Re: Problems with Attachments

From owner-fwtk-users@ex.tis.com Tue May 1 08:07 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA02435 Tue, 1 May 2001 08:07:50 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id FAA11687; Tue, 1 May 2001 05:12:02 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 1 May 2001 04:40:11 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id EAA10301 for fwtk-users-outgoing; Tue, 1 May 2001 04:39:55 -0700 (PDT) Message-Id: <5.1.0.14.0.20010430183440.049ed230@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 30 Apr 2001 18:35:56 -0400 To: dhamm@itrepro.com, fwtk From: Rick Murphy Subject: Re: smap startup problem In-Reply-To: <01043015185000.14717@workbox.atlanta.itserve.com> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 776 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 03:17 PM 4/30/01 -0400, David Hamm wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >When I run smap I get the following errors in my /var/log/messages file. Any >suggestions? >Apr 30 15:17:20 workbox smap[14987]: getpeername failed: Socket operation >on non-socket >Apr 30 15:17:20 workbox smap[14987]: cannot get remote host You're running smap without "-daemon" - in that case, it expects to accept a network connection on stdin, which fails because stdin isn't a socket. Run it from your inetd.conf, or with "-daemon". -Rick From owner-fwtk-users@ex.tis.com Tue May 1 20:32 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id UAA03861 Tue, 1 May 2001 20:32:53 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id RAA11326; Tue, 1 May 2001 17:37:05 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 1 May 2001 17:01:50 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id RAA08878 for fwtk-users-outgoing; Tue, 1 May 2001 17:01:34 -0700 (PDT) Message-ID: <000001c0d29b$1e349420$47a5dfcf@co.iai.com> From: "skibum" To: Subject: Mail with ISPs Date: Sun, 29 Apr 2001 10:24:00 -0600 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="----=_NextPart_000_0023_01C0D096.81E2A540" Content-Length: 1287 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. ------=_NextPart_000_0023_01C0D096.81E2A540 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello. I have a newbie question. How do you set up fwtk to retrieve = email from an ISP mail server through the firewall to a client machine = on my internal network? ------=_NextPart_000_0023_01C0D096.81E2A540 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello. I have a newbie = question. How do=20 you set up fwtk to retrieve email from an ISP mail server through the = firewall=20 to a client machine on my internal network?

------=_NextPart_000_0023_01C0D096.81E2A540-- NetZero Platinum No Banner Ads and Unlimited Access Sign Up Today - Only $9.95 per month! http://www.netzero.net From owner-fwtk-users@ex.tis.com Tue May 1 21:30 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id VAA03955 Tue, 1 May 2001 21:30:12 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id SAA14439; Tue, 1 May 2001 18:34:24 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 1 May 2001 18:01:57 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id SAA12826 for fwtk-users-outgoing; Tue, 1 May 2001 18:01:41 -0700 (PDT) Message-ID: <732FB479F0E0D311B3710001FA7EC292898E4E@condor2.f22ctf.edwards.af.mil> From: Chavez Chris Contr 411 FLTS/TSF To: "'fwtk-users@lists.nai.com'" Subject: RE: Mail with ISPs Date: Tue, 1 May 2001 18:02:16 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0D2A3.87A95E60" Content-Length: 5004 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0D2A3.87A95E60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, =20 I am using plug-gw on 9110 and 9111 for pop3 and smtp respectively. = Here's where I got the information for the setup on the faq page. =20 =20 Add a line to the netperm-table such as this and point your browsers to = the firewall: =20 plug-gw: port popmail my.domain.* -plug-to pop.server.B -port = popmail Also make sure that you add "popmail 110/tcp" to /etc/services and the appropriate line to /etc/inetd.conf or /etc/rc, if necessary. =20 You can also look at cmd-gw, available in the FWTK patches at http://www.fwtk.org . =20 Some things to think about: =20 1. pop3 sends usernames and passwords in the clear. You might want = to consider APOP =20 2. Unless you know the IP/hostname of the outside users and they = are fixed, you could be opening your internal pop3 server to access from = the outside. =20 =20 =20 ___________________________________________________=20 .~. Chris Ch=E1vez=20 /V\ =20 // \\ =20 /( )\=20 ^^-^^=20 -----Original Message----- From: skibum [mailto:skibum@netzero.net] Sent: Sunday, April 29, 2001 9:24 AM To: fwtk-users@lists.nai.com Subject: Mail with ISPs Hello. I have a newbie question. How do you set up fwtk to retrieve = email from an ISP mail server through the firewall to a client machine on my internal network? ------_=_NextPart_001_01C0D2A3.87A95E60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hello,

I am=20 using plug-gw on 9110 and 9111 for pop3 and smtp respectively. = Here's=20 where I got the information for the setup on the faq page. =20

Add a line to the=20 netperm-table such as this and point your browsers to the = firewall: =20

    plug-gw: port popmail my.domain.* = -plug-to =20 pop.server.B -port popmail
Also make sure that you add = "popmail=20 110/tcp" to /etc/services and the appropriate line to = /etc/inetd.conf=20 or /etc/rc, if necessary.
You can also look at = cmd-gw,=20 available in the FWTK patches at http://www.fwtk.org.
Some = things to=20 think about:
    1. pop3 sends usernames and = passwords=20 in the clear. You might want to consider APOP =
   =20 2. Unless you know the IP/hostname of the outside users and they are = fixed, you=20 could be opening your internal pop3 server to access from the = outside. =20

___________________________________________________ =
.~.   Chris = Ch=E1vez
= /V\
// \\
/(   )\
^^-^^

-----Original Message-----
From: skibum=20 [mailto:skibum@netzero.net]
Sent: Sunday, April 29, 2001 = 9:24=20 AM
To: fwtk-users@lists.nai.com
Subject: Mail = with=20 ISPs

Hello. I have a newbie = question. How=20 do you set up fwtk to retrieve email from an ISP mail server through = the=20 firewall to a client machine on my internal=20 network?

------_=_NextPart_001_01C0D2A3.87A95E60-- From owner-fwtk-users@ex.tis.com Tue May 1 22:01 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id WAA04034 Tue, 1 May 2001 22:01:48 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id TAA16474; Tue, 1 May 2001 19:05:58 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 1 May 2001 18:32:57 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id SAA14352 for fwtk-users-outgoing; Tue, 1 May 2001 18:32:41 -0700 (PDT) Message-ID: <732FB479F0E0D311B3710001FA7EC292898E4F@condor2.f22ctf.edwards.af.mil> From: Chavez Chris Contr 411 FLTS/TSF To: "'fwtk-users@lists.nai.com'" Subject: RE: Mail with ISPs Date: Tue, 1 May 2001 18:33:14 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0D2A7.DB75DD80" Content-Length: 6258 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0D2A7.DB75DD80 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable There's a better one on the www.fwtk.org/main.html and go to docs/tutorials and there is = a "pop mail" tutorial which is quite helpful. -----Original Message----- From: Chavez Chris Contr 411 FLTS/TSF [mailto:Chris.Chavez@f22ctf.edwards.af.mil] Sent: Tuesday, May 01, 2001 6:02 PM To: 'fwtk-users@lists.nai.com' Subject: RE: Mail with ISPs Hello, =20 I am using plug-gw on 9110 and 9111 for pop3 and smtp respectively. = Here's where I got the information for the setup on the faq page. =20 =20 Add a line to the netperm-table such as this and point your browsers to = the firewall: =20 plug-gw: port popmail my.domain.* -plug-to pop.server.B -port = popmail Also make sure that you add "popmail 110/tcp" to /etc/services and the appropriate line to /etc/inetd.conf or /etc/rc, if necessary. =20 You can also look at cmd-gw, available in the FWTK patches at http://www.fwtk.org . =20 Some things to think about: =20 1. pop3 sends usernames and passwords in the clear. You might want = to consider APOP =20 2. Unless you know the IP/hostname of the outside users and they = are fixed, you could be opening your internal pop3 server to access from = the outside. =20 =20 =20 ___________________________________________________=20 .~. Chris Ch=E1vez=20 /V\ =20 // \\ =20 /( )\=20 ^^-^^=20 -----Original Message----- From: skibum [mailto:skibum@netzero.net] Sent: Sunday, April 29, 2001 9:24 AM To: fwtk-users@lists.nai.com Subject: Mail with ISPs Hello. I have a newbie question. How do you set up fwtk to retrieve = email from an ISP mail server through the firewall to a client machine on my internal network? ------_=_NextPart_001_01C0D2A7.DB75DD80 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

There's a better one on the www.fwtk.org/main.html and = go to=20 docs/tutorials and there is a "pop mail" tutorial which is quite=20 helpful.

-----Original Message-----
From: Chavez Chris = Contr 411=20 FLTS/TSF [mailto:Chris.Chavez@f22ctf.edwards.af.mil]
Sent: = Tuesday,=20 May 01, 2001 6:02 PM
To:=20 'fwtk-users@lists.nai.com'
Subject: RE: Mail with=20 ISPs

Hello,

I am=20 using plug-gw on 9110 and 9111 for pop3 and smtp respectively. = Here's=20 where I got the information for the setup on the faq page. =20

Add=20 a line to the netperm-table such as this and point your = browsers to the=20 firewall:
    plug-gw: port popmail my.domain.* = -plug-to =20 pop.server.B -port popmail
Also make sure that you add = "popmail=20 110/tcp" to /etc/services and the appropriate line to=20 /etc/inetd.conf or /etc/rc, if necessary.
You = can also=20 look at cmd-gw, available in the FWTK patches at http://www.fwtk.org.
Some = things to=20 think about:
    1. pop3 sends usernames and = passwords in the clear. You might want to consider APOP =20
    2. Unless you know the IP/hostname of the = outside users=20 and they are fixed, you could be opening your internal pop3 server to = access=20 from the outside.

___________________________________________________ =
.~.   Chris = Ch=E1vez
= /V\
// \\
/(   )\
^^-^^

-----Original Message-----
From: skibum=20 [mailto:skibum@netzero.net]
Sent: Sunday, April 29, 2001 = 9:24=20 AM
To: fwtk-users@lists.nai.com
Subject: Mail = with=20 ISPs

Hello. I have a newbie = question. =20 How do you set up fwtk to retrieve email from an ISP mail server = through the=20 firewall to a client machine on my internal=20 network?

------_=_NextPart_001_01C0D2A7.DB75DD80-- From owner-fwtk-users@ex.tis.com Wed May 2 12:22 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA06014 Wed, 2 May 2001 12:22:47 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id JAA02708; Wed, 2 May 2001 09:26:54 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 2 May 2001 08:52:13 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id IAA27618 for fwtk-users-outgoing; Wed, 2 May 2001 08:51:57 -0700 (PDT) From: "Luis Fernando Barrera" To: Subject: Problems with Attachments Date: Wed, 2 May 2001 09:51:08 -0600 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="----=_NextPart_000_000D_01C0D2ED.69C51660" Content-Length: 3429 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. ------=_NextPart_000_000D_01C0D2ED.69C51660 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Hi, I've been using smap for a while now, but recently I had some problems with the email attachments... The problem is that sometimes when you try to open an attachment, the Outlook client says that it could not open the file because is codified in a non-understandable format... I know the codification problems are usual related to the mail clients, but I've noticed that if a file is sent to one of my users and also to others users outside my network, these receive the attachment well, but my users don't... Any ideas or experiences with this problem? Luis Fernando Barrera luba@assist.com.gt ------=_NextPart_000_000D_01C0D2ED.69C51660 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi,

I've = been using smap=20 for a while now, but recently I had some problems = with

the = email=20 attachments...

The = problem is that=20 sometimes when you try to open an attachment, the Outlook=20 client

says = that it could=20 not open the file because is codified in a non-understandable=20 format...

I know = the=20 codification problems are usual related to the mail clients, but I've = noticed=20 that

if a = file is sent to=20 one of my users and also to others users outside my network, these = receive=20 the

attachment well, but=20 my users don't...

Any = ideas or=20 experiences with this problem?

Luis Fernando Barrera
luba@assist.com.gt=20

------=_NextPart_000_000D_01C0D2ED.69C51660-- From owner-fwtk-users@ex.tis.com Wed May 2 17:26 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA06914 Wed, 2 May 2001 17:26:52 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA22439; Wed, 2 May 2001 14:31:00 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 2 May 2001 13:56:41 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id NAA15621 for fwtk-users-outgoing; Wed, 2 May 2001 13:56:24 -0700 (PDT) Date: Wed, 2 May 2001 16:55:16 -0400 (EDT) From: Ted Keller To: Luis Fernando Barrera cc: Subject: Re: Problems with Attachments In-Reply-To: Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 924 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Luis, Do you happen to have the smapd patch that runs sendmail with the -if switch? ted keller On Wed, 2 May 2001, Luis Fernando Barrera wrote: > Hi, > > I've been using smap for a while now, but recently I had some problems with > the email attachments... > > The problem is that sometimes when you try to open an attachment, the > Outlook client > says that it could not open the file because is codified in a > non-understandable format... > > I know the codification problems are usual related to the mail clients, but > I've noticed that > if a file is sent to one of my users and also to others users outside my > network, these receive the > attachment well, but my users don't... > > Any ideas or experiences with this problem? > > > Luis Fernando Barrera > luba@assist.com.gt > > From owner-fwtk-users@ex.tis.com Wed May 2 17:53 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA06991 Wed, 2 May 2001 17:53:33 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA28523; Wed, 2 May 2001 14:57:48 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 2 May 2001 14:23:05 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id OAA21012 for fwtk-users-outgoing; Wed, 2 May 2001 14:22:46 -0700 (PDT) From: "Luis Fernando Barrera" To: "Ted Keller" Cc: Subject: RE: Problems with Attachments Date: Wed, 2 May 2001 15:22:03 -0600 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 1393 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Nope, I uses the original smap 2.1... However I have another installation with smtpd/smtpfwdd, which also happens to have the same problem... Luis Fernando Barrera luba@assist.com.gt > -----Original Message----- > From: Ted Keller [mailto:keller@bfg.com] > Sent: Wednesday, May 02, 2001 2:55 PM > To: Luis Fernando Barrera > Cc: fwtk-users@lists.nai.com > Subject: Re: Problems with Attachments > > > Luis, > > Do you happen to have the smapd patch that runs sendmail with the -if > switch? > > ted keller > > > On Wed, 2 May 2001, Luis Fernando Barrera wrote: > > > Hi, > > > > I've been using smap for a while now, but recently I had some > problems with > > the email attachments... > > > > The problem is that sometimes when you try to open an attachment, the > > Outlook client > > says that it could not open the file because is codified in a > > non-understandable format... > > > > I know the codification problems are usual related to the mail > clients, but > > I've noticed that > > if a file is sent to one of my users and also to others users outside my > > network, these receive the > > attachment well, but my users don't... > > > > Any ideas or experiences with this problem? > > > > > > Luis Fernando Barrera > > luba@assist.com.gt > > > > From owner-fwtk-users@ex.tis.com Wed May 2 18:34 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id SAA07101 Wed, 2 May 2001 18:34:26 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id PAA04721; Wed, 2 May 2001 15:38:40 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 2 May 2001 15:05:23 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id PAA29514 for fwtk-users-outgoing; Wed, 2 May 2001 15:05:07 -0700 (PDT) From: "Luis Fernando Barrera" To: "Mike Ingram" , Subject: RE: Problems with Attachments Date: Wed, 2 May 2001 16:04:25 -0600 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="----=_NextPart_000_0002_01C0D321.8F2CBFF0" Content-Length: 8559 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This is a multi-part message in MIME format. ------=_NextPart_000_0002_01C0D321.8F2CBFF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Re: Problems with AttachmentsAll my mail clients, use MS Outlook 2000... If I understad well, this TNEF problem only applies if I read the email messages using something else, like Eudora, right? Luis -----Original Message----- From: Mike Ingram [mailto:ingramm@nemesis.tucson.saic.com] Sent: Wednesday, May 02, 2001 3:27 PM To: fwtk-users@lists.nai.com; luba@assist.com.gt Subject: Re: Problems with Attachments I've been running smap for six years or so, and have never identified smap as having caused an attachment problem. 9 times out of 10, the sending program is some kind of Microsoft system and it's not properly configured so that it either sends a TNEF file that nobody else can read, or it decides to just simply not even send the attachment.... Result is that other people on other MS based systems get the attachment just fine, and since we're running SMAP/SMTP, the attachment never got sent to us... (makes it hard to decode when you don't get it ;-) I would proceed by getting a copy of one of the "bad" messages before it ever gets to the pc/outlook program.. do an "od" on the header and see exactly what you've been sent.. that'll give you a better handle on what type of decoder you need. Also try to capture a copy of it before it ever goes through the firewall.. maybe have someone that is having the problem ask the sender to send a copy to you to addresses on both sides of your firewall.... again, do an "od" and see what they REALLY sent ( and do it on unix using a really simple Mail program so you will know exactly what they sent you and not what so pc "thought" was sent !! ) Then you'll know a bit more.... An older MS KB article Q185894 described the MS TNEF problem.... a program called "fentun" deals nicely with TNEF files... If you're still not figuring it out, post a bit of the header.... Mike Hi, I've been using smap for a while now, but recently I had some problems with the email attachments... The problem is that sometimes when you try to open an attachment, the Outlook client says that it could not open the file because is codified in a non-understandable format... I know the codification problems are usual related to the mail clients, but I've noticed that if a file is sent to one of my users and also to others users outside my network, these receive the attachment well, but my users don't... Any ideas or experiences with this problem? Luis Fernando Barrera luba@assist.com.gt ------=_NextPart_000_0002_01C0D321.8F2CBFF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Re: Problems with Attachments

All my=20 mail clients, use MS Outlook 2000... If I understad well, this TNEF=20 problem

only=20 applies if I read the email messages using something else, like Eudora,=20 right?

Luis

-----Original Message-----
From: Mike Ingram=20 [mailto:ingramm@nemesis.tucson.saic.com]
Sent: Wednesday, = May 02,=20 2001 3:27 PM
To: fwtk-users@lists.nai.com;=20 luba@assist.com.gt
Subject: Re: Problems with=20 Attachments

I've been running smap for six years or so, and have never = identified=20 smap as having caused an attachment problem. 9 times out of 10, = the=20 sending program is some kind of Microsoft system and it's not properly = configured so that it either sends a TNEF file that nobody else can = read, or=20 it decides to just simply not even send the attachment.... = Result=20 is that other people on other MS based systems get the attachment just = fine,=20 and since we're running SMAP/SMTP, the attachment never got sent to=20 us... (makes it hard to decode when you don't get it ;-)

I would proceed by getting a copy of one of the "bad" messages = before it=20 ever gets to the pc/outlook program.. do an "od" on the header = and see=20 exactly what you've been sent.. that'll give you a better handle on = what type=20 of decoder you need.

Also try to capture a copy of it before it ever goes through the=20 firewall.. maybe have someone that is having the problem ask the = sender to=20 send a copy to you to addresses on both sides of your firewall.... = again, do=20 an "od" and see what they REALLY sent ( and do it on unix using a = really=20 simple Mail program so you will know exactly what they sent you and = not what=20 so pc "thought" was sent !! )

Then you'll know a bit more....

An older MS KB article Q185894 described the MS TNEF = problem....

a program called "fentun" deals nicely with TNEF files...

If you're still not figuring it out, post a bit of the = header....

Mike

Hi,

I've been = using smap=20 for a while now, but recently I had some problems = with

the email=20 attachments...

The = problem is that=20 sometimes when you try to open an attachment, the Outlook=20 client

says that = it could not=20 open the file because is codified in a non-understandable=20 format...

I know the = codification problems are usual related to the mail clients, but = I've=20 noticed that

if a file = is sent to=20 one of my users and also to others users outside my network, these = receive=20 the

attachment = well, but=20 my users don't...

Any ideas = or=20 experiences with this problem?

