AntiAbuse headers in Sendmail

I sometimes look at the headers of incoming email to try and decipher where it came from, especially if it looks like a phishing attack or some spam. I’ve noticed that some have X-AntiAbuse headers along the lines of:

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - MyMailServer.com
X-AntiAbuse: Original Domain - MyVirtualDomain.com
X-AntiAbuse: Originator/Caller UID/GID - [42 12] / [42 12]
X-AntiAbuse: Sender Address Domain - SpammersDomain.com

It turns out that these headers are added by Exim, one of the common MTAs. So how do we reproduce them in Sendmail?

Unfortunately, it appears that you cannot have multiple headers of the same name in Sendmail – it simply overwrites them and you just end up with the last one, so I ended up adding the following to my sendmail.mc file before compiling it (m4 /etc/mail/sendmail.mc > /etc/sendmail.cf):
HX-AntiAbuse: These headers were added to track abuse, please include with any abuse report
HX-AntiAbuse-Sender-Domain: ${client_name} ${client_resolve}
HX-AntiAbuse-Sender-Host: $s (Derived from EHLO/HELO)
HX-AntiAbuse-Sender-IP: ${client_addr}
HX-AntiAbuse-Envelope-From: $g. From MAIL FROM Address ${mail_addr} Host ${mail_host} Mailer ${mail_mailer}
HX-AntiAbuse-Envelope-To: ${nrcpts} valid recipients including <$u>, ${nbadrcpts} invalid.
HX-AntiAbuse-RCPT-info: Address ${rcpt_addr} Host ${rcpt_host} Mailer ${rcpt_mailer}
HX-AntiAbuse-Receiving-Host: $j
HX-AntiAbuse-QueueID: $i

A full list of the predefined macros can be found in the Sendmail documentation for the configuration file. The X-AntiAbuse-RCPT-info may not produce results unless the rcpt_check ruleset is used, so can be left out.

Is my server hijacked?

I thought that my server had been compromised.

When working in China recently, I had run a proxy server on my server so that I could access gmail, twitter and facebook. Once I returned, I removed the program, but my site was extremely slow to load and looking at the Apache access_log, it appeared as though somehow the proxy was still operating. access_log was full of lines such as
111.240.242.26 - - [19/Apr/2012:03:36:03 -0600] "GET http://tw.myblog.yahoo.com/jw!lzXvOUmfHwXQIX.entxiWYw5ObQ- HTTP/1.1" 301 346 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
and 175.42.105.26 - - [19/Apr/2012:03:36:50 -0600] "CONNECT eu.battle.net:443 HTTP/1.1" 301 315 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0".

Luckily I found this useful script by David Ross on linuxquestions.orgwhich deciphers the access_log and error_log files. (It does not decipher all the response codes. You will have to look at Wikipedia or W3.org for full details of the codes)
#!/usr/bin/perl

# Start Config

$access_log = "/var/log/httpd/access_log";
$error_log = "/var/log/httpd/error_log";
$default_log = "error"; # access or error
$default_lines = "15";

# End Config

# Print the top of the page
print <<"EOF";
Content-type: text/html

<HTML>
<HEAD>
<TITLE>Viewing $in{'log'} log</TITLE>
</HEAD>
<BODY>
<H1>Log viewing options</H1>
<FORM method="get">
<TABLE>
<TR><TH>Log Type:</TH><TD>Error<INPUT type="radio" value="error" name="log">
  Access<INPUT type="radio" value="access" name="log"></TD></TR>
<TR><TH>Lines to show:</TH><TD><INPUT type="text" size="5" name="lines" value="$default_lines"></TD></TR>
<TR><TH>&nbsp</TH><TD><INPUT type="submit" value="Show Log"></TD></TR>
</TABLE>
</FORM>
EOF

