Re: Freebsd, postfix and push email
On Mar 28, 2010, at 1:36 AM, per...@pluto.rain.com wrote: Er, no. POP3 and IMAP are pull services, wherein the client polls the server periodically for any newly-arrived messages. IMAP, but not POP3, can be used to push, but the iPhone mail client doesn't support that as far as I know. It does support being pushed to over Mobile Me, but not on regular IMAP. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Freebsd, postfix and push email
On Mar 28, 2010, at 3:49 PM, krad wrote: On 28 March 2010 21:38, Dan Nelson dnel...@allantgroup.com wrote: In the last episode (Mar 28), Ron said: Jeffrey Goldberg wrote: IMAP, but not POP3, can be used to push, but the iPhone mail client doesn't support that [...] So how is Mobil Me and Exchange Servers (MS, Zimbra, etc) doing it? For ActiveSync at least, the phone has to keep a TCP connection to the server open 24/7, and the server sends a notification when a new mail arrives. MobileMe probably works the same way. The IMAP protocol supports a similar notify on new mail option, but for some reason Apple doesn't use it in their client. My understanding is that Apple wants all persistent connections to the iPhone to go through them, so that there is only one connection. This is, putatively, for battery life issues. Every pushable client on the iPhone doesn't maintain its own TCP connection but works through an API and has to have their service approved by Apple. Apple made an exception for Exchange so that I could sell iPhones to businesses. For better information than my possibly misremembered speculation, you would do well to check iPhone developer communities. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Q: recommendation for external USB disk
On Jan 11, 2010, at 6:32 AM, Matthias Apitz wrote: Can someone recommend a good external USB disk for backups which works with FreeBSD 8.0 and has more than 512 GByte? Thx in advance Pretty much anything that you consider to be a reliable supplier will do. There are no specific FreeBSD requirements as far as I know. I recommend that you get a disk that is externally powered instead of with power supplied over USB. Earlier versions of FreeBSD had problems with USB connected devices. In particular if they were removed or powered down without dismounting, this could lead to a kernel panic. This problem has been fixed, but I still am extra careful with my USB backup disks: (1) Power for the back-up disks should be on a UPS (2) umount the file systems on the back-up disk when not in use. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: spamassassin Y2010 bug
On Jan 3, 2010, at 2:10 PM, Matthew Seaman wrote: There's a .shar of the new port at: http://www.infracaninophile.co.uk/sa-utils.shar Comments, critique are welcome. Unless there are any killer bugs, I'll send-pr(1) in a week or so. Thanks for doing that. It looks great to me. I just wonder about it being enabled by default. I don't know what official policy is (if such a thing exists), but my experience with FreeBSD ports is that while they install things, the user must still explicitly enable them. So if might be a good idea to set the defaults to NO and include a pkg-message that instructs people to add the enabling lines in /etc/periodic.conf.local I'm also wondering about the name of the port. This really is only one utility. Anyway, those are trivial concerns. The substance of your port all looks very good to me. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: spamassassin Y2010 bug
On Jan 2, 2010, at 8:45 AM, RW wrote: On Sat, 02 Jan 2010 13:15:25 + Matthew Seaman m.sea...@infracaninophile.co.uk wrote: However, neither of these have been accepted by the p5-Mail-SpamAssassin port maintainer. It's not really a one-size fits all problem - it depends on which channels you use and whether you want sa-compile (which isn't supported by either script quoted). Of course both of these scripts could be easily modified to meet local needs. The second script already had some customization hooks built in. sa-update is very cheap to run - if there's no update it's just a dns lookup. If you're using the auto-generated sought rules you may wish to update several times a day. OTOH sa-compile is very cpu intensive, and once a day may be too much. That is all true. If you are maintaining a high traffic site (for which sa-compile would be useful) then you will probably be rolling your own maintenance scripts anyway. But none of this is not a reason to not include something like these in the SA port. Alternatively, if someone were sufficiently motived they could put together an SA utilities port that installs a number of maintenance scripts which a user can enable. One other thing is that just I always use sa-update with --gpghomedir. If you use the default you loose any third-party public keys each time the SA port is reinstalled. That is useful to know. Thank you both for your help on getting me to maintain my system better. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
spamassassin Y2010 bug
I've submitted a PR for this, but email administrators who use SpamAssassin may wish to take immediate action. There is a SpamAssassin rule which treats messages with dates after 2009 as far in the future. This adds about 3 points to the SA score, so is very substantial. I've posted details and links here http://jpgoldberg.blogspot.com/2010/01/sky-is-falling-first-y2010-bug.html But as an immediate, though possibly temporary, work around I would recommend just adding score FH_DATE_PAST_20XX 0 to your own local.cf file to disable the rule. There is discussion on the SA mailing list, and it is likely that some fix will be in with the next batch of rule updates for those who use sa-update. But if you aren't willing to wait or you don't use sa-update, I recommend the above workaround. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: spamassassin Y2010 bug
On Jan 1, 2010, at 5:19 PM, RW wrote: On Fri, 1 Jan 2010 15:05:54 -0600 Jeffrey Goldberg jeff...@goldmark.org wrote: it is likely that some fix will be in with the next batch of rule updates for those who use sa-update. It's already available in sa-update. Great. How do I know if I am running sa-update? When installing SpamAssassin from ports I was prompted as to whether I wanted to do this (I said yes), but I don't see anything about it in any crontab I can find nor in /etc/periodic or /usr/local/etc/periodic. I'm on 8-STABLE. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: usenet configuration
On Oct 2, 2009, at 2:21 AM, Bernt Hansson wrote: Aflatoon Aflatooni said the following on 2009-10-01 19:17: What is needed in order to run nntp? INN https://www.isc.org/software/inn A faq for INN is at http://www.eyrie.org/~eagle/faqs/inn.html Diablo gttp://www.openusenet.org/diablo A faq for diablo is at the above address. DNews http://www.netwinsite.com/dnews.htm Typhoon (not free/open) http://www.highwinds-software.com/ And if the needs are small, one might be able to get away with just running leafnode. Leafnode is *not* a full NNTP server, but for small networks with limited needs, it might be sufficient. I'm not familiar at all with Typhoon and Diablo. The last time I used DNews (a very very long time ago) it had some really nice design features that made it appropriate for situations between what one would use leafnode and INN, but it was buggy (this was a long time ago, those bugs have probably been fixed). INN, of course, is the sendmail, of Usenet servers. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Whic mail server?
On Sep 27, 2009, at 8:01 AM, Aflatoon Aflatooni wrote: Hi, I am running a server that is acting as the mail server for only internal users (about 50 users). Currently we are running Sendmail, but reading on other discussions I noticed that qmail and other programs are suggested. If you have no compelling reason to switch from sendmail, stick with that. I am wondering if qmail is thought to be better than sendmail. My personal favorites in order are exim postfix sendmail carrier pigeons messages in bottles qmail smoke signals ... MS Exchange ... whatever system dogs use when they smell each others' excrement. ... Lotus Notes You can't go wrong with the first three: exim, postfix, and sendmail. There are reasons why I have the preferences that I do, but they don't apply to you or your needs. So unless you are having problems with sendmail, just stay with that. Any suggestions on spam filters like spam-assassin? There are many ways to integrate spam-assassin and sendmail, and they will all be in the ports system. Look at mail/spamass-milter Another approach (not using milters) is a spamassassin+procmail solution. I prefer the milter as it allows you to reject mail early in the process. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: named issue
On Sep 25, 2009, at 2:00 PM, Jos Chrispijn wrote: [named] Lately I get messages like thin in my all.log: named[605]: too many timeouts resolving '*.*.*.*.zen.spamhaus.org/ A' (in 'zen.spamhaus.ORG'?): disabling EDNS (*) is random ip address These are queries your mailservers are making to the spamhaus blocking list. How many queries to the ZEN Spamhaus DNSBL are you making per day? If you exceed their non-commercial usage, they will cut you off. See http://www.spamhaus.org/organization/dnsblusage.html -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What should be backed up?
On Aug 23, 2009, at 7:14 PM, Karl Vogel wrote: Touching a timestamp file and backing up stuff newer than that works fine for things you modify, but I frequently copy over source tarballs and the timestamp method won't work for those. This is one of the several reasons that I use rsync (via rsnapshot). At each increment, it backs up the minimum that is need. With the cost of having a complete backup which duplicates what you would find in a reinstall, you have a complete system. Suppose you accidently trash something from the original installation. It may be easier to restore it from your backups than going to original installation media. Disk space is cheap, so having a complete back-up (under most circumstances) makes sense. With -- link-dest you can maintain many snapshots with the minimal of copying, transmitting, and writing files. Of course everyone's back up needs are different, and what works for me isn't necessarily the best for others. But if you haven't looked at rsnapshot, I'd recommend that you do before writing your own scripts. Even if you don't use rsnapshot itself, look at what it does with rsync. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: What should be backed up?
