sendmail base configuration
Hi all, I know this isn't exactly the right place for a sendmail question, but it has to do with the system configuration, and I'm trying to find some help to create a relatively simple solution (I think)... ok, here is what I want to do, which I have done in the past, but now it doesn't seem to be working... I simply want any submitted email using sendmail to be relayed to another mta for distribution. I want this to happen both from submitted mail from the command line, and from any queues, if the mail is submitted to the running daemon. I use FreeBSD 7.0, and all of the configuration is in /etc/mail/. From what I understand, if I simply set the DS variable to a hostname, it is supposed to use that as the smart relay host, but it is not working. For some reason, it is ignoring that hostname, and attempting to contact the MX record host for the domain name of the machine, which is really weird. So, I tried setting the DS and the MTAHost variables to the IP of the machine I want it to go to, and that seems to work, but oddly enough, sendmail replaces the Rcpt To: variable with my current logged in [EMAIL PROTECTED] host instead of the address that I gave on the command line to send the mail to... So, for instance, I would do a command like this : /usr/sbin/sendmail -v [EMAIL PROTECTED] Subject:test from command line test . tt... Connecting to [209.132.x.xx] via relay... 220 relayhost.scaledsystems.com ESMTP EHLO script5.scaledsystems.com 250-scriptmail.scaledsystems.com 250-PIPELINING 250 8BITMIME MAIL From: 250 ok RCPT To:[EMAIL PROTECTED] DATA 250 ok 354 go ahead . 250 ok 1217444220 qp 69963 tt... Sent (ok 1217444220 qp 69963) Closing connection to [209.132.x.xx] QUIT 221 relayhost.scaledsystems.com I've checked DNS, etc...but I find it strange that it replaces the RCPT To to be my local user... Is this a bounce or something??? Is it bouncing the message based on some sort of new relaying rules or something? Cause I haven't seen this on older FreeBSD hosts... the version of sendmail is 8.14.2 Thanks, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail base configuration
Giorgos Keramidas wrote: On Wed, 30 Jul 2008 12:08:11 -0700, Tim Traver [EMAIL PROTECTED] wrote: Hi all, I know this isn't exactly the right place for a sendmail question, but it has to do with the system configuration, and I'm trying to find some help to create a relatively simple solution (I think)... ok, here is what I want to do, which I have done in the past, but now it doesn't seem to be working... I simply want any submitted email using sendmail to be relayed to another mta for distribution. I want this to happen both from submitted mail from the command line, and from any queues, if the mail is submitted to the running daemon. Set the `SMART_HOST' option in your `custom-sendmail.mc' file. That should do it. I tried that, and regenerated the cf files using make all, and it still wants to use the MX record of the based domain to send out mail and I can't figure out why. The maillog entries show that it initially tries to use [EMAIL PROTECTED] as a relay, which doesn't make sense... I'm baffled by its behavior at this point, and don't know how to solve it... help... Tim. I use FreeBSD 7.0, and all of the configuration is in /etc/mail/. From what I understand, if I simply set the DS variable to a hostname, it is supposed to use that as the smart relay host, but it is not working. For some reason, it is ignoring that hostname, and attempting to contact the MX record host for the domain name of the machine, which is really weird. You are not manually editing sendmail.cf, right? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Reprocessing sendmail failed messages
Hi All, ok, I know this isn't the right list, but I've already tried the sendmail group, and no response, so I'm hoping that there might be some sendmail gurus on this list that can help me... After a temporary DNS outage, several machines that we run have email messages on them that sendmail attempted to relay to our mail cluster, but failed because they could not find the host name of the server they were relaying to. So, now, I have hundreds of messages in the clientmqueue directory that are marked as having permanent fatal errors. The top of the d file looks like this : - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 Host unknown) - Transcript of session follows - 550 5.1.2 [EMAIL PROTECTED] Host unknown (Name server: ..com: host not found) I see that there are many of these message that are important, and want to save and send them. Is there a way to get sendmail to re-attempt to send these messages ? I think it just ignores them right now because of those lines. Any help would be greatly appreciated, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reprocessing sendmail failed messages
Kris, thanks for your attempts, but I'm not sure you understand what I mean... I cannot run a queue manually on these messages because sendmail thinks they are permanent errors. So any queue runs on these messages produce nothing. On this box we don't run a sendmail daemon. We only relay mail to another server when the sendmail daemon gets called. That is why those messages are in the clientmqueue dir instead of the regular mqueue dir. My real issue is that I now have these bunch of messages that won't get processed, because sendmail assumes they are permanent failures. The q files are named with a capital Q in front of them, is this why they are ignored ? Is there any one who knows how to revert and re-submit these messages ??? Thanks, Tim. Kris Anderson wrote: --- Tim Traver [EMAIL PROTECTED] wrote: Hi All, ok, I know this isn't the right list, but I've already tried the sendmail group, and no response, so I'm hoping that there might be some sendmail gurus on this list that can help me... After a temporary DNS outage, several machines that we run have email messages on them that sendmail attempted to relay to our mail cluster, but failed because they could not find the host name of the server they were relaying to. So, now, I have hundreds of messages in the clientmqueue directory that are marked as having permanent fatal errors. The top of the d file looks like this : - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 550 Host unknown) - Transcript of session follows - 550 5.1.2 [EMAIL PROTECTED] Host unknown (Name server: ..com: host not found) I see that there are many of these message that are important, and want to save and send them. Is there a way to get sendmail to re-attempt to send these messages ? I think it just ignores them right now because of those lines. Any help would be greatly appreciated, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hey there Tim, Found this with google. http://lists.freebsd.org/pipermail/freebsd-questions/2004-June/049850.html A Dr Matthew had this answer (read full text to see what's up but here's a snippet) If you end up with a load of messages stuck in /var/spool/clientmqueue, you've got a similar problem with not running a MSP queue daemon. The case is exactly analogous, except that the sendmail flags are in /var/spool/clientmqueue/sm-client.pid and should read: /usr/sbin/sendmail -L sm-msp-queue -Ac -q30m and you need to set 'sendmail_msp_queue_flags' in /etc/rc.conf to override them. - Hope that helps. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Cheap FreeBSD hosting?
