Ted Leung on the air
Ted Leung on the air: Open Source, Java, Python, and ...
Ted Leung on the air: Open Source, Java, Python, and ...
Sun, 01 Feb 2004
Mail hacking grumbles
The appearance of MyDoom this week has prompted me to install some additional security measures for our network at home.
[22:35] |
[computers/operating_systems/linux/debian] |
# |
TB |
F |
G |
2 Comments |
- Disallow connections to port 25 from inside the firewall This is long overdue since lots of e-mail worms like to install their own SMTP server. The only way you're going out via SMTP is via our SMTP server.
- Enable SMTP AUTH via SASL Only authorized users should be able to use our SMTP server. This turned out to be a major headache since postfix on Debian runs chrooted, and was having trouble talking to saslauthd's socket. I ultimately gave up on using saslauthd and hacked around it using the sasldb method of checking passwords. But even that took me way too long to figure out. It would be nice if the Debian maintainers for postfix or SASL would include some documentation on how to do SASL based SMTP auth inside the postfix chroot environment (using SASL2).
- Enable TLS support for postfix I've grabbed the postfix-tls deb and installed. Next I need to generate the certificates. The problem is that I already have certifications for Apache and UW-IMAP (although I'm probably going to junk that in favor of Dovecot). I also want the SMTP TLS to require a client certificate (yes, I'm paranoid). So I pretty much need to setup my own CA to issue client and server certificates. What I'm not clear about is whether I need a server cert for each service (www, imaps, smtp) that I plan to offer -- I only have a single IP address. There's also the small matter of which of the many different HOWTO's or documents to follow to generate the certificates properly. Last time I used the makecert.sh that comes with Debian's modssl.
sorry, but I just got this error loading this page :
ValueError Python 2.3.3: /usr/bin/python
Mon Feb 2 03:13:57 2004
A problem occurred in a Python script. Here is the sequence of function calls leading up to the error, in the order they occurred.
/home/twl/pyblog/pyblosxom/pyblosxom.cgi
41 p = PyBlosxom(req)
42 p.startup()
43 p.run()
44
45 # import profile
p = <Pyblosxom.pyblosxom.PyBlosxom instance>, p.run = <bound method PyBlosxom.run of <Pyblosxom.pyblosxom.PyBlosxom instance>>
/home/twl/pyblog/pyblosxom/Pyblosxom/pyblosxom.py in run(self=<Pyblosxom.pyblosxom.PyBlosxom instance>)
230 # giving everyone a chance to transform the data. the request is
231 # modified in place.
232 tools.run_callback("prepare", {"request": self._request})
233
234 # now we pass the entry_list through the renderer
global tools = <module 'Pyblosxom.tools' from '/home/twl/pyblog/pyblosxom/Pyblosxom/tools.py'>, tools.run_callback = <function run_callback>, self = <Pyblosxom.pyblosxom.PyBlosxom instance>, self._request = <Request instance>
/home/twl/pyblog/pyblosxom/Pyblosxom/tools.py in run_callback(chain=[<function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>], input={'request': <Request instance>}, mappingfunc=<function <lambda>>, donefunc=<function <lambda>>, defaultfunc=None)
354 for mem in chain:
355 # we call the function with the input dict it returns an output.
356 output = mem(input)
357
358 # we fun the output through our donefunc to see if we should stop
output = None, mem = <function cb_prepare>, input = {'request': <Request instance>}
/home/twl/pyblog/plugins/logstats.py in cb_prepare(args={'request': <Request instance>})
178 except IOError:
179 logger.info("closed due to IO error %s" % stats._referrers)
180 stats = PyblStats(config)
181
182 stats.addReferer(httpData.get('HTTP_REFERER', '-'))
stats undefined, global PyblStats = <class logstats.PyblStats>, config = {'JAVA_HOME': '/home/twl/bin/j2sdk1.4.1/bin/java', 'aggregator_length': 50, 'base_url': 'http://www.sauria.com/blog', 'blog_description': 'Ted Leung on the air: Open Source, Java, Python, and ...', 'blog_encoding': 'iso-8859-1', 'blog_language': 'en-us', 'blog_title': 'Ted Leung on the air', 'blogroll_image': '/blog/images/xml.gif', 'blogroll_opml': '/home/twl/pyblog/blosxom/myChannels.opml', 'blosxom_custom_flavours': ['comment-head', 'comment-story', 'comment', 'comment-form'], ...}
ValueError: insecure string pickle
args = ('insecure string pickle',)
hope this helps to get it fixed
Posted by rffrf at Mon Feb 2 03:15:31 2004
ValueError Python 2.3.3: /usr/bin/python
Mon Feb 2 03:13:57 2004
A problem occurred in a Python script. Here is the sequence of function calls leading up to the error, in the order they occurred.
