* Stuart Henderson (s...@spacehopper.org) wrote:
On 2012-11-28, Chris Smith obsd_m...@chrissmith.org wrote:
Also wonder why anyone in their right mind would use FTPS!?
Because they can just hack it on top of their crusty old ftp server
software, whereas using sftp would need much bigger
(It seems like some of my mail do not go through to misc@, perhaps some of my
ISPs outgoing mailservers are blacklisted..?)
* Peter N. M. Hansteen (pe...@bsdly.net) wrote:
http://undeadly.org/cgi?action=articlesid=20120604050025 and references
therein show a 'works for me' example config
* Kurt Mosiejczuk (kurt-openbsd-m...@se.rit.edu) wrote:
Jan Stary wrote:
Strangely, the only occurence of 2.139.201.210 in the last month's
maillog is just this; that's half an hour after it got WHITE.
What happend at Mon Oct 29 14:49:24 CET 2012 that made it WHITE?
Anyway, it seems
* Andy Bradford (amb-open...@bradfords.org) wrote:
Thus said Joakim Aronius on Thu, 01 Nov 2012 17:54:28 BST:
!!spamd
daemon.err;daemon.warn;daemon.info /var/log/spamd
daemon.err;daemon.warn;daemon.info @logserver
A careful reading of man
Hi,
A quick question on syslog to remote servers.. I would like to log my spamd
logs localy and to a remote server, first I tried to ad a second row to
syslog.conf pointing at the logserver:
!!spamd
daemon.err;daemon.warn;daemon.info /var/log/spamd
* Boudewijn Dijkstra (sp4mtr4p.boudew...@indes.com) wrote:
Op Tue, 16 Oct 2012 22:01:54 +0200 schreef Joakim Aronius
joa...@aronius.com:
Any ideas on what I am doing wrong?
I would guess that there is a mistake in your pf.conf.
Yep. I had added a 'log' keyword to the redirect rule
* Otto Moerbeek (o...@drijf.net) wrote:
Op 17 okt. 2012 om 09:16 heeft Joakim Aronius joa...@aronius.com het
volgende geschreven:
Yep. I had added a 'log' keyword to the redirect rule for spamd (incoming 25
- 8025) to get some 'observability'... Spamlogd caught that log entry and
immediately
Hi all,
I need somone to hit me with a clue-by-four..
Im trying to set up spamd and greyscanner to trap a flood of incoming spam. Now
running with default settings for spamd and with recomended pf.conf rules.
Can't get it to work properly..
joakim@heimdall$ uname -rsv
OpenBSD 5.1 GENERIC#160
* Remi Locherer (remi.loche...@relo.ch) wrote:
On Fri, Aug 31, 2012 at 09:01:44PM +0200, Joakim Aronius wrote:
* Remi Locherer (remi.loche...@relo.ch) wrote:
Hi
I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
provides IPv6 but somehow with a strange setup
* Remi Locherer (remi.loche...@relo.ch) wrote:
Hi
I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
provides IPv6 but somehow with a strange setup. I got something like the
following from them:
Gateway Address: 2001:db8:1:1110::1/64
Subnet I can use:
I have used Soekris for a few years and are very happy with them. They have a
new board that will start shipping soon: http://soekris.com/net6501.htm
/J
* Ivo Chutkin (open...@bgone.net) wrote:
from pf.conf:
pass in log on $ext300 proto tcp from spamd to any port smtp
rdr-to 127.0.0.1 port spamd
pass in log on $ext300 proto tcp from spamd-black to any port smtp
rdr-to 127.0.0.1 port spamd
Hard to tell as you only show parts of the
* Hugo Osvaldo Barrera (h...@osvaldobarrera.com.ar) wrote:
I've used it on my personal e-mail server since December, and it's
worked just fine, no issues, crashed, nothing unusual.
Me too, I switched to smtpd when I replaced my mailserver a little while ago.
After using OpenBSD/sendmail for
* Ted Unangst (ted.unan...@gmail.com) wrote:
On Wed, Feb 2, 2011 at 11:23 AM, Martin Schrvder mar...@oneiros.de wrote:
2011/2/2 Henning Brauer lists-open...@bsws.de:
who sez that your made up isp has to hand out network-wide unique IPs
to his customers?
AFAIK Comcast already has 2^24
* Joakim Aronius (joa...@aronius.com) wrote:
..dont want to fuel a flame war here but i heard stuff like ATT is using 40
instances of 10/8 indicates that big operators needs to bend themselves
backwards to get their stuff together.
