Recent content by tolstoy

WHy not run regmon or filemon to see what reg keys and files the virus is accessing when it runs.

I've used a number of products from sourceforge in production on my BSD and Linux boxes and have had little (none actually) problems with them. In fact I trust some of this stuff more than I do some Win products. The key is to test test test, and only use the stable releases.

Look in server manager. It will show you the role of every box on your network.

The only problem with using /etc/hosts.allow and deny is that it is host specific (bound to an ip address or subnet) and not user specific. This approach will work, but will allow any user to telnet into the box if they are at the right host and will not let the proper users be mobile (which I...

As far as I can tell, its not a sendmail bug. The problem goes away in kernel 2.2.16 as well as 2.4.3, but persists in 2.4.0. For what reasons, I don't know. I've compiled all three kernels with the same options.

Believe it or not I found some facts at sendmail.org stating a kernel-level problem with linux and sendmail that returns a "connection timed out", though the error message I have looks a bit different it. The problem is with kernel 2.0, I believe. I'm using 2.4.0 currently, but for the...

Thanks for all the help. I'll try what you suggested, and also installing the current from binary rather than RPM if all the above fails. I have heard that sendmail.cf gets buggy from linuxconf on RedHat, though I have not used linuxconf at all on this machine. Thanks again. I'll post back if I...

I didn't think it was an ident issue since I didn't see any dropped packets on that port in my firewall logs. Here is the contents of my maillog when I grep it for glmshows when attempting to send to a user: Apr 20 09:48:57 mail sendmail[9957]: f3KDlWP09955: to=deborah_hilfman@glmshows.com...

When I do a reverse lookup I get, 48.170.139.38 limcollege.edu and 48.170.139.38 limcollege.com. This is not the FQDN of my mail server which is mail.limcollege.edu. Would this have any effect?

The remote server is mail1.glmshows.com, so it would be someuser@glmshows.com. If you need an actual user name let me know. The other offender is Victoria's Sercet, though I forget the name of their server at this moment. :)

Keep in mind though that crafty users will always find ways around these things. I work at a school, and no matter what we block, there's always some other service that takes its place. For instance AIM has a web based interface that runs over port 80. In a case like this, you will need to block...

You will need to block those ports at the firewall level. Take a look at the list of IANA's registered port numbers. There you will see what port AIM, MSN messenger, ICQ, etc. run on, and what protocol (udp,tcp). Close these ports at the firewall or router and you should be fine.

Thanks for the help again. Someone who had a similar problem suggested that the remote server may being checking my authenticity by connecting to ident, which is not running on my machine, nor allowed at the firewall. In your opinion, do you think this could be the case? Our firewall uses one...

I spoke with our ISP and they verified that reverse lookup is setup for our domain. The ip or our mailserver is the external ip of our firewall which if forwarding traffic on 25 to our mailserver. Could this have any effect? I'm not sure how to check reverse lookup myself, but imagine I would...

Thanks for the reply. I meant 25, not 80, Sorry for the confusion. I can telnet into 25, but get a 20 followed by astricks, rather than an intelligible message. As for reverse look-up, I'll have to check that with my ISP, as they host all of our DNS services.