Re: your mail - Mailing list pgsql-www
| From | Magnus Hagander |
|---|---|
| Subject | Re: your mail |
| Date | |
| Msg-id | 6BCB9D8A16AC4241919521715F4D8BCE92E90F@algol.sollentuna.se Whole thread Raw |
| List | pgsql-www |
Yes. But they're not, because of the horrible performance of any I/O operation in a unionfs VM... //Magnus > -----Original Message----- > > If you know the local pickup time, you could allways try > greping through the apache access logs for POST-requests > around those times, ie. Dec 5 at 23:12. > That is, of course, if the access logs are kept. > > -- > Tommy > > Magnus Hagander wrote: > > First of all, it does seem reasonable that it's a web based > piece of > > sw that did/does it because there are several references to > > www@svr2.postgresql.org in the Return-Path of the mails. > > > > On svr2, there are some mail-sending forms on the actual wwwmaster > > site, but AFAICT they all go to fixed addresses, and take > user input > > only for contents. > > I have no idea wrt techdocs. There were also several other sites > > running it prior to the clenaup we did after someone broke > into it earlier. > > > > As for that breakin, we discovered those processes on Nov > 21st. But I > > see at least one mail from Dec 5th in the list Gavin sent, so it's > > clearly not that easy. > > > > Looking through some logs, it's very clear that this message was > > picked up locally and not relayed: > > maillog.5:Dec 5 23:12:48 svr2 postfix/pickup[33303]: 86C0EF276A: > > uid=80 from=<w > > ww> > > maillog.5:Dec 5 23:12:48 svr2 postfix/cleanup[33095]: 86C0EF276A: > > message-id=<2 > > 0051205231248.86C0EF276A@svr2.postgresql.org> > > maillog.5:Dec 5 23:12:48 svr2 postfix/qmgr[4148]: 86C0EF276A: > > from=<www@svr2.po > > stgresql.org>, size=3034, nrcpt=1 (queue active) > > > > (this is the mail at the very bottom of Gavins list) > > > > After this, it kept timing out for days before being > delivered on Dec > > 8th. > > > > > > > > Unfortunatly, all our websites run with the same userid, including > > zope... > > > > //Magnus > > > > > > > >>-----Original Message----- > >>From: Marc G. Fournier [mailto:scrappy@postgresql.org] > >>Sent: Sunday, December 11, 2005 9:15 AM > >>To: Gavin M. Roy > >>Cc: Marc G. Fournier; pgsql-www@postgresql.org; Josh Berkus; Magnus > >>Hagander; Dave Page > >>Subject: Re: your mail > >> > >>On Sat, 10 Dec 2005, Gavin M. Roy wrote: > >> > >> > >>>My next guess would be some sort of web based software that > >> > >>is being > >> > >>>exploited to send mail. Zope perhaps? What sites are > >> > >>running off of > >> > >>>srv2 and have any type of comment form that sends emails? > >> > >>Ah, okay ... that I'll have to defer to Dave et al ... Zope > is running > >>over there for techdocs, and there was that python script > that we just > >>recently found ... I'm having a bugger of a time reading > the email(s) > >>you sent, since I can't seem to find where one ends and the next > >>starts ... > >>the ones I've been able to 'pick out' all seem to revolve > around the > >>1st/2nd of December ... Magnus/Dave, was that about the > same time that > >>we found those errant processes? > >> > >> > >> > > >> > >>>Gavin > >>> > >>>On Dec 10, 2005, at 11:36 PM, Marc G. Fournier wrote: > >>> > >>> > >>>>First I've seen of this, sorry it was overlooked ... > >>>> > >>>>But, borg isn't an open relay: > >>>> > >>>>%rlytest -f scrappy@postgresql.org -u scrappy@hub.org > >>>>borg.postgresql.org Connecting to borg.postgresql.org ... > >>>><<< 220 borg.postgresql.org ESMTP Sendmail 8.13.1/8.13.1; > >> > >>Sat, 10 Dec > >> > >>>>2005 > >>>>23:31:26 -0800 (PST) > >>>> > >>>>>>>HELO postgresql.org > >>>> > >>>><<< 250 borg.postgresql.org Hello postgresql.org [200.46.204.71], > >>>>pleased to meet you > >>>> > >>>>>>>MAIL FROM:<scrappy@postgresql.org> > >>>> > >>>><<< 250 2.1.0 <scrappy@postgresql.org>... Sender ok > >>>> > >>>>>>>RCPT TO:<scrappy@hub.org> > >>>> > >>>><<< 550 5.7.1 <scrappy@hub.org>... Relaying denied > >>>>rlytest: relay rejected - final response code 550 > >>>> > >>>> > >>>>And I just checked svr2.postgresql.org, and she's closed > >> > >>from what I > >> > >>>>can tell also: > >>>> > >>>># telnet svr2.postgresql.org smtp > >>>>Trying 65.19.161.25... > >>>>Connected to svr2.postgresql.org. > >>>>Escape character is '^]'. > >>>>220 svr2.postgresql.org ESMTP Postfix ehlo hub.org > >>>>250-svr2.postgresql.org 250-PIPELINING 250-SIZE 10240000 250-VRFY > >>>>250-ETRN 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 250 > >> > >>8BITMIME mail > >> > >>>>from: scrappy@hub.org 250 Ok rcpt to: scrappy@freebsd.org > >>>>554 <scrappy@freebsd.org>: Relay access denied > >>>> > >>>> > >>>>Is there something else I should be testing/checking for? > >>>> > >>>> > >>>> > >>> > >>---- > >>Marc G. Fournier Hub.Org Networking Services > >>(http://www.hub.org) > >>Email: scrappy@hub.org Yahoo!: yscrappy > >> ICQ: 7615664 > >> > > > > > > ---------------------------(end of > > broadcast)--------------------------- > > TIP 3: Have you checked our extensive FAQ? > > > > http://www.postgresql.org/docs/faq > > > >