Router re-installation
A few days ago, all of s sudden, I could no longer access any of the sites from wherever I tried. SSH access failed as well, but I still could access the router; but PINGing the server from there went just right. No idea what had gone wrong.
Today I found out that it looked as if access from other sites was no problem at all, bouth router log and web-access log showed incoming traffic, but way less than normal.
To solve the problem start at the front side: so check the router. But as it turned out, I didn’t have any backup of the configuration available – though I did make them; They couldn’t be found. The only solution therefor was to make screenshots of the configuration screens, reboot to factory settings and re-install it to what was set before. It did take some time because, of course, I did forget a screen or two, but within an hour, I had it all working again – basically.
The only issue left was logging; there is still output missing, somehow. However, this has been solved as well.
So I made a backup of the current setting – just in case.
Next thing – that I left for now, because of the sheer amount of work – is redefining the objects to block. That will be done from now on.
01-Apr-2015
No surprises
No jokes either: The monthly maintenancejob revealed nothing special. Mail is fine as it is for months now:
PMAS statistics for March
Total messages : 5091 = 100.0 o/o
DNS Blacklisted : 0 = .0 o/o (Files: 0)
Relay attempts : 3933 = 77.2 o/o (Files: 31)
Accepted by PMAS : 1158 = 22.7 o/o (Files: 31)
Handled by explicit rule
Rejected : 363 = 31.3 o/o (processed), 7.1 o/o (all)
Accepted : 226 = 19.5 o/o processed), 4.4 o/o (all)
Handled by content
Discarded : 177 = 15.2 o/o (processed), 3.4 o/o (all)
Quarantained : 193 = 16.6 o/o (processed), 3.7 o/o (all)
Delivered : 199 = 17.1 o/o (processed), 3.9 o/o (all)
though Chinamen keep trying to relay when it is not allowed:
ANTIRELAY.-2015-03-05 1450 between 21:25-23:59 (from sina.com)
ANTIRELAY.-2015-03-06 335 between 00:00-00:36 (from sina.com)
ANTIRELAY.-2015-03-15 1680 between 04:54-07:55 (from 163.com)
ANTIRELAY.-2015-03-17 115 between 09:00-10:44 (from 126.com)
Just one “user” nllxiaonanzi111620 from these domains. Probably all forged, sent by a script or program on a server in this domain. I blocked 163.com already but they may use other ranges as well that are not blocked…
To be investigated – if time permitted, but my jobs takes far too much time, even in evenings and weekends (if anyone has another job (preferably in the VMS arena, drop me a line. I’m willing to move)
I have some testing to do for eCube: their Eclipse plugin for programming on OpenVMS from a Intel system (Windows or Linux) but there hardly is any possibility, timewise…
01-Mar-2015
Monthly maintenance
Nothing weird noticed by the automated job. Even spam statistics aren’t reason for concern:
PMAS statistics for February
Total messages : 1150 = 100.0 o/o
DNS Blacklisted : 0 = .0 o/o (Files: 0)
Relay attempts : 145 = 12.6 o/o (Files: 28)
Accepted by PMAS : 1005 = 87.3 o/o (Files: 28)
Handled by explicit rule
Rejected : 458 = 45.5 o/o (processed), 39.8 o/o (all)
Accepted : 211 = 20.9 o/o (processed), 18.3 o/o (all)
Handled by content
Discarded : 163 = 16.2 o/o (processed), 14.1 o/o (all)
Quarantained : 142 = 14.1 o/o (processed), 12.3 o/o (all)
Delivered : 31 = 3.0 o/o (processed), 2.6 o/o (all)
Of course there have been some attempts but since 163.com (a notorious Chinese source of spam, relay-attempts and hacking attempts – both web and FTP) has been denied access alltogether (it won’t even get passed the router) there haven’t been many. Plus some other (mainly Chinese) sources…
The number of quarantained and discarded messaged – based on rule, are to be considered valid, so I could lat them pass. It requires some action for which I don’t take always time to enter the data into the filter; maybe I should.
08-Feb-2015
Maintenance log
Last maintenance log revealed nothing specical, except for an unusual amount of relay attempts:
PMAS statistics for January
Total messages : 5004 = 100.0 o/o
DNS Blacklisted : 0 = .0 o/o (Files: 0)
Relay attempts : 3766 = 75.2 o/o (Files: 31)
Accepted by PMAS : 1238 = 24.7 o/o (Files: 31)
Handled by explicit rule
Rejected : 633 = 51.1 o/o (processed), 12.6 o/o (all)
Accepted : 232 = 18.7 o/o (processed), 4.6 o/o (all)
Handled by content
Discarded : 148 = 11.9 o/o (processed), 2.9 o/o (all)
Quarantained : 180 = 14.5 o/o (processed), 3.5 o/o (all)
Delivered : 45 = 3.6 o/o (processed), .8 o/o (all)
most of them on Jan 5th, from address 112.90.37.237 – sent by xiaonanzi11162@163.com. There is a lot of spam comining in from that domain so I blocked it in PMAS already, but it seems to be worthwhile to block if from accessing anything. IOt means two more entries in the router’s object table.
Today I also finished archiving all 2014 logs.
A new testbed
Microsoft has made the successor of Windows 6.1 available for testing. Since the old Windows7 machibe from the living room is actually obsolete (Rita now uses a tablet for browsing the web and handling her email – in fact the only real activity on the net – I could install the Windows-10 preview on that machine – after a thourough cleanup. The system started remarkably slowly, not a real surprise when the system disk is 8% fragmented…
One big reason why I decided to give it a try: Update hyung while one program: CheckSUR.exe, ran for hours, generating an output of well over 100KB. I stopped installation, had to reboot a few times (once into safe mode) to have the installation rolled back, next attempt I disabled this update and it did finish.. Now I could finish the clean-up and defragmetation – and after that, I booted the Windows10-preview (ISO was downloaded and burned onto DVD). I would prefer to install it aside Windows 7 but that wasn’t possible – or I would habe to use another disk. There is one available but I don’t have the power-block to connect it….
No big deal, anyway. It’s used mainly for testing, and if I need particular software, it’s easy to install.
29-Jan-2015
Webserver updated
I have updated the webserver to version 10.4. It required some extra work in the procedures, and it turned out that stopping the server using the procedure used for that action, forgot that the server is installed. So that is something I need to address. However, this action is hardly ever used – just on shutdown of the hardware. But it’s worth editing anyway, to allow adjustments in the environment. Be it the webserver, MySQL database of PHP version.
Anyway.
This webserver has TLS 1.0, 1.1 and 1.2 enabled. So no SSL – either version, due to the security leaks found lately. So if you try to access the server with a browser where TLS is not enabled, you won’t get access. That is: by default. But I have started the server – for the time being – allowing SSL3 – but you may run into problems.
In due time, SSL will be disabled completely.