Re: When would you NOT use OpenBSD?
* Miles Keaton [EMAIL PROTECTED] [2006-04-06 03:57]: Wondering... since I brought up MySQL, and a few people (thanks Henning!) said MySQL in particular has problems, I didn't mention that we're about to ditch MySQL anyway, and complete our conversion to PostgreSQL, so I wonder... good move :) Does PostgreSQL have the same problems as MySQL on OpenBSD? not at all. potsgres doesn't use threads. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: help with sendmail
On Thu, Apr 06, 2006 at 08:52:19PM -0400, Matt Van Mater wrote: I want to set up a host to relay all outgoing mail through a central mail hub. I believe the proper high level steps for me to follow are: edit the /usr/share/sendmail/cf/clientproto.mc file, compile it, copy the resultant clientproto.cf file to /etc/mail/sendmail.cf and hup the sendmail process. However when I try to send a test message via pine, mail is still being sent directly to the internet rather than through the relay, and I am stumped. What am I missing? grep sendmail_flags /etc/rc.conf is the path to enlightenment, i.e., your sendmail probably just uses /etc/mail/localhost.cf instead of /etc/mail/sendmail.cf. Ciao, Kili
Re: 10k pps
On Fri, Apr 07, 2006 at 12:17:58AM +0200, Per-Olov Sjvholm wrote: On Thursday 06 April 2006 23.08, Claudio Jeker wrote: On Thu, Apr 06, 2006 at 11:47:16PM +0300, Claudiu Pruna wrote: Hi there list, I got to a situation at work where I have an OpenBSD 3.9 amd64 router acting as bgp and ospf router, and it has to coupe with 100Mbps and approx 15.000 packets per second, but it can't at about 10k pps, I have like 70% cpu utilisation on iterrupt, and all the traffic becomes an extreme sport, it is an Intel P4 3GHz em64 with 512MB of ram and 2 Intel Pro100 (fxp) network cards. Any ideea if/how can I jump over the 10k barrier ? P.S.: Claudio thanks for the advice about 3.9 bgpd version and additive communities, I works smooth. Thanks for any sugestion or advice. Switch to i386. amd64 has some interrupt problems, the amd64 I tested once maxed at 80kpps but did 450kpps in i386 mode. Hi Claudio What cpu, network cards and pf ruleset size did you use during the test when the server handled 450kpps ? CPU (actually two CPUs on the board): cpu0 at mainbus0: (uniprocessor) cpu0: AMD Engineering Sample, 2592.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative Network cards: bge0 at pci2 dev 9 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): irq 10, address 00:e0:81:27:e0:a9 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 9 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): irq 5, address 00:e0:81:27:e0:aa brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 PF was disabled (enabling PF with 10 or 20 rules (no states) resulted in a 20-30% drop) At the time we measured it em(4) was slower (300-350kpps) but fixes went in to remove the bottlenecks in the em(4) driver. -- :wq Claudio
[OT] Which C learning approach to take
With a unix engineer/admin background of seven years I am now interested in learning C programming. The reason for asking here is, I came across OpenBSD a year ago and I am still fascinated by its purity and consistency, which now led me to the idea that people who write such a cool thing probably do have good advices on how to learn OS related C programming... I can't ask specific questions yet, but let's phrase it theoretically: If I'd like to be a good (=secure, clean, robust) OpenBSD C developer in a couple of years, which books should I have read and how should I start to basically understand BSD? Does it make sense to grab a very old version (4.4BSD?) since it is less complex? Which source code is a good example for understanding how Unix basically works? Thanks, -- Stephan A. Rickauer --- Institut für Neuroinformatik Tel: +41 44 635 30 50 Universität / ETH Zürich Sek: +41 44 635 30 52 Winterthurerstrasse 190 Fax: +41 44 635 30 53 CH-8057 ZürichWeb: www.ini.ethz.ch RSA public key: https://www.ini.ethz.ch/~stephan/pubkey.asc --- signature.asc Description: PGP signature signature.asc Description: OpenPGP digital signature
Re: (OT: PostgreSQL vs MySQL)
On Fri, Apr 07, 2006 at 01:17:15AM +0100, Craig Skinner wrote: On Thu, Apr 06, 2006 at 10:25:38PM +0200, Joachim Schipper wrote: I can second that. I am not a heavy database user by any means - I like grep far too much for that - but when it can't be avoided, I'd rather use something with a working foreign key implementation (though that has apparently improved quite a bit in the 5.x series), and less 'nonstandard extensions'. Yep to the above. PostgreSQL has: *) foriegn keys *) supports ANSII SQL *) Full ACIDity *) supports views (sort of like symbolic links to entire tables, joins, etc) MySQL is a wee bit faster, but it has none of the above, so it is really just an SQL interface to a file system. If you value your data, what is the point of that?? If you do not value your data, why bother with a database? MySQL is pointless. Not necessarily - a lot of PHP script rely on a database, but I do not think our forum constitutes critical data. ;-) That being said, the above forum is run on PostgreSQL. Joachim
