I'm running sendmail 8.9.3 and pretty much left everything default. The
spam stoppers are in full effect..
I have a question about the following:
Mar 20 14:39:25 xxx sendmail: OAA18726: ruleset=check_mail,
arg1=<xxx(a)bebe.com>, relay=[184.108.40.206], reject=451 <xxx(a)bebe.com>...
Sender domain must resolve
So i do a bit of digging:
*** ns.server.com can't find bebe.com: Non-existent host/domain
> set type=mx
bebe.com preference = 0, mail exchanger = bebe-mail.bebe.com
Authoritative answers can be found from:
bebe.com nameserver = AUTH02.NS.UU.NETbebe.com nameserver = bebe-ns.bebe.combebe.com nameserver = BEBE-NS2.bebe.combebe-mail.bebe.com internet address = 220.127.116.11
AUTH02.NS.UU.NET internet address = 18.104.22.168
bebe-ns.bebe.com internet address = 22.214.171.124
BEBE-NS2.bebe.com internet address = 126.96.36.199
By looking at this.. I concluded that MX records aren't looked at when
deciding if a domain resolves or not. So.. I do the some testing with
hospitalforms.com (which doesnt resolve but has an MX record) and it worked..
So. Am I right when I assume that bebe.com's ns servers were most likely
down for a period of time?
Auth02.ns.uu.net is huge.. and 3 nameservers all go down at the same time?
This doesnt seem right.
I expect that you will always get this response, it is common for the
domain not to have an IP address, after all, which machine should it
tell you about? If you tried www.bebe.com, you will probably get an
IP address as that will translate to an actual machine.
Sendmail will always assume MX records as these are all that is
relevant to it. Why should sendmail worry about the web or FTP
> From: Chrissy LeMaire[SMTP:email@example.com]
> Sent: 21 March 2000 18:06
> To: suse-security(a)suse.com
> Subject: [suse-security] sendmail -- sender domain must resolve
> Hey All,
> I'm running sendmail 8.9.3 and pretty much left everything default. The
> spam stoppers are in full effect..
> I have a question about the following:
> Mar 20 14:39:25 xxx sendmail: OAA18726: ruleset=check_mail,
> arg1=<xxx(a)bebe.com>, relay=[188.8.131.52], reject=451 <xxx(a)bebe.com>...
> Sender domain must resolve
> So i do a bit of digging:
> # nslookup
> > bebe.com
> Server: ns.server.com
> Address: ip.addy.here
> *** ns.server.com can't find bebe.com: Non-existent host/domain
> > set type=mx
> > bebe.com
> Server: ns.server.com
> Address: ipaddyhere
> Non-authoritative answer:
> bebe.com preference = 0, mail exchanger = bebe-mail.bebe.com
> Authoritative answers can be found from:
> bebe.com nameserver = AUTH02.NS.UU.NET
> bebe.com nameserver = bebe-ns.bebe.com
> bebe.com nameserver = BEBE-NS2.bebe.com
> bebe-mail.bebe.com internet address = 184.108.40.206
> AUTH02.NS.UU.NET internet address = 220.127.116.11
> bebe-ns.bebe.com internet address = 18.104.22.168
> BEBE-NS2.bebe.com internet address = 22.214.171.124
> By looking at this.. I concluded that MX records aren't looked at when
> deciding if a domain resolves or not. So.. I do the some testing with
> hospitalforms.com (which doesnt resolve but has an MX record) and it
> So. Am I right when I assume that bebe.com's ns servers were most likely
> down for a period of time?
> Auth02.ns.uu.net is huge.. and 3 nameservers all go down at the same time?
> This doesnt seem right.
> Any suggestions?
> To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com
> For additional commands, e-mail: suse-security-help(a)suse.com
L. Sassaman wrote:
> SSH2 is free for non-commercial use.
This is not exactly true. It would depend on your definition of commercial
If you read the licensing of SSH2 you'll discover that they redefined what
they consider to be commercial use.