On Aug 21, 2009, at 2:33 PM, John Almberg wrote: I am currently using rsnapshot to back up these directories on a FreeBSD 7.2 webserver: /etc /usr/home /usr/local /var/cron These directories contain all the data and config files that I use... I think... Question: am I missing anything crucial? My general advice is to back up everything and then explicitly excluding those things that you know that you don't need. Here is my exclude list from my rsnapshot.conf exclude /var/log exclude /var/tmp exclude /usr/obj exclude /usr/ports/distfiles exclude /usr/local/squid Also I backup by file system, so I'm already excluding /tmp It is far to easy to forget something that needs to be backed up. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: freebsd
On Aug 17, 2009, at 5:30 AM, BONGANI MANGANYE wrote: am doing research about freebsd ,so can you help me with this information 1. features, benefits and setbacks 2. Functionality and features 3. versions, strong and weak points 4. Unique features I am delighted that university courses are assigning research projects like this. Point 4 on your list will not only require looking at information about FreeBSD but at its alternatives. When you are done with the assignment, please put it up on a website and post a link to it back here. Many members of this mailing list would enjoy reading it. People may even be willing to comment on drafts (check to see whether that is alright with the person who assigned this project.) Best wishes with your assignment. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Cleaning email
On Aug 7, 2009, at 6:42 AM, Olivier Nicole wrote: reading around the FAQ for FreeBSD mailing list, I see that the mailing list server does some message cleaning (converting HTML to text, etc). I don't want just any solution, that works more or less, but the very well tested solution used by FreeBSD mailing lists. On the mailing list this is done by the mailing list system, mailman, which is in ports/mail/mailman. But the cleaning stuff is just part of a much larger system (mailing list management), so I don't think you can get it to do what you want. There is a milter, ports/mail/mime-defang which, while it can do many other things (that you don't need to enable, also does this. I haven't used it in more than 5 years, so I can't speak for how well it works. But I did set it up for an organization that had lots of Outhouse users on desktops that were vulnerable to malicious HTML. mimedefang is also useful for blocking certain types of attachments as well. There may be better, special purpose tools that do what you want. You could also look at the mailman source (python) to see how it does its cleaning. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail Masqurading and root mails
On Aug 2, 2009, at 8:22 PM, Danny Carroll wrote: MASQUERADE_AS(`mypublicdomain.com')dnl FEATURE(masquerade_envelope)dnl MASQUERADE_DOMAIN(beasie.lan)dnl Recompiled the cf files and restarted sendmail. Here is the kicker. If I log in as a normal user it masquerades just fine. If I simply su - to root, the masquerading works fine and the mail is sent as the original logged in user. But if I log in as root via the console then it does not alter the messages. I found the answer to your problem here: http://www.grok.org.uk/docs/smroot.html The file that is being included which has the EXPOSED_USER(`root') line lives at /usr/share/sendmail/cf/domain/generic.m4 Just make a copy of that file, call it beasie.m4, remove the EXPOSE_USER directive from your copy and then change DOMAIN(generic) to DOMAIN(beasie) in your mail .mc file. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail Masqurading and root mails
On Aug 2, 2009, at 8:22 PM, Danny Carroll wrote: I've added the following to the default sendmail mc file: MASQUERADE_AS(`mypublicdomain.com')dnl FEATURE(masquerade_envelope)dnl MASQUERADE_DOMAIN(beasie.lan)dnl Recompiled the cf files and restarted sendmail. Here is the kicker. If I log in as a normal user it masquerades just fine. If I simply su - to root, the masquerading works fine and the mail is sent as the original logged in user. But if I log in as root via the console then it does not alter the messages. By default sendmail does not MASQUERADE root (figuring that you get root mail from several of your machines and want to see which machine it is from). In the old days there was a feature NO_MASQUERADE_ROOT, but looking through cf/README I see that that is one of the many things that have changed since I last seriously worked with sendmail. Now sendmail has a class of exposed users. These are usernames for which masquerading shouldn't take place. By default, root is in there. There is an .mc file directive EXPOSED(`username') which, according to the documentation, adds usernames to the list that shouldn't be masqueraded. Unfortunately, I don't see a mechanism for removing members from the E (Exposed) class. You could try EXPOSED() or EXPOSED(`') to see if either will remove things in the E class. The offending line in the generated .cf file is C{E}root if you still end up with that, then root will not get masqueraded. So if the above doesn't work, there probably is a clean way of clearing a class from the .mc file, but I don't know what it is. Hopefully others will be able to answer. In the worst case, you could manually edit the generated .cf file, to remove the C{E}root line, but that is not really a road I would recommend going down. At the risk of suggesting something that you probably know you should do in the long run, but would take a lot of tedious work to set up, you should probably move away from having your private network be .lan. Instead use .private.mypublicdomain.com and set up a local (on your private network) nameserver for that private subdomain. Sorry I couldn't be of more help. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: feedback, comments on this php-delimiter scrubbing program?
On Jun 16, 2009, at 10:30 AM, Gary Kline wrote: I thought my initial getchar() != EOF would handle that. But then there's that do-forever loop. As I said, the most common problem people had was failing to check of EOF in all the places it could occur, and so looping forever. Do not rely on the input being well formed. I remember Jeffrey's post and tried a case 'EOF' or case '-1'; thar gives me compiler errors. Look at the man page for getchar() paying close attention to the type of what it returns. You should really take the pointers from Jeffrey Goldberg and record states and decide based on the state, rather then inlined switch statements, if only for readability. Even for a very simple task, the logic of your code is very very hard to read. Clarify the logic (using the idea of a state) and you will find that this can be programmed very simply. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: feedback, comments on this php-delimiter scrubbing program?
On Jun 16, 2009, at 12:02 PM, Gary Kline wrote: this works, but still gives a warning. it's sloppy coding, but as a second version... You've got some superfluous tests for EOF in some places, and you may also be missing some. Your approach has been to look ahead with an extra getc() when you come across an interesting character. I recommended that instead of doing that you keep a variable state to keep track of where you are (and have very recently been) instead of looking ahead. I haven't tried your code, but I suspect that it behaves incorrectly with input (1) that has a '' as a final character (2) that includes things like ? (3) that includes things like ?? There is a systematic (if a bit tedious) way to make sure that you check every condition. When you've worked enough on this, you can peek at an answer which I've attached. (For the rest of you, I know that it would be more efficient to make the big switch on state instead of on input character, but for pedagogical reasons I did it the other way around. I deliberately avoided other available tunings). The extensive comments in the code should make it clear what is going on. Once you understand the concepts here it should be very easy to write code to do similar things in the future. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ gkline.c Description: Binary data ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: flaw found [in my own program]
On Jun 8, 2009, at 7:15 PM, Gary Kline wrote: not surprisingly, i found a fla w in my getc(fp) program that tried to read past ? and ? ... the example i added to my test file was simply the 2 bytes and ?. so if you have a stray ? with a matching close case, the binary hangs on a read. so, again, can anybody suggest a better example, in C, to get past two delimiters? Back in the days when I taught introductory C programming, one the the early homework assignments was to write a filter that would strip C- style comments. As a follow-up they had to do this allowing for nested comments. I don't think I can recover things from the back-up tapes that I have for that corse material, but the approach I directed people toward was to have a variable, let's call it status that records one of four states OUTSIDE /* just reading normally, not in the material to be striped */ AFTER_LT /* You've read in a '' and are looking for a '?' */ INSIDE /* You are in the material to be stripped */ AFTER_Q /* You are in the material to be stripped and have just read a '?' */ then use a switch statement on the character you are reading in. switch(c) { case '': ... case '?': ... case '': ... case EOF: ... default: ... } In each case, you look at the current state, decide whether the write 'c' to output and what state to change to. The most common mistake students would make would be to forget the EOF case. I suspect that you may have done the same. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NO_PROFILE option in FBSD-7.2
On Jun 8, 2009, at 11:59 AM, Tim Judd wrote: If that's related to 'world', all world-related build options should be placed in src.conf now. What make.conf was to world+ports, is now src.conf = world, make.conf = ports What is the appropriate location for KERNCONF, which I still have in / etc/make.conf ? -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Secure unsalted or fixed salt symmetric encryption?
On May 25, 2009, at 2:00 PM, Roland Smith wrote: You could use the -S option and specify a constant salt. It might make the encrypted materials easier to break, though. You can generate a random salt with openssl as well: Or you can use the -nosalt option. But as explained in [http://www.openssl.org/docs/apps/enc.html], using a random salt by default is a design decision because: Without the -salt option it is possible to perform efficient dictionary attacks on the password. That doesn't sound good, does it? This is being used for file encryption, not password encryption. So a dictionary attack isn't all that likely unless the encrypted files are of a specific nature (known template which remains constant while only small parts of the file vary). Note that without salt (or with constant salt) an attacker would know which files are identical both within a snapshot or across them. But this is pretty much what the OP wants the back-up system to know, so I guess that would be okay. If you are using a (e.g. USB connected) disk as backup, use geli(8) to encrypt the whole disk instead of encrypting each file separately. The OP may be doing something like rsync over an insecure network. But in the absence of details about the OPs situation it's hard to make solid recommendations. As you suggest, encrypting the resulting back-up filesystem is probably the the best option if the back-up filesystem is exacted to be the target of attack. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Meta: useless text/plain part [Was: Ethernet - Internet I/O]
On May 3, 2009, at 2:28 PM, Jerry wrote: On Sun, 3 May 2009 16:30:16 -0300 Exemys exe...@exemys.com wrote: This is a message in multipart MIME format. Your mail client should not be displaying this. Consider upgrading your mail client to view this message correctly. What is this all about? Exemys' mailer is broken. Here are the details: Exemys sent mail that was of type multipart/alternative meaning that each part is an alternative view of the content. However, exemys' mailer doesn't actually do what it should and the part that was text/plain just had the text that we saw while the other part (presumably text/html) had the real content. Mailman, the mailing list system used for the list, correctly cuts out text/html parts of multipart/alternative messages and just sends on the text/plain alternative to the list members. So the problem is that the original poster's mail headers falsely claim that the parts are genuine alternatives while in fact the text part is just a notice to read the other alternate. Mailman is behaving correctly in my view, stripping out any HTML alternates and just going with the text/plain alternative. Exemys' mailer is broken in that it sends messages that claim to provide a text/plain alternative, but doesn't actually honor that claim. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Honey pot email address
On May 1, 2009, at 11:57 PM, Andrew wrote: Does anyone have any ideas on how to get on as many spammers mailing lists as possible? The single fastest way is to post to Usenet using that address as a from address. You should start seeing lots of spam within 48 hours of that. Then once you start getting spam to that address use the unsubscribe mechanisms in the spam. That not only confirms that the address works and is read by a human, but that it is read by a gullible human. This will make that address a high value spam address. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ntp problem
On Apr 20, 2009, at 11:19 AM, Lisa Casey wrote: Running FreeBSD 5.3 IN /etc/ntp.conf I have: server time.nist.gov prefer server tock.gpsclock.com Your actual question has already been answered, but I'd like to point out that people really shouldn't be using those NTP servers unless you have a very specific reason to. You will get just as good (or better) time and help distribute load if you use server 0.north-america.pool.ntp.org server 1.north-america.pool.ntp.org server 2.north-america.pool.ntp.org server 3.north-america.pool.ntp.org (I'm assuming that north-america is appropriate for you given you current setting). And if you have a static IP address and a reliable connection and server (good network uptime), please consider joining the pool. It takes negligible resources. http://www.pool.ntp.org/en/join.html And more information about this pool of NTP servers is available at http://www.pool.ntp.org/ -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: mergemaster -U overwriting modified files
On Apr 25, 2009, at 5:10 AM, Peter Schuller wrote: Unfortunately I recently discovered that it does not seem to do what you might expect. For example it nuked my mailer.conf on one machine, and my /etc/namedb/named.conf (!!!) on another machine. Me, too. I lost exactly those two files during recent updates on two machines, using -Ui to mergemaster. After restoring them from back-up, I've added them to the exclude list in mergemaster.rc as IGNORE_FILES='/etc/motd /etc/namedb/named.conf /etc/mail/mailer.conf' Until I saw your post and the other responses, I had just assumed that I'd been somehow careless when running mergemaster. But now it looks like a bug. I've been using -Ui for mergemaster for a while now, but only seem to have experienced this problem recently. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portupgrade question
On Apr 6, 2009, at 8:59 PM, Glen Barber wrote: On Mon, Apr 6, 2009 at 9:55 PM, new_guy byte8b...@gmail.com wrote: Is there a way to use portupgrade without all the stopping for config questions? You could add: BATCH=yes to /etc/make.conf. Or use the --batch command line option to portupgrade. Or use the -c option (as mentioned by someone else in this thread) to do all of the config questions up front. I didn't know about that one. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Quirk with latex-suite]
On Mar 5, 2009, at 2:28 AM, David Karapetyan wrote: Hello; I am having a funny little problem with latex-suite. Is that the name of the port? I don't see anything by that name in my ports tree. Googling around, I see that latex-suite is a plug-in for vim. When I press F5, and am prompted with a list of environments to insert, no matter which I choose, it is inserted with a superfluous that appears right before the cursor. So, for example, \begin{equation} cursor_is_here \end{equation} One thing to check is whether your version of latex-suite is appropriate for your version of vim. It may be that move to vim 7 broke something. Does latex-suite do this by default? What file do I need to edit to change this setting (I'd like to get rid of the quote mark). I'm afraid I've never used it (on any platform, though I think I might give it a try). If you don't get any useful help on the FreeBSD list, try joining https://lists.sourceforge.net/lists/listinfo/vim-latex-devel Also the Usenet group comp.text.tex is remarkably helpful. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can stock syslog do hostA - fileA?