Luis Fernando=20 Barrera
luba@assist.com.gt

------=_NextPart_000_0002_01C0D321.8F2CBFF0-- From owner-fwtk-users@ex.tis.com Wed May 2 19:07 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id TAA07141 Wed, 2 May 2001 19:07:57 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id QAA10196; Wed, 2 May 2001 16:12:12 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 2 May 2001 15:38:42 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id PAA04694 for fwtk-users-outgoing; Wed, 2 May 2001 15:38:26 -0700 (PDT) Message-ID: From: "South, Harold" To: "'Luis Fernando Barrera'" , Ted Keller Cc: fwtk-users@lists.nai.com Subject: RE: Problems with Attachments Date: Wed, 2 May 2001 15:37:42 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 1776 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Where can you find the smtpd/smtpfwdd daemons ? -----Original Message----- From: Luis Fernando Barrera [mailto:luba@assist.com.gt] Sent: Wednesday, May 02, 2001 2:22 PM To: Ted Keller Cc: fwtk-users@lists.nai.com Subject: RE: Problems with Attachments [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Nope, I uses the original smap 2.1... However I have another installation with smtpd/smtpfwdd, which also happens to have the same problem... Luis Fernando Barrera luba@assist.com.gt > -----Original Message----- > From: Ted Keller [mailto:keller@bfg.com] > Sent: Wednesday, May 02, 2001 2:55 PM > To: Luis Fernando Barrera > Cc: fwtk-users@lists.nai.com > Subject: Re: Problems with Attachments > > > Luis, > > Do you happen to have the smapd patch that runs sendmail with the -if > switch? > > ted keller > > > On Wed, 2 May 2001, Luis Fernando Barrera wrote: > > > Hi, > > > > I've been using smap for a while now, but recently I had some > problems with > > the email attachments... > > > > The problem is that sometimes when you try to open an attachment, the > > Outlook client > > says that it could not open the file because is codified in a > > non-understandable format... > > > > I know the codification problems are usual related to the mail > clients, but > > I've noticed that > > if a file is sent to one of my users and also to others users outside my > > network, these receive the > > attachment well, but my users don't... > > > > Any ideas or experiences with this problem? > > > > > > Luis Fernando Barrera > > luba@assist.com.gt > > > > From owner-fwtk-users@ex.tis.com Wed May 2 23:51 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id XAA07644 Wed, 2 May 2001 23:51:34 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id UAA02996; Wed, 2 May 2001 20:55:50 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 2 May 2001 20:20:23 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id UAA00944 for fwtk-users-outgoing; Wed, 2 May 2001 20:20:07 -0700 (PDT) Date: Wed, 2 May 2001 23:19:40 -0400 (EDT) From: Ted Keller To: Luis Fernando Barrera cc: Subject: RE: Problems with Attachments In-Reply-To: Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1705 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] You may want to apply the smapd patch. You may be truncating some attachments - hence giving you the errors you are seeing. Just a thought. ted keller On Wed, 2 May 2001, Luis Fernando Barrera wrote: > Nope, > > I uses the original smap 2.1... > > However I have another installation with smtpd/smtpfwdd, which also > happens to have the same problem... > > Luis Fernando Barrera > luba@assist.com.gt > > > > -----Original Message----- > > From: Ted Keller [mailto:keller@bfg.com] > > Sent: Wednesday, May 02, 2001 2:55 PM > > To: Luis Fernando Barrera > > Cc: fwtk-users@lists.nai.com > > Subject: Re: Problems with Attachments > > > > > > Luis, > > > > Do you happen to have the smapd patch that runs sendmail with the -if > > switch? > > > > ted keller > > > > > > On Wed, 2 May 2001, Luis Fernando Barrera wrote: > > > > > Hi, > > > > > > I've been using smap for a while now, but recently I had some > > problems with > > > the email attachments... > > > > > > The problem is that sometimes when you try to open an attachment, the > > > Outlook client > > > says that it could not open the file because is codified in a > > > non-understandable format... > > > > > > I know the codification problems are usual related to the mail > > clients, but > > > I've noticed that > > > if a file is sent to one of my users and also to others users outside my > > > network, these receive the > > > attachment well, but my users don't... > > > > > > Any ideas or experiences with this problem? > > > > > > > > > Luis Fernando Barrera > > > luba@assist.com.gt > > > > > > > > From owner-fwtk-users@ex.tis.com Thu May 3 01:17 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id BAA07814 Thu, 3 May 2001 01:17:31 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id WAA06866; Wed, 2 May 2001 22:21:46 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 2 May 2001 21:48:30 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id UAA00944 for fwtk-users-outgoing; Wed, 2 May 2001 20:20:07 -0700 (PDT) Date: Wed, 2 May 2001 23:19:40 -0400 (EDT) From: Ted Keller To: Luis Fernando Barrera cc: Subject: RE: Problems with Attachments In-Reply-To: Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1705 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] You may want to apply the smapd patch. You may be truncating some attachments - hence giving you the errors you are seeing. Just a thought. ted keller On Wed, 2 May 2001, Luis Fernando Barrera wrote: > Nope, > > I uses the original smap 2.1... > > However I have another installation with smtpd/smtpfwdd, which also > happens to have the same problem... > > Luis Fernando Barrera > luba@assist.com.gt > > > > -----Original Message----- > > From: Ted Keller [mailto:keller@bfg.com] > > Sent: Wednesday, May 02, 2001 2:55 PM > > To: Luis Fernando Barrera > > Cc: fwtk-users@lists.nai.com > > Subject: Re: Problems with Attachments > > > > > > Luis, > > > > Do you happen to have the smapd patch that runs sendmail with the -if > > switch? > > > > ted keller > > > > > > On Wed, 2 May 2001, Luis Fernando Barrera wrote: > > > > > Hi, > > > > > > I've been using smap for a while now, but recently I had some > > problems with > > > the email attachments... > > > > > > The problem is that sometimes when you try to open an attachment, the > > > Outlook client > > > says that it could not open the file because is codified in a > > > non-understandable format... > > > > > > I know the codification problems are usual related to the mail > > clients, but > > > I've noticed that > > > if a file is sent to one of my users and also to others users outside my > > > network, these receive the > > > attachment well, but my users don't... > > > > > > Any ideas or experiences with this problem? > > > > > > > > > Luis Fernando Barrera > > > luba@assist.com.gt > > > > > > > > From owner-fwtk-users@ex.tis.com Thu May 3 08:12 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA08780 Thu, 3 May 2001 08:12:15 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id FAA27655; Thu, 3 May 2001 05:16:31 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 3 May 2001 04:45:00 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id EAA25010 for fwtk-users-outgoing; Thu, 3 May 2001 04:44:44 -0700 (PDT) X-Authentication-Warning: gatespass.tucson.saic.com: adm set sender to using -f Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Wed, 2 May 2001 15:31:57 -0700 To: Luis Fernando Barrera From: Mike Ingram Subject: RE: Problems with Attachments Cc: fwtk-users@lists.nai.com Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="============_-1223279774==_ma============" Content-Length: 6767 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] --============_-1223279774==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" no, we had the same problem with Outlook clients & Eudora clients... Since Outlook and Eudora clients in your setup and mine are on the "inside" side of a SMAP/SMTP firewall, the exchange system doesn't quite seem them as being "exchange" users and trys to treat them as "internet" users and then goes off and does stupid things ( like not send the attachment or not send it as a MIME or uuencode attachment and sends TNEF ) Fixing some user prefs per the article always fixed the problem... might not be what you're seeing.... but it's a thought. Mike >All my mail clients, use MS Outlook 2000... If I understad well, >this TNEF problem >only applies if I read the email messages using something else, like >Eudora, right? > >Luis > > > >-----Original Message----- >From: Mike Ingram [mailto:ingramm@nemesis.tucson.saic.com] >Sent: Wednesday, May 02, 2001 3:27 PM >To: fwtk-users@lists.nai.com; luba@assist.com.gt >Subject: Re: Problems with Attachments > >I've been running smap for six years or so, and have never >identified smap as having caused an attachment problem. 9 times out >of 10, the sending program is some kind of Microsoft system and it's >not properly configured so that it either sends a TNEF file that >nobody else can read, or it decides to just simply not even send >the attachment.... Result is that other people on other MS based >systems get the attachment just fine, and since we're running >SMAP/SMTP, the attachment never got sent to us... (makes it hard to >decode when you don't get it ;-) > >I would proceed by getting a copy of one of the "bad" messages >before it ever gets to the pc/outlook program.. do an "od" on the >header and see exactly what you've been sent.. that'll give you a >better handle on what type of decoder you need. > >Also try to capture a copy of it before it ever goes through the >firewall.. maybe have someone that is having the problem ask the >sender to send a copy to you to addresses on both sides of your >firewall.... again, do an "od" and see what they REALLY sent ( and >do it on unix using a really simple Mail program so you will know >exactly what they sent you and not what so pc "thought" was sent !! ) > >Then you'll know a bit more.... > >An older MS KB article Q185894 described the MS TNEF problem.... > >a program called "fentun" deals nicely with TNEF files... > >If you're still not figuring it out, post a bit of the header.... > >Mike > > > > >>Hi, >> > > >I've been using smap for a while now, but recently I had some problems with > >the email attachments... > > > >The problem is that sometimes when you try to open an attachment, >the Outlook client > >says that it could not open the file because is codified in a >non-understandable format... > > > >I know the codification problems are usual related to the mail >clients, but I've noticed that > >if a file is sent to one of my users and also to others users >outside my network, these receive the > >attachment well, but my users don't... > > > >Any ideas or experiences with this problem? > > > > > > >Luis Fernando Barrera >luba@assist.com.gt --============_-1223279774==_ma============ Content-Type: text/html; charset="us-ascii" no, we had the same problem with Outlook clients & Eudora clients... Since Outlook and Eudora clients in your setup and mine are on the "inside" side of a SMAP/SMTP firewall, the exchange system doesn't quite seem them as being "exchange" users and trys to treat them as "internet" users and then goes off and does stupid things ( like not send the attachment or not send it as a MIME or uuencode attachment and sends TNEF ) Fixing some user prefs per the article always fixed the problem... might not be what you're seeing.... but it's a thought. Mike >All my mail clients, use MS Outlook 2000... If I understad well, this TNEF problem >only applies if I read the email messages using something else, like Eudora, right? > >Luis > > >>-----Original Message----- >>From: Mike Ingram [mailto:ingramm@nemesis.tucson.saic.com] >>Sent: Wednesday, May 02, 2001 3:27 PM >>To: fwtk-users@lists.nai.com; luba@assist.com.gt >>Subject: Re: Problems with Attachments >> >>I've been running smap for six years or so, and have never identified smap as having caused an attachment problem. 9 times out of 10, the sending program is some kind of Microsoft system and it's not properly configured so that it either sends a TNEF file that nobody else can read, or it decides to just simply not even send the attachment.... Result is that other people on other MS based systems get the attachment just fine, and since we're running SMAP/SMTP, the attachment never got sent to us... (makes it hard to decode when you don't get it ;-) >>I would proceed by getting a copy of one of the "bad" messages before it ever gets to the pc/outlook program.. do an "od" on the header and see exactly what you've been sent.. that'll give you a better handle on what type of decoder you need. >> >>Also try to capture a copy of it before it ever goes through the firewall.. maybe have someone that is having the problem ask the sender to send a copy to you to addresses on both sides of your firewall.... again, do an "od" and see what they REALLY sent ( and do it on unix using a really simple Mail program so you will know exactly what they sent you and not what so pc "thought" was sent !! ) >> >>Then you'll know a bit more.... >> >>An older MS KB article Q185894 described the MS TNEF problem.... >> >>a program called "fentun" deals nicely with TNEF files... >> >>If you're still not figuring it out, post a bit of the header.... >> >>Mike >> >>>Hi, >> >> >>I've been using smap for a while now, but recently I had some problems with >> >>the email attachments... >> >> >> >>The problem is that sometimes when you try to open an attachment, the Outlook client >> >>says that it could not open the file because is codified in a non-understandable format... >> >> >> >>I know the codification problems are usual related to the mail clients, but I've noticed that >> >>if a file is sent to one of my users and also to others users outside my network, these receive the >> >>attachment well, but my users don't... >> >> >> >>Any ideas or experiences with this problem? >> >> >> >> >> >>Luis Fernando Barrera >>luba@assist.com.gt > >--============_-1223279774==_ma============-- From owner-fwtk-users@ex.tis.com Thu May 3 08:12 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA08781 Thu, 3 May 2001 08:12:15 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id FAA27659; Thu, 3 May 2001 05:16:31 -0700 (PDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 3 May 2001 04:44:03 -0700 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id EAA24949 for fwtk-users-outgoing; Thu, 3 May 2001 04:43:46 -0700 (PDT) X-Authentication-Warning: gatespass.tucson.saic.com: adm set sender to using -f Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Wed, 2 May 2001 14:26:36 -0700 To: fwtk-users@lists.nai.com, luba@assist.com.gt From: Mike Ingram Subject: Re: Problems with Attachments Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="============_-1223283694==_ma============" Content-Length: 4600 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] --============_-1223283694==_ma============ Content-Type: text/plain; charset="us-ascii" ; format="flowed" I've been running smap for six years or so, and have never identified smap as having caused an attachment problem. 9 times out of 10, the sending program is some kind of Microsoft system and it's not properly configured so that it either sends a TNEF file that nobody else can read, or it decides to just simply not even send the attachment.... Result is that other people on other MS based systems get the attachment just fine, and since we're running SMAP/SMTP, the attachment never got sent to us... (makes it hard to decode when you don't get it ;-) I would proceed by getting a copy of one of the "bad" messages before it ever gets to the pc/outlook program.. do an "od" on the header and see exactly what you've been sent.. that'll give you a better handle on what type of decoder you need. Also try to capture a copy of it before it ever goes through the firewall.. maybe have someone that is having the problem ask the sender to send a copy to you to addresses on both sides of your firewall.... again, do an "od" and see what they REALLY sent ( and do it on unix using a really simple Mail program so you will know exactly what they sent you and not what so pc "thought" was sent !! ) Then you'll know a bit more.... An older MS KB article Q185894 described the MS TNEF problem.... a program called "fentun" deals nicely with TNEF files... If you're still not figuring it out, post a bit of the header.... Mike >Hi, > >I've been using smap for a while now, but recently I had some problems with >the email attachments... > >The problem is that sometimes when you try to open an attachment, >the Outlook client >says that it could not open the file because is codified in a >non-understandable format... > >I know the codification problems are usual related to the mail >clients, but I've noticed that >if a file is sent to one of my users and also to others users >outside my network, these receive the >attachment well, but my users don't... > >Any ideas or experiences with this problem? > > > >Luis Fernando Barrera >luba@assist.com.gt --============_-1223283694==_ma============ Content-Type: text/html; charset="us-ascii" I've been running smap for six years or so, and have never identified smap as having caused an attachment problem. 9 times out of 10, the sending program is some kind of Microsoft system and it's not properly configured so that it either sends a TNEF file that nobody else can read, or it decides to just simply not even send the attachment.... Result is that other people on other MS based systems get the attachment just fine, and since we're running SMAP/SMTP, the attachment never got sent to us... (makes it hard to decode when you don't get it ;-) I would proceed by getting a copy of one of the "bad" messages before it ever gets to the pc/outlook program.. do an "od" on the header and see exactly what you've been sent.. that'll give you a better handle on what type of decoder you need. Also try to capture a copy of it before it ever goes through the firewall.. maybe have someone that is having the problem ask the sender to send a copy to you to addresses on both sides of your firewall.... again, do an "od" and see what they REALLY sent ( and do it on unix using a really simple Mail program so you will know exactly what they sent you and not what so pc "thought" was sent !! ) Then you'll know a bit more.... An older MS KB article Q185894 described the MS TNEF problem.... a program called "fentun" deals nicely with TNEF files... If you're still not figuring it out, post a bit of the header.... Mike >Hi, > >I've been using smap for a while now, but recently I had some problems with >the email attachments... > >The problem is that sometimes when you try to open an attachment, the Outlook client >says that it could not open the file because is codified in a non-understandable format... > >I know the codification problems are usual related to the mail clients, but I've noticed that >if a file is sent to one of my users and also to others users outside my network, these receive the >attachment well, but my users don't... > >Any ideas or experiences with this problem? > > >Luis Fernando Barrera >luba@assist.com.gt --============_-1223283694==_ma============-- From owner-fwtk-users@ex.tis.com Wed May 9 02:36 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id CAA24637 Wed, 9 May 2001 02:36:30 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id BAA06732; Wed, 9 May 2001 01:40:54 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 01:05:52 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id BAA05065 for fwtk-users-outgoing; Wed, 9 May 2001 01:05:36 -0500 (CDT) Message-ID: From: Jason Smith To: "'fwtk-users@ex.tis.com'" Subject: Log Files Date: Wed, 9 May 2001 14:06:01 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 482 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At the moment I run a FreeBSD machine that acts as a firewall. I use IIS 5.0 as the webserver and i use the plug-gw to pass requests to the webserver. But in my webservers' log file it says that all requests come from the firewall (an internal address) how can i make it either send the correct ip address of the request or log it somewhere within BSD? From owner-fwtk-users@ex.tis.com Wed May 9 03:39 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id DAA24832 Wed, 9 May 2001 03:39:16 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id CAA10388; Wed, 9 May 2001 02:43:39 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 02:12:24 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id CAA08374 for fwtk-users-outgoing; Wed, 9 May 2001 02:12:08 -0500 (CDT) Message-ID: From: Jason Smith To: "'fwtk-users@ex.tis.com'" Subject: Log Files Date: Wed, 9 May 2001 15:12:38 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 482 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At the moment I run a FreeBSD machine that acts as a firewall. I use IIS 5.0 as the webserver and i use the plug-gw to pass requests to the webserver. But in my webservers' log file it says that all requests come from the firewall (an internal address) how can i make it either send the correct ip address of the request or log it somewhere within BSD? From owner-fwtk-users@ex.tis.com Wed May 9 05:11 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id FAA25048 Wed, 9 May 2001 05:11:44 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id EAA17608; Wed, 9 May 2001 04:16:05 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 03:44:30 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id DAA15535 for fwtk-users-outgoing; Wed, 9 May 2001 03:44:14 -0500 (CDT) Message-ID: <051101c0d864$b19a9100$7236a8c0@ibmbn1f23h> From: "Larry Moore" To: "Jason Smith" Cc: References: Subject: Re: Log Files Date: Wed, 9 May 2001 16:47:34 +0800 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 962 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Use IP-Filter within FreeBSD utilising the Redirect feature of the NAT configuration. You wouls also need to configure the IPF side of things too. Cheers, Larry. ----- Original Message ----- From: "Jason Smith" To: Sent: Wednesday, May 09, 2001 2:06 PM Subject: Log Files > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > At the moment I run a FreeBSD machine that acts as a firewall. I use IIS 5.0 > as the webserver and i use the plug-gw to pass requests to the webserver. > But in my webservers' log file it says that all requests come from the > firewall (an internal address) how can i make it either send the correct ip > address of the request or log it somewhere within BSD? > > From owner-fwtk-users@ex.tis.com Wed May 9 08:01 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA25496 Wed, 9 May 2001 08:01:20 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA25227; Wed, 9 May 2001 07:05:42 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 06:34:34 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA22936 for fwtk-users-outgoing; Wed, 9 May 2001 06:34:16 -0500 (CDT) From: aniket_madhav@chequemail.com Date: 9 May 2001 12:03:20 +0100 Message-ID: <20010509110320.11686.cpmta@c000.muc.cp.net> X-Sent: 9 May 2001 11:03:20 GMT Content-Disposition: inline Mime-Version: 1.0 To: jchappel@wrightandw.com Cc: fwtk-users@ex.tis.com, admin@sharpened.net X-Mailer: Web Mail 3.9.1.6 X-Sent-From: aniket_madhav@chequemail.com Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain Content-Length: 616 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I have designed an applet which works perfectly in appletviewer and Netscape, but not in Internet Explorer.In that applet, i have used button of awt package and used the setEnabled(boolean) and setDisable(boolean), it works perfectly in Netscape but in IE, it responds to mouseEvents when the button is disabled by b1.setEnabled(false) where b1 is the name of the Button. Thanks Aniket Chequemail.com - a free web based e-mail service that also pays!!! http://www.chequemail.com From owner-fwtk-users@ex.tis.com Wed May 9 11:13 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA25991 Wed, 9 May 2001 11:13:20 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA19385; Wed, 9 May 2001 10:17:43 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 09:45:39 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id JAA13888 for fwtk-users-outgoing; Wed, 9 May 2001 09:45:23 -0500 (CDT) Date: Wed, 9 May 2001 10:30:06 -0400 From: Joseph S D Yao To: Jason Smith Cc: "'fwtk-users@ex.tis.com'" Subject: Re: Log Files Message-Id: <20010509103006.B13125@washington.cospo.osis.gov> Mail-Followup-To: Jason Smith , "'fwtk-users@ex.tis.com'" References: Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: ; from jason.smith@clsglobal.com.au on Wed, May 09, 2001 at 02:06:01PM +0800 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1248 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Wed, May 09, 2001 at 02:06:01PM +0800, Jason Smith wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > At the moment I run a FreeBSD machine that acts as a firewall. I use IIS 5.0 > as the webserver and i use the plug-gw to pass requests to the webserver. > But in my webservers' log file it says that all requests come from the > firewall (an internal address) how can i make it either send the correct ip > address of the request or log it somewhere within BSD? It's stored in your FWTK logs. Your IIS is storing the "correct" address, since all IP transactions to it originate at the firewall, and all IP transactions from the outside world stop at your firewall. Having said which, one may hope that you have your IIS in a DMZ, and sre not making your internal network vulnerable. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Wed May 9 11:50 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA26120 Wed, 9 May 2001 11:50:57 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA29902; Wed, 9 May 2001 10:55:19 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 10:19:43 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA19671 for fwtk-users-outgoing; Wed, 9 May 2001 10:19:26 -0500 (CDT) X-Authentication-Warning: spider.usrconsult.be: mail set sender to using -f Message-ID: <3AF95C28.15A40F51@peaktime.be> Date: Wed, 09 May 2001 17:03:04 +0200 From: Michel Bardiaux Organization: Peaktime Belgium S.A. X-Mailer: Mozilla 4.73 [en] (WinNT; I) X-Accept-Language: en,fr MIME-Version: 1.0 To: "'fwtk-users@ex.tis.com'" Subject: Re: Log Files References: <20010509103006.B13125@washington.cospo.osis.gov> Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1115 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Joseph S D Yao wrote: > > On Wed, May 09, 2001 at 02:06:01PM +0800, Jason Smith wrote: > > At the moment I run a FreeBSD machine that acts as a firewall. I use IIS 5.0 > > as the webserver and i use the plug-gw to pass requests to the webserver. > > But in my webservers' log file it says that all requests come from the > > firewall (an internal address) how can i make it either send the correct ip > > address of the request or log it somewhere within BSD? > > It's stored in your FWTK logs. Your IIS is storing the "correct" > address, since all IP transactions to it originate at the firewall, and > all IP transactions from the outside world stop at your firewall. > Those incomplete logs on the web server are IMHO the prime PITA^H^H^H^Hproblem when using FWTK. Couldn't we have a brain storm on possible ways to circumvent that? -- Michel Bardiaux Peaktime Belgium S.A. Rue Margot, 37 B-1457 Nil St Vincent Tel : +32 10 65.44.15 Fax : +32 10 65.44.10 From owner-fwtk-users@ex.tis.com Wed May 9 12:03 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA26147 Wed, 9 May 2001 12:03:43 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA03944; Wed, 9 May 2001 11:08:04 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 10:29:15 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA22892 for fwtk-users-outgoing; Wed, 9 May 2001 10:28:59 -0500 (CDT) From: jan@radio.hundert6.de Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <3AF95C28.15A40F51@peaktime.be> Date: Wed, 09 May 2001 17:28:34 -0000 (GMT) To: Michel Bardiaux Subject: Re: Log Files Cc: "fwtk-users@ex.tis.com" Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=iso-8859-1 Content-Length: 939 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > Those incomplete logs on the web server are IMHO the prime > PITA^H^H^H^Hproblem when using FWTK. Couldn't we have a brain storm > on > possible ways to circumvent that? I can't think of any. An application proxy, by its very nature, handles requests instead of the original source of the request. So, the incoming IP packets look as if they come from your fwtk host. Unless you hack some wild 31337 extra tunneled info into a new protocol which you implement on both sides involved and encapsulate the IP packet and the info about the original connection. Good luck. Then again, you might try and write a little Perl script to extract the relevant info from your syslog files on the fwtk machine. Might be easier. Bye, Jan -- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther@radio.hundert6.de From owner-fwtk-users@ex.tis.com Wed May 9 19:29 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id TAA27231 Wed, 9 May 2001 19:29:55 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id SAA07833; Wed, 9 May 2001 18:34:19 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 18:02:03 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id SAA05067 for fwtk-users-outgoing; Wed, 9 May 2001 18:01:46 -0500 (CDT) Message-Id: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 09 May 2001 18:57:31 -0400 To: Michel Bardiaux , "'fwtk-users@ex.tis.com'" From: Rick Murphy Subject: Re: Log Files In-Reply-To: <3AF95C28.15A40F51@peaktime.be> References: <20010509103006.B13125@washington.cospo.osis.gov> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 822 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 05:03 PM 5/9/01 +0200, Michel Bardiaux wrote: >Those incomplete logs on the web server are IMHO the prime >PITA^H^H^H^Hproblem when using FWTK. Couldn't we have a brain storm on >possible ways to circumvent that? The only simple way to do that has already been mentioned - don't use a proxy, use ipfilter rules to redirect the traffic to your web server. If you're willing to patch your kernel, you can modify the IP stack to permit the FWTK system to bind to the original address; that's not what I recommend. Being pragmatic, if you're going to run just a plug-gw in front of your webserver, you might as well use ipfilter rules. Plug really doesn't buy you much. -Rick From owner-fwtk-users@ex.tis.com Wed May 9 21:08 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id VAA27410 Wed, 9 May 2001 21:08:41 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id UAA15769; Wed, 9 May 2001 20:13:06 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 19:41:42 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id TAA13544 for fwtk-users-outgoing; Wed, 9 May 2001 19:41:26 -0500 (CDT) From: "Luis Fernando Barrera" To: "Rick Murphy" , "Michel Bardiaux" , Subject: RE: Log Files Date: Wed, 9 May 2001 18:40:17 -0600 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 In-Reply-To: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 1707 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] There's something not quite clear in this conversation for me... If you use ipfilter, you have to enable IP forwarding in the operating system, right? But then why would I need the FWTK? The FWTK is a proxy based firewall, you wouldn't need a packet filter based firewall, right? Should not be better to use something like http-in? I guess this piece of software, sends to the webserver a header with the orignal IP address... Luis Fernando Barrera luba@assist.com.gt > -----Original Message----- > From: owner-fwtk-users@ex.tis.com [mailto:owner-fwtk-users@ex.tis.com]On > Behalf Of Rick Murphy > Sent: Wednesday, May 09, 2001 16:58 > To: Michel Bardiaux; 'fwtk-users@ex.tis.com' > Subject: Re: Log Files > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > At 05:03 PM 5/9/01 +0200, Michel Bardiaux wrote: > >Those incomplete logs on the web server are IMHO the prime > >PITA^H^H^H^Hproblem when using FWTK. Couldn't we have a brain storm on > >possible ways to circumvent that? > > The only simple way to do that has already been mentioned - don't use a > proxy, use ipfilter rules to redirect the traffic to your web server. > > If you're willing to patch your kernel, you can modify