majordomo archive-index command? (possibly OT)
I'm not sure which list would be the proper place for this question. I get the pre-dawn digest of the misc list. Sometimes I want to reply to a particular post, but since it is in a digest form, I can't pick a specific post to reply to. So, I figured that majordomo could possibly have a feature by which I could get a particular posted message sent to me individually. Looking through the Mailing Lists link and clicking around I go to the page where some of the majordomo commands are explained[1]. Specifically, I found that the archive-index command would return me a list of posts with their message numbers, which I could then use with archive-get command to retrieve the specific message as a separate email. Well, the problem is a) I don't understand these commands as explained on the help page[1] and/or b) these commands are not enabled for non-administrative users (as the respond to my archive-index command states). Help? :-) --patrick [1] http://lists.openbsd.org/cgi-bin/mj_wwwusr?user=passw=list=GLOBALfunc=helpextra=archive Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Carp, isakmpd sasyncd
Hey Steve, I have two logical external firewalls, each configured as 3.8-stable HA pairs using PFSync, CARP, SASync etc. One my first firewall I see exactly this with 1 VPN terminating to a Checkpoint R60 (NGX) HA Cluster. However the VPN is 100% stable and VPN fail over works 9 out of 10 times, on the 10th occasion failover appears to work but no traffic flows. On my second firewall I see no such entries, 3 x VPN's 2 terminating on a GNAT1000 boxes (FreeSwan?) the other a single 3.8-stable box. 100% stable VPN failover works everytime. I have used the traditional isakmpd.conf method of configuring the VPN's. In both cases the OBSD boxes replaced Checkpoint R55 boxes, during my extensive testing with a R55 box at one end, non HA and OBSD at the other I again saw no such entries. I therefore wonder if it could be a R60 thing or a CP HA thing? What IPSec device(s) are at the other end of your VPN(s)? Steven S wrote: Are these messages normal for a carped pair of firewalls running isakmpd with sasyncd (3.8-stable)? FW1/master - /var/log/message: Mar 16 01:37:40 fw1 isakmpd[32692]: message_recv: invalid cookie(s) 222729dc227c8f28 a0d29ef92ee65243 Mar 16 01:37:40 fw1 isakmpd[32692]: dropped message from x1.x2.x3.178 port 500 due to notification type INVALID_COOKIE Mar 16 01:37:45 fw1 isakmpd[32692]: message_recv: invalid cookie(s) 222729dc227c8f28 a0d29ef92ee65243 Mar 16 01:37:45 fw1 isakmpd[32692]: dropped message from x1.x2.x3.178 port 500 due to notification type INVALID_COOKIE FW2/backup - /var/log/message: Mar 16 01:35:49 fw2 isakmpd[5980]: transport_send_messages: giving up on exchange ISAKMP-peer, no response from peer x1.x2.x3.178:500 Mar 16 01:37:49 fw2 isakmpd[5980]: transport_send_messages: giving up on exchange ISAKMP-peer, no response from peer x1.x2.x3.178:500 -Steve S.
php install error
HI, I'm trying to install php-core-4.4.1 but got this error: # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/ # pkg_add php4-core-4.4.1p0.tgz Can't install php4-core-4.4.1p0.tgz: lib not found intl.2.0 Even by looking in the dependency tree: gettext-0.14.5p1, recode-3.6p2, libiconv-1.9.2p1, expat-1.95.6p1 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. # Thanks in advance -- Jinxi Cheng,
Re: Reminder about the X Aperture
On Wed, Mar 15, 2006 at 03:09:01PM -0500, Will H. Backman wrote: Daniel Ouellet wrote: Sorry for my ignorance on the subject and this issue and the use of X all together. Not critical what so ever by any long shoot, but I was curious as to if there is some window manage that actually DO NOT need any of the X stuff all together? Meaning something that obviously will not be like KDE, or GNome for sure, not even remotely close to it, but anything like that, that works well and don't need ANY X stuff? Don't need or use the aperture stuff as well? I hope my question make some kind of senses. What's your favorite if any actually exists? Thanks Daniel PS: I guess my total ignorance on that specific subject show right! (: The only one that comes to mind is screen, but I don't think it is what you are looking for. There are some 'more graphical' X alternatives too, but they are not exactly widely used. Search freshmeat - there is at least one, picogui, that looks like it could have been somewhat promising when it was abandoned by its author. No idea if it even compiles nowadays, especially on OpenBSD, though. And I don't know how this thing talks to video cards. Theo seems to indicate that working with video cards pretty much requires a good dose of 'evil'. Joachim
LSI SAS1064 support in OpenBSD?
Hi. I'm looking at using SunFire X4200's for a few infrastructure servers, but without support for the onboard LSI SAS1064 there's not much point in trying. Is anyone working on supporting the SAS-versions of the LSI controllers at the moment, or should I look for a different server for the time being? -- Regards/Thomas A. Frederiksen LinuxForum 2006, http://linuxforum.dk/2006 - did I see you there?