On Feb 26, 2009, at 8:19 AM, Paul Halliday wrote: I am collecting syslogs from a PIX and a couple of Barracudas. It would be a lot easier for each to have their own logfile. I have been poking around a bit; I saw this one: +host1 /var/log/host1 but it doesn't appear to work. Years ago I tried and failed at the same. Since then, I've moved to syslog-ng which I've been extremely happy with. Here is the bit in my syslog-ng.conf file for logging things from remote hosts # for stuff from remote hosts: destination hosts { file(/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH $DAY owner(daemon) group(wheel) dir_owner(daemon) dir_group(wheel) perm(0640) dir_perm(0750) create_dirs(yes)); }; log { source(s_udp); destination(hosts); }; Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not listening on port 465
On Feb 17, 2009, at 3:41 PM, Seur Bors wrote: I'm having problems with Sendmail. Everything is working fine, except that the sendmail daemon is not listening on port 465. [...] DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl You are aware that using port 465 was never fully a standard is, at best, deprecated. Your daemon options say to use port smtps, check to see whether that is defined in /etc/services and see what happens if you replace Port=smtps with Port=465 But do reconsider whether you need to be listening on 465 in the first place. You can (and should) simply use TLS on the submission port, 587. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: off topic: reporting attempts to access computers
On Feb 19, 2009, at 12:00 PM, Andrew Gould wrote: What information should I send to an ab...@* address when reporting a break-in attempt? My logs show a dictionary attack of invalid user names against port 22. So source of these is almost always some other compromised Unix-like system. I obtained an ab...@* email address using 'whois' and reported the beginning and ending date/times and the originating IP address. When reporting the times, be sure to make the time zone clear. Is there any other information I need to send? Is there someone else I should notify? There's no general answer to that. It really depends the specifics of the case. For example, a small business might have a small netblock and an abuse address, but aren't competent to deal with your notification. Think of a small business that has a bunch of Window's clients and one ancient RedHat system that hasn't been maintained for years and was set up by someone who doesn't work there anymore. In that case, it might be useful to inform their provider as well. Back when I used to report these things, I had a template message for doing so. Most of the attacks I receive are from other continents, so I just block the network range found via 'whois'. If you block, and your firewall will log the failed attempts, then you may also look at participating in DShield http://www.dshield.org/howto.html Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: receiving mail
On Jan 14, 2009, at 1:02 PM, Chuck Swiger wrote: On Jan 13, 2009, at 11:51 PM, Pieter Donche wrote: What's wrong? Why does this not work out of the box ?? Given the security history of sendmail, it's not prudent to enable sendmail by default. It's not just that, but people who don't understand how mail transport works, shouldn't be running mail servers. I expect to deal with sendmail for as long as I administer Unix boxes, but alternatives like Postfix in particular would be my preference from a number of standpoints. I'm in the same position. I starting running alternatives to sendmail in the late 90s on systems that I knew I was always going to maintain, but for systems that would be passed to others to maintain, I stuck with installing sendmail because there was much more expertise. Now a- days, I'm happy to set up Postfix on such systems (but will still use exim for myself). Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Performing installed ports upgrade / leaving some software intact
On Jan 14, 2009, at 12:03 PM, Zbigniew Szalbot wrote: 1/ backing up the hacked [mailman] files and restoring them later (but I will overwrite the newer files with older ones perhaps breaking something). 2/ making them read only (but the end result will be the same and upgrading as root I will overwrite them anyway). Keep in mind mailman is all python. There really is nothing to recompile after a system upgrade. (Unless you are upgrading python which you aren't). Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Launching Vim
On Jan 14, 2009, at 9:39 PM, Rem P Roberti wrote: Can someone give me a heads up on this. I just installed vim, but when I try to launch the program I get this error message: /libexec/ld-elf.so.1: Shared object libperl.so not found, required by vim Is this a path problem? The actual file libperl.so recides in /usr/ local/lib/perl5/5.8.9/mach/CORE/libperl.so I take it that you also recently upgraded perl. Did you follow the instructions in /usr/ports/UPDATING regarding perl? I'm not sure that this will solve your problem, but it might. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
bash versus sh test builtin
The -ne operator for [ in /bin/sh doesn't seem to work as in bash. Also the bash behavior here is what matches /bin/[ most closely. $ /bin/sh $ if [ $UID -ne 0 ] ; then echo not root fi [: -ne: unexpected operator $ exit $ echo $SHELL /usr/local/bin/bash [jeff...@dobby ~/src/mount-rsnap]$ if [ $UID -ne 0 ] ; then echo not root fi not root Does anyone have a recommendation of how to run this simple test in / bin/sh and how to write tests reasonably portably? -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bash versus sh test builtin
On Jan 11, 2009, at 9:07 PM, Dan Nelson wrote: UID=$(id -u) if [ $UID -ne 0 ] ; then echo not root fi UID is not a variable set by /bin/sh, which is why the test fails. Ah. Thank you. I was, as you see, barking up the wrong tree. Thank you for setting me strait on this. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Portsnap Not Found Issues
On Jan 5, 2009, at 2:40 PM, Matthew Pounsett wrote: I'm seeing a similar error on a different metadata file from portsnap1. portsnap3 seems to be working for me at the moment. I'm having problems on 2 and 3 (haven't tried 1). But I did get much further when portsnap3. $ sudo portsnap -s portsnap3.freebsd.org fetch update Looking up portsnap3.freebsd.org mirrors... none found. Fetching snapshot tag from portsnap3.freebsd.org... done. Fetching snapshot metadata... done. Updating from Sun Jan 4 11:29:12 CST 2009 to Mon Jan 5 13:49:44 CST 2009. Fetching 3 metadata patches.. done. Applying metadata patches... done. Fetching 0 metadata files... done. Fetching 530 patches. 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 190 200 210 220 230 240 250 260 270 280 290 300 310 320 330 340 350 360 370 380 390 400 410 420 430 440450460470480490500510520530 done. Applying patches... done. Fetching 90 new ports or files... /usr/sbin/portsnap: cannot open e12e83e8518a445d192fa06546e06cfd4eee82824a1a5d36e508ac7cb78968f8.gz: No such file or directory snapshot is corrupt. Anyway, I'll wait a day or two before trying again. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: editing dhcpd.conf file
On Dec 30, 2008, at 11:53 AM, Pieter Donche wrote: Now, when someone already registered his laptop, and buys a new latop to replace the old (a different MAC address), can then omshell be used to record the change in the /usr/local/etc/dhcpd.conf file? Does omshell edit the /usr/local/etc/dhcpd.conf? Or is the only way to make changes to that file, to use an plain text editor, make the change manually and do a /usr/local/etc/rc.d/isc- dhcpd restart afterwards ? I hadn't heard about omshell or OMAPI until seeing your post. So my answer is based on no experience other than just reading its man pages. It appears that OMAPI does not edit the dhcpd.conf file. However, changes made through OMAPI will be reflected in dhcpd.leases with the line dynamic; indicating that the lease was created via OMAPI. Thus, in principle one could write a daemon that would watch dhcpd.leases for new dynamic leases and then call something that would edit dhcpd.conf. I don't know if anyone has put that together, but it would make sense to ask in places where OMAPI is discussed. Best of luck with this, Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Firewalls using a DNSbl (and distributed ssh attacks)
It's not a big issue, but I'm wondering if there is a DNSBl that lists IPs that are engaging in brute force ssh attacks. And if there is such a list, is there a way to integrate that information into a firewall or sshd. As I've said this really isn't a big issue for me, as the brute force attempts at sshd are nothing but an annoyance as I review logs. The attacks that I'm seeing appear to be coordinated and distributed. That is, there will be one attempt on username fred from one IP immediately followed by an attempt on freddy from another IP followed by an attempt on fredrick from a third source and so on. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: large binary, why not strip ?
