AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20070126160449.0f1bb37d@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:onstor-exch02.onstor.net
NSV:
SSH:
R:<brian.baker@onstor.com>,<kevin.matthews@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
FMID:#imap/andys@onstor.net@onstor-exch02.onstor.net/INBOX	0	qp5ZJhM6b000000ad@onstor-exch02.onstor.net
X-Sylpheed-End-Special-Headers: 1
Date: Fri, 26 Jan 2007 16:05:59 -0800
From: Andrew Sharp <andy.sharp@onstor.com>
To: Brian Baker <brian.baker@onstor.com>
Cc: Kevin Matthews <kevin.matthews@onstor.com>
Subject: Fw: Undeliverable: Re: Versions of SSH and Sendmail
Message-ID: <20070126160559.51a2a3a3@ripper.onstor.net>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="MP_AmU/gl2d_A22Sv.12xewi1A"

--MP_AmU/gl2d_A22Sv.12xewi1A
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi guys,

I got this bounce, apparently from trying to send an email to
dl-cstech.  What gives?

Cheers,

a



Begin forwarded message:

Date: Fri, 26 Jan 2007 16:02:44 -0800
From: "System Administrator" <postmaster@onstor.com>
To: "Andy Sharp" <andy.sharp@onstor.com>
Subject: Undeliverable: Re: Versions of SSH and Sendmail


Your message

  To:      Michael Tracy
  Cc:      dl-cstech
  Subject: Re: Versions of SSH and Sendmail
  Sent:    Fri, 26 Jan 2007 16:02:39 -0800

did not reach the following recipient(s):

dl-se on Fri, 26 Jan 2007 16:02:39 -0800
    You do not have permission to send to this recipient.  For
assistance, contact your system administrator.
    <onstor-exch02.onstor.net #5.7.1>

--MP_AmU/gl2d_A22Sv.12xewi1A
Content-Type: message/delivery-status
Content-Transfer-Encoding: base64

UmVwb3J0aW5nLU1UQTogZG5zOyBvbnN0b3ItZXhjaDAyLm9uc3Rvci5uZXQNCg0KRmluYWwtUmVj
aXBpZW50OiBSRkM4MjI7IGRsLXNlQG9uc3Rvci5jb20NCkFjdGlvbjogZmFpbGVkDQpTdGF0dXM6
IDUuNy4xDQpYLVN1cHBsZW1lbnRhcnktSW5mbzogPG9uc3Rvci1leGNoMDIub25zdG9yLm5ldCAj
NS43LjE+DQpYLURpc3BsYXktTmFtZTogZGwtc2UNCg==

--MP_AmU/gl2d_A22Sv.12xewi1A
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C741A6.7532F980@onstor-exch02.onstor.net>; Fri, 26 Jan 2007 16:02:39 -0800
Content-class: urn:content-classes:message
Subject: Re: Versions of SSH and Sendmail
Date: Fri, 26 Jan 2007 16:02:39 -0800
Message-ID: <20070126160239.68a8319b@ripper.onstor.net>
In-Reply-To: <064e01c741a4$9ea51750$464da8c0@glasshousetech.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Versions of SSH and Sendmail
Thread-Index: AcdBpnh48RkTIZquSp+jaZZfA4g7UQ==
References: <BB375AF679D4A34E9CA8DFA650E2B04E0180959A@onstor-exch02.onstor.net> <063f01c741a2$85e4cbe0$464da8c0@glasshousetech.com> <064e01c741a4$9ea51750$464da8c0@glasshousetech.com>
From: "Andy Sharp" <andy.sharp@onstor.com>
To: "Michael Tracy" <mtracy@css.glasshouse.com>
Cc: "dl-cstech" <dl-cstech@onstor.com>
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----_=_NextPart_002_01C741A6.7532F980"

This is a multi-part message in MIME format.

------_=_NextPart_002_01C741A6.7532F980
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: binary

I assume you/customer means on the server (sshd).  I don't know if
there are any implications for other parts of the product, but you can
change the configuration file

/etc/ssh/sshd_config

and change the line

#Protocol 2,1

to

Protocol 2

(Uncomment and remove the '1') and restart sshd

find the pid for /usr/local/agile/sshd and kill it, then

# /usr/local/agile/bin/sshd

This will prevent the server from supporting protocol 1

Does this customer not have his filer(s) inside a competent firewall?

I would get clearance from CS before telling this to a customer,
however.