Re: Carp, isakmpd sasyncd
On 3/16/06, Steven S [EMAIL PROTECTED] wrote: Are these messages normal for a carped pair of firewalls running isakmpd with sasyncd (3.8-stable)? This happened to me until I changed the default lifetimes in isakmpd.conf. I have a road-runner setup, so exchanges are always initiated by the remote peer. What happened after a fail-over was that the Main Mode exchange was still valid, but isakmpd on the new master didn't have a clue (sasyncd has nothing to do with isakmpd). Setting Default-phase-1-lifetime Default-phase-2-lifetime forces a new main mode exchange in case of a fail-over. /martin FW1/master - /var/log/message: Mar 16 01:37:40 fw1 isakmpd[32692]: message_recv: invalid cookie(s) 222729dc227c8f28 a0d29ef92ee65243 Mar 16 01:37:40 fw1 isakmpd[32692]: dropped message from x1.x2.x3.178 port 500 due to notification type INVALID_COOKIE Mar 16 01:37:45 fw1 isakmpd[32692]: message_recv: invalid cookie(s) 222729dc227c8f28 a0d29ef92ee65243 Mar 16 01:37:45 fw1 isakmpd[32692]: dropped message from x1.x2.x3.178 port 500 due to notification type INVALID_COOKIE FW2/backup - /var/log/message: Mar 16 01:35:49 fw2 isakmpd[5980]: transport_send_messages: giving up on exchange ISAKMP-peer, no response from peer x1.x2.x3.178:500 Mar 16 01:37:49 fw2 isakmpd[5980]: transport_send_messages: giving up on exchange ISAKMP-peer, no response from peer x1.x2.x3.178:500 -Steve S.
Re: php install error
On Thu, Mar 16, 2006 at 11:49:38AM +0100, Jinxi Cheng wrote: HI, I'm trying to install php-core-4.4.1 but got this error: # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/3.8/packages/i386/ # pkg_add php4-core-4.4.1p0.tgz Can't install php4-core-4.4.1p0.tgz: lib not found intl.2.0 Even by looking in the dependency tree: gettext-0.14.5p1, recode-3.6p2, libiconv-1.9.2p1, expat-1.95.6p1 Maybe it's in a dependent package, but not tagged with @lib ? (check with pkg_info -K -L) If you are still running 3.6 packages, update them. # Thanks in advance -- Jinxi Cheng, Looks like you have installed some packages from the snapshots tree and some from 3.8. This does not work... gettext-0.14.5p1 (contains libintl) is not available in 3.8 and php4-core depends on an older version. If you run version 3.8, delete all packages and reinstall them afterwards from. (Ok, you might not need to delete all, but pretty much anything relies on gettext and who knows what else you have installed...) If you're running a snapshot, try to compile it yourself from the ports tree. Binary packages are not available around release time. Btw: http://www.openbsd.org/faq/faq15.html#NoFun Tobias
ulimits tuning
Hi, Can anyone tell me how the ulimits specified in the default login.conf are derrived? Is it worth changing them if I have one or two+ gigs of ram? I'd also like to force users to play nicer with each other in terms of resources. Some are running things which spawn dozens of hungry processes. However, it looks like most of these limits are on a per process rather than per user basis (AFAICT; the man pages don't say a lot) and don't cause graceful degredation when they're reached. I'm guessing these are really just a safety net to catch run-away processes. Is there any better way to do this sort of thing? Thanks MikeG
Re: ulimits tuning
On 16/03/06, MikeyG [EMAIL PROTECTED] wrote: Hi, Can anyone tell me how the ulimits specified in the default login.conf are derrived? Is it worth changing them if I have one or two+ gigs of ram? I'd also like to force users to play nicer with each other in terms of resources. Some are running things which spawn dozens of hungry processes. However, it looks like most of these limits are on a per process rather than per user basis (AFAICT; the man pages don't say a The limits are on processes within that specific session group of processes, as far as I understand. lot) and don't cause graceful degredation when they're reached. I'm guessing these are really just a safety net to catch run-away processes. Is there any better way to do this sort of thing? I usually play within the limits so I don't often run into them. How would you define graceful degradation when exceeding the alotted memory allocation limit or the limit for the number of processes? Is this (or, should this be) a feature of the OS, the shell, or of the process being limited. I have a feeling that if the process doesn't itself gracefully cope with limits, then there is not very much to be done... Thanks MikeG Andreas -- Andreas Kahari
Re: ulimits tuning
On Thu, Mar 16, 2006 at 01:39:01PM +, Andreas Kahari wrote: On 16/03/06, MikeyG [EMAIL PROTECTED] wrote: Hi, Can anyone tell me how the ulimits specified in the default login.conf are derrived? Is it worth changing them if I have one or two+ gigs of ram? I'd also like to force users to play nicer with each other in terms of resources. Some are running things which spawn dozens of hungry processes. However, it looks like most of these limits are on a per process rather than per user basis (AFAICT; the man pages don't say a The limits are on processes within that specific session group of processes, as far as I understand. lot) and don't cause graceful degredation when they're reached. I'm guessing these are really just a safety net to catch run-away processes. Is there any better way to do this sort of thing? I usually play within the limits so I don't often run into them. How would you define graceful degradation when exceeding the alotted memory allocation limit or the limit for the number of processes? Is this (or, should this be) a feature of the OS, the shell, or of the process being limited. I have a feeling that if the process doesn't itself gracefully cope with limits, then there is not very much to be done... Actually, soft limits are useful to the point that people will notice that they are using too much resources, but can still complete what they want (but not very much more). Joachim
PF and Content Vectoring Protocol
Hi, Is there any project, idea, document, etc about a project to add CVP (Content Vectoring Protocol) into pf? I'm asking this because I work on an anti-virus company that develops solutions based on CVP -- now supporting Checkpoint and Cyberguard -- and we will be very pleased to recommend OpenBSD's PF for use with our products. For technical off-topic discutions, please contact me directly. Regards, -- Eduardo Alvarenga
art(4): Link change recorded where?