Scott, Not exactly sure what your needs are, but we have a shared hosting system that uses FreeBSD as its back end, and we offer competitive features and prices, with a really cool control panel... Our main package for domains is only $12.99/mo and you get 750MB of disk, 15GB of transfer per month, and all the other features that you would expect from a high end web hosting company. And we didn't just go out and buy someone's hosting platform software, we built our own from scratch, using FreeBSD as the base operating system to provide a fully redundant shared hosting system that can handle all of your needs. Go to http://www.simplenet.com/ and check it out... Tim. Scott I. Remick wrote: On Fri, 24 Mar 2006 13:48:21 -0500, RJ wrote: http://www.layeredtech.com/layer1.php?g=13 Those are for dedicated servers where the cheapest is $65/month. I guess I don't see how that is a suitable-replacement for my needs and budget...? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to share directories b/n jails on 6.0?
How did you set it up specifically ? and is it just fixed in 6.0 ? or does it also work in 5.4 ? t Philip Hallstrom wrote: On Fri, Feb 03, 2006 at 08:53:58PM -0600, Philip Hallstrom wrote: On Fri, Feb 03, 2006 at 07:02:43PM -0600, Philip Hallstrom wrote: Hi - I've got a new 6.0 box and have setup some jails. I'd like to share /usr/ports from the host, to each of the jails. I tried mount_unionfs and while it worked, the box would crash if I did anything intensive (ie. compile a port). Googling around and people say they are using nullfs okay, but the manpage ends with: THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT YOUR OWN RISK. BEWARE OF DOG. SLIPPERY WHEN WET. nullfs is fine in 6.0, and the warning has been removed. Good to know it's cool. I'll start playing with it. The warning is still there though... in both 6-stable and 7-current. http://www.freebsd.org/cgi/man.cgi?query=mount_nullfsapropos=0sektion=0manpath=FreeBSD+6.0-stableformat=html http://www.freebsd.org/cgi/man.cgi?query=mount_nullfsapropos=0sektion=0manpath=FreeBSD+7.0-currentformat=html Those manpages are out of date. http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/mount_nullfs/mount_nullfs.8 Sweet! MFC: Remove big scary warning about nullfs state :-) I've set it up already and it works great. -philip ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New Logo
Ted Mittelstaedt wrote: Anyway, instead of simply looking at the questioner with an expression like what kind of fucking moron are you and ignoring it, or better yet using it as an opportunity to initiate a discussion of the rich UNIX history, this committer started making a horses-ass of himself on the mailing lists. You mean like you are now ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage Extensions on 5.4 - Anyone Gotten It To Work?
Drew, I've done it...you need to have the latest frontpage extensions from http://www.rtr.com/ as there might be changes for FreeBSD 5.4... And you may need to have the compatability libraries in place... Tim. Drew Tomlinson wrote: Has anyone been able to get Frontpage Extensions working with Apache 2.0.54 on 5.4-RELEASE-p4? I had it working on 4.11 but have been beating my head against the wall for the past two weeks on 5.4. When I run the /usr/local/frontpage/version5.0/fp_install.sh script, it fails when the script calls owsadm.exe to create the root web. owsadm.exe core dumps with a Bad system call. I've done a complete removal of Apache2, Frontpage, and mod_frontpage2-rtr. Then I've rebuilt but continue to get core dumps when owsadm.exe runs in the fp_install.sh script. Is there any hope? Even if you don't know what the problem might be, a simple I did it with no problem will at least encourage me to keep trying. Thanks, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage Extensions on 5.4 - Anyone Gotten It To Work?
I think you can see some of the libraries that it creates when the compatability libraries are installed. I think you'll see some libraries like lib.so.4 etc in the libraries dir more specifically, what are the error messages if you just try and execute owsadmin.exe ??? If things are working, you should at least get that binary to run, even though it will spit out a frontpage error... Tim. Drew Tomlinson wrote: On 7/20/2005 9:42 AM Tim Traver wrote: Drew, I've done it...you need to have the latest frontpage extensions from http://www.rtr.com/ as there might be changes for FreeBSD 5.4... And you may need to have the compatability libraries in place... Thanks for your reply. I have the 3x and 4x compatibility libraries uncommented in /etc/make.conf so I assume they are installed. How can I check for sure? How long ago did you install. I downloaded from rtr about 2 weeks ago so I assume I have the latest. I guess I could always do it again. At least I know there's hope! Thanks, Drew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PAWS security vulnerability
year. If people went to a different type of lock
that was much harder to pick then the burglar might not break in
by picking the lock - but instead by kicking in the door which has
the side effect of destroying the door and frame, and there's a couple
thousand bucks lost right there fixing that - and if all the burgler
does is steal a $200 TV set, then your better off with the pickable lock.
