Hey, don't paint us all with the same brush!
Also, if you're a small local ISP, there are a million ways for the big guys to
screw you over and steal your customers. I remember from about 2005 to 2009 we
offered "lineshare" DSL on Verizon copper. They would "accidentally"
disconnect our custo
Wait, that's an SMTP error code, is your server rejecting the email during the
SMTP session, or sending a bounce email to the (probably spoofed) sender? It
should be doing the first one. The second one is bad, I think the term is
asynchronous bounce?
Are you using some sort of MX relay to do
Is this a problem that SPF is designed to solve?
-Original Message-
From: Blueonyx On Behalf Of Chris Gebhardt
- VIRTBIZ Internet via Blueonyx
Sent: Thursday, June 22, 2023 3:08 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:26322] Re: negative AV-Spam score
On 6/22/2023 2:42 PM,
Many thanks, that fixed it. The AllowOverride checkboxes are what I was
missing.
-Original Message-
From: Blueonyx On Behalf Of Michael Stauber
via Blueonyx
Sent: Tuesday, June 20, 2023 12:42 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:26305] Re: HTTPS redirect
Hi Ken,
> I’m
I'm embarrassed to ask about an old 5208R system we have, obviously it is
seriously out of date. So if you ignore me or yell at me, I will
understand.
I enabled SSL for a vsite (actually our own website www.kwisp.com) and
installed a cert from a CA. We have the site name as www.domain.com, w
Probably because all the way back to the Cobalt RaQ this is a hosting appliance
that provides web, mail, FTP and other services. Most people using BlueOnyx
are probably hosting at least web and email and maybe other services on the
same server.
On a server that just does email, there's no reas
We actually host mail on a separate mailserver not using BlueOnyx, but in
general it seems like bad practice to use bare usernames on a shared hosting
server.
What if we host mail for domains foo.com and bar.com, and we have a mail
account for j...@foo.com, what if there is also a j...@bar.com. S
cause myriad problems of its
own.
-Original Message-
From: Blueonyx On Behalf Of Ken Hohhof
Sent: Friday, July 29, 2022 2:10 PM
To: 'BlueOnyx General Mailing List'
Subject: [BlueOnyx:25550] Re: DKIM
SPF is even easier and doesn't require anything on the mailserver.
You just
SPF is even easier and doesn't require anything on the mailserver.
You just specify via a DNS TXT record what IP addresses are authorized to send
mail from the domain, and what action you recommend for mail from any other IP
addresses.
Perhaps the only action you would take on your own mailserver
Not sure what that CNAME query at dnschecker.org does, but as long as a regular
A query for autodiscover.flintevos.co.uk returns the correct results, does it
matter?
Here's what I get (I'm in the US):
C:\Users\khohhof>nslookup
Default Server: ns2.dns.rcn.net
Address: 208.59.247.45
Paul Bunyan has a Blue Ox named Babe.
-Original Message-
From: Blueonyx On Behalf Of Meaulnes Legler
@ MailList
Sent: Thursday, July 21, 2022 2:39 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:25519] Re: Have you ever wanted to run BlueOnyx on a Blue
Onyx?
ha! isn't the name
It seems service providers on this list spend a lot of time tinkering with Lets
Encrypt to keep it working. Out of curiosity, what is the reason not to just
tell your customers to buy a cert from a certificate authority (one that
actually charges money)? Yes, I realize certs expire, but on the
n to access the requested file on this server.
Indeed. On port 9090 the AlmaLinux Cockpit of our BO server opens.
From: Blueonyx mailto:blueonyx-boun...@mail.blueonyx.it> > On Behalf Of Ken Hohhof
Sent: Monday, 13 June 2022 21:10
To: 'BlueOnyx General Mailing List' m
I think Cockpit is something different than the BO web GUI. I know on
Fedora Cockpit runs by default on port 9090 and makes me nervous about
hackers.
From: Blueonyx On Behalf Of
f.ka...@fairtalk.com
Sent: Monday, June 13, 2022 1:44 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:2546
Michael, thanks.
