Category Archives: SysAdmin

Nov 04

Blocking The Big Education (Edu-Junk) Spammers

Posted on by


There are two main organizations that I know must be dishing a thousands or millions of spam a day out to the school community. I have been watching the constant spam spewing from a few sources over the last couple of years and I have finally starting to look at some patterns to alleviate at least some of the junk our teachers are getting specifically from these junk engines. The two organizations I see as massive senders of edu-junk are Mindstreams / Lifetime Learning and Edupartners. I am sure there are many others out there you might be dealing with, but these two sources are prolific in the volume they spew daily.

Both Mindstreams / Lifetime Learning and Edupartners do put unsubscribe links on their junk, but the way they acquire the addresses would mean every single member of your faculty and staff would need to individually unsubscribe. This is not something any of us what to deal with so if you can, it is worth just getting some simple rules in at the server-side to inhibit this as much as possible. They seem to be immune to RBLs for some reason, so you will have to go it alone.

Here are some examples of the kind of junk they have servers pump to the school community.

EDUPartners SPAM

Lifetime Learning / Mindstreams SPAM

Except they pump thousands of these out and insert teacher names from the database, etc. This is nothing different than other spammers out there do daily either, but the difference here is a real volume increase and targeted audience for people that work in schools. They use multiple servers, outside spam vendors and tools like Silverpop Engage and probably a lot of other tools we don’t even know about. I finally had to do something on this.

If you want to inhibit this as well, here are a few items that have worked.

 

Block the entire routable IPs that Lifetime Learning / Mindstreams owns.

They have servers across their Class C ranges that do nothing but send and send. I have currently seen and blocked a couple of their ranges from even being able to send email to our networks. Here are the ranges I have seen and blocked outright because I have seen in the logs spam attacks across the entire ranges.

12.9.130.0/24
12.9.134.0/24

Just block it from even connecting to your network at all or at least at port 25 for SMTP. They are not (yet) doing SSL on port 465.

Here is a log showing a quick round from the second class c trying to send to us.

 

Anything from 208.85.51.183 is bad news.

This is a Silverpop-owned IP address. The whole block can probably be blocked, but I have consistently seen 208.85.51.183 do nothing but spam.

Here is there WHOIS lookup (as of 11/04/11)

#     “n 208.85.51.183″

NetRange:       208.85.48.0 – 208.85.55.255

CIDR:           208.85.48.0/21

OriginAS:       AS19795

NetName:        SILVERPOP-IP

NetHandle:      NET-208-85-48-0-1

Parent:         NET-208-0-0-0-0

NetType:        Direct Assignment

RegDate:        2007-12-03

Updated:        2008-02-22

Ref:            http://whois.arin.net/rest/net/NET-208-85-48-0-1

OrgName:        Silverpop Systems Inc.

