From lvl at omnitec.net Thu Jul 11 14:34:02 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Thu, 11 Jul 2013 13:34:02 -0500 (CDT) Subject: [GRLUG] Google ban Message-ID: Happy Hot Days to all! We have a client on a dedicated server; about a month ago someone hacked an email password and starting sending copious amounts of SPAM, a lot of which, apparently, targeted Google. Since then, Google seems to be refusing email from that IP. I have submitted 'reports' three different times, but nothing happens - Google still doesn't like that IP. The server is not listed anywhere, .. sendarbase, mxtoolbox, etc. have all beenclear for over a month. Has anyone discovered a way to get the ban reset? Thanks! Lee From mfarver at mindbent.org Thu Jul 11 15:01:39 2013 From: mfarver at mindbent.org (Mark Farver) Date: Thu, 11 Jul 2013 15:01:39 -0400 Subject: [GRLUG] Google ban In-Reply-To: References: Message-ID: Without the bounce message it is hard to tell..but you should have Domainkeys and SPF setup if you want good odds of being able to send to Google. You should also ensure the server is not on an IP block that is marked for client usage. On Jul 11, 2013 2:41 PM, "L. V. Lammert" wrote: > Happy Hot Days to all! > > We have a client on a dedicated server; about a month ago someone > hacked an email password and starting sending copious amounts of SPAM, a > lot of which, apparently, targeted Google. > > Since then, Google seems to be refusing email from that IP. I have > submitted 'reports' three different times, but nothing happens - Google > still doesn't like that IP. > > The server is not listed anywhere, .. sendarbase, mxtoolbox, etc. have all > beenclear for over a month. > > Has anyone discovered a way to get the ban reset? > > Thanks! > > Lee > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lvl at omnitec.net Thu Jul 11 15:08:35 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Thu, 11 Jul 2013 14:08:35 -0500 (CDT) Subject: [GRLUG] Google ban Message-ID: On -1 xxx -1, it was written: > Without the bounce message it is hard to tell..but you should have > Domainkeys and SPF setup if you want good odds of being able to send to > Google. You should also ensure the server is not on an IP block that is > marked for client usage. > The error returned has not changed for over a month: SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [74.125.129.27]: 550-5.7.1 [198.46.86.21] Our system has detected an unusual rateof 550-5.7.1 unsolicited mail originating from your IP address. To protect our 550-5.7.1 users from spam, mail sent from your IP address has been blocked. 550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review 550 5.7.1 our Bulk Email Senders Guidelines. zk10si13903920pac.185 - gsmtp spf appears valid, .. no blacklists or entries on senderbase. Lee From mfarver at mindbent.org Thu Jul 11 15:21:06 2013 From: mfarver at mindbent.org (Mark Farver) Date: Thu, 11 Jul 2013 15:21:06 -0400 Subject: [GRLUG] Google ban In-Reply-To: References: Message-ID: Google can be tricky to get an unblock from. Usually I find that if you fill out the form here carefully and explain it they will usually unblock. However they can be pretty tough to convince if you have a large number of spam reports from Google users. Sometimes you have to change IPs. https://support.google.com/mail/contact/msgdelivery On Jul 11, 2013 3:15 PM, "L. V. Lammert" wrote: > On -1 xxx -1, it was written: > > > Without the bounce message it is hard to tell..but you should have > > Domainkeys and SPF setup if you want good odds of being able to send to > > Google. You should also ensure the server is not on an IP block that is > > marked for client usage. > > > The error returned has not changed for over a month: > > > SMTP error from remote mail server after end of data: > host gmail-smtp-in.l.google.com [74.125.129.27]: > 550-5.7.1 [198.46.86.21] Our system has detected an > unusual rateof > 550-5.7.1 unsolicited mail originating from your IP address. To > protect our > 550-5.7.1 users from spam, mail sent from your IP address has been > blocked. > 550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html > to review > 550 5.7.1 our Bulk Email Senders Guidelines. zk10si13903920pac.185 - > gsmtp > > spf appears valid, .. no blacklists or entries on senderbase. > > Lee > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lvl at omnitec.net Thu Jul 11 15:17:12 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Thu, 11 Jul 2013 14:17:12 -0500 (CDT) Subject: [GRLUG] Google ban In-Reply-To: References: Message-ID: On Thu, 11 Jul 2013, Mark Farver wrote: > Google can be tricky to get an unblock from. Usually I find that if you > fill out the form here carefully and explain it they will usually unblock. > However they can be pretty tough to convince if you have a large number of > spam reports from Google users. Sometimes you have to change IPs. > https://support.google.com/mail/contact/msgdelivery > Unfortunately, that's the form I filled out, *THREE TIME* over the past month, but nothing happens. TFTR, Lee From brousch at gmail.com Fri Jul 12 14:16:44 2013 From: brousch at gmail.com (Ben Rousch) Date: Fri, 12 Jul 2013 14:16:44 -0400 Subject: [GRLUG] BarCamp Grand Rapids 2013 Announcement Message-ID: Geeks, Makers, and programmers lend me your Inboxes! The eighth annual BarCamp Grand Rapids will be on Friday, August 23 and Saturday, August 24, 2013 at Calvin College?s DeVos Communications Center. To register for free, visit: http://barcampgr.org/register/ New to BarCampGR or want more information? Read on. What is BarCampGR? BarCamp is about meeting interesting people, talking about what you want to talk about, and listening to what you're interested in. Subjects of discussion have ranged from web programming and digital photography to computer vision and turkey basting. (No, there wasn't a talk on having a computer visually monitor your turkey, but if you've tried it, you're welcome to report on your experiences!) You see, the talks are not set beforehand, it's you, the attendees, who give BarCampGR direction and content. What's the format? Presentations are 25 minutes long, with five minutes in between. You're welcome to sit in on a presentation or hang around in the lounge and talk; it's all the same with us. If you run a presentation, we don't care how you run it - so long as you don't get us in trouble! Give a monologue, a Q&A or a round table; it's your topic, your presentation, your audience. If people didn't want to spend 25 minutes on your topic, they wouldn't be there. Don't know what to talk about? Certainly you have some relatively unique experiences. What do you do for a hobby? What's something you managed to fix that you're proud of? It doesn't matter if the height of your accomplishment is changing your car's oil or if you've war-driven half of the Grand Rapids area; if people are interested, they will show up at your talk. If they aren?t, they will probably attend one of the other talks during that time. But I'm not an expert! Sure you are! If you know the first thing about a subject, you know more than people who don't. And, yes, people who know more than you will probably attend your presentation. Interact with them; you both have something to learn from each other. Chances are, if you're both really interested in a subject, you'll find yourselves looking for each other in the lounge, later. But perhaps you're... Shy? That's fine. Come on in, take a look around and get a feel for things. It's a two-day event; come by on Friday, sit in on the presentations which interest you or hang around in the lounge and network with other people. Perhaps you'll be inspired to talk about something later, or on Saturday. You never really know. If you'd like to be able to listen, but don't know if you'll have anything to say, you can still... Help Out On the days of the event itself, we typically need greeters, people to babysit the facility overnight (some folks stay overnight), people to respond to technical issues such as "why won't the projector work with my laptop" and "could someone turn down the lights so we could see the screen?" We also have a subreddit again this year, r/BarCampGR. Use it to ask for certain subjects to be covered. Use it to offer subjects that you can talk about. During the event, use it to have almost-live discussions about things with people who aren't immediately present. After the event, use it to post supplemental materials and ask followup questions. We have a lot of other ways you can keep up to date on BarCampGR news and updates via the following social media outlets: * Website: http://barcampgr.org * Campers Email List: http://lists.barcampgr.org/listinfo.cgi/campers-barcampgr.org * Twitter: @barcampgr * Subreddit: http://www.reddit.com/r/BarCampGR/ * Facebook: https://www.facebook.com/pages/BarCampGR/112347402141619 * Google+: https://plus.google.com/b/116952079842867940611/ * IRC: #barcampgr on Freenode * LinkedIn: http://www.linkedin.com/company/479534?trk=tyah Also, if you'd like to help us organize BarCampGR, then sign up for the