# Get values from the query string (not many so we'll not use post)
foreach $pair (split(/&/, $ENV{'QUERY_STRING'})){
$pair =~ tr/+/ /;
($name, $value) = split(/=/, $pair);
$name =~ s/%(..)/pack("C", hex($1))/eg;
$value =~ s/%(..)/pack("C", hex($1))/eg;
$in{$name} = $value;
}
# If specific options were not given then use the defaults
if(!$in{'log'} && ($in{'log'} ne "access" || $in{log} ne "error")){$in{'log'} = $default_log}
if(!$in{'lines'}){$in{'lines'} = $default_lines}
&showlog;

print "</BODY></HTML>";

sub showlog{
print "<H1>Viewing $in{'log'} log</H1><TABLE border=1 width=90%>";
if($in{'log'} eq "access"){
open(LOG, "$access_log");
@line = <LOG>;
close(LOG);
$num = @line;
for($done=0;$done<$in{'lines'};$done++){
$num--;
($start, $request, $response, $ref, $other, $browser, $end) = split (/\"/, $line[$num]);
($browser, $end) = split (/ \(/, $browser);
($client, $other) = split (/\s/, $line[$num]);
($start, $end) = split (/\- /, $line[$num]);
($user, $bad) = split (/ \-/, $end);
($start, $end) = split (/\[/, $line[$num]);
($time, $line[$num]) = split (/\]/, $end);
if($response =~ /^ 200/){$resp = "OK!"}
if($response =~ /^ 500/){$resp = "Server error"}
if($response =~ /^ 404/){$resp = "Page not found"}
if($response =~ /^ 403/){$resp = "Authorisation required"}
if($response =~ /^ 401/){$resp = "Forbidden"}
if($response =~ /^ 400/){$resp = "Bad request"}
if($tm ne $time){print "<TR><TD colspan=4><HR></TD></TR>"}
print "<TR><TD width=35%><B>At:</B> $time
<B>User:</B> $client $user
<B>Browser:</B> $browser</TD>";
print "<TD width=65%><B>From page:</B> $ref
<B>Request:</B> $request
<B>Response:</B> $resp ($response)</TD></TR>";
$tm=$time;
}
}
elsif($in{'log'} eq "error"){
open(LOG, "$error_log");
@line = <LOG>;
close(LOG);
$num = @line;
for($done=0;$done<$in{'lines'};$done++){
$num--;
if($line[$num] =~ /^\[.*:..:.*\]/){
$line[$num] =~ tr/\[/ /;
($time, $typ, $cli, $info) = split (/\]/, $line[$num]);
}
else{$info=$line[$num]}
if($line[$num] =~ /\(2\)/){
$cli = "";
$info=$cli;
}
if($tm ne $time){print "<TR><TD colspan=4><HR></TD></TR>"}
print "<TR><TD width=100>$time</TD><TD>$typ</TD><TD width=50>$cli</TD><TD>$info</TD></TR>";
$tm=$time;
}
}
print "</TABLE>";
}

exit;
Simply save the code above as apache.cgi in the /var/www/html/cgi-bin/ folder and give it executable rights (chmod +x apache.cgi).

This revealed that my server was responding with code 301 to requests for battle.net and yahoo.com, meaning that the requested URI had permanently moved and the request should display my home page instead. This is by design, but obviously was not very healthy as I was getting a lot of these spurious requests and it places undue load on my server.

I therefore followed the instructions on Proxy Abuse to reconfigure the Apache server to deny requests for random hostnames rather than serving local content..
NameVirtualHost *:80
# Disable default host
#<VirtualHost *:80>
#</VirtualHost>
# Define new default host, which is denied to all
<VirtualHost *:80>
ServerName default.only
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
# Explicitly define previous default
<VirtualHost *:80>
ServerName www.example.com
ServerAlias www.www.example.com
DocumentRoot /var/www/htdocs
</VirtualHost>

My server now responds with a code 403 and does not pass the request through to PHP for processing, substantially reducing the load on my server.

No buttons in Adobe PDF Reader

I recently upgraded my Adobe Reader to version 10.1 )Adobe Reader X) and all the buttons disappeared, meaning that you could no longer zoom in or navigate your way around the document; it appeared that the only way to scroll through a document was using thumbnails if the document opened in a browser window or to download the document and open it in a standalone copy of Adobe Reader. Even the annoying buttons which used to appear in Adobe Reader 9 (if you had the mouse in the right place) no longer appeared. These changes rendered Adobe Reader useless for my purposes.