OrgId:          SILVE-32

Address:        200 Galleria Pkwy

Address:        Ste 750

City:           Atlanta

StateProv:      GA

PostalCode:     30339

Country:        US

RegDate:        2007-02-22

Updated:        2011-08-03

Ref:            http://whois.arin.net/rest/org/SILVE-32

OrgTechHandle: NETWO1905-ARIN

OrgTechName:   Network Operations

OrgTechPhone:  +1-678-247-0500

OrgTechEmail:  InfrastructureTeam@silverpop.com

OrgTechRef:    http://whois.arin.net/rest/poc/NETWO1905-ARIN

OrgAbuseHandle: ABUSE1713-ARIN

OrgAbuseName:   Abuse Handler

OrgAbusePhone:  +1-678-247-0500

OrgAbuseEmail:  abuse@deliver.silverpop.com

OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE1713-ARIN

OrgNOCHandle: NETWO1905-ARIN

OrgNOCName:   Network Operations

OrgNOCPhone:  +1-678-247-0500

OrgNOCEmail:  InfrastructureTeam@silverpop.com

OrgNOCRef:    http://whois.arin.net/rest/poc/NETWO1905-ARIN

RTechHandle: NETWO1905-ARIN

RTechName:   Network Operations

RTechPhone:  +1-678-247-0500

RTechEmail:  InfrastructureTeam@silverpop.com

RTechRef:    http://whois.arin.net/rest/poc/NETWO1905-ARIN

RAbuseHandle: ABUSE1713-ARIN

RAbuseName:   Abuse Handler

RAbusePhone:  +1-678-247-0500

RAbuseEmail:  abuse@deliver.silverpop.com

RAbuseRef:    http://whois.arin.net/rest/poc/ABUSE1713-ARIN

RNOCHandle: NETWO1905-ARIN

RNOCName:   Network Operations

RNOCPhone:  +1-678-247-0500

RNOCEmail:  InfrastructureTeam@silverpop.com

RNOCRef:    http://whois.arin.net/rest/poc/NETWO1905-ARIN

 

Setup rules on your email server

Provided you still run your own email now that most schools seem to be going the Google Apps route while it is currently no charge.) I have a few rules that pick-off the current batches of junk from the Edu-Junk companies.

1. Anything received/sent from or has text string matching mkt5354.com

2. Anything received/sent from or has text string matching edupartners.com

3. Anything that gets a received from text string that has PowerMTA in it. This is a junk email sender they (and many others use constantly.

4. Block 208.85.51.183 outright as well. Crazy how much spam that IP is trying to send on behalf of edupartners.com.

208.85.51.183 Spam Attempts

 

I will continue to update as I can when new patterns emerge. Hope this helps.

Sep 29

Host Only Networking Setup With VMWare Fusion 4

Posted on by

 

I have used VMWare Workstation and Fusion for many years now on Linux, Windows and Mac OS X host operating systems. I have used the “host only” networking on Windows and Linux host operating systems, but never on OS X with VMWare Fusion until recently when I had the need to test some new firewall software setups.

On VMWare Workstation or Server, it is pretty easy to set network addresses for the virtual networks and hosts, but turns-out it is kind of a pain with VMWare Fusion (the Mac app.) For whatever reason, they didn’t include the configs in VM configuration GUI. This makes the whole setup more of a pain than it should be. I suppose they didn’t add this level of configuration because of the way the VMWare Tools may or may not integrate with the guest OS or something in OS X. Also, maybe Mac users just don’t really request the need to have this in a nice GUI due to lack of overall interest. Whatever the case, there are some great reasons to have it operational.

In testing the recently released IPCop 2, I needed to play around with settings and see how the configurations I use in production would and could work on the new build. VirtualBox, VMware and Parallels are great applications for these sorts of development testing situations. I have always had a preference for VMWare because of their commitment to have the vm images be able to move back and forth between host operating system applications versions of VMWare. It has come in handy many times when I have moved from Windows to Linux or back as I have changed my main operating system.

By default, a VMware Fusion guest OS will initial be setup with an initial network interface. You can set in the VMWare settings whether you want it to act as a NAT or Bridged. That is all standard, in the VMWare Fusion application host config settings. In my case, I need the VMWare guest to have at least two network adapters so I can test different network nodes as I try to mimic servers with multiple physical network cards running the Linux-based firewall. So, in my case, I added an additional network adapter in the guest settings interface.

VMWare Fusion 4 Guest OS Settings

At each of the network adapters, you can set the use setting. In my situation, I  wanted the first network adapter to be used to provide access to the real network my MacBook Pro is using to access the real network (wired or ethernet) on the machine.

It will want to make the first network adapter use NAT by default so nothing crazy here except, I did flip the “Advanced options” and generated a MAC address and kept generating addresses until I got an “A” in the final segment so when I am testing and looking and packets coming and going from device addresses, I can know that the host with the “A” is this first network adapter. You don’t need to do this, but if you can insert some sort of label to help troubleshoot or tag traffic/addresses/information in this sort of setup is useful to me. My VM is titled “ipcop2″ but it could have been titled “Linux” or something else.

VMWare Fusion 4 Network Adapter 1 Settings

The second network adapter is when I dip into virtual / host only world. I create it and designate it as a private network only available to the host mac I am running VMware Fusion 4 on, then keep generating a MAC address until I get one that has a “B” in the final segment to continue the configuration pattern of tagging the network interfaces.

