Re: Postfix and tcpwrappers?
On 25-7-2016 21:53, Karl Denninger wrote: > On 7/25/2016 14:48, Willem Jan Withagen wrote: >> On 25-7-2016 19:32, Karl Denninger wrote: >>> On 7/25/2016 12:04, Ronald Klop wrote: >>>> On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger >>>> <k...@denninger.net> wrote: >>>> >>>>> This may not belong in "stable", but since Postfix is one of the >>>>> high-performance alternatives to sendmail.... >>>>> >>>>> Question is this -- I have sshguard protecting connections inbound, but >>>>> Postfix appears to be ignoring it, which implies that it is not paying >>>>> attention to the hosts.allow file (and the wrapper that enables it.) >>>>> >>>>> Recently a large body of clowncars have been targeting my sasl-enabled >>>>> https gateway (which I use for client machines and thus do in fact need) >>>>> and while sshguard picks up the attacks and tries to ban them, postfix >>>>> is ignoring the entries it makes which implies it is not linked with the >>>>> tcp wrappers. >>>>> >>>>> A quick look at the config for postfix doesn't disclose an obvious >>>>> configuration solutiondid I miss it? >>>>> >>>> Don't know if postfix can handle tcp wrappers, but I use bruteblock >>>> [1] for protecting connections via the ipfw firewall. I use this for >>>> ssh and postfix. >> Given the fact that both tcpwrappers and postfix originate from the same >> author (Wietse Venenma) I'd be very surprised it you could not do this. >> http://www.postfix.org/linuxsecurity-200407.html >> >> But grepping the binary for libwrap it does seems to be the case. >> Note that you can also educate sshguard to actually use a script to do >> whatever you want it to do. I'm using it to add rules to an ipfw table >> that is used in a deny-rule. >> >> Reloading the fw keeps the deny-rules, flushing the table deletes all >> blocked hosts without reloading the firewall. >> Both times a bonus. >> >> --WjW >> --WjW > That's why I was surprised too... .but it is what it is. > > I just rebuilt sshguard to use an ipfw table instead of hosts.allow, > since I use ipfw anyway for firewall/routing/ipsec/etc adding one line > up near the top of my ruleset to match against the table and send back a > reset (I'm considering black-holing attempts instead as that will slow > the clowncar brigade down and thus "helps" others) and resolved the issue. Right, That facility is in there because I suggested such, and provided example code. :) I just drop the packet, that'll give the average uneducated spammer at least one setup-time out to wait. > It's interesting that all of a sudden the clowncar folks figured out > that if they hit my email server with SSL they could then attempt an > auth. I have always had auth turned off for non-SSL connections for > obvious reasons (passing passwords around plain is bad news, yanno) and > until recently the clowns hadn't bothered with the overhead of setting > up SSL connections. > > That appears to now have changed, so I've seen more complaints about this on the sshguard list, and asking for matching rules that would block on SASL auth attempts. Dealing with spammers and hackers is always a leap-frog business. It works until they find a new angle. --WjW ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Postfix and tcpwrappers?
On 7/25/2016 14:48, Willem Jan Withagen wrote: > On 25-7-2016 19:32, Karl Denninger wrote: >> On 7/25/2016 12:04, Ronald Klop wrote: >>> On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger >>> <k...@denninger.net> wrote: >>> >>>> This may not belong in "stable", but since Postfix is one of the >>>> high-performance alternatives to sendmail >>>> >>>> Question is this -- I have sshguard protecting connections inbound, but >>>> Postfix appears to be ignoring it, which implies that it is not paying >>>> attention to the hosts.allow file (and the wrapper that enables it.) >>>> >>>> Recently a large body of clowncars have been targeting my sasl-enabled >>>> https gateway (which I use for client machines and thus do in fact need) >>>> and while sshguard picks up the attacks and tries to ban them, postfix >>>> is ignoring the entries it makes which implies it is not linked with the >>>> tcp wrappers. >>>> >>>> A quick look at the config for postfix doesn't disclose an obvious >>>> configuration solution....did I miss it? >>>> >>> Don't know if postfix can handle tcp wrappers, but I use bruteblock >>> [1] for protecting connections via the ipfw firewall. I use this for >>> ssh and postfix. > Given the fact that both tcpwrappers and postfix originate from the same > author (Wietse Venenma) I'd be very surprised it you could not do this. > http://www.postfix.org/linuxsecurity-200407.html > > But grepping the binary for libwrap it does seems to be the case. > Note that you can also educate sshguard to actually use a script to do > whatever you want it to do. I'm using it to add rules to an ipfw table > that is used in a deny-rule. > > Reloading the fw keeps the deny-rules, flushing the table deletes all > blocked hosts without reloading the firewall. > Both times a bonus. > > --WjW > --WjW That's why I was surprised too... .but it is what it is. I just rebuilt sshguard to use an ipfw table instead of hosts.allow, since I use ipfw anyway for firewall/routing/ipsec/etc adding one line up near the top of my ruleset to match against the table and send back a reset (I'm considering black-holing attempts instead as that will slow the clowncar brigade down and thus "helps" others) and resolved the issue. It's interesting that all of a sudden the clowncar folks figured out that if they hit my email server with SSL they could then attempt an auth. I have always had auth turned off for non-SSL connections for obvious reasons (passing passwords around plain is bad news, yanno) and until recently the clowns hadn't bothered with the overhead of setting up SSL connections. That appears to now have changed, so -- Karl Denninger k...@denninger.net <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix and tcpwrappers?
On 25-7-2016 19:32, Karl Denninger wrote: > On 7/25/2016 12:04, Ronald Klop wrote: >> On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger >> <k...@denninger.net> wrote: >> >>> This may not belong in "stable", but since Postfix is one of the >>> high-performance alternatives to sendmail >>> >>> Question is this -- I have sshguard protecting connections inbound, but >>> Postfix appears to be ignoring it, which implies that it is not paying >>> attention to the hosts.allow file (and the wrapper that enables it.) >>> >>> Recently a large body of clowncars have been targeting my sasl-enabled >>> https gateway (which I use for client machines and thus do in fact need) >>> and while sshguard picks up the attacks and tries to ban them, postfix >>> is ignoring the entries it makes which implies it is not linked with the >>> tcp wrappers. >>> >>> A quick look at the config for postfix doesn't disclose an obvious >>> configuration solutiondid I miss it? >>> >> >> Don't know if postfix can handle tcp wrappers, but I use bruteblock >> [1] for protecting connections via the ipfw firewall. I use this for >> ssh and postfix. Given the fact that both tcpwrappers and postfix originate from the same author (Wietse Venenma) I'd be very surprised it you could not do this. http://www.postfix.org/linuxsecurity-200407.html But grepping the binary for libwrap it does seems to be the case. Note that you can also educate sshguard to actually use a script to do whatever you want it to do. I'm using it to add rules to an ipfw table that is used in a deny-rule. Reloading the fw keeps the deny-rules, flushing the table deletes all blocked hosts without reloading the firewall. Both times a bonus. --WjW --WjW ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Postfix and tcpwrappers?