Hello, I'm trying to get a better idea about how my stuff performs, and are now looking for ideas on where any changes on art(4) interfaces are recorded. Can we please have some general play loud option that would send everything to syslog using eg. kern.info? Seeing malloc() failures is probably a good thing, but a better thing is seeing a line flap if it does, possibly with a differentiation between local and remote end. Offhand, I don't see anything to this effect in the code (CVS), but that may well be me. Thank you! Best, --Toni++
Re: art(4): Link change recorded where?
On 2006/03/16 16:14, Toni Mueller wrote: I'm trying to get a better idea about how my stuff performs, and are now looking for ideas on where any changes on art(4) interfaces are recorded. Can we please have some general play loud option that would send everything to syslog using eg. kern.info? The general interface is 'ifconfig xxx debug' - I don't know if art(4) logs anything special.
Spam (solutions) and some other practical issues
I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). I also have a small bug report. What is the best method of submitting it? Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. Yours, Gabriel George POPA
Adaptec AIC-7902W Controller
Can't understan is this the same as AIC-7902 or no? If no, will it work or no? :)
Re: Netbeans on jdk-5 OpenBSD
Edd Barrett wrote: Hello all, Soon I am required to write some java GUI's using netbeans for my university degree, so I have jumped ahead of the game and downloaded it and got it running on OpenBSD using kurt's port of jdk-5 (many thanks ;) ). However unfortunatley there appears to be some kind of display error / character encoding issue in the compile window. http://arameus.net/users/edd/dump/nb.jpg I have tried all sorts of combinations of LC_ALL and LANG, but no cigar. Also I tried the --locale switch of netbeans itself and changing fonts in options settings. Any Ideas? There's not much to go by. :( Can you make a minimal test program to reproduce the problem? Also, patchset 3 for 1.5 is close to being released. It contains one fix that might effect this. I'll update our port when it becomes available. -Kurt
Re: art(4): Link change recorded where?
On Thu, Mar 16, 2006 at 04:14:34PM +0100, Toni Mueller wrote: Hello, I'm trying to get a better idea about how my stuff performs, and are now looking for ideas on where any changes on art(4) interfaces are recorded. Can we please have some general play loud option that would send everything to syslog using eg. kern.info? Seeing malloc() failures is probably a good thing, but a better thing is seeing a line flap if it does, possibly with a differentiation between local and remote end. Offhand, I don't see anything to this effect in the code (CVS), but that may well be me. Link state changes are generally not logged by the kernel. Only lmc(4) and sppp(4) tend to fill the syslog with useless status messages. The other interfaces I use seem to behave. If link state changes need to be logged than it should be done in an interface independent way so that all interface will profit from it. It should be no issue to track the interface state in userland by listening on the routing socket. -- :wq Claudio
Re: art(4): Link change recorded where?
On Thu, Mar 16, 2006 at 03:24:02PM +, Stuart Henderson wrote: On 2006/03/16 16:14, Toni Mueller wrote: I'm trying to get a better idea about how my stuff performs, and are now looking for ideas on where any changes on art(4) interfaces are recorded. Can we please have some general play loud option that would send everything to syslog using eg. kern.info? The general interface is 'ifconfig xxx debug' - I don't know if art(4) logs anything special. I would not do that as the sppp(4) code is super verbose if debug is turned on. It logs every keepalive and other control messages and so fills your log very fast. -- :wq Claudio
Re: art(4): Link change recorded where?
Perhaps ifstated(8) can help, though I'm not sure. -p.
