MIAB - A kind suggestion & Input after 3 months

John007 · May 30, 2020, 11:36pm

I have MIAB installed with quota on UBUNTU 18.04 LTS.
Running two domains for past three months. Works just beautifully and I have no complaints. In fact, this is probably one of the most well kept, and tightly integrated setups out there.

I have just one recommendation for Josh. Something to ponder on as a suggestion:

Primary reason lot of us come here, is becuase we want to get away from services like GMAIL or HOTMAIL
Manage our own servers, and have more security and more control over our mailboxes, calendars and contacts
Have robust analytics (MUNIN works great)

For me, security of a Linux system being the biggest reason.

In recent years, Ubuntu from Canonical have had some buzz around the Internet, for not so reputable security practices. Some people in the industry have even blamed Ubuntu for having “spywayre” (their choice of words), because they chose to have proprietry, non-free software bundled in.

After hearing all these concerns, I ran some tests, and found an interesting behaviour. This is purely an observation, everytime I do a search for files or anything indexed in the LTS, I see the OS making a connection back to Canonical and senidng that search string to them. While I understand that they want to make their package better, I don’t like that it does this as a default behaviour. I really don’t wish for all my search strings to be passed to Canonical and I worry about Ubuntu’s practice for Propreitry Software.

Having said that, and since security and having OPEN SOURCE software is my major concern, I would like to submit a use case, that another version of MIAB be also published, where your scripts can work on some of the other Open Source Operating Systems. Maybe start off with DEBIAN and / or OpenBSD.

Before anyone states, you don’t have to use MIAB. Yes, ofcourse I don’t. There are other options available. The reason I’m making this case is becuase MIAB is absolutely awesome, and it a great package to anyone with basic SysAdmin knowledge, get it up and running ASAP.

This is purely a suggestion, and I feel it would be beneficial to the community.

Another option would be, if someone in the community with enough knowledge wants to FORK it.

Lastly, if there is enough interest, maybe we can pool in some $$$ for Josh to help get this rolling?

Sincerely,
Johnny

JoshData · May 31, 2020, 1:15pm

Just to be sure, you’re not saying this is a security problem in Mail-in-a-Box, but in desktop Ubuntu, right?

I don’t have any time (or, candidly, interest) for creating a second mail server project for another base system — I spend enough time just maintaining what we have. And because of the security ramifications, I can’t put my name or the Mail-in-a-Box name (so long as I’m the primary maintainer) on a project that I am not involved in. So, the answer is no.

But I have no problem with forks (so long as the Mail-in-a-Box name isn’t used), so of course please feel free to build what you want to see in the world and steal as much knowledge from the Ubuntu scripts as you can!

John007 · June 1, 2020, 1:50pm

Hi Josh,

Yes, that behaviour was noticed on even the most Fresh base install of Ubuntu, without any other application installed.

Ok, I completely understand where you are coming from. You have done a great service to the community by creating this amazing service.

Hopefully there can be some momentum on this. If someone is open to building a fork (as I don’t have suck knowledge), I’ll pledge to support financially.

alento · June 1, 2020, 2:55pm

Server or desktop version?

John007 · June 1, 2020, 4:18pm

Server. I haven’t used desktop

sander-schippers · June 3, 2020, 6:10am

How can you reproduce this? Which commands did you use? I’m eager to verify this.

alento · June 3, 2020, 3:15pm

Dear @John007

How exactly are you “doing a search for files or anything indexed in the LTS”? Please give a detailed step by step guide. Thank you.

John007 · June 3, 2020, 3:45pm

Sure,

So I have a pfsense at the border, running ntopng on it.

On the UBUNTU box (which has now been replaced with OpenBSD), I was doing a basic search. I was trying to look for a file.

find / f -name “filename*”

Originally, just a fluke, that I had my second monitor screen open on the firewall logs, and was monitoring something else.

I would see connections being made to Canonical servers (as reported by reverse DNS lookups)
I did not use any “Wire Sniffing” to open and inspect the packets, but that got me concerned. I tried several times different search parameters, searching for different filenames, and the timing was connected. That is while searching for filenames, the outbound connections were being established. I didn’t have auto updates enabled.

I considered that my box may have been possibly compromised. I reinstalled fresh on another machine, and saw the same behaviour. That’s when I started doing search on Ubuntu and saw some buzz on the internet about Canonical and their Non-Free software. That got me more worried.

Albeit, most of the buzz talks about this behaviour on the “Desktop” version of the Ubuntu, but it made my concerns go a little deep. I don’t have a solid proof, neither am I technically capable enough to find such evidence, but instead asked a few sysadmins that I know in the financial and banking industry, and they mentioned that they either use Debian or OpenBSD and recommended those two to me for better inherent security.

Hope that helps.

sander-schippers · June 4, 2020, 1:46pm

Hello John,

I didn’t dig too much further into it, but when you do a find / f -name “filename”, you start a find over all the file systems, including the proc filesystem. This part is probably causing the strange connections.

If you run find trough the strace command, you can see that also socket files and other things are opened.

hope this helps,

When you do a find on /home or /usr, this doesn’t occur

system · July 30, 2020, 11:36pm

This topic was automatically closed after 61 days. New replies are no longer allowed.