One of our mail servers recently got listed in backscatter.org for creating back scatter (Non Deliver Reports (NDR) to people who have been listed as the sender of spam).
I was pretty surprised at this as I had configured sendmail such that it should not produce back scatter.
However on closer investigation it was true we were sending back scatter.
The problem lay in the fact that we relay a few accounts to the users isp accounts. One in particular (Demon) issue a 509 if they reject the email as spam.
This was causing our mail server to send an NDR to the from address of the original email.
To solve this problem I used procmail and formail to rewrite and then forward the email rather than simply allowing sendmail to relay it.
By re writing the 'Return-Path' option it means that the NDR is sent to a local address (which is actually /dev/null) rather than the FROM address.
To do this I simply created an account for the user and then created a .procmailrc in the home directory with the following entry
:0fw
| /usr/bin/formail -i "Return-Path: postmaster@mydomain.co.uk" | /usr/lib/sendmail -f postmaster@mydomain.co.uk yyyyyyyy@myotherdomain.co.uk
postmaster@mydomain.co.uk is simply sent to 'junkmail'
junkmail is an alias (in aliases) for /dev/null
The original Return-Path can be seen in the mail header as Old-Return-Path should you ever need it.
You can verify everything is working by simply checking your maillog (and the fact you have no more NDR mail sat for days in your outgoing queue!)
If you need to monitor your mail server check out www.ippatrol.com
Monday 16 March 2009
Monday 23 February 2009
asa5505 top 10 feature
The latest version of ASDM fails with an error when you try to enable the ASA5505 top 10 feature.
It tries to execute the command "threat-detection statistics host number-of-rate 0" which is not valid.
To enable it execute the command "threat-detection statistics" using the cli interface.
Save the config and then disconnect and reconnect ASDM.
Should now be working!
Its not always obvious its fully working as many of the windows show zero values for parameters when there is no attack.
Both issues have been logged with Cisco.
It tries to execute the command "threat-detection statistics host number-of-rate 0" which is not valid.
To enable it execute the command "threat-detection statistics" using the cli interface.
Save the config and then disconnect and reconnect ASDM.
Should now be working!
Its not always obvious its fully working as many of the windows show zero values for parameters when there is no attack.
Both issues have been logged with Cisco.
Thursday 22 January 2009
Allowing for a timeout on check_nrpe
check_nrpe allows for a timeout to be set using the -t option. The default is 10 seconds. Often this might not be enough. There is no way of specifying the timeout option when configuring a host.
example
=======
define service{
use generic-service
# Hostname of remote system
host_name mynode.mydomain.com
service_description Load
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
# Change to your contact group
contact_groups admins
notification_options w,u,c,r
notification_interval 10
notification_period 24x7
check_command check_nrpe!check_load
}
To get round this problem simply add a new command definition to commands.cfg below the existing check_nrpe definition
define command{
command_name mycheck_nrpe
command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t $ARG2$
}
mycheck_nrpe allows for a 2nd parameter to be passed on the service definition.
example
define service{
use generic-service
# Hostname of remote system
host_name mynode.mydomain.com
service_description Load
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
# Change to your contact group
contact_groups admins
notification_options w,u,c,r
notification_interval 10
notification_period 24x7
check_command mycheck_nrpe!check_load!30
}
The above example specifies a 30 second timeout.
Problem solved!
example
=======
define service{
use generic-service
# Hostname of remote system
host_name mynode.mydomain.com
service_description Load
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
# Change to your contact group
contact_groups admins
notification_options w,u,c,r
notification_interval 10
notification_period 24x7
check_command check_nrpe!check_load
}
To get round this problem simply add a new command definition to commands.cfg below the existing check_nrpe definition
define command{
command_name mycheck_nrpe
command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t $ARG2$
}
mycheck_nrpe allows for a 2nd parameter to be passed on the service definition.
example
define service{
use generic-service
# Hostname of remote system
host_name mynode.mydomain.com
service_description Load
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
# Change to your contact group
contact_groups admins
notification_options w,u,c,r
notification_interval 10
notification_period 24x7
check_command mycheck_nrpe!check_load!30
}
The above example specifies a 30 second timeout.
Problem solved!
Subscribe to:
Posts (Atom)