VMWare Fusion 4 Network Adapter 2 Settings

I also had to go into the guest OS and assign the virtual network interface to the correct address that matched the one I will put in the VMware config for the host only. Because it was IPCop 2, it looks like this. But, your setup will differ if you are running something else and want a fixed ip across the configs.

Assigning Virtual Host Only MAC To IPCop Green

Assigning the NAT MAC To IPCop RED

Assigning the fixed IP to the virtual network host only adapter in the guest OS (IPCop)

Then I went in a edited the networking file where VMWare maps the IP addresses to the virtual network interfaces. In VMWare Fusion 4, they moved it to /Library/Preferences/VMWare Fusion from the previous location under Application support. I gave my private network adapter a fixed IP in the reserved space since I will also be assigning the address to one of the settings in the guest host as a fixed address. You can hit this via an OS X terminal.

$ sudo vi /Library/Preferences/VMware\ Fusion/networking

and modify to assign the interface a IP. My example is changing it from the default setting or DHCP and setting it as 10.111.1.1

editing /Library/Preferences/VMWare Fusion/networking

Anytime you modify this config, you need to restart the the VMWare Fusion application to get it to use the new settings. I would also restart and confirm the settings in the guest host on network addresses on any testing or modifications. After all settings and restarts of guest OS (if they were in a suspended state) and the VMWare Fusion app, make sure the ping the address. You can also arp -a the network from the OS X terminal to see if you get a bite. You should see the MAC address you generated and the IP you set in the networking config.

arp -a in OS X terminal confirms vm network address

This process will at least get you a basic host only networking between the host and guest OS in a contained way. It is my hope that VMWare makes this easier in later updates of VMWare Fusion 4 and regardless of what host OS you are running (Windows, Linux, Ubuntu, etc.) At the time of this post, we were at VMWare Fusion 4.0.2.

Apr 23

Cloud Computing: More Like Costco, Less Like Oxygen

Posted on by

People Waiting For Costco

The hype around the cloud computing is getting tiresome.

The recent highly-visible downtime with Amazon is not a rare occurrence, it just happened to be so widespread that Amazon and others that rely on the EC2 infrastructure had to publicly address and acknowledge it. Negative aspects of the ‘cloud’ are rarely addressed. I am sure there are many failures of many different flavors that the larger public never even knows about. I am happy that this recent situation does bring up the downside of what is normally touted as a salvation to many as of late. As the hype dies down over the next few months and years, I think you will see cloud computing settle in as something more along the lines wholesale giant Costco rather than something ubiquitous and unavoidable (as is the current consensus) for a few of major reasons.

Different, But Hardly a Revolution

The term ‘cloud computing‘ is a new term for something that, at it’s core, is nothing new. Yes, the recent technological advances on clustering and the vendors packaging services sitting on top of the newly clustered hardware and software is new, but vendors selling hosted services is nothing new or tremendously revolutionary. You don’t want to all the heft of managing servers and hardware? That was the case back in the mainframe days before the PC revolution of the 1980s and 1990s. You don’t want to try and have all the possible information in the world on your local hard drive? Makes sense. Glad we have an ‘internet’ of connected servers across the world with different types and sources of every-changing information. People farming-out services is not a new thing.

When Price Club and Costco first arrived on the scene, the items they were selling were not new. The channel methods with the vendors, portions of the products sold, wholesaling to the consumer all while grabbing membership dues from the public was the revolutionary part. The consolidated company, Costco, is wildly successful and has a strong model and loyal customers. We shop there every once and while when we have a need for certain types of stuff. We get toilet paper, paper towels in bulk and other items we know we will use a lot of and don’t particularly care about brand or exact details. Many will come to understand this is the kind of service cloud computing provides.

Great For General Needs, But Not Displacing The Specific

You need a bunch of generic toilet paper? Let’s hit Costco. You need a bunch of generic email accounts? Use Gmail instead of buying your own email server, domain name and configuring it all and hosting it in your garage. You need tires for your car cheap and not concerned too much on brand name or options? Costco is great for that. You want someplace to put a basic webserver for a company or personal site? Great – use a cloud provider and let them figure out what to use to serve things up for you to rent. But, just as Costco is not the go-to place of choice for everything you want/need to obtain for your daily life, cloud computing vendors are not going to be the only place to get everything you need or want to go for everything information technology-related. If you are a business, you might head down to Costco to get basic office task chairs, but if you need specific, high-end models, Costco is not the place you are going to buy from.

