If you receive e-mail from: support <firstname.lastname@example.org>
This mail is NOT from us. It is a phishing scam attempting to get your authentication so they can take over your account. Do NOT click on the link. Delete it. Any mail that comes from outside domains is not from us.
I found people connecting to our mail server, giving the auth command, then disconnecting. I found out that this was a Chinese botnet attempting to deliver spam but why they would issue an auth command and then not provide arguments is not clear. Perhaps they are aware of some bug in postfix that I am not.
At any rate it is bad behavior so I have added rules to fail2ban to block IP addresses that do this. That’s one less botnet delivering spam.
First I want to wish everyone a Happy Thanksgiving.
I’ve noticed the same explosion of spam here that I am sure you are
all suffering from. I have not been able to find anything wrong here but
there are a couple of viruses going around building botnets these folks
To try to improve things, I’ve enabled the DCC (Distributed Spam
Checksum Clearinghouse) plugin to spamassassin. Hopefully it will help.
If you notice anything in the headers that is common to a lot of these
I will be rebooting servers to affect a kernel upgrade in just a few minutes. This will affect all machines but downtime for any given machine should not be more than about 15 minutes.
I’ve added a couple of links to our links pull down on our web site. One is to something called “Tech Rights” which deal with things like copyrights, patents, and particularly how they affect the open source and technological user community.
The second link that I have added is to “Open Source“, a website that has many good technical articles including many good tutorials regarding how to utilize Linux and Open Source software. These will help you make better use of many of the facilities here.
I broke scientific7.eskimo.com today. It is in the process of being restored from backups. Please use centos7.eskimo.com, which is based upon the same RHEL7 code base, in the interim.
Reboots to make active security patches have been completed. Sorry it took me somewhat longer than anticipated owing to I had a couple of machines that were stubborn and did not want to go down for reboot.
I will be rebooting all of the Intel based machines between 1:30AM – 2:00AM November 7th to make active several security updates that patch serious issues with openssl, systemd, and DNS.
Downtime for any given machine should not exceed about 15 minutes. Most will be less.
I did not expect last night to be a maintenance night but it had other ideas. Around 3AM name service for our own hosts failed although our name servers were still resolving external hosts fine.
The issue was caused by an update that replaced the named apparmor profile on the master name server. We use a hidden master (a master which is not reachable from the outside world) for security reasons. I use a file system layout for named that is different from the default Ubuntu layout. I had to modify the apparmor profile accordingly. When the update replaced my modified profile, it resulted in named not being able to read some of it’s configuration files and then failing to resolve local host names as a result.
This has been corrected.