-----BEGIN PGP SIGNED MESSAGE-----
I noticed the x86_64 XFree86 source has a bad MD5 sum and GPG
signature. I've check a mirror and get the same result. I hadn't
seen anybody else mention it on the list, so I thought I'd just ask
> # wget ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/XFree86-220.127.116.112-43…
> # rpm --checksig XFree86-18.104.22.1682-43.42.5.src.rpm
> XFree86-22.214.171.1242-43.42.5.src.rpm: sha1 MD5 GPG NOT OK
PGP e-mail is welcome! Get my 1024 bit signature key from:
"The more I know, the more I realize how much I do not understand."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
> I have got one official ip address and a dmz with an apache
> webserver with ip based virtual hosts config.
> iptables -t nat -A PREROUTING -i $INF -p tcp --sport 1024: -d
> www.mydomain.com --dport 80 -j DNAT --to 126.96.36.199:80
> iptables -A FORWARD -p tcp -d 188.8.131.52 --dport 80 -i $INF -j ACCEPT
> Do I need an application level gateway for this config or
>From my point of view you need for each private ip an official ip to
setup the ip tables solution.
Either you use an application level gateway eg apache with
rewrite/proxy rules to check the HTTP header, or you setup
apache with named based virtual host, which should be more simple.
Best regards Ben
Ben Kummer, VDIVDE-IT, Rheinstr. 10b, 14513 Teltow Germany
fon: +493328/435106 fax: +493328/435281 email:firstname.lastname@example.org
I couldn't find a logical explanation, maybe someone could help me to
understand the situation:
Last month the youpdated version '1.1.3-4.2' of OpenOffice_org1 was
released and few days ago '1.1.3-4.3' appeared on the mirrors.
Until this point everything seems be fine, but while comparing the
.spec files of the above source rpms, interestingly only a single
line, containing the version numbers differs in them.
Is there an explanation to release the same YOU update actually twice
with different version numbers or do I miss something?
I have got one official ip address and a dmz with an apache webserver
with ip based virtual hosts config.
Now I have got the problem, that my prerouting / forward rule does not
iptables -t nat -A PREROUTING -i $INF -p tcp --sport 1024: -d
www.mydomain.com --dport 80 -j DNAT --to 184.108.40.206:80
iptables -A FORWARD -p tcp -d 220.127.116.11 --dport 80 -i $INF -j ACCEPT
This does work for one domain. But of course any further prerouting rule
is set to the first nat ip address.
Do I need an application level gateway for this config or could this
feature be achieved by iptables?
Thanks for any advice!
El 2005-05-23 a las 12:27 +0200, Rainer Duffner escribió:
> it's not about blocking dynamic ips sending mail (or surfing the web).
> Just dynamic ips sending mail without going through a mailserver that is not
> an MX!
Dana Hudes said just that, block all traffic:
|> Your issue is permanent blocking. This is controversial.
|> The idea has been to exert pressure on ISPs whose users complain.
|> This is of limited success. the idea is that if dialup and dhcp (cable,
|> dsl) users found they could not access major portions of the internet
|> -- not just for e-mail but web browsing as well -- then they would be
|> motivated to complain to their ISPs who would act more forcefully and
|> quickly against spammers etc. . If somoene could get yahoo and hotmail
|> and google to "sign on" to such a program then yes there would be a
|> dramatic amount of complaints.
> Normaly, it should go like this:
> | customer with dyn.IP|------>|MX of provider/hoster/whoever|------>|my
> | MX|<-----|me myself via IMAP on dynamic IP|
> I myself do SMTP-AUTH to allow relaying.
> OK, so I have my own mailserver - but if I didn't have that, I'd subscribe to
> some online mail-service that allowed me to relay through their MX via
The problem, or problems, are several. For one thing, the smtp relay
servers my ISPs provide are not reliable: they may fail to send an email,
and worse, they don't inform me of that, or they do several days late.
But even if I use the relay, they have policies that impede my use of them
seriously, like only accepting email with a "From" address of theirs.
Therefore, I can not send all my email through only one relay server, or
not at all for redirection accounts (like sourceforge).
Unfortunately, Postfix transport file does not has rules to select which
relay server to choose based on the FROM address, only on the TO part. I
need that feature.
I was told (thanks, Arjen) to try 'esmtp' (http://esmtp.sourceforge.net/)
- I've downloaded it, waiting for compilation -but a comment I read makes
me afraid that it will not work well with non permanent connections.
Thus, I have no alternative (yet?) but to use Postfix for direct sending.
In my opinion, the best solution would be a method to really identify
who is sending, regardless of the type of IP he is using. A
cryptographic signature, probably, for the "FROM" header, not the
contents (signing the contents is a problem with domainkeys with lists
At least in Spain, with a court order, it is possible to identify the
spammer with the IP, because there are listings correlating each IP and
timestamp to the phone used, and thus, the person responsible.
> Please don't cc to the SuSE-list.
Ein? You mean, email you direct, without a CC to the list? :-o
I'll try, but I'm sure your server will reject my dynamic IP server.
Impossible, it rejected me:
(host mail.** [*.*.*.26] said: 451 Dynamic IP Addresses
See: http://www.dnsbl.sorbs.net/lookup.shtml?18.104.22.168 (in reply to RCPT TO command))
Thus, I resend to the list instead. Sorry.
in general blocking ips isnt the best and
blocking dynamic ips is more then a stupid idea.
on another mailinglist someone wrote rules for
isnt a good idea to activate the rule forever but
for a few weeks it will be ok
--free your mind, use open source
ASCII ribbon campaign ( )
- against HTML email X
& vCards / \
> -----Original Message-----
> From: Robert Schiele [mailto:email@example.com]
> Sent: Thursday, May 19, 2005 6:15 AM
> This list seems rather useless to me because most of these
> IPs are dial-ins
> and thus will change frequently.
Since subscribing to this list I have been getting NDRs that indicate
that someone is spoofing my email address. Has anyone else on the list
noticed a similar problem?
I am not suggesting that the email list has been compromised.
It could be a coincidence but I thought that I would ask.
Hi all! I've a server with six ethernet devices of the same brand. They manage
six different networks.
I've, also, a SuSeFirewall2 with ssh service open from the internal networks.
Everything works well, but sometime I'm not able to connect to the ssh
service on the server, even if it forwards the packets (http, ftp...)
nicely!!!! All stranges, I noticed, were collisions on two network devices
maded, probably, from a damaged switch or samething like!
Who know the cause?
Anyone may help me?
Today I've released a new version of fou4s (Fast OnlineUpdate for SuSE).
For everyone who has not seen it yet, it is a cron-job optimized version
of YOU (YaST online update), very powerful, but still very easy to use.
The latest version includes support for delta-RPMs, resulting in a much
smaller download size (especially on new installations).
Other fixes include improvement of source rpm handling and a better kernel
update reboot notification.
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(at)gaugusch.at X Against HTML Mail
I have reports of traffic hitting through a few iptable boxen that seems kind of interesting.
Has anyone seen or heard of traffic on udp 1148?
I am thinking it may just be some spy or mal ware.
Any info you know of would be appreciated.