[00:39] hello all, I just set up dovecot and I wanted to see what email client you guys would recommend because I dont like thunderbird [00:41] matter of personal taste. [00:41] I've only used outlook and thunderbird. I stick to the latter. [00:41] well I can never get thunderbird to work and it pisses me off because i love it for my gmail accounts [00:42] Ill look into outlook though [00:42] in terms of more than a email client outlook is fantastic [00:42] but it's more suited to business work, meetings, calendar etc... [00:43] works fine as an email client [00:44] oh, well what would you reccomend besides thunderbird? [00:45] besides outlook, no idea [00:45] never used anything [00:45] you might want to look into mailpile if you are interested in encryption [00:51] ok will do thanks @pastafarian [01:11] @pastafarian you there? would you mind helping me with dovecot-postfix setup? [01:15] Sorry, I haven't done dovecot before. [01:15] There are a few good guides knocking around on the ubuntu wiki somewhere. [01:17] The configuration in Ubuntu Server Guide (see /topic) works. [01:17] I am not entirely sure that the implementation there is secure [01:18] There was a recent dovecot exploit that worked and there was no imput sanitisation on dovecot when it got stuff passed from postfix [01:18] they could run arbitrary commands by embeding them into the headers of the email [01:18] Link? [01:18] reply to address I seem to remember [01:18] one second, it might not apply here, I need to find the link [01:19] I saw them try to do it on my mail server, but I am not using dovecot [01:22] the offending string itself was the from address [01:22] from= Interesting. [01:24] I don't think there's anything in the way one configures dovecot that would affect if it did input validation on the From address or not. [01:25] I remember the link saying it was the return path [01:26] that something when passed executed this [01:26] It might have been an EXIM dovecot config however === peter is now known as Guest64994 [01:26] trying to find the original email as that is from my emails to the relevant abuse@ addresses === freeflying is now known as freeflying_away === LargePrime is now known as Guest94883 [01:32] ScottK, https://isc.sans.edu/diary/Dovecot++Exim+Exploit+Detects/16243 [01:33] Thanks. [01:33] Shouldn't be a problem with postfix/lmtp. [01:33] indeed [01:33] Rusty memory [01:33] that being said, they imply the default config for exim and dovecot is the cause [01:33] which is worrying [01:34] I reported that to 3 different businesses and got no replies from any of them. [01:34] all of them directly responsible for providing this hacker with services [01:36] I wonder if it had a CVE. [01:36] I don't think it did at the time but I cannot be sure about that [01:37] either way the logs are misleading [01:37] the email contained no From: [01:37] only the reply-to: [01:37] the headers themselves on that mail gave it away === LargePrime_ is now known as LargePrime [01:53] ScottK, server guide doesnt cover courier which is surprising === freeflying_away is now known as freeflying [02:05] how tangential a discussion are we allowed hear? [02:05] like i hear ovh is out of servers [02:05] is that even possible? [02:05] and am looking for mor info [02:06] They're a hosting company [02:06] they'd just buy more servers [02:06] It seems they have no servers? [02:06] seems unlikely [02:06] intell stopped making the CPU they use [02:06] they'd just tide over using EC2 or something [02:06] LargePrime, that isn't going to stop them. [02:06] well the sp packages are now at 72 hours till available [02:07] They'll just use a different CPU [02:07] but i hear that after you order they are taking weeks to fill [02:07] seems unlikely for such a large company to have screwed it up that badly [02:07] but all this is hearsay [02:07] thats why i bug people like yous [02:07] But the SP1's used to fill in 20 min flat [02:08] and the web site now say 72 hours [02:08] and there are a few web acounts of others not getting servers for weeks [02:09] well, it's not impossible for it to happen [02:09] but it's like hearing that amazon ec2 ran out of servers [02:11] http://forum.ovh.co.uk/showthread.php?t=7176 [02:12] ha [02:12] every time I look at VPS's I cringe [02:12] so expensive [02:12] I have a geolocated octacore with 16gb of RAM for free [02:12] if I wanted something similar from a VPS host I am looking at 10k annually [02:13] Gotta love universities eh? === freeflying is now known as freeflying_away [10:04] Anyone can give me a hand with bind9 config im having issues with. [10:07] Im probably just forgetting something really stupid. === Burrnn is now known as Fire [10:45] Anyone can give me a hand with bind9 issue - using Dig