When I turned off proteus.solarscale.de as my primary mailserver I gave
that functionality to uranus.centroid.eu. The difference was that proteus
was Linux and uranus is OpenBSD. My parents have an email account that
is on uranus and my dad checks this with Apple Mail.
Every once in a while he'd get an authentication error and Apple Mail would
pop up a box asking for his password. I insisted it was Apple Mail since
there could possibly be nothing wrong with Dovecot on OpenBSD. Eventually
it became very bad or I became to doubt my first insistance. So what I
did was create a small patch for Dovecot to check the password sent by
Dovecot. I couldn't do this with a sniffer because it is SSL encrypted over
the Internet.
The patch just logged the password and username being used in Dovecots chrooted
directory hierarchy in /var. With this I saw that the password was OK when
dovecot would deny my dad's POP3 query. And dovecot would log this message:
I then switched in dovecots .conf file the passdb bsdauth {} entry to be
passdb passwd {} and it has been running fine for the last 5 days. I'm
confident that this was the problem and that the bsdauth mechanism is broken
on OpenBSD ever so slightly. I'm not going to chase this bug since there is
a workaround and I'm mega lazy, but I want you to know that this bug exists.
This blog continues to forget on a monthly basis...
Dieser blog hoert gar nicht auf zu vergessen..
Wildcarddnsd with authpf May 2nd, 2009
Random Hackepedia May 1st, 2009
Solaris 10, configuring IPv6 April 30th, 2009
OpenBSD donation April 30th, 2009
Random Hackepedia April 23rd, 2009
Postfix Message Limit April 20th, 2009
Random Hackepedia April 18th, 2009
Mail with spam protection April 14th, 2009
RFC 2460 Reading change April 2nd, 2009
Happy Equinox! March 19th, 2009
I discontinued my vps proteus.solarscale.de a few months ago but I still had
it in possession until tomorrow. What I did was install other OS's on it to
test it. So I installed Debian 5.0 LAMP - 64 bit on it and left it like that
a few days. The apt-get system was broken due to bad checksums so I couldn't
update it. So what happened was that a hacker got in through the exim mail
service. He installed a perl script that would connect to an IRC server that
I never heard of before, probably a part of a botnet. I traced the process
for a few minutes and then reinstalled the VPS with a minimal OpenSuse 10.3
that I had in there before too. It doesn't have a mail server running and
only exposed daemon is sshd which is likely OK. Well so much for my
venturing, you see dangers everywhere. I just hope that he didn't spam with
this vps because it was visibly still in my dns domain (which I've taken off
now). Well this is the end for proteus. It was my trusted vps for 3+ years
and it's going now. Goodbye good machine.
Ich habe meinen VPS proteus.solarscale.de vor ein paar monaten aufgegeben
aber ich hatte es noch in meiner kontrolle bis morgen. Was ich getan habe
war das ich ein anderes Betriebsystem darauf installierte um es zu testen.
So habe ich Debian 5.0 LAMP - 64 bit darauf installiert und habe es so
gelassen ein paar tage. Ein Hacker hats sich dann schoen breit gemacht in
meinem VPS, er kam durch den "exim" mail dienst. Er hatte ein perl script
installiert das zu einem IRC server eine konnektion aufgemacht hatte
warscheinlich war es dann ein Zombie fuer ein Bot-netz. Ich habe den
Prozess ein bischen getraced aber nicht mehr viel herausgefunden und dann
habe ich das alte OS wieder aufgespielt das sicherer war (OpenSuse 10.3).
Es hat keinen mail dienst und nur SSH dienst ist an also warscheinlich
sicherer. So das waren meine erfahrungen, es ist gefahr ueberall. Ich
hoffe nur das er nicht mit meinem domain gespammt hat. So das war proteus
und proteus findet heute ein ende. Goodbye good machine!
I'm typing about nuclear power, I don't need it and my folks would agree.
We don't need it. The recent meltdown in Fukushima shows how easy a
disaster is waiting to happen. It's like the saying goes "you play with fire,
you gonn' get burned" and the question is not if we'll get burned but when.
Everybody line up, your turn is in the future, unless this madness ends!
I rede ueber Atomkraft. Ich brauch es nicht und meine Familie wuerde mir
zustimmen. Wir brauchen es nicht. Der Kernschmelz in Fukushima zeigt wie
einfach ein GAU passieren kann. Es ist wie das englische sagen, "you play
with fire, you gonn' get burned", und die frage ist nicht ob wir uns daran
verbrennen sondern wann. Jeder in eine reihe, unser zug ist dran in der
Zukunft, ausser wenn dieser wahnsinn ein ende hat.
A
plaintext injection attack has become known to exist in old versions of
postfix. OpenBSD's postfix in the ports was outdated at version 2.7.1.
What I did was I downloaded version 2.7.3 and stuck that into the
/usr/ports/distfiles/postfix/ directory. Then I went to work in
/usr/ports/mail/postfix/stable editing the Makefile first to say 2.7.3 and
not 2.7.1, then I built the new postfix with:
NO_CHECKSUM=Yes FLAVOR=SASL2 make
NO_CHECKSUM=Yes FLAVOR=SASL2 make package
So then I had the package. I stopped postfix on uranus and deleted it with
a cd /var/db/pkg && pkg_delete postfix-2.7.1-sasl2, then I installed the
package with pkg_add postfix-2.7.3-sasl2.tgz and started postfix with
/usr/local/sbin/postfix start. It worked and so far no complaints.
It's nice that the port allowed me to do this, had there been many patches
that conflict I wouldn't have been able to do this through the ports system.
Thanks to arno for coaxing me to do it instead of lazily waiting for a new
port.
Eine Luecke in postfix ist beseitigt worden. OpenBSD's
postfix von den ports war zu alt bei der version 2.7.1. Was ich getan habe
war das ich version 2.7.3 heruntergeladen habe und es in
/usr/ports/distfiles/postfix/ gesteckt habe. Dann habe ich angefangen den
port Makefile zu editieren in /usr/ports/mail/postfix/stable und es sagte
jetzt 2.7.3 und nicht 2.7.1. Dann habe ich denn port gebaut, so:
NO_CHECKSUM=Yes FLAVOR=SASL2 make
NO_CHECKSUM=Yes FLAVOR=SASL2 make package
Dann hatte ich das packet. Ich stoppte postfix auf Uranus und habe es
geloescht mit cd /var/db/pkg && pkg_delete postfix-2.7.1-sasl2. Dann habe
ich das neue packet eingespielt mit pkg_add postfix-2.7.3-sasl2.tgz und
habe postfix gestartet mit /usr/local/sbin/postfix start. Es gelung mir
und bis jetzt keine beschwerden.