I also tried using right click on an open PDF file to edit the ‘Page Display Preferences’ and clearing ‘Allow documents to hide the menu bar, toolbars and window controls’ under Documents, but with intermittent results.

The solution is to press F8 every time you open a PDF in your browser.

Adding Google UK to Firefox

If you are running any version of Firefox, you may be getting frustrated that the Search Box (next to the ‘Awesome Bar’) only features Google, Yahoo, Bing, Amazon.com, ebay and Wikipedia by default.

I tried searching about:config for google and changed all references from google.com to google.co.uk, but without success. It turns out that the definitions are saved in XML files. You can either edit these directly, or install the necessary add-ons. I tried Get more search engines… from Manage Search Engine…, but was presented with a befuddling confusion of options. The two I ended up adding were Google UK- the web, which although marked as experimental is fault free, and always ‘.com’ which is the converse and forces use of google.com.

In Windows, the XML files for the default search engine are saved in %ProgramFiles(x86)%Mozilla Firefox\searchplugins while the custom definitions are saved under %USERPROFILE%\AppData\Roaming\Mozilla\Firefox\Profiles\???\searchplugins (where ??? is your profile)

The two add-ons are very similar in structure as can be seen from the XML code below:

<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"
                       xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortName>Google UK - the web</ShortName>
<Description>Search Google UK with "the web" selected - includes Google suggest</Description>
<InputEncoding>UTF-8</InputEncoding>
<Image width="16" height="16" type="image/png">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAYBQTFRFBi6DJDx5nZ2d1tTWxcXF9vL3+vn5wsPD3t7eq6qqlQgAuLi4iJCntra26ejpSll9OGbK/Pz8E0W0A1wE7/H17+7vCzui/Pv7CpAS2dnZlpaWElkR/fz7+ff3pKajs7CuA1QE8Pnv/v7+Z9Fo/v//z9DP5eLj//7/yMLAjaaN7oBwsrixmJidQF+kpKKiHUuy+Pf50eD99vLxu7m3/v3+wsTB0dHRtrKwAH0CE34Um5ubwcbV2yUJxxIAwLqybYS3AjappKejatNrycfIysrKQluURGm7X4DEk5qSmJeXMkRrk7LytNS37+Lgl9SbfoSU8Ori4N/gV37X//383eLkjpCPYHqz7OrruxEA1NDUMF68xsHCeHh40ouDi5rB4/DksrKy5p+W3dzdhoaG9/T2QotDGWsZGUev6/nrPrpE4Or96u72vLu6vr6+8OzuEki/8vnxCj+0yykT1i4WwQgA1RkAP23TwLy99/r39/P4eIy3BTqutlxV+IBt6+Xp////i74f3AAAAPlJREFUeNo8zGdXggAchfF/oBJiKijiwBGhZnvvsrK91ErNdpa2bE9b96vHqXO8757fi0urnpVwAc0t3kjIvPX9ZCVnQ24v+A81vW3CSp1d4Rj+YMaMk5cd6q+WxDqsP07SVEwDcD/rdfE16AfPlFSMxsXliCshv8P9RQ+LbgM2RgOBSnkN+jZJnwvXwNHgcm6pvXQGkTzSdF5F/KdYZNlsECDbuUTj0NQBRbEAFlDm8I5sqo9DihM03gdC4ZXSfdFjCE2Mn9MMwCZ13EYF3FT3T03GB666HcNyoz/LzDHiGAvqdc7zqR6YGE5hIQ+Bdj9a3+xx1PcrwAAh7UMvv/o9PgAAAABJRU5ErkJggg==</Image>
<Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&amp;client=firefox&amp;hl={moz:locale}&amp;q={searchTerms}"/>
<Url type="text/html" method="get" template="http://www.google.co.uk/search?q={searchTerms}&amp;hl=en&amp;btnG=Google+Search&amp;sourceid=Mozilla-search&amp;start=0" />
<moz:SearchForm>http://www.google.co.uk/</moz:SearchForm>
</OpenSearchDescription>