On 7/25/2016 14:38, Tim Daneliuk wrote: > On 07/25/2016 01:20 PM, Shawn Bakhtiar wrote: >> ecently a large body of clowncars have been targeting my sasl-enabled >> https gateway (which I use for client machines and thus do in fact need) >> and while sshguard picks up the attacks and tries to ban them, postfix >> is ignoring the entries it makes which implies it is not linked with the >> tcp wrappers. >> >> A quick look at the config for postfix doesn't disclose an obvious >> configuration solutiondid I miss it? >> > > You can more-or-less run anything from a wrapper if you don't daemonize it > and kick it off on-demand from inetd. Essentially, you have inetd.conf > configured with a stanza that - upon connection attempt - launches an > instance of your desired program (postfix in this case), if and only > if the hosts.allow rules are satisfied. > > This works nicely for smaller installations, but is very slow in high > arrival rate environments because each connection attempt incurs the full > startup overhead of the program you're running. > Tcpwrapper works with many persistent system services (sshd being a notable ones) and integrates nicely, so you can use hosts.allow. The package (or default build in ports) for sshguard uses the hosts.allow file. But, sshguard does know (if you build it by hand or use the right subport) how to insert into an ipfw table instead so I switched over to that. I was rather curious, however, if/why postfix wasn't integrated with the hosts.allow file as are many other system services (or if I just missed the config option to turn it on) since it's offered by FreeBSD as a "stock sendmail replacement" option for higher-volume (and more-secure) sites -- Karl Denninger k...@denninger.net <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix and tcpwrappers?
On 07/25/2016 01:20 PM, Shawn Bakhtiar wrote: > ecently a large body of clowncars have been targeting my sasl-enabled > https gateway (which I use for client machines and thus do in fact need) > and while sshguard picks up the attacks and tries to ban them, postfix > is ignoring the entries it makes which implies it is not linked with the > tcp wrappers. > > A quick look at the config for postfix doesn't disclose an obvious > configuration solutiondid I miss it? > You can more-or-less run anything from a wrapper if you don't daemonize it and kick it off on-demand from inetd. Essentially, you have inetd.conf configured with a stanza that - upon connection attempt - launches an instance of your desired program (postfix in this case), if and only if the hosts.allow rules are satisfied. This works nicely for smaller installations, but is very slow in high arrival rate environments because each connection attempt incurs the full startup overhead of the program you're running. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Postfix and tcpwrappers?
On Jul 25, 2016, at 10:32 AM, Karl Denninger <k...@denninger.net<mailto:k...@denninger.net>> wrote: On 7/25/2016 12:04, Ronald Klop wrote: On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger <k...@denninger.net<mailto:k...@denninger.net>> wrote: This may not belong in "stable", but since Postfix is one of the high-performance alternatives to sendmail Question is this -- I have sshguard protecting connections inbound, but Postfix appears to be ignoring it, which implies that it is not paying attention to the hosts.allow file (and the wrapper that enables it.) Recently a large body of clowncars have been targeting my sasl-enabled https gateway (which I use for client machines and thus do in fact need) and while sshguard picks up the attacks and tries to ban them, postfix is ignoring the entries it makes which implies it is not linked with the tcp wrappers. A quick look at the config for postfix doesn't disclose an obvious configuration solution....did I miss it? Don't know if postfix can handle tcp wrappers, but I use bruteblock [1] for protecting connections via the ipfw firewall. I use this for ssh and postfix. I recompiled sshguard to use ipfw and stuck the table lookup in my firewall config. works, and is software-agnostic (thus doesn't care if something was linked against tcpwrappers or not.) I would triple concur with the above advice. using ipfw is a much better choice (especially at high volume) as ipfw works primarily at layer 3 (and in the kernel itself), Where as tcp wrappers works at layer 7 (requiring application awareness). Here are the handbook references: https://www.freebsd.org/doc/handbook/tcpwrappers.html https://www.freebsd.org/doc/handbook/firewalls-ipfw.html -- Karl Denninger k...@denninger.net<mailto:k...@denninger.net> <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/ ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Postfix and tcpwrappers?
On 7/25/2016 12:04, Ronald Klop wrote: > On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger > <k...@denninger.net> wrote: > >> This may not belong in "stable", but since Postfix is one of the >> high-performance alternatives to sendmail >> >> Question is this -- I have sshguard protecting connections inbound, but >> Postfix appears to be ignoring it, which implies that it is not paying >> attention to the hosts.allow file (and the wrapper that enables it.) >> >> Recently a large body of clowncars have been targeting my sasl-enabled >> https gateway (which I use for client machines and thus do in fact need) >> and while sshguard picks up the attacks and tries to ban them, postfix >> is ignoring the entries it makes which implies it is not linked with the >> tcp wrappers. >> >> A quick look at the config for postfix doesn't disclose an obvious >> configuration solutiondid I miss it? >> > > Don't know if postfix can handle tcp wrappers, but I use bruteblock > [1] for protecting connections via the ipfw firewall. I use this for > ssh and postfix. > I recompiled sshguard to use ipfw and stuck the table lookup in my firewall config. works, and is software-agnostic (thus doesn't care if something was linked against tcpwrappers or not.) -- Karl Denninger k...@denninger.net <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Postfix and tcpwrappers?
On Mon, 25 Jul 2016 18:48:25 +0200, Karl Denninger <k...@denninger.net> wrote: This may not belong in "stable", but since Postfix is one of the high-performance alternatives to sendmail Question is this -- I have sshguard protecting connections inbound, but Postfix appears to be ignoring it, which implies that it is not paying attention to the hosts.allow file (and the wrapper that enables it.) Recently a large body of clowncars have been targeting my sasl-enabled https gateway (which I use for client machines and thus do in fact need) and while sshguard picks up the attacks and tries to ban them, postfix is ignoring the entries it makes which implies it is not linked with the tcp wrappers. A quick look at the config for postfix doesn't disclose an obvious configuration solutiondid I miss it? Don't know if postfix can handle tcp wrappers, but I use bruteblock [1] for protecting connections via the ipfw firewall. I use this for ssh and postfix. Regards, Ronald. [1] http://www.freshports.org/security/bruteblock/ ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Postfix and tcpwrappers?
This may not belong in "stable", but since Postfix is one of the high-performance alternatives to sendmail Question is this -- I have sshguard protecting connections inbound, but Postfix appears to be ignoring it, which implies that it is not paying attention to the hosts.allow file (and the wrapper that enables it.) Recently a large body of clowncars have been targeting my sasl-enabled https gateway (which I use for client machines and thus do in fact need) and while sshguard picks up the attacks and tries to ban them, postfix is ignoring the entries it makes which implies it is not linked with the tcp wrappers. A quick look at the config for postfix doesn't disclose an obvious configuration solutiondid I miss it? -- Karl Denninger k...@denninger.net <mailto:k...@denninger.net> /The Market Ticker/ /[S/MIME encrypted email preferred]/ smime.p7s Description: S/MIME Cryptographic Signature
Wrong security audit for mail/postfix ?
Hi, this morning I got for my mailservers # pkg audit postfix-2.11.4,1 is vulnerable: postfix -- plaintext command injection with SMTP over TLS CVE: CVE-2011-0411 WWW: http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html postfix-2.11.4,1 is vulnerable: Postfix -- memory corruption vulnerability CVE: CVE-2011-1720 WWW: http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html But this is a bug from 2011, and it's blocking new install or updates of postfix packages. Who should be warned of this? Thank you. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Wrong security audit for mail/postfix ?
