Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 14, Number 8 - August 1998

Contents:


August 20th CACTUS Meeting


About August's Presentation

John Quarterman is the president of Matrix Information and Directory Services, Inc. (MIDS) that produces a variety of statistical reports concerning Internet performance. John will will discuss Internet monitoring and the Internet Weather Report (IWR) that are featured at the MIDS web site (http://www.mids.org/). These reports are produced using UNIX-based systems, with Perl scripts and the Berkeley database API used to organize the data.


From The Editor

by Gil Kloepfer

Some errata for this month...Please note that the speaker for the August meeting is correct. Unfortunately, John Quarterman had some unforseen plans that made it necessary to postpone his presentation until this month. We hope to see you all there.

Of the responses I have received, only one person has indicated a desire for a paper newsletter. A CACTUS officers meeting will be forthcoming, and at that time I will recommend that we discontinue printing the newsletter on paper. If you wish to continue to receive the newsletter and you are not already getting it via e-mail, please make sure that you send an e-mail message to newsletter [at] cactus <dot> org indicating that you wish to receive an e-mail copy.


July Meeting Report

by Ron Roberts

Twenty-six members attended the July meeting. Jack McKinney lead off with officer introductions. Kristi Lee, our program chair announced that John Quarterman of MIDS was on for August, and John Sullivan from WHAM was scheduled for September. Since the July program had a change of plans at the last minute, the meeting was a group discussion. Kristi also passed out a sheet of job listings for her company, CTG.

Gil Kloepfer announced that the newsletter had arrived on Wednesday, the day before the meeting. Seems that only Rodger, our Webmaster, has requested a hard copy version in the future. Johnny Long, our treasurer, took care of the pizza, and announced that CACTUS is still solvent. We've been averaging a balance of around $10,000, with most of our expense being the hard copy newsletter.

Membership chair Lindsay Haisley apologized for accidentally removing a member who Tom Painter had made a special effort to get an account for. He then explained the account policy. A few months after expirations, you'll get email. After six month's of expirations, he changes the password for the account. After one year, he'll remove the account. Lindsay also mentioned that he's looking at converting the membership database to something more robust, like postgress or mysql.

Jack McKinney then began the discussion by describing what he thinks the purpose of CACTUS is. A free-for-all soon ensued, but it was congenial, and most folks were in general agreement. There was only the usual amount of Micro$oft bashing. What really got the members attention was the suggestion of replacing or augumenting the CACTUS.ORG SparcII with other hardware and flavors of UNIX. The membership even thought it to be okay to spend some of the treasury to acquire more hardware. Location is the key issue, but several members promised to inquire with friendly ISPs about space and connectivity in return for sponsorship.

Even without a program, the discussion lasted lasted almost until 9:00 pm, and there was pizza to spare.


CACTUS.ORG System News

by Lindsay Haisley

July and August have been quiet months for work on cactus.org, but with summer drawing to a close and all of us who are working on it back in Austin, various projects will start to move forward again.

A good deal of work in July centered on cleaning up hundreds of old accounts, many of which were for members whose CACTUS memberships lapsed in the early '90s. There's still a lot of work to do on this front, but we've definitely made headway, as you've noticed if you do a df -k on the system and notice the additional space in /home that's been made available.

Immediate plans call for an update of perl and of apache, both of which are quite old. The perl update is a prerequisite for installing mysql, an excellent database server, to which we plan to migrate our membership records.

For many years cactus.org has been home to Jim Knutson's Air Warrior game ftp archive which occupied many megabytes of drive space, and in July we finally made the necessary arrangements to remove the archive from the system, putting the entire archive on a CD and delivering it to Jim after making contact with the community of folks who still enjoy playing the "classic" version of the game. The additional space will hopefully be made available for additions such as emacs and trn for which we've had requests, although this may involve some repartitioning and reallocation of existing drive space.

The most exciting news on the online front is our progress in our plans to put up an additional system to supplement our SparcII. Discussion at this point centers on an Intel- based system running either Linux or FreeBSD. The best news is that Outernet Connection Strategies has agreed to colocate the system for us at their Austin facility in exchange for a sponsorship. A CACTUS officers meeting is planned in the next few weeks to discuss details of the addition and to formulate plans to move forward with it. Membership comment on the project is most welcome since this machine is for everyone in CACTUS. Comments can, as usual, be sent to admin [at] cactus <dot> org.

We are still discussing the details of the move from a paper newsletter to a combination of an email and web-based newsletter, run from our web server and our ezmlm mailing list manager. So far we've encountered little objection to the move, and before the end of the year we should have all the details worked out and the transition should be complete. We need to make sure that we have valid current email addresses for all current CACTUS members, and will be working to update our online membership database with this information prior to making the transition.


Making The Move To Sendmail 8.9

by Gil Kloepfer

Like most of us, you've probably been buried in an endless pile of work and may not have noticed that a new version of sendmail has been released. Sendmail 8.9 (currently 8.9.1) provides a number of important enhancements and changes that should motivate you to look at implementing it at your organization if you are currently using sendmail. Among these changes are improved SPAM rejection capability, third- party relay prevention by default, a number of security fixes (including a more paranoid file permissions check), and support for LMTP-capable mailers. Those who implemented the sendmail rulesets I discussed at a previous CACTUS meeting will be pleased to find that these are now essentially built-into the new sendmail 8.9 rulesets, with more expanded functionality.

