Re: More of a philosophical question
On Thu, 2009-11-12 at 02:54 +, RW wrote: On Thu, 12 Nov 2009 01:45:00 +0100 Mark Martinec mark.martinec...@ijs.si wrote: The IP address is not registered as belonging to Yahoo. The message is also missing their DKIM and DK signatures. OTOH it does have full-circle dns that ends in yahoo.com. The initial webmail post came from: Received: from [41.207.162.4] by web.biz.mail.sk1.yahoo.com via HTTP; Sun, 08 Nov 2009 12:33:16 PST That IP [41.207.162.4] belongs to: person: ali-kpohou Mayeki address: TOGO TELECOM Avenue Nicolas Grunitzky BP: 333 Lome TOGO phone:+228 902 6617 e-mail: akpo...@togotel.net.tg so its from a Yahoo subscriber in Togo. Martin
Re: [sa] More of a philosophical question
On Wed, 11 Nov 2009, Philip A. Prindeville wrote: Return-Path: evan_law...@davidark.net Received: from web.biz.mail.sk1.yahoo.com On 11.11.09 17:15, Charles Gregory wrote: The 'not from our server' response makes me think that Yahell needs to update their e-mail response robot. A while ago Yahell started partnering with companies like Rogers telecom here in Ontario, so that they were the e-mail 'provider' for any of Rogers DSL customers, many of whom have addresses at domains *other* than Yahell. I would suspect that they adjusted their mail interface to allow custom envelope senders from these sources, but did not update theior robot to handle the case where Return-Path is not a Yahoo address imho, if a user uses someone's mailservers to receive mail, (s)he should use their servers to send mail too. That is the only way to properly implement anti-forging techniques like SPF, DKIM etc. I also do not like people using our competitors' mailsevrers for receiving mail (and pay them for that) while sending spam through us... Either that or the server name is 'new' and not handled by the robot. Either way, I would find a way to MUNG the contents of the e-mail sufficiently that Yahoo can no longer 'parse' the headers and 'auto respond'. Then you might get a human to look at it MAYBE. :) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question!
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Ted Mittelstaedt wrote: Giampaolo Tomassoni wrote: Dream on. Obviously your a pro-Windows person and anti-Linux person and you cannot tolerate your image of Windows being torn down. I seriously doubt Giampaolo is 'pro-windows', and your argument started with me, thinking that somehow I was pro windows. I run a 100% Freebsd shop for servers, I am the official ports maintainer for the freebsd SA port, surly you can't say I am pro-windows. /* disclaimer.. I use razor, which is NOT cloudmark, and the razor plugin for SA does NOT 'blacklist' ip addresses my desktop does run mac osx.. with clamav, because there ARE worms for mac osx */ put your head in the sand, obviously you aren't getting enough money to pay you to fix your clients computers. if you want to blame MS, then don't deal with any clients who use MS. if you want to help your clients, then set up a good update/fix/ scan/ patch, audit policy. not our fault, its your client. _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
RE: spamd SIGCHLD
Thanks Bowie, It would be good idea to increase the maximum amount of SPARE? Thanks Jose Luis Date: Wed, 11 Nov 2009 15:30:58 -0500 From: bowie_bai...@buc.com To: users@spamassassin.apache.org Subject: Re: spamd SIGCHLD Jose Luis Marin Perez wrote: Dear Sir, Some additional data. I am running debugging and got these messages: @40004afb1ab22375c434 [12572] info: prefork: child states: III @40004afb1ab22375d7bc [12572] dbg: prefork: child 13018: entering state 3 @40004afb1ab22375e75c [12572] dbg: prefork: new lowest idle kid: 12580 @40004afb1ab223aa9b8c [12572] dbg: prefork: adjust: decreasing, too many idle children (3 2), killed 13018 @40004afb1ab223d2d46c [12572] dbg: prefork: child 13018: just exited @40004afb1ab223d2e7f4 [12572] dbg: prefork: child 13018: entering state 4 @40004afb1ab223d2fb7c [12572] dbg: prefork: new lowest idle kid: 12580 @40004afb1ab223d30b1c [12572] info: spamd: handled cleanup of child pid 13018 due to SIGCHLD @40004afb1ab223d31ea4 [12572] dbg: prefork: new lowest idle kid: 12580 @40004afb1ab223d3322c [12572] dbg: prefork: child closed connection @40004afb1ab223d341cc [12572] info: prefork: child states: II Any comments? This is just the normal child cleanup. You have set a maximum of 2 idle children, so when there were 3, it killed one. This happens constantly as new children are created and old children are removed. -- Bowie _ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vistamkt=en-USform=QBRE
RE: spamd SIGCHLD
On Thu, 12 Nov 2009, Jose Luis Marin Perez wrote: It would be good idea to increase the maximum amount of SPARE? Not just to make the SIGCHLD warnings go away. The decision is based on your email volume and available resources (CPU, RAM, etc.) Take a look at your memory allocation and swap usage. If your server is not running near its load limit, sure, add some more child processes. When you start hitting swap, or otherwise start seeing performance degradation, take a few off. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control enables genocide while doing little to reduce crime. --- 34 days since President Obama won the Nobel Not George W. Bush prize
Re: spamd SIGCHLD