and

<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
	<ShortName>Google.com (in English)</ShortName>
	<Description>Google.com that doesn't default to local Google site when outside US, without restricting search to the English language</Description>
	<InputEncoding>UTF-8</InputEncoding>
	<Image width="16" height="16">data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAK
T2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AU
kSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXX
Pues852zzwfACAyWSDNRNYAMqUIeEeCDx8TG4eQuQIEKJHAAEAizZCFz/SMBAPh+PDwrIsAHvgAB
eNMLCADATZvAMByH/w/qQplcAYCEAcB0kThLCIAUAEB6jkKmAEBGAYCdmCZTAKAEAGDLY2LjAFAt
AGAnf+bTAICd+Jl7AQBblCEVAaCRACATZYhEAGg7AKzPVopFAFgwABRmS8Q5ANgtADBJV2ZIALC3
AMDOEAuyAAgMADBRiIUpAAR7AGDIIyN4AISZABRG8lc88SuuEOcqAAB4mbI8uSQ5RYFbCC1xB1dX
Lh4ozkkXKxQ2YQJhmkAuwnmZGTKBNA/g88wAAKCRFRHgg/P9eM4Ors7ONo62Dl8t6r8G/yJiYuP+
5c+rcEAAAOF0ftH+LC+zGoA7BoBt/qIl7gRoXgugdfeLZrIPQLUAoOnaV/Nw+H48PEWhkLnZ2eXk
5NhKxEJbYcpXff5nwl/AV/1s+X48/Pf14L7iJIEyXYFHBPjgwsz0TKUcz5IJhGLc5o9H/LcL//wd
0yLESWK5WCoU41EScY5EmozzMqUiiUKSKcUl0v9k4t8s+wM+3zUAsGo+AXuRLahdYwP2SycQWHTA
4vcAAPK7b8HUKAgDgGiD4c93/+8//UegJQCAZkmScQAAXkQkLlTKsz/HCAAARKCBKrBBG/TBGCzA
BhzBBdzBC/xgNoRCJMTCQhBCCmSAHHJgKayCQiiGzbAdKmAv1EAdNMBRaIaTcA4uwlW4Dj1wD/ph
CJ7BKLyBCQRByAgTYSHaiAFiilgjjggXmYX4IcFIBBKLJCDJiBRRIkuRNUgxUopUIFVIHfI9cgI5
h1xGupE7yAAygvyGvEcxlIGyUT3UDLVDuag3GoRGogvQZHQxmo8WoJvQcrQaPYw2oefQq2gP2o8+
Q8cwwOgYBzPEbDAuxsNCsTgsCZNjy7EirAyrxhqwVqwDu4n1Y8+xdwQSgUXACTYEd0IgYR5BSFhM
WE7YSKggHCQ0EdoJNwkDhFHCJyKTqEu0JroR+cQYYjIxh1hILCPWEo8TLxB7iEPENyQSiUMyJ7mQ
AkmxpFTSEtJG0m5SI+ksqZs0SBojk8naZGuyBzmULCAryIXkneTD5DPkG+Qh8lsKnWJAcaT4U+Io
UspqShnlEOU05QZlmDJBVaOaUt2ooVQRNY9aQq2htlKvUYeoEzR1mjnNgxZJS6WtopXTGmgXaPdp
r+h0uhHdlR5Ol9BX0svpR+iX6AP0dwwNhhWDx4hnKBmbGAcYZxl3GK+YTKYZ04sZx1QwNzHrmOeZ
