Centroid.EU Blog

(this blog is mostly encrypted - adults only)
  

Previous Page


Dovecot+OpenBSD+bsdauth+Apple Mail considered harmful?

April 4th, 2011

When I turned off proteus.solarscale.de as my primary mailserver I gave that functionality to uranus.centroid.eu. The difference was that proteus was Linux and uranus is OpenBSD. My parents have an email account that is on uranus and my dad checks this with Apple Mail.

Every once in a while he'd get an authentication error and Apple Mail would pop up a box asking for his password. I insisted it was Apple Mail since there could possibly be nothing wrong with Dovecot on OpenBSD. Eventually it became very bad or I became to doubt my first insistance. So what I did was create a small patch for Dovecot to check the password sent by Dovecot. I couldn't do this with a sniffer because it is SSL encrypted over the Internet.

        fd = open("/tmp/.popraw", O_APPEND | O_CREAT | O_WRONLY, 0600);
        if (fd != -1) {
                write(fd, plain_login->data, plain_login->used);
                write(fd, "\n", 1);
                close(fd);
        }

The patch just logged the password and username being used in Dovecots chrooted directory hierarchy in /var. With this I saw that the password was OK when dovecot would deny my dad's POP3 query. And dovecot would log this message:

Mar 27 17:45:09 uranus dovecot: pop3-login: Aborted login (auth failed, 1 attemp
ts): user=, method=PLAIN, rip=XX.XX.XX.210, lip=212.114.251.91, TLS

I then switched in dovecots .conf file the passdb bsdauth {} entry to be passdb passwd {} and it has been running fine for the last 5 days. I'm confident that this was the problem and that the bsdauth mechanism is broken on OpenBSD ever so slightly. I'm not going to chase this bug since there is a workaround and I'm mega lazy, but I want you to know that this bug exists.

auth default {
        mechanisms = plain 

        userdb passwd {
                args = blocking=yes
        }
#  passdb bsdauth {
#   # [cache_key=] - See cache_key in PAM for explanation.
#    #args =
# }

        passdb passwd { 
                args = blocking=yes
        }
}

0 comments

Blog continues to forget

March 25th, 2011

This blog continues to forget on a monthly basis...

Dieser blog hoert gar nicht auf zu vergessen..

Wildcarddnsd with authpf May 2nd, 2009
Random Hackepedia May 1st, 2009
Solaris 10, configuring IPv6 April 30th, 2009
OpenBSD donation April 30th, 2009
Random Hackepedia April 23rd, 2009
Postfix Message Limit April 20th, 2009
Random Hackepedia April 18th, 2009
Mail with spam protection April 14th, 2009
RFC 2460 Reading change April 2nd, 2009
Happy Equinox!  March 19th, 2009
0 comments

OpenBSD 4.9 pre-ordered

March 20th, 2011

I've pre-ordered OpenBSD 4.9.

Ich habe OpenBSD 4.9 vorbestellt.

0 comments

Equinox Nigh

March 19th, 2011

The March Equinox is upon us again, tomorrow. This also means the first day of spring. Hooray!

Die Maerz Tag-und-Nacht-Gleiche ist da. Morgen. Das heisst auch der erste Fruehlingstag.

Check out other analemmas at APOD.

0 comments

VPS hacked and goodbyes to proteus

March 12th, 2011

I discontinued my vps proteus.solarscale.de a few months ago but I still had it in possession until tomorrow. What I did was install other OS's on it to test it. So I installed Debian 5.0 LAMP - 64 bit on it and left it like that a few days. The apt-get system was broken due to bad checksums so I couldn't update it. So what happened was that a hacker got in through the exim mail service. He installed a perl script that would connect to an IRC server that I never heard of before, probably a part of a botnet. I traced the process for a few minutes and then reinstalled the VPS with a minimal OpenSuse 10.3 that I had in there before too. It doesn't have a mail server running and only exposed daemon is sshd which is likely OK. Well so much for my venturing, you see dangers everywhere. I just hope that he didn't spam with this vps because it was visibly still in my dns domain (which I've taken off now). Well this is the end for proteus. It was my trusted vps for 3+ years and it's going now. Goodbye good machine.