Re: Adaptec AIC-7902W Controller
On Thu, Mar 16, 2006 at 05:31:01PM +0200, edgarz wrote: Can't understan is this the same as AIC-7902 or no? If no, will it work or no? :) Without knowing anything about it, could it be that one is for 'normal' (50-pin) SCSI and the other for 'wide' (68-pin) SCSI? Joachim
Re: Spam (solutions) and some other practical issues
On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote: I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? Yes, produce a more precise question - I'm afraid we can't do much without a more detailed report. FWIW, I have SpamAssassin running from amavisd, in conjunction with Postfix, and that works fine. 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? spamd(8) uses greylisting, mostly. As to blacklists, they need to be updated pretty often; search for DNSRBL and similar. This is far superior to static blacklisting. Do note that spamd(8) needs some help from pf(4) to do any good. 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). To the best of my knowledge, no. 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). The most reliable solution is to build your own release, on another machine, and update using that. Aside from rebooting to load the new kernel, this works flawlessly on (almost - as in, there are probably race conditions but I've never seen them) every try. See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release) for building your own release. It's really quite easy. I also have a small bug report. What is the best method of submitting it? sendbug(1), usually. Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. That could be quite helpful, too, if done properly. Or so I believe... Joachim
Re: art(4): Link change recorded where?
I'm trying to get a better idea about how my stuff performs, and are now looking for ideas on where any changes on art(4) interfaces are recorded. Can we please have some general play loud option that would send everything to syslog using eg. kern.info? Seeing malloc() failures is probably a good thing, but a better thing is seeing a line flap if it does, possibly with a differentiation between local and remote end. Offhand, I don't see anything to this effect in the code (CVS), but that may well be me. Link state changes are generally not logged by the kernel. Only lmc(4) and sppp(4) tend to fill the syslog with useless status messages. The other interfaces I use seem to behave. If link state changes need to be logged than it should be done in an interface independent way so that all interface will profit from it. I agree with Claudio that network interfaces should be as silent as possible. They are network interfaces, not chatter boxes. It should be no issue to track the interface state in userland by listening on the routing socket. man route, and read up on 'show'
RAIDframe partitioning choices...
Since I'm in the process of setting up a file server for an office and I'm wondering which is the better RAID 1 layout, particularly in the event of component failure. Current I've setup choice 2 below, but after having read man raidctl again, they mention choice 1. Which would be the better choice for performance? for recovery? 1) Many partitions that are RAIDs: wd0a | wd1a OpenBSD installations with RAID kernel. wd0d | wd1d raid0 / wd0e | wd1e raid1 swap wd0f | wd1f raid2 /tmp wd0g | wd1g raid3 /var wd0h | wd1h raid4 /usr 2) One single large RAID partition, sub partitioned: wd0a | wd1a OpenBSD installations with RAID kernel. wd0e | wd1e raid0 raid0a / raid0b swap raid0e /tmp raid0f /var raid0g /usr -- Anthony C Howe Skype: SirWumpusSnertSoft +33 6 11 89 73 78 AIM: SirWumpusSendmail Milter Solutions http://www.snert.com/ ICQ: 7116561 http://www.snertsoft.com/
Re: Spam (solutions) and some other practical issues
Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. I have procmail installed (I'll try to use amavisd). I use Sendmail (the idea is to get used to the most terrifying mail server and then switch to a newer one). I will work on the source code with great care when the time comes... Regarding that sysctl: shouldn't we add it? Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. The bug report is about a small condition: I was adding a user when the root partition filled (I was transferring some data by NFS). The processes failed, /etc/passwd and /etc/master.passwd got out of sync and I couldn't use userdel or useradd (from what I remember) anymore. The solution was to delete the line that represented the user in /etc/master.passwd (that line was not present in /etc/passwd). (I don't remember very well what happened there, but I'm not planning to reproduce this). Maybe the program/script for adding users should have a lock or something like that (the 2 files should be modified at the same time) - anyway, it's hard to imagine such a situation in real conditions. Yours in BSDness, Gabriel George POPA Joachim Schipper wrote: On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote: I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? Yes, produce a more precise question - I'm afraid we can't do much without a more detailed report. FWIW, I have SpamAssassin running from amavisd, in conjunction with Postfix, and that works fine. 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? spamd(8) uses greylisting, mostly. As to blacklists, they need to be updated pretty often; search for DNSRBL and similar. This is far superior to static blacklisting. Do note that spamd(8) needs some help from pf(4) to do any good. 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). To the best of my knowledge, no. 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). The most reliable solution is to build your own release, on another machine, and update using that. Aside from rebooting to load the new kernel, this works flawlessly on (almost - as in, there are probably race conditions but I've never seen them) every try. See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release) for building your own release. It's really quite easy. I also have a small bug report. What is the best method of submitting it? sendbug(1), usually. Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. That could be quite helpful, too, if done properly. Or so I believe... Joachim
Re: Spam (solutions) and some other practical issues
Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. I have procmail installed (I'll try to use amavisd). I use Sendmail (the idea is to get used to the most terrifying I am using sendmail, procmail, and SpamAssassin, so I know it works (and it works well). Is your sendmail configured to use procmail for local delivery? -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Spam (solutions) and some other practical issues
Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. You have to tell sendmail to pass the message to procmail. See the part about sendmail.cf in procmail's manpage. Regarding that sysctl: shouldn't we add it? Thats not how it works here. Either you write a patch or stop complaining about the lack of features. Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. OpenBSD doesn't supply binary patches, and this isn't going to change. See the archives for more information. Good luck, Hans
Re: LSI SAS1064 support in OpenBSD?