Do we even need pkexec?
And does the "temporary mitigation" take care of it, or could a regular user
undo that?
chmod 0755 /usr/bin/pkexec
-Original Message-
From: Blueonyx On Behalf Of Michael
Stauber
Sent: Tuesday, January 25, 2022 11:33 PM
To: blueonyx@mail.blueonyx
IMHO this is like expecting the power company to install an icemaker on your
refrigerator. There are people called web designers you pay to do things like
this. People are always wanting their ISPs and hosting providers to do things
for free rather than just pay some guy who does this for a li
OK, true, this doesn't reflect well on Netgate.
The fact that the guy is an ex-con makes for a good headline, but is perhaps
somewhat irrelevant to the story. Here in the Chicago area we used to have
a hot dog place named "Felony Franks" that employed ex-cons. I wonder which
is more worrisome, h
The lesson of the article seems not to be that the convicted felon wrote bad
code (although he did), but that open source code being safe because it is
reviewed by the community is a myth.
-Original Message-
From: Blueonyx On Behalf Of Michael
Stauber
Sent: Saturday, March 27, 2021 11:43
Michael, what do you know about Oracle Linux? I had never heard of it, but
this blog post sounds very convincing:
https://blogs.oracle.com/linux/need-a-stable%2c-rhel-compatible-alternative-
to-centos-three-reasons-to-consider-oracle-linux
I assume this is in no way an outgrowth of Solaris. I'll
> On 11 Sep 2020, at 11:58 pm, Ken Hohhof wrote:
>
> Good luck fixing something that's been "wrong" for 20 years. Here in
> the U.S. we can't even get people to use the metric system.
You realise that the US has officially endorsed metric. They just can’t wo
Good luck fixing something that's been "wrong" for 20 years. Here in the
U.S. we can't even get people to use the metric system.
It reminds me of the ship captain demanding that a lighthouse change course.
https://en.wikipedia.org/wiki/Lighthouse_and_naval_vessel_urban_legend
-Original Mess
I'm trying to remember, does 444 go all the way back to Sun Cobalt?
Hey, if I could get in a time machine and go back and change things in history,
there's lots of things I would change.
-Original Message-
From: Blueonyx On Behalf Of Ralf Quint
Sent: Thursday, September 10, 2020 3:24 PM
I agree, we haven't seen interest in this for literally 20 years. Personal
websites were replaced by social media (maybe Geocities in the early days of
that timeline). If these are web designers wanting to showcase their work,
they should get a domain or you could offer subdomains, instead of
Could you be logging HTTP requests by hostname and rDNS is timing out?
From: Blueonyx On Behalf Of Colin Jack
Sent: Friday, August 21, 2020 11:20 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:24199] Re: 5210R recommendations
Hi Ken,
Wow, that’s difficult to answer without kn
Wow, that’s difficult to answer without knowing the website design and what
they are complaining about. Does the site have a lot of dynamic content, PHP
code, a CMS, a big database, or maybe a big image on the homepage? Is their
test server hosted or on the web designer’s LAN?
I have seen
Sounds like BIND 9.9+ and zonefile in raw format instead of text. There is a
conversion utility
https://kb.isc.org/docs/aa-00608
or if your zone transfers are modest in size, I think there is a
masterfile-format directive.
-Original Message-
From: Blueonyx On Behalf Of Colin Jack
Sent:
Before looking at technical fixes, I would first ask if I have mail
customers whose credentials have been compromises and are being used to send
spam. This will get your server IP blacklisted for sending spam. Are you
sure the webpage they are sending you to via the SMTP error code isn't
helpful?
Sounds like the same issue I was having after the proftpd yum update. See
Michael’s last message to me about adding a line to the conf files with
DefaultChdir/web
From: Blueonyx On Behalf Of Richard Barker
Sent: Sunday, August 4, 2019 9:51 AM
To: BlueOnyx General Mailing List
S
OK, thanks for the clarification.
