Martin Geisler Online

I was sitting quietly playing The Curse of Monkey Island when the screen went completely blank… At first I thought it was the DPMS kicking in, that it had somehow managed to ignore my mouse movements. I pressed ⟨shift⟩ a couple of times but it didn’t help; I pressed ⟨Ctrl⟩-⟨Alt⟩-⟨F1⟩ to switch to the console, but it didn’t help.

Going back to my X server I restarted it (⟨Ctrl⟩-⟨Alt⟩-⟨Backspace⟩) but even that didn’t bring back the display. It killed all my open programs, and stopped the game music, confirming that the rest of the computer was operating normally.

Using Stéphanie’s laptop I was able to [SSH][] into my box and reboot it — the machine came up fine, but still with no image on my monitor. I then connected the laptop directly to the monitor, but that didn’t change anything. So it’s not a problem with my trusty old Matrox G400.

The monitor seems to be reacting to keypresses on the front of it and to sleep commands sent to it: the little diode switches from green to orange as usual and the monitor makes its normal sounds (a somewhat loud “boing”-sound when being awaken and a mild “static”-sound when going to sleep).

I’ve tried to let the monitor cool down a bit by having it turned off for half an hour, but like everything else that didn’t help either? Does anybody have any good ideas? I guess I should try replacing the BNC cable with a regular monitor cable, but how should such a cable become corrupt from one moment to another?!

It’s a real shame if it’s really broke — I really liked it in the five years I’ve had it.

Lately my site has seen a bunch of spam comments about Phentermine, Alprazolam, and other drugs… luckily they have all been caught by the builtin spam filters in WordPress. But what are all those drugs about anyway, and will people really buy drugs from some website (usually with a not so trustworthy name…) found via a link buried deep in a discussion about PHP Shell?!

A quick search on Google explains that Phentermine is used for loosing weight by lowering the appitite, and Alprazolam is used to relieve anxiety, nervousness, and tension. But is there really such a big market for such drugs?

I guess so, just as there has to be a market for all stuff email spam try to sell us. You know, those appliances and drugs that promise to enlarge various body parts in no time! :-)

Another computer related thing needing attention when I got home was [WordPress][]… version 1.5.2 has just been released to fix yet another security hole, although their announcement has no specifics (as usual).

They write “We’re happy to announce that a new version of WordPress is now available for download.” How can they be happy that a security hole has been found in their “extremely stable 1.5 series” once again?! They have released version 1.5.1 (May 9th, renamed to version 1.5.1.1), 1.5.1.2 (May 27th), 1.5.1.3 (June 29th), and now 1.5.2 (August 14th) in response to security holes being found.

I think that’s a bit too much for me to call this think “extremely stable” (I obviously believe that security is an important feature of a “stable” application.) It’s good that they react to the security holes and they try to fix them fast, but I don’t like the way they just write that they have “addressed all the security issues that have been circulating the past few days”. Some questions immediately spring to mind:

• How many security holes were there?

• What was the nature of the hole(s)?

  • Could they “just” change the database? If so, which parts of it?

  • Could they upload files to my server? If so, could they overwrite my previous files?

• How can I see in my log files if I’ve been exploited?

Instead of being vague I would like to see specific information about the problems. Browsing through the changesets doesn’t really help either, for the WordPress developers seems to make a point out of obscuring their fixes.

Take this changeset (revision 2779) for example, which committed on the 1.5 branch two days before the announcement of version 1.5.2 with the innocent message of “Move above”. Some lines are really moved up a little further in wp-settings.php — they deal with undoing the work of the infamous register_globals setting in PHP. But the lines are not just moved, an extra check is added to ensure that the variable $table_prefix isn’t unset. Why? Is this one of the security problems they’re talking about? Given the extreme lack of comments we can only guess…

Or maybe the fix was smugled in with revision 2780, together with fixes for seven small bugs and feature requests? The change to wp-admin/users.php in that changeset involve replacing

$id = $_GET['id'];

into

$id = (int) $_GET['id'];

and to my eyes this could be the fix they’re talking about. Especially since $id is used in an SQL query next… So if this analysis is correct then WordPress 1.5.2 was sent out to guard against an SQL injection attack. If anybody else has information about this then I would of course be interested!