On Nov 18, 2008, at 8:45 AM, Paul B. Mahol wrote: And what about /usr/local/lib/** ? Interesting. I found that only 11 are stripped on my system compared to 272 not stripped That is pretty much the opposite of the ratio I round in /usr/local/ bin where there were something like 350 stripped and only 35 not stripped. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MTA on non-standard port
On Oct 26, 2008, at 7:23 PM, Jeremy Chadwick wrote: 1) Incoming SMTP (e.g. someIP:* -- yourIP:25) 2) Outbound SMTP (e.g. yourIP:* -- someIP:25) #2 has become prominent in the past few years, and is applied by ISPs because they want to curb their customers sending spam out onto the Internet (usually as a result of viruses, trojans, etc.), getting their IPs blocked by DNSBLs and giving them a bad social rep. Instead, they force customers to relay outbound mail through their own SMTP servers (called a smart host in sendmail terms). There's absolutely no way around this; you can beg them all you want, but the chances of them adding a pass-through for you is very slim. If you want to do direct to MX mailing, you are going to need to negotiate that separately. At the very least you will need a static IP address. If you pay for that, then you will probably be allowed to do direct to MX mailing. On the whole, I think that Access Service Providers are right in this policy. Back in the old days of smaller ASPs, there were several that had a simple policy. You could be allowed destination:25 traffic merely by asking for it. They figured that anyone smart enough to ask for it knew what they were doing. But it was blocked by default. But keep in mind that if you don't have a static IP address, the mail hosts you try to reach are also very likely to block you. The Linksys router has two outbound firewall rules applied to it: it only allows bsdIP on my LAN to connect to someIP:25,587 -- thus, only one machine on my LAN is allowed to speak SMTP to the world. I do this purely as a precautionary measure (in case one of my friends comes over with his/her laptop, which happens to be infected and sends spam, etc. -- it won't work, period). Wise choice. I wish more home and business networks did that. Eventually they stated that I could send mail through their mail servers on port 587. I quickly set this up, and found it failed -- their servers require SMTP AUTH on port 587, no exceptions (note: this is NOT mandatory by the RFC; it's OPTIONAL). Again. I think that this is fit and proper. The reason I do not like siphoning mail through Comcast: their mail servers are known to act wonky or /dev/null mail for mysterious reasons. Then pay money to a company whose business depends on doing mail right. I use fastmail.fm which I highly recommend. I hope the experience with your ISP is better than mine. Good luck. A business account (needed for a static IP address) is expensive. But don't expect to mail directly to MX (without going through some mailhub, either comcast's or a service that you pay separately for) without one. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mailman + Apache + Cookies + FreeBSD
On Oct 10, 2008, at 1:45 AM, Odhiambo Washington wrote: Could you downgrade Mailman and see if the problem still persists? I run the combination you have (except Mailman is 2.1.9 and FreeBSD is 6.3) and I haven't had an issue. Might be a bug introduced in Mailman 2.1.11 I'm running mailman 2.1.11 (installed from ports) without the described problem. So in at least one case, Apache, FreeBSD and Mailman 2.1.11 work without exhibiting the described problem. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
HW recommendations for light weight server
I know that this is pretty far off topic, but I'm asking anyway. I need to purchase/rebuild a relatively light-weight server for a small LAN. It will run a small MySQL server, DNS, DHCP, nagios, LDAP, syslog-ng and a few other things, serving only a LAN. My previous box running this was a cheapo Fry's reject. I went through two power supplies on that one, before I gave up on it. My current box is an HP Pavilion Slimline s3220n http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01154947lc=endlc=encc=uslang=enproduct=3548659 that I got at a CompUSA fire sale. Although it is still running, the case near the power supply is very hot to the touch and it is giving off a terrible stench. CPU temperatures are perfectly fine, but I'm taking the smell as a very bad sign. That machine came with many things that I don't use (DVD burner (only used during FreeBSD installation), TV tuner, Wireless, etc) so they shouldn't be drawing any power. I need something that will run 24/7 in an environment that can sometimes get up to 30C. (I live in Texas, and try not to over do the air conditioning.) Something with an amd64 architecture would make the transition easier, since I might be able to use my current disk. So any thoughts or recommendations will be welcome. If people wish to email me off list, I'll provide a summary of responses. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: USB Drive Reliability
On Aug 19, 2008, at 9:43 AM, Warren Block wrote: On Mon, 18 Aug 2008, Jeffrey Goldberg wrote: I have one system (7.0) which becomes extremely unstable if I have a USB drive connected. I usually get a system crash in 10 to 30 minutes after mounting the USB drive. It has never crashed without the USB drive attached, and it has never gone for more than three days with it attached. [...] Unfortunately, the crashing system is a small form machine and there is no way to put in a different USB controller. The USB drive was for backups, which I now do over the network to the machine that is working just fine. That might indicate a cable problem, even just being too long. A line-powered hub added between a problematic USB card reader and computer fixed an unreliable situation here. Unfortunately that hasn't solved the problem. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: alternatives to mergemaster
On Sep 6, 2008, at 1:20 PM, Christian Laursen wrote: I always run mergemaster in auto upgrade mode. From the man page: -U Attempt to auto upgrade files that have not been user modi- fied. This can also be achieved by putting AUTO_UPGRADE=yes in /etc/mergemaster.rc. AUTO_UPGRADE isn't documented in mergemaster(8). I guess it's time for me to submit my first documentation patch (unless someone beats me to it). Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Complex text layout
On Aug 30, 2008, at 4:11 AM, [EMAIL PROTECTED] wrote: I am trying to get my website to support multilanguage fonts, complex text layouts. An example of what I am trying is to have the fonts of other languages appear rather than boxes or question marks. This is purely an HTML/web-design question, and has nothing really to do with FreeBSD even if your webserver is a FreeBSD system. You should look at the LANG and DIR attributes. Also, you should set up your pages do use UTF-8 as a character set. To instruct your server to declare that documents are UTF-8 by default, you can set AddDefaultCharset utf-8 in your Apache configuration. AddDefaultCharset is document at http://httpd.apache.org/docs/2.0/mod/core.html#adddefaultcharset If you don't have access to the Apache configuration, you can declare the charset to use within each document in the HTML, with something like META http-equiv=Content-Type content=text/html; charset=UTF-8 within the HEAD portion of the document. The LANG and DIR attributes are documented at http://htmlhelp.com/reference/html40/attrs.html#lang though that is more of a reference document than a how to. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Forwarding all mail to a local user
[mailed and posted] On Aug 31, 2008, at 8:00 PM, Ivan Rambius Ivanov wrote: I have the following questions. How can I forward all mail sent to anyone@localhost to a [EMAIL PROTECTED], where rambius is my own user account in my FreeBSD system and anyone can be anything including a user name that does not exist on the local machine? I have default sendmail installation as provided by the base system with no modifications of my own. You should edit /etc/mail/virtusertable to include a line like @localhost [EMAIL PROTECTED] There is a sample virtusertable you can look at. After you have edited the virtusertable file, you should run make maps in that directory. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MTA advice ??
On Aug 25, 2008, at 12:49 AM, Matthew Seaman wrote: Jeffrey Goldberg wrote: In the old days, if one MTA couldn't reach another it would hold stuff in its queue for four or five days. Now, most MTAs appear to be configured to give up after 24 hours. In which case those mail systems are not in compliance with the RFCs. RFC 2821 Section 4.5.4.1 says: Retries continue until the message is transmitted or the sender gives up; the give-up time generally needs to be at least 4-5 days. The parameters to the retry algorithm MUST be configurable. Thanks for that. I will point that out to the appropriate postmasters the next time I see delivery attempts give up before this. Not that it will do much good, but I will try. I wonder whether rfc-ignorant.org has a category for this. Hold on ... Nope. They don't have this category of (2)821 violation. The original poster may wish to take a look at rfc-ignorant.org to make sure that they feel confident that they can run an Internet- friendly mailserver. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: MTA advice ??
On Aug 24, 2008, at 1:06 PM, pete wrote: I have a hosted domain that recently changed their mail filtering. I am not happy with the new setup I have my email hosted by fastmail.fm. I am extremely happy with them. (They really understand IMAP and the needs to power email users). and am considering setting up my own. Looking for tips on setting up something on my freeBSD 6.1 box. Running your own MTA is not for the faint-hearted. My ISP is cablevision IO. Not sure what they allow, ie: whether I can have my hosted domain set to use my cable IP as a MTA The main question is whether you have a static IP. The IP address that you appear to have sent your message from, 69.118.77.111, does not appear to be a static IP address. You will not be able to send directly from that IP to most mail servers on the net. So if you intend to use your system for sending mail, you will have to go through a smart host (probably your ISPs designated out bound SMTP server). Receiving mail directly will be more possible, but tricky. You will need to use a dynamic DNS system. Also do consider uptime and reliability. In the old days, if one MTA couldn't reach another it would hold stuff in its queue for four or five days. Now, most MTAs appear to be configured to give up after 24 hours. So if your mailserver is down for a day, mail will be bounced and never delivered to you. Also looking for advice on which software would serve me bet in this instance. exim, postfix and sendmail are all good choices. I personally prefer exim, but I think that someone in your position would do best with postfix. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Security questions, seeing more then one dhcp client.
On Aug 21, 2008, at 10:38 PM, Christopher Joyner wrote: I am seeing two dhcp clients connected to my wireless router. Does that mean someone other then me is on it? Do you have a Wii? Or maybe an iPhone or other similar device? Or a network printer? There is a fair chance that the other client is something that should be there that you've just forgotten about. However, there is also also a reasonable chance that it is a security breach if you are running an unsecured wireless network. What I would recommend is that you probe the unknown device with something like nmap (available from ports security/nmap) with something like nmap -O -sV IP-ADDRESS-OF-MYSTERY-DEVICE That should give you a fair amount of information about the device. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to use dig with an ip list
On Aug 18, 2008, at 10:25 PM, Fraser Tweedale wrote: On Mon, Aug 18, 2008 at 10:18:07PM -0500, Jeffrey Goldberg wrote: You'll want to change line four to echo $LINE `dig +short -x $LINE` for a cleaner output. The original works fine for me in ash. Definitely nothing wrong with yours though. What have I overlooked? Sorry, I misread what you actually wrote for what I would have written (before correction). What you have is perfectly correct. Or, in the words of Emily Latela: Nevermind. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: USB Drive Reliability
[mailed and posted] On Aug 17, 2008, at 7:36 PM, Jason C. Wells wrote: I realize that this is primarily a tech support forum. I wasn't asking for a solution to the problem. I was asking for other peoples experiences. If the USB support in FreeBSD was spotty according to other people, as has been reported, then I plan to not even try to work on it more until I install 7.1. Just for the record: - crashes the system on attachment - crashes the system on detachment - the system hangs on attachment but resumes responding if you pull the drive - installing the drive results in the little blue light coming on with dmesg reporting attachment, but attempts to mount fail with device not configured or somesuch - dataloss on the device that chkdisk in DOS couldn't save Dien dobre Jason, I have one system (7.0) which becomes extremely unstable if I have a USB drive connected. I usually get a system crash in 10 to 30 minutes after mounting the USB drive. It has never crashed without the USB drive attached, and it has never gone for more than three days with it attached. Usually the failure is much sooner. This was with 7.0- RELEASE. I haven't checked since I've moved to 7-STABLE. I have another system (identical software, different hardware) which is solid as a rock with the identical USB drive attached. Unfortunately, the crashing system is a small form machine and there is no way to put in a different USB controller. The USB drive was for backups, which I now do over the network to the machine that is working just fine. Best of luck with this. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to use dig with an ip list
On Aug 18, 2008, at 10:13 PM, Fraser Tweedale wrote: == #!/bin/sh while read LINE do echo $LINE `dig +short -x $LINE` done === You'll want to change line four to echo $LINE `dig +short -x $LINE` for a cleaner output. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to use dig with an ip list
On Aug 18, 2008, at 9:03 PM, Paul Schmehl wrote: I know I'm missing the obvious. I want to use an IP list to generate an ip+hostname list. IOW, I want to go from this: x.x.x.x y.y.y.y to this; x.x.x.x foo.domain.tld y.y..y.y bar.domain.tld What's the best/easiest way to do this? Easiest: $ for i in `cat ip-list`; do echo -n $i dig +short -x $i done Better might be to use something in p5-net-DNS so that you don't make N separate calls to dig. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Best SMTP Gateway Program and Reporting Tools
