Which spam prevention product wins: SpamBayes vs Spamato? SpamBayes is the clear winner in my mind.

I used Spamato with my outlook 2007 first and recently switched to Spambayes because Spamato simply wouldn’t work with Windows 7 even after going through an enormous hassle of hacking Microsoft’s .NET Framework 1.1 installer to get it to install in Windows 7.

I’m really glad I switched, SpamBayes has amazing accuracy when trained with your Spam/Ham folders. It even has a ‘Junk Suspects’ folder which has caught all (1 or 2) my ham messages which is mistook for spam. I don’t think any Ham has ended up in the Junk folder unless it was an automated mail/newsletter and those quickly stopped going to junk after useing the ‘recovering from spam’ toolbar button to improve training.

I used Spamato for more than a year and it works fairly well, I liked it and recommended it to others. Every time I recommended it to a non technical person I cringed a little bit after remembering the fact that it requires a couple, not so simple to explain over the phone, prerequisites.

The finite accuracy seems better in SpamBayes and the installation is definitely a hell of a lot easier than Spamato.

The opposite of fail2ban would probably be called auth2allow (authenticate to allow) or fail2allow – but that’s not necessary because fail2ban’s configs can be customized to do exactly what I’m talking about. What am I talking about you ask? Basically what I’ve done and am about to explain how to do is setup fail2ban to look for a successful login on a FTP to allow the authenticated IP to get access to another port that isn’t as secure as FTP so is usually 100% black listed in IPTables. It’s just a hack of a security mechanism to allow your self or others into places securely through obscure means. Like most security it’s not perfect but it seems pretty solid in my mind.

If someone can authenticate on the FTP (could even be anonymous ftp, but I’d recommend using a special username you want to specifically grant access) then fail2ban triggers an ALLOW command for their IP on some port (or all ports), for example SSH (22) or apache https (443) with a private site on it that you want to keep private and totally hidden from the internet at large. This concept could really apply to anything. Any command IPTables can run can be triggered through something fail2ban sees in a log file basically, the possibilities are endless. In my example I’ll use https, port 443, but in real life I’m using an obscure port number and the program running on it that is not very secure by default.

So here are my slightly modified configuration files for setting up a custom fail2ban service that does the opposite of what fail2ban typically does.

Read the rest of this entry »

Not really a tutorial, mostly notes to my self so I remember how it’s done down the road.

Read the rest of this entry »

I made some modifications to my original gnump3d init.d script when I needed more than one instance of GNUmp3d running (for multiple folders completely separated). I still haven’t quite figured out how to get the tag database to work for my second GNUmp3d instance, if anyone can help please leave a comment. Here’s the script and some brief instructions:

Read the rest of this entry »

Basic SABnzbd+ Setup – SAB for short.

There are plenty of tutorials out there which cover configuring a normal SAB installation so I won’t cover that here. What I am going to do is make my SAB available through a web accessible passworded page, this can be accomplished with default SAB features by putting a web username/password in the general configuration section. However I find it annoying to have to enter the password when I’m on my internal 192.168 home network just to make it protected from the outside, and I don’t like the way it presents the username/password prompt in a website form rather than an generic apache pop-up. I’m sure open accessibility could be fixed in the SABnzbd+ code but I’m not a pro python hacker yet so I’ll just stick to what I know.

Basically I want a generic pop-up password that is only for people outside my network so I’m not bothered with SAB passwords while at home (And I can’t get nzbdStatus to work with a pass enabled). The htpasswd also acts as a bit of camouflage and additional security. There are some concepts which aren’t covered here which are required, you need to know how to configure your own SAB servers, Portforwarding or Firewall/iptables.

If you’re using a router, you’re going to want to make sure you’re not port forwarding the default SAB port of 8080 (which would make it wide open) and only are forwarding the apache2 port you setup for the SAB proxy. If you’re not on an internal IP subnet and have a static IP assigned directly to the linux machine you’re doing this on then I expect you have enough knowledge of IPTables to block the SAB port and allow the proxy port.