Jose Luis Marin Perez wrote: Date: Wed, 11 Nov 2009 15:30:58 -0500 From: bowie_bai...@buc.com To: users@spamassassin.apache.org Subject: Re: spamd SIGCHLD This is just the normal child cleanup. You have set a maximum of 2 idle children, so when there were 3, it killed one. This happens constantly as new children are created and old children are removed. -- Bowie Thanks Bowie, It would be good idea to increase the maximum amount of SPARE? That depends on your mail flow and how much RAM you have on the machine. If your mail is going through without any delays, then you should probably leave it as-is. Generally the maximum setting is more interesting than the minimum in any case. -- Bowie
RE: spamd SIGCHLD
Dear John, Thanks, now I have the concept more clear about this. Jose Luis I'm more clear about this. Date: Thu, 12 Nov 2009 06:39:08 -0800 From: jhar...@impsec.org To: users@spamassassin.apache.org CC: bowie_bai...@buc.com Subject: RE: spamd SIGCHLD On Thu, 12 Nov 2009, Jose Luis Marin Perez wrote: It would be good idea to increase the maximum amount of SPARE? Not just to make the SIGCHLD warnings go away. The decision is based on your email volume and available resources (CPU, RAM, etc.) Take a look at your memory allocation and swap usage. If your server is not running near its load limit, sure, add some more child processes. When you start hitting swap, or otherwise start seeing performance degradation, take a few off. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control enables genocide while doing little to reduce crime. --- 34 days since President Obama won the Nobel Not George W. Bush prize _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
RE: spamd SIGCHLD
Dear Bowie, I have increased the maximum amount of SPARE to 5 (--max-spare=5) and I'm monitoring the behavior of the RAM and SWAP. Thanks Jose Luis Date: Thu, 12 Nov 2009 09:42:36 -0500 From: bowie_bai...@buc.com To: users@spamassassin.apache.org Subject: Re: spamd SIGCHLD Jose Luis Marin Perez wrote: Date: Wed, 11 Nov 2009 15:30:58 -0500 From: bowie_bai...@buc.com To: users@spamassassin.apache.org Subject: Re: spamd SIGCHLD This is just the normal child cleanup. You have set a maximum of 2 idle children, so when there were 3, it killed one. This happens constantly as new children are created and old children are removed. -- Bowie Thanks Bowie, It would be good idea to increase the maximum amount of SPARE? That depends on your mail flow and how much RAM you have on the machine. If your mail is going through without any delays, then you should probably leave it as-is. Generally the maximum setting is more interesting than the minimum in any case. -- Bowie _ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesapi.aspx?wx_action=createwx_url=/friends.aspxmkt=en-us
Re: spamd SIGCHLD
On 12.11.09 10:09, Jose Luis Marin Perez wrote: I have increased the maximum amount of SPARE to 5 (--max-spare=5) and I'm monitoring the behavior of the RAM and SWAP. grep your spamd log for 'shild' to have some hints how much of childs do you need. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901
Re: spamd SIGCHLD
On 12.11.09 10:09, Jose Luis Marin Perez wrote: I have increased the maximum amount of SPARE to 5 (--max-spare=5) and I'm monitoring the behavior of the RAM and SWAP. On 12.11.09 16:34, Matus UHLAR - fantomas wrote: grep your spamd log for 'shild' to have some hints how much of childs do you need. Ops, child of course. Unless you need many spamd processes, you don't need many spare spamd's. And your memory status is important to limit the maximum number of spamd's, not spare spamd's. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK]
SA EXTRA MPART TYPE
Hi, a lot of mails end up with this code. Checking through one of them (sent from outlook express), probably the Content-type following the MIME version is the only one that could be responsible. Could someone confirm that this is the trouble spot - and how should the header really read? Wolfgang Hamann The structure of the mail is like: MIME-Version: 1.0 Content-Type: multipart/related; boundary==_NextPart_000_0024_01CA6246.01D6AF40; type=multipart/alternative This is a multi-part message in MIME format. --=_NextPart_000_0024_01CA6246.01D6AF40 Content-Type: multipart/alternative; boundary==_NextPart_001_0025_01CA6246.01D6AF40 --=_NextPart_001_0025_01CA6246.01D6AF40 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable **plaintext goes here** --=_NextPart_001_0025_01CA6246.01D6AF40 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable **html goes here** --=_NextPart_001_0025_01CA6246.01D6AF40-- --=_NextPart_000_0024_01CA6246.01D6AF40 Content-Type: image/gif; name=email3.gif Content-Transfer-Encoding: base64 Content-ID: 3d73afb1e9f74027ba370b76e6f9d...@sabine **embedded image goes here**
Re: More of a philosophical question
Philip A. Prindeville wrote: And I report this to Yahoo!. They then answer: We understand your frustration in receiving unsolicited email. While we investigate all reported violations against the Yahoo! Terms of Service (TOS), in this particular case the message you received was not sent by a Yahoo! Mail user. I've been hit with that response on a number of occasions. However, I've found that if I reply, pointing out their obvious error, I get a positive response. Probably wasted effort, though.