D5lvVVgqtip8FZHKCpVKlSaVGyovVKmqpqreqgtV81XLVI+pXlN9rkZVM1PjqQnUlqtVqp1Q61Mb
U2epO6iHqmeob1Q/pH5Z/YkGWcNMw09DpFGgsV/jvMYgC2MZs3gsIWsNq4Z1gTXEJrHN2Xx2KruY
/R27iz2qqaE5QzNKM1ezUvOUZj8H45hx+Jx0TgnnKKeX836K3hTvKeIpG6Y0TLkxZVxrqpaXllir
SKtRq0frvTau7aedpr1Fu1n7gQ5Bx0onXCdHZ4/OBZ3nU9lT3acKpxZNPTr1ri6qa6UbobtEd79u
p+6Ynr5egJ5Mb6feeb3n+hx9L/1U/W36p/VHDFgGswwkBtsMzhg8xTVxbzwdL8fb8VFDXcNAQ6Vh
lWGX4YSRudE8o9VGjUYPjGnGXOMk423GbcajJgYmISZLTepN7ppSTbmmKaY7TDtMx83MzaLN1pk1
mz0x1zLnm+eb15vft2BaeFostqi2uGVJsuRaplnutrxuhVo5WaVYVVpds0atna0l1rutu6cRp7lO
k06rntZnw7Dxtsm2qbcZsOXYBtuutm22fWFnYhdnt8Wuw+6TvZN9un2N/T0HDYfZDqsdWh1+c7Ry
FDpWOt6azpzuP33F9JbpL2dYzxDP2DPjthPLKcRpnVOb00dnF2e5c4PziIuJS4LLLpc+Lpsbxt3I
veRKdPVxXeF60vWdm7Obwu2o26/uNu5p7ofcn8w0nymeWTNz0MPIQ+BR5dE/C5+VMGvfrH5PQ0+B
Z7XnIy9jL5FXrdewt6V3qvdh7xc+9j5yn+M+4zw33jLeWV/MN8C3yLfLT8Nvnl+F30N/I/9k/3r/
0QCngCUBZwOJgUGBWwL7+Hp8Ib+OPzrbZfay2e1BjKC5QRVBj4KtguXBrSFoyOyQrSH355jOkc5p
DoVQfujW0Adh5mGLw34MJ4WHhVeGP45wiFga0TGXNXfR3ENz30T6RJZE3ptnMU85ry1KNSo+qi5q
PNo3ujS6P8YuZlnM1VidWElsSxw5LiquNm5svt/87fOH4p3iC+N7F5gvyF1weaHOwvSFpxapLhIs
OpZATIhOOJTwQRAqqBaMJfITdyWOCnnCHcJnIi/RNtGI2ENcKh5O8kgqTXqS7JG8NXkkxTOlLOW5
hCepkLxMDUzdmzqeFpp2IG0yPTq9MYOSkZBxQqohTZO2Z+pn5mZ2y6xlhbL+xW6Lty8elQfJa7OQ
rAVZLQq2QqboVFoo1yoHsmdlV2a/zYnKOZarnivN7cyzytuQN5zvn//tEsIS4ZK2pYZLVy0dWOa9
rGo5sjxxedsK4xUFK4ZWBqw8uIq2Km3VT6vtV5eufr0mek1rgV7ByoLBtQFr6wtVCuWFfevc1+1d
T1gvWd+1YfqGnRs+FYmKrhTbF5cVf9go3HjlG4dvyr+Z3JS0qavEuWTPZtJm6ebeLZ5bDpaql+aX
Dm4N2dq0Dd9WtO319kXbL5fNKNu7g7ZDuaO/PLi8ZafJzs07P1SkVPRU+lQ27tLdtWHX+G7R7ht7
vPY07NXbW7z3/T7JvttVAVVN1WbVZftJ+7P3P66Jqun4lvttXa1ObXHtxwPSA/0HIw6217nU1R3S
PVRSj9Yr60cOxx++/p3vdy0NNg1VjZzG4iNwRHnk6fcJ3/ceDTradox7rOEH0x92HWcdL2pCmvKa
RptTmvtbYlu6T8w+0dbq3nr8R9sfD5w0PFl5SvNUyWna6YLTk2fyz4ydlZ19fi753GDborZ752PO
32oPb++6EHTh0kX/i+c7vDvOXPK4dPKy2+UTV7hXmq86X23qdOo8/pPTT8e7nLuarrlca7nuer21