The point is that any change in the networking code
may have side effects that are worse than the problem.
I posted the patch in order to head off a big long dumbass trashing
discussion, because I suspected you were trolling - but I was willing
to give you the benefit of the doubt. If you were really
concerned - such as if you worked for some company that had some
stick-up-their-ass security officer that was bigger than his britches,
and you had to have a fix RIGHT NOW - then this would have allowed you
to apply the patch to shut up the bigger-than-britches security officer
so you could continue about your business. In the meantime then the
networking and security group could have had discussion about the
PROPER way to handle this. Probably that's this patch, but maybe not.
Now I find what? Well, it surely looks to me like I just spoiled
your troll, so your going to pretend it was no big deal, make a lame-ass
excuse about how you really didn't need the patch anyway and can't
apply it because your incompetent, and fade into the woodwork. I told
you to post the patch and info to the appropriate FreeBSD security lists,
and you aren't the least bit interested in doing what I told you. Why -
because you were only interested in this silly hypothetical PAWS exploit
as long as nobody could say FreeBSD has a fix, shut up and apply it,
so you can go urinate on the parade here. Now I just handed you a
urinal, and your going to run away and pee on someone else.
I don't want to see a fucking thing more from you unless it's:
Guys, I DID WHAT I WAS TOLD TO DO and went to the FreeBSD security and
networking
mailing lists and posted what I was given and this is what they said
If you aren't willing to lift a finger to do that, your a fucking
troll. Don't waste anyone else's time here. Next time you ask for code,
you better check out the going hourly rate for custom programming.
Ted
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tim Traver
Sent: Thursday, May 19, 2005 1:27 PM
To: Ted Mittelstaedt
Cc: bsd
Subject: Re: PAWS security vulnerability
Importance: Low
Ted,
thanks for taking a look at this. I'm not sure I have the ability to
test out your patch. Maybe someone else on this fine list can ?
But this sounds like a pretty severe DOS issue that seems to be
relatively simple to implement.
Do you know if the 5.x branch is affected by this as well ?
Tim.
Ted Mittelstaedt wrote:
Hi Tim,
Here is a slight mod of the OpenBSD patch for OpenBSD 3.6
that has been
rewritten for FreeBSD 4.11. YMMV If it works I would submit
it to the
FreeBSD
security list. The only change I made is OpenBSD defines tiflags
FreeBSD defines
thflags I assume they are the same thing. The file is in
/usr/src/sys/netinet
Turning off the timestamps would be a good way to make your network go
slow.
*** tcp_input.c.originalThu May 19 11:52:30 2005
--- tcp_input.c Thu May 19 12:00:14 2005
***
*** 976,984
--- 976,992
* record the timestamp.
* NOTE that the test is modified according
to the latest
* proposal of the [EMAIL PROTECTED] list (Braden
1993/04/26).
+* NOTE2 additional check added as a result of PAWS
vulnerability
+* documented in Cisco security notice
cisco-sn-20050518-tcpts
+* from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
*/
if ((to.to_flags TOF_TS) != 0
SEQ_LEQ(th-th_seq, tp-last_ack_sent)) {
+ if (SEQ_LEQ(tp-last_ack_sent,
th-th_seq + tlen
+
+ ((thflags (TH_SYN|TH_FIN)) != 0)))
+ tp-ts_recent = to.to_tsval;
+ else
+ tp-ts_recent = 0;
tp-ts_recent_age = ticks;
tp-ts_recent = to.to_tsval;
}
Ted
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tim Traver
Sent: Thursday, May 19, 2005 10:09 AM
To: bsd
Subject: PAWS security vulnerability
Hi all,
ok, this article was just published about a PAWS TCP DOS
vulnerability,
and lists freeBSD 4.x as affected.
http://www.securityfocus.com/bid/13676/info/
Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
and is 5.4 affected too ?
