On Thu, Mar 16, 2006 at 06:38:46PM +0200, Gabriel George POPA wrote:
> Thank you Joachim. Now, regarding spamd(8), I knew that I need help
> from pf.
Okay. For clarity, as Marcus pointed out, spamd(8) is part of OpenBSD,
and SpamAssassin and all parts will be referred to as 'SpamAssassin'.
> Regarding SpamAssassin: I did pkg_add, I followed
> the instructions on modifying /etc/procmailrc I started spamd (spamc
> should have been called for every message). Nothing happened.
> No mail message was scanned. I have procmail installed (I'll try to use
> amavisd). I use Sendmail (the idea is to get used to the most terrifying
> mail server and then switch to a newer one). I will work on the source
> code with great care when the time comes...
This should work, really, provided that procmail is set up properly.
> Regarding that sysctl: shouldn't we add it?
It might be nice to have, but it's more of a security feature than a
real security enhancement.
> Regarding the upgrade: I will build the distribution using this machine
> (3GHz P4, 1GB RAM) - my server is not under heavy load in this
> period of the week. I just hoped binpatch could be a better solution.
ISTR binary patches being available by certain workarounds - searching
misc@ might turn up more.
> The bug report is about a small condition: I was adding a user when the
> root partition filled (I was transferring some data by NFS).
> The processes failed, /etc/passwd and /etc/master.passwd got out of sync
> and I couldn't use userdel or useradd (from what I remember)
> anymore. The solution was to delete the line that represented the user
> in /etc/master.passwd (that line was not present in /etc/passwd).
> (I don't remember very well what happened there, but I'm not planning to
> reproduce this). Maybe the program/script for adding users should
> have a lock or something like that (the 2 files should be modified at
> the same time) - anyway, it's hard to imagine such a situation in real
> conditions.
This is quite possible, but pwd_mkdb(8) could be used to fix the problem
once enough space was available.
Of course, in the meanwhile, bad things happen - but that's almost
always the case if / gets full.
Joachim
> Joachim Schipper wrote:
>
> >On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote:
> >
> >
> >> I have four basic questions:
> >>1) I have upgraded my server (both hw and sw). I switched from Slackware
> >>GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems
> >>(re)installing SpamAssassin (I followed the instructions in the
> >>micro-HOWTO, but it didn't help). Does anyone have some suggestions?
> >>
> >>
> >
> >Yes, produce a more precise question - I'm afraid we can't do much
> >without a more detailed report.
> >
> >FWIW, I have SpamAssassin running from amavisd, in conjunction with
> >Postfix, and that works fine.
> >
> >
> >
> >>2) How can I make my SPAMD act efficiently (at this moment it seems to
> >>me that is rather formal, running there - I receive a lot of spam).
> >>I use the configuration shipped with OpenBSD 3.8. How can I find some
> >>free, usable and efficient lists to be used by SPAMD?
> >>
> >>
> >
> >spamd(8) uses greylisting, mostly. As to blacklists, they need to be
> >updated pretty often; search for DNSRBL and similar. This is far
> >superior to static blacklisting.
> >
> >Do note that spamd(8) needs some help from pf(4) to do any good.
> >
> >
> >
> >>3) I used FreeBSD a lot. I know they had a setting called see_other_uids
> >>- or something like that - a sysctl, maybe the name is not accurate.
> >>The effect of setting this sysctl was that a user could not see the
> >>processes of any other user (do we have such a thing in OpenBSD 3.8?).
> >>
> >>
> >
> >To the best of my knowledge, no.
> >
> >
> >
> >>4) I've heard about binpatch and I've tried to use it once (I must apply
> >>some security/reliability patches here). For me it's impractical to
> >>recompile the entire system (I have the power to do that, I did it a
> >>million times on FreeBSD, but now I'm running a production system and
> >>I'm afraid that I should spoil some settings). I saw that you must edit
> >>a Makefile (it seems rather complicated). I don't know how to edit this
> >>(how can I learn to modify it or where can I find an already edited
> >>Makefile?). Don't we have a service for automatic binary patch distribution
> >>(like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX
> >>systems (documentation is excellent and the overall impression is
> >>that of an OS for which you have paid a lot of money - without the usual
> >>hassle from the producer (indoctrination and others)).
> >>
> >>
> >
> >The most reliable solution is to build your own release, on another
> >machine, and update using that. Aside from rebooting to load the new
> >kernel, this works flawlessly on (almost - as in, there are probably
> >race conditions but I've never seen them) every try.
> >
> >See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release)
> >for building your own release. It's really quite easy.
> >
> >
> >
> >> I also have a small bug report. What is the best method of submitting it?
> >>
> >>
> >
> >sendbug(1), usually.
> >
> >
> >
> >> Unfortunately, my income (I work for an University) does not allow me
> >>to make a donation (and I cannot convince the people here to make
> >>one), but I hope in the near future I will be able to help the OpenBSD
> >>project with works to the ports collection or for the base system.
> >>
> >>
> >
> >That could be quite helpful, too, if done properly. Or so I believe...
> >
> > Joachim
