Category: Uncategorized

check_dnsbl: a simple Nagios plugin

One way to deal with rogue virus spamming client machines is to do what AOL does. In our case this is not an acceptable choice. Therefore we redirect all rogue port 25/tcp traffic to a relay server1 where we simply check for virii in the outgoing email messages. Such a method has the side effect that this server sometimes ends up in bl.spamcop.net. In order to know when this happens I wrote this simple Nagios plugin, check_dnsbl:

#!/usr/bin/perl -w
#
# yiorgos, Fri Oct 13 16:09:52 EEST 2006
# Normally this *must* follow the Nagios plugin guidelines:
# http://nagiosplug.sourceforge.net/developer-guidelines.html
#

# Yes these three lines are needed because of the embedded Perl interpreter
use vars;
use strict;
my($revip, $dnsbl, $ans);

$revip = shift or die "you must give a reversed IP address";
$dnsbl = shift or die "you must give a DNSBL";

open DNSBL, "/usr/bin/dig -4 $revip.$dnsbl a |" or die;
while(<DNSBL>) {
  chop;
  if (m/^;; ANSWER SECTION:/) {
    $ans = <DNSBL>
    close DNSBL;
    print "$dnsbl STATUS: ", $ans;
    exit 2;
  }
}
close DNSBL;

print "$dnsbl STATUS: OK";
exit 0;

Of course you can hack check_dnsbl to include more DNSBLs. This is simply a proof-of-concept that does the job fine. It is not a complete plugin. If you want to make a more complete plugin you have to read through the Nagios plugin developer guidelines.

Update: A final version of the check_dnsbl plugin can be downloaded from here.  The final version checks for $HOSTNAME$ being listed in various DNSBLs specified in an array (Yes @dnsbl_list is specified inside the source.  You can use an external file to specify the array and have the Perl interpreter require it if you don’t like it this way).  It also uses Net::DNS instead of opening a pipe to dig which makes it considerably faster.

[1] in Greek

sendmailX renamed to MeTA1

From Claus Assmann:

Here's the latest status update:

For various reasons, the software has been renamed to MeTA1.
The mailing lists will be renamed accordingly:

domain:
	sendmailx.org	-> MeTA1.org
localparts:
	smx-developers	-> MeTA1-developers
	smx-design	-> MeTA1-design

For now, I just copy all addresses from the old lists to the new
list. If you don't want to participate any longer, please contact
me directly.

As you probably noticed, I took some time off from working on the
MTA (only fixing bugs if a problem showed up), but now I'm back and
one of my current projects is to look into integrating Arena as
scripting language (see some earlier mails about this topic).

I will send out some more information "soon" on the new list,
hopefully you will adjust your filters by then.

More information about MeTA1 and the Arena scripting language.

re: Σημειολογικό, πολύ σημειολογικό

Μερικές φορές είναι σοκαριστικό πόσο γρήγορα μπορεί να σου έρθει ένα “χαστούκι”. Ώρες αφότου σχολίαζα το “Σημειολογικό, πολύ σημειολογικό” (του raresteak) βοήθησα ένα φίλο1 πανεπιστημιακό να κάνει μια ορθολογική κατανομή του προϋπολογισμού που είχε μπροστά του για δαπάνες. Πως όμως; Αφού τα κονδύλια όπως ήταν ορισμένα για κατανάλωση (ναι μόνο έτσι μπορώ να το χαρακτηρίσω) δεν βοήθαγαν2 (π.χ. περίσσευμα χρημάτων στη μία κατηγορία και έλλειμα στην άλλη, χωρίς να μπορείς να μετακινήσεις κεφάλαια). Στην ερώτησή μου “πως βγήκαν αυτά τα χρήματα και πως προέκυψε η κατανομή;” ο φίλος απάντησε πως δεν ξέρει. Άρα αυτός που εγκρίνει τις δαπάνες μάλλον δεν βλέπει τι αντιπροσωπεύουν.

Raresteak, ένα μόνο μπορώ να πω: Και λίγα έγραψες τελικά.

[1] Ο οποίος επίσης έψαχνε λεξικό της προκοπής.

[2] 10 7 χρόνια πριν ήταν η τελευταία φορά που ανακατεύτηκα σε προϋπολογισμό εργαστηρίου. Και τότε είτε δεν υπήρχαν λεφτά, είτε υπήρχε υπέρογκο ποσό σε σχέση με το χρόνο που υπήρχε για να καταναλωθούν. Το εντυπωσιακό είναι πως αν τα ίδια χρήματα μπορούσες να τα παίρνεις σπαστά σε μικρότερα ποσά μέσα σε ένα έτος θα είχες ορθολογικότερη χρήση των χρημάτων. Το να σου δίνεται ένα ποσό Χ και ένα περιθώριο μέχρι το τέλος του μήνα για να “φύγει” σημαίνει πως κάπως καθυστερεί να φτάσει η έγκριση των κονδυλίων στους άμεσα ενδιαφερόμενους. Και μετά γίνεται πάλι κύκλος. Μια μεγάλη “νεκρή” περίοδος χωρίς καθόλου χρήματα και ξαφνικά “έχετε ένα μήνα για Ν χιλιάδες ευρώ”.