it resolves but when pointed to webserver it doesnt [10:45] when pointed at a webserver ? [10:46] As in i pointed my domain name to my server with NS records; but it wotn resolve [10:46] you just said it resolved with dig [10:46] when I ssh internally it resolves [10:46] Fire: is this domain name on the public internet [10:46] yes [10:47] what is the domain name [10:47] moddl.com [10:47] Name Server: KS200136.KIMSUFI.COM [10:47] Name Server: NS.KIMSUFI.COM [10:47] Name Server: NS11.OVH.NET [10:47] are they your name servers ? [10:47] thats correct [10:47] Fire: what is the FQDN you are trying to resolve [10:49] *.moddl.com. [10:49] can you give me a valid host [10:49] eg: test01.moddl.com [10:50] when did you update these records ? [10:50] few hours ago - was trying to get just moddl.com. to work first then ill fiddle with subdomains [10:50] ok, so it's probably not propogated yet [10:50] as my dns server is showing no records [10:50] never had the issue before [10:52] I can't get a response from ns.kimsufi.com [10:52] Fire: when I ask your nameservers directly, none of them respond with an soa record [10:52] hmm [10:52] its first time ive tried to setup dns on a kimsufi/ovh [10:52] Fire: it's showing they are not soa [10:53] and I can't do recursion, so it rejects me [10:53] ns.kimsufi.com and ns11.ovh.net give me 'recursion requested but not available' and ks200136.kimsufi.com does not answer [10:53] sgran: confirmed [10:53] I'd suggest that you have not configured them to be authoritative for the domain? [10:54] seems the logical conclusion [10:54] let me check [10:54] am pretty sure i did [10:59] 38200755 [10:59] moddl.com. IN SOA ns1.moddl.com. admin.moddl.com. ( [11:07] any other ideas [11:07] Im thinking about just changing the records at the registrar [11:33] sgran any other ideas [11:34] Fire: the .com registrar says that moddl.com is served by kimsufi/ovh [11:34] It is [11:34] I think the simplest is going to be letting kisufi/ovh know about this [11:34] Kimsufi support are beyond useless [11:36] hmm. This begs the question - why are you using them? :) [11:37] Cheap :) [11:37] Ridicuolously so in fact [11:38] I might be seeing why [11:38] I used 2 kimsufis in the past as seedboxes - if you are peering mostly to europe / canada its crazy good value [11:38] in fact, I'm going to set up a new business [11:38] pay me £5/year, and I'll pretend to host DNS for you [11:39] of course, I won't actually do anything but collect your money [11:39] but it will be cheap :) [11:39] To put it in perspective i transferred ~25TB in a month. [11:39] which for £6.30 for 2 servers is quite good value [11:41] For my business i use elsewhere - but I dont really wanna spend £60/month for a personal server for tinkering [13:12] Hi, i made a mistake, on an ubuntu server 12.04 i create a bridge between eth0 and another bridge (i wrote the wrong iface) so now i can't reconnect this server ! (using ssh). If i reboot the server will my connection be back ? [13:14] please answer me [13:15] Nox_404: Do you have any other chance other than rebooting now? [13:16] bekks: thats a remote server and i don't have any other way to connect this server [13:17] Then you have no other option left. [13:17] So it doesnt matter what we tell you, you have to reboot. [13:18] bekks: ok so i'll try that [13:18] bekks: thanks [13:18] Thank yourself ;) [13:24] how would we know if a reboot would help? [13:25] you lacked to tell us how to did it, what files you modified. [13:25] There is no other chance than rebooting. [13:26] patdk-lap: I used `brctl addif iface iface` [13:28] Nox_404: So did you reboot it? [13:29] bekks: I have to wait for a friend to reboot it, like i said i don't have access to this server [13:29] bekks: I must wait for tonight .... [13:29] Nox_404: Does your friend have physical access? [13:29] bekks: yes [13:30] So there even is a way to fix it if rebooting doesnt help. [13:30] You should have told us about those details. [13:30] bekks: but he doesn't know anything about ubuntu.. [13:30] You can tell him what he needs to do. [13:30] You can screw his server, you can tell him to reboot it - so you can tell him what to do. :) [13:31] i just wanted to know if rebooting is enouth to fix it [13:31] we dont know. === freeflying is now known as freeflying_away [17:53] hello [17:53] can you help me with something [17:53] I am missing the 250-AUTH LOGIN PLAIN and 250-AUTH=LOGIN PLAIN [17:54] any ideas? [18:40] bekks: My friend reboot it and it works fine, brctl doesn't keep the configuration after a reboot === dr0pix is now known as RogerThat === RogerThat is now known as dr0pix === Firartix is now known as Fira === lifeless_ is now known as lifeless === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away