NT boxen, and I really mind the customer support division tossing customers to me when I am trying to fix problems.
and to the AC who flamed me for not posting a link, I copied from my mailbox, something whichI will not provide a link to.
It wasn't the entirety, just the relevant portion. /. removed about half that post also.
There have been a few reviews on the Postfix mailing list of the book. The overall recommendation is: The book is not as good as the mailing list, but better than the docs. It doesn't maintain consistency throughout, and has a few typos.
Search the mailing list archives for details.
(Yes, I know I should be posting links, but I have now decided to get people to RTFM and learn to search. I am tired of spoon feeding lusers, and need a break).
Quoting Ralf Hildebrandt:
Today "The" book arrived. I flew over the first 11 chapters and found
the following errors/omissions:
b) p 48: What is the "spawn" program?
c) p 32, table 2.2: mail is NOT a queue. It's the mailspool, or a mbox
file, but not a queue.
d) p 31, listing 2.3: column chroot() shows "never" instead of the
default "yes" that I know.
Quoting Jeffrey Taylor:
It is more tutorial than reference. However, it repeats running
postmap everytime a new map is introduced and telnet sessions for most
forms of sender/relay/spam restrictions. THis makes in a reference
where you may not have read the previous examples. It gets tedious in
a tutorial that is read cover to cover.
IMHO: It is worthwhile, I'm not unhappy I bought the book. It feels
padded (see above). It is beginner thru intermediate, not much
advanced or tricky. I found it more useful than the docs and less
useful (and less over my head) than this e-mail list. I have a small
system, 200-300 messages per day and the chapters on MySQL and LDAP
only served to convince me I don't need them.
e) p 29, figure 2.2 is wrong: Lookup tables interact with the "utility
programs" (e.g. postmap, postalias!)
f) p 97 lists non-RFC conformal command syntax ("RCPT TO:haley"
instead of the correct "RCPT TO: ")
g) p 97ff list lots of bizarre SMTP commands, but the text never
actually tells the read if Postfix implements those. Lots of
bla-bla.
h) p 108 says for "The AUTH command": "The administrator must maintain a
separate username and password database that allows authentication of
remote SMTP clients."
This is not true, it can use any PAM authentication method!
i) p 171 The text for relay_host fails to mention that [] prevents a
MX Lookup of the address/hostname in the brackets!
j) p 174, table 8.1: append_at_myorigin appends (obviously) $myorigin,
not $mydomain
k) p 204, table 9.6 fails to list an all numeric LHS being equivalent
to "OK"
l) p 214 table 9.8 "virtual domain record types" fails to list the
form "@domain @otherdomain"
Also, thats a user prompt.
chown can be used only by root.
#chown -R us:us yourbase is correct
Ummm, DNS runs on UDP. Everyone would cry out immediately if they cant get their p0rn spam.
Jeez, I know when a statement is tongue in cheek..
If you notice the original article, the submitter was saying RFCs are too hard to read.
This was a neat opportunity to point out that RFCs should be mandatory reading, for techies, at least.
(And also to prevent any bright kid out of law school from taking the idea seriously).
And the +2 was because I have earned it, and on merit. I haven't karma whored yet.
No, AFAIK, ipf is out of current, but stioll in 2.9. (I think I read this on Bugtraq, but since I cleaned up my mailbox just about 30 minutes back, I can't do a local grep.). Sorry about that.
Devdas Bhagat
Hmmm, since you mention patents, I'll just say:
DNS. Can you say prior art?
With provider assigned space in the network address, how does any organisation do multi-homing?
Or do they change addresses each time a link goes down?
Or will we have a similar situation as of today, where we lease provider space from APNIC/ARIN/RIPE?
And for smaller organizations which do not have that large requirements?
He was just referring to Netscape.
Probe for a rpc.statd attack.
Redhat Linux 6.x boxen have protmap runing by default, and rpc.statd has a hole in the defult install. Exploited by Lion, and adore (IIRC).