Re: Distribution with CARP load balancing
On Thu, Apr 06, 2006 at 06:00:20PM -0700, Andrew Ng wrote: Hi, as noted in the FAQ - it's not expected that you will achieve perfect 50/50 distribution between the two machines, wonder if there any way(software, configuration, hardware etc) to be able control the distribution for CARP? Even/control-able distribution is important for me as the resources(bandwidth, CPU, diskspace etc) allocated would not substain heavy load. ISTR that CARP uses some sort of hash table to determine which router/server gets which client. This would not make manual distribution easy, though you could of course shift whatever is used in the hash table (MAC?) until it 'works'. Joachim
Re: [OT] Which C learning approach to take
On Fri, Apr 07, 2006 at 10:56:58AM +0200, Stephan A. Rickauer wrote: With a unix engineer/admin background of seven years I am now interested in learning C programming. The reason for asking here is, I came across OpenBSD a year ago and I am still fascinated by its purity and consistency, which now led me to the idea that people who write such a cool thing probably do have good advices on how to learn OS related C programming... I can't ask specific questions yet, but let's phrase it theoretically: If I'd like to be a good (=secure, clean, robust) OpenBSD C developer in a couple of years, which books should I have read and how should I start to basically understand BSD? Does it make sense to grab a very old version (4.4BSD?) since it is less complex? Which source code is a good example for understanding how Unix basically works? The OpenBSD page has a 'book' section, and this has been discussed quite recently - look at the archives. As to C, the classic KR book is still (one of) the best. For BSD, see the book page. Joachim
Re: Distribution with CARP load balancing
On Thu, Apr 06, 2006 at 06:00:20PM -0700, Andrew Ng wrote: as noted in the FAQ - it's not expected that you will achieve perfect 50/50 distribution between the two machines, wonder if there any way(software, configuration, hardware etc) to be able control the distribution for CARP? Even/control-able distribution is important for me as the resources(bandwidth, CPU, diskspace etc) allocated would not substain heavy load. How about a PF box (or pair of them CARP'd) in front of the servers you're load-balancing and use rdr, with round-robin or random distribution, with or without sticky-address. The back-end servers still need to use CARP to get fast failover if a box goes down (i.e. you rdr to CARP-protected addresses), you can adjust the rdr rule either by a script or by hand to fine- tune (list the same address multiple times if you want to increase the number of requests going to that machine). You could script to check for service availability (rather than just the box being up). pen (in packages) could be another option.
Apache speed limitation
Hello list! At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use?
Re: When would you NOT use OpenBSD?
Hi! On Wed, Apr 05, 2006 at 04:29:40PM -0600, Chris 'Xenon' Hanson wrote: Hannah Schroeter wrote: IIRC there're consultants offering commercial services around OpenBSD, too. So you could've hired one to fix the Broadcom problem of yours, just like you paid for Nortel's on-site troubleshooting. Not to inflame the issue, but this isn't as solid of an argument as it appears. Knowing in advance whether you'll be able to find a consultant who knows enough about your problem to fix it is very tenuous. Of course you can look out in advance, before you start depending on it, i.e. first look for people who can support things, perhaps make some kind of support contract or pre-contract with them, *then* install your mission critical systems. [...] If one could guarantee that the person who wrote the problematic code were always available as a consultant, the analogy might be closer, but frequently that's not the case. Even a commercialized open source OS like Red Hat Linux is going to face this issue. But now, commercial vendors also integrate 3rd party code, and then they might also not have people who wrote the code *themselves* in house. E.g. commercial OSes shipping with OpenSSH. Then again, OpenBSD is free. No one expects it to be exactly like commercial software, and it has a lot of benefits that commercial software won't. Choose the tool that best fits the requirements. Right. Kind regards, Hannah.