Is anyone working on supporting the SAS-versions of the LSI controllers at the moment, or should I look for a different server for the time being? AFAIK, dlg@ is working on it.
Re: Spam (solutions) and some other practical issues
Hi, On 2006-03-16T18:38, Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. are you sure that you start /usr/local/bin/spamd and not spamd(8)? hth, Marcus.
buf_read dhclient
Hi list I just replaced an i386/3.4 box by another running 3.8 with GENERIC kernel . The box is getting its external ip from ISP using dhclient. Randomly the /var/log/daemon shows something that confuse me a bit: I see time to time this line: natbox dhclient[12860]: buf_read (connection closed): Connection refused And time to time this one: natbox dhclient[19726]: buf_read (connection closed): Undefined error: 0 The external nic is an pcn0: pcn0 at pci0 dev 17 function 0 AMD 79c970 PCnet-PCI rev 0x25, Am79c971, rev 5: irq 9, address 00:60:b0:c2:2c:01 lxtphy0 at pcn0 phy 1: LXT970 10/100 PHY, rev. 0 ukphy0 at pcn0 phy 31: Generic IEEE 802.3u media interface The box just run pf and nothing else. Does someone have any idea about the randomness and the issue itself ? THanks in advance ~~ http://www.chatou-informatic.com Maintenance, infogerance, interventions sur site, telemaintenance
Re: Spam (solutions) and some other practical issues
I found valuable suggestions in your messages. I am sure at least one of them will work (you mentioned things I never thought of). On the other hand, you don't need to get upset. I was not complaining. I will write this sysctl (if only I knew how...). If you point me to some documentation on this topic I will write it. My idea was that maybe it would be better if a person with experience would write this. There's no problem, I will write it (again: point me some documentation). I will repeat: I was not complaining; I know that a lot of smart people are complaining here, but I'm not one of them. Just a suggestion: maybe The OpenBSD project would make some money if they provide binary patches (just like SuSE) - for source patches you don't have to pay, while a sort of affiliation is needed for binary patches (some money required). I think there are a lot of people that will pay for a real FAST update... Respectfully yours, Gabriel George POPA Hans van Leeuwen wrote: Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. You have to tell sendmail to pass the message to procmail. See the part about sendmail.cf in procmail's manpage. Regarding that sysctl: shouldn't we add it? Thats not how it works here. Either you write a patch or stop complaining about the lack of features. Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. OpenBSD doesn't supply binary patches, and this isn't going to change. See the archives for more information. Good luck, Hans
Re: Spam (solutions) and some other practical issues
On 3/16/06, Gabriel George POPA [EMAIL PROTECTED] wrote: Just a suggestion: maybe The OpenBSD project would make some money if they provide binary patches (just like SuSE) - for source patches you don't have to pay, while a sort of affiliation is needed for binary patches (some money required). I think there are a lot of people that will pay for a real FAST update... You're not the first one to think of this and you won't be the last. You've already been told once that it's not going to happen so just drop it. Nothing annoys people more than being told what they should be doing when they've already said that they won't be doing it. Greg
Re: Netbeans on jdk-5 OpenBSD
On 3/16/06, Kurt Miller [EMAIL PROTECTED] wrote: There's not much to go by. :( Can you make a minimal test program to reproduce the problem? Unfortunatley Im very new to Java and dont know the inner workings of netbeans, but you should be able to repro it by downloading netbeans and just trying to compile hello world from within the IDE. I dont see this error on my own swing apps. Also, patchset 3 for 1.5 is close to being released. It contains one fix that might effect this. I'll update our port when it becomes available. Great Ill be giving that a go. On a note that you may find interesting, I attended JavaUK06 yesterday and asked one of the developers if there was any possibility of removing the click thrus. He said unfortunately it was not an option because you have to agree to the license ( which we already knew). Oh well. =( -Kurt Regards Edd
Re: Security tools
On Wed, 15 Mar 2006, Gaby vanhegan wrote: Hi, I'm running 3.6 (yes, due for an upgrade) and I keep getting hit by some hackers that are using a bug I can't track down to download perl scripts into /tmp: SNIPPED 1. How do I find out their attack vector? I have had a nessus scan performed on the machine, but it did not present any security (I can supply on request). I've checked the security releases in security.html and there are no pertinent ones for httpd. Snort has provided little useful information (I can provide access to the snort logs if required). Would you be running phpbb? It bit my ass in a very similar fashion.