It still looks to me like we had those containers in the config from
2014-2019 via the yum updates. (5208R version) So even though we always
told siteadmins they needed to cd to /web, some probably ignored that and
got away with it. You know how people are, ins
I see this script in /usr/Sausalito/sbin and it seems to do what is says in
the comments:
#!/usr/bin/perl -I/usr/sausalito/perl -I/usr/sausalito/handlers/base/vsite
# $Id: fixproftpd_conf.pl Sat 25 Jan 2014 15:40:02 PM COT mstauber $
#
# This script prints out the VirtualHost containers that
> -Original Message-
> From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of
> Ken Hohhof
> Sent: Friday, August 02, 2019 2:48 PM
> To: 'BlueOnyx General Mailing List'
> Subject: [BlueOnyx:23076] Re: CushyCMS and ProFTPD
>
> It sounds like
to /web by default. Maybe
this has changed through the update of proftpd?
Regards,
Tobias
> -Original Message-
> From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of
> Ken Hohhof
> Sent: Friday, August 02, 2019 2:48 PM
> To: 'BlueOnyx General Mailing Lis
It sounds like there was a genuine vulnerability that was fixed, so I'm
reluctant to roll back the update in order to accommodate one customer.
Yesterday I signed up for a free Cushy account so I could reproduce and
troubleshoot the problem. To my surprise ... no problem!
Here's my best guess, I
I once had a VoIP phone system where all the phones displayed the wrong time,
off by a strange number of minuted.
Turned out it was getting time via NTP from a router that in turn was using an
obscure public time server that was freerunning.
Original Message
From: "Franklin Werren"
S
"Allow User(s) access to FTP" is ticked for the Vsite but the only user is
the siteAdmin. The Vsite has no ordinary users.
Anonymous FTP is not enabled. I notice that /web is owned by nobody.
The customer reports CushyCMS worked for 3 years until about 2 weeks ago.
The yum update took place on
Thanks.
Everything in the web directory is owned by siteadmin:site, including
subdirectories and their contents. Above the web directory in the site
home directory, it's different, not sure if this is a problem. The logs
directory owned by SITE22-logs:site19 seems strange.
I know the mos
That stopped the messages in ban.log but didn't fix the problem. I suspect
the excessive connections were a symptom not the cause.
I looked in var/log/messages and I see a bunch of lines like this, not sure
what they mean or why the are occurring now and not previously. Customer
would be using s
Thanks, I'll try that. I was reluctant to disable the ban feature if it had
been enabled all these years.
-Original Message-
From: Blueonyx On Behalf Of Michael
Stauber
Sent: Tuesday, July 30, 2019 12:20 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:23043] Re: CushyCMS and ProFTPD
It turns out we have a webhosting customer who has been using a web-based
CMS app called CushyCMS to edit one page on their site. I am not familiar
with CushyCMS but apparently it uses embedded HTML tags to define editable
elements on the pages, and the CushyCMS server pulls the pages from the
web
Long time ago and not on 5209R, probably 5208, I remember having to try twice
adding either a virtual site or a new user, I can't remember which. The second
time it would go through. Unlikely this will solve your problem, but have you
tried a second time?
-Original Message-
From: Blue
We don’t use BlueOnyx for email, just webhosting, but we moved away from using
just usernames probably 15 years ago. Hardly any email system does it that way
anymore. The reason is simple, once you have user john or mary, you can’t have
another john or mary at a different domain. This is mayb
If there is no such user on your system, the email should be rejected during
the SMTP connection, which would not result in a bounce message to the spoofed
sender.
Unless the spammer is actually sending from that sender’s mailserver using
compromised credentials. In which case you’re not re
Webserver alias = domain name without www
-Original Message-
From: Blueonyx On Behalf Of Brian
TerBeek
Sent: Monday, March 18, 2019 5:00 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:22782] DNS Question
Hi
When entering my url for a virtual site without the hostname (www) dir
We highly discourage email autoforwarding because it may fail due to
SPF/DKIM/DMARC issues and because our mailserver gets blamed for any
forwarded spam and may be blacklisted. Also to be honest, these issues have
become more complicated than I can afford to study and understand, but I
know there
Wouldn’t it be simpler to handle this with a firewall rule instead of an
alternate port number?