Tim.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Re: PAWS security vulnerability
Ted, you just can't stop being a dickhead, can you ??? I admitted what I did wrong (unlike you), and yes, I posted this to the wrong list. Big deal. A lot of things get posted to this list that are a thousand times worse. Get off your high horse, and maybe use some manners instead of barking orders at everyone. I don't know which is worse. Trolls, or those that scream troll at the drop of a hat. Tim. Ted Mittelstaedt wrote: Tim, In my first e-mail I said: If it works I would submit it to the FreeBSD security list OK., so I see how you might have misinterpreted that. But the sentence if it works you would submit it to the FreeBSD security list isn't grammatically correct. In my second e-mail I said: I told you to post the patch and info to the appropriate FreeBSD security lists, and you aren't the least bit interested in doing what I told you On the index page of http://www.freebsd.org there is a link called FAQ On that page is a link called Security On that page is the text: ...This point and others are often discussed on the mailing lists, particularly the FreeBSD security mailing list with a link to the appropriate mailing list. I find it real hard to believe you use FreeBSD on hundreds of servers and are unaware of the appropriate forum to post security questions. The general freebsd questions mailing list is not this place. You should have known this before you even posted your first question. Reading instructions for products that you use is not optional, it is mandatory, and FreeBSD's instructions are on the website. You posted your query in the wrong forum, you got a patch in response which is far more than you should have got, you were directed, hinting at first, forcibly at second, to go to the appropriate forum to post the patch, the results of the patch, and your security questions. You still, as far as I know, have not done this. So, OK maybe your not a troll and I assumed wrong. But I will point out that you said absolutely nothing in your first post about who you are, what you are doing, why you even give a shit about this issue. If you had simply opened your first post with I was shown this vulnerability by our network security person and I have to respond to him in some fashion or something like that, it would have gone a long way towards establishing credibility as to why you cared about this. If even better you had done a bit of research and said well the vulnerability shows that OpenBSD already patched for this, maybe FreeBSD should or if even better than that you had said I looked at the OpenBSD patch and it's really simple, could we use it on FreeBSD that would have done a lot to establishing that you were at least willing to offer help and assistance. Instead, reread your second post - you not once offered to do anything, not even apply the patch to see if it compiled, all you did is ask for yet more research to be done for you. Well we all are busy, you don't have a lock on that, buddy. Apply the patch. If the FreeBSD system doesn't panic then the patch isn't grossly wrong. If you do not have a test system then don't apply it. Either way, just take the patch to the appropriate FreeBSD security forum and post it with some asshole on questions told me to apply this in results of insert all research on this is this the right way to fix it? As I said, IF you are a fucking troll then you WOULDN'T do the above. That means that if you WOULD do the above then you AREN'T a fucking troll. You still have a chance to redeem yourself. Do it! FreeBSD is for adults, not kids. Kids want the adults to do all their homework for them. Adults at least try to do the homework, then call for help when they are stuck. Look at your first 2 posts again and put yourself in my shoes - do those posts make you look like an adult, or a whiny kid wanting someone to do his homework for him? Ted -Original Message- From: Tim Traver [mailto:[EMAIL PROTECTED] Sent: Thursday, May 19, 2005 11:24 PM To: Ted Mittelstaedt Cc: bsd Subject: Re: PAWS security vulnerability Ted, I don't know your experience lately with people on this or any other list, but that last personal attack was WAY out of line. I am not a Troll, nor have I ever been one. I use freeBSD extensively on hundreds of servers, but I am not a FreeBSD source contributor. Yes, I was shown this vulnerability by our network security person, read it over, and thought that it might be a legitimate exploit. I even picked up on the fact that Microsoft had already patched it in the service pack 2, which may mean that it was under wraps for a while, and was suspicious. So, after doing a little research on the net myself and not finding much, I decided to post something to the list to see if anyone had heard anything about it, and if the FreeBSD commiters were working on a possible patch. Maybe I wrote my post wrong, but it didn't deserve you biting my fucking head off. Now, you'll probably start in on well, if you run
Re: PAWS security vulnerability
Ted, I did take it to the security list (freebsd-security@freebsd.org). Since I did not actually know if this was an issue yet, I figure I would ask it to the appropriate list before sending it directly to the security officers. I'd rather not waste their time until I knew it was an issue. I guess maybe you don't subscribe to that list. At the time, neither did I, because I can't subscribe to ALL of the lists... The answer was that your patch was flawed, and that there was already a patch for it in CVS anyway. I figured from your high chair, that you would have seen the post when it was made this morning, and the response back from one of the people on the list about it. I didn't feel the need to update you about it since you've been so friendly to me. And since no one else joined in on the conversation, I figured I would let that info sit on the security list for people to find. Tim. Ted Mittelstaedt wrote: You STILL haven't taken this to the correct security mailing list, after being told gently, then yelled at, then told firmly. What do we have to do to get you to do this? Ted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tim Traver Sent: Friday, May 20, 2005 9:33 AM To: Ted Mittelstaedt Cc: bsd Subject: Re: PAWS security vulnerability Ted, you just can't stop being a dickhead, can you ??? I admitted what I did wrong (unlike you), and yes, I posted this to the wrong list. Big deal. A lot of things get posted to this list that are a thousand times worse. Get off your high horse, and maybe use some manners instead of barking orders at everyone. I don't know which is worse. Trolls, or those that scream troll at the drop of a hat. Tim. Ted Mittelstaedt wrote: Tim, In my first e-mail I said: If it works I would submit it to the FreeBSD security list OK., so I see how you might have misinterpreted that. But the sentence if it works you would submit it to the FreeBSD security list isn't grammatically correct. In my second e-mail I said: I told you to post the patch and info to the appropriate FreeBSD security lists, and you aren't the least bit interested in doing what I told you On the index page of http://www.freebsd.org there is a link called FAQ On that page is a link called Security On that page is the text: ...This point and others are often discussed on the mailing lists, particularly the FreeBSD security mailing list with a link to the appropriate mailing list. I find it real hard to believe you use FreeBSD on hundreds of servers and are unaware of the appropriate forum to post security questions. The general freebsd questions mailing list is not this place. You should have known this before you even posted your first question. Reading instructions for products that you use is not optional, it is mandatory, and FreeBSD's instructions are on the website. You posted your query in the wrong forum, you got a patch in response which is far more than you should have got, you were directed, hinting at first, forcibly at second, to go to the appropriate forum to post the patch, the results of the patch, and your security questions. You still, as far as I know, have not done this. So, OK maybe your not a troll and I assumed wrong. But I will point out that you said absolutely nothing in your first post about who you are, what you are doing, why you even give a shit about this issue. If you had simply opened your first post with I was shown this vulnerability by our network security person and I have to respond to him in some fashion or something like that, it would have gone a long way towards establishing credibility as to why you cared about this. If even better you had done a bit of research and said well the vulnerability shows that OpenBSD already patched for this, maybe FreeBSD should or if even better than that you had said I looked at the OpenBSD patch and it's really simple, could we use it on FreeBSD that would have done a lot to establishing that you were at least willing to offer help and assistance. Instead, reread your second post - you not once offered to do anything, not even apply the patch to see if it compiled, all you did is ask for yet more research to be done for you. Well we all are busy, you don't have a lock on that, buddy. Apply the patch. If the FreeBSD system doesn't panic then the patch isn't grossly wrong. If you do not have a test system then don't apply it. Either way, just take the patch to the appropriate FreeBSD security forum and post it with some asshole on questions told me to apply this in results of insert all research
PAWS security vulnerability
Hi all, ok, this article was just published about a PAWS TCP DOS vulnerability, and lists freeBSD 4.x as affected. http://www.securityfocus.com/bid/13676/info/ Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ? and is 5.4 affected too ? Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: PAWS security vulnerability
Ted,
thanks for taking a look at this. I'm not sure I have the ability to
test out your patch. Maybe someone else on this fine list can ?