Re: Netbeans on jdk-5 OpenBSD
On 3/16/06, Henry Lenzi [EMAIL PROTECTED] wrote: Soon I am required to write some java GUI's using netbeans for my university degree, so I have jumped ahead of the game and downloaded it and got it running on OpenBSD using kurt's port of jdk-5 (many thanks ;) ). However Where can I find this? I searched the list archives but didn't see anything. TIA Do you mean jdk5 or netbeans? Netbeans - www.netbeans.org (not ported) jdk5 - /usr/ports/devel/jdk Regards Edd
Re: Reminder about the X Aperture
No idea if it even compiles nowadays, especially on OpenBSD, though. And I don't know how this thing talks to video cards. Theo seems to indicate that working with video cards pretty much requires a good dose of 'evil'. May be we just run a workstation dedicated to remotely connect to other workstations, or servers that run X server only where it's needed and that have no video card in these servers or workstations! (: May be I will just continue and stick with the ssh terminal only. Thanks.
Re: Reminder about the X Aperture
On 16/03/06, Daniel Ouellet [EMAIL PROTECTED] wrote: May be we just run a workstation dedicated to remotely connect to other workstations, or servers that run X server only where it's needed and that have no video card in these servers or workstations! (: Ugh, you aren't supposed to run the X server on the server machine, it's meant to be run on the client machine aka workstation, if at all. :)
Re: Reminder about the X Aperture
Constantine A. Murenin wrote: On 16/03/06, Daniel Ouellet [EMAIL PROTECTED] wrote: May be we just run a workstation dedicated to remotely connect to other workstations, or servers that run X server only where it's needed and that have no video card in these servers or workstations! (: Ugh, you aren't supposed to run the X server on the server machine, it's meant to be run on the client machine aka workstation, if at all. :) Well you see my total ignorance on that. So, I have my answer for sure. Stay away from X stupid! (: May be one day I will try, but it look less and less likely specially with the evil in it. I don't need any of that. Thanks for your inside and to show me the way out!!! (:
Re: Carp, isakmpd sasyncd
Simon Slaytor wrote: I have two logical external firewalls, each configured as 3.8-stable HA pairs using PFSync, CARP, SASync etc. ... I have used the traditional isakmpd.conf method of configuring the VPN's. In both cases the OBSD boxes replaced Checkpoint R55 boxes, during my extensive testing with a R55 box at one end, non HA and OBSD at the other I again saw no such entries. I therefore wonder if it could be a R60 thing or a CP HA thing? What IPSec device(s) are at the other end of your VPN(s)? ... Theo's e-mail wasn't too encouraging, but I have VPN's with both a Cisco PIX and another OpenBSD 3.8 box. The OpenBSD box is the one I'm getting the most logs for. -Steve S.
Re: Spam (solutions) and some other practical issues
On Thu, Mar 16, 2006 at 06:38:46PM +0200, Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Okay. For clarity, as Marcus pointed out, spamd(8) is part of OpenBSD, and SpamAssassin and all parts will be referred to as 'SpamAssassin'. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. I have procmail installed (I'll try to use amavisd). I use Sendmail (the idea is to get used to the most terrifying mail server and then switch to a newer one). I will work on the source code with great care when the time comes... This should work, really, provided that procmail is set up properly. Regarding that sysctl: shouldn't we add it? It might be nice to have, but it's more of a security feature than a real security enhancement. Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. ISTR binary patches being available by certain workarounds - searching misc@ might turn up more. The bug report is about a small condition: I was adding a user when the root partition filled (I was transferring some data by NFS). The processes failed, /etc/passwd and /etc/master.passwd got out of sync and I couldn't use userdel or useradd (from what I remember) anymore. The solution was to delete the line that represented the user in /etc/master.passwd (that line was not present in /etc/passwd). (I don't remember very well what happened there, but I'm not planning to reproduce this). Maybe the program/script for adding users should have a lock or something like that (the 2 files should be modified at the same time) - anyway, it's hard to imagine such a situation in real conditions. This is quite possible, but pwd_mkdb(8) could be used to fix the problem once enough space was available. Of course, in the meanwhile, bad things happen - but that's almost always the case if / gets full. Joachim Joachim Schipper wrote: On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote: I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? Yes, produce a more precise question - I'm afraid we can't do much without a more detailed report. FWIW, I have SpamAssassin running from amavisd, in conjunction with Postfix, and that works fine. 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? spamd(8) uses greylisting, mostly. As to blacklists, they need to be updated pretty often; search for DNSRBL and similar. This is far superior to static blacklisting. Do note that spamd(8) needs some help from pf(4) to do any good. 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). To the best of my knowledge, no. 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). The most reliable solution is to build your own release, on another machine, and update using that. Aside from rebooting to load the new kernel, this works flawlessly on (almost - as in, there are probably race conditions but I've never seen them) every try. See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release) for building your own release. It's really quite easy. I also have a small bug
Re: Reminder about the X Aperture
On Thu, Mar 16, 2006 at 02:40:45PM -0500, Daniel Ouellet wrote: No idea if it even compiles nowadays, especially on OpenBSD, though. And I don't know how this thing talks to video cards. Theo seems to indicate that working with video cards pretty much requires a good dose of 'evil'. May be we just run a workstation dedicated to remotely connect to other workstations, or servers that run X server only where it's needed and that have no video card in these servers or workstations! (: May be I will just continue and stick with the ssh terminal only. That would make the workstation - which would be running the X server - a quite interesting target. Not that good an idea, I think. Then again, don't overestimate the danger of X either - it's certainly an interesting way of breaking into a system, and might be dangerous given the proper set of circumstances, but for many systems more conventional attacks (like weak passwords+sshd) are more deserving of our worries. Joachim
Problem to read dvd on openbsd!