From: Blueonyx On Behalf Of Brian Davis
Sent: Sunday, March 10, 2019 12:10 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22764] Problem fix and potential feature request
On my server, I d
Depending on which version of formmail.pl, no customer should be allowed to
run that script on their site. It virtually guarantees that your sendmail
will be used by spammers to relay spam. It is like a customer putting a
bomb in your office and you take a hands-off approach, refusing to call the
If that's the 20 year old Matt's FormMail, don't use it, too easy for
spammers to hijack, even the "improved" version. There are better
solutions.
I know that doesnt answer your cgi-wrap question.
-Original Message-
From: Blueonyx On Behalf Of Dirk
Estenfeld
Sent: Thursday, January 3,
If you are locking the subscriber out and bouncing incoming mail, why do you
want to "suspend" the account and not just delete it? Is this just temporary
to get the subscriber to pay his bill?
-Original Message-
From: Blueonyx On Behalf Of Larry Smith
Sent: Thursday, December 13, 2018
really care if people
read them.
-Original Message-
From: Blueonyx On Behalf Of Chris
Gebhardt - VIRTBIZ Internet
Sent: Tuesday, November 13, 2018 2:18 PM
To: blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22488] Re: Backscatter problem
On 11/13/2018 1:09 PM, Ken Hohhof wrote:
> Maybe
Maybe they could afford something like Mailchimp?
From: Blueonyx On Behalf Of Chuck Tetlow
Sent: Tuesday, November 13, 2018 12:14 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:22485] Re: Backscatter problem
Hi Chris,
You and Ken both have very good points. And they are the
OK, I realize you are asking a technical question which I'm not answering.
But if you or the customer is in the U.S., and they are sending out bulk
emails without checking and processing removal requests and bounce messages,
you need to fire this customer. I don't care how worthy a cause their
OK, and pigs will fly.
-Original Message-
From: Blueonyx On Behalf Of Michael
Aronoff
Sent: Monday, October 29, 2018 11:26 PM
To: 'BlueOnyx General Mailing List'
Subject: [BlueOnyx:22464] Re: IBM to Acquire Linux Distributor Red Hat for
$33.4 Billion
Michael wrote:
> Yeah, it's too earl
I'm not sure it correlates to your described symptoms, but the typical problem
we have with Outlook SMTP is that Microsoft still thinks the default should be
to use port 25 and no auth, rather than 587 with authentication.. We generally
tell people not to mess with port numbers, but Outlook is
It doesn't sound like the problem you are seeing, but I remember Barracuda
appliances used to have an option called something like "deep header scan"
that was on by default or recommended in the manual. What it did was to
check the IP address of the sender, not just the MTA. And if Barracuda
iden
Some browsers permanently cache 301 redirects but you say this is a 302.
I remember having to visit the page with private browsing to clear the cache.
Original Message
From: "Fungal Style"
Sent: 7/29/2018 5:14:41 PM
To: "BlueOnyx General Mailing List"
Subject: [BlueOnyx:22300] site re
Surely in the era of Donald Trump you should not lack for superlatives to
choose from.
Or better yet, look to the US mobile carriers. Verizon has "Go Unlimited",
"Beyond Unlimited", and "Above Unlimited". AT&T has "Unlimited", "Unlimited
& More", and "Unlimited & More Premium". Sprint and T-Mob
Can you expand on "vulnerable websites"?
-Original Message-
From: Blueonyx On Behalf Of Chris
Gebhardt - VIRTBIZ Internet
Sent: Tuesday, June 26, 2018 10:34 PM
To: Blueonyx@mail.blueonyx.it
Subject: [BlueOnyx:22182] Jungle_Sec Ransomware
Just thought I'd post a quick note. Make sure you
Thanks for the link to the article.