But this sounds like a pretty severe DOS issue that seems to be
relatively simple to implement.
Do you know if the 5.x branch is affected by this as well ?
Tim.
Ted Mittelstaedt wrote:
Hi Tim,
Here is a slight mod of the OpenBSD patch for OpenBSD 3.6 that has been
rewritten for FreeBSD 4.11. YMMV If it works I would submit it to the
FreeBSD
security list. The only change I made is OpenBSD defines tiflags
FreeBSD defines
thflags I assume they are the same thing. The file is in
/usr/src/sys/netinet
Turning off the timestamps would be a good way to make your network go
slow.
*** tcp_input.c.originalThu May 19 11:52:30 2005
--- tcp_input.c Thu May 19 12:00:14 2005
***
*** 976,984
--- 976,992
* record the timestamp.
* NOTE that the test is modified according to the latest
* proposal of the [EMAIL PROTECTED] list (Braden
1993/04/26).
+* NOTE2 additional check added as a result of PAWS
vulnerability
+* documented in Cisco security notice
cisco-sn-20050518-tcpts
+* from OpenBSD patch for OpenBSD 3.6 015_tcp.patch
*/
if ((to.to_flags TOF_TS) != 0
SEQ_LEQ(th-th_seq, tp-last_ack_sent)) {
+ if (SEQ_LEQ(tp-last_ack_sent, th-th_seq + tlen
+
+ ((thflags (TH_SYN|TH_FIN)) != 0)))
+ tp-ts_recent = to.to_tsval;
+ else
+ tp-ts_recent = 0;
tp-ts_recent_age = ticks;
tp-ts_recent = to.to_tsval;
}
Ted
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tim Traver
Sent: Thursday, May 19, 2005 10:09 AM
To: bsd
Subject: PAWS security vulnerability
Hi all,
ok, this article was just published about a PAWS TCP DOS
vulnerability,
and lists freeBSD 4.x as affected.
http://www.securityfocus.com/bid/13676/info/
Does anyone know how to turn the TCP timestamps off on FreeBSD 4.x ?
and is 5.4 affected too ?
Tim.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
tripwire in 5.4
Hi all, seems that tripwire is not updated to run 5.4... Are there any plans to have the port updated ? Is it possible to compile it anyways ??? Thanks, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NFS Write performance
Hi all, ok, I've searched far and wide, but I have to ask the FreeBSD gurus about it... I'm using a Netapp NFS server to serve up content to FreeBSD clients, and I am seeing terrible write performances. I've turned on these in the rc.conf file : nfs_client_enable=YES nfs_client_flags=-n 4 nfs_server_enable=YES rpc_lockd_enable=YES rpc_statd_enable=YES nfs_bufpackets=8 and I've got these in the sysctl.cnf file : kern.maxfiles=32768 net.inet.tcp.keepidle=3600 net.inet.tcp.sendspace=65536 net.inet.tcp.recvspace=65536 net.inet.tcp.slowstart_flightsize=2 kern.ipc.somaxconn=16384 kern.ipc.shmall=65536 kern.ipc.shmmax=268435456 kern.ipc.nmbclusters=32768 I'm using 5.3-RELEASE on a dual AMD Opteron machine. I guess my question is, how do I make NFS writes fly ??? The reads seem to be pretty good. I know that the settings on the netapp are per their settings... Thanks, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trouble Compiling 4.3.10 on FreeBSD 5.X
Hi all, for some reason, I cannot get php to compile a shared object to work with apache 1.3.33... Here are the config commands that I used for apache and php : EAPI_MM=SYSTEM ./configure --enable-module=so --enable-module=info --enable-module=status --enable-module=rewrite --enable-module=ssl --enable-shared=ssl --disable-rule=SSL_COMPAT apache installs and works just fine. I use this for php : ./configure --with-apxs=/usr/local/apache/bin/apxs --enable-ftp --with-mcrypt=/usr/local -with-openssl -enable-url-fopen-wrapper --enable-ftp --with-gd --with-zlib --with-jpeg-dir=/usr/local/lib --with-png-dir=/usr/local/lib --with-ttf --enable-gd-native-ttf --with-freetype-dir=/usr/local/lib --enable-shared It compiles ok, but when I go to install it, it gives an error : Installing PHP SAPI module: apache [activating module `php4' in /usr/local/apache/conf/httpd.conf] cp libs/libphp4.so /usr/local/apache/libexec/libphp4.so cp: libs/libphp4.so: No such file or directory apxs:Break: Command failed with rc=1 *** Error code 1 Stop in /dev/php-4.3.10. and there is no shared object file in the libs directory. This works just fine on a FreeBSD 4.10 client, but for some reason it doesn't create the shared object on this 5.3 system. More info : System is a Dual Opteron AMD architecture, running a fresh install of FreeBSD 5.3... thanks, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Trouble Compiling 4.3.10 on FreeBSD 5.X
Kirk, well, yes, there is...first, the apache port has very few changes. most of the patches are things that the FreeBSD community wanted to change to fit defaults (.i.e different log file names, mostly cosmetic). I think there are a couple of su_exec tweaks in it, but overall, the port is not much different than the source. And php is not the latest version in the ports either. Not to mention that I use a lost of custom configuration parameters. It also doesn't look like any of the patches in the port of 4.3.9 would do anything to change my issue... Not that I don't think the ports collection is good. There are just some things that you need to do manually... Tim. Kirk Strauser wrote: On Saturday 26 February 2005 01:50 pm, Tim Traver wrote: for some reason, I cannot get php to compile a shared object to work with apache 1.3.33... Is there a reason you're not using the port? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD 5.3 dev nodes
