|
|
| Author |
Message |
| 25 new of 251 responses total. |
keesan
|
|
response 184 of 251:
| 
Feb 24 00:50 UTC 2003 |
I gave up dialing in but could telnet. Took a bit of a wait.
|
keesan
|
|
response 185 of 251:
|
Feb 24 01:30 UTC 2003 |
This time I waited a couple of minutes and could dial in.
|
russ
|
|
response 186 of 251:
|
Feb 24 02:28 UTC 2003 |
This response has been erased.
|
russ
|
|
response 187 of 251:
|
Feb 24 02:29 UTC 2003 |
It took over 2 minutes to get a login prompt. Again.
I've finally got the lowdown on the mail errors cited above:
> 250 grex.cyberspace.org Hello [209.142.229.137], pleased to meet you
> mail from: nobody@nowhere.net
> 250 nobody@nowhere.net... Sender ok
> rcpt to: russ@cyberspace.org
> 553 russ@cyberspace.org... One generation passeth away, and another
> generation c
> ometh: but the earth abideth for ever.
> data
> 503 Need RCPT (recipient)
> rcpt to: russ
> 553 russ... One generation passeth away, and another generation cometh: but
> the
> earth abideth for ever.
WTF does THAT mean?
|
other
|
|
response 188 of 251:
|
Feb 24 02:53 UTC 2003 |
You've somehow fallen afoul of mdw's bible-quoting trouble filter.
|
gull
|
|
response 189 of 251:
|
Feb 24 04:22 UTC 2003 |
I don't know which filter that is. I know replies I send to a mailing list
I'm on sometimes run afoul of the 'my skin is black upon me' filter if I
don't remove excess spaces from the subject line.
|
tsty
|
|
response 190 of 251:
|
Feb 24 07:49 UTC 2003 |
a bible filter is rather refreshing!
able to get through with cyberspace.org bt not with grex.org.
|
davel
|
|
response 191 of 251:
|
Feb 24 12:40 UTC 2003 |
The Bible quotes mean that Marcus's filtering thinks it's spam. You may be
able to get more specific info on what triggered this from him.
|
davel
|
|
response 192 of 251:
|
Feb 24 12:46 UTC 2003 |
... though (whatever it is) I doubt you'll have any luck getting him to change
it to let your mail through; it's probably keeping lots of real spam from
people.
Hmm. The headers you cite would suggest that there's a problem with the russ
account itself, not with other contents of the message. ("would suggest"
meaning "suggest to me", & I'm not particularly up on this stuff.)
|
russ
|
|
response 193 of 251:
|
Feb 24 22:33 UTC 2003 |
Re #192: My correspondent got that last error from a telnet session
to the smtp port; that may have triggered the spam-trap. However,
it wouldn't account for spurious mailbox-full indications (which may
actually be mail-filesystem full - I don't know).
|
mdw
|
|
response 194 of 251:
|
Feb 25 04:16 UTC 2003 |
"One generation passeth away"... indicates a failure to follow certain
basic parts of RFC 822. I wasn't patient enough to find Russ's
attempts, but I found a spammer using
ntsaga007231.saga.nt.adsl.ppp.infoweb.ne.jp and
adsl-65-71-169-27.dsl.tpkaks.swbell.net who ran afoul of this trying to
send spam to russ.
Most of the spam checks (including this one) don't care which grex
mailbox is named. There is one check for "generic" mailboxes -- ie,
outside machines supplying a RFC 823 To: field of "you@grex.org" and so
forth. Note even this check isn't looking at the forward path where the
mail will actually be sent, it's looking to see if spammers have used a
generic "somewhere at the realm in question" -- and this is no longer so
common since most people have caught on to this.
The "mailbox is full" message is separate logic (well, as separate as it
can be given it's one big monolithic program). It will be generated if
and only if your loginid is named in /var/adm/badmail . A better way to
check to see if your mailbox is full is to say
!umailck
In addition to seeing if you're on the list, this can actually take you
off the list if you were on it, but have managed to free up enough
mailbox space to receive more mail. If your mailbox is full when you
log in, login will spit out a message that includes information on how
to run umailck. There is also an automatic process that will remove you
from /var/adm/badmail if you free up space, but forget how to run
umailck .
|
scott
|
|
response 195 of 251:
|
Mar 2 20:13 UTC 2003 |
Grex was down for several hours - apparently a power blip last night tripped
up our UPS (plans to replace the batteries are in the works).
|
aruba
|
|
response 196 of 251:
|
Mar 2 21:23 UTC 2003 |
Do you mean the UPS failed to work, Scott?
|
keesan
|
|
response 197 of 251:
|
Mar 2 21:46 UTC 2003 |
Several of our clocks were blinking '4:45' this morning around 7:00.
|
scott
|
|
response 198 of 251:
|
Mar 2 22:09 UTC 2003 |
I don't know exactly what the UPS does, but the last few reboots have required
power-cycling the UPS because it was stuck in some kind of fault mode. There
was some kind of power blip last night; I heard both my UPSs go off but none
of my clocks were affected.
|
rksjr
|
|
response 199 of 251:
|
Mar 2 22:12 UTC 2003 |
Currently entering:
lynx, g http://www.cyberspace.org
yields:
Alert!: Unable to connect to remote host.
|
remmers
|
|
response 200 of 251:
|
Mar 2 22:17 UTC 2003 |
Can't connect to any remote host. The proxy server might not be
running. If I knew how to start it, I would.
|
keesan
|
|
response 201 of 251:
|
Mar 3 16:16 UTC 2003 |
RK, if you use Lynx frequently and want a backup for it, contact me.
This sort of proxy server problem has occurred before at grex.
|
rksjr
|
|
response 202 of 251:
|
Mar 3 22:35 UTC 2003 |
Re. #201: Thank you. I'll keep your offer in mind.
|
cross
|
|
response 203 of 251:
|
Mar 3 22:38 UTC 2003 |
This response has been erased.
|
scott
|
|
response 204 of 251:
|
Mar 4 03:02 UTC 2003 |
Seems like apply a patch would be somewhat easier.
|
cross
|
|
response 205 of 251:
|
Mar 4 04:32 UTC 2003 |
This response has been erased.
|
other
|
|
response 206 of 251:
|
Mar 4 07:41 UTC 2003 |
All versions since 5.79 are affected. What version are we running?
|
other
|
|
response 207 of 251:
|
Mar 4 07:46 UTC 2003 |
X-Force has demonstrated that this vulnerability is exploitable in
real-world conditions on production Sendmail installations. This
vulnerability is readily exploitable on x86 architecture systems, and may
be exploitable on others as well.
Protection mechanisms such as implementation of a non-executable
stack do not offer any protection from exploitation of this
vulnerability. Successful exploitation of this vulnerability does not
generate any log entries.
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
|
gull
|
|
response 208 of 251:
|
Mar 4 14:15 UTC 2003 |
Re #206: Unless they've set sendmail up to lie about its version in its
connection banner (a good idea, IMHO), you can find that out yourself
pretty easily.
|
