Wilmer's stuff

Wilmer van der Gaast blog@wilmer.gaast.net 2010-08-08T13:31:06Z 2010-08-15T03:11:51Z http://wilmer.gaast.net/blog/wfwcomment.php?cid=65 0 http://wilmer.gaast.net/blog/rss.php?version=atom1.0&type=comments&cid=65 http://wilmer.gaast.net/blog/archives/65-guid.html Burn all spammers!

I have a habit of always having a tail -f /var/log/mail.log running on my mailserver somewhere. It's noisy, but has been useful in the past. Over the last weeks/months, I noticed open relay probes are getting incredibly popular (again), but also extremely aggressive. They're frequent, done by hundreds of botnet drones all the time.

Obviously my Postfix is configured properly, so this is mostly a waste of (fairly scarce, on a DSL box several km away from the exchange) bandwidth and annoying noise in the logs. But getting rid of it is harder than I hoped. :-(

This is what I have now: iptables -I FORWARD -p tcp --sport 25 -s 192.168.0.0/16 -m string --algo kmp --string '554 5.7.1 <' -j REJECT --reject-with tcp-reset

This works as-in it kills the connection as soon as my mailserver sends a "554 5.7.1 Relaying denied" response. The REJECT goes to the mailserver, but together with the tcp-reset this also kills the TCP connection on both sides fairly quickly. However, the little fuckers are also using pipelining, so I still get a screen full of logspam for pretty much every attempt. Although this is mostly cosmetic, I'd love to get rid of that crap..

What I really wonder is, WTF are they even doing this? Are open relays really still that common? Don't they have their botnets already? I guess the open relays are nice multipliers and are also more willing to deal with stuff like graylisting...

[edit]Looks like "554 5.7.1" is not just about "relaying denied", so possibly not such a great idea. Don't try this at home!

Wilmer van der Gaast blog@wilmer.gaast.net 2010-06-10T22:43:23Z 2010-06-10T23:09:34Z http://wilmer.gaast.net/blog/wfwcomment.php?cid=64 0 http://wilmer.gaast.net/blog/rss.php?version=atom1.0&type=comments&cid=64 http://wilmer.gaast.net/blog/archives/64-guid.html BitlBee, alive and kicking

As quin in #bitlbee said a little while ago, I stole someone's mojo and found an amazing amount of productivity when it comes to writing code, and it feels great. I'm quit relieved that I can still find plenty of time and motivation to work on BitlBee even though during the week I already spend a lot of time at the keyboard. This after not working much on it for probably at least a year.

I managed to finally do the IRC core rewrite + abstraction that I intended to do for so long already. It'll allow adding non-IRC frontends to BitlBee if someone ever wants to, and also the IRC core has the flexibility it needs to add many more features that I wanted for years already, and were impossible to implement without adding even more horrible hacks.

There's also a libpurple-based backend for a few months already, plus file transfer support (written by Uli Meis and Marijn Kruisselbrink actually, it just took me a long time to merge the >3000-line diff, fortunately Review Board did make it a lot less painful), all thrown into a bleeding edge branch called killerbee. It's code that needs a little bit more work before I really like it.

Also, BitlBee has Twitter support for about two months already (thanks to hard work done by Geert Mulders), and according to the application registration page on Twitter it has almost 500 users already. It's quite likely that many of those used it for five minutes and went back to a client with more features, but it's still nice to see.

Last of all, to help with the current lack/fragmentation of online documentation there's now a BitlBee Wiki. Its supposed to have easy-to-find docs about common FAQs, but the easy-to-find part isn't really working out yet since it hardly shows up in any search results. Hopefully this hyperlink from a high-profile weblog will improve that a tiny bit. ;o) Possibly the content is not that good yet either, so if anyone has something to add to it, by all means, please do!

With a 1.2.8 release coming up, BitlBee is totally alive - and is for almost eight years already. It's been a fun project to work on so far, and hopefully will be for a long time.

Wilmer van der Gaast blog@wilmer.gaast.net 2010-05-22T19:34:34Z 2010-05-22T19:47:55Z http://wilmer.gaast.net/blog/wfwcomment.php?cid=63 0 http://wilmer.gaast.net/blog/rss.php?version=atom1.0&type=comments&cid=63 http://wilmer.gaast.net/blog/archives/63-guid.html Sending files using netcat

There are plenty of articles about this already, but I couldn't find anyone who wrote a script to automate this simple task of transferring files using just netcat.

CODE:

wilmer@ruby:~/src/bitlbee/devel$ ncsend.sh /audio/03\ Tree\ of\ Life.mp3
nc 87.198.255.202 6886 | pv > 03\ Tree\ of\ Life.mp3

Run it and it will give you a command to run/copy-paste on the remote side/pass to the person who wants the file. It uses pv as a nice progress indicator, and the script assumes pv is available on both sending and receiving ends. But that's good, everyone should have pv installed on his/her machine.

I'd just include the code in this little article, but Serendipity would screw up the layout completely, so instead you can download it here.

Wilmer van der Gaast blog@wilmer.gaast.net 2010-05-05T22:35:07Z 2010-05-08T07:17:57Z http://wilmer.gaast.net/blog/wfwcomment.php?cid=62 2 http://wilmer.gaast.net/blog/rss.php?version=atom1.0&type=comments&cid=62 http://wilmer.gaast.net/blog/archives/62-guid.html Gotta love Unix hacks...

Forgetting your LUKS cryptopart password sucks. But writing a shell oneliner like this:

CODE:

for i in P{a,4}ssw{0,o}rd{-,}Permut{4,a}tions; do
echo -n $i > /tmp/pwd
cryptsetup luksOpen /dev/loop0 test --keyfile /tmp/pwd && echo $i
done

is awesome. :-) Took me only ten minutes to get it back once I had a copy of the superblock onto my workstation.