e2b36RueN87d9L158Rb/1tWeOT3dvfN6b/fF9/XfFt1+cif9zsu72Xcn7q28T7xf9EDtQdlD3YfV
P1v+3Njv3H9qwHeg89HcR/cGhYPP/pH1jw9DBY+Zj8uGDYbrnjg+OTniP3L96fynQ89kzyaeF/6i
/suuFxYvfvjV69fO0ZjRoZfyl5O/bXyl/erA6xmv28bCxh6+yXgzMV70VvvtwXfcdx3vo98PT+R8
IH8o/2j5sfVT0Kf7kxmTk/8EA5jz/GMzLdsAAAAgY0hSTQAAeiUAAICDAAD5/wAAgOkAAHUwAADq
YAAAOpgAABdvkl/FRgAAAz1JREFUeNpMkF9olXUcxj+/3/ue9z1nZ+ePZ9OzP9mq/WlOtspYbkuW
Y5UuighjGnmTF2FFCiF1E2HdDLwICgtCIhGCEryYklOUrVDW6kqU1Olqc7H5nsN23HFnbue8f75d
HIoe+Nw8PM/F8yAigyJyY/iXO9nwCyMOO392Pv3uliMiTpBfcu73dDkuOJ5dxrVxVmyVXbD0jXlT
DyIi077vy/PvnRH2jkn40FUJvX5Rxq9mRUSkcPGC5EOG+CHEsxHXRlYsJQuWljlTT2ugslj0uLMs
6PVxzJiJm6jk1MQCAOHeXlZbmhAXtIASUPynShPwLdNgXSyCeIIEAhUWM/c8AIyQRTGRwgUMDQEQ
CKgAFPhmOWTwcmcNv5/PIVUV4AVUJ2wAfCfDX840MxsjrCQiGF5AbNklmXcJl3zMy1eybHtyAwd2
tTB26wpjU3kitmbvtjQA3144wbEdCbIdmynYJoYXUJ0vsWkqz8DEPKp6xxnn6Aet6d0vNhIE8P3o
XR5OV/Bce5Kvx3/k/fEvCB5LgdLgCQjlE5QiulTMKP3qJQe9nN6+UbG1Jc5nb3dihkLczEyz+fib
BHVRtGWDLyBSPkEEfAggo61oCKvlIUYLCYaGc/wxXQAgEYnR3tAKfqlc/j+eoDzBKAXotXyJoODS
UBunr7sJX0cBqI1Xc/aVI/RXPU1QWAa/XPoX/KDsHfpmynnp2br0M40RosYMy5nr3MtmqG/uxoi1
soZH/6mDjK9OYUSi5QmeD0rB/WJGiYjD2u30iaHtHDu9BMDZrx4wMpLip9nXGBwcpHegl/gnbajJ
IuzZAD9koSOC2tqYQdwl59fjbdLZjIx8+ajcHovIteEK2dKEHH0LeaK5RuYWF4Ut1cLjSE13s6j2
pKiuKtHn+ny9snhT5ZzrrCrY2Z+hqVFx8nSJtkc07xwOY5Yc/pz5G2xgqIHABNm/Him44Proypqu
8Ka2HhqT0PPGKvsOFNnVp5mcDdi/b43+3R+zGF9FZx+ATrIwP4eqj2FFIijLEnXp8m8He56qezc3
8dG6sfMng7pUQHebYvJukmv2h9R2DbBn6jDz2VmM+hSyUkJcXydSqdxox+dH/hkA78yKjAjpTX0A
AAAASUVORK5CYII=</Image>
	<Url type="text/html" method="GET" template="http://www.google.com/search">
		<Param name="hl" value="en" />
		<Param name="q" value="{searchTerms}" />
	</Url>
	<moz:SearchForm>http://www.google.com/</moz:SearchForm>
</OpenSearchDescription>

so it should be fairly simple to create a suitable XML file for any search engine.