I'm not saying to alter pledge necessarily, maybe make new system call
like pledge. There aren't any per-process pf rules that are applied.
When a socket connects to a remote or local server and pf makes a
state, it has the originating randomized port. Pf rules can be made
that target those randomi
Pledge will presumably have per process (including fork()ed process) **path
limitations on rpath rpath and wpath calls, why not limitations on inet and
unix?
On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson wrote:
> 2017-04-26 13:19 GMT+02:00 Luke Small :
>
>> I'm not sayin
17 at 9:51 AM Reyk Floeter wrote:
>
> > Am 26.04.2017 um 13:38 schrieb Luke Small :
> >
> > Pledge will presumably have per process (including fork()ed process)
> **path
> > limitations on rpath rpath and wpath calls, why not limitations on inet
> and
> >
different user through pf (and when I get a more serious machine, possibly
through a unique interface). Most importantly, I need it for session cache
for multiple processes.
On Sat, Apr 29, 2017 at 10:02 AM Luke Small wrote:
> I have a program that I believe needs inet to talk to a
> database(libh
As I recall, there is a build configuration of 80 users for some kernel
components. What happens if the system exceeds that number?
Is it worthwhile to set up a hook for pf to load rules that have URLs after
the network services that can resolve them come into effect?
possible or already done, but
you could have a computer check into a target machine that often changes
the ip address or system while the firewall is locked down to only send
messages to that remote machine and if it is compromised, can't send it
anywhere else.
On Wed, May 3, 2017 at 3:16
Four words Peter..."dynamic IP address". I'm sure that there are folks that
ssh into machines that are on a dynamic IP address that don't have a modem
on a power backup, or even possibly on an ISP that may down, possibly when
they are out of town. I don't know if it is possible or already done, but
Is there a way to determine all users on a system that the users command
doesn't seem to show? like _x11 and _ntpd
I assume that people play by the rules, so if I need to identify all
> the user accounts (to recreate them on a new system or something), I
> exclude uids under 1000 as a starting point.
>
>
> On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI
> wrote:
>
>> and...@msu.ed
pf rule execution says it listens as root, but it connects as the _unbound
user, when configured to run as _unbound. Why doesn't it listen, bind, etc.
as root, drop privileges and pledge away privilege escalation? Is it to
avoid more #ifdef hell? Or can you not listen to a privileged port if you
dr
Is EV_DISPATCH somehow like EV_ONESHOT or EVDISABLE ? What is a use case?
If you have an open socket file descriptor with a EVEFILT_READ, does it
close the socket upon getting some data?
I don't run current.
Is paths[] going to have permissions defined for each path?
Like:
char *paths[], int *mode, where mode is the same as in dbopen(3). Maybe so
you don't have to clean up previous pledge calls, any pledge calls with a
NULL paths argument doesn't have anything specified for mode. for
simplicity, modes
Using the -m flag it still gets warnings from pulseaudio and redis that I
didn't use the -m flag
I read "hacking blind." Can you restart a daemon with another forked
process that's only job is to monitor a pipe or a waitpid()-like operation
and if the parent dies, it exec's to restart it, or even execs "rcctl
restart ntpd"
If the mitigations are successful at limiting execution to let's say,
Maybe more things should be randomized like the stack canaries. Is that a
new idea?
On Fri, Oct 13, 2017 at 11:34 PM Theo de Raadt wrote:
> > I read "hacking blind." Can you restart a daemon with another forked
> > process that's only job is to monitor a pipe or a waitpid()-like
> operation
> > a
I am not versed in operating systems as well as you, but I would think that
stack and buffer canaries would differ from each execution.
If that's true, then why has Theo been speaking of the brop problems, when
they begin with an incremental canary discovery that becomes all but
impossible to guess when it becomes a random 4 byte datum each time rather
than a datum that remains the same each restart?
Braille should already be imp
/wiki/Blind_return_oriented_programming seems to
state so. I dont fully trust wikipedia.
On Sat, Oct 14, 2017 at 3:06 AM Philip Guenther wrote:
> On Sat, Oct 14, 2017 at 12:49 AM, Luke Small wrote:
>
>> If that's true, then why has Theo been speaking of the brop problems,
>> when they begin with an
Can SSH and possibly other programs more easily able to report successful
connections so pf can make stricter bruteforce connection rejecting even
better?