On Mon, May 11, 2015 at 10:35 AM, olli hauer oha...@gmx.de wrote: Hi, Hi Cristiano, this should be fixed.meanwhile. Please run the command # pkg audit -F Confirmed, fixed. Thanks. -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/ ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Wrong security audit for mail/postfix ?
On May 11, 2015 9:38:46 AM CEST, Cristiano Deana cristiano.de...@gmail.com wrote: Hi, this morning I got for my mailservers # pkg audit postfix-2.11.4,1 is vulnerable: postfix -- plaintext command injection with SMTP over TLS CVE: CVE-2011-0411 WWW: http://vuxml.FreeBSD.org/freebsd/14a6f516-502f-11e0-b448-bbfa2731f9c7.html postfix-2.11.4,1 is vulnerable: Postfix -- memory corruption vulnerability CVE: CVE-2011-1720 WWW: http://vuxml.FreeBSD.org/freebsd/3eb2c100-738b-11e0-89f4-001e90d46635.html But this is a bug from 2011, and it's blocking new install or updates of postfix packages. Who should be warned of this? Thank you. Hi Cristiano, this should be fixed.meanwhile. Please run the command # pkg audit -F -- Regards, olli ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: Problem with postfix and mail command
Ruben Lara wrote: Hi all! I just installed postfix, after build world without sendmail If i try to send mail i get: mail# mail aaa Subject: a a . EOT mail# mail: /usr/sbin/sendmail: No such file or directory Event with WITHOUT_SENDMAIL=yes in /etc/src.conf, make installworld must create this symbolic links: # ls -l /usr/sbin/sendmail lrwxr-xr-x 1 root wheel 21 May 21 13:54 /usr/sbin/sendmail - /usr/sbin/mailwrapper Henri I edited: mail# cat /etc/mail/mailer.conf # # Execute the Postfix sendmail program, named /usr/local/sbin/sendmail # sendmail/usr/local/sbin/sendmail send-mail/usr/local/sbin/sendmail mailq/usr/local/sbin/sendmail newaliases/usr/local/sbin/sendmail mail# where actually i have my postfix esecutables Thanks for help in advance Rubén Lara _ ¡Acelera con la Fórmula 1! Juega y demuestra lo que sabes con MSN Deportes http://msn.es.predictorpro.com/grand-prix/overview.aspx?season=8 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Problem with postfix and mail command
Hi all! I just installed postfix, after build world without sendmail If i try to send mail i get: mail# mail aaa Subject: a a . EOT mail# mail: /usr/sbin/sendmail: No such file or directory I edited: mail# cat /etc/mail/mailer.conf # # Execute the Postfix sendmail program, named /usr/local/sbin/sendmail # sendmail/usr/local/sbin/sendmail send-mail/usr/local/sbin/sendmail mailq/usr/local/sbin/sendmail newaliases/usr/local/sbin/sendmail mail# where actually i have my postfix esecutables Thanks for help in advance Rubén Lara _ ¡Acelera con la Fórmula 1! Juega y demuestra lo que sabes con MSN Deportes http://msn.es.predictorpro.com/grand-prix/overview.aspx?season=8 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: postfix not starting
On Fri, 10 Aug 2007, Bill Smith wrote: Thanks Doug, I ran mergemaster (again), I seemed to have missed out FILESYSTEMS, my fault for not paying enough attention to detail and being in a hurry, which I am not usually. It is now fully functional. Glad it worked out for you! FWIW, I have the following in my .mergemasterrc file since pretty much day 1: AUTO_INSTALL=yes Might be worth a shot. Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
Doug Barton wrote: On Fri, 10 Aug 2007, Bill Smith wrote: Thanks Doug, I ran mergemaster (again), I seemed to have missed out FILESYSTEMS, my fault for not paying enough attention to detail and being in a hurry, which I am not usually. It is now fully functional. Glad it worked out for you! FWIW, I have the following in my .mergemasterrc file since pretty much day 1: AUTO_INSTALL=yes Might be worth a shot. Doug cheers, I will give that a crack! -- - Bill ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
On Thu, 9 Aug 2007, Bill Smith wrote: This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf For each of the scripts, what is the output of: /usr/local/etc/rc.d/SCRIPT rcvar Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf and sendmail is appropriately marked out, I have set up quite a few of these in the recent past. I assume it's postfix_enable=YES and yes for the other options and sendmail_enable=NONE? However neither amavis, clamav or postfix start automatically, they can all be started manually. I have turned on rc_debug, but they are not mentioned at all, their scripts are all in /usr/local/etc/rc.d. The only script mentioned in the debug output is fetchmail, which is not enabled in the rc.conf. They are all freshly install from ports. Where can I start looking to get this running? What does /usr/local/etc/rc.d/postfix rcvar say? -- regards Claus When lenity and cruelty play for a kingdom, the gentlest gamester is the soonest winner. Shakespeare ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
Norberto Meijome wrote: On Thu, 9 Aug 2007 22:46:06 +0100 Bill Smith [EMAIL PROTECTED] wrote: However neither amavis, clamav or postfix start automatically, they can all be started manually. you mean that postfix starts if you log in to the box and issue: /usr/local/etc/rc.d/postfix start yes, no problem at all shot in the dark ^2 : something missing in the environment provided by the rc subsystem but OK in your shell - paths ? library paths? _ {Beto|Norberto|Numard} Meijome Software is like sex, its better when its free Linus Torvalds I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- - Bill ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
Doug Barton wrote: On Thu, 9 Aug 2007, Bill Smith wrote: This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf For each of the scripts, what is the output of: /usr/local/etc/rc.d/SCRIPT rcvar Doug # amavisd $amavisd_enable=YES # clamav_clamd $clamav_clamd_enable=YES # clamav_freshclam $clamav_freshclam_enable=YES # postfix $postfix_enable=YES -- - Bill ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
On Fri, 10 Aug 2007, Bill Smith wrote: Doug Barton wrote: On Thu, 9 Aug 2007, Bill Smith wrote: This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf For each of the scripts, what is the output of: /usr/local/etc/rc.d/SCRIPT rcvar Doug # amavisd $amavisd_enable=YES # clamav_clamd $clamav_clamd_enable=YES # clamav_freshclam $clamav_freshclam_enable=YES # postfix $postfix_enable=YES Ok, this points to problems elsewhere in /etc. Try running mergemaster, and if that doesn't work, run it with -s to make sure nothing nasty has snuck in. Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
Doug Barton wrote: On Fri, 10 Aug 2007, Bill Smith wrote: Doug Barton wrote: On Thu, 9 Aug 2007, Bill Smith wrote: This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf For each of the scripts, what is the output of: /usr/local/etc/rc.d/SCRIPT rcvar Doug # amavisd $amavisd_enable=YES # clamav_clamd $clamav_clamd_enable=YES # clamav_freshclam $clamav_freshclam_enable=YES # postfix $postfix_enable=YES Ok, this points to problems elsewhere in /etc. Try running mergemaster, and if that doesn't work, run it with -s to make sure nothing nasty has snuck in. Doug Thanks Doug, I ran mergemaster (again), I seemed to have missed out FILESYSTEMS, my fault for not paying enough attention to detail and being in a hurry, which I am not usually. It is now fully functional. Thanks to everyone else who helped -- - Bill ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