On Aug 12, 2008, at 3:22 PM, Josh Kidd wrote: I just wanted to pose this question to the list on people's opinions as to what the best SMTP Gateway program (ie. Sendmail, Postfix, etc) [...] Depending on the nature of the site and needs, my preferences tend to run exim, then postfix, then sendmail. But opinions will vary greatly. Many very smart people for whom I have a great deal of respect do not share my particular preferences. is and what the best log analysis tool for that SMTP program is. If I wanted to be a bit unhelpful just to make a point, I would say perl (or grep depending on taste). It depends on needs. We are currently using Symantec Mail Security for our outgoing SMTP Gateway but want to employ an open-source solution instead. My problem is our main requirement is to have a way to view the logs on a web based interface that will allow our system administrators when a customer complains they didn't receive an email to be able to go into the logs and search by date/time and view the activity for that period to determine if the mail went through our system or if it was blocked and if so why. It should be very easy to roll your own. I know that exim comes with a number of GUI useful monitoring tools, but I don't know if this functionality is there. But I do think that several of the tools come close. They aren't web based, but X11 tools. Also (if your privacy policy allows it) there's a configuration setting for logging subjects. I've heard of and read about a few different programs like SMA and Anteater and pflogstats, but I don't know if these will have the functionality I need to allow admins to search logs for a specific date/time and/or specific phrase/address on a web based interface. Maybe someone has already done this, but it really wouldn't be a difficult thing to develop your own tool for doing this. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: shutdown/reboot suggestion
On Aug 9, 2008, at 3:22 PM, Michael Grant wrote: More than once, through carelessness, and I'm sure I'm not alone, I have inadvertently shutdown or rebooted the wrong machine. I'm sure some of you know that all too familiar feeling when you see Connection closed instead of your desktop being rebooted. I use a combination of tricks. 1. I have the hostname in my prompt. 2. I have a separate color scheme for ssh sessions for each host I commonly connect to, and a generic color scheme for ssh sessions for other hosts. These are all distinct from my term window color scheme for my local host. 3. I rarely run as root, so all of my shutdown's use sudo. My password isn't the same on all hosts. This doesn't work perfectly, but it does help avoid this kind of problem. I have a suggestion with respect to these commands. What if they could be modified to require the hostname of the machine as their first argument, otherwise, they refuse to bring the machine down? shutdown -h now becomes: shutdown example.com -h now As others have pointed out, you can easily make scripts to do that. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: email disclaimer insert; remove and instert
On Jul 29, 2008, at 6:13 AM, Odhiambo Washington wrote: I can tell you it is impossible. Why? While you can actually write a script to try to do it, you'll more likely end up breaking the e-mail format, because it will not be too easy to rightly guess the content-type/boundaries in replies. If one converted all messages to mutlipart/mixed and added the disclaimer as text/plain part with a content-disposition: inline, then you might be able to safely ensure that each message had exactly one copy of the disclaimer. But any script will have to be fully and completely aware of all MIME structures, so using various perl libraries is where I would start. But of course you are right in that if you were replying to an unsnipped reply there is no way to know the structure of the quoted material in the first reply, so removing it from the quoted section may well be impossible to do reliably. On a side note, I'm wondering if the original poster is familiar with the arguments presented in http://www.goldmark.org/jeff/stupid-disclaimers/ I haven't updated that in years, but I think that the points still hold. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Binary upgrade from legacy version + ports
On Jul 28, 2008, at 2:52 AM, Jan Henrik Sylvester wrote: Svein wrote: Is there a problem using the prebuilt packages from STABLE on a RELEASE box? If I want to run RELEASE, and still use the latest packages? The ABI is consistent between STABLE and RELEASE, right? Yes, there is a problem. See my posting here: http://lists.freebsd.org/pipermail/freebsd-questions/2008-June/177553.html Unfortunatelly, I have not got an answer, but it is obvious packages using this new symbol must fail: I recently discovered this through a blunder of my own. I accidently updated a 7-STABLE machine to 7-RELEASE, and discovered, among some other problems, that sudo failed with the same error you report. (I've now put a link to USE-THIS-SUPFiLE to stable-supfile in /usr/ local/etc/cvsup to avoid the blunder in the future.) -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /var full
On Jun 19, 2008, at 9:40 AM, Paul Schmehl wrote: As you can see from the df -i I posted (to which you responded), inode exhaustion is not an issue. You are probably right about that, but could you also post the result of sudo tunefs -p /var That won't tell us what is in use, but it will confirm whether /var was set up with funky parameters or not. Also, the last time I ran out of inodes, the error messages made it clear that that was what was happening instead of merely giving a disk full error. I'm leaning toward some sort of bug in mysql version 5.0.51 which creates a temporary file (in the wrong place) and then doesn't release it until it exhausts the space on the drive. In any case, I'm going to report it to the mysql folks as such and hope they can figure out what the cause is. That would be my guess. I haven't seen a mention of that of the mysql lists, but I don't follow the lists closely. (For the most part, I just go and clean out the mail folder they collect in every week or so.) Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/
Re: Enforce minimal file/ dir permissions
On Jun 16, 2008, at 7:21 AM, Bill Moran wrote: Look at MAC and the bsdextended module (filesystem firewall): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html I've recently been looking at those myself, and while I think that I have developed some limited understanding in principle about how MAC works, I need a great deal more practical guidance. Is there some extended tutorial with cookbook or other resource that will actually help someone who doesn't fully grok this work out a policy and rules that will do more good than harm? Yes, I've used google, but haven't yet come across what I need. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and User Security
On Jun 12, 2008, at 8:19 AM, David Naylor wrote: I think this argument is rather mute, just because there are no programs exploiting security vulnerabilities does not been there are not vulnerabilities, But it is far from moot if you are interested in the actual threat against your system. In a sense, using a less popular OS is a form of security by obscurity which is not to be heavily relied on, but still it does make a real, practical, difference in the case that you described. and a determined cracker would create his own program. You have not articulated what you are trying to defend against. Do you anticipate determined crackers going after your particular system and what resources will such attackers have? We can't talk about a system being secure in general, but the question needs to be framed in terms of secure against what. That said I hope there are, actually, no vulnerabilities. That is demanding too much. What you need to hope for is a combination of no known unpatched vulnerabilities at the moment and more importantly procedures and practices to keep things that way. As Bruce Schneier likes to say, Security is not a product but a process. The vast majority of actual system compromises involve failure of system administrators to keep systems patched and follow good security practices. One reason that I switched from Linux to FreeBSD is that I find it much easier to maintain FreeBSD, particularly in terms of security updates. I have been responsible for Linux machines that did get rooted because I was having problems keeping them up-to-date for a variety of reasons. [Security through obscurity is just an illusion] In your post you mentioned concern about spyware. It is not an illusion that FreeBSD has not been targeted by spyware writers while Windows has. Even if some of that is the consequence of security by obscurity, it is no illusion. Of course we need to understand that those security benefits from obscurity are fragile, but we shouldn't dismiss it entirely. Again, what sorts of benefits such things may add (or subtract) depends on the nature of the attacker. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and User Security
On Jun 12, 2008, at 3:24 PM, David Naylor wrote: This is a general enquiry. What had sparked my interest in this subject is the above mentioned article. In this case it is a workstation used to access and manage account and cash flows. The threat would be anyone gaining access to 'divert' funds to incorrect accounts, for obvious personal gains. How much money are we talking about? If it is billions of NZD that is one thing, if it is thousands of NZD that is another. The question is would someone with resources make a concerted effort to specifically target your system? If so, you should hire a local professional. If your concern is more about the kinds of wide spread automated attacks, then really it's just a matter of doing the basic sorts of things. Disabling root SSH logins, have your perimeter firewall check for unusual out-bound traffic, and of course, keeping the system properly updated. Specifically, the two threats would be remote attach (such as spyware being deployed, or gaining remote access) I haven't played around with it, but you might want to look at Mandatory Access Control (described in the Handbook). It's something that has been on my to learn list for a while, but I am getting through that list very slowly. From what you've said, it sounds like you are talking about a multi-user system. Something like MAC really may be the best approach to preventing individual users from being tricked into doing stupid things. or physical access (in which case keeping the username and password safe will be the only option? Assuming their is no compromise on the human side) For a typical machine, physical access means all access. If I have physical access to a machine, I may be able to boot it from my own boot media (a CD for example) and then read everything on the hard disks. I could remove the disks and copy them. I could install a physical keystroke logger between the keyboard and the box. There really is a lot that can be done with physical access. So if you have reason to believe that attackers would have physical access to the machine, you should use encrypted file systems. Note that with both MAC and encrypted file systems you run an increased risk of locking yourself out of the system by accident. So what measures you wish to take, with their additional costs and risks, depends on a careful and realistic view of what the threats are. I've enjoyed this discussion. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: generating random passwords
On Jun 11, 2008, at 11:35 AM, Bill Campbell wrote: One of the biggest problems with random passwords is that they end up written on yellow-stickies on the monitor or under the keyboard. I'm going to take this opportunity to preach. Everyone should be using a good password management system. Otherwise people will use either weak passwords or will use passwords which are predictable from other passwords. (That is using the same password or variants of the same password for many separate realms.) I don't run FreeBSD on desktops so I haven't looked at the various tools available. On OS X, I use 1password which makes excellent use of the OS X Keychain system, and has terrific webbrowser integration. I'm fairly sure that the Apple Keychain libraries have been or can be ported to FreeBSD, but it might require GnuStep. On Window's I recommend Password Safe. In ports, sysutils/pwsafe provides a CLI utility that can manage Password Safe data. And security/gorilla provides a tcl/tk GUI for pwsafe. I've used both on OS X, and the work fine, but I much prefer 1password in that environment. I've never looked at things like kwallet or other Unixish password management systems. But once again, I recommend that everyone use a proper password management system. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and User Security
[mailed and posted] On Jun 11, 2008, at 4:03 PM, YANSWBVCG wrote: It is my understanding that since 1995 all computers must have a hardware back door that permits undetectable access by the government to the computer. This capability can be implemented using System Monitor(Maintenance) Mode which is built into all x86 computers now. It would appear that, if you are connected to the internet, the government has access to your computer. This is not the place to get into this debate, but I think that someone should state for the record that the vast majority of security experts would disagree with you. However, I fully acknowledge that if the National Security Agency or GCHQ or the like wanted to break into any one of my systems, I'm sure that they could. But the question wasn't about making a system that could withstand something like the NSA but instead about defending against run of the mill spyware. Switching from Windows to FreeBSD would obviously improve matters for that kind of attack, but the real answers to the original question require an understanding of the nature of the threats and the nature of the counter measures far beyond what was evident in the question. After all, most spyware is installed with the users' consent (though the user may not know that it is sypware.) For just about everyone, I recommend pretty much anything written by Bruce Schneier. As as start there is his very brief How to think about security essay: http://www.schneier.com/crypto-gram-0204.html#1 -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and User Security