BarCampGR Organizers' Email Group and jump right into the conversation at http://lists.barcampgr.org/listinfo.cgi/organizers-barcampgr.org REGISTRATION http://barcampgr.org/register/ LOCATION DeVos Communications Center at Calvin College in Grand Rapids, MI SCHEDULE Friday, August 23, 2013 5:00-6:00 PM - Check-in and setup 6:00-7:00 PM - Dinner 7:00 PM - Kick things off with opening session 7:30-9:30 PM - Sessions every 1/2 hour 9:30 PM - After party Overnight 10:00 PM-whenever the next morning - Camping, all-night hacking, etc. Midnight BBQ There will be plenty of room to crash on Friday night, so bring a sleeping bag. Better yet, bring a tent for the geek base camp. Saturday, August 24, 2013 9:00-10:00 AM - Continental Breakfast 10:00 AM-12:00 PM - Sessions every 1/2 hour 12:00-1:00 PM - Lunch 1:00-2:00 PM - 5 minute Lightning Talks 2:00-4:00 PM - Sessions every 1/2 hour 4:00-4:30 PM - Closing session 4:30-5:30 PM - Cleanup * Note, despite the 'bar' in BarCampGR, the event doesn't take place in a bar, only the (optional) Friday after-party does. From desertfrag at yahoo.com Tue Jul 23 22:58:35 2013 From: desertfrag at yahoo.com (desert frag) Date: Tue, 23 Jul 2013 19:58:35 -0700 (PDT) Subject: [GRLUG] Ubuntu forums compromised Message-ID: <1374634715.55709.YahooMailNeo@web162405.mail.bf1.yahoo.com> Just got this. ?Wonderful. Hello, You are receiving this message because you have an account registered with this address on?ubuntuforums.org. The?Ubuntu?forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database. If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts. The?ubuntuforums.org?website is currently offline and we are working to restore this service. Please take the time to change your?ubuntuforums.orgaccount password when service is restored. We apologize for any inconvenience to the?Ubuntu?community, thank you for your understanding. The Canonical Sysadmins. -------------- next part -------------- An HTML attachment was scrubbed... URL: From don.ellis at gmail.com Wed Jul 24 16:53:02 2013 From: don.ellis at gmail.com (Don Ellis) Date: Wed, 24 Jul 2013 15:53:02 -0500 Subject: [GRLUG] Ubuntu forums compromised In-Reply-To: <1374634715.55709.YahooMailNeo@web162405.mail.bf1.yahoo.com> References: <1374634715.55709.YahooMailNeo@web162405.mail.bf1.yahoo.com> Message-ID: Yes, I got that message, and a very similar one from the Apple Developer website (intruder attempt last Thursday, notification sent Jul 22). --Don Ellis On Tue, Jul 23, 2013 at 9:58 PM, desert frag wrote: > Just got this. Wonderful. > > Hello, > > You are receiving this message because you have an account registered with > this address on ubuntuforums.org. > > The Ubuntu forums software was compromised by an external attacker. As a > result, the attacker has gained access to read your username, email address > and an encrypted copy of your password from the forum database. > > If you have used this password and email address to authenticate at any > other website, you are urged to reset the password on those accounts > immediately as the attacker may be able to use the compromised personal > information to access these other accounts. It is important to have a > distinct password for different accounts. > > The ubuntuforums.org website is currently offline and we are working to > restore this service. Please take the time to change your ubuntuforums.orgaccount > password when service is restored. > > We apologize for any inconvenience to the Ubuntu community, thank you for > your understanding. > > The Canonical Sysadmins. > > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lvl at omnitec.net Mon Jul 29 10:15:27 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 09:15:27 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? Message-ID: Tried to setup Evolution to play with it, but it wants to use TLS even if you have "No Security" selected! Is it *POSSIBLE* to use Evolution with an internal email server (no security)? Thanks! Lee From mfarver at mindbent.org Mon Jul 29 10:39:00 2013 From: mfarver at mindbent.org (Mark Farver) Date: Mon, 29 Jul 2013 10:39:00 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: Message-ID: Are you using the right port (110 or 143)? I remember something about Evolution forcing SSL if you use port 993 (imaps) or port 995 (pops). Mark On Jul 29, 2013 10:15 AM, "L. V. Lammert" wrote: > Tried to setup Evolution to play with it, but it wants to use TLS even if > you have "No Security" selected! > > Is it *POSSIBLE* to use Evolution with an internal email server (no > security)? > > Thanks! > > Lee > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From awilliam at whitemice.org Mon Jul 29 11:05:14 2013 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Mon, 29 Jul 2013 11:05:14 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: Message-ID: <1375110314.3099.10.camel@linux-86wr.site> On Mon, 2013-07-29 at 10:39 -0400, Mark Farver wrote: > Are you using the right port (110 or 143)? I remember something about > Evolution forcing SSL if you use port 993 (imaps) or port 995 (pops). 