I find it strange that someone visits my website, using an IP address from an
ISP's allocated IP address space, and hypothetically I could through lawful
means compel the ISP to reveal to me account details like name and address of
the ISP customer correspon
If website logfiles are to be purged after 7 or 14 days, are you allowed to
keep website analytics as long as they are anonymous, i.e. divorced from
visitor identification like IP addresses? I'm talking about counts of
pageviews and unique visitors, top referrers and entry pages, browsers, etc.
I would not feel comfortable using anything "similar to Wordpress" to solve a
security problem.
-Original Message-
From: Blueonyx On Behalf Of Colin Jack
Sent: Tuesday, May 15, 2018 9:44 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:22063] Re: Encrypted FTP
Hi Michael,
>
>
String exceeding 255 characters? Break into 2 strings and concatenate?
Original Message
From: "Colin Jack"
Sent: 4/29/2018 5:13:27 AM
To: "BlueOnyx General Mailing List"
Subject: [BlueOnyx:21985] SPF error
I have a customer with a long SPF record lots of IP4 entries.
It has one
This message was originally HTML formatted. View in a HTML capable client to
see the original version.\r\n\r\nWhat is the from port? If you're not being
used for a DNS or NTP amplification attack, sounds like a site or the server is
compromised. Any Drupal sites?
Original Message
Fro
Here in the US of A, it seems common for big ISPs, content providers and
hosting companies to retain log data for a long time, 1 year or more. I suspect
this is more for LEA requests and copyright holder threat letters than for
advertising and data mining revenue. My view is the opposite, if I n
This is an EU requirement?
How strange, that an IP address would be considered "personal data".
Especially since it belongs to your ISP, not you. And in a part of the
world where you can't walk or drive 30 meters without your face or license
plate being recorded by security cameras (and probably
Dirk, I am not understanding the issue. Mailservers will generally accept
messages from anyone for a local mailbox, that is their purpose.
Is the issue that the mailserver is accepting external mail from a sender
address at a domain local to the mailserver? Maybe you are wanting something
lik
Wp-login.php and xmlrpc.php both look like dictionary attacks trying to guess
Wordpress passwords
From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Fungal
Style
Sent: Monday, December 4, 2017 2:52 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:21560] Attack b
This message was originally HTML formatted. View in a HTML capable client to
see the original version.\r\n\r\nThose should be rejected during the smtp
session, any bounce message should be generated by the sender's server. Maybe
you are generating delivery failure messages for local users?
--
Put the part starting with v= in quotes?
Like "v=DKIM1;p=MIIBIjANBgkqhkiG9w0BA etc. etc."
From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of PESJA
A & A
Sent: Wednesday, August 23, 2017 7:39 AM
To: 'BlueOnyx General Mailing List'
Subject: [BlueOnyx:21279] how to add the co
al Mailing List"
Subject: [BlueOnyx:21167] Re: Spammer
I would be very surprised but what I need to do is track down who is
responsible.
From: Blueonyx blueonyx-boun...@mail.blueonyx.it on behalf of Ken Hohhof
khoh...@kwom.com
Reply-To: BlueOnyx General Mailing List blueonyx@m
Any chance a customer has loaded a 10 year version of formmail.pl on their
site? The original version was vulnerable to abuse by spammers. I haven’t
seen that problem in a long, long time though.
From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Colin
Jack
Sent: Sun
Everything in /var/log/messages up to the point of the lockup seem ordinary,
just the usual every 5 minutes cced client has admin rights stuff.
I am not smart enough to decipher the dmesg log, especially wtihout
timestamps. And since the machine was unresponsive even via local keyboard
and mon
It's in a data center, no dust visible on anything, temperature constant 20
C, and it's on an APC Symmetra battery backup (dual conversion). I have 3
other servers in the rack with it that are fine.
Not saying it couldn't be a hardware problem, but it's not overheating.
-Original Message-
Has anyone else had their server lock up and need a hard reboot since around
Christmas which I believe is around when the memcache adventure started?
