Srcasm

I recently found while working on a Barracuda spam appliance that the person who set it up made a tiny mistake.  Now I’d be one to admit if it were me but I’m pretty sure it wasn’t this time.  They had all the steps right up until the second to last one.  Let me set the stage…

1. Three spam filters from Barracuda Networks spread out accross the globe.
2. All three have a similar configuration setup on them.  (Check for spam on the inbound and act as the primary, secondary and tertiary outbound relays for internal mail heading out to the wide, wide world we call the Internet.)
3. Setup allowed Relay IP addresses (internal mail servers, certain paging systems, even a multi-function printer or two).
4. Add the companies domain name to the list of allowed relayers…
5. Turn on the appliances and setup the MX records outside so we have a “fail-safe”, redundant, spectacular, awesome email spam fighting system!

Now, if you haven’t seen it yet, check step number 4 again.  See, in step 3 we set up the system so that specific servers were able to relay out through the device.  These IPs were entered in by either individual hosts or small subnets of systems that had rights to send out email to the outside world.  But in step 4 we then said that any email coming “from” the company’s domain (we’ll call it xyz.com) was allowed to relay as well.  That’s an issue because it’s fairly simple to both figure out what the company’s domain name is and then use it to start sending spam out from anywhere in the world.  Lets look at and example session connecting to a Barracuda spam appliance via SMTP: (Note: The bold lines are the commands that I wrote.)

220 spam1-svr.xyz.com ESMTP (d2f98b7a83b562327asdcjb25227d4f7)
HELO xyz.com
250 spam1-svr.xyz.com Hello laptop-lt [malicious.ip.from.outside], pleased to meet you
MAIL FROM:someone@xyz.com
250 Ok
RCPT TO:anotherperson@zyx.com
250 Ok
DATA
354 Start mail input; end with .
This is an email
.
250 Ok: queued as AAEDC3SKB1CE

The problem with allowing xyz.com to relay is that it takes precedence over the IP list that was setup in 3.  This means that with that first line (spam1-svr.xyz.com), a spammer knows what the local domain is.  Now all they need to do is start making up email addresses that may or may not exist in your domain and they too can use you as an open relay.

If you’re on a Barracuda box, the screen is located at Advanced->Outbound/Relay and looks like this:

Please, make sure that you’re not using the Senders With Relay Permission or Trusted Relay Host/Domain sections of the relaying tab.  Take the time to enter the IPs of the systems that need relaying and if you can, use LDAP lookups to verify that the sending email address is actually someone who exists.  You’ll thank me later — when you’re not blacklisted in 10 different systems and your users’ email can’t get through.

A friend of mine and I have rolled out the latest venture — a new blog at I Hate My IT Guy.  Now I know what you’re saying, “Another blog, oh boy!” (Please note: the sarcasm!), but this one takes a bit of a different approach.  We’re hoping to make it an interactive experience for both users and IT guys (people to be P.C.) to share their experiences, woes and loves of deal with or in an IT world.  Take a look at the excerpt from the about us page and share your insight from both sides of the fence:

 ”This is the beginning of the end of IT as you know it! Whether you’re fed up with your IT guys (people to be PC) bossing you around, telling you what you can and can’t do online, offline, in line and out of line, or you’re the IT guy who loves to do the bossing we want your input. Tell us what you do and don’t like about IT today and lets talk about it. We hope to shed some light on the myths and truths about what it is to work in IT and what it’s like to deal with the IT guy.”

Please, share your thoughts with us at the new site.

So as most people know I am a big fan of Google in most ways. I use their email (for multiple domains and a Gmail account), I’ve been known to use Google Docs, maps are one of their best features — and who could forget good ‘ol Google.com? I have to say that their sites tool is a little on the junky side but all-in-all, their services are great. I recently came across one that I had not seen or used before and now I’m in love. The kind of love that can not be split up by browser upgrades, computer changes or long-distance travel and it’s called Google Browser Sync (for Firefox only).

I’ve used different browser sync tools in the past but this one just blows the others away with its simplistic design, cross-platform capabilities and an online storage system that I have come to love very much. After a quick install (just like any other Firefox plugin) the browser plugin prompts you for your Google account info (no Google for your domain accounts that I know of) and then has you choose a unique PIN number. The PIN is to make sure that someone doesn’t just add the tool bar on a computer where you’ve saved your password. I’m also not sure if the PIN allows you to have multiple Google Browser Sync subsections (i.e. Sync computers A and B and then sync computers C and D). Once this process is done, you’re off to the races. Not only does it sync your bookmarks but it also does browsing history, saved passwords and even keeps track of your open tabs. This means that if you close Firefox on your work computer, go home and open it up, it’ll prompt you to see if you want to reopen those tabs! How great is that?   In addition, there is no user intervention required.  When you close down Firefox, the small window pops up for a second that shows you that it’s syncing your browser to Google.  That’s it.

I know that many of the security gurus out there will yell at me and say, “hey, what about what they do with that information?!?!?!?”  Well I’ll tell you what — If you can show me a simpler, clean and fast way of syncing browsers online without using a service like Google (who already knows who I talk to (email), what I’m interested in (search) and where I like to eat brunch (maps)) then I’d be happy to hear it and take a look.  For now, I trust Google with my info.  They haven’t steered me wrong yet and I’m hoping that they never do.

Please, let me know what you think of the browser wars, syncing your info, sending email or anything else under the sun.