Cheers,

a

On Fri, 26 Jan 2007 18:49:28 -0500 "Michael Tracy"
<mtracy@css.glasshouse.com> wrote:

> Actually I see that in case 3587 that in the 1.3.2 release that they
> turned off listening on port 25 for sendmail.  Customer is ok with
> this.
> 
> But his followup question on SSH is about the SSH protocols:
> He wants version 1R1.5 disabled.   Only version 2.
> 
> Anyone know the SSH protocols?
> 
> Thanks!
> Michael
> 
> ----- Original Message ----- 
> From: "Michael Tracy" <mtracy@css.glasshouse.com>
> To: "John Rogers" <john.rogers@onstor.com>; "dl-cstech" 
> <dl-cstech@onstor.com>
> Sent: Friday, January 26, 2007 6:34 PM
> Subject: Re: Versions of SSH and Sendmail
> 
> 
> > Thanks John
> > yeah, I see that on my box, now
> >
> > There was an old case (3587) requesting
> > sendmail binaries earlier than version 8.13.5 contain
> > remotely-exploitable code that could send the program into a race
> > condition. Time Inc. requests a patch to bring our filers up to
> > sendmail version 8.13.6 or later. Preferably this patch would not
> > necessitate filer reboots
> >
> > For which defect 15468 was opened.
> > Anyone know if we have plans to increase our version past 8.10.1?
> >
> > Michael
> > ----- Original Message ----- 
> > From: "John Rogers" <john.rogers@onstor.com>
> > To: "Michael Tracy" <mtracy@css.glasshouse.com>; "dl-cstech" 
> > <dl-cstech@onstor.com>
> > Sent: Friday, January 26, 2007 6:22 PM
> > Subject: RE: Versions of SSH and Sendmail
> >
> >
> >> From BSD prompt you can query those components. There may be a more
> >> graceful/support savvy way to do it, but there is the info.
> >>
> >> # sendmail -d0.4 -bv root
> >> Version 8.10.1
> >> Compiled with: MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7
> >> NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SCANF SMTP
> >> TCPWRAPPERS
> >>                USERDB XDEBUG
> >> canonical name: g2r9.sc1
> >> UUCP nodename: g2r9
> >>        a.k.a.: g2r9
> >>        a.k.a.: [10.2.9.2]
> >>        a.k.a.: [127.0.0.1]
> >>        a.k.a.: [192.167.2.1]
> >>
> >> ============ SYSTEM IDENTITY (after readcf) ============
> >>      (short domain name) $w = g2r9
> >>  (canonical domain name) $j = g2r9.sc1
> >>         (subdomain name) $m = sc1
> >>              (node name) $k = g2r9
> >> ========================================================
> >>
> >> root... deliverable: mailer local, user root
> >> # ssh -v
> >> OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
> >> usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c
> >> cipher_spec] [-D port] [-e escape_char] [-F configfile]
> >>           [-i identity_file] [-L [bind_address:]port:host:hostport]
> >>           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option]
> >> [-p port]
> >>           [-R [bind_address:]port:host:hostport] [-S ctl_path]
> >>           [user@]hostname [command]
> >>
> >> -----Original Message-----
> >> From: Michael Tracy [mailto:mtracy@css.glasshouse.com]
> >> Sent: Friday, January 26, 2007 3:11 PM
> >> To: dl-cstech
> >> Subject: Versions of SSH and Sendmail
> >>
> >> Hey all
> >> Here's a quick question
> >>
> >> what version of ssh does onstor everon use?
> >> also what version of sendmail do we use?
> >>
> >> More importantly, how/where would I find that?
> >>
> >> Michael
> >>
> >>
> >
> > 
> 
> 