Costco opened up new options for people to acquire consumer goods but it hasn’t ever displaced the Safeway, 7-11, Target or Whole Foods out there because consumers see it as an option for them, but not the only option or the option they MUST go with. You will see cloud computing and the hype around it dissipate in similar fashion as people realize there are fundamental reasons why you want to continue to have local servers and be able to continue to maintain strategic advantages of various aspects of information technology based on your educated needs. There are, and will continue to be, numerous reasons to keep services local. Even if you have the ability to move them to the cloud, you might not. Specific needs like access to large amounts of file data across a fast local network, ability to have vertical control over all aspects of the network service and be able to be secure in the concepts around where your important information is physically located will never go out of style and will continue to be important to you. You are not wrong. If you feel email/groupware is a critical piece of your information technology, you probably want to keep it in-house at minimal cost vs. renting at Google or another ‘cloud’ vendor. Even though cloud computing companies will evolve with more and more specification of services, they won’t be able to provide the types of tailored systems organizations need (coupled with staff that has your priorities in mind) after they perform thoughtful refection and analysis. You also might not like not having the visibility on services you sacrifice when moving it to the cloud.

TANSTAAFL, But Maybe Free Samples

As with all businesses and services, the old saying “There ain’t so such thing as a free lunch” still applies. Perhaps many people and organizations are so excited about cloud computing because they think it bends the economic reality and they can snag free stuff without regard. Just because the service is in the cloud doesn’t make the underlying economic factors and needs for the vendors coordinating the services any different. They still need to generate profit to stay in business. When you walk the aisles in Costco to get the free samples, they are not there for you to just consume but rather given in the hope they get a few takers to buy the case of their frozen corn dogs or potstickers. If they don’t move enough product, then the samples aren’t working and it is time try something else. This is really no different than Google giving you a free email account to sell ads and harvest user information and behaviors, Ning letting you have groups in their site so you see the value and will be eventually willing to pay or the many others trying to use the ‘Freemium‘ model.

Courtesy of Getty Images

If giving stuff away doesn’t help sell product in the long run, those taquito samples table near the frozen section in Costco go away just like the free access to the cloud system service gets turned off like Ning did a year ago. I see many people, schools and business trying to ride the wave of free stuff just those people roaming the aisles at Costco grazing samples, but that game usually ends poorly. You really don’t want to put critical pieces of what you need to operate and rely on dependent on shaky business models. It is an illusion that you can subsist bouncing from free thing to free thing. It consumes the time and energy that you should be putting into your mission, operations and investment in local resources for those items that are critical to you.

After The Hype, I Welcome Reality

As more incidents like the Amazon failure, Google deleting batches of Gmail accounts, etc. occur, when the VC money lessens and when darling cloud companies like DropBox figure-out they really need to properly monetize and have to stick it to the their users causing outcry, I think the cloud luster will wear-off. A few years ago there were tons of Facebook developers trying to do all kinds of crazy businesses and that was all the rage until reality set-in for the entire ecosystem. This sort of reality will take effect soon for cloud computing as well. I have no doubt and welcome it.

I know where Costco is and maintain my membership, but I don’t load-up on corndogs, peperoncini or frozen chimichangas like I once did. We all tend to make better choices when the options and understandings around them are more mature. We will all still breathe oxygen as the cloud computing hype will mellow to become commonplace but not essential and we will be on to the next hyped, ‘revolutionary’ technology cycle.

Apr 19

Using Dock Cleats As Cable Managers In Classrooms

Posted on by

Powder-Coated Dock Edge Classic™ Cleats

When it comes to computer cabling in classroom environments, no matter what you do for the long runs, you usually a mess on your hands those final few feet to the faculty equipment.

No matter what you do in your school classrooms to handle cabling for faculty, there is that final length of cable for audio and video to projectors, interactive boards and audio that usually is a total cluster. Then, add-in the multiple uses and people in the rooms doing a variety of different types of presentations in different locations in the room and you compound the issue.  In our case, we had long cables running from the projector and speakers and the length connecting to faculty laptops has always been a nightmare to deal with. They sits on the ground and constantly get kicked around, removed, lost and/or damaged. It also just looks bad when you come in and see a pile of cables you need to rely on for a teaching session.