Re: spamd SIGCHLD
On 12-Nov-2009, at 09:27, Matus UHLAR - fantomas wrote: Ops, child of course. Unless you need many spamd processes, you don't need many spare spamd's. I see things like: spamd[10989]: prefork: child states: BB spamd[10989]: prefork: child states: BBI spamd[10989]: prefork: child states: BBII spamd[10989]: prefork: child states: BBS spamd[10989]: prefork: child states: BBSI spamd[10989]: prefork: child states: BI spamd[10989]: prefork: child states: BII spamd[10989]: prefork: child states: BIII spamd[10989]: prefork: child states: BIS spamd[10989]: prefork: child states: IB spamd[10989]: prefork: child states: II spamd[10989]: prefork: child states: III spamd[10989]: prefork: child states: IIK spamd[10989]: prefork: child states: IIS spamd[10989]: prefork: child states: IIZ spamd[10989]: spamd: handled cleanup of child spamd[10989]: spamd: server successfully spawned child (based on a sort -u of the current maillog) -- Against stupidity the gods themselves contend in vain.
Re: spamd SIGCHLD
On 12-Nov-2009, at 09:27, Matus UHLAR - fantomas wrote: Ops, child of course. Unless you need many spamd processes, you don't need many spare spamd's. On 12.11.09 09:58, LuKreme wrote: I see things like: spamd[10989]: prefork: child states: BB spamd[10989]: prefork: child states: BBI spamd[10989]: prefork: child states: BBII spamd[10989]: prefork: child states: BBS spamd[10989]: prefork: child states: BBSI spamd[10989]: prefork: child states: BI spamd[10989]: prefork: child states: BII spamd[10989]: prefork: child states: BIII spamd[10989]: prefork: child states: BIS spamd[10989]: prefork: child states: IB spamd[10989]: prefork: child states: II spamd[10989]: prefork: child states: III spamd[10989]: prefork: child states: IIK spamd[10989]: prefork: child states: IIS spamd[10989]: prefork: child states: IIZ spamd[10989]: spamd: handled cleanup of child spamd[10989]: spamd: server successfully spawned child (based on a sort -u of the current maillog) If you do this over all week, you can safely restrict max number of spamd processes to 5. If you have enough of memory, you can use higher number but you surely don't need more then default values for max-spare (2) and min-spare (1) spamd processes -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. It's now safe to throw off your computer.
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). It IS true. Obviously you were one of the lucky younger folks who never had to do much admining of Macs. I've admined networks with Macs on them since the Mac Toaster came out. Symantec Antivirus for MacOS (pre-OSX) when it was still available was up to several hundred for MacOS Classic. Heck, one of the first Apple viruses was Leap-A - it infected Apple IIs back in 1982. Trust me, I used to work at Symantec - they NEVER sell a product that they can't make money on, not for long, anyways. If Mac Classic was as virus resistant as you think it was, Symantec would have never got into that market. MacOS Classic was particularly bad since so many of them were in classroom lab environments - when 1 got a virus, they all would since apple filesharing considered everything on the Appletalk network a trusted system. Keep in mind of course that few Mac Classic systems were on the Internet past 2003. Classic's Internet days didn't last much more than 5-6 years, the most common vector for MacOS Classic system viruses to spread was infected files shared on floppies or downloaded from BBS systems. Everything changed when MacOS X came. Last year, Macworld found a grand total of 49 infected MacOS X systems - yep, that's 49 in the entire history of MacOSX. But, don't get too puffed up about it, the winner of the Zero Day Mac cracking contest has repeatedly warned that there are more than enough Macs out there for a Mac bot to be self-sustaining. And, I still think there's only been less than 10 Linux viruses, all of them laboratory curiosities only. Ted
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Ted Mittelstaedt wrote: LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). It IS true. Obviously you were one of the lucky younger folks who never had to do much admining of Macs. I've admined networks with Macs on them since the Mac Toaster came out. Symantec Antivirus for MacOS (pre-OSX) when it was still available was up to several hundred for MacOS Classic. Heck, one of the first Apple viruses was Leap-A - it infected Apple IIs back in 1982. Trust me, I used to work at Symantec - they NEVER sell a product that they can't make money on, not for long, anyways. If Mac Classic was as virus resistant as you think it was, Symantec would have never got into that market. MacOS Classic was particularly bad since so many of them were in classroom lab environments - when 1 got a virus, they all would since apple filesharing considered everything on the Appletalk network a trusted system. Keep in mind of course that few Mac Classic systems were on the Internet past 2003. Classic's Internet days didn't last much more than 5-6 years, the most common vector for MacOS Classic system viruses to spread was infected files shared on floppies or downloaded from BBS systems. Everything changed when MacOS X came. Last year, Macworld found a grand total of 49 infected MacOS X systems - yep, that's 49 in the entire history of MacOSX. But, don't get too puffed up about it, the winner of the Zero Day Mac cracking contest has repeatedly warned that there are more than enough Macs out there for a Mac bot to be self-sustaining. And, I still think there's only been less than 10 Linux viruses, all of them laboratory curiosities only. I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
use passwd file to control senders
Hi, i've searching all over the net, yet I can't find a solution for the problem I have. Let me explain it to you: Over the past months, our internal mail server has encountered some unknown senders and we want to control them by validating the users that are in the passwd file, can it be done? I'm using SpamAssassin 3.2.3, milter-limit and sendmail and everything else has run smoothly so far. Hope you can help ASAP Thanks in advance, Brennero Pardo :working: -- View this message in context: http://old.nabble.com/use-passwd-file-to-control-senders-tp26324411p26324411.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: use passwd file to control senders
At 10:58 AM 11/12/2009, neroxyr wrote: Hi, i've searching all over the net, yet I can't find a solution for the problem I have. Let me explain it to you: Over the past months, our internal mail server has encountered some unknown senders and we want to control them by validating the users that are in the passwd file, can it be done? I'm using SpamAssassin 3.2.3, milter-limit and sendmail and everything else has run smoothly so far. Hope you can help ASAP You may want to try asking on a sendmail mailing list. This has nothing to do with Spamassassin.