There are many reasons to make the move to sendmail 8.9. Anyone who is running a version of sendmail prior to version 8.8.6 should definitely upgrade sendmail as soon as possible. There are known security problems in these earlier versions of sendmail. However, the most important reason to upgrade is the integrated anti-relay support in the new rulesets, that were not available prior to version 8.9. The anti-relay rulesets will prevent your organization's mail system from being used by spammers to propogate their electronic junk-mail to thousands of unsuspecting receivers "on your dime." These unscrupulous practices have cost many sites hundreds of man-hours of time by their system administrator to deal with the resulting mail system clogs and the fallout from angry recipients who mail-bomb your site in protest. In addition, many sites are now (rightfully or not) blacklisting systems that relay these junk e-mail messages. This can prevent your users from reaching potiential customers, and possibly cause irreversable damage to your organization's reputation. The README file that comes with the new configuration macros outlines, in detail, how to construct a configuration file that properly rejects outside relaying, while still allowing your site to provide MX (mail exchange) services for other domains.

Some other features that are mostly spam-control-related are default blocking of mail from invalid domains, a pseudo- database that can consist of a regular expression, header- based rulesets, and support for the Realtime Blackhole List (RBL) presented by Chip Rosenthal at a past CACTUS meeting. The invalid domain checking has been handled much better than in the past -- temporary DNS failures are now rejected using a 400-series code (temporary failure, requeue) rather than a 500-series code (reject the message). It also considers host and wildcard MX records in the check, to further enhance its reliability. The regular-expression (regex) psuedo-database is useful for weeding-out messages who's usernames consist of all numbers, like many junk e- mail messages contain. A helpful example of this is also described in the configuration file README. The header- based rulesets can accept/reject mail based on items in the header portion of the mail message. This will not prevent the mail message from reaching your system, but it can prevent your users from receiving mail with "friend [at] public <dot> com" in the "To:" header line.

A little-known item in sendmail 8 is the ability for a mailer to specify an alternate destination. In the mailer, you may use a list of hostnames separated by colons, and the mail message will be sent to the alternate host if the first one fails. An example where this would be useful would be where a site has two independent Internet connections (not multi-homed). The esmtp mailer could have $h:alternatesys in the delivery host (A=) option (this is handled through the m4 macro *SMTP_MAILER_ARGS in the configuration). In this example, if the mail could not be delivered by the central mail hub because the Internet link was down, it would forward the message to alternatesys, which could hopefully deliver the message through the alternate path. This does require careful planning and thought, but properly configured in conjunction with multiple MX records for incoming mail, this can provide an additional level of redundancy in the e-mail system.

Finally, there are people who delay updating their version of sendmail because they're afraid their highly-visible e- mail system will somehow fail and users will become enraged. This is not an unreasonable fear. I have learned to test the mail system by setting up a second sendmail with a second mail queue on a different TCP/IP port. I can then connect to this port and simulate incoming mail messages and determine that the headers, aliasing, and other delivery options work as desired. The test function of sendmail can sometimes help, but there's nothing that instills confidence better than a functional test. For more information on how to do this, take a look at the m4 variables confDAEMON_OPTIONS (you can specify Port= here), and QUEUE_DIR.

I have been running sendmail 8.9.1 at UT Applied Research Laboratories for a little over a week. The new sendmail has been working extremely well. Prevention of junk e-mail has improved. The reliability has been excellent. I feel that updating sendmail has been time well-spent. For more information about sendmail 8.9, see http://www.sendmail.org/.


Membership Report

by Lindsay Haisley

Thanks to the many CACTUS members who have joined or renewed their memberships during July and August. These include M. H. Kahn, Gil Kloepfer, Mark Scarboro, Anwar Payyoorayil, Dee Booth and David Huang. Our current membership stands at around 65 members.


Membership

To renew your membership, please send check or money order payable to CACTUS ($25/yr for regular membership and $96/yr for corporate sponsorship):

CACTUS
PO BOX 9786
AUSTIN, TX 78766-9786

You can also pay in person at the general meetings. The date on the upper right hand of the newsletter mailing label indicates when your membership expires. Please direct any inquiries or address changes to membership [at] cactus <dot> org.


CACTUS Officers


Contact Information


CACTUS Sponsors


CACTUS Meeting Location: Applied Research Labs

CACTUS meets on the third Thursday of each month at the UT Applied Research Labs (ARL) in the JJ (Jake) Pickle Research Campus (JJ PRC). We'll meet in the main auditorium located directly behind the guard's desk and main lobby.

Please do not show up earlier than 6:20 pm on the specified day. Enter through the main entrance at 10000 Burnet Road for ARL:UT. Tell the guard that you are here for the CACTUS meeting. You will be required to sign a log book, but not required to wear a badge. The guards will direct you to the auditorium entrance. Limited parking in the front of the building is available, but more extensive parking is available in the large parking lot just north of the ARL building. After 6:30 pm, all entrances to JJ PRC, except for the Burnet Road entrance, are closed and locked. You can still enter the parking lot in front of the ARL building. No parking tags are necessary after 6:00 pm. See maps for further details.

Online maps are available at:

As always, please leave the facility as you saw it when you arrived. So let's clean up all pizza and soda items before we leave. Thanks and hope to see all of you there.


Map to the Monthly CACTUS Meeting

                                            | |     ^
  <---- to MOPAC                            | |     |
                                            | |     | North
                                            | | B   | to Braker Lane
                             ---------------+ | U
                             -+ /-----------+ | R
                              | |           | | N
                              | +--------+  | | E
                              |  Parking |  | | T
                              |    Lot   |  | |
                              +----------+  | | R
                                            | | D
                     +------------+         | |
                     |            | +-------+ |
                     |            | |   +---+ |
                     |            | |   |   | | Rutland
                     |    ARL     | |   |   | +---------
                     |            | |   |   | +---------
                     |            | |   +---+ |
                     |            | +---+---+ |
                     +------------+         | |  |
                                            | |  | South
                                            | |  | to US 183
                                            | |  v