On Jun 11, 2008, at 7:17 PM, [EMAIL PROTECTED] wrote: A relatively new security threat known as 'The Blue Pill', based upon hardware, is a class of virtual rootkits that can silently take over Intel and AMD systems. A good site to visit to learn about these virtual rootkits is http://invisiblethings.org/index.html. That is simple (in concept) yet absolutely brilliant! I'm sure that people much smarter that I am have thought about these things more carefully than I have, but I'm not convinced that a blue pill would be completely undetectable. First it should consume memory. A very complete test of memory through a modified memtest should be able to detect whether system reported memory is accurate. Secondly, a blue pill would need to be reinserted after a hard reboot. Therefore a look at the boot process (of a non-live system) should be able to see whether there is something that reinserts the blue pill. But even if detection is possible these ways, a Blue Pill would be extremely difficult to detect once inserted, and so the focus would have to be entirely on prevention. Again, these are just my first thoughts after looking at this very briefly. The people who come up with this stuff and do proper analysis are both smarter and more knowledgeable than I am. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and User Security
On Jun 11, 2008, at 8:08 PM, cpghost wrote: On Wed, 11 Jun 2008 19:45:51 -0500 Jeffrey Goldberg [EMAIL PROTECTED] wrote: First it should consume memory. A very complete test of memory through a modified memtest should be able to detect whether system reported memory is accurate. What if memtest already runs within the virtualization box? How can it determine what the right amount of memory is supposed to be? I was assuming that that would be known by the operator. And if the virtualizer hot-patched memtest instructions, either on loading it or dynamically while it runs, it could make it report whatever it liked. Of course. Secondly, a blue pill would need to be reinserted after a hard reboot. Therefore a look at the boot process (of a non-live system) should be able to see whether there is something that reinserts the blue pill. Yes, but you've got to have a very close look at it, as it won't necessarily appear on the screen -- being caught as well by the virtualizer. And Joanna also has a paper about fooling hardware capture cards into reporting bogus data on her site, so you won't even be able to detect that RAM contains something else upon boot than those hardware capture cards are supposedly reporting. Yes. I've now read through some of Rutowska's slides (following the link provided by dfeustel in another post in this thread). If all this is as she's described, it is truly brilliant from a technical POV... and a very worrying thought as well. Yes it is worrying. The next time I reboot the one server I've got with an SVM capable processor I'm going to disconnect the power (to make sure that I'm getting a real reboot instead of a spoofed one) and then on reboot I will disable SVM in the BIOS. But mostly I'm just in admiration of people who can think of things this clever (even if they are very scary and dangerous things). Thank y'all for a very enlightening discussion. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: generating random passwords
On Jun 11, 2008, at 7:46 PM, Andrew Berry wrote: Any idea what the name of the project for the Security framework is? I can't seem to find anything on Google. I'd love to be able to access keychains from OS X on other platforms, without resorting to dumping everything to plaintext. This looks like a good place to start. http://developer.apple.com/opensource/security/index.html I, too, would like my OS X Keychains to be portable. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD and User Security
On Jun 11, 2008, at 9:05 PM, [EMAIL PROTECTED] wrote: On Wed, Jun 11, 2008 at 08:51:16PM -0500, Jeffrey Goldberg wrote: The next time I reboot the one server I've got with an SVM capable processor I'm going to disconnect the power (to make sure that I'm getting a real reboot instead of a spoofed one) and then on reboot I will disable SVM in the BIOS. How do you know that the bios has not been reflashed by a virus, trojan, or rootkit? Aghh!! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: no reverse DNS causing connectivity problems
[mailed and posted] On Jun 9, 2008, at 8:57 PM, Jake Evans wrote: I've had a few people complain that when they telnet/ssh/ftp/web to our server, it's slow... I've traced the problem to them having no reverse on their IPs. You should configure your servers to not do the reverse lookup. Not resolving is certainly the default for Apache. For sshd, set UseDNS to no in /etc/ssh/sshd_config. As for telnet and ftp, I don't know where that might be configured. Of course I don't know your needs and situation, but some people might consider it a reasonable policy to disallow ssh and telnet (and certainly mail) from hosts that don't have proper PTR records. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Grep Guru
On Jun 8, 2008, at 5:50 PM, Raphael Becker wrote: find . -type -f -exec grep grepoptions text to search {} \+ -exec foo {} \+ behaves like xargs foo -exec foo {} \; exec foo for every file Way cool! I hadn't known that about find(1). Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Looking for gurus willing to help write Freebsd tutorials
On Jun 4, 2008, at 2:34 PM, Jerry McAllister wrote: Maybe everyone should make their own and use it. FreeBSD is a user created Open Software project after all. I used to have a Powered by FreeBSD button with the BSDie on a mailing list server that I'd set up for the PTA for my daughter's school in Texas. I figured that I could handle any complaints or questions that I got about it. But then I heard one of the teachers explain to other staff that if she ever was shopping and the final price of items totaled up to $6.66 she would make sure to add another item so that she wouldn't have to be part of a transaction involving 666. (I guess she never would have been a customer of Demon Internet in the UK which started out with the telephone prefix for their dial-up pool being 666). At that point, I decided that my problem wouldn't be with responding to complaints and queries, but the problem would be with the people who never complained directly to me, but who shunned the service or complained about me. So now there is just a text link without the button. Whether you want to call this self-censorship or not, I think that I made the right decision. In the same way that when I volunteer at the school, I don't where controversial T-Shirts. (Though who would have thought that my Friends don't let friends use Windows shirt would cause complaints!) So I agree with your point. If you like the old BSDie, use it. If you like the new logo, use that. If you want something else, you are free to roll your own. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Need to build a new mail server
On May 30, 2008, at 10:39 AM, DAve wrote: That so much time and effort is spent telling everyone how bad qmail is still amazes me. Is it still the case that qmail does not reject mail during SMTP transaction, but instead will do an accept and then later bounce? If this is still true, then I don't care if qmail turns out to be a great way to manage your mail server. It is a terrible network citizen. Anyway, here are my personal prejudices about MTAs: Sendmail: There was a time when I would set things up for clients with sendmail because if I got hit by a bus, there were more people around with sendmail skills then exim skills. Also there was a time when only sendmail did milters. (And of course there was a time when there was only sendmail). But my feeling about sendmail has always been that it was designed backwards in that things that should have been hard coded (parsing 822 addresses) were done in the configuration file and things that should have been configurable (throttling intervals) were hard coded. For someone with a simple set-up using FreeBSD, sendmail may be the best choice still because it is already there. Likewise for someone who wants to have their MTA to factor numbers or solve the towers of hanoi, sendmail is for them. exim: If I were setting up a large complicated installation for say an ISP or a mail hosting system, exim is what I would use. I've heard people say that they didn't understand the configuration file, but I don't see what the problem is. It is straight forward and direct. You just need to remember that in some sections of the configuration file, the order of directives matter. exim also has this built-in procmail replacement (exim filters) in its mail delivery. Of course, sieve has largely replaced the need for this. postfix: This would be my first recommendation to someone starting from the beginning for most sites. If there is no legacy need for sendmail, and we are not talking about very large and complex arrangements requiring exim, then postfix solid, reasonably flexible, easy to set up and probably now has a user base to rival sendmail. I have never managed a qmail, Lotus Notes or MS Exchange system. But my MTAs have had to interact with them. I feel that they should never be allowed to face the Internet. They are just too loose in their interpretations of standards and conventions. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD based router ...
On May 29, 2008, at 1:36 AM, Wojciech Puchar wrote: that's the adventage. but edimax 6104K router with 5 ethernets running netbsd is both cheaper smaller and faster with it's 175Mhz 2 instr/cycle MIPS CPU. 16MB RAM+2MB flash isn't much but enough to fit. I will keep that in mind the next time I need to build or recommend or purchase such a device. I wasn't aware that you could get NetBSD with enough usable tools on 2MB, but I see that now. Thank you, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD based router ...
On May 28, 2008, at 11:06 AM, Rob wrote: These guys have a 2 or 4 port nic for $100: http://www.soekris.com/lan16x1.htm For small and medium sized enterprises that really just need firewall, NAT, static routing and are fine with 100Mb ether on the router, I've been happy with using soekris net48XX boxes using m0n0wall http://m0n0.ch/wall/ or pfsense http://www.pfsense.com/ both FreeBSD based. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD based router ...
On May 28, 2008, at 3:08 PM, Wojciech Puchar wrote: For small and medium sized enterprises that really just need firewall, NAT, static routing and are fine with 100Mb ether on the router, I've been happy with using soekris net48XX boxes using m0n0wall small but expensive. used 486-pentium hardware is for free. 486 hardware with three NICs, a CF drive, and run off of a few watts of DC power tend not to free. But of course a free 486 box may very well fit your needs. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bind DNS
On May 22, 2008, at 9:10 PM, Ruel Luchavez wrote: Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? DNS is not the right level to be doing that unless you know that the images are actually served from a different server than the other content on the site (which is unlikely). An HTTP proxy, Squid in particular, will be the right tool. About a year ago, I saw a description where someone had put in a filter in Squid to blur or rotate all images. The screen shots of that where hilarious, but I can't remember exactly where this was posted. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Lock down the all-staff email list? sendmail, alias, majordomo?
On May 19, 2008, at 10:23 AM, brad davison wrote: Our company has a sendmail server 8.13.8 running on FBSD 6.2 with procmail. We currently have an alias set up for our all-staff email (we only have about 200 users). Someone recently sent out an email to the all-staff that someone didn't like, so now I have to restrict who can send to it. or B) a list program like majordomo or something that I can keep people from using who isn't 'the boss'? That is the option I recommend. Look at the mailman port. Mailman is a very nice (though not perfect) mailing list management system. I see that there is also a port for majordomo if that is what you prefer. But I find that mailman is easier for my users to cope with. What is the best way to have a list that only certain users are able to send to? I am open to suggestions that will get me out of this situation. You have already given the answer. Use a mailing list management system like majordomo. I recommend mailman. By the way, mailman is what is used for managing the FreeBSD mailing lists. The announce list is set up so that only certain individuals can post to it. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: telnet to mail server from outside does not get 220, telnet from inside works
On May 12, 2008, at 9:04 AM, brad davison wrote: But if I try the same thing from 'outside' the firewall I get: %telnet email..com 25 Trying 67.x.x.x... Connected to email.xxx.com. Escape character is '^]'. Connection closed by foreign host. Have you checked to see what your mail logs say about those connection attempts? Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: living with freebsd
On May 5, 2008, at 12:12 AM, prad wrote: i'd like to know how people live with freebsd. My FreeBSD systems are light weight servers only, so what I do is specific to my circumstances and tastes. do you use only ports or only packages or a mixture? I only use ports, but I suppose that if I had some really large things to install like OOo, I would consider using packages. do you upgrade from version to version using freebsd tools or do it manually? I use csup and will rebuild world and the kernel as needed. I've got a fairly stripped down kernel to improve boot times. But again, I kind of find it cool to compile the whole OS. It may be irrational and non-optimal. That's why I said some of this is a matter of taste as well as circumstances. My choice of when to upgrade the OS really depends on what I need. I don't like to be too far behind. I recently moved one system for 7.0 RELEASE to 7 STABLE because of a specific fix that affected one of my systems. do you have a different approach regarding the above depending on whether it is for a server or a desktop? I suspect that for a desktop, I would be more tempted to keep closer to GENERIC and use packages. But I only have FreeBSD servers on which I don't even run an X11 server. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Question about a recent installation
On May 5, 2008, at 6:17 PM, doug wrote: To give limited priviledges I think sudo (as in linux??) would be used. I concur that sudo is really a very good way of managing privileges. I don't even know the root passwords on the systems that I administer (OK, I do have them stored in a nice secured place if I ever do need them). Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Installing PERL modules from CPAN (instead of ports)
On May 4, 2008, at 11:59 AM, Sahil Tandon wrote: Yes, making a new port is the easiest way to install something from CPAN. I do prefer to keep everything organized in ports, so I created my first port: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/123382 Let's hope I didn't totally mess it up. :-) I found myself in an identical position and did the same thing (created a port for the first time) for Lchown. I suspect that now that I've overcome the initial barrier, I will be submitting more ports. And I might even remember to attach the .shar file to my PR next time. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [CRON] Recommended FTP client to download and upload files?