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Chris Hoogendyk wrote: Ted Mittelstaedt wrote: LuKreme wrote: On 11-Nov-2009, at 18:34, Ted Mittelstaedt wrote: I will point out that MacOS 7, os* os9 were HIGHLY virus-prone, yet there were far fewer of them than OSX today. Er… that is simply not true. Not in anyway. As I recall, there were a total of 31 viruses for System 7 and one CD-ROM worm for System 8/9 (Autostart Worm). It IS true. Obviously you were one of the lucky younger folks who never had to do much admining of Macs. I've admined networks with Macs on them since the Mac Toaster came out. Symantec Antivirus for MacOS (pre-OSX) when it was still available was up to several hundred for MacOS Classic. Heck, one of the first Apple viruses was Leap-A - it infected Apple IIs back in 1982. Trust me, I used to work at Symantec - they NEVER sell a product that they can't make money on, not for long, anyways. If Mac Classic was as virus resistant as you think it was, Symantec would have never got into that market. MacOS Classic was particularly bad since so many of them were in classroom lab environments - when 1 got a virus, they all would since apple filesharing considered everything on the Appletalk network a trusted system. Keep in mind of course that few Mac Classic systems were on the Internet past 2003. Classic's Internet days didn't last much more than 5-6 years, the most common vector for MacOS Classic system viruses to spread was infected files shared on floppies or downloaded from BBS systems. Everything changed when MacOS X came. Last year, Macworld found a grand total of 49 infected MacOS X systems - yep, that's 49 in the entire history of MacOSX. But, don't get too puffed up about it, the winner of the Zero Day Mac cracking contest has repeatedly warned that there are more than enough Macs out there for a Mac bot to be self-sustaining. And, I still think there's only been less than 10 Linux viruses, all of them laboratory curiosities only. I don't know about Linux viruses; BUT, I do remember less than ten years ago when it was virtually impossible to build a Linux box with a hot online connection, because you would get hacked before you could even download the patches. I had a friend who built his system and got hacked several times before he decided he needed to download patches ahead of time and build it all in an off line environment. That gave him enough time to go through all the patches and lock down procedures before he put it online. He still got hacked again at least once after that. I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendmail, etc. which predated both Linux, the GPL, and GNU in many cases - and Linus merely took those programs and applied his license to them. I think the OpenBSD people in particular would object to people saying that one of their boxes with Sendmail compiled on it, that was hacked into, was insecure. FreeBSD likely as well. Once Linus's clue phone rang and he changed the load defaults to have all those programs disabled during installation, Linux stopped having those problems. MacOS X is a bit different animal because Apple only pulled over the FreeBSD kernel and NeXT code when they created Darwin - and they have done their best to remove or disable the good Unix utilities, and replace them with their irritating GUI ones. When you have a program like Flash that is insecure and is a vector for bots and viruses to infect an OS, it's not really accurate to claim that the OS is insecure just because it got hacked as a result of Flash - incidentally, both MacOS X and Windows have been compromised as a result of loading Flash on them. Ted
Re: use passwd file to control senders
Evan Platt wrote: At 10:58 AM 11/12/2009, neroxyr wrote: Hi, i've searching all over the net, yet I can't find a solution for the problem I have. Let me explain it to you: Over the past months, our internal mail server has encountered some unknown senders and we want to control them by validating the users that are in the passwd file, can it be done? I'm using SpamAssassin 3.2.3, milter-limit and sendmail and everything else has run smoothly so far. Hope you can help ASAP You may want to try asking on a sendmail mailing list. This has nothing to do with Spamassassin. However, Yes, it can be done. You want to make sure you are not an open relay, and you want your own users to have to authenticate to send mail out. Typically, TLS or SSL over port 587 (submission port) rather than port 25. Get details from the sendmail mailing list or from online documentation for sendmail. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
On Thu, 12 Nov 2009, Ted Mittelstaedt wrote: Chris Hoogendyk wrote: I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendmail, etc. which predated both Linux, the GPL, and GNU in many cases - and Linus merely took those programs and applied his license to them. I think the OpenBSD people in particular would object to people saying that one of their boxes with Sendmail compiled on it, that was hacked into, was insecure. FreeBSD likely as well. Once Linus's clue phone rang and he changed the load defaults to have all those programs disabled during installation, Linux stopped having those problems. Ted, I think you're attributing far too much to Linus here. The distro maintainers decide which service daemons they include and set their initial startup policies. Linus just developed the kernel. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- If healthcare is a Right means that the government is obligated to provide the people with hospitals, physicians, treatments and medications at low or no cost, then the right to free speech means the government is obligated to provide the people with printing presses and public address systems, the right to freedom of religion means the government is obligated to build churches for the people, and the right to keep and bear arms means the government is obligated to provide the people with guns, all at low or no cost. --- 34 days since President Obama won the Nobel Not George W. Bush prize
