Rod's questions

I have this little proxy that i run with privoxy on my server, basically to take advantage of my server's static IP to connect to my office's VPN.

I'm using it on a, let's say, uncommon port without authentication, an open proxy. As my SysAdmin says, Security Through Obscurity isn't something i want to relay on.

I did a search on privoxy docs and wasnt able to find anything related to user authentication, my question is: there's a way to archive this with privoxy? If not, can anyone suggest something easy to config and light privoxy?

Thanks.

I have a bunch of domains as relay domains at my sendmail config, i noticed that some dirty botnet is using dns spoof to be able to send emails using those relay domains.

How it works:

a domain zzz.xxx.tld resolves back to 127.0.0.1, when my server tries to resolve zzz.xxx.tld it falls back to 127.0.0.1 spoof!

Is there anyway to fix/avoid/block this? relaying only on specific server ips would be better?

Thanks.

I need an alternate for rotating logs on my server, everytime logrotate runs apache goes down for like 10-20 minutes, i'm not sure if this is right, but don't seem right for me.

Is there any alternate for logrotate on apache? That long time to rotate logs is unusual?

My setup is fedora core 9, apache 2.2.14

Thanks.

I have a sendmail + dovecot setup on my server, there are some "strange" emails on email queue. Every email must be sent from a authenticated user and those strange emails don't belong to domains hosted on my server. Due the rules on sendmail they won't be sent out but yet they still appearing on the queue list.

My question is, how do i track down which emails each user is sending out?

Thanks.

I've noticed a quick increase on smtp connections coming to my server, investigating it further i figured out that there's a botnet hammering my smtp server. I've tried to stop it by adding a rule at iptables:

-N SMTP-BLOCK -A SMTP-BLOCK -m limit --limit 1/m --limit-burst 3 -j LOG --log-level notice --log-prefix "iptables SMTP-BLOCK " -A SMTP-BLOCK -m recent --name SMTPBLOCK --set -j DROP -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --name SMTPBLOCK --rcheck --seconds 360 -j SMTP-BLOCK -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --name SMTP --set -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --name SMTP --rcheck --seconds 60 --hitcount 3 -j SMTP-BLOCK -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

That would avoid them from hammering "too fast", however the problem still, there's like 5 tries per second, it's going insane, i had to incrase the maximum number of childs of sendmail/dovecot. There's too many ips to filter out manually and simply changing the smtp to another port is not practical since i got many other clients on that server.

I'm using sendmail with dovecot, any ideas to have this filtered out more efficiently?