Simple Mail Transfer Protocol Security

The main purpose for this site is (was?) my E-mail Security Site.

Disclaimer: This is my own personal site.  The opinions expressed here are my own and do not reflect those of my employer.

Do you think it's hilarious that the U.S. Air Force's air-gapped command and control network for piloting lethal drones was penetrated and a) The attackers didn't realize what they had compromised and b) The base staff fumbled the response? If so, you should buy a t-shirt so you can parade around at conferences, smugly congratulating yourself on your obscure sense of humor.

My new blog, powered by Blogsum, wherein I tell the world what's wrong with everything.

In similar news, people are really, really, really, really dumb.  Apparently a bunch of idiot two-bit web developers, clueless bloggers, and other security-ignorant folks have decided that Firefox3 properly warning people about dangerous websites is wrong.  I have written a blog post about it.

Scripts and Tips

In an effort to track ongoing DNS amplification attacks I have written a tool to monitor your BIND logs for amplification attack attempts.  There is also a script from OARC to collect and report on this data for further analysis.

Ever wish there was a useful guide to doing a Kickstart install of Linux via PXE boot? Yeah, me too. Unfortunately none of the documentation I found through Google, including that on the and websites, was very useful. None of it had a complete start-to-finish guide, and some of the stuff on the RedHat site was factually wrong. After spending 3 days figuring it out I wrote my own guide to save you time. Link to it so Google has a real guide.

The fastest way I've found to generate X509 certificates.
I can't stand how incredibly frustrating it is just to generate certificates and sign them.  After wasting the better part of a week on a particularly maddening problem that ultimately was caused by self-signed certs, I got motivated to save other people all the trouble that I went through.  Click the link above and never spend hours bashing your head on your desk due to certificates again (just remember that you need to export the cacert.pem and import it as a "trusted root" into whatever system needs to validate the certs you sign).

On a related note, the Keychain password for the X509Anchors keychain in OS X is 'X509Anchors' (no quotes).  Would it be nice if Apple documented this?  Yeah... It would also be nice if someone gave me a Ferrari.

Tool for discovering SSL/TLS ciphers supported by a secure site
I couldn't find any simple tools to audit the ciphers supported by a remote site, so I wrote my own.

How to net boot your way to new PROM on a SPARC box (AKA how to flash your PROM w/o Solaris).

On a related topic, how to kickstart a Linux box via PXE, because Red Hat's documentation sucks.

How to install Nessus on OS X
In case anyone else is frustrated by:
    libtool: warning: cannot infer operation mode from `/usr/bin/gcc-4.0'
Edit the Portfile in question and add a line:<tab>gcc 
I can't take credit, just helping publicize it (the fix probably applies generally to a lot of other Macports).

Cyveillance are evil-doers.  I wrote a blog post with a list of their IP addresses, so that privacy-loving can citizens protect their webservers.

* * * * * * * * * * * * * * * * * * * * *


I guess it was only a matter of time, but someone thought it would be funny to spoof my domain in a Joe Job attack.  If you would have turned SPF on for your e-mail servers, you wouldn't have accepted the crap in the first place.  Don't want to get spam that looks like it's from me?  Go configure your e-mail servers to do an SPF lookup!

The e-mail you're receiving is a poorly spoofed fraud.  Look at the received headers:
Received: from ( []) by (8.8.8/8.8.8) with ESMTP id TAA03008; Tue, 30 Jan 2007 19:07:57 +0800 (CST)
Received: from ( []) by (8.8.8/8.8.8) with ESMTP id TAA02384; Tue, 30 Jan 2007 19:07:49 +0800 (CST) <-- HMMM, HOW DID THIS GET IN HERE???
Received: from (HELO by with esmtp (82O01*N8=, .87,)

* * * * * * * * * * * * * * * * * * * * *

Random Stuff I Found Interesting for Some Reason

Due to the spectacular failure of yet another IBM DeskStar (AKA DeathStar) drive, this site was offline for about two years.
Thanks to Apple, the Mac Mini, and especially Internet Archive it is now back on-line!!!

This site © copyright 2003-2012 Brian Keefer.  Opinions expressed on this site are my own and do not reflect those of my employer.