'Evolution' does not force SSL for those ports - those ports are *for* SSL secured connections; hence "imaps" and "pops". Any other use of those ports is simply incorrect. If you are using TLS then you just use the normal 110 & 143 ports. Assuming your server/provider supports TLS. >Is it *POSSIBLE* to use Evolution with an internal email server (no >security)? Certainly, it works perfectly. >Tried to setup Evolution to play with it, but it wants to use TLS even >if you have "No Security" selected! Perhaps the server requires TLS in order to authenticate? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA From lvl at omnitec.net Mon Jul 29 11:17:39 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 10:17:39 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: <1375110314.3099.10.camel@linux-86wr.site> References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: On Mon, 29 Jul 2013, Adam Tauno Williams wrote: > On Mon, 2013-07-29 at 10:39 -0400, Mark Farver wrote: > > Are you using the right port (110 or 143)? I remember something about > > Evolution forcing SSL if you use port 993 (imaps) or port 995 (pops). > Not a POP problem, .. it's an SMTP problem. The configuration uses 25, however selecting "No Encryption" still uses TLS. > >Is it *POSSIBLE* to use Evolution with an internal email server (no > >security)? > > Certainly, it works perfectly. > For SMTP? > >Tried to setup Evolution to play with it, but it wants to use TLS even > >if you have "No Security" selected! > > Perhaps the server requires TLS in order to authenticate? > The server does not, .. Evolution appears to have no way to disable TLS. Thanks! Lee From mfarver at mindbent.org Mon Jul 29 11:35:04 2013 From: mfarver at mindbent.org (Mark Farver) Date: Mon, 29 Jul 2013 11:35:04 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: On Jul 29, 2013 11:18 AM, "L. V. Lammert" wrote: > Not a POP problem, .. it's an SMTP problem. The configuration uses 25, > however selecting "No Encryption" still uses TLS. That would have been helpful to know in the original question SMTP doesn't have SSL by default (on port 25) Instead a server offers it in the capabilities and the connecting end chooses TLS by sending a start command. I'm guessing but your server is offering TLS but likely has an unsigned or untrusted certificate that is causing the connection to fail. I'm going to guess that you are trying to send mail via exchange? Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From lvl at omnitec.net Mon Jul 29 11:43:01 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 10:43:01 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: On Mon, 29 Jul 2013, Mark Farver wrote: > On Jul 29, 2013 11:18 AM, "L. V. Lammert" wrote: > > > Not a POP problem, .. it's an SMTP problem. The configuration uses 25, > > however selecting "No Encryption" still uses TLS. > > That would have been helpful to know in the original question SMTP doesn't > have SSL by default (on port 25) Instead a server offers it in the > capabilities and the connecting end chooses TLS by sending a start command. > Sorry, .. > I'm guessing but your server is offering TLS but likely has an unsigned or > untrusted certificate that is causing the connection to fail. > There is no SSL/TLS capability on this server, as it only lives inside the newtork and security is by originating IP. > I'm going to guess that you are trying to send mail via exchange? > Huh? Some might consider that an insult !! OpenBSD/Sendmail. Lee From mfarver at mindbent.org Mon Jul 29 12:11:34 2013 From: mfarver at mindbent.org (Mark Farver) Date: Mon, 29 Jul 2013 12:11:34 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: Ensure that the sendmail server does not have confCACERT, confCACERT_PATH, confSERVER_CERT. AND confSERVER_KEY set in the confif file...this should prevent it from offering any tls options. Mark On Jul 29, 2013 11:43 AM, "L. V. Lammert" wrote: > On Mon, 29 Jul 2013, Mark Farver wrote: > > > On Jul 29, 2013 11:18 AM, "L. V. Lammert" wrote: > > > > > Not a POP problem, .. it's an SMTP problem. The configuration uses 25, > > > however selecting "No Encryption" still uses TLS. > > > > That would have been helpful to know in the original question SMTP > doesn't > > have SSL by default (on port 25) Instead a server offers it in the > > capabilities and the connecting end chooses TLS by sending a start > command. > > > Sorry, .. > > > I'm guessing but your server is offering TLS but likely has an unsigned > or > > untrusted certificate that is causing the connection to fail. > > > There is no SSL/TLS capability on this server, as it only lives inside the > newtork and security is by originating IP. > > > I'm going to guess that you are trying to send mail via exchange? > > > Huh? Some might consider that an insult !! OpenBSD/Sendmail. > > Lee > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lvl at omnitec.net Mon Jul 29 12:20:34 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 11:20:34 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: On Mon, 29 Jul 2013, Mark Farver wrote: > Ensure that the sendmail server does not have confCACERT, confCACERT_PATH, > confSERVER_CERT. AND confSERVER_KEY set in the confif file...this should > prevent it from offering any tls options. > > Mark > Mark, The server is definately NOT offering any TLS options, .. if you scan for login protocols, none are available. Is anyone using Evolution without any SMTP encryption? Lee From mikemol at gmail.com Mon Jul 29 12:29:59 2013 From: mikemol at gmail.com (Michael Mol) Date: Mon, 29 Jul 2013 12:29:59 -0400 Subject: [GRLUG] Fwd: Give me a shout when you get a chance In-Reply-To: References: Message-ID: If there's anyone willing and interesting in tutoring students in Kalamazoo part-time, please get in touch with Tony McCutchen and/or Karen Mosier at Davenport. I did it for a few months before I got too busy. One thing that I found largely works is tutoring students via Blackboard Collaborate, a videoconferencing package they have. That saved me driving trips to Kalamazoo. (I would have been compensated for the driving, but I simply found it more efficient to do it remotely.) ---------- Forwarded message ---------- From: Tony McCutchen Date: Mon, Jul 29, 2013 at 11:50 AM Subject: Give me a shout when you get a chance To: Michael Mol Congrats on A full-time job. Do you have anyone in mind that could take your place that would be interested in tutoring from the Grand Rapids Linux user group ? if I am not at my desk my cell is 616.706.2838 Associate Department Chair, Networking and Security Information Assurance Grand Rapids/Holland/Kalamazoo/Battle Creek 6191 Kraft Avenue S.E. Grand Rapids MI 49512 (616) 871-3981 (616) 554-5225 fax amccutchen at davenport.edu Please Rate My Customer Service: http://www.davenport.edu/office-performance-excellence/great-award -- :wq From mfarver at mindbent.org Mon Jul 29 12:35:15 2013 From: mfarver at mindbent.org (Mark Farver) Date: Mon, 29 Jul 2013 12:35:15 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: Telnet to port 25 on the mail server. After the 220 banner messages type "EHLO client.example.com" press enter and cut and past the entire session here. No mail client can use SSL by default on port 25. It will fail on every server. SMTP over SSL should be on port 465. SSL on port 25 can be requested by the client but only after the server offers the option. Something more subtle than an configuration option is at work here. Evolution also had a bug for awhile where messages compared while SSL options were turned on would never be sent if SSL was later turned off...but that was a long time ago. Mark On Jul 29, 2013 12:20 PM, "L. V. Lammert" wrote: > On Mon, 29 Jul 2013, Mark Farver wrote: > > > Ensure that the sendmail server does not have confCACERT, > confCACERT_PATH, > > confSERVER_CERT. AND confSERVER_KEY set in the confif file...this should > > prevent it from offering any tls options. > > > > Mark > > > Mark, > > The server is definately NOT offering any TLS options, .. if you scan for > login protocols, none are available. > > Is anyone using Evolution without any SMTP encryption? > > Lee > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From amccutchen at davenport.edu Mon Jul 29 12:50:02 2013 From: amccutchen at davenport.edu (Tony McCutchen) Date: Mon, 29 Jul 2013 12:50:02 -0400 Subject: [GRLUG] Fwd: Give me a shout when you get a chance In-Reply-To: References: Message-ID: Thanks !!!!! Associate Department Chair, Networking and Security Information Assurance Grand