On May 3, 2008, at 9:46 AM, Gilles wrote: I need to run a CRON job to download files from one FTP server if they're more recent, and upload them to another FTP server. The files all live in one directory, so there's no need for recursion. What command-line FTP client would you recommend for this? lftp in ports. It is very scriptable and has built in facilities to only copy newer files. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problems mounting by label
I am trying to set up labels on a USB HD so that I can mount it in the same place each time I connect it. The short version is that from what I've done (which I will detail below) when I try to $ sudo mount /dev/ufs/Back1s1 /Volumes/Back1 mount: /dev/ufs/Back1s1 : Invalid argument While $ sudo mount /dev/da4s1 /Volumes/Back1 does work. Using the latter defeats the purpose however, since I want eventually to mount things to a different mount point depending on their label. Here is more detail of what I've done so far. I'm running RELENG_7_0 One thing that I've noticed is that /dev/da4s1 and /dev/ufs/Back1s1 have different device numbers: ls -l /dev/da4* /dev/ufs crw-r- 1 root operator0, 121 Apr 10 03:57 /dev/da4 crw-r- 1 root operator0, 122 Apr 10 03:57 /dev/da4s1 /dev/ufs: total 0 crw-r- 1 root operator0, 123 Apr 10 03:57 Back1 crw-r- 1 root operator0, 124 Apr 10 03:57 Back1s1 But that might not mean anything. I first used fdisk to change the active slice to be of FreeBSD type (I'm not planning on using these disks for other systems.) Here is what fdisk currently reports $ fdisk /dev/da4 *** Working on device /dev/da4 *** parameters extracted from in-core disklabel are: cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=9729 heads=255 sectors/track=63 (16065 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 16065, size 156280320 (76308 Meg), flag 80 (active) beg: cyl 1/ head 0/ sector 1; end: cyl 512/ head 254/ sector 63 The data for partition 2 is: UNUSED The data for partition 3 is: UNUSED The data for partition 4 is: UNUSED I also used glabel to try to get a label on it, but couldn't see how I could use the glabel information for mounting. here is what glabel reports for the device $ glabel dump /dev/da4s1 Metadata on /dev/da4s1: Magic string: GEOM::LABEL Metadata version: 2 Label: Backup 1 So not knowing how to use the glabel information for mounting I used the -L option to newfs when I created the USF2 filesystem on /dev/da4s1 $ tunefs -p /dev/da4s1 tunefs: ACLs: (-a) disabled tunefs: MAC multilabel: (-l) disabled tunefs: soft updates: (-n) disabled tunefs: gjournal: (-J) disabled tunefs: maximum blocks per file in a cylinder group: (-e) 2048 tunefs: average file size: (-f)16384 tunefs: average number of files in a directory: (-s) 64 tunefs: minimum percentage of free space: (-m) 8% tunefs: optimization preference: (-o) time tunefs: volume label: (-L) Back1 [EMAIL PROTECTED] /dev/ufs]$ (oops, I probably should turn on ACLs for this, but that is another matter). Any pointers to help in getting this slice mountable in the same place every time. I feel like I must be very close to how this should be done, but something is a bit off. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Pine Corupting Inbox
On Apr 21, 2008, at 12:53 PM, Chris Maness wrote: I think that pine is corrupting my inbox, so that it is unreadable by UW-IMAPD. When using squirrelmail after using pine I see the headers, but squirrelmail is unable to open the e-mails. When you read your mail with (al)pine with it picking up mail directly from /var/spool/mail, (al)pine will move the mail from /var/spool/mail into mailbox folders in your home directory. Now normally, this puts the mail in a place where it can still be picked up by uw-imap server. Indeed, under default configurations the uw-imap server will perform pretty much the same action when it gets new mail out of /var/spool/mail. So when everything is working right, even reading the mail locally with pine shouldn't mess things up as they have for you. I switched over to alpine since I do understand that pine is no longer supported. If other people have experienced this it would be nice to have at least a notice when it is installed. I have used pine for almost 10 years without this problem, but maybe this is an incompatability with a newer version of UW-IMAPD. Here is what I would do to start diagnosing my first guess at the problem: (1) Set up (or use) a clean vanilla user account, say fred. (2) Send fred mail. (3) log in as fred and have fred read mail with pine, with as close to a default configuration as possible. (4) See if fred can see his mail via squirrelmail. If so (5) Look around ~/fred to find where pine put the mail. (6) Compare the mail file locations for ~/fred and for you. (7) If there are difference (which is what I'm expecting), then look through your .pinerc Post back a report about how those steps go. If things break at step 4, then still do step (5) and report that back here. Good luck. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
USB HD based backup schemes
I am hoping that this is on-topic for the questions list. If not, I apologize. I have a couple of FreeBSD systems, and I must confess that I haven't set systematic back-ups of them. I've taken a quick look at both the Bacula and Amanda documentation, but for reasons below I'll list why I don't think that they are idea for my rather simple situation. Each system has less than 20G to be backed up, including OS and ports. One of the systems, dobby, is physically difficult to get to. I would like dobby to be a network client for backup. The other, kreacher, is more conveniently placed, and actually has a cool little USB hard-drive drive dock. I've tested that and it works. I'd like this other machine So far, what I've been doing is running level 0 dumps on both kreacher and dobby. In each case, I've had enough space in /tmp to create dump files in /tmp. When done on kreacher, I've copied them over to a USB drive. The ones from dobby I've scp'ed over to kreacher. At worst I could script this, but it I can't be sure I'll always have the space in /tmp. I need to get the mounting of the USB drive clean and stuff like that. Also, always running Level 0 dumps is bad for a number of obvious reasons. My needs aren't to be able to always have the ability to recover some file to the state it was a week ago Thursday. (I wouldn't mind that, but that's not my primary goal). My primary goal is disaster recovery: In the event of a disk crash, fire, or I really mess up the system. Kreacher will shortly be running mysql-server with a couple of very small databases. Otherwise this are pretty static servers (light mail, DNS, DHCP, light HTTP). Neither machine can hold additional disks internally or is otherwise expandable. Both Amanda seems designed for back-up to tape. Bacula, frankly, seems too complicated. I'm sure that I could roll my own with dump or such, but I'm sure that I would leave important things out and that this has already been done by people who are smarter and more experienced than I am. So recommendations please. -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Pine Corupting Inbox
On Apr 26, 2008, at 2:58 PM, Chris Maness wrote: I am not having any problems whith other users, Then my suspicion grows stronger that something in your own particular pine configuration is putting your mail in a place where imapd can't see it. So in addition to what I've suggested, have you looked for any errors logged by imapd in your system logs? Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: USB HD based backup schemes
On Apr 26, 2008, at 3:38 PM, David N wrote: We used to use RSnapshot http://www.rsnapshot.org/ to backup to an external disk, its a great tool that also does incremental via hard links which is a plus. Just after I posted, I started thinking about rsync. I hadn't known about rsync's hard link feature. So once I saw that, the trail did lead me to rsnapshot. The only thing I don't like about it is the security hole it demands of remote machines to be able to back up to them. so to recover, you have to reinstall the base OS and rsync the files back to get it up and running again. I'd be happy with that. It may have problems locking active files, I've never tested it with a DB before. I can also take a DB snapshot before running the dump. But since then, we've moved to bacula. Bacula does look impressive. I'll probably get there some day. If I can deal with the security issue for the remote back-up this will be a perfect solution. If I can't I won't do remote back-up on the machine that is awkward to reach, I'll just have to re-arrange things. Thanks. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Email processing in Python (was: e-mail processing in C)
On Mar 24, 2008, at 2:04 PM, Patrick C wrote: Another option would be to dig out the associated code in pine, elm, or whatnot. See how they access mail. What is used in pine (now alpine) is the c-client libraries already mentioned in another post. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
em0: watchdog timeout after move from 7-PreRelease to 7-RELENG
I just updated to 7-RELENG using csup and compiling from source a machine that had been happily running with a Intel PRO/1000 GigE card on 7-PRERELEASE Building went fine, but as soon as I booted multiuser, I had my network connection go up and down like a Yo-Yo. Here is an excerpt: Mar 7 16:34:40 kreacher em0: link state changed to UP Mar 7 16:34:40 kreacher em0: link state changed to UP Mar 7 16:37:52 kreacher em0: watchdog timeout -- resetting Mar 7 16:37:52 kreacher em0: link state changed to DOWN Mar 7 16:37:52 kreacher em0: link state changed to DOWN Mar 7 16:37:56 kreacher em0: link state changed to UP Mar 7 16:37:56 kreacher em0: link state changed to UP Mar 7 16:38:08 kreacher em0: watchdog timeout -- resetting Mar 7 16:38:08 kreacher em0: link state changed to DOWN Mar 7 16:38:08 kreacher em0: link state changed to DOWN Mar 7 16:38:12 kreacher em0: link state changed to UP Mar 7 16:38:12 kreacher em0: link state changed to UP Mar 7 16:38:22 kreacher em0: watchdog timeout -- resetting Mar 7 16:38:22 kreacher em0: link state changed to DOWN Mar 7 16:38:22 kreacher em0: link state changed to DOWN Mar 7 16:38:26 kreacher em0: link state changed to UP Mar 7 16:38:26 kreacher em0: link state changed to UP Mar 7 16:38:33 kreacher em0: watchdog timeout -- resetting Mar 7 16:38:33 kreacher em0: link state changed to DOWN There was nothing else stressing the system at the time. The load average was around 0.25 on a dual core system. Everything works fine if I use the on-board nfe ethernet port on the machine, but I would like to get Gigabit ether back working on this machine. I don't really know what sorts of information I need to be looking at or reporting. Any advice would be welcome. The only change on the system for many weeks has just been my move to 7-RELENG today which appears to have triggered the problem. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslogd not reading messages from a remote machine
On Jan 11, 2008, at 9:51 AM, Andy Greenwood wrote: I have recently set up a Fortigate-60 to run as a firewall/vpn on my home network. I have a FreeBSD 7.0-prerelease machine sitting behind it in the DMZ which is running ssh/web/etc. I'm trying to get the FG to log to the BSD box's syslog. I have set up the necessary stuff on the FG, and can send test logs from there to the bsd box. Running tcpdump on the bsd [...] So I know that the packets are getting to the machine. I've set up syslogd to accept packets from 10.10.10.1/32 in rc.conf, and confirmed that the FG's IP should be accepted [...] I've restarted syslogd after every change I've made, but no dice. Can anyone shed some light on why these messages aren't logging and what I need to do to fix it? I'm sure that there is a simple answer for getting syslogd to work properly. But after similar experiences to yours (on other systems), I now use syslog-ng (in ports) for any system that is going to be a remote syslog server. With syslog-ng, I can easily have my logs organized by originating host and day. I know this doesn't answer your syslogd question, but it might provide a useful solution for you. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Frequent DHCP requests from Wii
