Very Computer

by **Mike Tod** » Mon, 25 Nov 2002 18:31:23

Anyone have an idea about why a .forward that has been working for months,
just up and quit working?

There is nothing strange in the configuration. I'm using standard sendmail
and the mail is only accessed while logged onto the server (so no popper or
other programs that might be vying for mail control).

I've checked the sendmail.cf program - no recent changes and all "forward"
directives are in their original state.

I had been using procmail (executed in the .forward) and even dropped that
for a simpler entry of an email address to which the email should be
forwarded and that doesn't even work.

Any suggestions would be appreciated.

--

Mike Todd
Director, Engineering, GServices www.gservices.info

President, Mike Todd Associates www.MikeTodd.com
Supporting the Digital Coast

President, Internet Society Los Angeles Chapter www.ISOC-LosAngeles.org

Center for Entrepreneurship and Technology Law
Pepperdine University Law School

by **Rob MacGrego** » Mon, 25 Nov 2002 21:07:05

> Anyone have an idea about why a .forward that has been working for months,
> just up and quit working?

> There is nothing strange in the configuration. I'm using standard sendmail
> and the mail is only accessed while logged onto the server (so no popper or
> other programs that might be vying for mail control).

> I've checked the sendmail.cf program - no recent changes and all "forward"
> directives are in their original state.

> I had been using procmail (executed in the .forward) and even dropped that
> for a simpler entry of an email address to which the email should be
> forwarded and that doesn't even work.

> Any suggestions would be appreciated.

Errors from /var/log/maillog?

--
Rob MacGregor (MCSE)
The light at the end of the tunnel is an oncoming dragon.

by **@ple...@no.spa** » Tue, 26 Nov 2002 00:36:35

> Anyone have an idea about why a .forward that has been working for months,
> just up and quit working?

> There is nothing strange in the configuration. I'm using standard sendmail
> and the mail is only accessed while logged onto the server (so no popper or
> other programs that might be vying for mail control).

> I've checked the sendmail.cf program - no recent changes and all "forward"
> directives are in their original state.

> I had been using procmail (executed in the .forward) and even dropped that
> for a simpler entry of an email address to which the email should be
> forwarded and that doesn't even work.

As a security precaution, a number of tools have started refusing to
read their config file unless its containing directory (and its
containing directory, all the way up to the root) are "secure", meaning
in this case writeable only by their owner. So if you recently did a
"chmod g+w" on your home directory or on /home itself your .forward
would suddenly and silently stop "working". Check the path back from
.forward to /.

DD

by **Mike Tod** » Tue, 26 Nov 2002 06:51:16

Thanks to Rob MacGreggor and DD. Found "World writable directory" in the
maillog file. After poking around various related directories, I finally
used "chmod 755" on the /home directory and the problem is fixed.

I don't suppose I'll ever find why the /home directory was at "777" or how
it got that way...

--

Mike Todd
Director, Engineering, GServices www.gservices.info

President, Mike Todd Associates www.MikeTodd.com
Supporting the Digital Coast

President, Internet Society Los Angeles Chapter www.ISOC-LosAngeles.org

Center for Entrepreneurship and Technology Law
Pepperdine University Law School

--

Anyone have an idea about why a .forward that has been working for months,
just up and quit working?

There is nothing strange in the configuration. I'm using standard sendmail
and the mail is only accessed while logged onto the server (so no popper or
other programs that might be vying for mail control).

I've checked the sendmail.cf program - no recent changes and all "forward"
directives are in their original state.

I had been using procmail (executed in the .forward) and even dropped that
for a simpler entry of an email address to which the email should be
forwarded and that doesn't even work.

Any suggestions would be appreciated.

--

Mike Todd
Director, Engineering, GServices www.gservices.info

President, Mike Todd Associates www.MikeTodd.com
Supporting the Digital Coast

President, Internet Society Los Angeles Chapter www.ISOC-LosAngeles.org

Center for Entrepreneurship and Technology Law
Pepperdine University Law School

by **Berylliu** » Tue, 26 Nov 2002 07:44:38

> Thanks to Rob MacGreggor and DD. Found "World writable directory" in the
> maillog file. After poking around various related directories, I finally
> used "chmod 755" on the /home directory and the problem is fixed.

> I don't suppose I'll ever find why the /home directory was at "777" or how
> it got that way...

> --

> Mike Todd
> Director, Engineering, GServices www.gservices.info

> President, Mike Todd Associates www.MikeTodd.com
> Supporting the Digital Coast

> President, Internet Society Los Angeles Chapter www.ISOC-LosAngeles.org

> Center for Entrepreneurship and Technology Law
> Pepperdine University Law School

> --

> Anyone have an idea about why a .forward that has been working for months,
> just up and quit working?

