Numb Your Mind

Vanity Top Level Domains - How To Block Them Using Sendmail

Oh the joy! More spam from those stupid ass new top level domains to scam people out of their money with worthless crap. By the time you are done reading this I am sure another TLD will sprout it's spam wings and flood your mail server with it's nonsense. Because the world is running out of TLDs so that someone can create hundreds of millions of bogus domains every day to harass us with. Yeah, that's a good sustainable plan. No, nothing to do with making money.

How do we get rid of this stupid shit? It's easy with Sendmail.

#cd /etc/mail

Edit the 'access' file and add the below list. I've sorted to make it easy to add more TLDs as they flood you with spam. This will be a weekly if not daily thing so get used to it. And yes, yes there is a .wang TLD.

#TLD Reject List
accountant REJECT
actor REJECT
airforce REJECT
attorney REJECT
auction REJECT
audio REJECT
blackfriday REJECT
christmas REJECT
click REJECT
consulting REJECT
dance REJECT
degree REJECT
democrat REJECT
dentist REJECT
download REJECT
enigneer REJECT
faith REJECT
forsale REJECT
futbol REJECT
gives REJECT
guitars REJECT
hiphop REJECT
hosting REJECT
lawyer REJECT
market REJECT
mortgage REJECT
ninja REJECT
party REJECT
photo REJECT
property REJECT
rehab REJECT
republican REJECT
reviews REJECT
rocks REJECT
science REJECT
social REJECT
software REJECT
tattoo REJECT

Save the file, make, restart Sendmail.

fail2ban - sendmail-auth - howto

This article is about fail2ban and preventing Sendmail brute force password attacks. Also known as fail2ban's worthless sendmail-auth configuration.

fail2ban comes with a completely worthless sendmail-auth filter.  It looks for a failure notification from Sendmail that most likely will never happen anymore as previously the brute force attack would make one connection and issue multiple AUTH commands.  This is no longer the case. The brute force attack makes one connection, issues an AUTH command then disconnects and re-connects. This never triggers the Sendmail "possible SMTP attack: command=AUTH" string.

So, what we need to do is something, anything that actually has some sort of real world value, like it actually working? That'd be helpful, right?

#cd /etc/fail2ban/filter.d/
#cp sendmail-auth.conf sendmail-auth.local

Now edit the .local file and replace the worthless regex

failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$

With this

failregex = \[<HOST>\] .*to MTA
            \[<HOST>\] \(may be forged\)
            \[<HOST>\], reject.*\.\.\. Relaying denied

Save the file, then we want to reload fail2ban

# fail2ban-client reload

Sendmail - How To Disable IPv6 When Sending/Relaying

Well, we learned how to configure Sendmail to send to a specific IP address on a per domain basis. However, how that Google and it's business service e-mail is now by default publishing IPv6 addresses for MX records, it's almost impossible to do a per domain setup.  We do not want to disable IPv6 entirely on the server, but Sendmail keeps sending out via IPv6. How the hell do you make it stop!  It's quite simple but just a refresher since this is a configuration that is out of sight and mind.  Remember that Sendmail is really two things. A Daemon (the part that listens for incoming mail) and a Client (the part that sends/relays/ e-mail). Naturally you have the DAEMON settings, but not the CLIENT settings.  So here we go.

I have only found one forum post regarding the proper solution to this problem.  It appears not to be properly documented and possibly this is changed behavior in a recent update. However, it does make sense.  Essentially you need to tell the IPv6 stack to use your IPv4 address.

Edit /etc/mail/

Look for

DAEMON_OPTIONS(`Port=smtp,, Name=MTA')dnl

Add below this line


Save the file, make, restart Sendmail.

Now, Sendmail will use IPv4 for it's CLIENT operations.

Windows 10 - DVD Play Back - History Doesn't Exist With Neck Beards.

With the Windows 10 release we are now getting a ton of neck beard ding dong click bait blog posts about it.  The big one making the rounds this week is how Windows 10 doesn't include the ability to play DVD's and how it's some sort of evil thing that Microsoft is charging money for the ability to do so.  DVD play back requires the MPEG2 decoder which requires a license.

Welcome to the No History Neck Beards.  Seeing as we will ignore the entire history of the Windows operating system.  Microsoft Windows has never included in the MPEG2 decoder.  It ALWAYS has been an add on.  The only Windows editions that included this were the Media Center Editions, in which you most likely paid just a little bit more for the license to the MPEG2 decoder.  It is possible that many pre-packaged computers from HP, Compaq, Dell had the decoder included because a third party DVD player was installed. Of course our savior neck beards won't differentiate from that.