postfix not starting
This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf and sendmail is appropriately marked out, I have set up quite a few of these in the recent past. However neither amavis, clamav or postfix start automatically, they can all be started manually. I have turned on rc_debug, but they are not mentioned at all, their scripts are all in /usr/local/etc/rc.d. The only script mentioned in the debug output is fetchmail, which is not enabled in the rc.conf. They are all freshly install from ports. Where can I start looking to get this running? -- Bill ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
On Thu, Aug 09, 2007 at 10:46:06PM +0100, Bill Smith wrote: This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf and sendmail is appropriately marked out, I have set up quite a few of these in the recent past. However neither amavis, clamav or postfix start automatically, they can all be started manually. I have turned on rc_debug, but they are not mentioned at all, their scripts are all in /usr/local/etc/rc.d. The only script mentioned in the debug output is fetchmail, which is not enabled in the rc.conf. They are all freshly install from ports. Where can I start looking to get this running? Sounds like a broken /etc/rc.subr. Are you sure you rebuilt the box correctly, following the procedures in /usr/src/Makefile in the correct order? mergemaster sounds like it may have been missed... Just a shot in the dark. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix not starting
On Thu, Aug 09, 2007 at 10:46:06PM +0100, Bill Smith wrote: This is a newly installed stable machine, cvsupped and rebuilt this weekend. I have installed postfix with amavisd-new and clamav. They are all set for startup in /etc/rc.conf and sendmail is appropriately marked out, I have set up quite a few of these in the recent past. However neither amavis, clamav or postfix start automatically, they can all be started manually. I have turned on rc_debug, but they are not mentioned at all, their scripts are all in /usr/local/etc/rc.d. The only script mentioned in the debug output is fetchmail, which is not enabled in the rc.conf. They are all freshly install from ports. Where can I start looking to get this running? Output of rcorder /etc/rc.d/* /usr/local/etc/rc.d/* would be where I'd look next. Probably save it to a file (normal stdout redirection). Peace, david -- David H. Wolfskill [EMAIL PROTECTED] Anything and everything is a (potential) cat toy. See http://www.catwhisker.org/~david/publickey.gpg for my public key. pgpJLBa9tKq2o.pgp Description: PGP signature
Re: postfix not starting
On Thu, 9 Aug 2007 22:46:06 +0100 Bill Smith [EMAIL PROTECTED] wrote: However neither amavis, clamav or postfix start automatically, they can all be started manually. you mean that postfix starts if you log in to the box and issue: /usr/local/etc/rc.d/postfix start shot in the dark ^2 : something missing in the environment provided by the rc subsystem but OK in your shell - paths ? library paths? _ {Beto|Norberto|Numard} Meijome Software is like sex, its better when its free Linus Torvalds I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Fwd: Problem with modern Postfix on 4.7
Begin forwarded message: From: Scott Harrison [EMAIL PROTECTED] Date: May 23, 2006 4:31:46 GMT+02:00 To: freebsd-stable@freebsd.org Subject: Problem with modern Postfix on 4.7 Hello, I am not sure if this is the proper place to ask. Please redirect as necessary. I have a FreeBSD 4.7 box that I have updated the ports files. I have tried to recompile Postfix with SASL2 and TLS and now my smtpd is crashing with a SIGBUS when a TLS connection comes in. Prior to upgrading the ports files all was working properly. I recompiled the projects that Postfix needed and the binary seems to be ok: mobius# ldd /usr/local/libexec/postfix/smtpd /usr/local/libexec/postfix/smtpd: libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x280a) libpam.so.1 = /usr/lib/libpam.so.1 (0x280b5000) libcrypt.so.2 = /usr/lib/libcrypt.so.2 (0x280bf000) libssl.so.4 = /usr/local/lib/libssl.so.4 (0x280d8000) libcrypto.so.4 = /usr/local/lib/libcrypto.so.4 (0x28112000) libpcre.so.0 = /usr/local/lib/libpcre.so.0 (0x28228000) libc.so.4 = /usr/lib/libc.so.4 (0x2823e000) mobius# ls -l /usr/local/lib/libsasl2.so.2 /usr/lib/libpam.so.1 / usr/lib/libcrypt.so.2 /usr/local/lib/libssl.so.4 /usr/local/lib/ libcrypto.so.4 /usr/local/lib/libpcre.so.0 /usr/lib/libc.so.4 -r--r--r-- 1 root wheel 574916 Oct 9 2002 /usr/lib/libc.so.4 -r--r--r-- 1 root wheel28432 Oct 9 2002 /usr/lib/libcrypt.so.2 -r--r--r-- 1 root wheel38396 Oct 9 2002 /usr/lib/libpam.so.1 -r--r--r-- 1 root wheel 1339626 May 22 19:53 /usr/local/lib/ libcrypto.so.4 -rwxr-xr-x 1 root wheel87652 May 22 20:41 /usr/local/lib/ libpcre.so.0 -rwxr-xr-x 1 root wheel91881 May 22 20:15 /usr/local/lib/ libsasl2.so.2 -r--r--r-- 1 root wheel 264102 May 22 19:53 /usr/local/lib/ libssl.so.4 mobius# Is there some issue with updating the ports files? Any other suggestions? TIA, It turns out that the openssl port is not building properly, getting lots of lines like this: libssl.a(ssl_asn1.o): In function `d2i_SSL_SESSION': ssl_asn1.o(.text+0x9f9): undefined reference to `memcpy' ssl_asn1.o(.text+0xa78): undefined reference to `memcpy' ssl_asn1.o(.text+0xb40): undefined reference to `memcpy' ssl_asn1.o(.text+0xcda): undefined reference to `time' ssl_asn1.o(.text+0x1140): undefined reference to `memcpy' libssl.a(bio_ssl.o): In function `ssl_read': bio_ssl.o(.text+0x201): undefined reference to `time' libssl.a(bio_ssl.o): In function `ssl_write': bio_ssl.o(.text+0x361): undefined reference to `time' libssl.a(bio_ssl.o): In function `ssl_ctrl': bio_ssl.o(.text+0x6d6): undefined reference to `time' And running make test results in a problem: starting big number library test, could take a while... test BN_add test BN_sub test BN_lshift1 test BN_lshift (fixed) test BN_lshift test BN_rshift1 test BN_rshift test BN_sqr Bus error (core dumped) *** Error code 138 Stop in /usr/ports/security/openssl/work/openssl-0.9.8a/test. *** Error code 1 Stop in /usr/ports/security/openssl/work/openssl-0.9.8a. *** Error code 1 Stop in /usr/ports/security/openssl. There was a suggestion on the web indicating that binutils is the problem and that that should be updated. However, I do not know the proper way to go about updating binutils. Can someone please tell me how to do it or point me to a resource that does? TIA, -- ·ѕђѪё ·ѣѺѦѕѩѯ Scott Harrison ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fwd: Problem with modern Postfix on 4.7