RE: spamd SIGCHLD
On Thu, 12 Nov 2009, Jose Luis Marin Perez wrote: Thanks Bowie, It would be good idea to increase the maximum amount of SPARE? Thanks Jose Luis Date: Wed, 11 Nov 2009 15:30:58 -0500 From: bowie_bai...@buc.com To: users@spamassassin.apache.org Subject: Re: spamd SIGCHLD Jose Luis Marin Perez wrote: Dear Sir, Some additional data. I am running debugging and got these messages: @40004afb1ab22375c434 [12572] info: prefork: child states: III @40004afb1ab22375d7bc [12572] dbg: prefork: child 13018: entering Jose, One other way to deal with this would be to change the spamd process model. I had similar issues on my spamd setup and changing to the round robin proces model (similar to the Apache v2 approach) took care of it. Try using the --round-robin spamd argument. You may want to experiment with the -m and --max-conn-per-child options to fine-tune it. -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Michael Scheidell wrote: Ted Mittelstaedt wrote: Giampaolo Tomassoni wrote: Dream on. Obviously your a pro-Windows person and anti-Linux person and you cannot tolerate your image of Windows being torn down. I seriously doubt Giampaolo is 'pro-windows', and your argument started with me, thinking that somehow I was pro windows. I run a 100% Freebsd shop for servers, I am the official ports maintainer for the freebsd SA port, surly you can't say I am pro-windows. And I wrote a book about FreeBSD: http://www.freebsd-corp-net-guide.com/ so can we stop comparing dick sizes and get back to the discussion? /* disclaimer.. I use razor, which is NOT cloudmark, and the razor plugin for SA does NOT 'blacklist' ip addresses my desktop does run mac osx.. with clamav, because there ARE worms for mac osx */ put your head in the sand, obviously you aren't getting enough money to pay you to fix your clients computers. As I already stated... if you want to blame MS, then don't deal with any clients who use MS. if you want to help your clients, then set up a good update/fix/ scan/ patch, audit policy. not our fault, its your client. You know, back in 2000 when I published that book I used to think the way you did - that if I could but just get those dumb Windows customers to realize that it's their choice of operating system that is providing the buco bucks to support Microsoft's lazy ass, and perpetuating the problem with viruses, that they would all have a flash of insight and immediately stop funding the Evil Empire, and MS would disappear in a cloud of smoke, and life would be wonderful in the computer industry again. Then, I grew up. Seriously. I understand your POV - that when people choose to buy Windows, they choose a bug-ridden, filthy piece of sheit OS, and it's their choice of that which creates the environment to allow these evil scammers and spammers to proliferate and torture the rest of us. Thus, it's their fault, and screw them and the OS they rode in on. However, your never going to get those people to stop using Windows and start using something better like FreeBSD, until you and your aliases lose that attitude. These buyers of Windows don't know a security hole from a bung-hole. All they care about is being able to surf the web/watch hulu/run their business/send an e-mail/etc. Most of them don't even have a choice anyway - when they go into the store, and see the Dell sitting there with Win 7 preloaded costing $399 on sale, and right next to it the same system Dell sitting there with Linux preloaded costing $499, and never on sale, it doesn't take a rocket scientist to realize that the $499 system is nothing more than a token that Dell throws out to make the claim that they do actually offer Linux preloads. And the reason the retailer is willing to take a hit on his markup on the $399 Dell and not on the $499 Dell is because he sells 1000 of those a month, and 20 of the Linux Dells a month. So, the customer buys the cheaper machine and cha-ching, another $30 goes off into the wormhole to the Microsoft vault. Microsoft has organized the computer industry so that they have a guaranteed revenue stream. They are as much a marketing company as a software company - they are, in fact, exactly like CocaCola in this regard. They have it fixed so that even the people who are planning on wiping their shit off the hard drive of the new computer before even booting it up, pay them something. That is the reality of it - and expecting the average user to buck this trend is frankly asking way, way too much. If your shopping for a new car, and I told you to buck the trend and spend $10K more money for an all-electric car that has 3 wheels and a top speed of 35mph and isn't licensed to go on the highway, just because the automakers who produce gas-burners are evil, would you do it? Of course you wouldn't. Yet your attitude towards the average user is EXACTLY the same. You blame them for propping up MS, I blame you for destroying the planet when you drive a gas burner to your Save The Whales conventions. If you ever want FreeBSD, or Linux or any non-Windows system to grow, the ONLY way is to understand that the average Windows-running user is a victim from the moment he walks into the computer store and plunks down his cash for a machine. He's just looking for solutions. Give them to him, and he will do whatever you tell him to. The Linux people found that out which is why Ubuntu is kicking ass in the distribution game, even though it's not as good as Debian. And, we here found that out which is why SA is the most popular content filter out there. Ted PS, if your really the SA porter, thanks for your effort!