Rapids/Holland/Kalamazoo/Battle Creek 6191 Kraft Avenue S.E. Grand Rapids MI 49512 (616) 871-3981 (616) 554-5225 fax amccutchen at davenport.edu Please Rate My Customer Service: http://www.davenport.edu/office-performance-excellence/great-award On Mon, Jul 29, 2013 at 12:29 PM, Michael Mol wrote: > If there's anyone willing and interesting in tutoring students in > Kalamazoo part-time, please get in touch with Tony McCutchen and/or > Karen Mosier at Davenport. > > I did it for a few months before I got too busy. One thing that I > found largely works is tutoring students via Blackboard Collaborate, a > videoconferencing package they have. That saved me driving trips to > Kalamazoo. (I would have been compensated for the driving, but I > simply found it more efficient to do it remotely.) > > > ---------- Forwarded message ---------- > From: Tony McCutchen > Date: Mon, Jul 29, 2013 at 11:50 AM > Subject: Give me a shout when you get a chance > To: Michael Mol > > > Congrats on A full-time job. Do you have anyone in mind that could > take your place that would be interested in tutoring from the Grand > Rapids Linux user group ? > > if I am not at my desk my cell is 616.706.2838 > > > > Associate Department Chair, Networking and Security Information Assurance > Grand Rapids/Holland/Kalamazoo/Battle Creek > 6191 Kraft Avenue S.E. > Grand Rapids MI 49512 > (616) 871-3981 > (616) 554-5225 fax > amccutchen at davenport.edu > > Please Rate My Customer Service: > http://www.davenport.edu/office-performance-excellence/great-award > > > -- > :wq > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lvl at omnitec.net Mon Jul 29 12:52:10 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 11:52:10 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: On Mon, 29 Jul 2013, Mark Farver wrote: > Telnet to port 25 on the mail server. After the 220 banner messages type > "EHLO client.example.com" press enter and cut and past the entire session > here. > No problem at all, .. $ telnet 25 Trying 206.197.251.199... Connected to . Escape character is '^]'. 220 ESMTP Sendmail 8.12.8/8.12.8; Mon, 29 Jul 2013 11:42:53 -0500 (CDT) I can guarantee it doesn't know anything about TLS or SSL - it only accepts SMTP traffic from internal users and was actually built before TLS was mainstream. Why would Evolution try to start a TLS session without it selected or available? Thanks! Lee From mfarver at mindbent.org Mon Jul 29 12:58:11 2013 From: mfarver at mindbent.org (Mark Farver) Date: Mon, 29 Jul 2013 12:58:11 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site> Message-ID: You need to issue and send the output from the ehlo command that was specified. On Jul 29, 2013 12:52 PM, "L. V. Lammert" wrote: > On Mon, 29 Jul 2013, Mark Farver wrote: > > > Telnet to port 25 on the mail server. After the 220 banner messages type > > "EHLO client.example.com" press enter and cut and past the entire > session > > here. > > > No problem at all, .. > > $ telnet 25 > Trying 206.197.251.199... > Connected to . > Escape character is '^]'. > 220 ESMTP Sendmail 8.12.8/8.12.8; Mon, 29 Jul 2013 > 11:42:53 -0500 (CDT) > > I can guarantee it doesn't know anything about TLS or SSL - it only > accepts SMTP traffic from internal users and was actually built before TLS > was mainstream. > > Why would Evolution try to start a TLS session without it selected or > available? > > Thanks! > > Lee > _______________________________________________ > grlug mailing list > grlug at grlug.org > http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mfarver at mindbent.org Mon Jul 29 12:59:17 2013 From: mfarver at mindbent.org (Mark Farver) Date: Mon, 29 Jul 2013 12:59:17 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

Message-ID: Other option is do a wireshark capture of evolution trying to connect. Mark On Jul 29, 2013 12:58 PM, "Mark Farver" wrote: > You need to issue and send the output from the ehlo command that was > specified. > On Jul 29, 2013 12:52 PM, "L. V. Lammert" wrote: > >> On Mon, 29 Jul 2013, Mark Farver wrote: >> >> > Telnet to port 25 on the mail server. After the 220 banner messages >> type >> > "EHLO client.example.com" press enter and cut and past the entire >> session >> > here. >> > >> No problem at all, .. >> >> $ telnet 25 >> Trying 206.197.251.199... >> Connected to . >> Escape character is '^]'. >> 220 ESMTP Sendmail 8.12.8/8.12.8; Mon, 29 Jul 2013 >> 11:42:53 -0500 (CDT) >> >> I can guarantee it doesn't know anything about TLS or SSL - it only >> accepts SMTP traffic from internal users and was actually built before TLS >> was mainstream. >> >> Why would Evolution try to start a TLS session without it selected or >> available? >> >> Thanks! >> >> Lee >> _______________________________________________ >> grlug mailing list >> grlug at grlug.org >> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lvl at omnitec.net Mon Jul 29 13:02:39 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 12:02:39 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