Hi all, ok, this may be a dumb question, but here goes... I have just started using the 5.X branch of FreeBSD, and needed to mount a hot swap drive in a second drive bay. In the past, I've simply run MAKEDEV, and it made the device files for me, and then I was able to mount the drive and I was on my way... It appears that this has been replaced by devfs, and I must say that this is an extremely difficult process to understand (must mean its very powerful ;). All I want to do is create the da1 devices for my second scsi disk, and I honestly have no idea how to do that with devfs... Anyone shed some light for me ??? Thanks, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.3 Process list
Hi all, ok, another dumb question about 5.3.. Where did all the processes come from ??? It looks like maybe processes for each IRQ have been separated out... There used to be only about a dozen or so processes, and now theres about 70... Are these something that can be turned off ? or are they just representations of threads ??? I guess its not really important, but I was just wondering... Tim. here's an example : bash-2.05b# ps aux USERPID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 11 95.7 0.0 0 20 ?? RL6:52PM 20:25.87 [idle: cpu1] root 12 82.5 0.0 0 20 ?? RL6:52PM 15:50.76 [idle: cpu0] root 0 0.0 0.0 04 ?? DLs 6:52PM 0:00.00 [swapper] root 1 0.0 0.0 864 468 ?? ILs 6:52PM 0:00.01 /sbin/init -- root 2 0.0 0.0 0 20 ?? DL6:52PM 0:00.08 [g_event] root 3 0.0 0.0 0 20 ?? DL6:52PM 0:01.14 [g_up] root 4 0.0 0.0 0 20 ?? DL6:52PM 0:01.29 [g_down] root 5 0.0 0.0 0 20 ?? DL6:52PM 0:00.00 [kqueue taskq] root 6 0.0 0.0 0 20 ?? DL6:52PM 0:00.00 [thread taskq] root 7 0.0 0.0 0 20 ?? IL6:52PM 0:00.00 [acpi_task0] root 8 0.0 0.0 0 20 ?? IL6:52PM 0:00.00 [acpi_task1] root 9 0.0 0.0 0 20 ?? IL6:52PM 0:00.00 [acpi_task2] root 10 0.0 0.0 0 20 ?? DL6:52PM 0:00.00 [ktrace] root 13 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq1:] root 14 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq0: clk] root 15 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq3: sio1] root 16 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq4: sio0] root 17 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq5:] root 18 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq6:] root 19 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq7:] root 20 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq8: rtc] root 21 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq9: acpi0] root 22 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq10:] root 23 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq11:] root 24 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq12:] root 25 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq13:] root 26 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq14: ata0] root 27 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq15: ata1] root 28 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq16:] root 29 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq17: atapci0] root 30 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq18:] root 31 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq19:] root 32 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq20:] root 33 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq21:] root 34 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq22:] root 35 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq23:] root 36 0.0 0.0 0 20 ?? WL6:52PM 0:00.96 [irq24: bge0 ahd0] root 37 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq25: bge1 ahd1] root 38 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq26:] root 39 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq27:] root 40 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq28:] root 41 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq29:] root 42 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq30:] root 43 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [irq31:] root 44 0.0 0.0 0 20 ?? WL6:52PM 0:05.19 [swi5: clock sio] root 45 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [swi4: vm] root 46 0.0 0.0 0 20 ?? WL6:52PM 0:00.21 [swi1: net] root 47 0.0 0.0 0 20 ?? DL6:52PM 0:00.09 [yarrow] root 48 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [swi6:+] root 49 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [swi6:+] root 50 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [swi6: task queue] root 51 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [swi6: acpitaskq] root 52 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [swi2: camnet] root 53 0.0 0.0 0 20 ?? WL6:52PM 0:00.77 [swi3: cambio] root 54 0.0 0.0 0 20 ?? DL6:52PM 0:00.00 [aic_recovery0] root 55 0.0 0.0 0 20 ?? DL6:52PM 0:00.00 [aic_recovery1] root 56 0.0 0.0 0 20 ?? WL6:52PM 0:00.00 [swi0: sio] root 57 0.0 0.0 0 20 ?? DL6:52PM 0:00.00 [pagedaemon] root 58 0.0 0.0 0 20 ?? DL6:52PM 0:00.00 [vmdaemon] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL
NFS File Locking across multiple machines
Hi all, a couple of years back, we ran into a problem with the FreeBSD NFS code where file locks were not seen by other machines. We use Netapp disk hardware to mount NFS filesystems to our FreeBSD systems. In the past, two different machines would not recognize locks from each other, and would sometimes cause file collisions. From the same machine, two different processes would recognize locks without a problem. In our experience, the Sun servers that we had also did not have any problems. This was after creating specific tests to make this determination. We reported it to the freebsd developers way back when, and have lost track as to the status of the issue. Does anyone on this list know of the developer that was developing the NFS code ??? or know anything about the issue ??? or have an answer ??? ;) I'd like to talk to him/her to see what the status is in the later FreeBSD 4.x series as well as 5.x Thanks, Tim. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Simple Network Traffic script
