Comcast leaves port 25 (usually SMTP) open on all it's cable modems by default. If Comcast detects "virus-like activity" coming from your cable modem it will shut down port 25 on your modem by sending a modified boot file to it. This will close port 25 to all incoming and out going traffic. You will then recieve the following email to your primary Comcast email account.
Customer Security Assurance Notice Dear Comcast Customer: Action Taken: In an effort to help prevent spam and ensure the security of our network and customers, Comcast has modified your modem's settings to prevent the sending of email on port 25. That is the default port email programs such as Outlook Express use to send email. We've taken this action because we may have detected virus-like activity from your modem or received reports from other email providers that mail from your modem generated complaints from their users. Please read this message to understand how this action may impact your ability to send email and what you should do next.
Mailing abuse@comcast.net will not get the block removed. They have a script that answers those emails. Calling the normal 1-800-COM-CAST number will not help. The customer service reps don't have the knowledge or access to modify the boot file of the cable modem. At least most of them don't. If you can find one that knows how to change the boot file on your cable modem the more power to you.
The only way to get the port unblocked is to call Comcast Customer Security Assurance at 1-856-317-7272. You will need to ask the technical rep to remove the block for you. They will do it and warn you that it can happen again at any time. Then they will suggest the more expensive business class account so that this will not happen again.
To try to keep this from happening again I have blocked port 25 outgoing on my firewall. Incoming is still open for any mail servers that I need to test (I know Comcast terms of service don't allow servers blah blah blah...). I'm still trying to figure out if some program sent mail out on 25 that I did not know about (not any more) or if mail coming in on 25 triggered it.
I would not mind if they put a block in port 25 going out of all the cable modems. That would keep all the zombies from sending spam out of their network. But blocking port 25 for incoming traffic is just stupid.
Even if someone ran an open mail relay on port 25 on their machine it could not send any mail out because of the port 25 would be blocked going out of the modem. Spam zombies decapitated. My only guess that they don't do this is the cable modems can only block a port in and out or nothing at all. When I think filtering I think in terms of stateful filtering. I guess cable modems can't do stateful filtering. It's probably cheaper ($$ and resources) and easier to not keep state and just straight block the port.
If they have all these machines looking for "virus-like activity" on their networks then put in a firewall upstream and just block all port 25 going out. If you have the resources to scan all the activity on port 25 to look for spam you have the resources to just do a easy block on 25 out. No scanning involved. O well.
Del.icio.us! | Digg Me! | Reddit!
This a quick and dirty setup of the Subversion version control system on CentOS 5. This setup will use the built in Subversion daemon as opposed to the popular Apache mod_svn module where check in's and check out's are done through http. For more information on Subversion please visit their website linked above or the fantastic free book Version control with Subversion.
This install is done on CentOS Linux 5. These steps should work on almost any Linux distro. It assumes you can install packages with yum from a repository somewhere. It will also let the svn daemon run on it's default port of 3690. Make sure your firewalls are open if you need to get to it remotely. Also, repo is short for Subversion repository.
Login to the machine as root or sudo to root (sudo su -).
Install subversion with yum.
yum install subversion
Make a user and group called svn to run the server as.
adduser -M svn -s /sbin/nologin
Make a directory to store the svn repositories. I'm going to use /disk01/svn in this example.
mkdir -p /disk01/svn
Optional step: Sync a remote svn repository if you have one. If not just move on to the next step.
rsync -av --timeout=30 --delete --rsh="ssh -c arcfour -l root" remotehost:/disk01/svn/ /disk01/svn/
If you did not copy other repos from elsewhere or just want to make another/new one do the following. Put in your repo name where the word repo is.
svnadmin create /disk01/svn/repo
Give the svn user permission to everything in the dir before starting.
chown -R svn: /disk01/svn
Let's start the svn deamon as the svn user. All repos are assumed to be in dir /disk01/svn.
su -m svn -c 'svnserve -d -r /disk01/svn'
That should have started the svnserv daemon. Check your process list (ps -aux |grep svnsrve). If everything worked put that line in the /etc/rc.local file so it will start on start up.
The configuration for each repo is in the file svnserve.conf in each repo's conf dir. It sets the access type allowed to the repo. repo is the name of the repo you want to change the config for.
Edit the file /disk01/svn/repo/conf/svnserve.conf.
The following file is an example of a simple but effective setup. Everyone has anon read access. Only people that have authorized can write. Authorization is done through the repo passwd file using built in authorization (this is discussed next).
[general] anon-access=read auth-access=write password-db=passwd
Save the file. You don't need to restart the daemon for it to take effect.
To add a user to svn you will add them to the Subversion passwd file. This is located in the repo's conf dir. repo is the name of the repo you want to change the password for.
Edit the file /disk01/svn/repo/conf/passwd
The following file is the format of the passwd file. It is just plain text. The format very important. Even a wrong space can mess it up. Make sure there are no spaces between user=password. One user=password per line. Add as many as you want.
[users] user1=password1 user2=password2
Save the file. You don't need to restart the daemon for it to take effect.
Here are some simple commands to test your new repo or possibly ones you copied over from another machine.
Copy a subversion repo directory
svn co svn://hostname/reponame/trunk
List the files in a repo
svn list svn://hostname/reponame/trunk/scripts
Get info on file in repo
svn info svn://hostname/reponame/trunk/scripts/filename
If you want an email update when a repo gets updated you can put this script in the repo's hooks dir. This script will run on each commit. Put the following shell script code into the file /disk01/svn/reponame/hooks/post-commit. Where reponame is the repo you want the emails for. You may have to rename the file in the hooks dir to post-commit as there is usually a default one or you can just make a new one.
REPOS="$1"
REV="$2"
REPOS_BASE=${REPOS##*/}
EMAIL_LIST="email1@hostname.org email2@hostname.org email3@hostname.org"
svn log --verbose -r $REV svn://hostname/${REPOS_BASE} | mail -s "Commit notice for repository ${REPOS_BASE}" ${EMAIL_LIST}
Del.icio.us! | Digg Me! | Reddit!
If you ever are on some windows machine or any OS for that matter and you can't remember exactly where it says the version of the OS then I have the site for you. It's called whatsmyos.com. Dead simple site. It uses your browser agent to tell you the OS your using and in the sections below it tells you how to find the version of lot's of different OS's. It even helps you find out if your using a 32-bit or 64-bit OS. Fast and to the point. I like it.
Del.icio.us! | Digg Me! | Reddit!