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
John Hardin wrote: On Thu, 12 Nov 2009, Ted Mittelstaedt wrote: Chris Hoogendyk wrote: I also heard stories of my son doing battle with hackers who had gotten into his Linux system. Keep in mind that those were not the Linus-written Linux programs, those were programs like Telnet, Sendmail, etc. which predated both Linux, the GPL, and GNU in many cases - and Linus merely took those programs and applied his license to them. I think the OpenBSD people in particular would object to people saying that one of their boxes with Sendmail compiled on it, that was hacked into, was insecure. FreeBSD likely as well. Once Linus's clue phone rang and he changed the load defaults to have all those programs disabled during installation, Linux stopped having those problems. Ted, I think you're attributing far too much to Linus here. The distro maintainers decide which service daemons they include and set their initial startup policies. Linus just developed the kernel. Your absolutely right, of course. Cheap, (but fun) shot. Ted
Re: spamd SIGCHLD
On 12-Nov-2009, at 10:12, Matus UHLAR - fantomas wrote: spamd[10989]: prefork: child states: BB spamd[10989]: prefork: child states: BBI spamd[10989]: prefork: child states: BBII spamd[10989]: prefork: child states: BBS spamd[10989]: prefork: child states: BBSI spamd[10989]: prefork: child states: BI spamd[10989]: prefork: child states: BII spamd[10989]: prefork: child states: BIII spamd[10989]: prefork: child states: BIS spamd[10989]: prefork: child states: IB spamd[10989]: prefork: child states: II spamd[10989]: prefork: child states: III spamd[10989]: prefork: child states: IIK spamd[10989]: prefork: child states: IIS spamd[10989]: prefork: child states: IIZ spamd[10989]: spamd: handled cleanup of child spamd[10989]: spamd: server successfully spawned child (based on a sort -u of the current maillog) If you do this over all week, you can safely restrict max number of spamd processes to 5. If you have enough of memory, you can use higher number but you surely don't need more then default values for max-spare (2) and min-spare (1) spamd processes I guess I just don't understand what these various notes mean. II? BB? BBSI? -- And there were all the stars, looking remarkably like powered diamonds spilled on black velvet, the stars that lured and ultimately called the boldest towards them... --Colour of Magic
Re: spamd SIGCHLD
L == LuKreme krem...@kreme.com writes: L I guess I just don't understand what these various notes mean. II? L BB? BBSI? lib/Mail/SpamAssassin/SpamdForkScaling.pm, look for $statestr. I=idle, B=busy, K=killed, E=error, S=starting, Z=GOT_SIGCHLD (probably zombie), ?=anything else. - J
Re: [Fwd: Re: Getting off the Cloudmark formerly spamnet blacklist]
Ted Mittelstaedt wrote: PS, if your really the SA porter, thanks for your effort! easy enough to verify: http://www.freebsd.org/cgi/ports.cgi?query=scheidellstype=maintainer -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _
Re: use passwd file to control senders
Neroxyr started: our internal mail server has encountered some unknown senders and we want to control them by validating the users that are in the passwd file Chris Hoogendyk wrote: make sure you are not an open relay, and you want your own users to have to authenticate to send mail out. Typically, TLS or SSL over port 587 (submission port) rather than port 25. Neroxyr may have been asking something else. Is this regarding mail *received* from unknown senders? Do you want to check for forged senders? Do you want to check for invalid recipients? Forgery can be mitigated with SPF* and/or DKIM while invalid recipients has no easy solution. A plugin could conceivably check against a passwd file (and aliases, virutal users, ...) to catch for invalid users at the local domain(s) that appear in the message headers, but I don't know of such a thing. Note - I'd love to see a reversed whitelist_from_spf, matching an address with the SPF failure rules, perhaps like: blacklist_from_spf_fail *...@my-domain.example.net blacklist_from_spf_softfail *...@my-other-domain.example.com # inclusive Currently, the softfail version can be done (I think?) through: # Assumes the scores USER_IN_BLACKLIST + USER_IN_SPF_WHITELIST = 0 # (the default is 100 + -100 = 0) ifplugin Mail::SpamAssassin::Plugin::SPF blacklist_from *...@my-domain.example.net whitelist_from_spf *...@my-domain.example.net endif Notable problem: if for some reason the SPF plugin is loaded but doesn't fire (which happens for me all the time), this has BIG problems. Uglier but safer implementation: ifplugin Mail::SpamAssassin::Plugin::SPF header __LOCAL_SPF_BL From:addr =~ /\...@my-domain.example.net$/i meta BLACKLIST_FROM_SPF __LOCAL_SPF_BL (SPF_FAIL||SPF_HELO_FAIL) describe BLACKLIST_FROM_SPF From: address is in the SPF blacklist tflags BLACKLIST_FROM_SPF userconf noautolearn scoreBLACKLIST_FROM_SPF 100 endif
Re: use passwd file to control senders
On Thu, 2009-11-12 at 18:07 -0500, Adam Katz wrote: Neroxyr may have been asking something else. Is this regarding mail *received* from unknown senders? Do you want to check for forged senders? Do you want to check for invalid recipients? Forgery can be mitigated with SPF* and/or DKIM while invalid recipients has no easy solution. A plugin could conceivably check against a passwd file (and aliases, virutal users, ...) to catch for invalid users at the local domain(s) that appear in the message headers, but I don't know of such a thing. Do we know the OIP is using sendmail? Postfix checks local recipients against /etc/passwd and /etc/aliases by default. It can also be configured to apply the same checks to local senders though the defajult is not to check. I'd hope that other MTAs have the same capabilities. Martin
Re: use passwd file to control senders
At 04:19 PM 11/12/2009, you wrote: Do we know the OIP is using sendmail? The OP has seem to just disappeared (nabble...) but from their post: using SpamAssassin 3.2.3, milter-limit and sendmail
Re: use passwd file to control senders
Martin Gregorie wrote: Do we know the OIP is using sendmail? Yes. Here's a quote: I'm using SpamAssassin 3.2.3, milter-limit and sendmail Postfix checks local recipients against /etc/passwd and /etc/aliases by default. It can also be configured to apply the same checks to local senders though the defajult is not to check. I'd hope that other MTAs have the same capabilities. That's not what I was talking about. Obviously if a MTA can't find the recipient, it won't deliver. I'm talking about the *other* recipients, e.g. To: Foo Bar f...@example.net Cc: Foo Baz f...@example.net If user foo exists but user fbaz does not, you should expect that an MTA will reject fbaz but deliver that same message to foo. I'm talking about a way to cause SpamAssassin (or something else, whatever) to note the fact that a *different* recipient, fbaz, doesn't exist, and to read it from the headers rather than the envelope recipients (the way an MTA does).