the IP stack to > permit the FWTK system to bind to the original address; that's not what I > recommend. > > Being pragmatic, if you're going to run just a plug-gw in front of your > webserver, you might as well use ipfilter rules. Plug really doesn't buy > you much. > -Rick From owner-fwtk-users@ex.tis.com Wed May 9 22:15 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id WAA27550 Wed, 9 May 2001 22:15:18 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id VAA19250; Wed, 9 May 2001 21:19:42 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 9 May 2001 20:47:44 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id UAA17676 for fwtk-users-outgoing; Wed, 9 May 2001 20:47:28 -0500 (CDT) Message-Id: <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 09 May 2001 21:40:41 -0400 To: "Luis Fernando Barrera" , "Michel Bardiaux" , From: Rick Murphy Subject: RE: Log Files In-Reply-To: References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 992 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 06:40 PM 5/9/01 -0600, Luis Fernando Barrera wrote: >There's something not quite clear in this conversation for me... > > If you use ipfilter, you have to enable IP forwarding in the operating >system, right? > But then why would I need the FWTK? The FWTK is a proxy based firewall, >you wouldn't need a packet filter based firewall, right? Yes, but you can deny forwarding for anything other than the packets going to the DMZ server, while still using FWTK proxies for other protocols. >Should not be better to use something like http-in? I guess this piece of >software, sends to the webserver a header with >the orignal IP address... That's one solution, but then the web server logs still report just the firewall as the source. You can't use off-the-shelf log analysis tools unless you write your own preprocessor for the logs. -Rick From owner-fwtk-users@ex.tis.com Thu May 10 08:16 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA28783 Thu, 10 May 2001 08:16:15 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA10090; Thu, 10 May 2001 07:20:38 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 10 May 2001 06:47:27 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA07834 for fwtk-users-outgoing; Thu, 10 May 2001 06:47:11 -0500 (CDT) X-Authentication-Warning: spider.usrconsult.be: mail set sender to using -f Message-ID: <3AFA4FC7.9F122DAA@peaktime.be> Date: Thu, 10 May 2001 10:22:31 +0200 From: Michel Bardiaux Organization: Peaktime Belgium S.A. X-Mailer: Mozilla 4.73 [en] (WinNT; I) X-Accept-Language: en,fr MIME-Version: 1.0 To: fwtk-users@ex.tis.com Subject: Re: Log Files References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1540 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Rick Murphy wrote: > > Yes, but you can deny forwarding for anything other than the packets going > to the DMZ server, while still using FWTK proxies for other protocols. > > >Should not be better to use something like http-in? I guess this piece of > >software, sends to the webserver a header with > >the orignal IP address... > > That's one solution, but then the web server logs still report just the > firewall as the source. You can't use off-the-shelf log analysis tools > unless you write your own > preprocessor for the logs. > -Rick Using OS-level tools like ipfilter, ipfwadm, ipchains, or iptables, is of course the pragmatic solution (and would additionnally do wonders for performance when you have many connections!). Still, I would like to see this thread continue a little bit, for 2 reasons: (1) It requires learning new, *OS-SPECIFIC* (and in the Linux case, release-specific!) tools - while FWTK is (more or less) a portable solution. (2) It looks like an interesting problem in firewall architecture. To return to the problem of log files, we clearly have to tackle it from the webserver side. The appropriate question seems to be: can we convince, say, apache, to query the FW for the real source of the packets? Eg to cann identd? -- Michel Bardiaux Peaktime Belgium S.A. Rue Margot, 37 B-1457 Nil St Vincent Tel : +32 10 65.44.15 Fax : +32 10 65.44.10 From owner-fwtk-users@ex.tis.com Thu May 10 08:16 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA28784 Thu, 10 May 2001 08:16:15 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA10094; Thu, 10 May 2001 07:20:38 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 10 May 2001 06:46:27 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA07795 for fwtk-users-outgoing; Thu, 10 May 2001 06:46:11 -0500 (CDT) Message-ID: From: Jason Smith To: "'fwtk-users@ex.tis.com'" Subject: Log Files Date: Wed, 9 May 2001 15:12:38 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 612 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At the moment I run a FreeBSD machine that acts as a firewall. I use IIS 5.0 as the webserver and i use the plug-gw to pass requests to the webserver. But in my webservers' log file it says that all requests come from the firewall (an internal address) how can i make it either send the correct ip address of the request or log it somewhere within BSD? From owner-fwtk-users@ex.tis.com Thu May 10 12:00 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA29403 Thu, 10 May 2001 12:00:49 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA16643; Thu, 10 May 2001 11:05:05 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 10 May 2001 10:32:55 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA11550 for fwtk-users-outgoing; Thu, 10 May 2001 10:32:39 -0500 (CDT) Date: Thu, 10 May 2001 11:32:32 -0400 From: Joseph S D Yao To: Jason Smith Cc: TIS FireWall ToolKit List Subject: Re: Log Files Message-Id: <20010510113232.C24107@washington.cospo.osis.gov> Mail-Followup-To: Jason Smith , TIS FireWall ToolKit List References: Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: ; from jason.smith@clsglobal.com.au on Thu, May 10, 2001 at 09:22:40AM +0800 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1521 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Thu, May 10, 2001 at 09:22:40AM +0800, Jason Smith wrote: > What is a DMZ and where are my FWTK log files stored?? There are a couple of different interpretations of "DMZ" [demilitarized zone, US Army mil-speak] in a firewall setting. Usually, these days, it's a network connected to a THIRD interface on your firewall bastion host: THEM [public Internet] | router | bastion host--------DMZ FWTK | router | US [private internet] The permissions to "US" need to completely exclude any complex service that might be used to break in, such as HTTP or anything by Microsoft. The permissions to the DMZ may be less lax: you treat them more or less as sacrificial lambs that you expect to be attacked. Note that in the classic Chapman & Zwicky book, the DMZ was everything between your external router and your internal router, inclusive. At least it was in the first edition: I haven't had time for a good lie-down with the second edition yet. Your FWTK log files are stored wherever you have them sent. Look in /etc/syslog.conf. They may be in /var/adm/messages, or you may be sending them to a storage place inside your private LAN. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Thu May 10 12:01 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA29407 Thu, 10 May 2001 12:01:26 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA16692; Thu, 10 May 2001 11:05:45 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 10 May 2001 10:34:34 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA11734 for fwtk-users-outgoing; Thu, 10 May 2001 10:34:17 -0500 (CDT) Date: Thu, 10 May 2001 11:33:32 -0400 From: Joseph S D Yao To: Luis Fernando Barrera Cc: Rick Murphy , Michel Bardiaux , fwtk-users@ex.tis.com Subject: Re: Log Files Message-Id: <20010510113332.D24107@washington.cospo.osis.gov> Mail-Followup-To: Luis Fernando Barrera , Rick Murphy , Michel Bardiaux , fwtk-users@ex.tis.com References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: ; from luba@assist.com.gt on Wed, May 09, 2001 at 06:40:17PM -0600 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 827 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Wed, May 09, 2001 at 06:40:17PM -0600, Luis Fernando Barrera wrote: ... > If you use ipfilter, you have to enable IP forwarding in the operating > system, right? > But then why would I need the FWTK? The FWTK is a proxy based firewall, > you wouldn't need > a packet filter based firewall, right? > > Should not be better to use something like http-in? I guess this piece of > software, sends to the webserver a header with > the orignal IP address... Yes! -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Fri May 11 04:38 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id EAA01435 Fri, 11 May 2001 04:38:28 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id DAA24721; Fri, 11 May 2001 03:42:53 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 03:10:12 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id DAA22913 for fwtk-users-outgoing; Fri, 11 May 2001 03:09:56 -0500 (CDT) Subject: Re: Log Files From: Tony Gale To: Michel Bardiaux Cc: fwtk-users@ex.tis.com In-Reply-To: <3AFA4FC7.9F122DAA@peaktime.be> References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> <3AFA4FC7.9F122DAA@peaktime.be> X-Mailer: Evolution/0.10 (Preview Release) Date: 11 May 2001 09:09:11 +0100 Message-Id: <989568551.11681.0.camel@syntax.dera.gov.uk> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain Content-Length: 515 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On 10 May 2001 10:22:31 +0200, Michel Bardiaux wrote: > > To return to the problem of log files, we clearly have to tackle it from > the webserver side. The appropriate question seems to be: can we > convince, say, apache, to query the FW for the real source of the > packets? Eg to cann identd? > Not that clearly. This can be solved using transparent proxying, I think. -tony From owner-fwtk-users@ex.tis.com Fri May 11 05:36 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id FAA01539 Fri, 11 May 2001 05:36:38 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id EAA27958; Fri, 11 May 2001 04:41:05 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 04:10:13 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id EAA26205 for fwtk-users-outgoing; Fri, 11 May 2001 04:09:57 -0500 (CDT) From: jan@radio.hundert6.de Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20010510113232.C24107@washington.cospo.osis.gov> Date: Fri, 11 May 2001 11:09:54 -0000 (GMT) To: Joseph S D Yao Subject: Re: Log Files Cc: TIS FireWall ToolKit List Cc: TIS FireWall ToolKit List , Jason Smith Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=iso-8859-1 Content-Length: 405 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > The permissions to "US" need to completely exclude any complex > service > that might be used to break in, such as HTTP or anything by > Microsoft. I love that sentence. Sorry, had to say that. -- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther@radio.hundert6.de From owner-fwtk-users@ex.tis.com Fri May 11 11:36 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA02617 Fri, 11 May 2001 11:36:26 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA09171; Fri, 11 May 2001 10:40:53 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 10:03:46 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA00219 for fwtk-users-outgoing; Fri, 11 May 2001 10:03:29 -0500 (CDT) Date: Fri, 11 May 2001 11:01:58 -0400 From: Joseph S D Yao To: Tony Gale Cc: Michel Bardiaux , fwtk-users@ex.tis.com Subject: Re: Log Files Message-Id: <20010511110158.B2033@washington.cospo.osis.gov> Mail-Followup-To: Tony Gale , Michel Bardiaux , fwtk-users@ex.tis.com References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> <3AFA4FC7.9F122DAA@peaktime.be> <989568551.11681.0.camel@syntax.dera.gov.uk> Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: <989568551.11681.0.camel@syntax.dera.gov.uk>; from gale@syntax.dera.gov.uk on Fri, May 11, 2001 at 09:09:11AM +0100 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 594 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Fri, May 11, 2001 at 09:09:11AM +0100, Tony Gale wrote: ... > Not that clearly. This can be solved using transparent proxying, I > think. Which is available in Gauntlet but not FWTK, and is not always usable in one's given situation. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Fri May 11 11:37 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA02631 Fri, 11 May 2001 11:37:38 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA09422; Fri, 11 May 2001 10:42:05 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 10:10:26 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA01787 for fwtk-users-outgoing; Fri, 11 May 2001 10:10:10 -0500 (CDT) Subject: Re: Log Files From: Tony Gale To: Joseph S D Yao Cc: Michel Bardiaux , fwtk-users@ex.tis.com In-Reply-To: <20010511110158.B2033@washington.cospo.osis.gov> References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> <3AFA4FC7.9F122DAA@peaktime.be> <989568551.11681.0.camel@syntax.dera.gov.uk> <20010511110158.B2033@washington.cospo.osis.gov> X-Mailer: Evolution/0.10 (Preview Release) Date: 11 May 2001 16:09:28 +0100 Message-Id: <989593768.4438.1.camel@syntax.dera.gov.uk> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain Content-Length: 479 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On 11 May 2001 11:01:58 -0400, Joseph S D Yao wrote: > On Fri, May 11, 2001 at 09:09:11AM +0100, Tony Gale wrote: > ... > > Not that clearly. This can be solved using transparent proxying, I > > think. > > Which is available in Gauntlet but not FWTK, and is not always usable > in one's given situation. > There's a patch on www.fwtk.org -tony From owner-fwtk-users@ex.tis.com Fri May 11 12:59 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA02810 Fri, 11 May 2001 12:59:35 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id MAA22792; Fri, 11 May 2001 12:04:02 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 11:31:29 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id LAA17576 for fwtk-users-outgoing; Fri, 11 May 2001 11:31:12 -0500 (CDT) Date: Fri, 11 May 2001 12:30:38 -0400 From: Joseph S D Yao To: Tony Gale Cc: Michel Bardiaux , fwtk-users@ex.tis.com Subject: Re: Log Files Message-Id: <20010511123038.K2033@washington.cospo.osis.gov> Mail-Followup-To: Tony Gale , Michel Bardiaux , fwtk-users@ex.tis.com References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> <3AFA4FC7.9F122DAA@peaktime.be> <989568551.11681.0.camel@syntax.dera.gov.uk> <20010511110158.B2033@washington.cospo.osis.gov> <989593768.4438.1.camel@syntax.dera.gov.uk> Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: <989593768.4438.1.camel@syntax.dera.gov.uk>; from gale@syntax.dera.gov.uk on Fri, May 11, 2001 at 04:09:28PM +0100 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 486 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Fri, May 11, 2001 at 04:09:28PM +0100, Tony Gale wrote: ... > There's a patch on www.fwtk.org Quite right. Sorry about that. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Fri May 11 13:54 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id NAA02921 Fri, 11 May 2001 13:54:21 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id MAA04982; Fri, 11 May 2001 12:58:47 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 12:26:49 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id MAA25963 for fwtk-users-outgoing; Fri, 11 May 2001 12:26:32 -0500 (CDT) From: "Luis Fernando Barrera" To: Subject: Problem with mail messages Date: Fri, 11 May 2001 11:26:16 -0600 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <989593768.4438.1.camel@syntax.dera.gov.uk> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 525 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi all, Anyone has an idea about this message? What could be the source of the problem? It just happens sometimes... May 11 11:00:06 fwtk_server sendmail[1072]: LAA01072: LAB01072: DSN: Too many hops 27 (25 max): from via localhost, to Luis Fernando Barrera luba@assist.com.gt PD: The names of the domain have been changed to protect the... From owner-fwtk-users@ex.tis.com Fri May 11 14:06 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id OAA02954 Fri, 11 May 2001 14:06:21 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id NAA07159; Fri, 11 May 2001 13:10:46 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 12:38:49 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id MAA28870 for fwtk-users-outgoing; Fri, 11 May 2001 12:38:33 -0500 (CDT) Message-Id: <5.1.0.14.0.20010511132930.01f7cb80@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Fri, 11 May 2001 13:32:26 -0400 To: fwtk-users@ex.tis.com From: Rick Murphy Subject: Re: Log Files In-Reply-To: <989593768.4438.1.camel@syntax.dera.gov.uk> References: <20010511110158.B2033@washington.cospo.osis.gov> <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> <3AFA4FC7.9F122DAA@peaktime.be> <989568551.11681.0.camel@syntax.dera.gov.uk> <20010511110158.B2033@washington.cospo.osis.gov> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 322 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 04:09 PM 5/11/01 +0100, Tony Gale wrote: >There's a patch on www.fwtk.org That requires ipfilter or the equivalent, unfortunately - you're back to using packet filtering. -Rick From owner-fwtk-users@ex.tis.com Fri May 11 15:10 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id PAA03189 Fri, 11 May 2001 15:10:18 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA20169; Fri, 11 May 2001 14:14:45 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 13:41:55 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id NAA13194 for fwtk-users-outgoing; Fri, 11 May 2001 13:41:39 -0500 (CDT) From: "Ken Long" Organization: Lectrosonics, Inc. To: fwtk-users@ex.tis.com Date: Fri, 11 May 2001 12:41:07 -0600 MIME-Version: 1.0 Content-transfer-encoding: 7BIT Subject: Re: Problem with mail messages Message-ID: <3AFBDDDA.30575.13AEFE5@localhost> In-reply-to: References: <989593768.4438.1.camel@syntax.dera.gov.uk> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=US-ASCII Content-Length: 819 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I've received several of these in the recent past as well. I figured it was a routing error somewhere enroute or a problem at the sending end. I don't think it's anything FWTK could be doing. Ken Long On 11 May 2001, at 11:26, Luis Fernando Barrera wrote: > Hi all, > > Anyone has an idea about this message? What could be the source of the > problem? It just > happens sometimes... > > > > May 11 11:00:06 fwtk_server sendmail[1072]: LAA01072: LAB01072: DSN: Too > many hops 27 (25 max): from > via localhost, to > > Luis Fernando Barrera > luba@assist.com.gt > > PD: The names of the domain have been changed to protect the... From owner-fwtk-users@ex.tis.com Fri May 11 15:22 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id PAA03224 Fri, 11 May 2001 15:22:13 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA22781; Fri, 11 May 2001 14:26:39 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 13:54:40 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id NAA15222 for fwtk-users-outgoing; Fri, 11 May 2001 13:54:24 -0500 (CDT) Date: Fri, 11 May 2001 14:52:39 -0400 From: Joseph S D Yao To: Luis Fernando Barrera Cc: fwtk-users@ex.tis.com Subject: Re: Problem with mail messages Message-Id: <20010511145239.C2033@washington.cospo.osis.gov> Mail-Followup-To: Luis Fernando Barrera , fwtk-users@ex.tis.com References: <989593768.4438.1.camel@syntax.dera.gov.uk> Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: ; from luba@assist.com.gt on Fri, May 11, 2001 at 11:26:16AM -0600 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1105 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Fri, May 11, 2001 at 11:26:16AM -0600, Luis Fernando Barrera wrote: ... > May 11 11:00:06 fwtk_server sendmail[1072]: LAA01072: LAB01072: DSN: Too > many hops 27 (25 max): from > via localhost, to > > Luis Fernando Barrera > luba@assist.com.gt > > PD: The names of the domain have been changed to protect the... For which reason, it is of course more difficult to help you. But this will happen when mail arrives at one site, and that site believes that the mail should be delivered by another site, site 2. But site 2 in turn believes that the mail should be delivered by the original site. So they hand it back and forth until one of them cries quit. Rarely, more than one site is involved. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Fri May 11 17:58 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA03938 Fri, 11 May 2001 17:58:40 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id RAA22441; Fri, 11 May 2001 17:03:07 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 16:29:53 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id QAA15053 for fwtk-users-outgoing; Fri, 11 May 2001 16:29:36 -0500 (CDT) From: "Luis Fernando Barrera" To: Subject: RE: Problem with mail messages Date: Fri, 11 May 2001 15:17:31 -0600 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-reply-to: <20010511145239.C2033@washington.cospo.osis.gov> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 1872 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] That's for sure... The problem is reported in the FWTK box. It seems the FWTK box is sending the message to the internal mail server, and then it relays the message back to FWTK box... Could it be some configuration problem with the DNS or the Sendmail....? thanks again. Luis Fernando Barrera luba@assist.com.gt > -----Original Message----- > From: owner-fwtk-users@ex.tis.com [mailto:owner-fwtk-users@ex.tis.com]On > Behalf Of Joseph S D Yao > Sent: Friday, May 11, 2001 12:53 > To: Luis Fernando Barrera > Cc: fwtk-users@ex.tis.com > Subject: Re: Problem with mail messages > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > On Fri, May 11, 2001 at 11:26:16AM -0600, Luis Fernando Barrera wrote: > ... > > May 11 11:00:06 fwtk_server sendmail[1072]: LAA01072: LAB01072: DSN: Too > > many hops 27 (25 max): from > > via localhost, to > > > > Luis Fernando Barrera > > luba@assist.com.gt > > > > PD: The names of the domain have been changed to protect the... > > For which reason, it is of course more difficult to help you. But this > will happen when mail arrives at one site, and that site believes that > the mail should be delivered by another site, site 2. But site 2 in > turn believes that the mail should be delivered by the original site. > So they hand it back and forth until one of them cries quit. > > Rarely, more than one site is involved. > > -- > Joe Yao jsdy@cospo.osis.gov - > Joseph S. D. Yao > OSIS Center Computer Support EMT-B > ----------------------------------------------------------------------- > This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Fri May 11 18:24 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id SAA04108 Fri, 11 May 2001 18:24:14 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id RAA28210; Fri, 11 May 2001 17:28:40 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 11 May 2001 16:57:04 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id QAA21250 for fwtk-users-outgoing; Fri, 11 May 2001 16:56:46 -0500 (CDT) Message-ID: <3AFC5FE4.9454D489@v-one.com> Date: Fri, 11 May 2001 17:55:48 -0400 From: Keith Young Organization: V-ONE X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Tony Gale CC: Joseph S D Yao , Michel Bardiaux , fwtk-users@ex.tis.com Subject: Re: Log Files References: <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> <3AFA4FC7.9F122DAA@peaktime.be> <989568551.11681.0.camel@syntax.dera.gov.uk> <20010511110158.B2033@washington.cospo.osis.gov> <989593768.4438.1.camel@syntax.dera.gov.uk> Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 992 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Tony Gale wrote: > > > > Not that clearly. This can be solved using transparent proxying, I > > > think. > > > > Which is available in Gauntlet but not FWTK, and is not always usable > > in one's given situation. > > > > There's a patch on www.fwtk.org > Unless I'm mistaken (which is *entirely* possible due to newborn sleep deprivation), but doesn't transparent proxying require a route to the web server? This will be unlikely if the web server is on the inside net... If someone is going to write a kernel driver to NAT the proxied address to the source address (which is how Gauntlet does it, right Rick?), then I would agree with Rick to use packet filtering instead. Or, you could come up with a home-grown method of log merging using Perl scripts and a NTP server. -- --Keith Young -Director of Customer Care/Support, V-ONE Corp. -kyoung@v-one.com From owner-fwtk-users@ex.tis.com Sat May 12 08:39 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA06251 Sat, 12 May 2001 08:39:55 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA16557; Sat, 12 May 2001 07:44:18 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Sat, 12 May 2001 07:11:08 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id HAA15291 for fwtk-users-outgoing; Sat, 12 May 2001 07:10:53 -0500 (CDT) From: Eberhard Mattes Date: Sat, 12 May 2001 14:10:09 +0200 (MET DST) Message-Id: <200105121210.OAA10011@azu.informatik.uni-stuttgart.de> To: jason.smith@clsglobal.com.au CC: fwtk-users@ex.tis.com In-reply-to: message from Jason Smith on 12 May 2001 11:45:15 +0200 Subject: Re: Log Files Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text Content-Length: 796 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > At the moment I run a FreeBSD machine that acts as a firewall. I use IIS 5.0 > as the webserver and i use the plug-gw to pass requests to the webserver. > But in my webservers' log file it says that all requests come from the > firewall (an internal address) how can i make it either send the correct ip > address of the request or log it somewhere within BSD? http-in writes a log file which can be used with log file analyzers which work with Apache ("common log file format"). Additionally, http-in adds a header line which passes the original IP address to the web server (won't work for IIS). -- Eberhard Mattes From owner-fwtk-users@ex.tis.com Mon May 14 05:43 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id FAA10480 Mon, 14 May 2001 05:43:39 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id EAA06646; Mon, 14 May 2001 04:48:03 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 04:10:11 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id EAA04346 for fwtk-users-outgoing; Mon, 14 May 2001 04:09:55 -0500 (CDT) From: jan@radio.hundert6.de Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Mon, 14 May 2001 09:09:13 -0000 (GMT) To: fwtk-users@ex.tis.com Subject: rewriting headers...? Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=iso-8859-1 Content-Length: 1251 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello everybody, I am slightly confused. Since, as I guess all of us do, I have a split DNS setup, I have an internal mailserver and smap/smapd/sendmail as a mailrelay. Unfortunately, my mail headers are really, really ugly. Whilst my internal mailserver masquerades nicely, addding the masquerading features to my mailrelay's sendmail configuration was ineffective - it still writes itself into the headers with its internal hostname and adds the internal mailserver's IP address as well as its own to the header, which bothers me even more. I thought twiddling the sendmail config the usual way would help me here, since I've always assumed sendmail is the one that delivers outgoing traffic... Does smap rewrite the header with its own values...? The 'smap/smapd' bit implies that... Also, is there any way of changing the hostname that smap reports when contacting port 25 apart from hardcoding it in the source? Though it all does work, I'm not satisfied... Could anybody provide me with useful info here...? TIA and cheers, Jan -- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther@radio.hundert6.de From owner-fwtk-users@ex.tis.com Mon May 14 08:10 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA10964 Mon, 14 May 2001 08:10:36 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA14884; Mon, 14 May 2001 07:15:05 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 06:43:50 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA12135 for fwtk-users-outgoing; Mon, 14 May 2001 06:43:34 -0500 (CDT) Date: Fri, 11 May 2001 14:52:39 -0400 From: Joseph S D Yao To: Luis Fernando Barrera Cc: fwtk-users@ex.tis.com Subject: Re: Problem with mail messages Message-Id: <20010511145239.C2033@washington.cospo.osis.gov> Mail-Followup-To: Luis Fernando Barrera , fwtk-users@ex.tis.com References: <989593768.4438.1.camel@syntax.dera.gov.uk> Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: ; from luba@assist.com.gt on Fri, May 11, 2001 at 11:26:16AM -0600 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1243 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Fri, May 11, 2001 at 11:26:16AM -0600, Luis Fernando Barrera wrote: ... > May 11 11:00:06 fwtk_server sendmail[1072]: LAA01072: LAB01072: DSN: Too > many hops 27 (25 max): from > via localhost, to > > Luis Fernando Barrera > luba@assist.com.gt > > PD: The names of the domain have been changed to protect the... For which reason, it is of course more difficult to help you. But this will happen when mail arrives at one site, and that site believes that the mail should be delivered by another site, site 2. But site 2 in turn believes that the mail should be delivered by the original site. So they hand it back and forth until one of them cries quit. Rarely, more than one site is involved. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Mon May 14 08:11 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA10968 Mon, 14 May 2001 08:11:00 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA14929; Mon, 14 May 2001 07:15:30 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 06:44:49 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA12174 for fwtk-users-outgoing; Mon, 14 May 2001 06:44:33 -0500 (CDT) Subject: Re: Log Files From: Tony Gale To: Rick Murphy Cc: fwtk-users@ex.tis.com In-Reply-To: <5.1.0.14.0.20010511132930.01f7cb80@mail.itm-inst.com> References: <20010511110158.B2033@washington.cospo.osis.gov> <5.1.0.14.0.20010509185452.01f75860@mail.itm-inst.com> <5.1.0.14.0.20010509213817.01f5c080@mail.itm-inst.com> <3AFA4FC7.9F122DAA@peaktime.be> <989568551.11681.0.camel@syntax.dera.gov.uk> <20010511110158.B2033@washington.cospo.osis.gov> <5.1.0.14.0.20010511132930.01f7cb80@mail.itm-inst.com> X-Mailer: Evolution/0.10 (Preview Release) Date: 14 May 2001 10:02:01 +0100 Message-Id: <989830921.12334.0.camel@syntax.dera.gov.uk> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain Content-Length: 624 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On 11 May 2001 13:32:26 -0400, Rick Murphy wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > At 04:09 PM 5/11/01 +0100, Tony Gale wrote: > > >There's a patch on www.fwtk.org > > That requires ipfilter or the equivalent, unfortunately - you're back to > using packet filtering. > -Rick > Only to achieve the redirection, not to perform any packer filtering function. -tony From owner-fwtk-users@ex.tis.com Mon May 14 08:22 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA11021 Mon, 14 May 2001 08:22:06 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA16073; Mon, 14 May 2001 07:26:36 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 06:55:51 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA13016 for fwtk-users-outgoing; Mon, 14 May 2001 06:55:35 -0500 (CDT) X-Originating-IP: [192.169.41.38] From: "Biswajit Sen" To: fwtk-users@lists.nai.com Subject: Help Needed Date: Mon, 14 May 2001 09:00:29 +0530 Mime-Version: 1.0 Message-ID: X-OriginalArrivalTime: 14 May 2001 03:30:29.0559 (UTC) FILETIME=[395C4470:01C0DC26] Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; format=flowed Content-Length: 1123 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic proxy server on a HP UX Box (Ver. B.11.00 U 9000/800). I tried to connect two different database server through this proxy server from a client PC. I can successfully connect to one database server (running dedicated Oracle server ver. 7.3.4.4.1) using SQLPLUS. But I am unable to connect to second proxy server using SQLPLUS. Second database server is running on Multithreaded Oracle ver.7.3.4.4.1 I am able to ping second database server from proxy server. Also if I use "TELNET