Re: 10k pps
On Friday 07 April 2006 10.25, Claudio Jeker wrote: On Fri, Apr 07, 2006 at 12:17:58AM +0200, Per-Olov Sjvholm wrote: On Thursday 06 April 2006 23.08, Claudio Jeker wrote: On Thu, Apr 06, 2006 at 11:47:16PM +0300, Claudiu Pruna wrote: Hi there list, I got to a situation at work where I have an OpenBSD 3.9 amd64 router acting as bgp and ospf router, and it has to coupe with 100Mbps and approx 15.000 packets per second, but it can't at about 10k pps, I have like 70% cpu utilisation on iterrupt, and all the traffic becomes an extreme sport, it is an Intel P4 3GHz em64 with 512MB of ram and 2 Intel Pro100 (fxp) network cards. Any ideea if/how can I jump over the 10k barrier ? P.S.: Claudio thanks for the advice about 3.9 bgpd version and additive communities, I works smooth. Thanks for any sugestion or advice. Switch to i386. amd64 has some interrupt problems, the amd64 I tested once maxed at 80kpps but did 450kpps in i386 mode. Hi Claudio What cpu, network cards and pf ruleset size did you use during the test when the server handled 450kpps ? CPU (actually two CPUs on the board): cpu0 at mainbus0: (uniprocessor) cpu0: AMD Engineering Sample, 2592.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative Network cards: bge0 at pci2 dev 9 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): irq 10, address 00:e0:81:27:e0:a9 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 9 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): irq 5, address 00:e0:81:27:e0:aa brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 PF was disabled (enabling PF with 10 or 20 rules (no states) resulted in a 20-30% drop) At the time we measured it em(4) was slower (300-350kpps) but fixes went in to remove the bottlenecks in the em(4) driver. Thanks for the info... Do you know when these fixes for em went into cvs? After 3.8 ? Tnx in advance /Per-Olov -- GPG keyID: 4DB283CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
Re: Odd df reporting (On Apr 3 snapshot, data copied via 3.8snapshot)
On Thu, 6 Apr 2006, Whyzzi wrote: Yeah! that is the thing I didn't do! Run fsck against the affected partition! Anyways, as per your questions: I copied the with cp, eg: # cd /mnt/wd1a # cp -R Anime /mnt/wd2d Here are the raw df output from the current snapshot kernel [brought to you by the wonders of OpenSSH]: # df Filesystem 512-blocks Used Avail Capacity Mounted on /dev/wd0a 18572172 1062820 16580744 6%/ /dev/wd0d123841300 4215514788 197101744 14535%/mnt/wd0d /dev/wd0e123841300 13434788 10421444811%/mnt/wd0e /dev/wd0f212356232 66929816 13480860833%/mnt/wd0f # I had torrent'd the Olive OpenBSD live cd awhile back that was a December? -stable 3.8 (I think), could I use that to run fsck against the affected partition? That would be easier to do than to hookup the 40gig that contained the Dec snapshot (I don't have a copy of either 3.8/3.9 -release available, but I will make one and install it if you want me to). The Olive CD will probably do, although booting a 3.8 kernel from the boot prompt should work as well; just copy the 3.8 kernel to your root as bsd38 and type boot bsd38 at the boot prompt. -Otto Cheers, thanks for the reply!! On 06/04/06, Otto Moerbeek [EMAIL PROTECTED] wrote: On Wed, 5 Apr 2006, Whyzzi wrote: I've had a strange occurance I'd like to report, in using df -h, but the circumstances that brought about this condition are somewhat unusual, so I really don't know if it is anything to be concerned about. This might also have already been fixed, as I do not follow tech/src Background: I have setup a home based samba media file server, originally running 3.8; a snapshot from Dec. The files on this server was split between 2 drives, a decrepid 30gig IBM/Hitachi, and a Maxtor 40gig. Pulled the plug on the two drives, and connected the a Seagate 250Gig IDE HD. (primary master IDE). Installed the April 3rd snapshot on it via dvdrw. Gave root 9Gig at the front of the drive, swap 1gig, created 2 60gig partitions, and 100gig, all with pre-setup mount points (df, disklabel, fstab, dmesg included @ end). Disconnected dvdrw, connected the 250Gig to the secondary IDE master, and booted into the older 3.8 snapshot. Mounted one of the partitions I created in 3.9, and proceded to copy the files over (yeah, 50+gigs over UDMA33 without softdep can take quite some time to copy on a P3 700). When that was finally done, and