Apparently, we're talking about non-Windows viruses now...
There are several academic viruses for non-Windows systems out there, plus maybe a few actual ones. The rest are all just exploits and root-kits that typically don't fall into the virus category. Non-Windows-based worms are almost exclusive to Apache (and within that category, heavily favoring PHP exploits). This isn't because it's easier to make Windows virii. Windows still accounts for the overwhelming majority of non-tech-savvy users' systems, and that's what malware writers want to target. That said, there is a growing volume of browser-based malware these days, and the popularity of Flash and Javascript over ActiveX (thanks in part to Firefox) means that most of it will work on any operating system. Since Windows is pretty much the only system that runs things permissively, damage is limited (but still quite real) on non-Windows systems. (Plus, anything trying to lodge itself in Windows paths like C:\Windows or the Windows registry or via a binary or Windows-dependent script will fail right off the bat.) Aside from Javascript issues, I've never heard of a non-Windows piece of malware that spread through email. I don't know of any email clients that support Javascript any more, and any sane webmail server will defang in that regard as well. That largely limits non-Windows malware to click here items, for which we have the URI blocklists. In summary: don't run things as root, keep up with your distro's security updates, don't serve CGI outside of localhost on your non-server, and be careful where you point your web browser. For Linux, I also recommend fail2ban, http://www.fail2ban.org/
Relation bettwen MAIL FROM: and From:
Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO brandmauer.insys-corp.com.mx 250-mx2.sat.gob.mx 250-PIPELINING 250-SIZE 1024 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: ra...@insys-corp.com.mx 250 2.1.0 Ok RCPT TO: s...@sat.gob.mx 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF From: Samuel Flores samuel.flo...@sat.gob.mx To: SAS s...@sat.gob.mx Date: Thu, 12 Nov 2009 18:40:06 -0600 MIME-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: 200911121840.06060@sat.gob.mx Status: RO X-Status: RS X-KMail-EncryptionState: X-KMail-SignatureState: X-KMail-MDN-Sent: Subject: t2 Mensaje . 250 2.0.0 Ok: queued as CA5426B837 QUIT 221 2.0.0 Bye Connection closed by foreign host. As you see, MAIL FROM (SMTP protocol) and From (DATA) are different, and Amavis+SA+Postfix is acceptiont this. Is this a SA task or Amavis or Postfix, Here are my logs: -- Nov 12 19:31:51 cyrus postfix/smtpd[7412]: CA5426B837: client=cyrus.sat.gob.mx[127.0.0.1] Nov 12 19:34:02 cyrus postfix/cleanup[8795]: CA5426B837: message- id=200911121840.06060@sat.gob.mx Nov 12 19:34:02 cyrus postfix/qmgr[1488]: CA5426B837: from=ra...@insys- corp.com.mx, size=582, nrcpt=1 (queue active) Nov 12 19:34:03 cyrus postfix/lmtp[8896]: CA5426B837: to=s...@sat.gob.mx, relay=127.0.0.1[127.0.0.1]:10025, delay=161, delays=160/0.03/0/0.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 583096B9A1) Nov 12 19:34:03 cyrus postfix/qmgr[1488]: CA5426B837: removed [r...@cyrus postfix]# grep 583096B9A1 /var/log/mail/info.log Nov 12 19:34:03 cyrus postfix/smtpd[8853]: 583096B9A1: client=cyrus.sat.gob.mx[127.0.0.1]:unknown Nov 12 19:34:03 cyrus postfix/cleanup[8796]: 583096B9A1: message- id=200911121840.06060@sat.gob.mx Nov 12 19:34:03 cyrus postfix/qmgr[1488]: 583096B9A1: from=ra...@insys- corp.com.mx, size=1163, nrcpt=1 (queue active) Nov 12 19:34:03 cyrus amavis[6486]: (06486-11) Passed CLEAN, MYNETS LOCAL [127.0.0.1] [127.0.0.1] ra...@insys-corp.com.mx - s...@sat.gob.mx, Message-ID: 200911121840.06060@sat.gob.mx, mail_id: h2ruWAjex7lV, Hits: -2.394, size: 582, queued_as: 583096B9A1, 400 ms Nov 12 19:34:03 cyrus postfix/lmtp[8896]: CA5426B837: to=s...@sat.gob.mx, relay=127.0.0.1[127.0.0.1]:10025, delay=161, delays=160/0.03/0/0.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 583096B9A1) Nov 12 19:34:03 cyrus postfix/smtp[8302]: 583096B9A1: to=s...@sat.gob.mx, relay=10.10.60.10[10.10.60.10]:25, delay=0.07, delays=0.01/0.04/0.01/0.01, dsn=2.0.0, status=sent (250 OK: 075480f29...@sat.gob.mx) Nov 12 19:34:03 cyrus postfix/qmgr[1488]: 583096B9A1: removed Best Regards, LD
Re: Relation bettwen MAIL FROM: and From:
Luis Daniel Lucio Quiroz wrote: Hi All, I'm wondering if some know is this is possible to stop using SA. Look. MAIL FROM and From: are commonly mismatched in legitimate mail. For example, every message that you receive from this list (and every other sanely configured mailing list) will have an apache.org address in the MAIL FROM, and the sender in the From:. That's because apache is remailing, and should receive all DSN's, but they are not the originator of the message. There's quite a few other scenarios where mismatches occur outside of spam. Perhaps you should look more closely at your nonspam email.