Read the rest of this entry »

I like to have interfaces and description, not one or the other. So I do this. Use your favorite editor to open indexmaker: vi /usr/bin/indexmaker

Find this part:

for ($$opt{section}) {
# ...Skip ahead to descr...
/^descr(iption)?$/ &&
do{
$section = "No Description for $item";
$$rcfg{setenv}{$item} =~ /MRTG_INT_DESCR="(.+?)"/ #"
and $section = $1;
$$rcfg{pagetop}{$item} =~
m,<td>Description:</td>\s*<td>\Q$section\E\s*([^< ][^>]+?)

,i
and $section = $1;
last;
};


The first “and $section = $1;” is a catch all to assign the interface name if there’s no description. The second one overwrites it, replacing the int name if it does find a description. So all you need to do is modify the second instance of “and $section = $1;” to:

and $section = $section . " - " . $1;

And your MRTG index is infinitely improved!

Can’t send from certain locations and keep having to turn on/off outgoing server SMTP Authentication in outlook 2007? You might see this error too: “None of the Authentication Methods Supported By This Client Are Supported By Your Server”

My Answer: Goto Email Accounts, Change the problem account, More Settings, Outgoing Server tab, and check outgoing server require authentication and choose “Log on to incoming mail server before sending mail” instead of “Use same settings as incoming” – Outlook 2007 is the first and only mail program to require any of our mail servers to use this setting. So far I’ve only confirmed the problem to be on older sendmail servers. There can be other solutions to this error message but this is one I find most often resolves it.

The Question: As a systems administrator I take calls for our tech support queue and one user called with a really odd problem. Basically it’s detailed here:

http://thepursuitofalife.com/outlook-2007-error-none-of-the-authentication-methods-supported-by-this-client-are-supported-by-your-server/

Like the above link describes the user would have to disable SMTP auth in certain locations (That’s a workaround, not the solution), even though all our servers require SMTP authentication. The above link eventually shares the true solution but it’s buried under many comments thanking the poster for the work around. So I decided to help fellow googlers by making this post.

Update: Comments about other people’s experience with this error made me want to add my further experience with it. I’ve seen this error a lot more often since I first made this post and am convinced it’s really some sort of bug with Outlook 2007. Some people cannot get rid of the error and have to continually switch between “Log on to incoming mail server before sending mail” and “Use same settings as incoming” to keep outlook sending correctly. Whereas if they switch to Windows Mail (The Vista and Windows 7 equivalent of outlook express) they never need to do anything but set ‘use same settings as incoming’ and never have any problem sending. If it’s not a ‘2007 Bug’ then it’s definitely a Outlook 2007 incompatibility with certain MTAs – specifically (maybe just older) sendmail – our postfix servers don’t seem to have this bug, but like I just said only 2007 has this incompatibility so you can’t entirely blame sendmail.

I thought I’d make a list of applications I usually need after a fresh windows install and what order I install them in. Since this time I’m using Windows 7 (W7) Beta I’ll be commenting about major differences I take notice of about W7 along the way too – I’ve had tastes of Vista before so I know my way around their new control panel and other menu changes. Note I’m running the 64-bit version so some of my links are to 64-bit apps/drivers.

Windows 7 bugged me about anti virus right away so I grabbed that first…
Read the rest of this entry »

Here my chronicle of fixes and tasks I had to go through while setting up my HDTV HTPC / home server.

I upgraded from an older xUbuntu to xUbuntu 8.10 64-bit and the first thing I had to do is restore the windows file share where I backed up configurations, samba shares, and my Adaptec SATA Raid 1210SA. Then I had to conquer ATI’s proprietary drivers and restore my previous install’s server functionality. Next time I’ll be finishing up the HTPC portion by configuring my TV Tuner with mythTV and installing Boxee as well – and maybe integrating the two together if possible.
Read the rest of this entry »