Cool!
On Sat, May 5, 2018 at 3:17 AM Andreas Kusalananda Kähäri <
andreas.kah...@icm.uu.se> wrote:
> On Fri, May 04, 2018 at 11:56:33PM +, Kapfhammer, Stefan wrote:
> >
> > You might want to parse /var/log/authlog and the logrotated
> authlog.[0-9].gz
> > for successful and unsuccessful logins
I have what I feel to be a profound idea that is in need of someone with a
strong resume. I have a patent. I want to use it to enable users to get
tested for sexually transmitted diseases, then use iris scanning
smartphones to compare their disease sets. There is a strong
epidemiological component
It doesn't natively support OpenBSD.
Could you have a promise for unveil reductions only?
Ok. Thanks.
On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote:
> Luke Small wrote:
> > Could you have a promise for unveil reductions only?
>
> That won't actually help much, and people will fall into some
> pretty significant traps.
>
> Sorry it would require a really long explanation.
>
, NULL)
instead of a pledge command? It apparently knows if it is an increase in
permissions, can't it be set to only permit them?
On Thu, Aug 16, 2018 at 2:00 PM Luke Small wrote:
> Ok. Thanks.
> On Thu, Aug 16, 2018 at 1:59 PM Theo de Raadt wrote:
>
>> Luke Small wrote
unveil is nowhere to be found in the ftp program source code. There’s
probably another way to do it, but I wrote a program and searched all files
in /usr/src/usr.bin/ftp/ contain no mention of “unveil”, but It mentions
“pledge”
It could take 3 lines at line 389 in /usr/src/usr.bin/ftp/main.c:
if (
You mention a lot of files that need to be read, but a program like pkg_add
can make it the _pkgfetch (57) user which has no directory and I’m guessing
not in interactive mode. At the very least, in noninteractive mode you
could unveil(“/“, “rx”); and change the specified output file discover the
n
May 29, 2020 at 8:50 AM Stuart Henderson
wrote:
> On 2020/05/29 08:30, Luke Small wrote:
> > You mention a lot of files that need to be read, but a program like
> pkg_add can make it the
> > _pkgfetch (57) user which has no directory and I’m guessing not in
> interactive mode. At t
I missed something.
-Luke
On Sat, May 30, 2020 at 2:53 PM Luke Small wrote:
> I’ll get to looking at ftp(1) more when I get some physical contact with
> my server. I’m quaranteaming with my girlfriend’s folks.
>
> I have a pkg_ping program (OpenBSD-specific, dns caching, l
the three files below vs the originals since I last updated
the source files.
-Luke
On Tue, Jun 2, 2020 at 12:43 PM Kevin Chadwick wrote:
> On 2020-06-02 17:28, Luke Small wrote:
> > I don’t have experience doing diffs. Are there flags I should be using
> in diff
> > or sh
I think I'm done tinkering. try these out in ftp folder. I left in some
fprintf(ttyout,...) in main.c
to show what is being unveiled. It resolves shortcuts in SSL_CAFILE
and SSL_PATH variables.
It leaves in place the functionality of the original functions, but adds
the availability to perform
a dr
hank you for the laugh.
>
>
> Luke Small wrote:
>
> > I think I'm done tinkering. try these out in ftp folder. I left in some
> > fprintf(ttyout,...) in main.c
> > to show what is being unveiled. It resolves shortcuts in SSL_CAFILE
> > and SSL_PATH variables
ean it is amusing, because this is never going to fly.
>
> This increase in complexity is completely unacceptable, what I see is
> completely amateurish, and I also see overflows, a lack of testing
> for edge conditions, and a lack of attention to how unveil works.
>
>
> Luke Sm
I figure if it took up that much stack space from before, it'd start
needing to
dang near run the stack into on-disk virtual memory anyway. At that point,
it'd perhaps be a better design choice to break up your ftp calls into
slightly
smaller chunks to avoid massively poor performance, yeah? LOL
I
Or you could have 2 dry runs. One to merely see that it won't head into
interactive mode
and a second one to start the unveiling directly in fetch.c. Unless unveil
itself will
have too many entries!
