Perl 6 - the future is here, just unevenly distributed

IRC log for #crimsonfu, 2015-07-20

crimsonfu - sysadmins who code

| Channels | #crimsonfu index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:47 ilbot3 joined #crimsonfu
01:47 Topic for #crimsonfu is now http://crimsonfu.github.com - ConfiguRatIon Management of Systems Or Network kung FU | logs at http://irclog.perlgeek.de/crimsonfu/today
12:02 arcanine joined #crimsonfu
12:03 arcanine does any one know of a good place to start when your email server has been blacklisted and accused of sending out spam?
12:06 prologic contact the maintainers of the backlists
12:06 prologic and explain the situation nicely
12:07 prologic and request the IP / IP-Range to be removed
12:07 prologic Then fix your system(s) (well beforehand :P)
12:09 pdurbin arcanine: yeah, as prologic indicated, make sure you're innocent first :)
12:10 arcanine well I've already submitted the IP address for removal and now the server is back in the list, so it seems like they're detecting something the problem is I don't even know where to begin looking to ensure the server isn't inject or being spammy
12:10 arcanine their language was "It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet."
12:11 arcanine the server is an ubuntu box running a couple of websites
12:14 arcanine hmm I'll try contacting them to see if they can be more specific
12:14 prologic run a spam test suite against your server
12:14 prologic there are many such tools online
12:14 prologic that's the first thing to do
12:15 prologic in general; don't allow inbound SMTP access
12:15 prologic except for local delivery to *known* mailboxes
12:15 skay joined #crimsonfu
12:15 prologic Ubuntu you say?
12:16 prologic Is it running postfix, exim or similar?
12:16 prologic it's highly likely it's an open relay (common mistake)
12:16 prologic or (unlikely) you *could* have been r00ted
12:16 prologic and you do indeed have some macilcious software on the box sending outbound mail
12:17 prologic any open unsecured accounts on the server you aware of? :)
12:17 prologic or suspecious of
12:23 hydrajump arcanine: http://www.dnsstuff.com/ has some good tools you can use. You can register for a free 30 day trial
12:24 mhayden happy monday, folks
12:27 arcanine erm I'll try and check prologic
12:28 arcanine hm /etc/passwd doesn't seem to have anything super unusual in it though I'm not really sure what I'm looking for, tbh I don't know what we use for outbound emails on this machine I'll try and figure it out
12:28 prologic happy to (for a fee?) login to your box and do some investigative work? :P
12:31 arcanine looks like postfix, that's ok, the boss is out at the moment we do have a friend who's a linux guy but I don't like to keep bothering him
12:31 arcanine thank you for the offer though
12:39 prologic well I can take a quick looksie if you like
12:40 prologic but yeah do a spam test against it
12:40 prologic http://mxtoolbox.com/diagnostic.aspx
13:16 hydrajump mhayden: happy monday to you too :P
13:16 hydrajump mhayden: why would one want to do this "current status:
13:16 hydrajump # rm /dev/urandom; dd if=/dev/zero of=/dev/urandom bs=1M count=1
13:17 mhayden WAT
13:17 hydrajump I assume it has something to do with security?
13:17 hydrajump mhayden: https://twitter.com/whitequark/status/621486489902403584
13:17 mhayden sounds like they want to generate random numbers debian style :P
13:18 mhayden color me confused
13:18 mhayden if they have an FPGA supplying random numbers, it should be coming out through /dev/hwrandom
13:18 mhayden https://www.kernel.org/doc/menuconfig/drivers-char-hw_random-Kconfig.html
13:20 hydrajump so nothing to see here really
13:26 mhayden yeah, i'm confused
14:40 dotplus_ joined #crimsonfu
14:40 dotplus_ joined #crimsonfu
21:42 marcoceppi joined #crimsonfu

| Channels | #crimsonfu index | Today | | Search | Google Search | Plain-Text | summary

crimsonfu - sysadmins who code