/home/twl/pyblog/pyblosxom/pyblosxom.cgi
41 p = PyBlosxom(req)
42 p.startup()
43 p.run()
44
45 # import profile
p = <Pyblosxom.pyblosxom.PyBlosxom instance>, p.run = <bound method PyBlosxom.run of <Pyblosxom.pyblosxom.PyBlosxom instance>>
/home/twl/pyblog/pyblosxom/Pyblosxom/pyblosxom.py in run(self=<Pyblosxom.pyblosxom.PyBlosxom instance>)
230 # giving everyone a chance to transform the data. the request is
231 # modified in place.
232 tools.run_callback("prepare", {"request": self._request})
233
234 # now we pass the entry_list through the renderer
global tools = <module 'Pyblosxom.tools' from '/home/twl/pyblog/pyblosxom/Pyblosxom/tools.py'>, tools.run_callback = <function run_callback>, self = <Pyblosxom.pyblosxom.PyBlosxom instance>, self._request = <Request instance>
/home/twl/pyblog/pyblosxom/Pyblosxom/tools.py in run_callback(chain=[<function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>, <function cb_prepare>], input={'request': <Request instance>}, mappingfunc=<function <lambda>>, donefunc=<function <lambda>>, defaultfunc=None)
354 for mem in chain:
355 # we call the function with the input dict it returns an output.
356 output = mem(input)
357
358 # we fun the output through our donefunc to see if we should stop
output = None, mem = <function cb_prepare>, input = {'request': <Request instance>}
/home/twl/pyblog/plugins/logstats.py in cb_prepare(args={'request': <Request instance>})
178 except IOError:
179 logger.info("closed due to IO error %s" % stats._referrers)
180 stats = PyblStats(config)
181
182 stats.addReferer(httpData.get('HTTP_REFERER', '-'))
stats undefined, global PyblStats = <class logstats.PyblStats>, config = {'JAVA_HOME': '/home/twl/bin/j2sdk1.4.1/bin/java', 'aggregator_length': 50, 'base_url': 'http://www.sauria.com/blog', 'blog_description': 'Ted Leung on the air: Open Source, Java, Python, and ...', 'blog_encoding': 'iso-8859-1', 'blog_language': 'en-us', 'blog_title': 'Ted Leung on the air', 'blogroll_image': '/blog/images/xml.gif', 'blogroll_opml': '/home/twl/pyblog/blosxom/myChannels.opml', 'blosxom_custom_flavours': ['comment-head', 'comment-story', 'comment', 'comment-form'], ...}
ValueError: insecure string pickle
args = ('insecure string pickle',)
hope this helps to get it fixed
Posted by rffrf at Mon Feb 2 03:15:31 2004
This HOWTO secure your network at home from MyDoom by Ted Leung is only for true hackers and geeks! Not for the technically challenged. Non techies are better off using Geekmail in combination with a non Outlook email client.
QUOTE
The appearance of MyDoom this week has prompted me to install some additional security measures for our network at home.
- Disallow connections to port 25 from inside the firewall
This is long overdue since lots of e-mail worms like to install their own SMTP server. The only way you're going out via SMTP is via our SMTP server.
- Enable SMTP AUTH via SASL
Only authorized users should be able to use our SMTP server. This turned out to be a major headache since postfix on Debian runs chrooted, and was having trouble talking to saslauthd's socket. I ultimately gave up on using saslauthd and hacked around it using the sasldb ...
Posted by Trackback from geekmail at Wed Feb 4 13:39:23 2004
You can subscribe to an RSS feed of the comments for this blog:
Add a comment here:
You can use some HTML tags in the comment text:
To insert a URI, just type it -- no need to write an anchor tag.
Allowable html tags are:
You can also use some Wiki style:
URI => [uri title]
<em> => _emphasized text_
<b> => *bold text*
Ordered list => consecutive lines starting spaces and an asterisk
Add a comment here:
You can use some HTML tags in the comment text:To insert a URI, just type it -- no need to write an anchor tag.
Allowable html tags are:
<a href>, <em>, <i>, <b>, <blockquote>, <br/>, <p>, <code>, <pre>, <cite>, <sub> and <sup>.You can also use some Wiki style:
URI => [uri title]
<em> => _emphasized text_
<b> => *bold text*
Ordered list => consecutive lines starting spaces and an asterisk
![[Valid RSS]](http://www.sauria.com/blog/images/valid-rss.png "Validate my RSS feed"){kind=small}