In addition to adding cable management from the projectors and speakers in the room through putting then behind the walls (if you can) or going with cable tracking to conceal and secure cables, you still need some slack to allow teachers to setup in the space in different locations. Because you want to leave some slack, but it can stay unorganized. All strict cable management systems from the usual vendors are really geared to hold the cabling in a fixed position. This doesn’t work for that final few feet from the wall you want for the teacher to be flexible with depending on their material and hardware use.

I found nothing great out there in the cabling vertical market intended to handle this sort of scenario. But, there are many solutions out there for dealing with situations LIKE this on boats with rope, which is why I looked to solutions with rope management and found that dock cleats could be a perfect solution. Different materials and environments, but very similar form and function. After a talk with L-W Visual Arts teacher, Robert Sanborn, who happens to be extremely knowledgeable of boat hardware and interiors, I found out that I should head down to West Marine and see what they have that could work for VGA and other rope-like cabling we deal with in schools.

DockEdge Classic™ Cleat in White Finish

West Marine had many different types of dock cleats but the Dock Edge Classic Cleat models seemed to be the best one to use in my opinion because it was lightweight, sturdy and seemed like our walls could handle it without too much trouble. Going through the check-out, the cashier asked if I had a boat (which we do not.) After briefly explaining I would be using this in a classroom, he smiled pretending to understand and was happy to sell whatever to me for whatever reason. Sidenote: If you have never had the chance to go in and look around store that carry boat supplies, I highly recommend it. There is a lot of really cool equipment and tools for boats but have so many other applications as well.

After We are getting a bunch in and will be installing in every classroom as we can in addition to normalizing the cabling runs with boxes and tracking. The have white and powder-coated models. We will get a mix of both depending what we can continue to acquire from vendors. I prefer 8 1/2 inch model (PN#2508W-F) as it provides enough spacing for decent extra length from the wall to take into the room for a table or desk use presentation.

Besides working quite well to tether the last few feet of a VGA, audio and USB cable, the cleat provides relief on the cable run itself to the rest of the run when it is pulled from the desk or table with the equipment. It stops the pull to the rest of the cabling in the track or behind the wall while still providing organization.

Lastly, it is also pretty fun to say you are getting a piece of equipment for your classrooms of your school from Bass Pro Shops (as they sell this model as well!) But, there are many places on the web you can order them from if you don’t have a local boat shop in your area. Depending on which sizes you get, the pricing ranges from $10-$30 or so.

Boating Dock Cleat in Lick-Wilmerding's Room C

Mar 11

Setup Mail Rules to Send Out Of Office Replies to Trash

Posted on by

If you are on a number of maillist lists, you feel my pain. When you want to contribute to a listserv but are tired on receiving all the junk email associated with various people’s auto-responders for vacation or out of office, you can just go forward and delete all the mail you get telling you that “so and so doesn’t work here anymore” or “so and so will be out of the office on vacation” or you can just trash them through mail rules on your mail client. I will continue to update this post as I tweak the rules to best operate but here goes the first pass at it.

 

Here is a screenshot of my Entourage setup for the rules I detail below but these rules should be able to be created in whatever decent email client or web-based client you are using to manage your email.

Found in Entourage under 'Tools' Menu

Four criteria to dump to the Deleted Items

These correspond to the following rules I am working with so far.

FirstClass Servers
Auto-responders seem to have a “X-FC-MachineGenerated: true” in the header we can grab them via a header mail rule and use to route to trash.

Microsoft Exchange Servers
You can probably pick-off via the Subject line mail rule containing “Out Of Office” or “AutoReply” and dump them.

Gmail ‘Vacation’ Responders
Seems to have “X-Autoreply: yes” in the header of ‘vacation’ auto-replies so a header mail rule on that should do it.

 

If you have other rules you have constructed for these types of email servers or other settings you would like to share please comment. I have always thought of doing a consolidated page on this for general reference and would love some contributions and help.