Scott Harrison [EMAIL PROTECTED] writes: There was a suggestion on the web indicating that binutils is the problem and that that should be updated. However, I do not know the proper way to go about updating binutils. Can someone please tell me how to do it or point me to a resource that does? NOTE I haven't tried to understand all of your two posts. The easiest solution is probably to update FreeBSD 4.X using the official ways described in the handbook, I'd suggest using 4.11, as 4.10 is about to be discontinued, and kernel and base system security fixes are only provided for 4.10 and 4.11 at this time. The ports tree has been requiring FreeBSD 4.8 at a minimum for a very long time now, and I'd expect that even that it requires 4.11 soon enough. -- Matthias Andree ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fwd: Problem with modern Postfix on 4.7
On Tue, May 23, 2006 at 11:02:38AM +0200, Matthias Andree wrote: Scott Harrison [EMAIL PROTECTED] writes: There was a suggestion on the web indicating that binutils is the problem and that that should be updated. However, I do not know the proper way to go about updating binutils. Can someone please tell me how to do it or point me to a resource that does? NOTE I haven't tried to understand all of your two posts. The easiest solution is probably to update FreeBSD 4.X using the official ways described in the handbook, I'd suggest using 4.11, as 4.10 is about to be discontinued, and kernel and base system security fixes are only provided for 4.10 and 4.11 at this time. The ports tree has been requiring FreeBSD 4.8 at a minimum for a very long time now, and I'd expect that even that it requires 4.11 soon enough. Or even better, upgrade to 6.x which is the current supported system. For those still on 4.x, please see http://www.freebsd.org/portmgr/policies_releng_4.html -erwin -- Erwin Lansing http://droso.org Security is like an onion. (o_ _o) It's made up of several layers \\\_\ /_///[EMAIL PROTECTED] And it makes you cry.) ([EMAIL PROTECTED] pgpIlTFLVCAB2.pgp Description: PGP signature
Problem with modern Postfix on 4.7
Hello, I am not sure if this is the proper place to ask. Please redirect as necessary. I have a FreeBSD 4.7 box that I have updated the ports files. I have tried to recompile Postfix with SASL2 and TLS and now my smtpd is crashing with a SIGBUS when a TLS connection comes in. Prior to upgrading the ports files all was working properly. I recompiled the projects that Postfix needed and the binary seems to be ok: mobius# ldd /usr/local/libexec/postfix/smtpd /usr/local/libexec/postfix/smtpd: libsasl2.so.2 = /usr/local/lib/libsasl2.so.2 (0x280a) libpam.so.1 = /usr/lib/libpam.so.1 (0x280b5000) libcrypt.so.2 = /usr/lib/libcrypt.so.2 (0x280bf000) libssl.so.4 = /usr/local/lib/libssl.so.4 (0x280d8000) libcrypto.so.4 = /usr/local/lib/libcrypto.so.4 (0x28112000) libpcre.so.0 = /usr/local/lib/libpcre.so.0 (0x28228000) libc.so.4 = /usr/lib/libc.so.4 (0x2823e000) mobius# ls -l /usr/local/lib/libsasl2.so.2 /usr/lib/libpam.so.1 /usr/ lib/libcrypt.so.2 /usr/local/lib/libssl.so.4 /usr/local/lib/ libcrypto.so.4 /usr/local/lib/libpcre.so.0 /usr/lib/libc.so.4 -r--r--r-- 1 root wheel 574916 Oct 9 2002 /usr/lib/libc.so.4 -r--r--r-- 1 root wheel28432 Oct 9 2002 /usr/lib/libcrypt.so.2 -r--r--r-- 1 root wheel38396 Oct 9 2002 /usr/lib/libpam.so.1 -r--r--r-- 1 root wheel 1339626 May 22 19:53 /usr/local/lib/ libcrypto.so.4 -rwxr-xr-x 1 root wheel87652 May 22 20:41 /usr/local/lib/ libpcre.so.0 -rwxr-xr-x 1 root wheel91881 May 22 20:15 /usr/local/lib/ libsasl2.so.2 -r--r--r-- 1 root wheel 264102 May 22 19:53 /usr/local/lib/ libssl.so.4 mobius# Is there some issue with updating the ports files? Any other suggestions? TIA, -- ·ѕђѪё ·ѣѺѦѕѩѯ Scott Harrison ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.4 postfix no longer logging
On Thu, 27 Apr 2006, David Nugent wrote: Short answer - check: a) syslogd b) /etc/syslog.conf [snip] Restarting syslogd did the trick. I'm not sure why it got into a funky state, but it's working now. Thanks for the push in the right direction! -- -Jason - --- There are no ABSOLUTE STATEMENTS I'm very probably wrong. --- The difference between genius and stupidity is that genius has its limits. - Albert Einstein ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.4 postfix no longer logging
jason wrote: At some point in the last couple of weeks postfix on my 5.4-RELEASE system stopped logging to /var/log/maillog. The only thing in there now (and for all of the saved maillog files) is the turnover timestamp. Any suggestions where to look? Short answer - check: a) syslogd b) /etc/syslog.conf Long answer: syslogd is the logger daemon, and postfix will be logging through that. # /etc/rc.d/syslogd restart may fix the problem right there. Check /var/log/messages for any errors in syslogd startup. It may have crashed at some point or failed to start because of a serious syntax error in /etc/syslog.conf. If syslogd is running ok and working for the rest of the system, then double check /etc/syslog.conf to see where mail facility logging is directed (the default is /var/log/maillog, but that could have been changed or the line deleted). Check any settings in postfix for syslog facility (should be 'mail') and priority (if exists), match these against the filters in /etc/syslog.conf to make sure they are high enough to be logged. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
5.4 postfix no longer logging
At some point in the last couple of weeks postfix on my 5.4-RELEASE system stopped logging to /var/log/maillog. The only thing in there now (and for all of the saved maillog files) is the turnover timestamp. Any suggestions where to look? Thanks! -- -Jason - --- There are no ABSOLUTE STATEMENTS I'm very probably wrong. --- The difference between genius and stupidity is that genius has its limits. - Albert Einstein ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix and faststart
On Mon, 9 Jan 2006, Vivek Khera wrote: On Jan 8, 2006, at 3:00 AM, Doug Barton wrote: This idea has been discussed in the past, and it has a lot of merit. I tend to have a fundamental opposition to adding new pseudo-targets unless they are ABSOLUTELY necessary, since they add complexity to the system and reduce flexibility with ordering. However, this may actually be a case where it's both useful and worth the cost. It would certainly get rid of the need for naming the startup scripts like 000.foo.sh to force it to happen. Where the client scripts are doing nothing but ldconfig'ing a set of directories, a mechanism to obsolete those scripts altogether has already been committed to HEAD. Florent is working on the code to support this in bsd.port.mk, and we'll MFC after that's ready. For other issues related to ordering, the proper REQUIRE, and when necessary BEFORE lines _should_ be able to prevent the need for a pseudo-target, the only question being when do we cross the point that doing it without a pseudo-target is harder and hurts more than adding one. Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix and faststart
On Jan 8, 2006, at 3:00 AM, Doug Barton wrote: This idea has been discussed in the past, and it has a lot of merit. I tend to have a fundamental opposition to adding new pseudo- targets unless they are ABSOLUTELY necessary, since they add complexity to the system and reduce flexibility with ordering. However, this may actually be a case where it's both useful and worth the cost. It would certainly get rid of the need for naming the startup scripts like 000.foo.sh to force it to happen. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix and faststart
