Italian Government mail servers STARTTLS support

After reading Antonio Prado’s Reverse DNS lookup for Italian Government’s mail exchangers post I got intrigued by the idea of checking how many of those Italian Government’s MX mail servers support STARTTLS.

STARTTLS “offers a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection” (Wikipedia) and, when it’s implemented on the MX SMTP server, it allows a STARTTLS-aware user’s outbound mail server to encrypt the traffic toward the recipient’s server.

STARTTLS User to MX mail server

Read more …

DNSSEC: ECDSA-aware resolvers seen by RIPE Atlas

A couple of days ago CloudFlare announced its public alpha release of their DNSSEC implementation. Since they are using the “recent” Elliptic Curve ECDSA P-256 (RFC6605) I wondered how many resolvers can have problems with signatures validation so I wanted to take a peek at the current situation as seen by the RIPE Atlas probes network.

Read more …

DNS_FROM_AHBL_RHSBL 2.699 on Spamassassin

The public DNSBL services offered by AHBL have been shutdown.

Services and programs which used dnsbl.ahbl.org, ircbl.ahbl.org and rhsbl.ahbl.org need to be updated in order to avoid false positives:

X-Spam-Status: No, score=0.789 tagged_above=-999 required=6
	tests=[BAYES_00=-1.9, DNS_FROM_AHBL_RHSBL=2.699,
	T_RP_MATCHES_RCVD=-0.01] autolearn=no

Spamassassin configuration, for example, needs to be fixed:

# cat /usr/share/spamassassin/20_dnsbl_tests.cf | grep AHBL
header DNS_FROM_AHBL_RHSBL    eval:check_rbl_envfrom('ahbl', 'rhsbl.ahbl.org.')
describe DNS_FROM_AHBL_RHSBL  Envelope sender listed in dnsbl.ahbl.org
tflags DNS_FROM_AHBL_RHSBL    net
reuse  DNS_FROM_AHBL_RHSBL

Comment that block or (at least) force a score zero for the rule in your local configuration:

# cat /etc/spamassassin/local.cf | grep AHBL
score DNS_FROM_AHBL_RHSBL 0

Integration of pmacct with ElasticSearch and Kibana

In this post I want to show a solution based on a script (pmacct-to-elasticsearch) that I made to gather data from pmacct and visualize them using Kibana/ElasticSearch. It’s far from being the state of the art of IP accounting solutions, but it may be used as a starting point for further customizations and developments.

I plan to write another post with some ideas to integrate pmacct with the canonical ELK stack (ElasticSearch/Logstash/Kibana). As usual, add my RSS feed to your reader or follow me on Twitter to stay updated!

The big picture

This is the big picture of the proposed solution:

pmacct-to-elasticsearch - The big picture

There are 4 main actors: pmacct daemons (we already saw how to install and configure them) that collect accounting data, pmacct-to-elasticsearch, which reads pmacct’s output, processes it and sends it to ElasticSearch, where data are stored and organized into indices and, at last, Kibana, that is used to chart them on a web frontend.

Read more …

Installing pmacct on a fresh Ubuntu setup

This is a simple, quick-and-dirty, copy/paste guide to install a great software, pmacct, on a fresh Ubuntu 14.04.1 LTS (Trusty Tahr) setup. I’ll use this simple setup as the basis for other related posts I plan to publish soon.

pmacct

Tl;dr: pmacct is a suite of tools to collect, filter and aggregate IP accounting data, which works with live traffic (libpcap), NetFlow v1/v5/v7/v8/v9, IPFIX, sFlow and ULOG.

A blog post is not enough to show the great features and possibilities that this tool offers, so I really recommend whoever may be interested to read author’s documentation on the official web site.

On a next post I plan to show some ideas to deploy pmacct together with ElasticSearch and Kibana, in order to build useful dashboards full of graphs. Add my RSS feed to your reader or follow me on Twitter to stay updated!

EDIT: the Integration of pmacct with ElasticSearch and Kibana post has been published.

Let’s start from a really simple setup here.

Read more …