" I am getting a connection. Is this version of plug-gw capable of giving connection to a Multithreaded Oracle database server or I need to install any patch for that ? Your early response is highly appreciated. Thanks & regards, Biswajit _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From owner-fwtk-users@ex.tis.com Mon May 14 08:43 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA11106 Mon, 14 May 2001 08:43:15 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA18835; Mon, 14 May 2001 07:47:44 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 07:16:47 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id HAA15003 for fwtk-users-outgoing; Mon, 14 May 2001 07:16:31 -0500 (CDT) Message-ID: <8FF4A557FE65D311BDF80000E88EAB192BD4F5@DSISS002> From: =?iso-8859-1?Q?Beuserie_Fr=E9d=E9ric_=28stbrice_dsi=29?= To: "'Biswajit Sen'" Cc: fwtk-users@ex.tis.com Subject: RE: Help Needed Date: Mon, 14 May 2001 14:17:25 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0DC6F.D5A40270" Content-Length: 6076 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0DC6F.D5A40270 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable plug-gw does nothing with the tunneled protocol and more, it has = nothing to do with multithreading on the other side of the tunnel. the solution: if the request came from the same ip adress to the same plug-gw = listening port, plug-gw cannot choose between=20 two or more destination. and you can't request it the destination when = you establish the connection. use instead two plug-gw listening on two different port on the proxy = and use -plug-to to the right destination oracle server. then customize your client to use different port when connecting to different server. ----------------------------------------- Beuserie Frederic DSI / Syst=E8me et Exploitation - 3 Suisses Belgique Email: F.Beuserie@3Suisses.be -----Message d'origine----- De: Biswajit Sen [mailto:biswajit_sen@hotmail.com] Date: lundi 14 mai 2001 5:30 =C0: fwtk-users@lists.nai.com Objet: Help Needed [To be removed from this list send the message "unsubscribe fwtk-users" = in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic proxy server on a = HP UX Box (Ver. B.11.00 U 9000/800). I tried to connect two different = database=20 server through this proxy server from a client PC. I can successfully=20 connect to one database server (running dedicated Oracle server ver.=20 7.3.4.4.1) using SQLPLUS. But I am unable to connect to second proxy = server=20 using SQLPLUS. Second database server is running on Multithreaded = Oracle=20 ver.7.3.4.4.1 I am able to ping second database server from proxy server. Also if I = use=20 "TELNET

" I am getting a connection. Is this version of plug-gw capable of giving connection to a = Multithreaded=20 Oracle database server or I need to install any patch for that ? Your early response is highly appreciated. Thanks & regards, Biswajit ________________________________________________________________________= _ Get Your Private, Free E-mail from MSN Hotmail at = http://www.hotmail.com. ------_=_NextPart_001_01C0DC6F.D5A40270 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Help Needed

plug-gw does nothing with the tunneled protocol and = more, it has nothing to do with multithreading on the other side of the = tunnel.

the solution:
if the request came from the same ip adress to the = same plug-gw listening port, plug-gw cannot choose between
two or more destination. and you can't request it = the destination when you establish the connection.
use instead two plug-gw listening on two different = port on the proxy and use -plug-to to the right destination oracle = server.

then customize your client to use different port when = connecting to different server.

-----------------------------------------
Beuserie Frederic
DSI / Syst=E8me et Exploitation - 3 Suisses = Belgique
Email: F.Beuserie@3Suisses.be

-----Message d'origine-----
De: Biswajit Sen [mailto:biswajit_sen@hotmail.com= ]
Date: lundi 14 mai 2001 5:30
=C0: fwtk-users@lists.nai.com
Objet: Help Needed

[To be removed from this list send the message = "unsubscribe fwtk-users" in the
BODY of a mail message to = majordomo@ex.tis.com.]

Hi,

I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic = proxy server on a HP UX
Box (Ver. B.11.00 U 9000/800). I tried to = connect two different database
server through this proxy server from a client PC. I = can successfully
connect to one database server (running dedicated = Oracle server ver.
7.3.4.4.1) using SQLPLUS. But I am unable to connect = to second proxy server
using SQLPLUS. Second database server is running on = Multithreaded Oracle
ver.7.3.4.4.1

I am able to ping second database server from proxy = server. Also if I use
"TELNET <PROXY-SERVER-IP> = <PORT-WHERE-PLUG-GW-IS-LISTENING>"
I am getting a connection.

Is this version of plug-gw capable of giving = connection to a Multithreaded
Oracle database server or I need to install any = patch for that ?

Your early response is highly appreciated.

Thanks & regards,
Biswajit

_______________________________________________________________= __________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

------_=_NextPart_001_01C0DC6F.D5A40270-- From owner-fwtk-users@ex.tis.com Mon May 14 09:43 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id JAA11314 Mon, 14 May 2001 09:43:03 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id IAA26676; Mon, 14 May 2001 08:47:31 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 08:15:34 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id IAA21953 for fwtk-users-outgoing; Mon, 14 May 2001 08:15:18 -0500 (CDT) X-Originating-IP: [203.117.33.25] From: "Biswajit Sen" To: F.Beuserie@3suisses.be Cc: fwtk-users@ex.tis.com Subject: RE: Help Needed Date: Mon, 14 May 2001 18:44:09 +0530 Mime-Version: 1.0 Message-ID: X-OriginalArrivalTime: 14 May 2001 13:14:10.0181 (UTC) FILETIME=[C3471B50:01C0DC77] Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; format=flowed Content-Length: 2831 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I have used two different port for two oracle server. I am able to connect to one oracle server but unable to connect to the second one thru plug-gw. I have also checked that TCP connectivity between client pc to proxy server and from proxy server to oracle server. Regards, Biswajit >From: Beuserie Fr�d�ric (stbrice dsi) >To: "'Biswajit Sen'" >CC: fwtk-users@ex.tis.com >Subject: RE: Help Needed >Date: Mon, 14 May 2001 14:17:25 +0200 > >plug-gw does nothing with the tunneled protocol and more, it has nothing to >do with multithreading on the other side of the tunnel. > >the solution: >if the request came from the same ip adress to the same plug-gw listening >port, plug-gw cannot choose between >two or more destination. and you can't request it the destination when you >establish the connection. >use instead two plug-gw listening on two different port on the proxy and >use >-plug-to to the right destination oracle server. >then customize your client to use different port when connecting to >different server. > >----------------------------------------- >Beuserie Frederic >DSI / Syst�me et Exploitation - 3 Suisses Belgique >Email: F.Beuserie@3Suisses.be > > > >-----Message d'origine----- >De: Biswajit Sen [mailto:biswajit_sen@hotmail.com] >Date: lundi 14 mai 2001 5:30 >�: fwtk-users@lists.nai.com >Objet: Help Needed > > >[To be removed from this list send the message "unsubscribe fwtk-users" in >the >BODY of a mail message to majordomo@ex.tis.com.] > >Hi, > >I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic proxy server on a HP >UX > >Box (Ver. B.11.00 U 9000/800). I tried to connect two different database >server through this proxy server from a client PC. I can successfully >connect to one database server (running dedicated Oracle server ver. >7.3.4.4.1) using SQLPLUS. But I am unable to connect to second proxy server >using SQLPLUS. Second database server is running on Multithreaded Oracle >ver.7.3.4.4.1 > >I am able to ping second database server from proxy server. Also if I use >"TELNET

" >I am getting a connection. > >Is this version of plug-gw capable of giving connection to a Multithreaded >Oracle database server or I need to install any patch for that ? > >Your early response is highly appreciated. > >Thanks & regards, >Biswajit > >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From owner-fwtk-users@ex.tis.com Mon May 14 10:30 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id KAA11448 Mon, 14 May 2001 10:30:30 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id JAA03340; Mon, 14 May 2001 09:35:00 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 09:03:33 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id JAA28549 for fwtk-users-outgoing; Mon, 14 May 2001 09:03:17 -0500 (CDT) Message-ID: <8FF4A557FE65D311BDF80000E88EAB192BD4F8@DSISS002> From: =?iso-8859-1?Q?Beuserie_Fr=E9d=E9ric_=28stbrice_dsi=29?= To: "'Biswajit Sen'" Cc: "'fwtk-users@ex.tis.com'" Subject: RE: Help Needed Date: Mon, 14 May 2001 16:03:23 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0DC7E.A360E440" Content-Length: 11983 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0DC7E.A360E440 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable did you say: client:1024+ > proxy:1234 proxy:1024+ > oracle:2345 client:1024+ > proxy:1234 proxy:1024+ > orcale2:3210 ^^^^ (bad) or client:1024+ > proxy:1234 proxy:1024+ > oracle:2345 client:1024+ > proxy:4321 proxy:1024+ > orcale2:3210 ? ^^^^ (right) you have to have two plug-gw listening on two different port on the = same side of the proxy host. one is -plug-to oracle 2345 (the first server) and the second -plug-to oracle2 3210 (the second oracle server) both can be on the same ip address. I cannot say more without having your netperm-table. greets. ----------------------------------------- Beuserie Frederic DSI / Syst=E8me et Exploitation - 3 Suisses Belgique Tel: +3269/882485 / Fax: +3269/882491 Email: F.Beuserie@3Suisses.be -----Message d'origine----- De: Biswajit Sen [mailto:biswajit_sen@hotmail.com] Date: lundi 14 mai 2001 15:14 =C0: F.Beuserie@3suisses.be Cc: fwtk-users@ex.tis.com Objet: RE: Help Needed Hi, I have used two different port for two oracle server. I am able to = connect=20 to one oracle server but unable to connect to the second one thru = plug-gw. I have also checked that TCP connectivity between client pc to proxy = server=20 and from proxy server to oracle server. Regards, Biswajit >From: Beuserie Fr=E9d=E9ric (stbrice dsi) >To: "'Biswajit Sen'" >CC: fwtk-users@ex.tis.com >Subject: RE: Help Needed >Date: Mon, 14 May 2001 14:17:25 +0200 > >plug-gw does nothing with the tunneled protocol and more, it has = nothing to >do with multithreading on the other side of the tunnel. > >the solution: >if the request came from the same ip adress to the same plug-gw = listening >port, plug-gw cannot choose between >two or more destination. and you can't request it the destination when = you >establish the connection. >use instead two plug-gw listening on two different port on the proxy = and=20 >use >-plug-to to the right destination oracle server. >then customize your client to use different port when connecting to >different server. > >----------------------------------------- >Beuserie Frederic >DSI / Syst=E8me et Exploitation - 3 Suisses Belgique >Email: F.Beuserie@3Suisses.be > > > >-----Message d'origine----- >De: Biswajit Sen [mailto:biswajit_sen@hotmail.com] >Date: lundi 14 mai 2001 5:30 >=C0: fwtk-users@lists.nai.com >Objet: Help Needed > > >[To be removed from this list send the message "unsubscribe = fwtk-users" in >the >BODY of a mail message to majordomo@ex.tis.com.] > >Hi, > >I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic proxy server on a = HP=20 >UX > >Box (Ver. B.11.00 U 9000/800). I tried to connect two different = database >server through this proxy server from a client PC. I can successfully >connect to one database server (running dedicated Oracle server ver. >7.3.4.4.1) using SQLPLUS. But I am unable to connect to second proxy = server >using SQLPLUS. Second database server is running on Multithreaded = Oracle >ver.7.3.4.4.1 > >I am able to ping second database server from proxy server. Also if I = use >"TELNET

" >I am getting a connection. > >Is this version of plug-gw capable of giving connection to a = Multithreaded >Oracle database server or I need to install any patch for that ? > >Your early response is highly appreciated. > >Thanks & regards, >Biswajit > >_______________________________________________________________________= __ >Get Your Private, Free E-mail from MSN Hotmail at = http://www.hotmail.com. > > ________________________________________________________________________= _ Get Your Private, Free E-mail from MSN Hotmail at = http://www.hotmail.com. ------_=_NextPart_001_01C0DC7E.A360E440 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Help Needed

did you say:

client:1024+ > = proxy:1234       proxy:1024+ > = oracle:2345
client:1024+ > = proxy:1234       proxy:1024+ > = orcale2:3210
          &nb= sp;          ^^^^
(bad)

client:1024+ > = proxy:1234       proxy:1024+ > = oracle:2345
client:1024+ > = proxy:4321       proxy:1024+ > = orcale2:3210    ?
          &nb= sp;          ^^^^
(right)

you have to have two plug-gw listening on two = different port on the same side of the proxy host.
one is -plug-to oracle 2345 (the first server) and = the second -plug-to oracle2 3210 (the second oracle server)
both can be on the same ip address.

