Now 7 days after the event, and SORBS is still listing our affected server.

Why do SORBS Suck? More to the point, why am I writing this negative blog post? I’m writing it because SORBS has demonstrated itself to be wholly unprofessional, slow, and inaccurate, and are causing real problems for genuine ISPs, and countless people.

7 days ago the hosting company I work for found a client who’s site had been hacked. It was quite nasty, and a perl script was pumping out spam at a pace. Within an hour or so, we had tracked it down and got it shut down. Too late. We had appeared on a couple of blacklists, including spamhause and spamcop, and SORBS (just 46 hits).

Within a few hours, the world recognised that we had stemmed the problem, and all was fine again… or was it…

SORBS still listed us. We tried to remove ourselves. SORBS  has to be THE worst system I’ve ever used, ever. And I’ve used some pretty bad systems. If you’re going to allow companies to use your data to make decisions about whether or not to deliver email you at least owe it to run a service that isn’t completely broken. 

Read some more…

One very useful option recently added to CXS is –script

For example, I am currently using something like:

/usr/sbin/cxs –report /var/log/cxs.scan –logfile /var/log/cxs.log –mail reports@myhost.co.uk –vir -I /etc/cxs/cxs.ignore –options mMOfSGChednWZDR –script /root/cxswatchscript.sh –xtra /etc/cxs/cxs.xtra -Z –sum -F 200000 -C /var/clamd -T 10 -B –allusers

the script defined above, /root/cxswatchscript.sh, receives 4 arguments from CXS

$1 = filename
$2 = option triggered
$3 = message reported
$4 = account name

Read some more…

Parse the CXS Log file for warnings, and email your customers with details of the Malware found in their accounts via a Perl script.

• Got ConfigServer Exploit Scanner – CXS – installed on your cPanel/WHM server?
• Doing a full server scan every now and then, and getting swamped with the reports?
• Want a script that will trawl the reports, and email the cpanel users with their problems automatically?

Then you came to the right place! Read some more…

This article relates to Exim 4, running in a WHM/cPanel environment under Centos, but may affect other configs too.

You may find instances where a local user tries to send mail to a host that operates greylisting. The messages never gets to the recipient. You see things like this in the exim_mainlog

Code block

2011-11-10 15:14:05 1ROWKK-0003I1-Ia <= localuser@localdomain.co.uk H=something.com (FredBlogs) [2.2.2.2] P=esmtp S=7852 id=!&!AAAAAAAAAAAYAAAAAAAAAEDCVk4NrhRJjsshyvaOnAfCgAAAEAAAAOV7jpjiT51Jm/WbyNPkywIBAAAAAA==@domain.co.uk T="FW: test" for remoteuser@remotedomain.co.uk
2011-11-10 15:14:06 1ROWKK-0003I1-Ia == remoteuser@remotedomain.co.uk <remoteuser@remotedomain.co.uk> R=lookuphost T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<remoteuser@remotedomain.co.uk>: host mail.host100.co.uk [5.5.5.5]: 451 Greylisted, please try again in 223 seconds
2011-11-10 15:14:06 1ROWKK-0003I1-Ia ** remoteuser@remotedomain.co.uk: retry timeout exceeded
2011-11-10 15:14:06 1ROWKK-0003I1-Ia Completed

I decided to divorce myself from the Apple-a-tron that is iCloud for a number of reasons.

• I don’t like being forced to upgrade to iCloud
• I don’t like being forced to upgrade to Lion to use iCloud
• As a user of Adobe CS5 and numerous peripherals for photo/print etc, I can’t see how upgrading to Lion is going to make anything easier for me (actually the reverse)
• I felt it was time to move my online self to a domain that I control, instead of me.com or mac.com

So, how to do it? I run a number of Macs, and an iPhone so whatever I choose has to work on both, and be relatively painless. This guide isn’t for total beginners, I wish I had the time to describe every step in detail with screenshots, but anyone with a sense of adventure should get through this guide without difficulty. Read some more…

This article will show you how you can access and test your joomla, wordpress, drupal, or other content managed website before you actually change nameservers or DNS and risk a huge disaster! I’m surprised I haven’t written about this before – it’s such a simple thing to do, and is an absolute killer tip for any developers out there. Read some more…