Category Archives: Security

Trusted TLS with Postfix

If you’re seeing a lot of messages about untrusted TLS connections in your mail log when running postfix like this…

Untrusted TLS connection established to ASPMX.L.GOOGLE.com[172.217.197.27]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

… there’s a pretty easy fix.

Continue reading
Related posts ...
Although not directly supported, it's quite possible to use the LetsEncrypt certbot client on Amazon
We bit the bullet ... we got iPhones.   Our Verizon cell phone contract has
With my recent migration of servers from my basement to Amazon cloud servers, I had
Here's a tip for internet domain owners: Make sure the contact information for your domain

Postmaster Resources

This post is as much to help me remember as it is to help other people.

Below is a list (not comprehensive) of the postmaster resource pages for some of the major email providers.

Microsoft / Outlook https://postmaster.outlook.com
Google https://postmaster.google.com/
Yahoohttps://help.yahoo.com/kb/postmaster
Comcasthttps://postmaster.comcast.net/
AOL https://postmaster.aol.com/

On these sites you can get information about how the provider handles spam, feedback loops, blacklists, whitelists, etc.

Very useful for those managing mailing list servers.




Related posts ...
Here we have an example of a very lazy blog spammer. At least put some
Back in October of 2012 I devised a way of blocking abuse of my mailing
Most ISP's and network providers have specific email addresses that you can report abuse to.
A while ago I added a new anti-spam technique to my mail server setup called

Protecting domains from spammers

Spammers quite often ‘spoof’, or fake, the from address of an email.

As a result of this, many unsuspecting domain owners are being ‘blamed’ for spam that appears to come from their domain.

Fortunately, there is a relatively easy way to protect your domain from this: Publish DMARC policies.

If you are publishing SPF records and signing your email with DKIM, you can publish DMARC policies that tell receiving mail servers what do with emails that don’t align with the SPF and DKIM information.

SPF policies are DNS records that indicate what mail servers your mail is sent from.

DKIM is a way to add digital signatures to your email so that receiving mail servers can verify it was sent from an authorized source and that it wasn’t modified in transit.

Now what if you have a domain that you NEVER send email from?

Protecting those domains from being used in spam is even easier.

Continue reading

Related posts ...
I really wish there was a way to indicate, in DNS, that a domain never

(Read this entire post, as there is a very weird problem described later) It's been

Well, our good friends at Yahoo are at it again. Once again they are deferring

Most ISP's and network providers have specific email addresses that you can report abuse to.

WordPress Under Attack

If you run a wordpress blog, you really should  be aware that there is a global attack on wordpress blogs going on.

It’s coming from a bot net and is an attempt to find blogs that have their admin account enabled with easy to guess passwords.

I noticed the attack a couple of months ago when, while watching my web server log scrolling by, I noticed a significant number of attempts to use the wp-login.php script from random IP addresses.

A bit of research turned up information on the global attack.

Obviously I wanted to do something about it to protect my server.

Continue reading

Related posts ...
Sorry it took so long, but other things had a higher priority. I finally got

Folks, this is just a warning for those of you who might be considering using

OK, this is a bit of a stretch ... but the connection between IBM i

I'm in the process of experimenting with the multi-site capability of WordPress. This allows me

Spontaneous Security

Over the holiday weekend, I experienced the ultimate computer security mechanism:

“Spontaneous Security”

I was using my new Dell Latitude E6420 to do some network reconfiguration when the machine started acting weird with regard to the network.

Since this machine runs Windows 7, I decided to just reboot it to clear the network configuration.

After I restarted the machine I was asked for a password by the BIOS.

The odd thing was … I never set a BIOS password.

Continue reading

Related posts ...
Back in October of 2012 I devised a way of blocking abuse of my mailing

OK, I've had this phone a few weeks ... time for me to list some

By now everyone's probably heard about the data breach at Epsilon ... which resulted in

What a pain ... Discover card has issued Ginny and I new cards with new

Good Deed

This morning the SSH scan detector software that I run (DenyHosts) sent me an email indicating that it had detected a SSH scan and blocked the host.

The host name it reported did not appear to be a dynamic host (like those usually assigned by DSL provider), so did a little digging to identify who owned the system.

I notified Terry about the problem … and they replied …

I just checked the .100 address and found that I had (in an unbelievable amount of stupidity) left a test account on the system, and someone from Italy was actively engaged in running an SSH scan from that account. I contacted their ISP, hopefully they will do something about it. I removed the account, and will be taking the machine down momentarily to be rebuilt after I back some data off of it. How embarrassing. Thanks for letting me know. I suppose it is time for me to install that bridging firewall running snort I’ve been meaning to build… gah!

Glad I could help, Terry. Chalk one up for the good guys.

[tags]ssh, security, linux[/tags]

Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log

This post is as much to help me remember as it is to help other

Spammers quite often 'spoof', or fake, the from address of an email. As a result

If you run a wordpress blog, you really should  be aware that there is a