Sendmail - How To Deliver To IPv4 Address Per Domain

More mail servers are now accepted e-mail via IPv6.  I have had a dynamically assigned IPv6 block on my Comcast Business account for awhile and I have let Sendmail decide what to use, and about 99.9% of mail is delivered via IPv4.  Just recently it appears Comcast has assigned an IPv6 MX record for their mail server. My Sendmail picked this up and now happily attempts to deliver the mail via the IPv6 address.  Unfortunately, it is immediately rejected due to the IPv6 address does not have a PTR record.  Of course Comcast Business is far behind on assigning IPv6 blocks so there is no way to get a static IPv6 block and a PTR entry.

How do I get Sendmail to deliver to the IPv4 address instead?  It's called the mailertable feature..  You will need this feature enabled in your file. Most likely it is already enabled.



Now you need to make an entry into the mailertable file with the domain and IPv4 address. In order to get the IPv4 MX address for the domain you can do so by using the host command. We first look up the main domain name to get the MX records. Then lookup the IPv4 address for the MX record.  We now have the IPv4 address to where we want to deliver the mail.

[root@superstar ~]# host has address mail is handled by 5 mail is handled by 5
[root@superstar ~]# host has address has IPv6 address 2001:558:fe16:1b::15

We now add these lines to our mailertable file.

/etc/mail/mailertable     esmtp:[]     esmtp:[]

Don't forget to issue make to update the db files for Sendmail to see the changes to the mailertable file. And then restart Sendmail.  It will now deliver to the specific IPv4 address. 

[root@superstar mail]# make
[root@superstar mail]# service sendmail restart
Redirecting to /bin/systemctl restart  sendmail.service

You bet there is a catch! If the IPv4 address changes, you will need to manually make the change.
That's it all there is to this. Sendmail is now delivering to the IPv4 address.

VLC - ProjectM - How To

Seeing as there is a mountain of click bait, I am writing this post to hopefully help people and answer the questions they have. Because there are no clear answers. To here it goes.

How do I get the menu in VLC ProjectM?

You can't. Hot Keys Do Not Work.

How do I skip a preset?

You can't. Hot Keys Do Not Work.

How do I...

Just stop asking questions about ProjectM for VLC. It barely works. You can't do anything with it other than turn it on and make small changes. It will not work with streams because it doesn't detect song changes so the default preset will play and never switch. If you want to use Milkdrop Presets, use a different program such as Winamp. If you wish to use VLC as the audio player, my recommendation is to use a separate visualization program and a virtual audio port program. The visualizations in VLC are minimal and most likely will never be implemented as the program wasn't intended for this type of use.
Update: It appears ProjectM has been removed from the v2.2.X of VLC. So that fixes everything.

Some stand alone visualization programs are VSXu Player and Plane9.

BlogEngine - mod_security makes it angry

I have noticed a lot of posts on the BlogEngine forum with users having a lot of problems within the Admin area. One even points out the 405 error which is one of the default errors of the Web Application Firewall mod_security. Which works great in IIS.  I suspect a lot of people are not aware that there is a version of mod_security for IIS.  And so, people constantly search for the solution to their problem when it's glaring them right in the face.  That is, if you know what you are looking for. Hence this post.  If you get a "405 Method Not Allowed" error, most likely the mod_security module is enabled.  I have found that the default rules that come with mod_security are pretty much incompatible with BlogEngine and I have to disable the module in order to get it working.  Otherwise you will need to disable a vast amount of rules in order to get the application functioning properly.  It will be a monumental task in creating a BlogEngine ruleset for mod_security. Hopefully some day in most likely an alternate universe will someone sit down and create a ruleset for it.

Updating BlogEngine 3.x - Errors Of The Ill Thought Out

When updating BlogEngine 3.x with the new updater you may run into some snags like I did.  There are some improvements, yet some are ill thought out unfortunately.  The first thing I ran into is that the Update process backs up your site. The problem with this is you may have a large amount of data in your media folder.  The backup process cannot handle more than a few megabytes of files in this folder until it will fail with an error on the 4th step as "The directory is not empty".  If you get this error, most likely you have too much data to backup in your media folder.  I had several gigabytes of video files in the folder which resulted in this error.  To correct the problem, back up your media folder and remove the files from it, then proceed with the update.  Once the update is completed you can put your media files back.

