rob
This user hasn't shared any biographical information
Homepage: http://www.spoofedpacket.net
Posts by rob
SpamAssassin DNS lookups over IPv6
Sep 15th
With the recent surge in AIB phishing mails, I thought it might be worth looking at our SpamAssassin setup to see if there was anything that could be done to filter them out.
AIB helpfully publish SPF records for the aib.ie domain, so the first port of call was SAs SPF lookups. Which I noticed weren’t happening, despite being enabled some time ago. Reloading SA resulting in the following log message in spamd.log:
Tue Aug 11 11:26:52 2009 [2221] warn: Error creating a DNS resolver
socket: at /usr/share/perl5/Mail/SpamAssassin/DnsResolver.pm line 233.
Aw snap, SA can’t do any DNS lookups, at all. Which means all of the DNS-based tests will be silently skipped. Going back through the spamd.log, I noticed these messages first started occurring when we enabled IPv6 DNS resolvers a number of months ago. Hmm, perl is obviously missing something fundamental.
So, it turns out a perl library required to create IPv6 sockets wasn’t installed, IO::Socket::INET6. This is conveniently packaged in Ubuntu:
aptitude install libio-socket-inet6-perl
A quick reload of spamassassin and we can say goodbye to all those “URGENT NOTIFICATION”s about our AIB online banking accounts. Although, the spammers have now copped on and aren’t even bothering to send from aib.ie addresses anymore..
Updates to bind and the open resolver project
Jul 29th
If you haven’t done so already, now would be a good time to update bind9. A remote exploit is doing the rounds.
In related news, Team Cymru is running a scan for open DNS resolvers. It’s surprising the amount of DNS servers out there that are un-intentionally left wide open and, even worse, don’t implement split-horizon DNS. Looks like they’ve been busy probing ns.spoofedpacket.net:
22-Jun-2009 23:33:54.393 security: client 38.229.0.10#55251: query (cache) 'recursion-test.cymru.com/A/IN' denied
23-Jul-2009 23:34:08.350 security: client 38.229.0.10#45412: query (cache) 'recursion-test.cymru.com/A/IN' denied
Heartbeat and IPv6
May 11th
I’ve been playing around with heartbeat quite a bit recently. It’s quite a mature piece of software with some cool features, however the documentation is bit unstructured and lacking in some areas, especially where IPv6 support is concerned. Heartbeat *supports* IPv6 address takeover through the IPv6addr resource but it’s not exactly clear on how you go about setting it up.
Anyway, after reading through some forum posts, here is a sample haresources file that will give you IPv4 and IPv6 address failover. We are using eth1 as our primary network interface:
my.failover.address 193.1.219.93
my.failover.address IPv6addr::2001:770:18:2:0:0:c101:db5d/64/eth1
The important thing is to specify the IPv6 address fully, ie: pad it out with 0′s, no :: shortcuts!
With v6 support recently added to IPVS, it should now be possible to do full IPv6 failover and load balancing.
Backporting debian packages
May 6th
Sometimes, you need a newer version of a package than is available in your debian/ubuntu install.
There’s a number of ways to do it, for example using tools such as Prevu, but here is the step by step process.
We are going to backport the latest version of Unbound from Ubuntu Jaunty (1.2.1 at the time of writing) to an Ubuntu Hardy system. As a prerequisite, we need the build-essential package installed as we are going to compile some software, we also need the fakeroot package in order to build debian packages:
aptitude install build-essential fakeroot
Firstly, we need to enable the Jaunty source repositories in our /etc/apt/sources.list file, and comment out the Hardy source repositories (any of the other lines beginning with deb-src). You should run aptitude update after this step:
deb-src http://ie.archive.ubuntu.com/ubuntu jaunty restricted main multiverse universe
The next step is to gather what we need to compile Unbound, the build dependencies:
apt-get build-dep unbound
Now, we retrieve the “debianised” source code for unbound:
apt-get source unbound
Then cd into the unbound source directory (it should be something like unbound-1.2.1) and run the following command:
dpkg-buildpackage -rfakeroot -b -uc -us
This will compile unbound and build the debian package in one go. The resultant package is deposited in the parent directory. You can install it by doing:
dpkg -i ../unbound_1.2.1-0ubuntu1_i386.deb
If all goes well you should be able to install this package on other i386 Ubuntu Hardy systems as needed.