-Luke
On Wed, Jun 3, 2020 at 11:12 AM Luke Small wrote:
> I figure if it took up t
There! It doesn't use an unveil list. It has 2 dry runs as proposed.
It could just have a dry run to see if it goes into interactive mode
and then unveil as we go! but I like to see all the unveil calls before
the ftp output statements myself!
-Luke
On Wed, Jun 3, 2020 at 11:30 AM Luke
there was tiny error I created.
-Luke
On Wed, Jun 3, 2020 at 2:24 PM Luke Small wrote:
> There! It doesn't use an unveil list. It has 2 dry runs as proposed.
> It could just have a dry run to see if it goes into interactive mode
> and then unveil as we go! but I like to see
In the case of 1 URLs couldn’t you at least merely unveil “./“ as “cw”;
make any specified cafile/capath including shortcut resolution as “r”
(perhaps with the shell “x”) so that at worst, current directory files
could be overwritten, but not read?
On Wed, Jun 3, 2020 at 10:39 AM Theo de Raadt
I made symbolic links “ln -s /etc/ssl/cert.pem ”. I used the
realpath command and it worked in the software I submitted.
On Thu, Jun 4, 2020 at 11:06 AM Theo de Raadt wrote:
> No.
>
> I'm guessing you don't understand symbolic links.
>
> Look, this is a waste of time
You can use unveil() on both a symbolic link and the value recovered by
putting it in realpath(3)! I used it in what I submitted for unveiling
ftp(1)
--
-Luke
if you have access to packages, you could "pkg_add pv"
and:
"dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m"
It will show you in real time how much random
data has been written to disk.
-Luke
On Wed, Jun 10, 2020 at 11:43 AM Luke Small wrote:
> I mean: "dd
strlcpy is:
size_t
strlcpy(char *dst, const char *src, size_t dsize)
{
const char *osrc = src;
size_t nleft = dsize;
/* Copy as many bytes as will fit. */
if (nleft != 0) {
while (--nleft != 0) {
if ((*dst++ = *src++) == '\0')
break;
}
}
/* Not enough room in dst, add NUL a
I made a couple different versions if anybody is interested!
-Luke
#include
#include
#include
#include
#include
#include
/* cc strlcpy_test.c -pipe -O2 -o strlcpy_test && ./strlcpy_testfast */
/*
* Copy string src to buffer dst of size dsize. At most dsize-1
* chars will be copied. Alwa
I suppose this strlcpy4 without a goto is more elegant
-Luke
On Tue, Jun 30, 2020 at 10:07 PM Luke Small wrote:
> I made it SUPER easy to test my assertion. The code is there. No
> configuration needed.
>
> On Tue, Jun 30, 2020 at 9:59 PM Theo de Raadt wrote:
>
>&
Are you clinging to traditions for some purpose? I gave two different
versions. strlcpy3 is clearly more easily understood and even slightly
faster and strlcpy4 which sets up the following workhorse lines which
through timing the functions is hands down faster on my Xeon chips:
strlcpy4:
while (-
fullscreen iridium browser often stops letting me scroll to another fvwm
virtual desktop, but I never have that problem with firefox! Whats the
deal? On iridium, I either have to click on the browser window border or I
have to unmaximize the browser window to leave space between the browser
window
I’m applying for federal grant which will hopefully start about March or
April and I’m looking for somebody who can work on OpenBSD and in C
(perhaps with a touch of python) to do the server side of an extraordinary
dating app which will be able to prove STD uninfectiousness!
--
-Luke
...
Change:
match out on egress from (wg0:network) to any nat-to (egress:0)
To:
match on egress from (wg0:network) to any nat-to (egress:0) tag “wireguard”
pass tagged “wireguard” keep state
--
-Luke
I need an old kernel image older than maybe a couple weeks old. I have the
x8dth-6f motherboard and newer snapshots broke it. I made the mistake of
trying to downgrade to 6.5 and now I can boot my machine! I made a
not-bright decision.
--
-Luke
Thanks, Somebody else directed me to it too! I got my server working
again!!!