On Thu, Jan 05, 2006 at 12:05:08PM -0200, Carlos Fernando Assis Paniago wrote: Hi: after the last cvsup, my FreeBSD 6.0, i386 is not capable to start postfix. I'm using the link in the /usr/local/etc/rc.d/postfix.sh to start the postfix program. Looking in the code, I saw that we need to change this in a file in /usr/local/etc/postfix/postfix-script to have the faststart flag.. Someone else find this problem? -- Paniago -- Carlos F. A. Paniago [EMAIL PROTECTED] http://www.cnptia.embrapa.br/ Fone: +55 (19) 3789-5815 Hello, You have probably merged the mailer.conf when you have done a new world. Look at /etc/mail/mailer.conf if its look like the following lines. # # Execute the Postfix sendmail program, named /usr/local/sbin/sendmail # sendmail/usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail By the way, my postfix is started at boot in using rc.conf This starts sendmail with the -bd flag who launch postfix sendmail_enable=YES sendmail_flags=-bd These lines disables others sendmail daemons sendmail_submit_enable=NO sendmail_outbound_enable=NO sendmail_msp_queue_enable=NO If you want to start postfix after to be log in, just use postfix start I hope that help you. Sincerely yours, Ulrich Blondel ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix and faststart
Doug, I will add your rcNG script in mail/postfix* Thanks Doug Barton wrote: Carlos Fernando Assis Paniago wrote: Hi: after the last cvsup, my FreeBSD 6.0, i386 is not capable to start postfix. I'm using the link in the /usr/local/etc/rc.d/postfix.sh to start the postfix program. Looking in the code, I saw that we need to change this in a file in /usr/local/etc/postfix/postfix-script to have the faststart flag.. Someone else find this problem? The way that it is suggested to start postfix in the pkg-message (by placing a link to /usr/local/sbin/postfix in /usr/local/etc/rc.d) is no longer valid with the new rc.d code in -stable. I've attached a script that works for me to start and stop postfix. Please remove the symlink you have in /usr/local/etc/rc.d now, and put this script in its place. Make sure that the script is executable (chmod 755 /usr/local/etc/rc.d/postfix.sh), then 'echo postfix_enable=yes /etc/rc.conf.local' and reboot. Then please let us know for sure that this worked for you. If the maintainer would like help including this in the port, I'd be glad to do so. If you want to create the update yourself, take a look at ports/misc/compat5x to see how to integrate this, or I'd be glad to work on it with you. hth, Doug #!/bin/sh # # $FreeBSD$ # # PROVIDE: postfix # REQUIRE: DAEMON # KEYWORD: shutdown # # Define these postfix_* variables in one of these files: # /etc/rc.conf # /etc/rc.conf.local # /etc/rc.conf.d/postfix # # DO NOT CHANGE THESE DEFAULT VALUES HERE # postfix_enable=${postfix_enable-NO} . /etc/rc.subr name=postfix rcvar=`set_rcvar` start_cmd=${name}_start stop_cmd=${name}_stop postfix_start() { /usr/local/sbin/postfix start } postfix_stop() { /usr/local/sbin/postfix stop } load_rc_config ${name} run_rc_command $1 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- Marcus Alves Grando marcus(at)corp.grupos.com.br | Grupos Internet S/A mnag(at)FreeBSD.org | FreeBSD.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix and faststart
Marcus Alves Grando wrote: Doug, I will add your rcNG script in mail/postfix* I think the port should also depend on a database server, if it has been compiled with one or any other of the supported configuration options. I'm not sure if this can be dynamically generated based on ports configuration though. P.S. I actually have a busy mail server on 5.4 where postfix starts first and all lookups are done via mysql, so i get a bunch of errors in the logs before mysql starts. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix and faststart
Mike Jakubik wrote: Marcus Alves Grando wrote: Doug, I will add your rcNG script in mail/postfix* Excellent! I think the port should also depend on a database server, if it has been compiled with one or any other of the supported configuration options. I'm not sure if this can be dynamically generated based on ports configuration though. If you look at misc/compat5x you can see how I made some elements of the script conditional. It also helps to read the information about SUB-FILES in bsd.port.mk. It's actually quite a flexible system. I'll be glad to help with any questions, or send mail to [EMAIL PROTECTED] P.S. I actually have a busy mail server on 5.4 where postfix starts first and all lookups are done via mysql, so i get a bunch of errors in the logs before mysql starts. Well this sounds like a timely change then. :) Doug -- This .signature sanitized for your protection ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix and faststart
Hi: after the last cvsup, my FreeBSD 6.0, i386 is not capable to start postfix. I'm using the link in the /usr/local/etc/rc.d/postfix.sh to start the postfix program. Looking in the code, I saw that we need to change this in a file in /usr/local/etc/postfix/postfix-script to have the faststart flag.. Someone else find this problem? -- Paniago -- Carlos F. A. Paniago[EMAIL PROTECTED] http://www.cnptia.embrapa.br/ Fone: +55 (19) 3789-5815 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
postfix patch error?
Hello it is JOhn again. I dont know if you are going to get this. But whatever. I have sent alot of emails to you so far. I dont know if they have reached. Since i forgot you email and i have been frantically trying to get it. I actually heard one of your songs that i thought that was pretty good. Snowflake or something like that. Well anyway hopefully this one will reach you. I am tired of typing. Call me 630 595 0283 ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error in mail/postfix (port tag=.)
On Sat, 25 Dec 2004, Huynh Van Chung wrote: Please help me. I have some problems when make in /usr/ports/mail/postfix. This my system: 5.3-RELEASE-p2 sparc64 And the postfix port is upgraded at ports-supfile with tag=. Huynh Van Chung vnfreebsd:/usr/ports/mail/postfix% sudo make -DBATCH POSTFIX_OPTIONS=DB3 IPv6TLS SPF install clean === Extracting for postfix-2.1.5_1,1 Checksum OK for postfix/postfix-2.1.5.tar.gz. Checksum OK for postfix/tls+ipv6-1.25-pf-2.1.5.patch.gz. Checksum OK for postfix/postfix-libspf2-2.1.5-5.patch. === Patching for postfix-2.1.5_1,1 echo bodySee A HREF=header_checks.5.htmlheader_checks.5.html/A/BODY /usr/ports/mail/postfix/work/postfix-2.1.5/html/body_checks.5.html === Applying distribution patches for postfix-2.1.5_1,1 1 out of 6 hunks failed--saving rejects to src/smtpd/smtpd.c.rej *** Error code 1 Stop in /usr/ports/mail/postfix. *** Error code 1 Stop in /usr/ports/mail/postfix. Hmm, may be something was wrong with the tls patch. Try to build without TLS then. - With best regards, |The Power to Serve Nguyen Tam Chinh| http://www.FreeBSD.org Loc: sp.cs.msu.ru | http://chinhngt.svmgu.com | http://www.gnu.org/copyleft/copyleft.html ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error in mail/postfix (port tag=.)