Need to correct myself there, should be Verizon Wireless
* Martin Schrvder (mar...@oneiros.de) wrote:
Carrier grade NAT is less bullshit than ipv6. :-)
Arbor networks just released their new 'Worldwide Infrastructure Report' which
was interesting. In particular the rising threat of DDOS and the use of
statefull network gear in mobile networks, such as
* L. V. Lammert (l...@omnitec.net) wrote:
Have you ever tried to read the TOS? Any such organization with unlimited
legal resources can do whatever the wish - as long as it's not contrary to
the current legal winds, they will get away with it.
In a legal sense yes. In a business sense,
* Stuart Henderson (s...@spacehopper.org) wrote:
On 2010-11-23, Joakim Aronius joa...@aronius.com wrote:
Hi,
This looks like a nice, small and cheap server:
HP ProLiant AMD Athlon II NEO N36L
http://www.newegg.com/Product/Product.aspx?Item=N82E16859105905
However, there seem
Hi,
This looks like a nice, small and cheap server:
HP ProLiant AMD Athlon II NEO N36L
http://www.newegg.com/Product/Product.aspx?Item=N82E16859105905
However, there seem to be some HP stuff in there which Im not sure is supported.
Ethernet Controller
Embedded NC107i PCI Express Gigabit
* Martin Pelikan (martin.peli...@gmail.com) wrote:
2010/9/7, Claudio Jeker cje...@diehard.n-r-g.com:
As soon as you spilt a /64 into something smaler you left IPv6 land end
entered something that looks like IPv6 but isn't. Sure it is possible but
by doing it you make every IPv6 disciple
* Jean-Francois (jfsimon1...@gmail.com) wrote:
Is it possible to use the rule given by Stuart Henderson as follows ?
rdr pass on $ext_if proto tcp to port 1024:65535 - 10.0.1/24
Depending on what you want to accomplish. With the above rule the incoming
traffic to i.e. port 1024 will be
* Jean-Frangois SIMON (jfsimon1...@gmail.com) wrote:
2010/2/7 Bret S. Lambert bret.lamb...@gmail.com
No, you'd have to so a seperate rdr line for each backend host.
Would a rule like this one work (2 lines).
rdr pass on $ext_if proto tcp from any to any port 1024:65535 - 10.0.1.32
rdr
* Ingo Schwarze (schwa...@usta.de) wrote:
situation, so i consider tedu@'s question unanswered. I'm not even sure
there is a good solution at all: Jan Stary and Jonathan Thornburg have
presented strong arguments indicating that run it manually at the time
you want it might be the best answer.
* Steve Shockley (steve.shock...@shockley.net) wrote:
On 1/24/2010 2:48 PM, Ted Unangst wrote:
Cron runs the weekly update script every Saturday at 3:30am. If you
use a laptop or other desktop, your computer probably isn't on then.
So the locate and whatis databases never get updated unless
For the ad-part I use bind with config file from this place:
'http://pgl.yoyo.org/adservers/'
Good enough for mee so far. (I will probably need to increase my security
posture as my kids get a little older..)
Cheers,
/Joakim
Hi,
An update for the internet archive..
The USB controller died on me (had to remove the PCI card to boot the machine)
so the earlier problems were probably related to that.
Cheers,
/Joakim
/var/log/messages:
Jan 5 04:21:49 maya /bsd: ehci0: unrecoverable error, controller halted
Jan 5
* Jon Simola (jsim...@gmail.com) wrote:
On Thu, Dec 17, 2009 at 9:31 AM, Mauro Rezzonico l...@ch23.org wrote:
Mount under /usr/backup, or /var/backup, or /tmp/backup or whatever!
And/Or wrap the backup script with something that checks for the mount.
Thanks, I will do both and throw in a
Hi,
I have an old home server which ran out of disk space so I added a big disk
over USB which I use for backup (mounted on /backup). Problem is that it has
happened a few times that the USB controller has crapped out resulting in the
disk being dismounted and the backup filling out /. I then
* Todd T. Fries (t...@fries.net) wrote:
Must is there, granted. For IPSec tunnels encapsulating IPv6 inside IPv4,
there are tricky problems that were looked at during n2k9 but not solved
that prevent the proper icmp6 too big message from being sent with the
proper source address to match the
* Stuart Henderson (s...@spacehopper.org) wrote:
On 2009-12-10, Jonas Thambert jonas.thamb...@sitic.se wrote:
Like a month ago we got a complain from a user that our website
was unreachable over IPv6. We have 2x Native Ipv6 transits. The user
had bought IPv6 from an ISP thay uses tunneling
* Stuart Henderson (s...@spacehopper.org) wrote:
On 2009/12/11 14:14, Joakim Aronius wrote:
Could someone please hit me with a clue stick if I am wrong here...