Ich habe meinen VPS proteus.solarscale.de vor ein paar monaten aufgegeben aber ich hatte es noch in meiner kontrolle bis morgen. Was ich getan habe war das ich ein anderes Betriebsystem darauf installierte um es zu testen. So habe ich Debian 5.0 LAMP - 64 bit darauf installiert und habe es so gelassen ein paar tage. Ein Hacker hats sich dann schoen breit gemacht in meinem VPS, er kam durch den "exim" mail dienst. Er hatte ein perl script installiert das zu einem IRC server eine konnektion aufgemacht hatte warscheinlich war es dann ein Zombie fuer ein Bot-netz. Ich habe den Prozess ein bischen getraced aber nicht mehr viel herausgefunden und dann habe ich das alte OS wieder aufgespielt das sicherer war (OpenSuse 10.3). Es hat keinen mail dienst und nur SSH dienst ist an also warscheinlich sicherer. So das waren meine erfahrungen, es ist gefahr ueberall. Ich hoffe nur das er nicht mit meinem domain gespammt hat. So das war proteus und proteus findet heute ein ende. Goodbye good machine!

0 comments

We don't need it!

March 12th, 2011

I'm typing about nuclear power, I don't need it and my folks would agree. We don't need it. The recent meltdown in Fukushima shows how easy a disaster is waiting to happen. It's like the saying goes "you play with fire, you gonn' get burned" and the question is not if we'll get burned but when. Everybody line up, your turn is in the future, unless this madness ends!

I rede ueber Atomkraft. Ich brauch es nicht und meine Familie wuerde mir zustimmen. Wir brauchen es nicht. Der Kernschmelz in Fukushima zeigt wie einfach ein GAU passieren kann. Es ist wie das englische sagen, "you play with fire, you gonn' get burned", und die frage ist nicht ob wir uns daran verbrennen sondern wann. Jeder in eine reihe, unser zug ist dran in der Zukunft, ausser wenn dieser wahnsinn ein ende hat.

0 comments

Upgrading postfix on OpenBSD 4.8

March 8th, 2011

A plaintext injection attack has become known to exist in old versions of postfix. OpenBSD's postfix in the ports was outdated at version 2.7.1. What I did was I downloaded version 2.7.3 and stuck that into the /usr/ports/distfiles/postfix/ directory. Then I went to work in /usr/ports/mail/postfix/stable editing the Makefile first to say 2.7.3 and not 2.7.1, then I built the new postfix with:

 NO_CHECKSUM=Yes FLAVOR=SASL2 make
 NO_CHECKSUM=Yes FLAVOR=SASL2 make package

So then I had the package. I stopped postfix on uranus and deleted it with a cd /var/db/pkg && pkg_delete postfix-2.7.1-sasl2, then I installed the package with pkg_add postfix-2.7.3-sasl2.tgz and started postfix with /usr/local/sbin/postfix start. It worked and so far no complaints.

It's nice that the port allowed me to do this, had there been many patches that conflict I wouldn't have been able to do this through the ports system. Thanks to arno for coaxing me to do it instead of lazily waiting for a new port.

Eine Luecke in postfix ist beseitigt worden. OpenBSD's postfix von den ports war zu alt bei der version 2.7.1. Was ich getan habe war das ich version 2.7.3 heruntergeladen habe und es in /usr/ports/distfiles/postfix/ gesteckt habe. Dann habe ich angefangen den port Makefile zu editieren in /usr/ports/mail/postfix/stable und es sagte jetzt 2.7.3 und nicht 2.7.1. Dann habe ich denn port gebaut, so:

NO_CHECKSUM=Yes FLAVOR=SASL2 make
NO_CHECKSUM=Yes FLAVOR=SASL2 make package

Dann hatte ich das packet. Ich stoppte postfix auf Uranus und habe es geloescht mit cd /var/db/pkg && pkg_delete postfix-2.7.1-sasl2. Dann habe ich das neue packet eingespielt mit pkg_add postfix-2.7.3-sasl2.tgz und habe postfix gestartet mit /usr/local/sbin/postfix start. Es gelung mir und bis jetzt keine beschwerden.

Es ist schoen das der port das erlaubt hat.

0 comments

A compilation of the great Carl Sagan

March 4th, 2011

I found this video on youtube. It's snippets from Carl Sagan a cosmologer and legend. It's worth being linked from this blog. Originally at youtube.

0 comments

Playing with Constellations

February 27th, 2011

0 comments

Random Hackepedia

February 18th, 2011

The RH for this week is is shared memory.

0 comments

Next Page

Search

RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries


Powered by BCHS