Hi all, ok, this may be a dumb question, but does anyone know where I can find a simple script that shows the network traffic to and from your local box ? using netstat -i 5, can see the traffic over 5 seconds, but then I need to do a bunch of calculations to try and get a reasonable number. I looked at ntop, but couldn't get it to work... there must be a simpler way... Thanks, Tim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple Network Traffic script
mrtg is to collect and graph statistics from local and remote hosts...we use it for network info on switches, etc. Which means that I can ultimately get that info if I go find the switch port its on, and jump through some other hoops. I just want a command line script that shows me how much bandwidth is being sent and received in the last x seconds... Kind of like top for network bandwidth. it can't be that hard... t Josh Paetzel wrote: On Friday 12 November 2004 20:56, Tim Traver wrote: Hi all, ok, this may be a dumb question, but does anyone know where I can find a simple script that shows the network traffic to and from your local box ? using netstat -i 5, can see the traffic over 5 seconds, but then I need to do a bunch of calculations to try and get a reasonable number. I looked at ntop, but couldn't get it to work... there must be a simpler way... Thanks, Tim. Well, there's mrtg in the ports tree, it may or not fit your definition of simple. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: hard links for directories ?
Greg, Well, specifically, I'm trying to link some directories inside a chrooted environment... THe filesystem also happens to be an nfs mounted one, so I know the files to be linked would have to be on the same volume, and separate systems deal with the filesystem integrity (NetApp)... So, how would you do this kind of thing ? Tim. At 10:24 PM 8/16/2004, Greg 'groggy' Lehey wrote: On Monday, 16 August 2004 at 22:02:11 -0700, Tim Traver wrote: Hi all, This may be a stupid question, but is it possible to make hard links to directories ??? I know you can with files, and normally, you would do a soft link for directories, but is there any way to finagle this ? Sure, there are ways. But why would you want to? A link to a directory makes it a subdirectory of the directory containing the link. If you have two links to a directory, where should the directory's .. link point? How would fsck know what to do? Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html Note: I discard all HTML mail unseen. Finger [EMAIL PROTECTED] for PGP public key. See complete headers for address and phone numbers. SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
hard links for directories ?
Hi all, This may be a stupid question, but is it possible to make hard links to directories ??? I know you can with files, and normally, you would do a soft link for directories, but is there any way to finagle this ? Thanks, Tim. SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Are you sure about that ??? Tim. At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Bill, I use the latest mod_frontpage module with Apache 1.3.31... I haven't tested whether or not it binds to *:80 or not when I specify an IP. How are you specifying the IP in the conf file ? Are you just using Listen xxx.xxx.xxx.xxx:80 ? t At 09:42 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Frontpage and jails and possible alternatives
Bill, ok, I tested this out for ya, and I couldn't duplicate the issue. FreeBSD 4.8... I put an additional IP on the main interface, and started apache with Listen IP:80 for each IP. The server has mod_frontpage using apache 1.3.29. I even tried have the BindAddress in the conf file as well. Sorry, I don't have the extra time to install 1.3.31 and recompile for ya, but I think there is something else going on there... Where in the conf file is your Listen directive ? What OS ? Is there anything listening on port 80 when you have apache off ? Is your IP an alias to the primary interface ? I really don't think that the frontpage module even has the ability to change what apache binds to... Anyways, thought I would let you know that I couldn't reproduce it... Tim. At 10:38 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, I use the latest mod_frontpage module with Apache 1.3.31... I haven't tested whether or not it binds to *:80 or not when I specify an IP. How are you specifying the IP in the conf file ? Are you just using Listen xxx.xxx.xxx.xxx:80 ? Both of the following: Listen xx.xx.xx.xx:80 BindAddress xx.xx.xx.xx I have another server here (used for development) with a fairly vanilla Apache install, and changing those same two settings causes it to do what I'd expect. I can't find any directives in the Frontpage Apache config that might cause this ... but I suppose it's possible that I'm missing something. At 09:42 AM 6/10/2004, Bill Moran wrote: Tim Traver [EMAIL PROTECTED] wrote: Bill, Not sure what you mean that frontpage caused apache to bind to all IP's...it shouldn't... I agree. The frontpage apache module should respect any of the virtual hosts or virtual IP's that you have set up in apache. It definately should. The module is just a way for apache to run the fp.exe wrapper script around the frontpage binary. I don't know how it would even be able to force apache to bind to anything... Nor do I. Are you sure about that ??? Yes. When I configured Apache to only listen on 1 IP address, sockstat then showed it listening on that address in addition to *:80. The exact same config changes on a machine without fp installed resulted in the expected behaviour. Now, I haven't been idle since I made that