Hi all, I'd like to know if anyone could help on the following problem: 1. First I've copied the contents of a DVD to my HD 2. After copying I've burned the DVD, as it is specified in the official OpenBSD FAQ. Everything works fine. 3. When it comes to use the DVD for playing with gmplayer or in any other DVD equipment an error occurs. Using gmplayer, the error message is Can't open VGM info!. Has anyone ever experienced this problem? Could please anyone help me? Thanks. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: Reminder about the X Aperture
snip modern PC video card architecture containing a large quantity of PURE EVIL. This joke has a whole new meaning... http://ctrlaltdel-online.com/comic.php?d=20021029 As an aside, there are no alternative windows systems that are functional or secure?
problem compiling PHP5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here's what I've got 1. OpenBSD 3.8 2. Apache 2 3. MySQL 5 (Static Libraries) 4. PHP5 PROBLEM 1. Configured PHP with apxs2 and --with-mysql=/usr/local/mysql 2. make works fine. No error message. 3. make install can't find libphp5.so 4. I configured without MySQL support and everything works. I also did a test with PHP4. Same problem. If I add mysql support it can't find libphp4.so. What's going on here and how do I fix the problem? - -- You can get my public PGP key at https://keyserver.pgp.com http://www.digitaloverload.net Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEGeAW+rNhalK/8UURAuEzAJ4jJHHgW0sOuXav3ASqUlfdWem5YgCfVTLv ZNwoqn9bDB5z+zcAW/u/KVc= =/Fce -END PGP SIGNATURE-
Re: Reminder about the X Aperture
On Thu, Mar 16, 2006 at 01:56:44PM -0800, A Rossi wrote: snip modern PC video card architecture containing a large quantity of PURE EVIL. This joke has a whole new meaning... http://ctrlaltdel-online.com/comic.php?d=20021029 As an aside, there are no alternative windows systems that are functional or secure? Use a -current Zaurus. And I think you mean functional AND secure. =) -Ray-
Re: Reminder about the X Aperture
On 2006/03/16 13:56, A Rossi wrote: snip modern PC video card architecture containing a large quantity of PURE EVIL. This joke has a whole new meaning... http://ctrlaltdel-online.com/comic.php?d=20021029 As an aside, there are no alternative windows systems that are functional or secure? There are alternative window systems that are far worse (e.g. some popular system runs hw-vendor-supplied video drivers, quite often of low quality, in ring 0 to improve performance [1]) but it's the way that the video card architecture works, not the way that the windowing system works, that's the problem. [1] http://arstechnica.com/news.ars/post/20051216-5788.html
Re: problem compiling PHP5
On Thu, Mar 16, 2006 at 01:00:54PM -0900, Damien Hull wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here's what I've got 1. OpenBSD 3.8 2. Apache 2 3. MySQL 5 (Static Libraries) 4. PHP5 PROBLEM 1. Configured PHP with apxs2 and --with-mysql=/usr/local/mysql 2. make works fine. No error message. 3. make install can't find libphp5.so 4. I configured without MySQL support and everything works. I also did a test with PHP4. Same problem. If I add mysql support it can't find libphp4.so. What's going on here and how do I fix the problem? How about pkg_add(1)? Joachim
binpatch, was: Spam (solutions) and [...]
Hi,
Gabriel George POPA wrote on Thu, Mar 16, 2006 at 05:26:01PM +0200:
4) I've heard about binpatch and I've tried to use it once
(I must apply some security/reliability patches here).
For me it's impractical to recompile the entire system
You need not recompile the entire system in order to apply patches
to a -release system. You only need to recompile those parts of
the system actually affected by the respective patches.