If there is tunnel reducing the MTU then the tunnel endpoint should
send an ICMPv6 packet too big to the sender.
You can't rely
* BARDOU Pierre (bardo...@mipih.fr) wrote:
Hello,
I had a working ipsec tunnel this morning :
Dec 04 09:30:35.086117 rule 375/(match) pass in on vlan100: 10.80.2.135.4685
10.96.37.1.23: S 2120140262:2120140262(0) win 64512 mss
1460,nop,nop,sackOK (DF)
Dec 04 09:30:35.086154 rule
* Henning Brauer (lists-open...@bsws.de) wrote:
* Joakim Aronius joa...@aronius.com [2009-12-01 15:54]:
* Henning Brauer (lists-open...@bsws.de) wrote:
* Alastair Johnson att...@googlemail.com [2009-12-01 12:00]:
Got the following error on 2 identical firewalls last night
* Henning Brauer (lists-open...@bsws.de) wrote:
* Alastair Johnson att...@googlemail.com [2009-12-01 12:00]:
Got the following error on 2 identical firewalls last night:
uvm_fault(0xd0891180, 0x0 0, 3) - e
kernel: page fault trap, code=0
Stopped atpf_test_rule+0xa87: movl
* Stuart Henderson (s...@spacehopper.org) wrote:
On 2009-10-18, Mats Erik Andersson ynglinga...@yahoo.se wrote:
I face a tricky problem when OpenBSD 4.4 initiates interfaces
with ipv6 addresses. My setting is a router supposed to route
ipv6 traffic __without__ tunneling:
rl0:
Yeah, this is useful for manually maintaining a list of domains for which you
want to check spf records and update the whitelist. I.e. domains such as
hotmail.com and google.com which fulfill the following requirements:
a) use round-robin sending mailservers
b) are somehwat trusted
I do this
* Michiel van Baak (mich...@vanbaak.info) wrote:
On 09:06, Wed 22 Apr 09, Janne Johansson wrote:
Lars Nooden wrote:
Alexander Hall wrote:
Lars Nooden wrote:
Sometimes I have to set up a LAN inside a pre-existing NAT'd LAN and
traffic from the inner LAN (B) does not make it to the
Thanks!
/J
* Ingo Schwarze (schwa...@usta.de) wrote:
Hi Mark,
Mark Bucciarelli wrote on Fri, Mar 13, 2009 at 08:17:23AM -0500:
Mar 13 08:52:01 crosscutmedia ftpd[1728]:
connection from pool-68-239-27-14.bos.east.verizon.net [68.239.27.14]
Mar 13 08:52:09 crosscutmedia ftpd[4218]:
* Diana Eichert ([EMAIL PROTECTED]) wrote:
I realize the landisk platform wasn't added until 4.1 and 4.1 is not yet
officially released on the ftp site, but I haven't seen much from other
users. It wasn't that hard to download a miniroot, dd it to the landisk
hard drive, cvs src with
kern.osrelease seem more appropriate.
Cheers,
/jkm
* Will Maier ([EMAIL PROTECTED]) wrote:
On Thu, Aug 03, 2006 at 12:11:08PM -0400, David T Harris wrote:
The easiest way to install firefox on OpenBSD or any other package
(that is available from OpenBSD) is to download the package from
Why?
You say that you block SSH on 1,2,3 and then that you want to do something MORE
on 4? You probably already have 'block all' and then allow ssh on one of your
boxes, thats it.
Maybe you want an IDS system or a SSH tarpit, but this is not the job for pf.
Tobias Ulmer made some good points
Ordering from Wim (kd85.org) works great, there is no point in using other
resellers than the two alternatives on openbsd.org.