On Sat, 25 Dec 2004 11:55:32 +0300 (MSK) Nguyen Tam Chinh [EMAIL PROTECTED] wrote: On Sat, 25 Dec 2004, Huynh Van Chung wrote: Please help me. I have some problems when make in /usr/ports/mail/postfix. This my system: 5.3-RELEASE-p2 sparc64 And the postfix port is upgraded at ports-supfile with tag=. Huynh Van Chung vnfreebsd:/usr/ports/mail/postfix% sudo make -DBATCH POSTFIX_OPTIONS=DB3 IPv6TLS SPF install clean === Extracting for postfix-2.1.5_1,1 Checksum OK for postfix/postfix-2.1.5.tar.gz. Checksum OK for postfix/tls+ipv6-1.25-pf-2.1.5.patch.gz. Checksum OK for postfix/postfix-libspf2-2.1.5-5.patch. === Patching for postfix-2.1.5_1,1 echo bodySee A HREF=header_checks.5.htmlheader_checks.5.html/A/BODY /usr/ports/mail/postfix/work/postfix-2.1.5/html/body_checks.5.html === Applying distribution patches for postfix-2.1.5_1,1 1 out of 6 hunks failed--saving rejects to src/smtpd/smtpd.c.rej *** Error code 1 Stop in /usr/ports/mail/postfix. *** Error code 1 Stop in /usr/ports/mail/postfix. Hmm, may be something was wrong with the tls patch. Try to build without TLS then. - With best regards, |The Power to Serve Nguyen Tam Chinh| http://www.FreeBSD.org Loc: sp.cs.msu.ru | http://chinhngt.svmgu.com | http://www.gnu.org/copyleft/copyleft.html ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] I have tried again. And I see not because of TLS, it is postfix-libspf2-2.1.5-5.patch. Now I successfully installed with: sudo make -DBATCH POSTFIX_OPTIONS=DB3 IPv6TLS install clean Thank your reply. Huynh Van Chung ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Error in mail/postfix (port tag=.)
That's because of your options are TLS+SPF. Or compile postfix without SPF support, and try mail/policyd Patch for postfix TLS+SPF: http://intranet.grupos.com.br:8080/~marcus/patch/postfix2.patch Regards Huynh Van Chung wrote: Please help me. I have some problems when make in /usr/ports/mail/postfix. This my system: 5.3-RELEASE-p2 sparc64 And the postfix port is upgraded at ports-supfile with tag=. Huynh Van Chung vnfreebsd:/usr/ports/mail/postfix% sudo make -DBATCH POSTFIX_OPTIONS=DB3 IPv6TLS SPF install clean === Extracting for postfix-2.1.5_1,1 Checksum OK for postfix/postfix-2.1.5.tar.gz. Checksum OK for postfix/tls+ipv6-1.25-pf-2.1.5.patch.gz. Checksum OK for postfix/postfix-libspf2-2.1.5-5.patch. === Patching for postfix-2.1.5_1,1 echo bodySee A HREF=header_checks.5.htmlheader_checks.5.html/A/BODY /usr/ports/mail/postfix/work/postfix-2.1.5/html/body_checks.5.html === Applying distribution patches for postfix-2.1.5_1,1 1 out of 6 hunks failed--saving rejects to src/smtpd/smtpd.c.rej *** Error code 1 Stop in /usr/ports/mail/postfix. *** Error code 1 Stop in /usr/ports/mail/postfix. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED] -- Marcus Grando Grupos Internet S/A marcus(at)corp.grupos.com.br ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Error in mail/postfix (port tag=.)
Please help me. I have some problems when make in /usr/ports/mail/postfix. This my system: 5.3-RELEASE-p2 sparc64 And the postfix port is upgraded at ports-supfile with tag=. Huynh Van Chung vnfreebsd:/usr/ports/mail/postfix% sudo make -DBATCH POSTFIX_OPTIONS=DB3 IPv6TLS SPF install clean === Extracting for postfix-2.1.5_1,1 Checksum OK for postfix/postfix-2.1.5.tar.gz. Checksum OK for postfix/tls+ipv6-1.25-pf-2.1.5.patch.gz. Checksum OK for postfix/postfix-libspf2-2.1.5-5.patch. === Patching for postfix-2.1.5_1,1 echo bodySee A HREF=header_checks.5.htmlheader_checks.5.html/A/BODY /usr/ports/mail/postfix/work/postfix-2.1.5/html/body_checks.5.html === Applying distribution patches for postfix-2.1.5_1,1 1 out of 6 hunks failed--saving rejects to src/smtpd/smtpd.c.rej *** Error code 1 Stop in /usr/ports/mail/postfix. *** Error code 1 Stop in /usr/ports/mail/postfix. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hardcoded krb reference in ports/postfix
On Tuesday 01 July 2003 20:11, Vivek Khera wrote: MS == Melvyn Sopacua [EMAIL PROTECTED] writes: MS I kept the logic and applied the right actions for the postfix Makefile.inc. MS It's attached as patch, but I can do a send-pr if you prefer. Cool. Thanks. I'll add this (and an adapted version for SASL1) for the postfix 2.0.13 update. Ok, here's the proper patch. The single quotes are necessary, since make(1) doesn't understand numerical comparisons, so you need the variable as variable. I don't see any harm in ${PORTSDIR} being available as it's value in Makefile.inc, so I didn't bother there. Hope this helps you better :) -- Melvyn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hardcoded krb reference in ports/postfix
On Tuesday 01 July 2003 20:10, Vivek Khera wrote: MS == Melvyn Sopacua [EMAIL PROTECTED] writes: MS You removed a very relevant piece from my original mail: MS Since sysutils/libchk doesn't report this as unreferenced ... MS I don't use kerberos, but that apparently doesn't mean, there aren't libraries MS still linked with it. Maybe, when I have time on my hands, I'll sort out the MS 4.2 legacy stuff or even re-install my machine, but in the meanwhile, a knob MS is very welcome. There is not a single binary on your system that references libkrb.a. It just isn't possible. That's right, it's an archive, but the shared counterparts are there too. So some app some where, prolly wants to use those. -- Melvyn ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Hardcoded krb reference in ports/postfix
From: Vivek Khera [EMAIL PROTECTED] MS == Melvyn Sopacua [EMAIL PROTECTED] writes: MS AFAIK - my /usr/lib/libkrb.a stems from the 4.2-RELEASE cd install I started MS this comp with (it's dated Nov 2000) and thus hasn't been updated since and Then delete the file. If it exists, it is assumed you use kerberos in the current 4.x releases. It doesn't exist otherwise. Patches to alter the bahavior are welcome, if you don't agree with this. I had to deal with this problem in the security/cyrus-sasl port where /usr/lib/krb.a existed but the user didn't want it or needs to use the krb4 port due to Kerberos IV is no longer in -CURRENT. I use the following, which allows -CURRENT and -STABLE users to use the security/krb4 port, or use Kerberos IV libraries that is built during a buildworld on on systems who's OSVERSION is + 500105: # KERBEROS 4 was removed in FreeBSD 5.0-CURRENT .if ${OSVERSION} 500105 .if defined(WITH_KERBEROS4) LIB_DEPENDS+= krb.2:${PORTSDIR}/security/krb4 CONFIGURE_ARGS+=--enable-krb4=${LOCALBASE}/krb4 .else CONFIGURE_ARGS+=--disable-krb4 EBONES= @comment .endif .elif exists(/usr/lib/libkrb.a) defined(MAKE_KERBEROS4) !defined(WITHOUT_KERBEROS4) CONFIGURE_ARGS+=--enable-krb4 .elif !exists(/usr/lib/libkrb.a) defined(WITH_KERBEROS4) LIB_DEPENDS+= krb.2:${PORTSDIR}/security/krb4 CONFIGURE_ARGS+=--enable-krb4=${LOCALBASE}/krb4 .else CONFIGURE_ARGS+=--disable-krb4 EBONES= @comment .endif I use two *_KERBEROS4 variables: WITH_KERBEROS4-CURRENT: Selects the security/krb4 port -STABLE: Selects the security/krb4 port if /usr/lib/libkrb.a dosen't exist. WITHOUT_KERBEROS4OSVERSION = 500105: Used to deselect Kerberos IV if MAKE_KERBEROS4 is defined in /etc/make.conf. Scot ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix patch error?
