SysAdmin


Is now available for access. I obviously am not going to give out all the necessary details here …
Documentation for openvpn is HERE

I will provide documentation for the openvpn server within the next few days.
If anyone requires access before then or would like to test, we are setting up an openCA server for cert and key management, but I can manually create on for you in the mean time.

cheers.

There is a new qmail-ldap patch released today - 20060201
There are some minor bug fixes that do not really effect us and there are some feature enhancements. Below is short description from the change log:

    Rewritten forwarding code in auth_pop and auth_imap. The copyloop is now
    using stdin and stdout for communicating with the client. This should fix
    a problem with ssl encrypted sessions. Additionally write polling was
    implemented. This should give better reaction on slow links.

    ~control/goodmailaddr allows more ways to check if a address is allowed:
    foobar@qmail-ldap.org full match, user & domain
    @qmail-ldap.org match domain only (all users are allowed)
    abuse@ allow specific user for all domains
    foo-catchall@qmail-ldap.org allow addresses like foo-bar@qmail-ldap.org
    or foo-bar-baz@qmail-ldap.org
    will only work if compiled with DASH_EXT
    catchall@qmail-ldap.org same as @qmail-ldap.org

    Enhance qmail-verify to check against ~users/cdb and /etc/passwd if local-
    delivery is enabled (like qmail-lspawn does). This makes RCPTCHECK usefull
    in mixed user environments.

    Minor enhancements in qmail-verify error handling.

    Some cleanup in qmail-smtpd mostly log stuff.

    Set RELAYCLIENT everytime we allow relaying because of some reason (SMTP AUTH
    or relaymailfrom). Requested by many so that qmail-scanner can make additional
    decisions based on RELAYCLIENT.

    Just use malloc() instead of the code in alloc.c that code could be exploited
    on 64-Bit systems with a lot of RAM and no limits.

I will build and test the new patch on Ophelia so that we are in time for the change in 2 weeks.

The good people at SORBS Have listed one of our mail servers on their ‘Spam Black List’.
Having gone to the site and tried to find more information as to why we have been added, they supply no information whatsoever.
Here is their best effort explanation:

Putting an unpatched, unfirewalled Microsoft Windows® machine on the Internet is irresponsible in the highest degree, installing a proxy server and leaving it open for the world to use is both foolish and irresponsible, yet people are doing these things every day, and no one is telling them they can’t or that it is wrong.

Morons, I dont use windows… Also, define proxy server for the world to use…. What idiot wrote this?

Now I can understand the issue of home users having their machines compromised, resulting in spam mails. But ffs, is it now the responsibility of the ISPs to check the patch levels of their customers machines? No. And it never will be.

Ok, so now that the mind blowing, cutting edge research that SORBS has done, to determine that people who have their machines comprimised may or may not result in sending out large amounts of spam mails, what do they suggest is done about it? Sweet FA. Their solution is to pay them money. US$50. Or they will not remove your mail server.

At least the people at spamcop have the decency to tell you what can be done to try and reduce spam and what tests were taken place to come up with the listing in the first place.

I am starting to think that this borders on extortion. Every ISP in the world will have users either willingly or unwilling sending unsolicited emails. There are ways of dealing with the problem and I would hazard a guess and say that most ISPs are doing all they can within reason to eliminate this particular issue. To have some jumped up, self authorative, self proclaimed email police tell you something that you allready know and then want to charge you for the wonderful skill of being able to state the obvious, is a joke.

Personally if people are dumb enough to use a dns rbl filter such as this SORBS, then I have no sympathy for them. It just shows how inept they are as administrators and probably took no time or effort to understand what the hell they were doing.

Muppets.

Another Pissed off admin.
What a shock… another one

And finally….
Google Has all the answers…