Re: Relation bettwen MAIL FROM: and From:
If you search the archives of this list you will find a long-winded discussion of this idea and an explanation of why it is a bad idea. To make a long story short, you will block lots of legitimate mail including almost every mail-list type message. For example, check the Header-From and Envelope-From addresses of any message that you get from this list. A similar argument applies to the Header-To and Envelope-recipient addresses. The SMTP protocol provided for seperate header VS envelope addresses with good reason, trying to block that feature only leads to trouble. On Thu, 12 Nov 2009, Luis Daniel Lucio Quiroz wrote: Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO brandmauer.insys-corp.com.mx 250-mx2.sat.gob.mx 250-PIPELINING 250-SIZE 1024 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: ra...@insys-corp.com.mx 250 2.1.0 Ok RCPT TO: s...@sat.gob.mx 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF From: Samuel Flores samuel.flo...@sat.gob.mx [snip..] As you see, MAIL FROM (SMTP protocol) and From (DATA) are different, and Amavis+SA+Postfix is acceptiont this. Is this a SA task or Amavis or Postfix, [snip..] -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{
Re: Relation bettwen MAIL FROM: and From:
Le jeudi 12 novembre 2009 20:28:51, David B Funk a écrit : If you search the archives of this list you will find a long-winded discussion of this idea and an explanation of why it is a bad idea. To make a long story short, you will block lots of legitimate mail including almost every mail-list type message. For example, check the Header-From and Envelope-From addresses of any message that you get from this list. A similar argument applies to the Header-To and Envelope-recipient addresses. The SMTP protocol provided for seperate header VS envelope addresses with good reason, trying to block that feature only leads to trouble. On Thu, 12 Nov 2009, Luis Daniel Lucio Quiroz wrote: Hi All, I'm wondering if some know is this is possible to stop using SA. Look. [r...@cyrus postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to cyrus.sat.gob.mx (127.0.0.1). Escape character is '^]'. 220 mx2.sat.gob.mx ESMTP Postfix EHLO brandmauer.insys-corp.com.mx 250-mx2.sat.gob.mx 250-PIPELINING 250-SIZE 1024 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: ra...@insys-corp.com.mx 250 2.1.0 Ok RCPT TO: s...@sat.gob.mx 250 2.1.5 Ok DATA 354 End data with CRLF.CRLF From: Samuel Flores samuel.flo...@sat.gob.mx [snip..] As you see, MAIL FROM (SMTP protocol) and From (DATA) are different, and Amavis+SA+Postfix is acceptiont this. Is this a SA task or Amavis or Postfix, [snip..] Many many thanx
Good reasons to dont use RBLs
Hi all, Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 problem that is used to fixed with a Layer 3 solution (RBL). I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. TIA LD
Re: Good reasons to dont use RBLs
On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote: I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. I reject the notion that spam is a L7 problem. -- Ninety percent of true love is acute, ear-burning embarrassment. --Wyrd Sisters
Re: Good reasons to dont use RBLs
On 11/12/2009 10:50 PM, LuKreme wrote: On 12-Nov-2009, at 20:41, Luis Daniel Lucio Quiroz wrote: I'd like a brainstorm to convince that a RBL solution is not the best stoping SPAM, and we should look for L7 solution such as Bayes. I reject the notion that spam is a L7 problem. It is more of a L8 problem... money. Warren
Re: Good reasons to dont use RBLs
On 11/12/09 9:42 PM , luis.daniel.lu...@gmail.com wrote: Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 problem that is used to fixed with a Layer 3 solution (RBL). So, worms like conficker are layer 7 applications. Should we not apply a layer 4 access control (stopping port 445 at the AS border) to help mittigate the spread of it? -- Daniel J McDonald, CCIE #2495, CISSP #78281
Re: Good reasons to dont use RBLs
On 12-Nov-2009, at 21:55, McDonald, Dan wrote: On 11/12/09 9:42 PM , luis.daniel.lu...@gmail.com wrote: Again me, Well, in the security scope i use a principle that states that you souldnt use a lower layer solution to fix a higher one. So SPAM is a Layer 7 problem that is used to fixed with a Layer 3 solution (RBL). So, worms like conficker are layer 7 applications. Should we not apply a layer 4 access control (stopping port 445 at the AS border) to help mittigate the spread of it? RBLs are a L3 solution to an L3 problem (I don't want THAT server talking to my server). It's L3 all the way. L4 applies after the connection has been established (which is why it's called the Transport Layer) -- I WILL NOT DEFAME NEW ORLEANS Bart chalkboard Ep. 9F01