Skip to content

SysAdmin

Phishing emails are getting very good

I know what to look for and check and this took quite a while. Wow. Of course, the largest tip-off that this is a fraud is that someone at Wells Fargo (or any bank) is actually trying to proactively help you with anything. That never happens. But, digging deeper into the message source, you see stuff that I haven’t seen before. They are inserting more “Received:” headers to mask the real one from Taiwan.

spearphishing20140318

 

Most people will never even look at the message source at all, but even when you do and see this, it still takes a while because it can really look legit with all the bogus wellsfargo.com and postini references.

Man, it’s tough out there in email world nowadays. The payload was a .scr file for Windows by the way in a Zip file.

2014-03-18_10-40-28

 

This is going to levels I have never seen before. I don’t know how regular folks on Windows will be able to survive even with security if this continues to accelerate and get more and more sophisticated. I suppose just not allowing any files to be sent via email is going to be the eventual step that might curb this sort of malware infection path, but I’m sure there will be more and more doors opening for every one we close.

Integrated Spamassassin and Postfix MTA Setup on Ubuntu

arrowlogo

The wiki entry on the Spamassassin wiki for the simple setup with Postfix is almost there. I recently setup my 12.04 Ubuntu server with Spamassassin with Postfix and everything is working well. I had to do a few more steps to get it working. Here is what I did.

1. Create the spamfilter.sh script detailed on the wiki. Place it in /usr/bin/spamfilter.sh and chmod +x it. Ensure the newly-created /usr/bin/spamfilter.sh has correct permissions (0755), and is owned by root:root.

2. Install/confirm spamassassin is there on Ubuntu

3. Create a new user in Ubuntu “spamd” and create a home directory for it. This is where Spamassassin is going to want to put the Bayes information. It will store it in /home/spamd/.spamassassin

4. Change the /etc/postfix/master.cf first smtp line to this

and add the spamfilter entry towards the bottom of the same /etc/postfix/master.cf file

Here is what mine looks like –

spamfilter

5. Start spamd. I just started it with a

6. Restart postfix and send a few emails in and out of the server to make sure you have a working system. You should see verbose scoring in headers or, if you get spam during this time, some verbose scoring totals in the email body like below.

496spamscore20130408

7. If things are working, you can now go in a tweak some stuff. The files you might want to mess with right off the bat are the spamassassin files in /usr/share/spamassassin

usrsharespamassassin

8. I edited the contact address and you can also change the flag on what you want your threshold to be and if you want to have SA insert the scoring in the body of the message as it does by default. These options are in:

and change “report_contact” to your email address

report_contact

and there are more options detailed over at the Spamassassin wiki >>  http://wiki.apache.org/spamassassin/FrontPage

Spamassassin and Postfix working together have been great. This is a simple setup with just a few components to minimize possible configuration issues or points of failure. Hope this helps.

Repairing a badly damaged package system in Ubuntu

deb-dpkg

Recently, I did something really stupid and damaged my whole dpkg system. It was pretty bad. I did an “apt-get purge” with a pattern and wildcard and thought it was only going to remove everything around a specific package. It didn’t. It did much much more. Not helping the whole situation was the interrupt I issued when I saw apt going through and yanking stuff that I didn’t want to have removed.

It was bad.

So, I tried to repair the normal ways, but the damage was done. I was unable to complete “apt-get updates” or apt-get “upgrades” and Synaptic Package Manager was not helping. I had some packages in the mix with broken dependencies and everything was a mess. Here are some ways to possibly move through a hosed package system on Ubuntu.

1. See what you can do in Synaptic or Ubuntu Software Center. But, you probably won’t be able to get it going. If you can get in there and purge then reinstall packages, that would be great. At least, give it a shot. If your package system is so damaged that you don’t even have a desktop GUI, than this is off the table anyway.

build-dep5

Synaptic is going to be your best tool. Use custom filters to search and find any broken packages and remove them and reinstall them. Trying to repair or reinstall without removal first will probably not get you the fix you need to get things back on track.

2. You’re probably going to have to deal with the issue through hacking it out in the terminal. In my situation, I broke so many dependencies, that I had to go through dozens and dozens of packages in this way to eventually get me back to stable. The first try should be to work through build-dep options on packages you know are problematic.

build-dep

The build-dep flag on apt-get will try to get the packages it needs, but if things are hosed, this will help but will need to be run against many different packages. If after you run it you are not getting additional packages via download, then keep grinding on other packages that might be popping-up in errors.

build-dep2

Read the errors from what the build-dep kicks back and try to run build-dep against those other packages. If you do make some traction with additional downloads of packages via this method, then you can try to go ahead and try to install.

build-dep4

You may or may not have success with that. If you have packages downloaded through these processes but not installed for whatever reason, you should attempt to have dpkg try and play what you have but might not be able to be fully installed via the apt-get install or build-dep. Issue a –configure -a to play the packages you might have acquired through the process.

3. So, going back and forth with build-dep, install, and dpkg –configure might get you part of the way there to a fully repaired database but it might not get you all the way. Try running some clean, autoclean and autoremove commands with apt-get.

build-dep6

After playing those commands, go back in and try to play the build-dep, install, and dkpg commands

The crazy thing about all of this is that could be just some small package that you need to locate and install to fix the larger issues. It’s like a needle in a haystack. The moral of the story is that the package system is a wonderful way to manage software on Debian-based systems and it rarely gets hosed. You should do everything in your power to not screw it up because if you do, you will be in a tough place probably consisting of playing a ton of repetitive commands against the package database in trying to find that needle in the haystack. The reality is that you will probably have to run many of these commands against all different packages numerous times to eventually crack the code and get the database back in order.

ffmpeg compile with h.264 on Raring Ringtail (Ubuntu 13.04)

The temp space is your friend on this. I am root user throughout this. You can sudo every command, but that gets old for me.

Get the latest source

ffmpeg1304-1

Go into the clone source and configure with H.264 support

ffmpeg1304-2

ffmpeg1304-3

 

The make will take a while because of the H264 support.

ffmpeg1304-4

make install will be a breeze.

ffmpeg1304-5

And it’s just that easy.

ffmpeg1304-6