This is particularly a FreeBSD question, but finding that there isn't a newsgroup for DHCP (and I am running dhcpd on FreeBSD), I'll ask here. We've got a Wii in the house, and I've got an entry for it in my dhcpd.conf host wii { hardware ethernet 00:19:1d:dd:66:d3; fixed-address wii.ewd.goldmark.org; } which correctly resolves to 10.1.10.145 And everything works fine. However, the Wii keeps on making requests every few minutes. Here is a bit of the dhcpd logs. The requests come at irregular 1, 2, 5, and 9 minute intervals in this bit of the log. Jan 9 11:59:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 11:59:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:01:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:01:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:07:07 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:07:07 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:12:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:12:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:14:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:14:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:17:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:17:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:25:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:25:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:27:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:27:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:36:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:36:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:37:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:37:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:38:08 kreacher dhcpd: DHCPREQUEST for 10.1.10.145 from 00:19:1d:dd:66:d3 via em0 Jan 9 12:38:08 kreacher dhcpd: DHCPACK on 10.1.10.145 to 00:19:1d:dd: 66:d3 via em0 Jan 9 12:43:31 kreacher dhcpd: DHCPREQUEST for 10.1.10.146 from 00:80:77:88:6f:f1 via em0 Jan 9 12:43:31 kreacher dhcpd: DHCPACK on 10.1.10.146 to 00:80:77:88:6f:f1 via em0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frequent DHCP requests from Wii
On Jan 9, 2008, at 1:32 PM, Chuck Swiger wrote: Do you have an entry like: default-lease-time 10; ...in your dhcpd.conf? For the particular subnet, I've got this default-lease-time 14400; max-lease-time 172800; That might help convince the Wii to keep hold of its lease for a longer period of time without continuously renewing it every few minutes. Unfortunately that doesn't help. But I thank you and others for this suggestion. I'll try setting min-lease-time (currently unset) to something like 1200 and see if that helps. Otherwise, talk to Sega or whoever about their DHCP client... You and others have made the same comment. Even if Nintendo's DHCP client is obnoxious, I certainly have a greater chance of gaining a better understanding of what is going on by asking here than by approaching Nintendo. Basically what I wanted to know is whether what I'm seeing is anything to worry about. The answer is apparently not. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to not start syslogd
On Dec 30, 2007, at 10:44 PM, Bill Moran wrote: Jeffrey Goldberg [EMAIL PROTECTED] wrote: Putting syslogd_enable=NO into /etc/rc.conf did not prevent it from starting. The above works on every system I've done it to (which is quite a few). I suspect you've either got a typo in your rc.conf, [...] Yep. It was a typo. I should let this be a reminder to always copy and paste such things into email instead of retyping. What I had in my rc.conf was really syslog_enable=NO Notice the missing d'. Thanks. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to not start syslogd
On Dec 31, 2007, at 9:13 AM, DAve wrote: Jeffrey Goldberg wrote: Yep. It was a typo. I should let this be a reminder to always copy and paste such things into email instead of retyping. Small hint shown to me many years ago when enabling things in rc.conf. If I want to startup ipfilter for example (trimmed to avoid wrapping). bash-2.05b# cat /etc/defaults/rc.conf | grep ^ipfilter Returns the following, ipfilter_enable=NO# Set to YES to enable ipfilter ipfilter_program=/sbin/ipf# where the ipfilter program lives ipfilter_rules=/etc/ipf.rules # rules definition file for ipfilter, ipfilter_flags= # additional flags for ipfilter If it looks like what you want then write it into your running rc.conf, cat /etc/defaults/rc.conf | grep ^ipfilter /etc/rc.conf Then you can edit to enable, add flags, etc. Cures the typos. Thank you! That is a very nice tip. -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to not start syslogd
I've installed and configured syslog-ng from ports and no longer wish to have the standard syslogd run. Putting syslogd_enable=NO into /etc/rc.conf did not prevent it from starting. Of course I can see lots of ways of preventing syslogd from starting. I could remove the binary, I could remove /etc/rc.d/syslogd, but I would like to know if there is a recommended, easy to undo, and update resistant way of doing this. Thanks, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog-ng not logging
On Dec 26, 2007, at 9:40 PM, Peter Boosten wrote: Quoting Livia Markoczy [EMAIL PROTECTED]: syslog_ng_config=-u daemon But nothing has logged anywhere, including to console, since the time I killed the system syslogd. file permissions. While your syslog-ng runs as daemon, it has no permission to log to files owned by root (syslogd). I solved that by logging into a different subdir owned by daemon. OK thanks. (I am the original poster, but I'd accidentally posted using my wife's role). Is there any reason not to simply do a cd /var/log chown -R daemon . also chown daemon /dev/console for console logging. Will log rotation preserve daemon ownership? Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: syslog-ng not logging
On Dec 27, 2007, at 10:40 AM, Peter Boosten wrote: Quoting Jeffrey Goldberg [EMAIL PROTECTED]: Is there any reason not to simply do a cd /var/log chown -R daemon . I think (but I'm not sure) that permissions will be reversed by mtree. This is the first I've heard of mtree. I just looked mtree(8), but I take it that mtree is run periodically somehow to fix things. Do you know where? I can always keep my logs in some place other than /var/log if this is an issue. also chown daemon /dev/console Won't work either. *if* you're going to do that you should alter / etc/devfs.conf More things to learn. I'm not really concerned about logging to console anyway, as the machine will run headless most of the time. Will log rotation preserve daemon ownership? Never used the *traditional* log style with syslog-ng, I stored everything per day/month/year/server. I'm doing that for hosts that this is the remote syslod server for. I'm using /var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY-$YEAR$MONTH$DAY for everything coming from the udp source. I suppose I could just add localhost under HOSTS to do a similar destination for everything else, though there I would probably have FACILITY be the major categorization I ended up running syslog-ng as root, which is probably a bad idea as well, so I cannot give you any advice on this one. It sounds like using something other than /var/log for a destination makes the most sense. I won't promise anything, but if I get to grok this all better, I'll submit a pr for syslog-ng which includes a pkg-message and a FreeBSD README. (I had to look in the startup script for instructions on how to enable syslog-ng). Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
hangs instead of reboots on HP s3220n
I have an HP s3220n which will boot just fine, but won't reboot. I noticed this first with the OEM Vista that I played with for a bit before starting to install FreeBSD, but didn't pay much attention to it then. Now when I do a shutdown -r now I get a proper shutdown with the last line on the console saying Rebooting The power stays on, but the machine just hangs at that point. I looked through BIOS settings and all that I found that was possibly meaningful was to reboot after power failure, which I've enabled. But that doesn't help. Although I think that the problem is well before the OS plays any role, the system is running 7.0 Beta 4. This happened with the GENERIC amd64 kernel as well as with my custom one. This machine will be tucked away in a closet and I don't want to hold the power switch to get it to reboot. Any suggestions would be welcome. And if I didn't provide enough information, just let me know what y'all need. Cheers, -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: hangs instead of reboots on HP s3220n
On Dec 21, 2007, at 3:26 PM, Jeffrey Goldberg wrote: I have an HP s3220n which will boot just fine, but won't reboot [...] I get a proper shutdown with the last line on the console saying Rebooting The power stays on, but the machine just hangs at that point. Never mind. It just takes a really long time before anything visible happens on the monitor. At least a minute, though less than 10 minutes. (I waited one full minute and then I left the room, returning 10 minutes later.) Next time I reboot, I'll time it properly. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
which cputype for Althon 64 X2 Dual Core
I'm building a new server with 7.0 BETA4 (it will track stable) with the following CPU CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ (2600.02-MHz K8- class CPU) Origin = AuthenticAMD Id = 0x60fb1 Stepping = 1 Features = 0x178bfbff FPU ,VME ,DE ,PSE ,TSC ,MSR ,PAE ,MCE ,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT Features2=0x2001SSE3,CX16 AMD Features=0xea500800SYSCALL,NX,MMX+,FFXSR,RDTSCP,LM,3DNow!+, 3DNow! AMD Features2=0x11fLAHF,CMP,SVM,ExtAPIC,CR8,Prefetch Cores per package: 2 What optimizations should I make in make.conf? The example make.conf says AMD64 architecture: opteron, athlon64, nocona, prescott, core2 But I don't know whether althon64 or core2 would be the safest and most appropriate. Also GENERIC for amd64 lists cpuHAMMER is that the best (only) choice? And if not, where can I find a list of alternatives? I didn't find anything in the NOTES files telling me what was available. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: which cputype for Althon 64 X2 Dual Core
First of all, thank you very much for your response. I have some follow up questions below. On Dec 21, 2007, at 6:45 PM, Chuck Swiger wrote: On Dec 21, 2007, at 4:33 PM, Jeffrey Goldberg wrote: What optimizations should I make in make.conf? A reasonable starting point is no special optimizations, and simply disable debug options like WITNESS, INVARIANTS, etc. I didn't see mention of these in the example make.conf so I don't know how to disable those if they are enabled in the first place. If you plan to go beyond that, you'll need to start by doing some benchmarks [...] I'm after the low hanging fruit and I don't really have the inclination to do such extensive tuning. I was just wondering if there is anything obvious. The example make.conf says AMD64 architecture: opteron, athlon64, nocona, prescott, core2 But I don't know whether althon64 or core2 would be the safest and most appropriate. Also GENERIC for amd64 lists cpuHAMMER is that the best (only) choice? Yes, as far as AMD64 code goes. You could always switch down to running in 32-bit mode, though. That answer the question for the kernel configuration. But what should I put in make.conf as cputype? Right now, I've just left it unspecified. I started a make buildworld and was surprised to see that it is using -O2 -fno-strict-aliasing -pipe even though I didn't tell it to do so. -O2 sounds like an odd default when it appears to be recommended against. Where should I look for the defaults? Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]