Each patch contains instructions which parts of the system
you need to recompile in order to apply it properly.
These instructions cite the cd, patch and make commands
you need to type.
(I have the power to do that, I did it a million times on FreeBSD,
but now I'm running a production system and I'm afraid that I should
spoil some settings).
You need not be afraid. Compiling (official) patches on a production
system will not spoil settings. Of course, if you would edit random
files in /usr/src before applying the patches, you might well spoil
things. So just refrain from doing that...
[ concerning binpatch ]
I saw that you must edit a Makefile (it seems rather complicated).
I don't know how to edit this
Usually, you need not edit the whole Makefile, but just the patch
targets at the bottom. If translating the instructions in the
patches into targets in the Makefile looks complicated to you,
you should probably not be using binpatch.
By the way, as far as i see,
http://openbsdbinpatch.sourceforge.net/Makefile.sample
appears to be currently up-to-date. But don't rely on that.
In any case, you ought to be able to verify the correctness of the
Makefile before using binpatch.
(how can I learn to modify it
Er, well, the Makefile is supposed to be self-documented.
For details about the implementation of the shortcuts,
e.g. ${_build}, read the file bsd.binpatch.mk.
Note that usually, you are *much* safer applying patches
on each individual machine using the official procedure
supported by the OpenBSD project - in particular in case
you don't feel at ease with make(1).
I know only two good reasons why you might want to use binpatch:
- You have a server where you cannot compile patches due to
lack of resources. If that is the cause for you, migrating
to more powerful hardware might be a safer option - note
that even an old PI or PII box is usually sufficient for
compiling patches.
- You have so many servers that compiling on all of them
will take too much of your time. Clearly, anybody running
a large number of servers should not feel scared by using
basic tools like make(1) - or will be in for trouble sooner
or later, anyway.
Yours,
Ingo
Re: problem compiling PHP5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joachim Schipper wrote: On Thu, Mar 16, 2006 at 01:00:54PM -0900, Damien Hull wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here's what I've got 1. OpenBSD 3.8 2. Apache 2 3. MySQL 5 (Static Libraries) 4. PHP5 PROBLEM 1. Configured PHP with apxs2 and --with-mysql=/usr/local/mysql 2. make works fine. No error message. 3. make install can't find libphp5.so 4. I configured without MySQL support and everything works. I also did a test with PHP4. Same problem. If I add mysql support it can't find libphp4.so. What's going on here and how do I fix the problem? How about pkg_add(1)? Joachim I installed the ports tree and didn't see apache2. That's why I compiled from source. I could try installing mysql from the ports tree and then install PHP5. However, compiling from source should work. - -- You can get my public PGP key at https://keyserver.pgp.com http://www.digitaloverload.net Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEGhLL+rNhalK/8UURAj7pAJ0bcxDhlUI7GBmJdgiZs1qW0e4xTACfaR/D nrX86iBy7Kiokf3ry9i/v8k= =Mi0j -END PGP SIGNATURE-
How to use ccd(4) for mirroring?
This page http://www.openbsd.org/faq/faq14.html#RAID briefly mentions that ccd(4) could be used for mirroring. OpenBSD 3.7-stable and later also includes mirroring as a feature of the ccd(4) driver. This system is built into the GENERIC kernel and is in the bsd.rd kernel of some platforms (amd64, hppa, hppa64, i386), so it can be much easier to use, though it has some limitations regarding rebuilding the array. I've read the related man pages, but I can not find any details on what the limitations are concerning rebuilding an array nor what is involved to do so. Is the lack of information the limitation? -- Anthony C Howe Skype: SirWumpusSnertSoft +33 6 11 89 73 78 AIM: SirWumpusSendmail Milter Solutions http://www.snert.com/ ICQ: 7116561 http://www.snertsoft.com/
Re: USB Scanner question
Selon Denny White [EMAIL PROTECTED]:
team. :-) I know the obsd os supports scanners, but I can't
seem to find a good recommendation. I also don't understand
OpenBSD should support pretty much any scanner that SANE supports.
backends, but it's not in my /usr/ports/graphics. Is this
because I'm running _3_8 not current, or could I be doing
Yes, sane-{backends,frontends} was imported after 3.8 was released.
GENERIC kernel with very little change. I think the only change
I did to it was to enable DUMMY_NOPS which it comments as
You're running an unsupported kernel.
So, just need some input on any luck anyone has had with usb scanners.
I, for one, am very happy with my Epson USB scanner. I can scan via USB and via
the LAN too.
Any input greatly appreciated.
If you want to install SANE on OpenBSD, you can either :
- grab the -current port and try to complile it under 3.8 (unsupported, don't
ask questions if you have problems)
- wait for 3.9 to be released
- upgrade to -current
Hope that helps
--
Antoine
