01-Oct-2017

Maintenance and required updates
Last night’s maintenance run had no surprises:

PMAS statistics for September
Total messages    :   4064 = 100.0 o/o
DNS Blacklisted   :      0 =    .0 o/o (Files:  0)
Relay attempts    :    374 =   9.2 o/o (Files: 30)
Accepted by PMAS  :   3690 =  90.7 o/o (Files: 30)
  Handled by explicit rule
         Rejected :   2873 =  77.8 o/o (processed),  70.6 o/o (all)
         Accepted :    160 =   4.3 o/o (processed),   3.9 o/o (all)
  Handled by content
        Discarded :    380 =  10.2 o/o (processed),   9.3 o/o (all)
     Quarantained :    262 =   7.1 o/o (processed),   6.4 o/o (all)
        Delivered :     15 =    .4 o/o (processed),    .3 o/o (all)

A peak on relay attempts was on 05-Sep-2017: 350 times from address 187.188.81.84, using sender “root@www.grootersnet.nl” trying to reach “tester@auteam.com.mx”, between 17:23:10.21 and 23:32:56.63. Except for one message, using sender address “root@82.161.236.244″ (does this one use DNS translation to get the domain name? Looks like it).
Anyway, this host is located in Mexico:

Hostname = fixed-187-188-81-84.totalplay.net
City = Naucalpan, Estado de Mexico MX
Latitude/Longitude = 19.4794,-99.2383
Postal Code = 53370

and WHOIS gave me:

Description:TOTAL PLAY TELECOMUNICACIONES SA DE CV
Netname:MX-TPTE-LACNIC
inetnum:187.188/15
status:allocated
aut-num:N/A
owner:TOTAL PLAY TELECOMUNICACIONES SA DE CV
ownerid:MX-TPTE-LACNIC
responsible:Alejandro Enrique Rodriguez Sanchez
address:PERIFERICO SUR, 4119, FUENTES DEL PEDREGAL
address:14140 – TLALPAN – CX
country:MX
phone:+52 xxxxxxxx []
owner-c:CIT12
tech-c:CIT12
abuse-c:CIT12
inetrev:187.188/15

just that period, no more.
The address is listed in a number of blacklists as spammer. No wonder if your relay is open…
But why try 350 times and in rather shorty bursts when every attempt does not succeed? Perhaps trying to cause mail service on a Linux server to fail. But PMAS has done a good job by refusing”grootersnet.nl” from outside my LAN.

No Sir:

  • “root”?
  • “grootersnet.nl” from outside ?
  • Not on this box.

    Licenses
    But before I could check the log, I had trouble logging in: username and password returned to the password prompt without message. The Powerterm session that is the actual Alpha console was not responsive – hadn’t been whole week. As it turned out, there was no physical connection: there is a pair of connectors in between and I probably stumbled into the cable and caused the to come loose, as well as the USB-based RS232-interface. Got that working again, and since I was logged in on this terminal, I could access the machine – and try a $ Telnet 0 session. That failed: License expired. This makes sense since the expiration date of this license-2017 set was 30-Sep-2017. I thought I had installed the licens-2018 set (that came with the Itanium licenses) but it turned out I didn’t load the 2018 set, which is valid up to March next year. However, the file was already present on Diana so running it solved that problem.

    A similar thing has happened on Daphne – the Personal Workstation – that I started up. The scripts didn’t exist there so I had to be somewhat creative:

  • Prepare FileZille to connect and copy the right file
  • $ Set time=yesterday
  • $ @license2017
  • $ @sys$startup:TCPIP$STARTUP
  • Connect to Daphne and copy the file using FileZilla
  • $ @license2018
  • $ reboot ! (since the box is in a cluster, that will set time correctly)
  • Now I can get on on that machine to set up NxtWare (Samba needs to be installed with the older version)

    WordPress update
    Before entering this post, I updated WordPress to the latest version (4.8.2) and Akismet (4.0), changed the blog logicals accordingly – also in the startup script that sets them on boot. No issues.