Rook's questions

I'm trying to figure out why forged email is being delivered to major email providers (gmail.com, outlook.com) even though email is marked with an SPF hardfail. The email is also delivered to Microsoft Exchange, which is throwing a PermError for the same SPF record.

I am sending email using the SOME_DOMAIN.com domain, which defines a broken SPF record. The email is transmitted from my own IP address which is not explicitly listed in SOME_DOMAIN.com's SPF record. The SPF record for SOME_DOMAIN.com has the following three properties, the first two are a violation of the SPF RFC-4408:

1. Requires more than 10 DNS queries to resolve the entire SPF record, due to include:.
2. Syntax error in one of the SPF records, python-spf throws a parse error.
3. The SPF record contains both the rules ~all and -all, both saying that the set of all addresses should softfail and hardfail

Email sent to an outlook.com address impersonating admin@SOME_DOMAIN.com will contain the following error in the SMTP header of the delivered email. This email was delivered normally to the user's inbox:

Received-SPF: PermError (: domain of SOME_DOMAIN.com used an invalid SPF mechanism)

Gmail will also deliver the email to the user's inbox, but will throw a different SPF error:

spf=hardfail (google.com: domain of admin@SOME_DOMAIN.COM does not designate x.x.x.x as permitted sender) smtp.mail=admin@SOME_DOMAIN.COM

So what is going on here? Why is email being delivered despite an SPF hardfail? Does having a broken SPF record mean that other SMTP servers disregard the SPF entirely? Or is there something I'm missing here...

Wikipedia states that underscores are used by both Android and Microsoft Windows Systems in hostnames. My question is, what are these host names used for? Do you know list of these strange hostnames? Have you ever even seen one of these?

I am connecting to a VPN that is known to be malicious. Numerous machines on the network including the VPN server its self are all compromised. What precautions should I take to protect myself?

Security is a major concern. Every major Linux distribution uses signed packages. But the FreeBSD systems in the office downloading unsigned packages/ports via FTP.

Is there a solution that would allow me to securely update a *BSD on a malicious network?

I'm not talking about just blocking ports.

I remember finding a host that when I ran a normal tcp scan nmap hostname, nmap wouldn't return any meaningful results. It was having problems with timeouts. If I set the timeout value to something pretty low and set --max-retries 0 then it would work.

Does anyone know of a iptables rulesets that cause problems for nmap?

Is there a tool that will take the information from a DNS lookup like dig google.com and turn it into a bind configuration file? (In this case google.com is an example, i would be using a domain that I own, but i don't have access to the bind config file.)

I am on an ubuntu 10.04 system and I am building php 5.3.3. I can build a CGI version just fine, but when i try and build a .so with this command:

./configure --with-apxs2=/usr/bin/apxs2 --enable-so --disable-cgi

I get this:

Notice: Following unknown configure options were used:

--enable-so

So how do I build a .so with 5.3.3?

So lets say I'm executing a command on the CLI and it spawns a GUI and I forget the & at the end. Now I want my shell back, so I hit a ctrl-z but the GUI locks up! Is there any way to do a ctrl-z without locking up the GUI? I am using Linux with a bash shell, xorg and gnome. This is an Ubuntu system.

On a *nix system I can use a chroot to isolate two processes from each other and from the rest of the system. Is there any similar security system under windows? Or is there any way to prevent two processes from reading/writing to each others files?

EXT4 is not a solid state file system. It won't take full advantage of the hardware and it will ware out the drive. So what is the best Solid State File System for Linux? I am looking forward to ButterFS (btrfs), but its not suitable for production systems. I'm also interested to know why you like a particular ssdfs.

I am using RHEL5 and yum is missing many packages, such as apache, php, and all php libraries . I have added the rpmforge repository, but i am still missing these packages. This is an i686 machine and there might not be many i686 packages available, I think that if i force an i386 i'll have serious problems.

How do I make sure I have a large number of compatible packages on a RHEL5 system? I didn't install this system, is it normal for RHEL5 to have virtually no useful packages in yum? How do RHEL5 administrators use yum without introducing conflicts with currently installed packages? Should I ditch yum and use apt?

Thanks!

When I do an nmap -sV 127.0.0.1 -p 22 of my system I get the following information:

SF-Port22-TCP:V=4.62%I=7%D=11/9%Time=4916402C%P=i686-pc-linux-gnu%r(NULL,2 SF:7,"SSH-2.0-OpenSSH_5.1p1\x20Debian-3ubuntu1\r\n");

How do I go about chaining these two pieces of information? i686-pc-linux-gnu and SSH-2\.0-OpenSSH_5\.1p1\x20Debian-3ubuntu1.

I am using gmail as my email provider for a domain name that I control. I want to send email from my dedicated server that is being hosted by a real hosting company and I don't like the 500 message per day cap. To address this issue I would like to run postfix to only send email, i would prefer if incoming port 25 blocked by my firewall. I can send email, however google marks all messages sent with postfix as SPAM. How do I make sure that people know email sent with postfix is valid?

Is it possible to use SFTP on Linux and restrict a user account to ONE directory such that no other directory listing can be obtained? Yes, I must use SFTP, FTP is only used by people that love getting hacked.

For instance I want someone to modify files in /var/www/code/ but I don't want them to be able modify anything else. I don't even want them to see the contents /tmp/.

(I will accept a "quick and dirty" solution, as long as it is secure.)

How can I make it appear as though I'm not running Apache? I figure the best way is to appear as though it is another type of httpd, like lighthttpd or iis. I know that by using mod_security you can change your server signature into anything:

SecServerSignature "Microsoft IIS"

Does anyone know of other tricks in obscuring the HTTPD being used?

How can I use mod_rewrite to remove everything after the ? (question mark) in a URL?

For instance:

http://127.0.0.1/ALL_FILES.php?test=1

after mod_rewrite:

http://127.0.0.1/ALL_FILES.php

For php this means that the $_GET super global will always be empty.