since I had the root of 3.9 accessible, I modified 3.9's fstab to include softdep, modified pf, modified rc/rc.conf, plus startup config stuff. Then I turned off the PC removed the 30 40gig drives, mounted the 250gig to the case - and reconnected it to the primary ide interface on the mainboard, and reconnected the dvdrw drive. Originally, when I had booted up, df was reporting (no snapshot taken) no additional space used by the partition (ie freshly formated, even though I had copied stuff there in 3.8). I've since moved the directories I wanted to move, and now df is reporting wayy over the size limit. So before I move the last of the information around reformat the partition to return accurate results, I thought I'd share with the list what I am seeing: ## df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/wd0a 8.9G519M7.9G 6%/ /dev/wd0d 59.1G8.0T 94.0G 14535%/mnt/wd0d /dev/wd0e 59.1G6.4G 49.7G11%/mnt/wd0e /dev/wd0f 101G 31.7G 64.4G33%/mnt/wd0f How did you copy the files? There have been some changes wrt filesystems. Too see if they have anything to do with it, please try the following: - run a 3.9 (or 3.8 if you do not have that) release kernel, and check the numbers. - umount the filesystem and run fsck -f on /dev/wd0d - remount and check nunbers - go back to the snap kernel and repeat. oh and report the output of df without -h, I like to see the raw numbers. -Otto ## disklabel wd0 # Inside MBR partition 3: type A6 start 63 size 488392002 # /dev/rwd0c: type: ESDI disk: ESDI/IDE disk label: ST3250823A flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16383 total sectors: 488397168 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 1887473763 4.2BSD 2048 16384 328 # Cyl 0*- 18724 b: 2097648 18874800swap # Cyl 18725 - 20805 c: 488397168 0 unused 0 0 # Cyl 0 -484520 d: 125828640
Re: Apache speed limitation
hey , i don't know there is speed limitation but i had speed problem with build in openbsd(3.8) apache espesially mod_proxy module ( response time was 2-3 sec when should be 0,2 - 0,3 sec ) so i put apache2 and had no more problems regards dalgorno On 4/7/06, edgarz [EMAIL PROTECTED] wrote: Hello list! At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use?
Re: 10k pps
On Fri, Apr 07, 2006 at 01:12:29PM +0200, Per-Olov Sjvholm wrote: On Friday 07 April 2006 10.25, Claudio Jeker wrote: On Fri, Apr 07, 2006 at 12:17:58AM +0200, Per-Olov Sjvholm wrote: On Thursday 06 April 2006 23.08, Claudio Jeker wrote: ... Hi Claudio What cpu, network cards and pf ruleset size did you use during the test when the server handled 450kpps ? CPU (actually two CPUs on the board): cpu0 at mainbus0: (uniprocessor) cpu0: AMD Engineering Sample, 2592.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative Network cards: bge0 at pci2 dev 9 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): irq 10, address 00:e0:81:27:e0:a9 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 9 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): irq 5, address 00:e0:81:27:e0:aa brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 PF was disabled (enabling PF with 10 or 20 rules (no states) resulted in a 20-30% drop) At the time we measured it em(4) was slower (300-350kpps) but fixes went in to remove the bottlenecks in the em(4) driver. Thanks for the info... Do you know when these fixes for em went into cvs? After 3.8 ? The fixes are in 3.9 they were commited beginning of this year. -- :wq Claudio
Re: Distribution with CARP load balancing
Thanks, Stuart. rdr with PF looks a viable option for me. pen works with tcp applications only, I would need udp also. Will check for more details on rdr. On Fri, 7 Apr 2006 10:49:38 +0100, Stuart Henderson [EMAIL PROTECTED] said: On Thu, Apr 06, 2006 at 06:00:20PM -0700, Andrew Ng wrote: as noted in the FAQ - it's not expected that you will achieve perfect 50/50 distribution between the two machines, wonder if there any way(software, configuration, hardware etc) to be able control the distribution for CARP? Even/control-able distribution is important for me as the resources(bandwidth, CPU, diskspace etc) allocated would not substain heavy load. How about a PF box (or pair of them CARP'd) in front of the servers you're load-balancing and use rdr, with round-robin or random distribution, with or without sticky-address. The back-end servers still need to use CARP to get fast failover if a box goes down (i.e. you rdr to CARP-protected addresses), you can adjust the rdr rule either by a script or by hand to fine- tune (list the same address multiple times if you want to increase the number of requests going to that machine). You could script to check for service availability (rather than just the box being up). pen (in packages) could be another option. -- Andrew Ng [EMAIL PROTECTED] -- http://www.fastmail.fm - Access your email from home and the web