Also note that if you are using Chrome, once the update is complete, you may need to delete the browsing history and restart Chrome.  I had to do this in order to get the Administration menu working properly.

We Know You're Lying

People seem to not want to believe that there are technologically minded people, and those people have been around for a lot longer than they want to believe.  Time and again I come across individuals that prescribe to the idea that I can just make shit up about what I am doing online and it will be the truth.  Cause, you know, the Internet is magic and just works, or something.  It works because thousands of dedicated people slave behind computers and various network devices to make it work.  Those people, monitor and keep track of what their devices are doing to make sure they are doing what they are supposed to.  So, when those brilliant lying people say things like "I sent that e-mail last night!". "I called you multiple times over the week!". We know you are lying!  Every service on the Internet has meticulous log files that tell us what the service is doing and who it's doing it with. We trust the devices we use and maintain everyday over the lying asshole douche bag.  

Importing Video Tapes - DV Files and FFMPEG

I've been working on importing all my old VHS and 8mm video tapes into my computer.  It's always been fairly straight forward process of importing the video, originally when it was composite video being inputted it was in the form of an Uncompressed AVI file.  And then you'd convert it over to whatever media format you wanted.  Long ago I had chosen the Real Media file format. It had multiple bit rate encoding in a single file. This was required due to the various connectivity speeds everyone had back then.  From 28k Dialup to 1mbit connections.  It worked really well and then the Real Media format was pushed out for more wide spread and open source accessible media file formats. This is what happened with most of all the video files I had online.  They were all in some obsolete format and there wasn't anything that could convert the Real Media files.  Which in turn were low resolution already.

I had started importing my video tapes back in 2011 via Firewire port and the pass through option on my Sony video camera.  This worked really well and unfortunately that computer failed and the replacement one no longer had a Firewire port.  So, I finally picked up a Firewire port at the beginning of this month and began the process where I had left off.

When importing via Firewire the it creates DV files.  Back in 2011 one of my main things was for the Karvanek Conspiracy video files, I wanted to master them all in the new webm format, because I like to torture myself with bleeding edge technology and paint myself into a corner like I did with the Real Media.  This worked out great, but it was a fairly slow process of hand writing all the times for where to stop and start the webm encoding process.  I was using WinFF which is a Windows GUI for ffmpeg.  And I would do command line encoding using the latest version of ffmpeg at that time. Everything worked like a champ. Other than encoding in webm is insanely slow.

But, that is no longer the case now.  Trying WinFF and straight ffmpeg and any application that uses ffmpeg will now fail to encode DV video files that I am creating because the DV files will record tape drop outs and other events (like stopping and starting recording) as some sort of odd or error frame.  When ffmpeg detects these frames it will spit out a bunch of EOB errors and stop encoding. ffmpeg, WinFF, Xmedia Recode, Handbrake all succumb to this problem.  The only encoder I had installed on my computer was Microsoft Expression Encoder 3.  It was part of the whole Microsoft Expression suite as I use Expression Web to do HTML editing.  It is a real good encoder, it will do VC-1, H.264 and Smooth Streaming.  I've been encoding everything now in MP4 format and Expression Encoder 3 worked great, but it was slow. It would take an hour to encode 30 minutes of video.

I wasted a good day figuring out the problem with DV files and ffmpeg and realizing it was hopeless unless I wanted to patch the source code on a Linux box and do all my encoding on that.  Which seemed kind of retarded, wait, that is retarded.  This whole issue is retarded.  So I finally started looking into other encoder programs.  I found one that works like a champ with my DV files converting to MP4 and it will do WebM as well, but I haven't tested it out yet.  It's called Xilisoft Video Converter Ultimate.  It's only about $50 at the time of this post. It's worth the cost just in the time you will save searching total retarded non-sense.  The big surprise about this software is not that it worked converting the DV files, but it has code for both Nvidia and ATI graphics cards that will speed up MP4 encoding. The 30 minutes DV file that took an hour to convert using the old Expression Encoder 3, takes Video Converter Ultimate just about 5 minutes on my AMD A10 APU.  If you have a higher end graphics card I can imagine that time will go down considerably. So now my bottleneck is the actual importing of the video tapes and uploading them to You Tube.

The Super Fucking Ultra Shitty editor that comes with BlogEngine.Net refuses to allow me to enter a link over the Xilisoft name. You know, let's make a blog application for Microsoft's web server and go out of our way to make it not work with Internet Explorer.  So here is the manually typed in link;