first post ... It seems there are two frontpage ports, apache_fp and mod_frontpage. I've got apache_fp installed. Anyone using mod_frontpage that can say whether it's better or worse? At 07:38 AM 6/10/2004, Bill Moran wrote: I just learned that if you run Apache+Frontpage, you can't teach Apache to only listen on a single IP address. For some reason, Frontpage causes Apache to always bind to all IP addresses. Somehow, this stupidity doesn't really surprise me too much. The reason I wanted to do this is because I have a machine I want to set jails up on, so I can run multiple instances of Apache. But I didn't want to mess with the existing Apache installation right now. Anyway ... in the long run I've got two choices: 1) Get Apache+Frontpage running in a jail so it will quit fscking up the other stuff I'm trying to do on this machine 2) Find some alternative to frontpage to provide frontpage services that behaves like a proper server. My questions are (respectively): 1) Does anyone have Apache+Frontpage successfully running in a jail? I just thought I'd ask before I spent (wasted?) a lot of time trying to make it work. 2) Can anyone suggest an alternative to Apache+Frontpage? I prefer scp myself (and there are even spiffy GUI scp clients for Windows) but many of these clients _insist_ on using Frontpage, so I _must_ continue to cater to them. TIA for any answers. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran Potential Technologies http://www.potentialtech.com
port upgrades
Hi all, Is there a way to do a quick update of a particular port directory ??? I don't necessarily want to do the portupgrade, but just get the latest port files for a particular port. Right now, if i want to make sure the ports are up to date, I have to use sysinstall to download the entire port collection, which takes forever... Am I missing a quick utility to just check and make sure I have the latest port files for one at a time ? Thanks, Tim. SimpleNet's Back ! [1]http://www.simplenet.com/ References 1. http://www.simplenet.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 4.8R sluggish performance
Yep, I would bet on DNS troubles as well... many apps have to wait for the DNS request to time out before they continue. Check to make sure that the DNS servers in resolv.conf are reachable by your machine. Tim. At 12:17 PM 5/31/2004, Scott wrote: This problem also occurred a few months ago but spontaneously resolved itself after a few cold boots, so I never found out exactly what the problem was. Most functions have slowed dramatically. Some examples: If I try to ping a host on the internet (e.g. freebsd.org), I get all the packets, but the output of the command doesn't begin for at least 10 seconds. If I try startx, it takes about 30 seconds just to begin to display the root window. Even backspacing seems much slower. While this is going on, no unusual processes are running and the CPU is practically unused. Nor is it merely a matter of delay--the CPU usage never spikes up like it normally would. It just sits mostly idle while the command I've issued takes a long time to complete. Although I haven't installed any software or changed anything else lately, I tried booting the GENERIC kernel instead, but the problem remained. I can always tell when the problem will occur based upon what happens at boot. There are no error messages, but the slowness begins when the standard daemons are loading. Cron and sshd load just fine, but the delay occurs as sendmail loads, and there is another delay as sendmail-clientmqueue loads. Once that happens I know I'm in trouble thereafter. I know this isn't much to go on, but does anyone have any clue on what I might try? Thank you. ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
shared memory release...
Hi all, Ok, I am running a 4.7 FreeBSD box that is a web server running apache. It looks like some module that I have is leaking memory, and eventually, apache crashes on restarts becuase of this error : shmget() failed: No space left on device which means it can't get any more memory, which I understand. When I look at the top list, it shows me something like this : Mem: 140M Active, 879M Inact, 151M Wired, 181M Cache, 199M Buf, 660M Free But when you look at the processes that are still up, they hardly take up any memory. So, my question is this. Is there a way to free up Inactive memory from crashed processes ??? Without just rebooting the box ??? I know that I need to find the source of the leaking and crashing to begin with, but in the mean time, if it happens, I'd like to free up the memory manually, so I can get the box running again... Thanks, Tim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
shmem release
Hi all, Ok, I am running a 4.7 FreeBSD box that is a web server running apache. It looks like some module that I have is leaking memory, and eventually, apache crashes on restarts becuase of this error : shmget() failed: No space left on device which means it can't get any more memory, which I understand. When I look at the top list, it shows me something like this : Mem: 140M Active, 879M Inact, 151M Wired, 181M Cache, 199M Buf, 660M Free But when you look at the processes that are still up, they hardly take up any memory. So, my question is this. Is there a way to free up Inactive memory from crashed processes ??? Without just rebooting the box ??? I know that I need to find the source of the leaking and crashing to begin with, but in the mean time, if it happens, I'd like to free up the memory manually, so I can get the box running again... Thanks, Tim. SimpleNet's Back ! http://www.simplenet.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