Re: SpamAssassin autolearn problem
Vielen dank. I now made a configuration based on your own. I thought that bayes_path is a directory (obviously it should not be this way). I started spamd with -u and -d; I realized that -r is useful for sending SIGHUP (otherwise spamd will shut down). George POPA Andreas Vvgele wrote: Gabriel George POPA wrote: Some e-mails I receive have autolearn=no and others have autolearn=failed. I use the classic combination of spamd/spamc and the OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD recommends. I tried to follow the instructions at spamassassin.apache.org (to use for example /var/spamassassin (0777 mode) in order to store learnt data, bayes_path and bayes_file_mode, restarted spamd etc., nothing worked). What should I do next? I must create all those files by hand (the files in /var/spamassassin). I must mention that when I was using spamassassin alone (not spamc/spamd) for my account autolearn worked correctly. I've created a spamassassin user and group. The user's home directory is /var/spamassassin. Amongst other settings the following paths are set in /etc/mail/spamassassin/local.cf: bayes_path /var/spamassassin/bayes bayes_file_mode 0770 auto_whitelist_path /var/spamassassin/auto-whitelist auto_whitelist_file_mode 0770 spamd is started with the following command line arguments: /usr/local/bin/spamd -d -u spamassassin -H /var/spamassassin -r /var/spamassassin/spamd.pid How do you start spamd?
Re: SpamAssassin autolearn problem
Per-Olov Sjvholm wrote: On Thursday 06 April 2006 16.15, Gabriel George POPA wrote: Some e-mails I receive have autolearn=no and others have autolearn=failed. I use the classic combination of spamd/spamc and the OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD recommends. I tried to follow the instructions at spamassassin.apache.org (to use for example /var/spamassassin (0777 mode) in order to store learnt data, bayes_path and bayes_file_mode, restarted spamd etc., nothing worked). What should I do next? I must create all those files by hand (the files in /var/spamassassin). I must mention that when I was using spamassassin alone (not spamc/spamd) for my account autolearn worked correctly. Respectfully yours, Gabriel George POPA This is what I have got (On 3.8 stable with spamassassin 3.0.4) [EMAIL PROTECTED]:/tmp#ls -al /var/spamassassin total 20 drwxr-x--- 5 _spamass _spamass 512 Jan 31 15:42 . drwxr-xr-x 32 root wheel 1024 Feb 26 18:45 .. drwxr-x--- 2 _spamass _spamass 512 Apr 5 16:42 .razor drwx-- 2 _spamass _spamass 512 Apr 6 23:49 .spamassassin The files and directories in /var/spamassassin will be automatically created Note that the _spamass users home directory is /var/spamassassin In /etc/rc.local I have... if [ X${spamassassin_spamd} == XYES -a -x /usr/local/bin/spamd \ -a -e /etc/mail/spamassassin/local.cf ]; then echo -n ' Spamassassin spamd'; /usr/local/bin/spamd -d -p 3312 -u _spamass --max-children=5 --max-conn-per-child=2000 -x fi It's called from sendmail through the smtp-vilter connector and it just works. smtp-vilter talks to spamd. The only thing you need in /etc/mail/spamassassin/local.cf is... nothing. Well you should probably to some tuning. You should probably have: --snip-- required_score 5.0 report_safe 1 use_bayes 1 skip_rbl_checks 0 --snip-- No path statement is needed in local.cf if you have the correct path for the Bayesian db as stated above. Hope it could be of any use. Regards /Per-Olov Very interesting indeed. Anyway, I don't want to use vilter for the moment. The problem was the following: I thought bayes_path represents a DIRECTORY (not true, obviously). I was too tired to read well the man Mail:SpamAssassin::Conf. I understood wrong the indications there. Sorry.
Re: Apache speed limitation
Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait : At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use? lighttpd.