> There is nothing strange in the configuration. I'm using standard
sendmail
> and the mail is only accessed while logged onto the server (so no popper
or
> other programs that might be vying for mail control).

> I've checked the sendmail.cf program - no recent changes and all "forward"
> directives are in their original state.

> I had been using procmail (executed in the .forward) and even dropped that
> for a simpler entry of an email address to which the email should be
> forwarded and that doesn't even work.

> Any suggestions would be appreciated.

> --

> Mike Todd
> Director, Engineering, GServices www.gservices.info

> President, Mike Todd Associates www.MikeTodd.com
> Supporting the Digital Coast

> President, Internet Society Los Angeles Chapter www.ISOC-LosAngeles.org

> Center for Entrepreneurship and Technology Law
> Pepperdine University Law School

Might be a prudent idea to check for any possible viruses or trojans -
that's the only thing I can think of which would change the /home
permissions ...

--
Beryllium

by **Mike Tod** » Tue, 26 Nov 2002 14:05:40

Beryllium,

Any suggestions for a virus scanner for a FreeBSD server? What do you use?

Quote:> Thanks to Rob MacGreggor and DD. Found "World writable directory" in the
> maillog file. After poking around various related directories, I finally
> used "chmod 755" on the /home directory and the problem is fixed.

> I don't suppose I'll ever find why the /home directory was at "777" or how
> it got that way...

> --

Might be a prudent idea to check for any possible viruses or trojans -
that's the only thing I can think of which would change the /home
permissions ...

--
Beryllium

by **Rob MacGrego** » Tue, 26 Nov 2002 16:19:02

> Any suggestions for a virus scanner for a FreeBSD server? What do you use?

I know there is at least one in the ports tree (I think it's an eval copy).
Sophos also do an AV scanner.

Trouble is, they're not necessarily best suited for finding trojans on a unix
box. You really need known good copies of ps, netstat and fstat (though I tend
to prefer the output of lsof), and ideally signatures of all your binaries and
config files from something like tripwire/aide.

--
Rob MacGregor (MCSE)
The light at the end of the tunnel is an oncoming dragon.

by **Bill Vermilli** » Wed, 27 Nov 2002 00:26:12

>> Thanks to Rob MacGreggor and DD. Found "World writable directory" in the
>> maillog file. After poking around various related directories, I finally
>> used "chmod 755" on the /home directory and the problem is fixed.

>> I don't suppose I'll ever find why the /home directory was at "777" or how
>> it got that way...

>> --

>> Mike Todd
>> Director, Engineering, GServices www.gservices.info

>> President, Mike Todd Associates www.MikeTodd.com
>> Supporting the Digital Coast

>> President, Internet Society Los Angeles Chapter www.ISOC-LosAngeles.org

>> Center for Entrepreneurship and Technology Law
>> Pepperdine University Law School

>> --

>> Anyone have an idea about why a .forward that has been working for months,
>> just up and quit working?

>> There is nothing strange in the configuration. I'm using standard
>sendmail
>> and the mail is only accessed while logged onto the server (so no popper
>or
>> other programs that might be vying for mail control).

>> I've checked the sendmail.cf program - no recent changes and all "forward"
>> directives are in their original state.

>> I had been using procmail (executed in the .forward) and even dropped that
>> for a simpler entry of an email address to which the email should be
>> forwarded and that doesn't even work.

>> Any suggestions would be appreciated.

>> --

>> Mike Todd
>> Director, Engineering, GServices www.gservices.info

>> President, Mike Todd Associates www.MikeTodd.com
>> Supporting the Digital Coast

>> President, Internet Society Los Angeles Chapter www.ISOC-LosAngeles.org

>> Center for Entrepreneurship and Technology Law
>> Pepperdine University Law School
>Might be a prudent idea to check for any possible viruses or trojans -
>that's the only thing I can think of which would change the /home
>permissions ...

/home is a symlink on my system - it has been upgraded through
several itterations. I checked and I had 777 on it.
chmod doesn't work on link that I've noticed, so I just rm'ed the
link and remade it and it took on the permissions of the /usr/home
directory. I may have had 777 on /usr/home at one time.

It would be hard for anyone to get to this machine as it is behind
two nat'ed HW devices [don't ask - it was pain]

Bill

--

Very Computer

.forward just quit working !

.forward just quit working !

.forward just quit working !

.forward just quit working !

.forward just quit working !

.forward just quit working !

.forward just quit working !

.forward just quit working !

.forward just quit working !