/jkm
* Henrik Borgh ([EMAIL PROTECTED]) wrote:
On 5/4/06, Michael Erdely [EMAIL PROTECTED] wrote:
As soon as you see pre-orders are up, order. I did
and have had
Hi,
Your complete pf.conf and the relevant pf log entries would be helpful. I had
the same problem after upgrading to 3.9. Turned out to be an old antispoof rule
in my (then) too messy pf.conf which blocked incoming traffic on the external
interface with a destination address on the internal
Hi,
Note that the PCI slot is 3.3V only, most WiFI PCI cards i have looked at are
5V. My guess is that you have to go with MiniPCI (but i might be wrong).
Cheers,
/Joakim
* Lasse Bach ([EMAIL PROTECTED]) wrote:
Hi all,
I wrote a message about OpenBSD hardware recommendations some time
* Joachim Schipper ([EMAIL PROTECTED]) wrote:
On Wed, Apr 19, 2006 at 04:22:06PM +0200, Jasper Bal wrote:
Any hints? Did I do something wrong? Is there a fix? Or do I have to
travel 400 km?
Is sendmail listening to incoming connections? If so, you might have a
chance to exploit it to
Hi,
I couldn't find any decent ath based cards either so i got a couple of ral
instead. Works ok on 3.8 except that hostap hangs the box sometimes(bummer) but
that seems to be fixed in 3.9. Ralink also seems to be one of few decent
companies that releases documentation. I don't buy anything
Also note the different between ifconfig -M run under user and superuser
permissions, sudo ifconfig -M if is what you want.
/jkm
* Nikolai N. Fetissov ([EMAIL PROTECTED]) wrote:
On Thu, February 16, 2006 11:17 am, Ramiro Aceves wrote:
Hi OpenBSD fans.
I have been googling around and have
Hi Anders,
From your dmesg:
pcibios0 at bios0: rev 2.1 @ 0xfd7a0/0x860
From RAL(4)
CAVEATS
PCI ral adapters seem to strictly require a system supporting PCI 2.2 or
greater and will likely not work in systems based on older revisions of
the PCI specification.
/jkm
* Anders
* Jonathan Gray ([EMAIL PROTECTED]) wrote:
On Mon, Jan 23, 2006 at 12:36:46PM +0100, Joakim Aronius wrote:
Hi Anders,
From your dmesg:
pcibios0 at bios0: rev 2.1 @ 0xfd7a0/0x860
From RAL(4)
CAVEATS
PCI ral adapters seem to strictly require a system supporting PCI 2.2
but it was not possible to send any
traffic. I returned my card so i cant do any further testing.
/jkm
* Anders Normann ([EMAIL PROTECTED]) wrote:
Joakim Aronius skrev:
Hi Anders,
From your dmesg:
pcibios0 at bios0: rev 2.1 @ 0xfd7a0/0x860
From RAL(4)
CAVEATS
PCI ral adapters seem to strictly require
Hi,
I use DNS to solve this too. Got my list from http://pgl.yoyo.org/adservers/
which can generate config files in a bunch if different formats. Works great.
Cheers,
/jkm
* Nick Holland ([EMAIL PROTECTED]) wrote:
Stuart Henderson wrote:
On 2006/01/22 12:39, Peter Fraser wrote:
Rather
Hi,
Implemented these rewrite rules a while ago (think someone on this list
suggested it):
IfModule mod_rewrite.c
RewriteEngine on
# RewriteLog logs/rewrite.log
# RewriteLogLevel 1
RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.dhs.gov
RedirectMatch permanent (.*)root.exe(.*)$
Second that.
Just ignore personal mails sent to misc@, theo is perfectly capable of
answering mails, if he wish to.
Lets try to keep the signal to noise ration on a decent level, keep OT mails
off-list.
Cheers,
/jkm
* Kevin R ([EMAIL PROTECTED]) wrote:
[snip]
The only thing that spoils
Congrats from Mongolia.
and Happy birthday from Sweden!
Cheers,
/Joakim
I second that. Blocking ssh access from Linux hosts removes 95% of these
attacks. Simple and effective.
block drop in log quick on $ext_if proto { tcp, udp } from any os Linux to any
port ssh label Block ssh from Linux hosts
/jkm
* Nick Ryan ([EMAIL PROTECTED]) wrote:
You could use pf to
Hi,
Post a dmesg.
I had a similar problem with ral when i tried to use it in a box with pcibios
2.1
From ral(4):
CAVEAT
PCI ral adapters seem to strictly require a system supporting PCI 2.2 or
greater and will likely not work in systems based on older revisions of
the PCI
56 matches
Mail list logo