------_=_NextPart_002_01C741A6.7532F980
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.28">
<TITLE>Re: Versions of SSH and Sendmail</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=3D2>I assume you/customer means on the server =
(sshd).&nbsp; I don't know if<BR>
there are any implications for other parts of the product, but you =
can<BR>
change the configuration file<BR>
<BR>
/etc/ssh/sshd_config<BR>
<BR>
and change the line<BR>
<BR>
#Protocol 2,1<BR>
<BR>
to<BR>
<BR>
Protocol 2<BR>
<BR>
(Uncomment and remove the '1') and restart sshd<BR>
<BR>
find the pid for /usr/local/agile/sshd and kill it, then<BR>
<BR>
# /usr/local/agile/bin/sshd<BR>
<BR>
This will prevent the server from supporting protocol 1<BR>
<BR>
Does this customer not have his filer(s) inside a competent =
firewall?<BR>
<BR>
I would get clearance from CS before telling this to a customer,<BR>
however.<BR>
<BR>
Cheers,<BR>
<BR>
a<BR>
<BR>
On Fri, 26 Jan 2007 18:49:28 -0500 &quot;Michael Tracy&quot;<BR>
&lt;mtracy@css.glasshouse.com&gt; wrote:<BR>
<BR>
&gt; Actually I see that in case 3587 that in the 1.3.2 release that =
they<BR>
&gt; turned off listening on port 25 for sendmail.&nbsp; Customer is ok =
with<BR>
&gt; this.<BR>
&gt;<BR>
&gt; But his followup question on SSH is about the SSH protocols:<BR>
&gt; He wants version 1R1.5 disabled.&nbsp;&nbsp; Only version 2.<BR>
&gt;<BR>
&gt; Anyone know the SSH protocols?<BR>
&gt;<BR>
&gt; Thanks!<BR>
&gt; Michael<BR>
&gt;<BR>
&gt; ----- Original Message -----<BR>
&gt; From: &quot;Michael Tracy&quot; =
&lt;mtracy@css.glasshouse.com&gt;<BR>
&gt; To: &quot;John Rogers&quot; &lt;john.rogers@onstor.com&gt;; =
&quot;dl-cstech&quot;<BR>
&gt; &lt;dl-cstech@onstor.com&gt;<BR>
&gt; Sent: Friday, January 26, 2007 6:34 PM<BR>
&gt; Subject: Re: Versions of SSH and Sendmail<BR>
&gt;<BR>
&gt;<BR>
&gt; &gt; Thanks John<BR>
&gt; &gt; yeah, I see that on my box, now<BR>
&gt; &gt;<BR>
&gt; &gt; There was an old case (3587) requesting<BR>
&gt; &gt; sendmail binaries earlier than version 8.13.5 contain<BR>
&gt; &gt; remotely-exploitable code that could send the program into a =
race<BR>
&gt; &gt; condition. Time Inc. requests a patch to bring our filers up =
to<BR>
&gt; &gt; sendmail version 8.13.6 or later. Preferably this patch would =
not<BR>
&gt; &gt; necessitate filer reboots<BR>
&gt; &gt;<BR>
&gt; &gt; For which defect 15468 was opened.<BR>
&gt; &gt; Anyone know if we have plans to increase our version past =
8.10.1?<BR>
&gt; &gt;<BR>
&gt; &gt; Michael<BR>
&gt; &gt; ----- Original Message -----<BR>
&gt; &gt; From: &quot;John Rogers&quot; =
&lt;john.rogers@onstor.com&gt;<BR>
&gt; &gt; To: &quot;Michael Tracy&quot; =
&lt;mtracy@css.glasshouse.com&gt;; &quot;dl-cstech&quot;<BR>
&gt; &gt; &lt;dl-cstech@onstor.com&gt;<BR>
&gt; &gt; Sent: Friday, January 26, 2007 6:22 PM<BR>
&gt; &gt; Subject: RE: Versions of SSH and Sendmail<BR>
&gt; &gt;<BR>
&gt; &gt;<BR>
&gt; &gt;&gt; From BSD prompt you can query those components. There may =
be a more<BR>
&gt; &gt;&gt; graceful/support savvy way to do it, but there is the =
info.<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; # sendmail -d0.4 -bv root<BR>
&gt; &gt;&gt; Version 8.10.1<BR>
&gt; &gt;&gt; Compiled with: MAP_REGEX LOG MATCHGECOS MIME7TO8 =
MIME8TO7<BR>
&gt; &gt;&gt; NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SCANF =
SMTP<BR>
&gt; &gt;&gt; TCPWRAPPERS<BR>
&gt; =
&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; USERDB XDEBUG<BR>
&gt; &gt;&gt; canonical name: g2r9.sc1<BR>
&gt; &gt;&gt; UUCP nodename: g2r9<BR>
&gt; &gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; a.k.a.: g2r9<BR>
&gt; &gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; a.k.a.: =
[10.2.9.2]<BR>
&gt; &gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; a.k.a.: =
[127.0.0.1]<BR>
&gt; &gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; a.k.a.: =
[192.167.2.1]<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SYSTEM IDENTITY =
(after readcf) =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<BR>
&gt; &gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (short domain name) $w =3D =
g2r9<BR>
&gt; &gt;&gt;&nbsp; (canonical domain name) $j =3D g2r9.sc1<BR>
&gt; &gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (subdomain =
name) $m =3D sc1<BR>
&gt; =
&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp; (node name) $k =3D g2r9<BR>
&gt; &gt;&gt; =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; root... deliverable: mailer local, user root<BR>
&gt; &gt;&gt; # ssh -v<BR>
&gt; &gt;&gt; OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005<BR>
&gt; &gt;&gt; usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] =
[-c<BR>
&gt; &gt;&gt; cipher_spec] [-D port] [-e escape_char] [-F =
configfile]<BR>
&gt; =
&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [-i =
identity_file] [-L [bind_address:]port:host:hostport]<BR>
&gt; =
&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [-l =
login_name] [-m mac_spec] [-O ctl_cmd] [-o option]<BR>
&gt; &gt;&gt; [-p port]<BR>
&gt; =
&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [-R =
[bind_address:]port:host:hostport] [-S ctl_path]<BR>
&gt; =
&gt;&gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
[user@]hostname [command]<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; -----Original Message-----<BR>
&gt; &gt;&gt; From: Michael Tracy [<A =
HREF=3D"mailto:mtracy@css.glasshouse.com">mailto:mtracy@css.glasshouse.co=
m</A>]<BR>
&gt; &gt;&gt; Sent: Friday, January 26, 2007 3:11 PM<BR>
&gt; &gt;&gt; To: dl-cstech<BR>
&gt; &gt;&gt; Subject: Versions of SSH and Sendmail<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; Hey all<BR>
&gt; &gt;&gt; Here's a quick question<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; what version of ssh does onstor everon use?<BR>
&gt; &gt;&gt; also what version of sendmail do we use?<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; More importantly, how/where would I find that?<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; Michael<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;<BR>
&gt; &gt;<BR>
&gt;<BR>
&gt;<BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_002_01C741A6.7532F980--

--MP_AmU/gl2d_A22Sv.12xewi1A--