I have a 5208R server that was put in service about a year ago and ran
without problems until it froze up on Dec. 23, it did it again today. Ther
I am seeing pretty much the same thing with a 5208R machine. I am having to
restart cced every time I want to log in to the admin interface. I do not
see a lot of cced processes running, but I either cannot get the login page,
or once I enter the login credentials, I get PHP errors like in you
I’ve been going nuts here this morning with a 5208R machine, had to restart
cced to even log in to the web GUI, no status in Active Monitor, click on Cache
and the GUI hangs again and have to restart cced. The first time there were a
lot of cced processes running, but after that no cced process
Does this happen even for someone who has never visited the site before?
I ask because Internet Explorer caches HTTP 301 redirects and can be very
stubborn about clearing the cached redirect, something like clear the
browser cache and then go to the site using InPrivate browsing. Probably
not
Number of Received: headers exceeds MaxHopCount?
Probably a mail loop between two mailservers.
From: Richard Barker
Sent: Saturday, March 28, 2015 10:22 AM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:17383] SMTP; 554 5.4.6 Too many hops
What is the basic cause for this error
SMTP; 5
What is the recommended way to configure BlueOnyx for webhosting only, where
email for the domains is hosted separately? Yet websites may want to use
sendmail to email form data.
Unchecking the email box for the domain doesn't seem to accomplish what I
want, I still see entries in local-host-n
I have seen this as well (but a few years ago) when some administrator
mis-configured a Barracuda to look at the sender's IP address. Barracuda
has a name for this option, I can't remember it now. But yes it will block
all sorts of mail from dynamic IP blocks (DSL, etc.) for poor reputation.
If I can ask, why would you want to put that much work into repurposing
outdated hardware? There are inexpensive ATOM and i3 devices today, or 2-3
year old used servers, that would allow a straightforward standard install
of BlueOnyx, and would outperform the Qube.
I have tons of old hardware,
I believe 5107R does that as well.
-Original Message-
From: Dirk Estenfeld
Sent: Tuesday, January 20, 2015 3:35 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16874] 5208R - Bug with function Services -> FTP -> Allow
User FTP in Sitemanagement
Hello,
I think I found another bu
Hey Michael, I've meant to ask a couple questions about the phpMyAdmin
"WHAM" module in the Blue Onyx store. I got it for the convenience of
installing from the GUI, but immediately got a complaint from a site admin
because it requires PHP 5.5. So it won't run with the PHP that comes with
Blu
The checkbox I see is labeled "Allow User(s) access to FTP" and it is
checked.
The tooltip does explain it as FTP for regular users who are not site
administrators.
-Original Message-
From: Michael Stauber
Sent: Tuesday, December 02, 2014 5:14 PM
To: BlueOnyx General Mailing List
Subj
I posted something similar about a week ago. Look for a .ftpaccess file in the
user directory. I think there is a bug in the software, it should only put
that there if FTP is disabled for the user.
From: Brian TerBeek
Sent: Saturday, November 29, 2014 2:49 PM
To: blueonyx@mail.blueonyx.it
S
Update - I tried adding a regular user to a virtual site that had PHP (not
suPHP) enabled, and the same problem occurred.
-Original Message-
From: Ken Hohhof
Sent: Tuesday, November 25, 2014 11:12 PM
To: BlueOnyx General Mailing List
Subject: [BlueOnyx:16569] Re: .ftpaccess file being
Actually, for the site in question, "Enable PHP scripting" is set to
"Disabled". This particular customer uses it as an FTP site, so there are
no webpages and no need for PHP.
I could try on another virtual site that has PHP enabled, or create a test
site.
Would having PHP disabled also disab
I have a new 5208R installation, we migrated sites from a BQ server using
CMU. Migrated users are OK, but if we add new regular users, there is a
.ftpaccess file being placed in their directory that denies FTP access by
everyone. (Took awhile to find the cause since it is a dot file.)
This ha
87 matches
Mail list logo