Just when I thought that I had solved my mail problems the next problem appears: the addresses that Bluewin gives out to its ADSL customers (like Stéphanie and I…) are blocked by MAPS! Aargh!

So now I cannot send mail to any SMTP server which consults the Dynamic User List (DUL) — and so having a private SMTP server is no longer an option. Sending my mail through Bluewin isn’t that good either, considering the problems I had sending mail to SourceForge.

I’ve now complained to Bluewin and I hope they can either fix their SMTP server (or at least explain where my mail went…) or remove their IP addresses from DUL. They’re the only one who can get the IPs removed from DUL, us users cannot do anything. I find this very annoying since my server has never been sending out spam and it has never been configured as an open relay.

Oh, and look at the little stamp-sized window you get to write in when you want to contact the Bluewin customer service:

Do they really think that they will receive fewer complaints just because they make the text-area smaller?

I spend some time today trying to figure out how I would be able to send mail to SourceForge. SourceForge is an enormous enterprise with more than a million users and hundred thousand projects, most of which have one or more mailinglists associated with them — the amount of mail flowing through SourceForge each day must be huge. So why should I have difficulties sending mail to an address at SourceForge, you might ask? I’ll tell you… :-)

First I discovered that mail bound for mailinglists at SourceForge would disappear on its way. The mail first goes to my local Exim which forwards it to mail.bluewin.ch — the SMTP server at my ISP Bluewin. After that I have no idea what has happened to my mail, I only know that it doesn’t reach the SF mailinglists. A mail to postmaster@bluewin.ch six days ago has gone unanswered… :-/

I then tried cutting out the middle-man and configured my Exim (using the super-simple Debian way of dpkg-reconfigure exim4-config) to send its mail directly like a full-blown SMTP server. I had initially not configured Exim like that because I didn’t want to add yet another publicly accessible server to my system.

But then I ran into the next problem: the spam filtering done at SourceForge. Every time someone tries to send something to their Exim SMTP server (cool, SourceForge use Exim too!) it will make a callout verification of the sender address. This simply means that it will try to deliver a message to the envelope address in the mail. In my case that failed for some reason, and I got this in my Exim log file:

451-could not connect to xxx [xxx.xxx.xxx.xxx]: Connection refused
451-Could not complete sender verify callout for <mg@xxx>.
451-The mail server(s) for the domain may be temporarily unreachable, or
451-they may be permanently unreachable from this server. In the latter case,
451-you need to change the address or create an MX record for its domain
451-if it is supposed to be generally accessible from the Internet.
451 Talk to your mail administrator for details.

I tried opening my router to allow the incoming connection to port 25 (SMTP) but it didn’t help. What to do? The usual when you run into a problem like this: read lots of man pages, configuration files, documentation, websites, etc… :-)

And surely enough, it worked: While reading through the Exim configuration files under /etc/exim4/conf.d/ I stumbled over a reference to /etc/email-addresses. That file is used by Exim when it inserts the envelope sender header in its outgoing mail: if a user is not listed in that file (the default) then it generates the envelope address of

Return-Path: <username@hostname>

In my case that made SourceForge do the callout back to my machine. If I instead add the line

mg: [email protected]

to /etc/email-addresses I get the following, much better envelope address in my outgoing mail:

Return-Path: <[email protected]>

which causes SourceForge to check with mail.mgeisler.net (the mail exchange for mgeisler.net). And this check succeeds! Hurray, I can now once again send mail to SourceForge hosted mailinglists!

By the way, if you’re running an SMTP server and you’re having problems with spam, then try the Spam Filtering for Mail Exchangers guide to rejecting junk mail in incoming SMTP transactions. They describe a whole bunch of tricks, including the callout verification technique described above and the very clever greylisting technique.

The advantage of this is that you’ll save yourself the trouble of filtering the spam later using something like SpamAssassin, and you’ll save yourself the bandwidth cost of receiving the spam in the first case since you can drop the connection before it has even entered your system.