I cannot say more without having your = netperm-table.

greets.

-----------------------------------------
Beuserie Frederic
DSI / Syst=E8me et Exploitation - 3 Suisses = Belgique

Tel: +3269/882485 / Fax: +3269/882491
Email: F.Beuserie@3Suisses.be

-----Message d'origine-----
De: Biswajit Sen [mailto:biswajit_sen@hotmail.com= ]
Date: lundi 14 mai 2001 15:14
=C0: F.Beuserie@3suisses.be
Cc: fwtk-users@ex.tis.com
Objet: RE: Help Needed

Hi,

I have used two different port for two oracle server. = I am able to connect
to one oracle server but unable to connect to the = second one thru plug-gw. I
have also checked that TCP connectivity between = client pc to proxy server
and from proxy server to oracle server.

Regards,
Biswajit

>From: Beuserie Fr=E9d=E9ric (stbrice dsi) = <F.Beuserie@3suisses.be>
>To: "'Biswajit Sen'" = <biswajit_sen@hotmail.com>
>CC: fwtk-users@ex.tis.com
>Subject: RE: Help Needed
>Date: Mon, 14 May 2001 14:17:25 +0200
>
>plug-gw does nothing with the tunneled protocol = and more, it has nothing to
>do with multithreading on the other side of the = tunnel.
>
>the solution:
>if the request came from the same ip adress to = the same plug-gw listening
>port, plug-gw cannot choose between
>two or more destination. and you can't request = it the destination when you
>establish the connection.
>use instead two plug-gw listening on two = different port on the proxy and
>use
>-plug-to to the right destination oracle = server.
>then customize your client to use different port = when connecting to
>different server.
>
>-----------------------------------------
>Beuserie Frederic
>DSI / Syst=E8me et Exploitation - 3 Suisses = Belgique
>Email: F.Beuserie@3Suisses.be
>
>
>
>-----Message d'origine-----
>De: Biswajit Sen [mailto:biswajit_sen@hotmail.com= ]
>Date: lundi 14 mai 2001 5:30
>=C0: fwtk-users@lists.nai.com
>Objet: Help Needed
>
>
>[To be removed from this list send the message = "unsubscribe fwtk-users" in
>the
>BODY of a mail message to = majordomo@ex.tis.com.]
>
>Hi,
>
>I have installed TIS PLUG-GW (Ver. FWTK-2.0) = generic proxy server on a HP
>UX
>
>Box (Ver. B.11.00 U 9000/800). I tried to = connect two different database
>server through this proxy server from a client = PC. I can successfully
>connect to one database server (running = dedicated Oracle server ver.
>7.3.4.4.1) using SQLPLUS. But I am unable to = connect to second proxy server
>using SQLPLUS. Second database server is running = on Multithreaded Oracle
>ver.7.3.4.4.1
>
>I am able to ping second database server from = proxy server. Also if I use
>"TELNET <PROXY-SERVER-IP> = <PORT-WHERE-PLUG-GW-IS-LISTENING>"
>I am getting a connection.
>
>Is this version of plug-gw capable of giving = connection to a Multithreaded
>Oracle database server or I need to install any = patch for that ?
>
>Your early response is highly = appreciated.
>
>Thanks & regards,
>Biswajit
>
>___________________________________________________________= ______________
>Get Your Private, Free E-mail from MSN Hotmail = at http://www.hotmail.com.
>
>

_______________________________________________________________= __________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

------_=_NextPart_001_01C0DC7E.A360E440-- From owner-fwtk-users@ex.tis.com Mon May 14 10:47 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id KAA11550 Mon, 14 May 2001 10:47:12 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id JAA06007; Mon, 14 May 2001 09:51:43 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 09:19:46 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id JAA01065 for fwtk-users-outgoing; Mon, 14 May 2001 09:19:30 -0500 (CDT) Date: Mon, 14 May 2001 18:18:43 +0400 (MSD) From: Antuan Avdioukhine X-Sender: antuan@tyger.hq.internetmedia.ru To: fwtk-users@ex.tis.com cc: "'Biswajit Sen'" Subject: RE: Help Needed In-Reply-To: <8FF4A557FE65D311BDF80000E88EAB192BD4F5@DSISS002> Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=KOI8-R Content-Length: 1267 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Mon, 14 May 2001, [iso-8859-1] Beuserie Fr�d�ric (stbrice dsi) wrote: You have to force dedicated mode because multithread mode in Oracle tries to start alternative listener thread after connection made. Similar problem I had with oracle-8i. > I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic proxy server on a > HP UX Box (Ver. B.11.00 U 9000/800). I tried to connect two different > database server through this proxy server from a client PC. I can > successfully connect to one database server (running dedicated Oracle > server ver. 7.3.4.4.1) using SQLPLUS. But I am unable to connect to > second proxy server using SQLPLUS. Second database server is running > on Multithreaded Oracle > ver.7.3.4.4.1 > I am able to ping second database server from proxy server. Also if I > use "TELNET

" I am > getting a connection. > Is this version of plug-gw capable of giving connection to a > Multithreaded Oracle database server or I need to install any patch > for that ? -- Antuan Avdioukhine (DEKA-RIPN) InternetMedia Holding Ltd. St.Petersburg, Russia. +7 (812) 320 8585 From owner-fwtk-users@ex.tis.com Mon May 14 14:25 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id OAA12202 Mon, 14 May 2001 14:25:37 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id NAA08684; Mon, 14 May 2001 13:30:06 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 12:57:48 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id MAA03897 for fwtk-users-outgoing; Mon, 14 May 2001 12:57:32 -0500 (CDT) Date: Mon, 14 May 2001 13:57:28 -0400 From: Joseph S D Yao To: Biswajit Sen Cc: fwtk-users@lists.nai.com Subject: Re: Help Needed Message-ID: <20010514135728.D1213@washington.cospo.osis.gov> Mail-Followup-To: Biswajit Sen , fwtk-users@lists.nai.com References: Mime-Version: 1.0 X-Mailer: Mutt 1.0i In-Reply-To: ; from biswajit_sen@hotmail.com on Mon, May 14, 2001 at 09:00:29AM +0530 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1634 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Mon, May 14, 2001 at 09:00:29AM +0530, Biswajit Sen wrote: > I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic proxy server on a HP UX > Box (Ver. B.11.00 U 9000/800). I tried to connect two different database > server through this proxy server from a client PC. I can successfully > connect to one database server (running dedicated Oracle server ver. > 7.3.4.4.1) using SQLPLUS. But I am unable to connect to second proxy server > using SQLPLUS. Second database server is running on Multithreaded Oracle > ver.7.3.4.4.1 > > I am able to ping second database server from proxy server. Also if I use > "TELNET

" > I am getting a connection. > > Is this version of plug-gw capable of giving connection to a Multithreaded > Oracle database server or I need to install any patch for that ? This is one of very many purposes for which plug-gw is totally unsuited. IIRC, the multi-threaded SQL server uses its primary port solely for the purpose of negotiating a second port. This second port - different for each thread - is the thread on which the transaction takes place. You will need a multi-threaded SQL proxy. I believe that TIS Gauntlet or ANS InterLock may have this. I don't believe that FWTK does. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Mon May 14 15:34 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id PAA12377 Mon, 14 May 2001 15:34:35 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA21546; Mon, 14 May 2001 14:39:03 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 14 May 2001 14:06:01 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id OAA15097 for fwtk-users-outgoing; Mon, 14 May 2001 14:05:45 -0500 (CDT) From: dreamwvr@dreamwvr.com Message-ID: X-Mailer: XFMail 1.4.6-3 on OpenBSD X-Priority: 3 (Normal) Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20010514135728.D1213@washington.cospo.osis.gov> Date: Mon, 14 May 2001 13:14:03 -0600 (MDT) Reply-To: dreamwvr@dreamwvr.com To: fwtk-users@lists.nai.com Subject: Re: Help Needed Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 436 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] IIR there is a proxy for oracle that was referred to at freshmeat .. can't help further as simply the long term mem has got corrupted.. ---------------------------------------- E-Mail: dreamwvr@dreamwvr.com Date: 14-May-2001 Open Source Opens Minds. - DREAMWVR.COM ---------------------------------------- From owner-fwtk-users@ex.tis.com Tue May 15 20:47 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id UAA16651 Tue, 15 May 2001 20:47:01 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id TAA02478; Tue, 15 May 2001 19:51:32 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 15 May 2001 19:15:59 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id TAA00279 for fwtk-users-outgoing; Tue, 15 May 2001 19:15:43 -0500 (CDT) Date: Tue, 15 May 2001 20:15:02 -0400 From: Joseph S D Yao To: Jan Muenther Cc: "'fwtk-users@ex.tis.com'" Subject: Re: smap anti-spoof Message-ID: <20010515201502.X16596@washington.cospo.osis.gov> Mail-Followup-To: Jan Muenther , "'fwtk-users@ex.tis.com'" References: <3AA6052B.E39DD5F1@radio.hundert6.de> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3AA6052B.E39DD5F1@radio.hundert6.de>; from jan@radio.hundert6.de on Wed, Mar 07, 2001 at 09:53:47AM +0000 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1459 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Going back through old mail, I find unanswered: On Wed, Mar 07, 2001 at 09:53:47AM +0000, Jan Muenther wrote: ... > I wonder whether the yao-patched smap's default behaviour is to > reject mail from hosts which cause a name lookup mismatch is to > reject them...?! > > I currently have problems with one person who's mailserver > obviously has a different forward / reverse resolution and this > person is the only one complaining about mail problems. > > In my system's logfiles I only find messages about a possible > spoof and it doesn't look like mail's delivered. From the other > side, the smtp connection is obviously ended by a 451 error and > it doesn't look like mail is delivered. Strangely, this only > seems to occur occasionally, sometimes mail hust gets through... > any hints? Default behaviour is to print the warning message and deliver anyway. IIRC, you can choose to reject. Let's see: from the commentary, ** 451 Requested action aborted: error in processing For which there are many reasons, easily findable in the code. - disk write error OK, I guess not so many. ;-) -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Tue May 15 23:07 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id XAA16915 Tue, 15 May 2001 23:07:40 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id WAA08936; Tue, 15 May 2001 22:12:12 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 15 May 2001 21:40:41 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id VAA07607 for fwtk-users-outgoing; Tue, 15 May 2001 21:40:25 -0500 (CDT) Message-ID: <3B01E7BE.3E788C8E@ipass.net> Date: Tue, 15 May 2001 22:36:46 -0400 From: Brion Leary Reply-To: bleary@ipass.net X-Mailer: Mozilla 4.76 [en]C-CCK-MCD {United Systems Access} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Biswajit Sen CC: F.Beuserie@3suisses.be, fwtk-users@ex.tis.com Subject: Re: Help Needed References: Content-Transfer-Encoding: 8bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=iso-8859-1 Content-Length: 3341 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Multithreaded Oracle server or Oracle on NT can not not be proxied with plug-gw. MT server listens on one port any after connection negotiates a new port to listen on for the client. - Brion Leary Biswajit Sen wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > I have used two different port for two oracle server. I am able to connect > to one oracle server but unable to connect to the second one thru plug-gw. I > have also checked that TCP connectivity between client pc to proxy server > and from proxy server to oracle server. > > Regards, > Biswajit > > >From: Beuserie Fr�d�ric (stbrice dsi) > >To: "'Biswajit Sen'" > >CC: fwtk-users@ex.tis.com > >Subject: RE: Help Needed > >Date: Mon, 14 May 2001 14:17:25 +0200 > > > >plug-gw does nothing with the tunneled protocol and more, it has nothing to > >do with multithreading on the other side of the tunnel. > > > >the solution: > >if the request came from the same ip adress to the same plug-gw listening > >port, plug-gw cannot choose between > >two or more destination. and you can't request it the destination when you > >establish the connection. > >use instead two plug-gw listening on two different port on the proxy and > >use > >-plug-to to the right destination oracle server. > >then customize your client to use different port when connecting to > >different server. > > > >----------------------------------------- > >Beuserie Frederic > >DSI / Syst�me et Exploitation - 3 Suisses Belgique > >Email: F.Beuserie@3Suisses.be > > > > > > > >-----Message d'origine----- > >De: Biswajit Sen [mailto:biswajit_sen@hotmail.com] > >Date: lundi 14 mai 2001 5:30 > >�: fwtk-users@lists.nai.com > >Objet: Help Needed > > > > > >[To be removed from this list send the message "unsubscribe fwtk-users" in > >the > >BODY of a mail message to majordomo@ex.tis.com.] > > > >Hi, > > > >I have installed TIS PLUG-GW (Ver. FWTK-2.0) generic proxy server on a HP > >UX > > > >Box (Ver. B.11.00 U 9000/800). I tried to connect two different database > >server through this proxy server from a client PC. I can successfully > >connect to one database server (running dedicated Oracle server ver. > >7.3.4.4.1) using SQLPLUS. But I am unable to connect to second proxy server > >using SQLPLUS. Second database server is running on Multithreaded Oracle > >ver.7.3.4.4.1 > > > >I am able to ping second database server from proxy server. Also if I use > >"TELNET