-Luke
On Sat, Sep 7, 2019 at 3:52 AM Marcus MERIGHI wrote:
> Hello Luke,
>
> lukensm...@gmail.com (Luke Small), 2019.09.07 (Sat) 00:56 (CEST):
> > I need an old kernel image older than maybe a coup
Mine works on 8-27
--
-Luke
It doesn’t work for me on the
ftp.hostserver.de/archive/2019-08-29-0105/amd64/
bsd.rd!
On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote:
> Mine works on 8-27
> --
> -Luke
>
--
-Luke
installed soon af...“
On Sun, Sep 8, 2019 at 11:19 AM Luke Small wrote:
> It doesn’t work for me on the
> ftp.hostserver.de/archive/2019-08-29-0105/amd64/
> bsd.rd!
>
> On Sun, Sep 8, 2019 at 10:50 AM Luke Small wrote:
>
>> Mine works on 8-27
>> --
>> -Luke
>>
> --
> -Luke
>
--
-Luke
I have mfii too:
dmesg | grep mfii:
mfii0 at pci11 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05:
msi
mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache
scsibus1 at mfii0: 64 targets
scsibus2 at mfii0: 256 targets
> On 8.9.2019. 18:19, L
Yay!
-Luke
On Sun, Sep 8, 2019 at 8:07 PM David Gwynne wrote:
> I think I see the problem. We're going to try and test this locally and
> will hopefully have something committed in a few hours time.
>
> dlg
>
> > On 9 Sep 2019, at 10:33, Luke Small wrote:
> >
I have need to call sysctl() in a C program to read
“sysctl kern.version”. Will there be a pledge() to prohibit further calls
to sysctl()? I’m kinda afraid that putting a sysctl call could conceivably
leave it vulnerable to calling it again in the case the mitigations fail
and sysctl() is run to c
-- Forwarded message --
From: "Ingo Schwarze"
Date: Nov 13, 2015 7:32 PM
Subject: Re: pledge() enhancement
To: "Luke Small"
Cc:
Hi Luke,
Luke Small wrote on Fri, Nov 13, 2015 at 06:01:37PM -0600:
> I didn't like how rmdir(2) managed to not work
I want to be able to use systrace for privilege escalation for kompare for
sysmerge diffs and kate. Why isn't systrace able to do this?
-Luke
write a
program that doesn't suid but can open a privileged socket under systrace
-c 1000:1000 ./server
On Dec 2, 2015 19:44, "Vadim Zhukov" wrote:
> 03 дек. 2015 г. 4:27 полÑзоваÑÐµÐ»Ñ "Luke Small"
> напиÑал:
> >
> > I want to be able
>I can't quite figure out what you're trying to do, but running big GUI
>programs and libraries with root privileges (whether that's from systrace
or >doas or sudo or su or whatever) is usually not a good idea.
Thinking about it now, I guess if you add root write privileges to writing
files, you a
I am not on the web with my 5.8 virtualbox guest and it never blanks
unless it is set to 1 minute and when it is locked, it is interrupted. Is
it a bug, or is it possibly a virus? My windows host goes into the
screensaver and stays just fine.
If installer GUIs are bad, maybe features like full-disk encryption could
be accomplished via lynx-like text -based HTML and/or JavaScript that could
write to cookies that the installer could parse into commands?
-Luke
li...@wrant.com wrote:
>
>> On Sun, 20 Dec 2015 10:51:20 + Tati Chevron
>> wrote:
>>
>> On Sat, Dec 19, 2015 at 05:34:59PM -0600, Luke Small
>>> wrote:
>>> >
>>> >If installer GUIs are bad, maybe features like full-disk encryption
&g
to wade through man pages to discover how to fix
the problem, when it can merely be an install option.
-Luke
On Sun, Dec 20, 2015 at 3:33 PM, wrote:
> On Sun, 20 Dec 2015 14:03:18 -0600 Luke Small
> wrote:
>
> > I don't know the best way, but I like how there are
I can do that. All I have to do is read in the file to a buffer until it
gets to a section separated by a space and includes commas and writing a
new buffer with ",softdep added to it. Easy Peasy!
-Luke
On Sun, Dec 20, 2015 at 5:48 PM, Mike Burns
wrote:
> On 2015-12-20 17.25.14 -06
software. If they
want to run a two nic gateway, let them read the man-pages.