Greek Political Speech Generator

Στο Ε.Δ. 2406 του ΤΕΕ στη σελίδα[pdf document] της παράταξης ΑΜΑΝ βρήκα έναν αλγόριθμο παραγωγής πολιτικού λόγου. Αφιέρωσα 10 λεπτά και έγραψα μια γεννήτρια πολιτικού λόγου που περιέχει μόνο τις 40 προτάσεις που δίνει η ΑΜΑΝ. Με εντυπωσιάζει το αποτέλεσμα καθώς ταιριάζει σε όλα τα πολιτικά κόματα και παρατάξεις. Δοκιμάστε:

http://greek-politician.appspot.com/

Avoiding FEATURE(`nullclient’)

From the sendmail cf/README:

nullclient	This is a special case -- it creates a configuration file
		containing nothing but support for forwarding all mail to a
		central hub via a local SMTP-based network.  The argument
		is the name of that hub.
		The only other feature that should be used in conjunction
		with this one is FEATURE(`nocanonify').  No mailers
		should be defined.  No aliasing or forwarding is done.

However, you do not have to run sendmail1 on a server unless it is your SMTP server. Sendmail has FEATURE(`nullclient’) for that. Qmail has something similar. But there is nothing simplest than this alternative:

Enter nullmailer:

This is nullmailer, a sendmail/qmail/etc replacement MTA for hosts which relay to a fixed set of smart relays. It is designed to be simple to configure, secure, and easily extendable.

Nullmailer is very easy to configure compared to any of the well known F/OSS SMTP servers. It is not an SMTP server. It is a /usr/lib/sendmail2 replacement for your servers or unix shell machines.

Installing nullmailer on a Debian system simply means:

# apt-get install nullmailer
# dpkg-reconfigure nullmailer

and you are all set3. If you are on another system the worst case senario requires that you compile it by hand. However, this is not a difficult task even for the inexpirienced SysAdmin, since the code is compact and easy to read and the directions on how to compile / install fairly simple to follow.

[1] Or postfix, or exim, or qmail
[2] Yes, there was a time that the sendmail binary lived in /usr/lib
[3] Usually this is followed by a dpkg –purge exim4-base exim4-config

configuring sendmail for your unix desktop

Mulberry, (or Thunderbird,or any other GUI email client) needs an SMTP (“outgoing”) mail server which it uses to send your emails. Normally this is set to what your ISP (or administrator) has told you to be. However, sometimes your outgoing email server maybe unavailable1 (which is furstrating, since most people expect email to be delivered instantly, or at least leave their system2 instantly). So why not run a mail queue on your own and let your desktop route your email through the outgoing email server when it becomes available again? Here is a small sendmail.mc that should work with your desktop unix machine3:

VERSIONID(`2006/08/23/00')dnl
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl

define(`SMART_HOST', `[outgoing.example.com]')dnl
define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl
FEATURE(`use_cw_file')dnl

FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Name=MTA-v4, Addr=127.0.0.1, Port=smtp')dnl
DAEMON_OPTIONS(`Name=MSP-v4, Addr=127.0.0.1, Port=submission')dnl

MAILER(`local')dnl
MAILER(`smtp')dnl

LOCAL_RULE_0
# LHS is separated from RHS with tabs, not whitespaces
R$- <@ $=w . >          john.doe < @ example.com. >

LOCAL_RULE_0 makes sure that any email sent from this machine is sent as john.doe@example.com. If this is not expected behavior delete LOCAL_RULE_0 or use FEATURE(nullclient).

[1] Unavailable does not mean neccessarily down. It may mean that some kind of rate-limiting is in place.
[2] Where system for such users is only their MUA (Mail User Agent).
[3] The example is Debian/Ubuntu-centric, but can be adapted to any system that runs sendmail

Lessons to be learned

Big Sofo
Big Sofo

The two last games for Greece in the FIBA World Championship 2006 have taught two lessons for everybody who is part of (or manages1) a team (any kind of team):

  1. Greece vs USA (101 – 95). It is almost undeniable that on a one-on-one comparison Team USA’s players are better players2 than the Greeks. But does the sum of them make a better team than the sum of the Greeks? Nope! Hello Mr. LeBron James3! When your team is behind and there is no time to cover the 6 points, you do not go for a highlight dunk. You search for a free player to shoot a three pointer. The Greeks did it with the Aussies. You elected to dunk, the Greek fans thank you double times for that (a fine dunk, and us winning easier) but is this team play?
  2. Greece vs Spain (47 – 70). Just because a team has a high visibility member, that does not mean that the rest of the team exists only to pass the ball at him. Indeed in the Eurobasket 2005 final the Greek Dream played against Nowitzki (not the Germans) and maybe they thought that this was the case with Spain also. Alas, the final game proved that Spain was not the team of Gasol, but a very good team even with him on the bench. You must never underestimate an oppononent no matter how weak they may seem, for it may not be the case.

[1] There are managers that consider themselves members of the team, and there are others who do not. Shame on the later.
[2] With maybe the exception of Hinrich
[3] You cannot be the heir of Michael Jordan. You can be either better or worse. You decide.

Το παιχνίδι της σιωπής

Χτες επισκεφτήκαμε το βαφτιστήρι μας. Πολλή φασαρία! Θυμήθηκα λοιπόν το trick που μου έχει πει μια φίλη νηπιαγωγός:

Γ: Κ. Θα παίξουμε το παιχνίδι της σιωπής. Χάνει όποιος μιλήσει πρώτος. Ναι;

Κ: Ναι

Γ: Ξεκινάμε

(1 sec … 2 sec … 3sec)

Κ: Έχασα!