" > >I am getting a connection. > > > >Is this version of plug-gw capable of giving connection to a Multithreaded > >Oracle database server or I need to install any patch for that ? > > > >Your early response is highly appreciated. > > > >Thanks & regards, > >Biswajit > > > >_________________________________________________________________________ > >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > > > > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From owner-fwtk-users@ex.tis.com Wed May 16 02:31 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id CAA17447 Wed, 16 May 2001 02:31:34 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id BAA15861; Wed, 16 May 2001 01:36:06 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 16 May 2001 01:04:42 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id BAA14480 for fwtk-users-outgoing; Wed, 16 May 2001 01:04:26 -0500 (CDT) From: marat@ddsmfa.uz Message-ID: <091C890BD041D411988C00C0F00407662C7B@information04.ddsmfauz> To: fwtk-users@ex.tis.com Date: Wed, 16 May 2001 10:53:30 +0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain Content-Length: 906 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi! I'm novice(something like), so can somebody help me? Problem-> we had this config: RedHat 6.0 - kernel 2.2.13 - tis - squid. in netperm-table: "http-gw: policy -nojava -nojavascript -noactivex http-gw: default-policy -nojava -nojavascript -noactivex" squid looking only for tis(http-gw). That worked fine - all active elements was filtered... We'd saw it(filternig) in syslog and browsers on internal network did not saw it(active elements). now we have config: SUSe 7.1 - kernel 2.2.18 - tis - squid. netperm-table is the same. squid config is the same. But now active elements not filtering. We don't see it(filternig)[but we see other contents type] in syslog and browsers on internal network see it(active elements). Please, help. What we are doing wrong? Marat From owner-fwtk-users@ex.tis.com Wed May 16 05:11 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id FAA17855 Wed, 16 May 2001 05:11:25 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id EAA27124; Wed, 16 May 2001 04:15:57 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 16 May 2001 03:44:30 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id DAA25794 for fwtk-users-outgoing; Wed, 16 May 2001 03:44:14 -0500 (CDT) From: eduval@synergia-france.com.fr Message-ID: <3B023A62.1A97C3AF@synergia-france.com.fr> Date: Wed, 16 May 2001 10:29:22 +0200 X-Mailer: Mozilla 4.72 [en] (WinNT; I) X-Accept-Language: fr MIME-Version: 1.0 To: TIS FWTK Subject: No data access for one site WWWW Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 850 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I use FWTK 2.1 with http-gw. I don't have any problem, but I don't have access on the site http://www.credit-du-nord.fr/ I don't understand why. The other site http://www.bnp.fr/ has the same architectural network security, I have access at the site, no problem. Can you make a test with your configuration ? thanks a lot. My configuration for http-gw in my netperm-table : -------------------------------------------------- [...] http-gw: permit-hosts option -java -javascript -activex http-gw: permit-hosts 10.10.10.3 http-gw: deny-hosts unknown http-gw: deny-hosts * http-gw: default-policy -java -javascript -activex http-gw: policy -java -javascript -activex [...] From owner-fwtk-users@ex.tis.com Wed May 16 07:30 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id HAA18105 Wed, 16 May 2001 07:30:20 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id GAA01602; Wed, 16 May 2001 06:34:52 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 16 May 2001 06:02:41 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA00209 for fwtk-users-outgoing; Wed, 16 May 2001 06:02:25 -0500 (CDT) Date: Wed, 16 May 2001 07:01:04 -0400 (EDT) From: Ted Keller To: cc: Subject: Re: your mail In-Reply-To: <091C890BD041D411988C00C0F00407662C7B@information04.ddsmfauz> Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1444 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] If I remember right, the active filtering was an add-on patch to http-gw. Question, when you built your new tis system, did you use the same sources - or did you revert back to the original distribution. May want to check at www.fwtk.org and verify that you have all of the http-gw patches. ted keller On Wed, 16 May 2001 marat@ddsmfa.uz wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi! > > I'm novice(something like), so can somebody help me? > > Problem-> > > we had this config: > RedHat 6.0 - kernel 2.2.13 - tis - squid. > in netperm-table: > "http-gw: policy -nojava -nojavascript -noactivex > http-gw: default-policy -nojava -nojavascript -noactivex" > squid looking only for tis(http-gw). > That worked fine - all active elements was filtered... > We'd saw it(filternig) in syslog and browsers on internal network did not > saw it(active elements). > > now we have config: > SUSe 7.1 - kernel 2.2.18 - tis - squid. > netperm-table is the same. > squid config is the same. > But now active elements not filtering. > We don't see it(filternig)[but we see other contents type] in syslog and > browsers on internal network see it(active elements). > > Please, help. > What we are doing wrong? > > Marat > > From owner-fwtk-users@ex.tis.com Wed May 16 12:47 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA19068 Wed, 16 May 2001 12:47:22 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA04901; Wed, 16 May 2001 11:51:55 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 16 May 2001 11:19:18 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id LAA00584 for fwtk-users-outgoing; Wed, 16 May 2001 11:19:01 -0500 (CDT) X-Authentication-Warning: guardian.hartwellcorp.com: mail set sender to using -f Message-ID: <91A5926EFF44D3118B1200104B7276EB6550C5@hart-exchange.hartwellcorp.com> From: "Michael St. Laurent" To: "'eduval@synergia-france.com.fr'" , TIS FWTK Subject: RE: No data access for one site WWWW Date: Wed, 16 May 2001 09:17:42 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 1497 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] It doesn't work from my site either. If I use a system from outside the firewall however, it works fine. Looks like FWTK has a problem with the server that's running at their site. -------------------- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: eduval@synergia-france.com.fr > [mailto:eduval@synergia-france.com.fr] > Sent: Wednesday, May 16, 2001 1:29 AM > To: TIS FWTK > Subject: No data access for one site WWWW > > > [To be removed from this list send the message "unsubscribe > fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > I use FWTK 2.1 with http-gw. I don't have any problem, but > I don't have access on the site http://www.credit-du-nord.fr/ > I don't understand why. > > The other site http://www.bnp.fr/ has the same architectural network > security, I have > access at the site, no problem. > > Can you make a test with your configuration ? thanks a lot. > > My configuration for http-gw in my netperm-table : > -------------------------------------------------- > [...] > http-gw: permit-hosts option -java -javascript -activex > http-gw: permit-hosts 10.10.10.3 > http-gw: deny-hosts unknown > http-gw: deny-hosts * > http-gw: default-policy -java -javascript -activex > http-gw: policy -java -javascript -activex > [...] > From owner-fwtk-users@ex.tis.com Thu May 17 08:07 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id IAA21346 Thu, 17 May 2001 08:07:20 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id HAA05999; Thu, 17 May 2001 07:11:54 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 17 May 2001 06:34:06 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA02562 for fwtk-users-outgoing; Thu, 17 May 2001 06:33:50 -0500 (CDT) Subject: Re: No data access for one site WWWW From: Tony Gale To: eduval@synergia-france.com.fr Cc: TIS FWTK In-Reply-To: <3B023A62.1A97C3AF@synergia-france.com.fr> References: <3B023A62.1A97C3AF@synergia-france.com.fr> X-Mailer: Evolution/0.10 (Preview Release) Date: 17 May 2001 12:09:30 +0100 Message-Id: <990097770.19773.1.camel@syntax.dera.gov.uk> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: multipart/mixed; boundary="=-fyD39nVjStIKOHuBTljh" Content-Length: 9456 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] --=-fyD39nVjStIKOHuBTljh Content-Type: text/plain On 16 May 2001 10:29:22 +0200, eduval@synergia-france.com.fr wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > I use FWTK 2.1 with http-gw. I don't have any problem, but > I don't have access on the site http://www.credit-du-nord.fr/ > I don't understand why. > They are running a broken version of IIS 4.0. The attached patch will work around the problem. Apply on top of the jumbo patch on www.fwtk.org. -tony --=-fyD39nVjStIKOHuBTljh Content-Type: text/x-patch Content-Disposition: attachment; filename=fwtk-broken-web.diff Content-ID: 990097688.19754.0.camel@syntax.dera.gov.uk Content-Transfer-Encoding: 7bit Only in fwtk.dist/fwtk: Makefile.config Only in fwtk.patched/fwtk/http-gw: auth.c.rej Only in fwtk.patched/fwtk/http-gw: ftp.c.rej diff -ur fwtk.dist/fwtk/http-gw/hmain.c fwtk.patched/fwtk/http-gw/hmain.c --- fwtk.dist/fwtk/http-gw/hmain.c Wed Dec 20 14:58:07 2000 +++ fwtk.patched/fwtk/http-gw/hmain.c Wed Dec 20 14:53:29 2000 @@ -942,24 +942,35 @@ char *s; int n; { - char *buff; + /* Attempt to write the message in one packet + * Failing that, try and make sure it all gets sent + * TRG - 20001220 + */ + char *buff, *buffptr; int retval; - - /* Attempt to send message in one packet - * Some FTP servers don't like split messages - * TRG - 20001114 - */ - if ( (buff = malloc(n+2)) == NULL) { + int length; + + if ( (buff = malloc(n+2)) == NULL) { if(net_write(fd,s,n) != n) return(1); return(net_write(fd,"\r\n",2) != 2); } - memcpy(buff, s, n); - buff[n]='\r'; - buff[n+1]='\n'; - retval = net_write(fd,buff,n+2); - free(buff); - return(retval); + memcpy(buff, s, n); + buff[n]='\r'; + buff[n+1]='\n'; + length = n+2; + buffptr = buff; + while (length > 0) { + retval = net_write(fd,buffptr,length); + if (retval > 0) { + length -= retval; + buffptr += retval; + } else { + break; + } + } + free(buff); + return(retval); } Only in fwtk.patched/fwtk/http-gw: hmain.c.orig Only in fwtk.patched/fwtk/http-gw: hmain.c.rej diff -ur fwtk.dist/fwtk/http-gw/http-gw.c fwtk.patched/fwtk/http-gw/http-gw.c --- fwtk.dist/fwtk/http-gw/http-gw.c Wed Dec 20 14:58:07 2000 +++ fwtk.patched/fwtk/http-gw/http-gw.c Wed Dec 20 16:13:49 2000 @@ -568,7 +568,7 @@ if( (rem_type & TYPE_HTTP) ){ int hlen = 0; if( http_protocol[0] != '\0'){ - copy_http_headers( -1, sockfd, 0, &hlen, G_NOPERM); + copy_http_headers( NULL, -1, sockfd, 0, &hlen, G_NOPERM); } } if( rem_type & TYPE_FTP){ @@ -1178,8 +1178,7 @@ }else{ sprintf(go_request,"%s%s", http_method, buf); } - if( rfd != -1)say(rfd, go_request); - + frominternal: if( http_protocol[0]){ /* Was there http protocol info? */ int hlen = 0; @@ -1187,7 +1186,7 @@ if( (permissions & G_PLUS) == 0) rfd = -1; - if( copy_http_headers(rfd, sockfd, (rem_type&TYPE_WRITE), &hlen, G_NOPERM) && + if( copy_http_headers(go_request, rfd, sockfd, (rem_type&TYPE_WRITE), &hlen, G_NOPERM) && (rem_type&TYPE_WRITE)){ rfd = rsaved; trans_html_file(rfd, sockfd, "http", hlen); @@ -1198,12 +1197,15 @@ return 0; } rfd = rsaved; + } else { + if( rfd != -1) + say(rfd, go_request); } - + /* Get possible response line (maybe an old server)*/ if( get_http_response(sockfd, rfd)){ - if( copy_http_headers(sockfd, rfd, 1, NULL, logging)){ + if( copy_http_headers(NULL, sockfd, rfd, 1, NULL, logging)){ trans_html_file(sockfd, rfd, "http", -1); } }else if( rem_type & TYPE_HEAD){ @@ -1230,7 +1232,16 @@ return 0; } -int copy_http_headers(sockfd, rfd,expect_data, lptr, logging) +/* copy_http_headers buffers its output in an attempt to workaround + * some broken web servers that can't handle receiving requests that are + * split over multiple packets + * TRG - 20001220 + */ + +#define REQ_BUFF_LEN (MAX_URL_LEN*2) /* SECURITY: Must be bigger than MAX_URL_LEN */ + +int copy_http_headers(request, sockfd, rfd,expect_data, lptr, logging) +char *request; int sockfd, rfd; int expect_data, *lptr, logging; { int len, cnt; @@ -1238,12 +1249,26 @@ int n; static char content_len[80]; static char content_type[513]; + static char request_buff[REQ_BUFF_LEN]; + int request_buff_len; int tmpX; char *tmpP; + request_buff_len = 0; + if ( request && (strlen(request) > REQ_BUFF_LEN-3)) { + goto broken; + } + + if (request) { + request_buff_len = strlen(request); + strncpy(request_buff, request, request_buff_len); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; + } + content_len[0] = '\0'; content_type[0]= '\0'; - + if( lptr) *lptr = 0; @@ -1263,7 +1288,15 @@ }else if( checkBrowserType && !strncasecmp(go_request, "user-agent:", 11) ) { if( sockfd != -1){ - say(sockfd, go_request); + if ((strlen(go_request)+request_buff_len+2) > REQ_BUFF_LEN-1) { + request_buff[request_buff_len-2] = '\0'; + say(sockfd, request_buff); + request_buff_len = 0; + } + strncpy(request_buff+request_buff_len, go_request, strlen(go_request)); + request_buff_len += strlen(go_request); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; } if (nojava == 2) for (tmpX=0; @@ -1287,7 +1320,15 @@ cpystr(content_type, go_request, 512); content_type[511] = '\0'; if( sockfd != -1){ - say(sockfd, go_request); + if ((strlen(go_request)+request_buff_len+2) > REQ_BUFF_LEN-1) { + request_buff[request_buff_len-2] = '\0'; + say(sockfd, request_buff); + request_buff_len = 0; + } + strncpy(request_buff+request_buff_len, go_request, strlen(go_request)); + request_buff_len += strlen(go_request); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; } if( logging & G_CONTYPE){ syslog(LLEV,"content-type=%.512s", &go_request[13]); @@ -1299,11 +1340,27 @@ if( dont_touch(p) == 0){ sprintf(errbuf, "Location: http://%s:%u/%s", ourname, ourport, p); if( sockfd != -1){ - say(sockfd, errbuf) ; + if ((strlen(errbuf)+request_buff_len+2) > REQ_BUFF_LEN-1) { + request_buff[request_buff_len-2] = '\0'; + say(sockfd, request_buff); + request_buff_len = 0; + } + strncpy(request_buff+request_buff_len, errbuf, strlen(errbuf)); + request_buff_len += strlen(errbuf); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; } }else{ if( sockfd != -1){ - say(sockfd, go_request) ; + if ((strlen(go_request)+request_buff_len+2) > REQ_BUFF_LEN-1) { + request_buff[request_buff_len-2] = '\0'; + say(sockfd, request_buff); + request_buff_len = 0; + } + strncpy(request_buff+request_buff_len, go_request, strlen(go_request)); + request_buff_len += strlen(go_request); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; } } }else if( !strncasecmp(go_request, "connection:", 11)){ @@ -1312,7 +1369,15 @@ continue; }else { if( sockfd != -1){ - say(sockfd, go_request) ; + if ((strlen(go_request)+request_buff_len+2) > REQ_BUFF_LEN-1) { + request_buff[request_buff_len-2] = '\0'; + say(sockfd, request_buff); + request_buff_len = 0; + } + strncpy(request_buff+request_buff_len, go_request, strlen(go_request)); + request_buff_len += strlen(go_request); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; } } } @@ -1342,11 +1407,20 @@ /* not an html file? so just block copy */ if( content_len[0]){ if( sockfd != -1){ - say(sockfd,content_len) ; + if ((strlen(content_len)+request_buff_len+2) > REQ_BUFF_LEN-1) { + request_buff[request_buff_len-2] = '\0'; + say(sockfd, request_buff); + request_buff_len = 0; + } + strncpy(request_buff+request_buff_len, content_len, strlen(content_len)); + request_buff_len += strlen(content_len); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; } } if( sockfd != -1){ - say(sockfd,"") ; + request_buff[request_buff_len] = '\0'; + say(sockfd, request_buff); } if(expect_data && (rem_type & TYPE_HEAD)==0){ @@ -1384,11 +1458,20 @@ ishtml: if( lptr){ /* its a POST so need content-length: */ if(content_len[0] && sockfd != -1){ - say(sockfd, content_len) ; + if ((strlen(content_len)+request_buff_len+2) > REQ_BUFF_LEN-1) { + request_buff[request_buff_len-2] = '\0'; + say(sockfd, request_buff); + request_buff_len = 0; + } + strncpy(request_buff+request_buff_len, content_len, strlen(content_len)); + request_buff_len += strlen(content_len); + strncpy(request_buff+request_buff_len, "\r\n", 2); + request_buff_len += 2; } } if( sockfd != -1){ - say(sockfd,"") ; + request_buff[request_buff_len] = '\0'; + say(sockfd, request_buff); } if( rem_type & TYPE_HEAD){ return 0; /* flag as done */ --=-fyD39nVjStIKOHuBTljh-- From owner-fwtk-users@ex.tis.com Thu May 17 12:06 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA23782 Thu, 17 May 2001 12:06:05 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA07314; Thu, 17 May 2001 11:10:33 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 17 May 2001 10:34:36 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA27749 for fwtk-users-outgoing; Thu, 17 May 2001 10:34:19 -0500 (CDT) From: eduval@synergia-france.com.fr Message-ID: <3B03E8D7.A5A34731@synergia-france.com.fr> Date: Thu, 17 May 2001 17:05:59 +0200 X-Mailer: Mozilla 4.72 [en] (WinNT; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tony Gale CC: TIS FWTK Subject: Re: No data access for one site WWWW References: <3B023A62.1A97C3AF@synergia-france.com.fr> <990097770.19773.1.camel@syntax.dera.gov.uk> Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1005 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Thanks a lot for your patch, the problem is finish. Tony Gale wrote: > > On 16 May 2001 10:29:22 +0200, eduval@synergia-france.com.fr wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Hi, > > > > I use FWTK 2.1 with http-gw. I don't have any problem, but > > I don't have access on the site http://www.credit-du-nord.fr/ > > I don't understand why. > > > > They are running a broken version of IIS 4.0. The attached patch will > work around the problem. Apply on top of the jumbo patch on > www.fwtk.org. > > -tony > > ------------------------------------------------------------------------ > Name: fwtk-broken-web.diff > fwtk-broken-web.diff Type: text/x-patch > Encoding: 7bit From owner-fwtk-users@ex.tis.com Thu May 17 13:34 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id NAA24097 Thu, 17 May 2001 13:34:03 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id MAA22384; Thu, 17 May 2001 12:38:36 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 17 May 2001 12:06:18 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id MAA16517 for fwtk-users-outgoing; Thu, 17 May 2001 12:05:59 -0500 (CDT) X-Authentication-Warning: guardian.hartwellcorp.com: mail set sender to using -f Message-ID: <91A5926EFF44D3118B1200104B7276EB6550C9@hart-exchange.hartwellcorp.com> From: "Michael St. Laurent" To: "'Tony Gale'" , eduval@synergia-france.com.fr Cc: TIS FWTK Subject: RE: No data access for one site WWWW Date: Thu, 17 May 2001 10:04:28 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 1018 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] OK, that worked. Thanks. :-) -------------------- Michael St. Laurent Hartwell Corporation > -----Original Message----- > From: Tony Gale [mailto:gale@syntax.dera.gov.uk] > Sent: Thursday, May 17, 2001 4:09 AM > To: eduval@synergia-france.com.fr > Cc: TIS FWTK > Subject: Re: No data access for one site WWWW > > > On 16 May 2001 10:29:22 +0200, eduval@synergia-france.com.fr wrote: > > [To be removed from this list send the message > "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Hi, > > > > I use FWTK 2.1 with http-gw. I don't have any problem, but > > I don't have access on the site http://www.credit-du-nord.fr/ > > I don't understand why. > > > > They are running a broken version of IIS 4.0. The attached patch will > work around the problem. Apply on top of the jumbo patch on > www.fwtk.org. > > -tony > > From owner-fwtk-users@ex.tis.com Thu May 17 14:37 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id OAA24235 Thu, 17 May 2001 14:37:04 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id NAA04518; Thu, 17 May 2001 13:41:37 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 17 May 2001 13:08:49 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA27749 for fwtk-users-outgoing; Thu, 17 May 2001 10:34:19 -0500 (CDT) From: eduval@synergia-france.com.fr Message-ID: <3B03E8D7.A5A34731@synergia-france.com.fr> Date: Thu, 17 May 2001 17:05:59 +0200 X-Mailer: Mozilla 4.72 [en] (WinNT; I) X-Accept-Language: fr MIME-Version: 1.0 To: Tony Gale CC: TIS FWTK Subject: Re: No data access for one site WWWW References: <3B023A62.1A97C3AF@synergia-france.com.fr> <990097770.19773.1.camel@syntax.dera.gov.uk> Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1005 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Thanks a lot for your patch, the problem is finish. Tony Gale wrote: > > On 16 May 2001 10:29:22 +0200, eduval@synergia-france.com.fr wrote: > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Hi, > > > > I use FWTK 2.1 with http-gw. I don't have any problem, but > > I don't have access on the site http://www.credit-du-nord.fr/ > > I don't understand why. > > > > They are running a broken version of IIS 4.0. The attached patch will > work around the problem. Apply on top of the jumbo patch on > www.fwtk.org. > > -tony > > ------------------------------------------------------------------------ > Name: fwtk-broken-web.diff > fwtk-broken-web.diff Type: text/x-patch > Encoding: 7bit From owner-fwtk-users@ex.tis.com Mon May 21 09:40 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id JAA03397 Mon, 21 May 2001 09:40:39 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id IAA01680; Mon, 21 May 2001 08:45:14 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Mon, 21 May 2001 08:06:53 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id IAA26710 for fwtk-users-outgoing; Mon, 21 May 2001 08:06:36 -0500 (CDT) Message-ID: <3B0912CE.F9DBBB00@ctimail3.com> Date: Mon, 21 May 2001 21:06:22 +0800 From: TomC X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: fwtk Subject: Compile error Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 483 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi all, I met the compile error in bsdi 4.1 all: /usr/home/xyz/fwtk/fwtk/lib all: /usr/home/xyz/fwtk/fwtk/auth gcc -g -o authmgr authmgr.o ../libauth.a ../libfwall.a ../libfwall.a(conn.o): In function `conn_server': /usr/home/xyz/fwtk/fwtk/lib/conn.c:56: undefined reference to `inet_addr' *** Error code 1 Stop. *** Error code 1 Stop. How to fix? From owner-fwtk-users@ex.tis.com Tue May 22 12:12 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA06712 Tue, 22 May 2001 12:12:58 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA08737; Tue, 22 May 2001 11:17:36 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 22 May 2001 10:39:01 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA02474 for fwtk-users-outgoing; Tue, 22 May 2001 10:38:45 -0500 (CDT) Date: Tue, 22 May 2001 17:37:30 +0200 From: kouidri@ocean1.generale-des-eaux.net To: fwtk-users@ex.tis.com Subject: netperm-table : restricted destinations Message-ID: <20010522173730.A47306@ocean1.generale-des-eaux.net> Mime-Version: 1.0 X-Mailer: Mutt 0.95.6i Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 463 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, I am using ftp-gw and it works fine. In my netperm-table there is the following access-list : ftp-gw: permit-hosts MY_IP_SOURCES -authall -log { retr stor } This allows MY_IP_SOURCES to contact the ftp-proxy and then connect ANY hosts. Is it possible to limit the access to certain destination hosts ? Thanks. Frederic From owner-fwtk-users@ex.tis.com Tue May 22 12:16 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA06718 Tue, 22 May 2001 12:16:51 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA09319; Tue, 22 May 2001 11:21:30 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 22 May 2001 10:48:23 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA03932 for fwtk-users-outgoing; Tue, 22 May 2001 10:48:07 -0500 (CDT) Message-ID: <79C524BDBB22D411915800A0C96F68FB9FE396@A8MC.PSNS.NAVY.MIL> From: Fritsch Jonathan D CONT PSNS To: "'fwtk-users@lists.nai.com'" Subject: plug-gw Date: Tue, 22 May 2001 08:39:56 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-N-Score: scored -400 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 379 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I'm trying to configure my TIS to allow all traffic from a source though the Firewall on any port. The product that I'm using requires daily update, and TIS is currently blocking the source from allow the traffic though. Can you help? - Jonathan From owner-fwtk-users@ex.tis.com Tue May 22 14:21 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id OAA07054 Tue, 22 May 2001 14:21:41 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id NAA29336; Tue, 22 May 2001 13:26:22 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 22 May 2001 12:51:39 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id MAA22969 for fwtk-users-outgoing; Tue, 22 May 2001 12:51:23 -0500 (CDT) Message-ID: <79C524BDBB22D411915800A0C96F68FB9FE397@A8MC.PSNS.NAVY.MIL> From: Fritsch Jonathan D CONT PSNS To: "'kouidri@ocean1.generale-des-eaux.net'" Cc: fwtk-users@ex.tis.com Subject: RE: netperm-table : restricted destinations Date: Tue, 22 May 2001 10:30:09 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-N-Score: scored -400 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="iso-8859-1" Content-Length: 980 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Try adding -dest and then the web address. This should work. ftp-gw: permit-hosts MY_IP_SOURCES -authall -log { retr stor } -dest www.test.com - Jonathan -----Original Message----- From: kouidri@ocean1.generale-des-eaux.net [mailto:kouidri@ocean1.generale-des-eaux.net] Sent: Tuesday, May 22, 2001 8:38 AM To: fwtk-users@ex.tis.com Subject: netperm-table : restricted destinations [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello, I am using ftp-gw and it works fine. In my netperm-table there is the following access-list : ftp-gw: permit-hosts MY_IP_SOURCES -authall -log { retr stor } This allows MY_IP_SOURCES to contact the ftp-proxy and then connect ANY hosts. Is it possible to limit the access to certain destination hosts ? Thanks. Frederic From owner-fwtk-users@ex.tis.com Tue May 22 20:55 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id UAA07780 Tue, 22 May 2001 20:55:23 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id UAA18888; Tue, 22 May 2001 20:00:04 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 22 May 2001 19:25:34 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id TAA16475 for fwtk-users-outgoing; Tue, 