-Luke
On Sun, Dec 20, 2015 at 7:45 PM, Dmitrij D. Czarkoff
wrote:
> Luke Small said:
> > There are other features that inexperienced users could benefit from,
> like
> > selecting a mirror for PKG_
I suspect that there could be a number of minor implementation tweaks that
could be addressed that would be convenient to avoid presumably to
streamline the install process for folks that would prefer to avoid an
incessant procession of questions.
There are other features that inexperienced users
ut up a fight against the user and doesn't
self-destruct any time it needs to fsck: By Default.
On 12/21/15, li...@wrant.com wrote:
>> Luke Small
>> >[...] It would be very easy to write a C
>> >program to parse and edit fstab to make all the partitions s
You are a normal user and have full disk encryption. You must have read the
man page on how to do that? Found the installer option did you. I have read
several books on openbsd and all the man pages I could find and didn't find
out how to do it anywhere else other that how to webpages.
On Dec 21, 2
Ha Ha. I got Theo to call me a whiny prick! I'm getting the t-shirt.
>You play absolutely no part in the decisions that got OpenBSD to where it
is.
At least somebody is listening, even if they are ignoring everything.
What point is there to having an automated machine, when you have to do
everyth
I can't type underscore on this device.
Assuming i could do it: If I were to make a sloppy perl-based pkg-add
program that used c and the installer code to (re)set the PKG-PATH
environment variable using the "http" settings that are available for
installing the modules from mirrors, if I made chan
I wanna make a c program that checks for a PKG_PATH that exists and
connects to a workable link for pkg_add(). If you ever upgraded using
http mirrors on the install disk, it offers list# which links directly
to numbered mirrors. It would likely ease the initial startup for
whomever uses it while n
I suspect that if you did, it wouldn't check whether there was an
astronaut ready to control the on-board computer and would sit there
continuously trying to rev the rocket engines with no jet fuel. That
is the way pkg-add acts right now. I felt pretty ridiculous wondering
why pkg-add wasn't workin
to the kind of messages delivered by
pkg-add itself to rm folder contents at the end of a run.
On 12/25/15, Luke Small wrote:
> I suspect that if you did, it wouldn't check whether there was an
> astronaut ready to control the on-board computer and would sit there
> continuously trying t
Come to think about it, it might to be good to do tiny standalone
program called pkg_ping and then I could make it in C like I'd prefer.
I'd hope to make a port maybe, but then it would functionally defeat
the intent.
On 12/26/15, Luke Small wrote:
> I just figure that adding a litt
I just figure that adding a little complexity that doesn't adversely
affect security, to ease initial entry into the system for new users
could be good. pkg_add initialization and mirror selection can be
automated in a way to not discourage someone from picking up a fresh
install and running with i
I guess I didn't really answer your question. It wouldn't rely upon
the ramdisk. It is meant to run after install. So it would presumably
have all the firmware. I was thinking about running it similarly to
the install output though. I setup a local mirror once and it crapped
out after a while and j
You could do that if you want to have noobs connect to one of the mirrors
into perpituty that brings down the server like a ddos every release!
> I think the best that can be done relatively easily would be to have
>pkg_add fetch ftplist.cgi and pick the first result as a default if
neither >pkg.c
Even though I don't have an internet connection for my laptop I
started the C program that pipes an execl call from ftp, to sed, (like
the suggestions
offered earlier in the thread, and back to the parent and it will use
kqueue to test the pipe buffer capacities to a local buffer (I love
kqueue)...
on a specific file, whether the results may be skewed by
inconsistent squid or similar program caching often downloaded files on
mirrors.
On Dec 27, 2015 18:17, "Luke Small" wrote:
> Even though I don't have an internet connection for my laptop I
> started the C program tha
What I meant is, if a program sends a handful of pings to each mirror,
would it think it is being spammed and shutdown any further connections. I
didn't mean to say that I want to connect the pkg_ping program to a of
anchor. I tried an initial localhost pinging, pkg_ping program in
virtualbox usin
I am realistically thinking more along the lines of less than once a
release cycle. More like whenever it comes upon a user that their mirror of
choice chooses to no longer be a mirror. I had that happen to me. It would
be convenient to have a program that can easily compare mirror latencies
and do
> All of the functionality you are requesting is already provided.