Message-ID: On Mon, 29 Jul 2013, Mark Farver wrote: > You need to issue and send the output from the ehlo command that was > specified. > EHLO storm.omnitec.net 250- Hello marvel.omnitec.net [206.197.251.252], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-DELIVERBY 250 HELP -------------- next part -------------- _______________________________________________ grlug mailing list grlug at grlug.org http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug From lvl at omnitec.net Mon Jul 29 13:05:40 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 12:05:40 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

Message-ID: On Mon, 29 Jul 2013, Mark Farver wrote: > Other option is do a wireshark capture of evolution trying to connect. > > Mark > I'd throw it out and switch to Thunderbird before doing that, .. even if I knew what was going on, it does not appear that Evolution is capable of using our internal server. Lee From awilliam at whitemice.org Mon Jul 29 13:14:21 2013 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Mon, 29 Jul 2013 13:14:21 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

Message-ID: <1375118061.12028.0.camel@workstation.wmmi.net> On Mon, 2013-07-29 at 12:05 -0500, L. V. Lammert wrote: > On Mon, 29 Jul 2013, Mark Farver wrote: > > Other option is do a wireshark capture of evolution trying to connect. > I'd throw it out and switch to Thunderbird before doing that, .. even if > I knew what was going on, it does not appear that Evolution is capable of > using our internal server. No. It connects to a myriad SMTP & IMAP servers without issue. You haven't provided anything that indicates a bug. From lvl at omnitec.net Mon Jul 29 13:35:14 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Mon, 29 Jul 2013 12:35:14 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: <1375118061.12028.0.camel@workstation.wmmi.net> References: <1375110314.3099.10.camel@linux-86wr.site>

<1375118061.12028.0.camel@workstation.wmmi.net> Message-ID: On Mon, 29 Jul 2013, Adam Tauno Williams wrote: > On Mon, 2013-07-29 at 12:05 -0500, L. V. Lammert wrote: > > On Mon, 29 Jul 2013, Mark Farver wrote: > > > Other option is do a wireshark capture of evolution trying to connect. > > I'd throw it out and switch to Thunderbird before doing that, .. even if > > I knew what was going on, it does not appear that Evolution is capable of > > using our internal server. > > No. It connects to a myriad SMTP & IMAP servers without issue. You > haven't provided anything that indicates a bug. > That may be true, but we have not heard from anyone successfully using Evolution without SMTP encryption, .. Besides, with encryption turned OFF, the appearance of a "Cannot STARTTLS" would certainly seem like a problem. Lee From awilliam at whitemice.org Mon Jul 29 17:43:41 2013 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Mon, 29 Jul 2013 17:43:41 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

<1375118061.12028.0.camel@workstation.wmmi.net> Message-ID: <1375134221.2741.6.camel@linux-22wg.site> On Mon, 2013-07-29 at 12:35 -0500, L. V. Lammert wrote: > On Mon, 29 Jul 2013, Adam Tauno Williams wrote: > > > On Mon, 2013-07-29 at 12:05 -0500, L. V. Lammert wrote: > > > On Mon, 29 Jul 2013, Mark Farver wrote: > > > > Other option is do a wireshark capture of evolution trying to connect. > > > I'd throw it out and switch to Thunderbird before doing that, .. even if > > > I knew what was going on, it does not appear that Evolution is capable of > > > using our internal server. > > > > No. It connects to a myriad SMTP & IMAP servers without issue. You > > haven't provided anything that indicates a bug. > > > That may be true, but we have not heard from anyone successfully using > Evolution without SMTP encryption, .. I just tested it, it works. Sending Email: Server: 10.66.1.2 Port: 25 Encryption method: No encryption Sent. No errors, no restart required. Jul 29 17:39:46 server01 postfix/smtpd[13341]: 0A9A27C34: client=unknown[10.66.1.130] Jul 29 17:39:46 server01 postfix/cleanup[13345]: 0A9A27C34: message-id=<1375133985.2741.2.camel at linux-22wg.site> Jul 29 17:39:46 server01 postfix/qmgr[13334]: 0A9A27C34: from=, size=521, nrcpt=1 (queue active) Jul 29 17:39:46 server01 postfix/smtpd[13341]: disconnect from unknown[10.66.1.130] > Besides, with encryption turned OFF, the appearance of a "Cannot STARTTLS" > would certainly seem like a problem. From lvl at omnitec.net Tue Jul 30 12:23:19 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Tue, 30 Jul 2013 11:23:19 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: <1375134221.2741.6.camel@linux-22wg.site> References: <1375110314.3099.10.camel@linux-86wr.site>