22 May 2001 19:25:17 -0500 (CDT) Message-Id: <5.1.0.14.0.20010522200517.01f8a920@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 22 May 2001 20:16:23 -0400 To: Fritsch Jonathan D CONT PSNS , "'fwtk-users@lists.nai.com'" From: Rick Murphy Subject: Re: plug-gw In-Reply-To: <79C524BDBB22D411915800A0C96F68FB9FE396@A8MC.PSNS.NAVY.MIL> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 871 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 08:39 AM 5/22/01 -0700, Fritsch Jonathan D CONT PSNS wrote: >I'm trying to configure my TIS to allow all traffic from a source though the >Firewall on any port. The product that I'm using requires daily update, and >TIS is currently blocking the source from allow the traffic though. Can you >help? The Firewall Toolkit doesn't have any way to permit connections on any port. Does this application really use a completely arbitrary destination port number? If so, there has to be some way that the port number is communicated between the client and the server; you'll either have to write a proxy to find out that port number, or you'll have to resort to using packet filtering rules to allow this traffic through. -Rick From owner-fwtk-users@ex.tis.com Wed May 23 23:18 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id XAA11322 Wed, 23 May 2001 23:18:08 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id WAA12858; Wed, 23 May 2001 22:21:31 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 23 May 2001 20:01:57 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id UAA04908 for fwtk-users-outgoing; Wed, 23 May 2001 20:01:06 -0500 (CDT) Date: Wed, 23 May 2001 10:12:21 +0200 From: kouidri@ocean1.generale-des-eaux.net To: Fritsch Jonathan D CONT PSNS Cc: fwtk-users@ex.tis.com Subject: Re: netperm-table : restricted destinations Message-ID: <20010523101221.A22364@ocean1.generale-des-eaux.net> References: <79C524BDBB22D411915800A0C96F68FB9FE397@A8MC.PSNS.NAVY.MIL> Mime-Version: 1.0 X-Mailer: Mutt 0.95.6i In-Reply-To: <79C524BDBB22D411915800A0C96F68FB9FE397@A8MC.PSNS.NAVY.MIL>; from Fritsch Jonathan D CONT PSNS on Tue, May 22, 2001 at 10:30:09AM -0700 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1322 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] It works perfectly ! Thank you Jonathan Frederic On Tue, May 22, 2001 at 10:30:09AM -0700, Fritsch Jonathan D CONT PSNS wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Try adding -dest and then the web address. > > This should work. > > ftp-gw: permit-hosts MY_IP_SOURCES -authall -log { retr stor } -dest > www.test.com > > - Jonathan > > -----Original Message----- > From: kouidri@ocean1.generale-des-eaux.net > [mailto:kouidri@ocean1.generale-des-eaux.net] > Sent: Tuesday, May 22, 2001 8:38 AM > To: fwtk-users@ex.tis.com > Subject: netperm-table : restricted destinations > > > [To be removed from this list send the message "unsubscribe fwtk-users" in > the > BODY of a mail message to majordomo@ex.tis.com.] > > Hello, > > I am using ftp-gw and it works fine. > > In my netperm-table there is the following access-list : > > ftp-gw: permit-hosts MY_IP_SOURCES -authall -log { retr stor } > > This allows MY_IP_SOURCES to contact the ftp-proxy and then connect ANY > hosts. > > Is it possible to limit the access to certain destination hosts ? > > Thanks. > > Frederic > From owner-fwtk-users@ex.tis.com Wed May 23 23:18 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id XAA11325 Wed, 23 May 2001 23:18:11 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id WAA12862; Wed, 23 May 2001 22:21:34 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 23 May 2001 19:59:58 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id TAA04839 for fwtk-users-outgoing; Wed, 23 May 2001 19:58:56 -0500 (CDT) Message-Id: <5.1.0.14.0.20010521205803.01f39ec0@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 21 May 2001 21:01:57 -0400 To: TomC , fwtk From: Rick Murphy Subject: Re: Compile error In-Reply-To: <3B0912CE.F9DBBB00@ctimail3.com> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 1034 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 09:06 PM 5/21/01 +0800, TomC wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >Hi all, >I met the compile error in bsdi 4.1 > >all: /usr/home/xyz/fwtk/fwtk/lib >all: /usr/home/xyz/fwtk/fwtk/auth >gcc -g -o authmgr authmgr.o ../libauth.a ../libfwall.a >../libfwall.a(conn.o): In function `conn_server': >/usr/home/xyz/fwtk/fwtk/lib/conn.c:56: undefined reference to >`inet_addr' >*** Error code 1 > >Stop. >*** Error code 1 > >Stop. > >How to fix? Try "man inet_addr" on your BSDI system. What header files are required to define it? Are there any special libraries that you need to include to reference it? That's usually in the C library, but your OS may have moved it to some other library; that will require you to edit the Makefile.config to add that library to the AUXLIBS definition. -Rick From owner-fwtk-users@ex.tis.com Thu May 24 11:09 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA12568 Thu, 24 May 2001 11:09:03 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA25377; Thu, 24 May 2001 10:12:35 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 24 May 2001 07:54:17 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id HAA09465 for fwtk-users-outgoing; Thu, 24 May 2001 07:53:31 -0500 (CDT) Message-ID: <3B0D0092.69061B4B@ordix.de> Date: Thu, 24 May 2001 14:37:38 +0200 From: Markus Schreier X-Mailer: Mozilla 4.7 [de]C-CCK-MCD QXW03237 (WinNT; I) X-Accept-Language: de,en MIME-Version: 1.0 To: fwtk-users@lists.nai.com Subject: Bind - Log entry suspicious References: <3A94F9D8.683DB90C@interchain.nl> <3A9515BC.801E317C@interchain.nl> Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 745 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hello all, i know named is a bit off topic. But still i hope you can help me with my question. We are running named verson 8.2.3 Now i've discoverd the following log-entry: ....... named[8999]: Response from unexpected source ([205.252.14.31].53) I would guess, that someone tried to pass over data to the nameserver, which was not requested. I hope my nameserver didn't accept it. I found out the name of the calling server: Name: ns-corp3b.cais.net Address: 205.252.14.31 Does anybody know, what realy happend ? Do i've to take actions? Thanks for your help. Markus Schreier Systeme & Netze ORDIX AG From owner-fwtk-users@ex.tis.com Thu May 24 19:31 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id TAA13770 Thu, 24 May 2001 19:31:02 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id SAA07571; Thu, 24 May 2001 18:34:40 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 24 May 2001 15:46:49 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id PAA16666 for fwtk-users-outgoing; Thu, 24 May 2001 15:45:28 -0500 (CDT) Date: Thu, 24 May 2001 16:45:09 -0400 From: Joseph S D Yao To: Markus Schreier Cc: fwtk-users@lists.nai.com Subject: Re: Bind - Log entry suspicious Message-ID: <20010524164509.M19910@washington.cospo.osis.gov> Mail-Followup-To: Markus Schreier , fwtk-users@lists.nai.com References: <3A94F9D8.683DB90C@interchain.nl> <3A9515BC.801E317C@interchain.nl> <3B0D0092.69061B4B@ordix.de> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B0D0092.69061B4B@ordix.de>; from ms@ordix.de on Thu, May 24, 2001 at 02:37:38PM +0200 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1221 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Thu, May 24, 2001 at 02:37:38PM +0200, Markus Schreier wrote: ... > We are running named verson 8.2.3 > > Now i've discoverd the following log-entry: > ....... named[8999]: Response from unexpected source > ([205.252.14.31].53) > > > I would guess, that someone tried to pass over data to the nameserver, > which was not requested. I hope my nameserver didn't accept it. > > I found out the name of the calling server: > Name: ns-corp3b.cais.net > Address: 205.252.14.31 > > Does anybody know, what realy happend ? Do i've to take actions? Gee, I thought this was a bind-users mailing list question until I hit "r"espond. ;-) Look back in your log a bit, back LONGER than the name resolver time-out. If you're logging the name server's queries, I suspect that you'll find that a query went out TO this name server, but timed out. Then it responded! -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Fri May 25 10:26 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id KAA15653 Fri, 25 May 2001 10:26:47 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id JAA00835; Fri, 25 May 2001 09:30:26 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 25 May 2001 06:43:05 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA12267 for fwtk-users-outgoing; Fri, 25 May 2001 06:41:44 -0500 (CDT) Message-Id: <200105250826.EAA30628@voyager.eagletrim.com> From: "Wes Szumera" Organization: Eagle Trim Inc. To: fwtk-users@lists.nai.com Date: Fri, 25 May 2001 07:44:04 -0400 MIME-Version: 1.0 Content-transfer-encoding: 7BIT Subject: dealing with mail to non-existant accounts X-mailer: Pegasus Mail for Win32 (v3.01d) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=US-ASCII Content-Length: 940 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] What is the best way(s) to deal with users that leave as far as e-mail is concerned. I deleted the mail accounts of some people that recently left us but now get a host unknown message when mail makes it to the internal mail server that no longer has an acount and then tryies to return it to the originating address in the e-mail that really doesn't exist since most of this is spam, opt-in spam, ect that has an address you can't reply to. It is getting a bit anoying and since smap is accepting the mail, the junk mailers keep sending the stuff. What is best way to block. We are talking about 9 or 10 people tops. Thanks, WEs Wes Szumera Plant Engineer Eagle Trim Inc. 0829 US 131 NW Kalkaska, MI 49646-0460 voice 231 258 4150 ext 3024 fax 231 258 4153 From owner-fwtk-users@ex.tis.com Fri May 25 12:00 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA16059 Fri, 25 May 2001 12:00:58 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA15795; Fri, 25 May 2001 11:04:35 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 25 May 2001 08:20:29 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id IAA20064 for fwtk-users-outgoing; Fri, 25 May 2001 08:19:08 -0500 (CDT) Message-Id: <200105251003.GAA30922@voyager.eagletrim.com> From: "Wes Szumera" Organization: Eagle Trim Inc. To: fwtk-users@ex.tis.com Date: Fri, 25 May 2001 09:20:41 -0400 MIME-Version: 1.0 Content-transfer-encoding: 7BIT Subject: dealing with mail to non-existant accounts X-mailer: Pegasus Mail for Win32 (v3.01d) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=US-ASCII Content-Length: 1019 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Pardon me if you recieved this twice. My first post was to the wrong address. What is the best way(s) to deal with users that leave as far as e-mail is concerned. I deleted the mail accounts of some people that recently left us but now get a host unknown message when mail makes it to the internal mail server that no longer has an acount and then tryies to return it to the originating address in the e-mail that really doesn't exist since most of this is spam, opt-in spam, ect that has an address you can't reply to. It is getting a bit anoying and since smap is accepting the mail, the junk mailers keep sending the stuff. What is best way to block. We are talking about 9 or 10 people tops. Thanks, WEs Wes Szumera Plant Engineer Eagle Trim Inc. 0829 US 131 NW Kalkaska, MI 49646-0460 voice 231 258 4150 ext 3024 fax 231 258 4153 From owner-fwtk-users@ex.tis.com Fri May 25 17:25 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA16787 Fri, 25 May 2001 17:25:42 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id QAA00339; Fri, 25 May 2001 16:29:17 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 25 May 2001 13:46:17 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id NAA06041 for fwtk-users-outgoing; Fri, 25 May 2001 13:44:56 -0500 (CDT) Date: Fri, 25 May 2001 14:44:16 -0400 (EDT) From: Ted Keller To: Wes Szumera cc: Subject: Re: dealing with mail to non-existant accounts In-Reply-To: <200105250826.EAA30628@voyager.eagletrim.com> Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1516 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Wes, I implemented a "blocking" mechanism in smap. This allows from/to combinations for blocking mail of this type. Simple entries like <*> will have smap respond back with user unknown to the sender and never accept the e-mail. I borrowed this code off of someone else and integrated it into the smap code. I can supply if you are interested. ted keller On Fri, 25 May 2001, Wes Szumera wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > What is the best way(s) to deal with users that leave as far as e-mail > is concerned. I deleted the mail accounts of some people that > recently left us but now get a host unknown message when mail > makes it to the internal mail server that no longer has an acount and > then tryies to return it to the originating address in the e-mail that > really doesn't exist since most of this is spam, opt-in spam, ect that > has an address you can't reply to. > > It is getting a bit anoying and since smap is accepting the mail, the > junk mailers keep sending the stuff. What is best way to block. We > are talking about 9 or 10 people tops. > > Thanks, > > WEs > > > Wes Szumera > > Plant Engineer > Eagle Trim Inc. > 0829 US 131 NW > Kalkaska, MI 49646-0460 > > voice 231 258 4150 ext 3024 > fax 231 258 4153 > From owner-fwtk-users@ex.tis.com Fri May 25 22:58 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id WAA17253 Fri, 25 May 2001 22:58:16 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id WAA17258; Fri, 25 May 2001 22:01:56 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Fri, 25 May 2001 19:19:54 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id TAA11754 for fwtk-users-outgoing; Fri, 25 May 2001 19:18:33 -0500 (CDT) From: "Ken Long" To: fwtk-users@ex.tis.com Date: Fri, 25 May 2001 18:17:34 -0700 MIME-Version: 1.0 Content-transfer-encoding: 7BIT Subject: (Fwd) Re: dealing with mail to non-existant accounts Reply-to: Ken Long Message-ID: <3B0EA1BE.18927.2035D893@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=US-ASCII Content-Length: 1356 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] (I accidently sent this to Wes' private address. Why do some public email lists have the reply-to set to the author instead of the list?) Hi Wes, I use the spam-block feature in netperm-table to deny delivery to ex- employees like this: # These people are no longer with the company. # The wildcards are necessary. smap: spam-block deny * *elaine@lectrosonics.com* smap: spam-block deny * *denis@lectrosonics.com* smap: spam-block deny * *mikes@lectrosonics.com* This returns an immediate error to the sender and doesn't bother me with undesired host unknown messages. My blocks have grown to about 20 entries so far. I'm using smap 2.1 plus the Yao patches. Regards, Ken Long On 25 May 2001, at 9:20, Wes Szumera wrote: > What is the best way(s) to deal with users that leave as far as e-mail > is concerned. I deleted the mail accounts of some people that > recently left us but now get a host unknown message when mail > makes it to the internal mail server that no longer has an acount and > then tryies to return it to the originating address in the e-mail that > really doesn't exist since most of this is spam, opt-in spam, ect that > has an address you can't reply to. From owner-fwtk-users@ex.tis.com Tue May 29 11:35 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA26655 Tue, 29 May 2001 11:35:02 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA12281; Tue, 29 May 2001 10:38:46 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 07:50:36 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id HAA18629 for fwtk-users-outgoing; Tue, 29 May 2001 07:49:15 -0500 (CDT) Message-ID: <3B1399EC.4F0A9A99@istac.gov> Date: Tue, 29 May 2001 08:45:32 -0400 From: johnp Reply-To: johnp@istac.gov X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.2-2 i686) X-Accept-Language: en MIME-Version: 1.0 To: "fwtk-users@ex.tis.com" Subject: Split DNS Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 296 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Does anyone have the correct syntax for setting up Split DNS, using Bind 9? Specifically how the named.conf file is suppose to be setup with forward statements. JP From owner-fwtk-users@ex.tis.com Tue May 29 14:35 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id OAA27156 Tue, 29 May 2001 14:35:21 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id NAA09998; Tue, 29 May 2001 13:38:41 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 10:56:13 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id KAA15209 for fwtk-users-outgoing; Tue, 29 May 2001 10:54:52 -0500 (CDT) Message-ID: <3B13C6E9.D8C44635@lclcan.com> Date: Tue, 29 May 2001 11:57:30 -0400 From: Don Pro X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: fwtk Subject: smap Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 684 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, My mail server cannot except or send mail from/to the internet after I have installed the anti-relay, anti-spam patch for smap. I have been playing with this for some time, put it on the shelf for a bit and came back to it with some new ideas. I think I have most of it licked. In my /var/log./messages file, I see the error below. Unfortunately, I wish it were more descriptive as in what temp file, where and what permission it is expecting. May 29 11:55:14 lclweb smap[971]: fwtksyserr: cannot open temp file Permission denied Thanks, Don From owner-fwtk-users@ex.tis.com Tue May 29 15:14 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id PAA27271 Tue, 29 May 2001 15:14:05 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA16553; Tue, 29 May 2001 14:17:07 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 11:35:10 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id LAA21052 for fwtk-users-outgoing; Tue, 29 May 2001 11:33:48 -0500 (CDT) Message-ID: <3B13D00B.2CA7484C@lclcan.com> Date: Tue, 29 May 2001 12:36:27 -0400 From: Don Pro X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: fwtk Subject: smap Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 685 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, My mail server cannot except or send mail from/to the internet after I have installed the anti-relay, anti-spam patch for smap. I have been playing with this for some time, put it on the shelf for a bit and came back to it with some new ideas. I think I have most of it licked. In my /var/log./messages file, I see the error below. Unfortunately, I wish it were more descriptive as in what temp file, where and what permission it is expecting. May 29 11:55:14 lclweb smap[971]: fwtksyserr: cannot open temp file Permission denied Thanks, Don From owner-fwtk-users@ex.tis.com Tue May 29 17:37 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA27655 Tue, 29 May 2001 17:37:14 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id QAA11403; Tue, 29 May 2001 16:40:57 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 13:56:58 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id NAA13061 for fwtk-users-outgoing; Tue, 29 May 2001 13:55:36 -0500 (CDT) Message-ID: <3B13F12E.6D114002@lclcan.com> Date: Tue, 29 May 2001 14:57:50 -0400 From: Don Pro X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: fwtk Subject: smap anti relay patch Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 229 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Does anyone have documentation on how to use the #ifdef SPECIALDOMAIN hack in smap.c? Thanks, Don From owner-fwtk-users@ex.tis.com Tue May 29 18:00 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id SAA27684 Tue, 29 May 2001 18:00:32 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id RAA16215; Tue, 29 May 2001 17:04:13 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 14:23:06 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id OAA17209 for fwtk-users-outgoing; Tue, 29 May 2001 14:21:44 -0500 (CDT) Date: Tue, 29 May 2001 15:21:09 -0400 (EDT) From: Ted Keller To: Don Pro cc: fwtk Subject: Re: smap In-Reply-To: <3B13C6E9.D8C44635@lclcan.com> Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1097 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Don, The temp file location is specified in your netperm-table under the directory setting - normally something like /var/inspool This directory should be owned by the uid of your smap process. ted keller On Tue, 29 May 2001, Don Pro wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > Hi, > > My mail server cannot except or send mail from/to the internet after I > have installed the anti-relay, anti-spam patch for smap. I have been > playing with this for some time, put it on the shelf for a bit and came > back to it with some new ideas. I think I have most of it licked. In > my /var/log./messages file, I see the error below. Unfortunately, I > wish it were more descriptive as in what temp file, where and what > permission it is expecting. > > May 29 11:55:14 lclweb smap[971]: fwtksyserr: cannot open temp file > Permission denied > > > Thanks, > Don > > From owner-fwtk-users@ex.tis.com Tue May 29 18:12 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id SAA27706 Tue, 29 May 2001 18:12:36 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id RAA17438; Tue, 29 May 2001 17:16:21 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 14:34:33 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id OAA19358 for fwtk-users-outgoing; Tue, 29 May 2001 14:33:12 -0500 (CDT) Message-ID: <3B13F9FB.E2A3E56D@lclcan.com> Date: Tue, 29 May 2001 15:35:23 -0400 From: Don Pro X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Ted Keller CC: fwtk Subject: Re: smap References: Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1829 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi Ted, That is what I thought. However, following is snippet from my netperm-table: smap, smapd: userid uucp # Chroot location - note - you have to build the environment for sendmail.... # If you don't want to chroot - remove this line and all other addresses # will be absolute # smap, smapd: rootdir / # smap/smapd spool directory - relative to rootdir smap, smapd: spooldir /var/spool/smap # smapd baddir - relative to rootdir smapd: baddir /var/spool/smap/baddir ownership and permission of /var/spool/smap is drwx-r-xr-x uucp uucp ownership and permission of /var/spool/smap/baddir is drwx-r-xr-x uucp uucp Don Ted Keller wrote: > Don, > > The temp file location is specified in your netperm-table under the > directory setting - normally something like /var/inspool > > This directory should be owned by the uid of your smap process. > > ted keller > > On Tue, 29 May 2001, Don Pro wrote: > > > [To be removed from this list send the message "unsubscribe fwtk-users" in the > > BODY of a mail message to majordomo@ex.tis.com.] > > > > Hi, > > > > My mail server cannot except or send mail from/to the internet after I > > have installed the anti-relay, anti-spam patch for smap. I have been > > playing with this for some time, put it on the shelf for a bit and came > > back to it with some new ideas. I think I have most of it licked. In > > my /var/log./messages file, I see the error below. Unfortunately, I > > wish it were more descriptive as in what temp file, where and what > > permission it is expecting. > > > > May 29 11:55:14 lclweb smap[971]: fwtksyserr: cannot open temp file > > Permission denied > > > > > > Thanks, > > Don > > > > From owner-fwtk-users@ex.tis.com Tue May 29 20:07 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id UAA27949 Tue, 29 May 2001 20:07:19 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id TAA00942; Tue, 29 May 2001 19:11:03 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 16:29:44 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id QAA09732 for fwtk-users-outgoing; Tue, 29 May 2001 16:28:23 -0500 (CDT) Message-Id: <5.1.0.14.0.20010529172232.01f75ec0@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 29 May 2001 17:25:14 -0400 To: Don Pro , fwtk From: Rick Murphy Subject: Re: smap In-Reply-To: <3B13C6E9.D8C44635@lclcan.com> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 661 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 11:57 AM 5/29/01 -0400, Don Pro wrote: >Unfortunately, I wish it were more descriptive as in what temp file, where >and what >permission it is expecting. > >May 29 11:55:14 lclweb smap[971]: fwtksyserr: cannot open temp file >Permission denied When receiving an incoming mail message, smap creates a temporary file to store it. Whatever directory you run smap chrooted to (the "smap: directory xxx" line in your netperm-table) should be owned by the userid that you run smap under ("smap: userid xxx" line). -Rick From owner-fwtk-users@ex.tis.com Tue May 29 22:38 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id WAA28378 Tue, 29 May 2001 22:38:54 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id VAA10688; Tue, 29 May 2001 21:42:38 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 19:01:50 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id TAA29809 for fwtk-users-outgoing; Tue, 29 May 2001 19:00:29 -0500 (CDT) Date: Tue, 29 May 2001 20:00:02 -0400 (EDT) From: Ted Keller To: Rick Murphy cc: Don Pro , fwtk Subject: Re: smap In-Reply-To: <5.1.0.14.0.20010529185233.00ac1750@mail.itm-inst.com> Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1622 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Rick, That's somewhat dependent on who's copy of smap he is using. When I implemented my changes (done in parrallel to Jos), I changed the directory setting to better implement the chroot environment for both smap/smapd (smapd never did implement a chroot environment) then used spooldir to make this relative to the rootdir chrooted area. This may be a bit unfortunate - and I appologise. However, it did allow better control in this area. I suspect Don's issue may be dealing with the relative nature of the spooldir netperm-entry - especially if the has maintained a rootdir entry for his chroot environment. For testing - it probably makes more sense to eliminate the rootdir entries - and test using the native file structure. ted keller On Tue, 29 May 2001, Rick Murphy wrote: > At 03:35 PM 5/29/01 -0400, Don Pro wrote: > >[To be removed from this list send the message "unsubscribe fwtk-users" in the > >BODY of a mail message to majordomo@ex.tis.com.] > > > >Hi