>
> look at finish_up() in src/distrib/miniroot/install.sub.
>
> There is no reason at all to modify pkg_add. Just setup /etc/pkg.conf.
>
>
> On 2016 Jan 04 (Mon) at 04:02:07 -0600 (-0600), Luke Small wrote:
I made a small 500 line program I call pkg_ping that calls uname -rm, ftp,
sed, on openbsd.org/ftp.html. then it changes all the parsed http and ftp
mirrors into http and ftp downloads and changes them to non redundant http
mirrors (it has to to easily call ftp on it). It takes them and downloads
S
here you go! Enjoy!
-Luke
On Tue, Jan 19, 2016 at 2:57 AM, Erling Westenvik <
erling.westen...@gmail.com> wrote:
> On Tue, Jan 19, 2016 at 01:26:15AM -0600, Luke Small wrote:
> > I made a small 500 line program I call pkg_ping that calls uname -rm,
> > ftp, sed, on openbs
Go to:
*I have a mirror testing program for you.*
in the tech mailing list. It copied there.
-Luke
On Tue, Jan 19, 2016 at 11:18 PM, Luke Small
wrote:
> here you go! Enjoy!
>
> -Luke
>
> On Tue, Jan 19, 2016 at 2:57 AM, Erling Westenvik <
> erling.westen...@gmail.co
wrote:
> On Tue, Jan 19, 2016 at 01:26:15AM -0600, Luke Small wrote:
> > I made a small 500 line program I call pkg_ping that calls uname -rm,
> > ftp, sed, on openbsd.org/ftp.html.
>
> A "program"? In what language? Is your code available somewhere?
>
> >
x27;t even a big enough transfer to get TCP out of slow start.
SHA256 is over 600 KB.
-Luke
On Wed, Jan 20, 2016 at 1:14 AM, Luke Small
wrote:
> not knowing better...
>
> I always wanted to know the fastest mirrors for me, and at times it
> changes some from the testing I
man pf.conf
set limit
I wanted to use kqueue. Name another script or programming language that
offers it from the base install. NONE!
Why should I write it in another language. I already did it in C. Is there
another way other than kqueue that you can wait for the ftp call to quit,
while being able to kill it if it tak
namic array would be
even more sloppy. The only problem is that the program is potentially
subject to a man-in-the-middle attack from a non secured webpage. Manually
setting the package mirror has the same problem too though.
On Jan 30, 2016 06:50, wrote:
> Fri, 29 Jan 2016 16:35:12 -0
the program overwrites ONLY the installpath variable(s) in /etc/pkg.conf.
The rest of the variables will remain.
PKG_PATH environment variable takes precedence over any installpath
initializations.
I'm running 5.8. I don't know how to pledge it. I will make sure to, past
the 5.9 release. I'm sure
It seems to complicate things. Is there a security reason to use those
functions?
What if you could set up a pf rule to:
overload an ip address into a table if they tried to access the wrong port
on an address and overload flush global immediately into a blocklist
(
max-src-states
0)!
or with max-src-conn-rate 2/60 when sshd behaves in such a manner as to
confirm that a succ
Is there a way for a hook(?) for snort to read plaintext https sessions in
OpenBSD’s httpd?! That’d be SUPER SWEET!--
-Luke
I'm running fvwm window manager and I just switched to -current. Roxterm is
totally messed up, won't do transparent background and I tried
xfce4-terminal and it says it won't do transparent backgrounds because
compositing is disabled Sure first-world problems, but I REALLY want
fvwm to do trans
Thanks! I just made it run at opacity .55 and I LOVE IT! Thanks!
On Mon, Feb 15, 2021 at 11:25 PM Thomas Frohwein
wrote:
> On Mon, Feb 15, 2021 at 05:03:55PM -0600, Luke Small wrote:
> > I'm running fvwm window manager and I just switched to -current. Roxterm
> is
> > t
I make unbound connect to dnscrypt-proxy and after an update, it’ll just
sit there for what seems like 2 minutes while fw_update inevitably fails
before turning on dnscrypt-proxy. I’ve been running snapshots and that’s
really dumb. Or is there a way to have unbound connect to a failover server
when
1 - 100 of 172 matches
Mail list logo