<1375118061.12028.0.camel@workstation.wmmi.net> <1375134221.2741.6.camel@linux-22wg.site> Message-ID: On Mon, 29 Jul 2013, Adam Tauno Williams wrote: > > That may be true, but we have not heard from anyone successfully using > > Evolution without SMTP encryption, .. > > I just tested it, it works. > > Sending Email: > Server: 10.66.1.2 Port: 25 > Encryption method: No encryption > > Sent. No errors, no restart required. > Interesting, .. why, then, does it choke when talking to sendmail? Have there been updates in the RFCs that Evolution is following but our old sendmail server is not? Lee From mfarver at mindbent.org Tue Jul 30 12:40:43 2013 From: mfarver at mindbent.org (Mark Farver) Date: Tue, 30 Jul 2013 12:40:43 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

<1375118061.12028.0.camel@workstation.wmmi.net> <1375134221.2741.6.camel@linux-22wg.site> Message-ID: On Tue, Jul 30, 2013 at 12:23 PM, L. V. Lammert wrote: > Interesting, .. why, then, does it choke when talking to sendmail? Have > there been updates in the RFCs that Evolution is following but our old > sendmail server is not? There were a few bugs in Sendmail's TLS handling around 8.14 that can cause this very issue, though I'm still at a loss as to why its happening on a server with TLS disabled. It may be you are correct, and Evolution is sending STARTTLS and looking for the command to be rejected, instead of verifying that the server even offers it as an option. Either that of the starttls error is a red herring, and something else is wrong. (I found one article saying that not having the authentication username filled in might cause this error.) A wireshark capture of the TCP session would be very interesting, I think. Mark From awilliam at whitemice.org Tue Jul 30 13:23:43 2013 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Tue, 30 Jul 2013 13:23:43 -0400 Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

<1375118061.12028.0.camel@workstation.wmmi.net> <1375134221.2741.6.camel@linux-22wg.site>

Message-ID: <1375205023.2572.1.camel@linux-86wr.site> On Tue, 2013-07-30 at 12:40 -0400, Mark Farver wrote: > On Tue, Jul 30, 2013 at 12:23 PM, L. V. Lammert wrote: > > Interesting, .. why, then, does it choke when talking to sendmail? Have > > there been updates in the RFCs that Evolution is following but our old > > sendmail server is not? > There were a few bugs in Sendmail's TLS handling around 8.14 that can > cause this very issue, though I'm still at a loss as to why its > happening on a server with TLS disabled. It may be you are correct, > and Evolution is sending STARTTLS and looking for the command to be > rejected, instead of verifying that the server even offers it as an > option. Either that of the starttls error is a red herring, and > something else is wrong. (I found one article saying that not having > the authentication username filled in might cause this error.) If the server does not offer authentication it might be reasonable to try to protect the connection and then try - as most servers will not offer authentication on an unprotected connection. > A wireshark capture of the TCP session would be very interesting, I think. Exactly, use-the-tools! I always go for Wireshark first thing when there is some kind of network service issue; otherwise there is just a lot speculative he-said-she-said. Why bother with that when you can see for yourself? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA From lvl at omnitec.net Tue Jul 30 16:11:13 2013 From: lvl at omnitec.net (L. V. Lammert) Date: Tue, 30 Jul 2013 15:11:13 -0500 (CDT) Subject: [GRLUG] Evolution NO TLS? In-Reply-To: References: <1375110314.3099.10.camel@linux-86wr.site>

<1375118061.12028.0.camel@workstation.wmmi.net> <1375134221.2741.6.camel@linux-22wg.site>

Message-ID: On Tue, 30 Jul 2013, Mark Farver wrote: > A wireshark capture of the TCP session would be very interesting, I think. > Indeed, .. I'll see what I can do. Lee