Ted, > > > >That is what I thought. However, following is snippet from my netperm-table: > > > >smap, smapd: userid uucp > ># Chroot location - note - you have to build the environment for sendmail.... > ># If you don't want to chroot - remove this line and all other addresses > ># will be absolute > ># smap, smapd: rootdir / > ># smap/smapd spool directory - relative to rootdir > >smap, smapd: spooldir /var/spool/smap > > That's the problem - change "spooldir" to "directory". > -Rick > > From owner-fwtk-users@ex.tis.com Tue May 29 23:00 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id XAA28409 Tue, 29 May 2001 23:00:20 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id WAA12149; Tue, 29 May 2001 22:04:04 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 19:24:39 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id TAA01904 for fwtk-users-outgoing; Tue, 29 May 2001 19:23:19 -0500 (CDT) Message-Id: <5.1.0.14.0.20010529200932.01f6d6f0@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 29 May 2001 20:12:19 -0400 To: Ted Keller From: Rick Murphy Subject: Re: smap Cc: Don Pro , fwtk In-Reply-To: References: <5.1.0.14.0.20010529185233.00ac1750@mail.itm-inst.com> Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 1288 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 08:00 PM 5/29/01 -0400, Ted Keller wrote: >Rick, > >That's somewhat dependent on who's copy of smap he is using. When I >implemented my changes (done in parrallel to Jos), I changed the directory >setting to better implement the chroot environment for both smap/smapd >(smapd never did implement a chroot environment) then used spooldir to >make this relative to the rootdir chrooted area. This may be a bit >unfortunate - and I appologise. However, it did allow better control in >this area. Ah. That explains the entry I didn't recognize. Gee - your changes finally fix a mistake I've made in the past (stating that smapd ran sendmail chrooted.) >I suspect Don's issue may be dealing with the relative nature of the >spooldir netperm-entry - especially if the has maintained a rootdir entry >for his chroot environment. > >For testing - it probably makes more sense to eliminate the rootdir >entries - and test using the native file structure. I'll defer to you on this one. It's getting to be time to have only one smap, I think. I've got a few weeks off at school in mid-june; maybe I should work on consolidating the patches? -Rick From owner-fwtk-users@ex.tis.com Wed May 30 00:37 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id AAA28505 Wed, 30 May 2001 00:37:42 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id XAA17906; Tue, 29 May 2001 23:41:27 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Tue, 29 May 2001 21:01:43 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id VAA08108 for fwtk-users-outgoing; Tue, 29 May 2001 21:00:22 -0500 (CDT) Date: Tue, 29 May 2001 21:59:57 -0400 (EDT) From: Ted Keller To: Rick Murphy cc: Don Pro , fwtk Subject: Re: smap In-Reply-To: <5.1.0.14.0.20010529200932.01f6d6f0@mail.itm-inst.com> Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 2467 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Rick, I should have all the changes in my version except the rbl block feature that you added. Now.... If I created a patch list - they would be bigger than the original source ... I've worked this puppy over pretty hard over the past couple of years. The big stuff I added was the strict syntax checking code - and the spam block stuff based on the message header and content. The rest of it parrallels features that Jos added - evelop spam checks, DNS validation, block from/to combinations - and retrofitted patches that others (Tor for example) submitted. Also eliminated most of the malloc features - opting for fixed buffers whenever possible (no memory leaks that way - well there's still one in there that I'm ignoring). Message body Spam filtering.... >From Line, To line, Subject Line Header in general (any line) First n lines of the text - html tags ignored First m lines of html tags First n lines of non-delimited strings Flushes out some 20,000 messages weekly in my environment (of coarse I tend to process some 200,000 messages weekly anyway). ted keller On Tue, 29 May 2001, Rick Murphy wrote: > At 08:00 PM 5/29/01 -0400, Ted Keller wrote: > >Rick, > > > >That's somewhat dependent on who's copy of smap he is using. When I > >implemented my changes (done in parrallel to Jos), I changed the directory > >setting to better implement the chroot environment for both smap/smapd > >(smapd never did implement a chroot environment) then used spooldir to > >make this relative to the rootdir chrooted area. This may be a bit > >unfortunate - and I appologise. However, it did allow better control in > >this area. > > Ah. That explains the entry I didn't recognize. > Gee - your changes finally fix a mistake I've made in the past (stating > that smapd ran sendmail chrooted.) > > >I suspect Don's issue may be dealing with the relative nature of the > >spooldir netperm-entry - especially if the has maintained a rootdir entry > >for his chroot environment. > > > >For testing - it probably makes more sense to eliminate the rootdir > >entries - and test using the native file structure. > I'll defer to you on this one. > > It's getting to be time to have only one smap, I think. I've got a few > weeks off at school in mid-june; maybe I should work on consolidating the > patches? > -Rick > > From owner-fwtk-users@ex.tis.com Wed May 30 12:37 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id MAA00244 Wed, 30 May 2001 12:37:43 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id LAA12224; Wed, 30 May 2001 11:41:29 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 30 May 2001 08:54:20 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id IAA18698 for fwtk-users-outgoing; Wed, 30 May 2001 08:52:59 -0500 (CDT) Message-ID: <3B14FBC0.512C9BF2@lclcan.com> Date: Wed, 30 May 2001 09:55:12 -0400 From: Don Pro X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Ted Keller CC: Rick Murphy , fwtk Subject: Re: smap References: Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1737 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] > I suspect Don's issue may be dealing with the relative nature of the > spooldir netperm-entry - especially if the has maintained a rootdir entry > for his chroot environment. Hmmm....maybe my problem is my misunderstanding is in my understanding of chroot. The following is a snippet of code from your example netperm-table file. If I understand correctly: ********************* smap, smapd: userid 5 # Chroot location - note - you have to build the environment for sendmail.... # If you don't want to chroot - remove this line and all other addresses # will be absolute smap, smapd: rootdir /fwroot # smap/smapd spool directory - relative to rootdir smap, smapd: spooldir /var/inspool # smapd baddir - relative to rootdir smapd: baddir /var/spool/baddir # location of sendmail - relative to rootdir smapd: sendmail /usr/lib/sendmail ********************* smap temp files created it /fwroot/var/inspool smap baddir file created in /fwroot/var/inspool/baddir sendmail located in /fwroot/usr/lib/sendmail As I was confused by above, I followed the directive in the first comment and commented out the chroot line. So, I am assuming that the paths are: smap temp files created it /var/inspool smap baddir file created in /var/inspool/baddir sendmail located in /usr/lib/sendmail I seem to be assuming wrong but as the error message does not state "where" it is trying to create the temp file (and failing), hence the conundrum. Any ideas? Don > For testing - it probably makes more sense to eliminate the rootdir > entries - and test using the native file structure. From owner-fwtk-users@ex.tis.com Wed May 30 15:03 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id PAA00517 Wed, 30 May 2001 15:03:08 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA06562; Wed, 30 May 2001 14:06:51 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 30 May 2001 11:24:42 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id LAA08977 for fwtk-users-outgoing; Wed, 30 May 2001 11:23:21 -0500 (CDT) Date: Wed, 30 May 2001 12:23:16 -0400 From: Joseph S D Yao To: Don Pro Cc: fwtk Subject: Re: smap anti relay patch Message-ID: <20010530122316.B19999@washington.cospo.osis.gov> Mail-Followup-To: Don Pro , fwtk References: <3B13F12E.6D114002@lclcan.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B13F12E.6D114002@lclcan.com>; from don@lclcan.com on Tue, May 29, 2001 at 02:57:50PM -0400 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 750 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Tue, May 29, 2001 at 02:57:50PM -0400, Don Pro wrote: > Does anyone have documentation on how to use the #ifdef SPECIALDOMAIN > hack in smap.c? You define it and change the domain for which the code checks - provided you only have one domain inside your network. The Hagan domains / hosts changes in the "Yao" patch set [cleansed, debugged, and commented] provide a better way to do this. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Wed May 30 15:08 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id PAA00546 Wed, 30 May 2001 15:08:45 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA07445; Wed, 30 May 2001 14:12:31 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 30 May 2001 11:31:33 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id LAA09773 for fwtk-users-outgoing; Wed, 30 May 2001 11:30:11 -0500 (CDT) Date: Wed, 30 May 2001 12:30:03 -0400 From: Joseph S D Yao To: Rick Murphy Cc: Ted Keller , Don Pro , fwtk Subject: Re: smap Message-ID: <20010530123003.C19999@washington.cospo.osis.gov> Mail-Followup-To: Rick Murphy , Ted Keller , Don Pro , fwtk References: <5.1.0.14.0.20010529185233.00ac1750@mail.itm-inst.com> <5.1.0.14.0.20010529200932.01f6d6f0@mail.itm-inst.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.1.0.14.0.20010529200932.01f6d6f0@mail.itm-inst.com>; from rmurphy@itm-inst.com on Tue, May 29, 2001 at 08:12:19PM -0400 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 886 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Tue, May 29, 2001 at 08:12:19PM -0400, Rick Murphy wrote: > It's getting to be time to have only one smap, I think. I've got a few > weeks off at school in mid-june; maybe I should work on consolidating the > patches? That was the whole point of my package - consolidating, debugging, AND DOCUMENTING. Some more consolidation can be done within that package, but addition of other and perhaps better fixes is a great idea. AND DOCUMENTING. ;-) Meanwhile, I'm afraid my spare time is still running in the high negatives. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Wed May 30 15:44 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id PAA00670 Wed, 30 May 2001 15:44:55 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id OAA13445; Wed, 30 May 2001 14:48:41 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 30 May 2001 12:07:44 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id MAA15972 for fwtk-users-outgoing; Wed, 30 May 2001 12:06:23 -0500 (CDT) Message-Id: <5.1.0.14.0.20010529185233.00ac1750@mail.itm-inst.com> X-Sender: rmurphy@mail.itm-inst.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 29 May 2001 18:53:49 -0400 To: Don Pro , Ted Keller From: Rick Murphy Subject: Re: smap Cc: fwtk In-Reply-To: <3B13F9FB.E2A3E56D@lclcan.com> References: Mime-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset="us-ascii"; format=flowed Content-Length: 789 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] At 03:35 PM 5/29/01 -0400, Don Pro wrote: >[To be removed from this list send the message "unsubscribe fwtk-users" in the >BODY of a mail message to majordomo@ex.tis.com.] > >Hi Ted, > >That is what I thought. However, following is snippet from my netperm-table: > >smap, smapd: userid uucp ># Chroot location - note - you have to build the environment for sendmail.... ># If you don't want to chroot - remove this line and all other addresses ># will be absolute ># smap, smapd: rootdir / ># smap/smapd spool directory - relative to rootdir >smap, smapd: spooldir /var/spool/smap That's the problem - change "spooldir" to "directory". -Rick From owner-fwtk-users@ex.tis.com Wed May 30 17:32 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA00875 Wed, 30 May 2001 17:32:21 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id QAA03198; Wed, 30 May 2001 16:36:08 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Wed, 30 May 2001 13:54:04 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id NAA04097 for fwtk-users-outgoing; Wed, 30 May 2001 13:52:41 -0500 (CDT) Message-ID: <3B154213.BF0EDA1C@lclcan.com> Date: Wed, 30 May 2001 14:55:15 -0400 From: Don Pro X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: fwtk Subject: fwtk-users list archive Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 245 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] I've just been perusing the archived list for May and am noticing an abundance of spam. Is the list under attack? From owner-fwtk-users@ex.tis.com Thu May 31 10:15 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id KAA03077 Thu, 31 May 2001 10:15:47 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id JAA11724; Thu, 31 May 2001 09:19:34 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 31 May 2001 06:37:07 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id GAA27097 for fwtk-users-outgoing; Thu, 31 May 2001 06:35:46 -0500 (CDT) From: ark@eltex.ru Date: Thu, 31 May 2001 15:28:43 +0400 Message-Id: <200105311128.PAA25251@paranoid.eltex.ru> In-Reply-To: <3B14FBC0.512C9BF2@lclcan.com> from "Don Pro " Organization: "Klingon Imperial Intelligence Service" Subject: Re: smap To: don@lclcan.com Cc: keller@bfg.com, rmurphy@itm-inst.com, fwtk-users@lists.nai.com Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text Content-Length: 2864 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] -----BEGIN PGP SIGNED MESSAGE----- nuqneH, The original TIS code has chroot commented out of smapd: chdir("/"); if(chdir(cp->argv[0])) { syslog(LLEV,"fwtksyserr: cannot chdir to spool directory %.512s: %m",cp->argv[0]); exit(1); } /* if(chroot(cp->argv[0])) { syslog(LLEV,"fwtksyserr: cannot chdir to spool directory %.512s: %m",cp->argv[0]); exit(1); } chdir("/"); */ Don Pro said : > > I suspect Don's issue may be dealing with the relative nature of the > > spooldir netperm-entry - especially if the has maintained a rootdir entry > > for his chroot environment. > > Hmmm....maybe my problem is my misunderstanding is in my understanding of chroot. > The following is a snippet of code from your example netperm-table file. If I > understand correctly: > > ********************* > smap, smapd: userid 5 > # Chroot location - note - you have to build the environment for sendmail.... > # If you don't want to chroot - remove this line and all other addresses > # will be absolute > smap, smapd: rootdir /fwroot > # smap/smapd spool directory - relative to rootdir > smap, smapd: spooldir /var/inspool > # smapd baddir - relative to rootdir > smapd: baddir /var/spool/baddir > # location of sendmail - relative to rootdir > smapd: sendmail /usr/lib/sendmail > ********************* > > smap temp files created it /fwroot/var/inspool > smap baddir file created in /fwroot/var/inspool/baddir > sendmail located in /fwroot/usr/lib/sendmail > > As I was confused by above, I followed the directive in the first comment and > commented out the chroot line. So, I am assuming that the paths are: > > smap temp files created it /var/inspool > smap baddir file created in /var/inspool/baddir > sendmail located in /usr/lib/sendmail > > I seem to be assuming wrong but as the error message does not state "where" it is > trying to create the temp file (and failing), hence the conundrum. > > Any ideas? _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQCVAwUBOxYq6qH/mIJW9LeBAQGVRQP/WUJ+VAiwiSl1XkcNwBtNfy15A8j9nxFH Fp/iPLT5MqI78Jbm2vwR2CV94IZbubAihzs0VEEDmuOl/Qcd/MapUEy1ULRvRbfd WpjzT6CMjx1TY/9fgnMe2jZ7+cn7WwN8kvGwx9JeZVRFesGBHWsgEMJBAuCnOwzj KT853zzmb2M= =MA2H -----END PGP SIGNATURE----- From owner-fwtk-users@ex.tis.com Thu May 31 11:46 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA03261 Thu, 31 May 2001 11:46:57 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA27942; Thu, 31 May 2001 10:50:43 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 31 May 2001 08:10:05 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id IAA03108 for fwtk-users-outgoing; Thu, 31 May 2001 08:08:44 -0500 (CDT) Date: 31 May 2001 09:49:06 -0000 Message-ID: <20010531094906.8524.qmail@mailweb24.rediffmail.com> MIME-Version: 1.0 To: "fwtk-users@ex.tis.com " Subject: reg : fetch mail From: "Rajesh Bada" Content-ID: Content-Description: Body Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain Content-Length: 471 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] hi i had setup senmail server on my linux server by using static ip address. how can i fetch my mail from isp running dns server with mx record. PL SEND THE DEATILS SOON THANKS RAJESH BADA _____________________________________________________ Chat with your friends as soon as they come online. Get Rediff Bol at http://bol.rediff.com From owner-fwtk-users@ex.tis.com Thu May 31 11:46 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id LAA03264 Thu, 31 May 2001 11:46:58 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id KAA27948; Thu, 31 May 2001 10:50:44 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 31 May 2001 08:09:06 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id IAA02995 for fwtk-users-outgoing; Thu, 31 May 2001 08:07:45 -0500 (CDT) Date: Wed, 30 May 2001 16:38:02 -0400 From: Joseph S D Yao To: Wes Szumera Cc: fwtk-users@lists.nai.com Subject: Re: dealing with mail to non-existant accounts Message-ID: <20010530163802.V19999@washington.cospo.osis.gov> Mail-Followup-To: Wes Szumera , fwtk-users@lists.nai.com References: <200105250826.EAA30628@voyager.eagletrim.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200105250826.EAA30628@voyager.eagletrim.com>; from wess@eagletrim.com on Fri, May 25, 2001 at 07:44:04AM -0400 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1605 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Fri, May 25, 2001 at 07:44:04AM -0400, Wes Szumera wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > What is the best way(s) to deal with users that leave as far as e-mail > is concerned. I deleted the mail accounts of some people that > recently left us but now get a host unknown message when mail > makes it to the internal mail server that no longer has an acount and > then tryies to return it to the originating address in the e-mail that > really doesn't exist since most of this is spam, opt-in spam, ect that > has an address you can't reply to. > > It is getting a bit anoying and since smap is accepting the mail, the > junk mailers keep sending the stuff. What is best way to block. We > are talking about 9 or 10 people tops. Get sendmail 8.11.3 on your internal mail server. In addition to all of the security features, the M4 config file builder [which, now that I understand it better, I heartily recommend] has a LUSER_RELAY. This specifies the disposition of e-mail sent to non-accounts. In particular, you could set it to "local:trashcan" and have local e-mail address "trashcan" aliased to '| cat > /dev/null'. ;-) -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Thu May 31 14:46 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id OAA03625 Thu, 31 May 2001 14:46:04 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id NAA27685; Thu, 31 May 2001 13:49:50 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 31 May 2001 11:05:59 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id LAA00847 for fwtk-users-outgoing; Thu, 31 May 2001 11:04:38 -0500 (CDT) Date: Thu, 31 May 2001 12:04:34 -0400 From: Joseph S D Yao To: Wes Szumera Cc: fwtk-users@lists.nai.com Subject: Re: dealing with mail to non-existant accounts Message-ID: <20010531120434.G28794@washington.cospo.osis.gov> Mail-Followup-To: Wes Szumera , fwtk-users@lists.nai.com References: <200105250826.EAA30628@voyager.eagletrim.com>; <20010530163802.V19999@washington.cospo.osis.gov> <200105310808.EAA08650@voyager.eagletrim.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200105310808.EAA08650@voyager.eagletrim.com>; from wess@eagletrim.com on Thu, May 31, 2001 at 07:23:20AM -0400 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 1091 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Thu, May 31, 2001 at 07:23:20AM -0400, Wes Szumera wrote: > Date sent: Wed, 30 May 2001 16:38:02 -0400 > From: Joseph S D Yao > To: Wes Szumera > Copies to: fwtk-users@lists.nai.com > Subject: Re: dealing with mail to non-existant accounts > > Thanks. I tried to use your smam-block settings but ended up > blocking email for every one so I went back to where I started. You have to read the comments - provide a list of smap domains and smap hosts that are allowed internally. > Someone pointed out something similar to this using aliases to > trundle the mail off to the bit bucket. Yes, with only a handful this approach also works. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Thu May 31 17:11 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA04092 Thu, 31 May 2001 17:11:32 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id QAA21740; Thu, 31 May 2001 16:15:13 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 31 May 2001 13:32:34 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id NAA24739 for fwtk-users-outgoing; Thu, 31 May 2001 13:31:11 -0500 (CDT) Date: Thu, 31 May 2001 14:30:28 -0400 From: Joseph S D Yao To: Rajesh Bada Cc: "fwtk-users@ex.tis.com " Subject: Re: reg : fetch mail Message-ID: <20010531143028.Q28794@washington.cospo.osis.gov> Mail-Followup-To: Rajesh Bada , "fwtk-users@ex.tis.com " References: <20010531094906.8524.qmail@mailweb24.rediffmail.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010531094906.8524.qmail@mailweb24.rediffmail.com>; from r_bada@rediffmail.com on Thu, May 31, 2001 at 09:49:06AM -0000 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 988 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] On Thu, May 31, 2001 at 09:49:06AM -0000, Rajesh Bada wrote: ... > i had setup senmail server on my linux server > by using static ip address. > > how can i fetch my mail from isp running dns server with > mx record. > > PL SEND THE DEATILS SOON > > THANKS > RAJESH BADA Send some details, then get some details. I will tell you this: if the ISP's DNS server has an MX record for your domain [just assuming from your use of some of these words], then everyone is sending e-mail to wherever that MX record points. You can have them forward it, or you can use a POP3 or IMAP4 client, or something ;ike 'fetchmail', to get it. -- Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao OSIS Center Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. From owner-fwtk-users@ex.tis.com Thu May 31 17:59 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id RAA04242 Thu, 31 May 2001 17:59:55 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id RAA01173; Thu, 31 May 2001 17:03:39 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 31 May 2001 14:21:38 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id OAA01750 for fwtk-users-outgoing; Thu, 31 May 2001 14:20:17 -0500 (CDT) Message-ID: <3B169A00.D6F52254@lclcan.com> Date: Thu, 31 May 2001 15:22:40 -0400 From: Don Pro X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: fwtk Subject: spam patch compilation problem Content-Transfer-Encoding: 7bit Sender: owner-fwtk-users@lists.tislabs.com Content-Type: text/plain; charset=us-ascii Content-Length: 592 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Hi, I am attempting to compile Ted Keller's smap/smapd anti-spam, anti-relay patch. I am getting the following compilation error when I try to compile: smap.o: In function `main': /usr/local/fwtk/smap/smap.c:654: undefined reference to `res_query' /usr/local/fwtk/smap/smap.c:654: undefined reference to `res_query' collect2: ld returned 1 exit status make: *** [smap] Error 1 I am running RedHat 6.2 out of the box. Is this error documented? Thanks, Don From owner-fwtk-users@ex.tis.com Thu May 31 22:22 EDT 2001 Received: from relay2.nai.com (relay2.nai.com [161.69.3.67]) by lists.tislabs.com (8.9.1/8.9.1) with ESMTP id WAA04845 Thu, 31 May 2001 22:22:42 -0400 (EDT) Received: from localhost (daemon@localhost) by relay2.nai.com (8.9.3/8.9.3) with SMTP id VAA24331; Thu, 31 May 2001 21:26:29 -0500 (CDT) Received: by ex.tis.com (bulk_mailer v1.11); Thu, 31 May 2001 18:46:13 -0500 Received: (from majordomo@localhost) by relay2.nai.com (8.9.3/8.9.3) id SAA12877 for fwtk-users-outgoing; Thu, 31 May 2001 18:44:51 -0500 (CDT) Date: Thu, 31 May 2001 19:43:46 -0400 (EDT) From: Ted Keller To: Joseph S D Yao cc: Wes Szumera , Subject: Re: dealing with mail to non-existant accounts In-Reply-To: <20010531120434.G28794@washington.cospo.osis.gov> Message-ID: MIME-Version: 1.0 Sender: owner-fwtk-users@lists.tislabs.com Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Length: 1623 [To be removed from this list send the message "unsubscribe fwtk-users" in the BODY of a mail message to majordomo@ex.tis.com.] Wes, My version of the smap code has the ability to block from/to address combinations - including <*> that is - all mail going to the internal address. I use this effectively to block people who have left our company - or occationally to block specivic from/to combinations. ted keller On Thu, 31 May 2001, Joseph S D Yao wrote: > [To be removed from this list send the message "unsubscribe fwtk-users" in the > BODY of a mail message to majordomo@ex.tis.com.] > > On Thu, May 31, 2001 at 07:23:20AM -0400, Wes Szumera wrote: > > Date sent: Wed, 30 May 2001 16:38:02 -0400 > > From: Joseph S D Yao > > To: Wes Szumera > > Copies to: fwtk-users@lists.nai.com > > Subject: Re: dealing with mail to non-existant accounts > > > > Thanks. I tried to use your smam-block settings but ended up > > blocking email for every one so I went back to where I started. > > You have to read the comments - provide a list of smap domains and smap > hosts that are allowed internally. > > > Someone pointed out something similar to this using aliases to > > trundle the mail off to the bit bucket. > > Yes, with only a handful this approach also works. > > -- > Joe Yao jsdy@cospo.osis.gov - Joseph S. D. Yao > OSIS Center Computer Support EMT-B > ----------------------------------------------------------------------- > This message is not an official statement of COSPO policies. >