On Thu, Jun 19, 2003 at 10:20:39PM -0500, Rick Flosi wrote: I was doing 'make install clean' for the 'instant-workstation' port and ended up with the following error. Does anyone know how to fix this error? It looks like you have extra files in your ports tree, possibly because of local changes or updating the ports tree incorrectly using cvsup. How does one figure out how to solve these problems when they occur? See the cvsup FAQ on www.polstra.com, Q12 and Q13 for information on how to cvsup your ports tree correctly after installation. Kris pgp0.pgp Description: PGP signature
postfix
Hello, I have a system running Postfix. I would like to use it with SSL. It works fine, but I have one problem. At /usr/local/lib/sasl2/smtpd.conf there is a line: mech_list: plain login I think this means that when he sends the mail and logs in the login procedure is not secure. How can I make it secure. I tried mech_list: saslauthd login, but it didn't work out. Do you have a guess how can I make the login procedure secure as well? Nowdays I get this error message: postfix/smtpd[31997]: unable to dlopen /usr/local/lib/sasl2/libkerberos4.so: /usr/local/lib/sasl2/libkerberos4.so: Undefined symbol des_pcbc_encrypt Why is this? Thanks... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postfix
Kovács Péter [EMAIL PROTECTED] writes: I have a system running Postfix. I would like to use it with SSL. It works fine, but I have one problem. This question is better asked on the postfix-users mailing list. Check http://www.postfix.org/ for directions (AND READ THEM CAREFULLY!) -- Matthias Andree ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to [EMAIL PROTECTED]
mysql+cyrus-imap+postfix auth help
hi,all: after successed setup mysql+cyrus-imap+cyrus-sasl+postfix. I found that have only one chioce of use pam_module auth or the system's PAM auth with postfix.if use the pam_module's auth the system's user can not use postfix. if use the system's auth , the mysql's virtual users can not use the postfix. any ideas? any help with appriates To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: postfix within jail under FreeBSD 4.5
On Mon, Apr 29, 2002 at 09:37:33AM -0500, Albert Everett wrote: I while back someone wrote in that postfix doesn't work (without the right patch) inside jails under FreeBSD 4.5. Has there been any change in status on this issue? I'm running it in several jails under 4.4 as we speak. I did set inet_interfaces = $myhostname (leaving off localhost,) though. -- Denny Reiter [EMAIL PROTECTED] So I don't hurt your feelings:[EMAIL PROTECTED] www.scapegoats.org Have you reconsidered a computer career? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
FW: Re: info about postfix pickup/ cleanup problems unexpected EOF in data
I'm not sure exaclty who this should go to, but it sounds like if its a bug we want to fix it before -RELEASE - Forwarded message from Wietse Venema [EMAIL PROTECTED] - Date: Sat, 22 Dec 2001 17:51:20 -0500 (EST) From: [EMAIL PROTECTED] (Wietse Venema) To: [EMAIL PROTECTED] Subject: Re: info about postfix pickup/ cleanup problems unexpected EOF in data X-Mailer: ELM [version 2.4ME+ PL82 (25)] Sender: [EMAIL PROTECTED] Dec 17 22:41:33 www postfix/pickup[71879]: E9B0464C19: uid=1000 from=lisa Dec 17 22:57:29 www postfix/pickup[71879]: fatal: watchdog timeout Dec 17 22:57:30 www postfix/pickup[74015]: 5ACED64C1C: uid=1000 from=lisa Dec 17 23:14:09 www postfix/pickup[74015]: fatal: watchdog timeout The Postfix watchdog timer is supposed to go off after $daemon_timeout seconds, which is several hours by default. I suspect a FreeBSD 4.4-PRERELEASE bug. Wietse - To unsubscribe, send mail to [EMAIL PROTECTED] with content (not subject): unsubscribe postfix-users - End forwarded message - -- David W. Chapman Jr. [EMAIL PROTECTED] Raintree Network Services, Inc. www.inethouston.net [EMAIL PROTECTED] FreeBSD Committer www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message
Re: FW: Re: info about postfix pickup/ cleanup problems unexpected EOF in data
This is a 4.4-PRERELEASE box, with an Aug 12th kernel, which I am currently upgrading to 4.5-PRERELEASE because I feel I should argue with the master on this one but I need to make sure my ducks are in a row first. I don't think he read the full message I sent. He's a busy guy. On Sat, Dec 22, 2001 at 04:53:18PM -0600, David W. Chapman Jr. wrote: I'm not sure exaclty who this should go to, but it sounds like if its a bug we want to fix it before -RELEASE - Forwarded message from Wietse Venema [EMAIL PROTECTED] - Date: Sat, 22 Dec 2001 17:51:20 -0500 (EST) From: [EMAIL PROTECTED] (Wietse Venema) To: [EMAIL PROTECTED] Subject: Re: info about postfix pickup/ cleanup problems unexpected EOF in data X-Mailer: ELM [version 2.4ME+ PL82 (25)] Sender: [EMAIL PROTECTED] Dec 17 22:41:33 www postfix/pickup[71879]: E9B0464C19: uid=1000 from=lisa Dec 17 22:57:29 www postfix/pickup[71879]: fatal: watchdog timeout Dec 17 22:57:30 www postfix/pickup[74015]: 5ACED64C1C: uid=1000 from=lisa Dec 17 23:14:09 www postfix/pickup[74015]: fatal: watchdog timeout The Postfix watchdog timer is supposed to go off after $daemon_timeout seconds, which is several hours by default. I suspect a FreeBSD 4.4-PRERELEASE bug. -- Scott Lambert KC5MLEUnix SysAdmin -- Looking for work. [EMAIL PROTECTED] http://www.lambertfam.org/~lambert/resume.html 2.5 years Sr. SysAdmin experience with FreeBSD in small medium size ISPs. The last 5 months have included exposure to Solaris 7, True64 5, and Linux. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-stable in the body of the message