The license states:
"NON-COMMERCIAL USE shall mean the following uses of the SOFTWARE:
a) any use done outside and without connection to a commercial
organization and commercial activity,
b) use related to leisure time activities by private individuals,
including hobbies, games, etc. provided however that such use is not
commenced with commercial companies.
Uses not considered as NON-COMMERCIAL USE include, but are not
a) any use where commercial activity is involved and where the use
in any way, directly or indirectly, aims at monetary or other
b) any use that takes place in commercial, governmental, military,
or similar organizations and where a salary or similar monetary
compensation is paid, unless the use can be considered to be
EDUCATIONAL USE or is purely for charity."
jonathan stated they he wished to use SSH2 to get files from work. This
activity would violate the SSH2 agreement.
I just downloaded ssh2 and installed it, and I am looking for some
pointers from folks who have set it up in the past. I did not use the
rpm from the suse, I got it from ssh.org and compiled local. I would
rather learn from someone else getting cracked than learn the hard way.
I am using SuSE6.3, kernel 2.2.13. I want to be able to have it running
on the firewall and file server (2 separate machines), so I can get to
my files from work via the internet. Any and all suggestions welcomed.
The harden_suse script says the following:
"put every daemon in chroot and try to run them unpriviliged"
Does anybody know where I can get more infos about the chroot
program and running daemons unprivilged?
( I looked at the manpage and the info text, but
they werent't really informations about this )
Two-a-Day at joesixpack.netwww.freenet.de/joesixpack keyid BF3DF9B4
What is the most secure way to open the firewall for playing games on
Heat.net? They request access to several ports, so I've added the IP adresses
of Heat.net to FW_TRUSTED_NETS="126.96.36.199/24 188.8.131.52/24" and they
have access to all UDP ports. Is there a way to limit this access?
Frank Hart - mailto:firstname.lastname@example.org
SuSE Linux - Kernel 2.2.14 on a i586 100 Mhz with 24 Mb RAM
"What is wanted is not the will to believe, but the will to find out,
which is the exact opposite."
-- Bertrand Russell, "Skeptical_Essays", 1928
Your problem may be the order in which your place the rules. Try putting the
last line in first. Deny everyone first then poke holes in it. Most
firewalls have some sort of precedence.
I am attempting to follow the 'Firewall and Proxy Server HOWTO' written
Mark Grennan, but have been running into a problem in section 6.4.
When pinging the outside address of the firewall from a computer on the
it works. At this point of the test process, it shouldn't. IP
is turned off, and I have turned off IP Masquerading.
Can anyone provide me with some guidance?
Guess I should have made that a little clearer ;).
I am wanting to figure this out from scratch. I am trying to break out of
the *Windows Only* frame that I am in concerning security that I recommend
to clients. Right now, I recommend Raptor, Firewall-1, or MS Proxy
depending upon the situation. Being able to configure ipchains from scratch
would be a great solution for clients on a limited budget.
Thanks for the reply though!
From: robert(a)texas.net [mailto:email@example.com]On Behalf Of Robert C.
Sent: Tuesday, March 14, 2000 8:04 PM
Subject: Re: [suse-security] *WANTED: ipchains guru*
> Looking for someone to take a look at my ipchains script. I don't want to
> post it on the list as it is kind of long. A little background is in
> I want to setup an ipchains firewall to do the following:
> Deny everythind that is not explicitly allowed.
> I have a server sitting behind it that will host pop3, smtp, www, and ftp
> I will need to forward all these ports.
> I want to allow everyone on the local network to ANYTHING out on the
> I want to log any denials and protect against IP spoofing (and anything
> that might be dangerous).
> If anyone is willing to help, I will send them my annotated script to take
> look at. I do realize that some things are missing (probably the stuff I
> need help on).
> I have read all the HOW-TOs that I can find but something isn't clicking.
I would start here:
It will take a little thought and work to get it set up, but not as
much as trying to do the whole thing yourself.
If my return address contains "ZAP." please remove it. Sorry for the
inconvenience but the unsolicited email is getting out of control.