Re: IO fencing question
No one has responded to this yet. Wondering: Is this the wrong list for this question? Is this a completely non-standard use? Can anyone please shed some light on this for me? Thanks, -C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry, Christopher Sent: Tuesday, April 04, 2006 5:26 PM To: misc@openbsd.org Subject: IO fencing question Greetings, I've built a pair of 6-interface OBSD 3.7 routers for use at work. These routers have 4 Fibre GigE interfaces each, and 2 copper GigE interfaces ea as follows: carp{0,1,2,3,4} production,integration,staging,systest,dmz_1 respectively stge{0,1,2,3} production,integration,staging,systest respectively em0 sync device rl0 dmz_1 the machines are core-master and core-backup, the vip is core-rtr. stge1 on core-master has a fibre running to the left fiber MDA port on a Nortel (BayStack) 350-24T switch, while stge1 on core-backup runs to the right MDA port (they both are 'port 25' in the switch). stge{2,3} behave similarly on 2 other identical switches. stge0 on both routers go to 2 separate fibre ports on a larger Nortel 8600. Example: If I'm out on the production net (stge0) and start an ssh session to a host out on the development net (stge1), and start a ping in the session back to a host on the production network, and then pull plug on core-master (I know, ouch) it might drop a ping, but otherwise works flawlessly! Really sweet. The problems occur during a 'soft' failure, e.g. a reboot or a halt without power off. To be fair, I do not think it's carp that's causing the problem, the backup instantly becomes the master. It appears to be something with either the MDAs not failing over or an issue with the stge0 interfaces on two separate fibre ports on the big switch. It's only a problem if the failing host does not get powered off. My thoughts have been: * put both hosts on a serial power strip - on a failure, surviving node powers off the failed node. * have a scripted way to simulate that all of the interfaces are powered off. (or heck, maybe even just being automatically downed might do it) Question: Can someone recommend a solution to this problem, or point me at a doc or software that can help me with this? Thanks, Chris
Re: help with sendmail
On Thu, 6 Apr 2006, Matt Van Mater wrote: I want to set up a host to relay all outgoing mail through a central mail hub. I believe the proper high level steps for me to follow are: edit the /usr/share/sendmail/cf/clientproto.mc file, compile it, copy the resultant clientproto.cf file to /etc/mail/sendmail.cf and hup the sendmail process. However when I try to send a test message via pine, mail is still being sent directly to the internet rather than through the relay, and I am stumped. What am I missing? You may want to verify that you are indeed using sendmail.cf. Check rc.conf/rc.conf.local . I think the default is localhost.cf . What does the sendmail in test mode show? % sendmail -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter ruleset address 3,0 [EMAIL PROTECTED] -rick Here are some more details on the steps I describe above. edit /usr/share/sendmail/cf/clientproto.mc Specifically i need to change the following line to be the mail server i want to relay through FEATURE(nullclient, my.mail.host.net.$m) [EMAIL PROTECTED] /usr/share/sendmail/cfvi clientproto.mc [EMAIL PROTECTED] /usr/share/sendmail/cfmake rm -f clientproto.cf ( cd /usr/share/sendmail/cf /usr/bin/m4 /usr/share/sendmail/cf/../m4/cf.m4 clientproto.mc /usr/share/sendmail/cf/clientproto.cf ) echo ### clientproto.mc ### clientproto.cf sed -e 's/^/# /' /usr/share/sendmail/cf/clientproto.mc clientproto.cf chmod 444 clientproto.cf [EMAIL PROTECTED] /usr/share/sendmail/cfps aux |grep sendmail root 2870 0.0 0.4 964 1324 ?? Ss 4:45PM0:00.15 sendmail: accepting connections (sendmail) root 18732 0.0 0.1 288 460 p0 R+ 5:08PM0:00.02 grep sendmail [EMAIL PROTECTED] /usr/share/sendmail/cfkill -HUP 2870 [EMAIL PROTECTED] /usr/share/sendmail/cfpine -conf |grep smtp smtp-server= The step above verifies that pine will use sendmail when sending outbound messages. However, at the end of all of this, messages are sent directly to the internet rather than through the hub. I don't see any reference to my central hub in /var/log/maillog
Re: Apache speed limitation
i'm too lazy to move all vhosts from apache to lighttpd, too much them :/ Frank Denis wrote: Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait : At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use? lighttpd.
Re: C++ textbooks: recommendations?
[EMAIL PROTECTED] wrote: i need to learn C++, but do not know where to begin with textbooks or online docs. since, AFAICT, there are a great many skilled programmers on list, i would appreciate any recommendations that can be made about introductory and intermediate texts on C++. my motivation for asking this is to avoid purchasing texts that will sit on my shelf and collect dust. there are a great many introductory texts on nearly every subject that do just that and/or don't cover enough material in sufficient depth. are there any texts on best practices for writing exploit-free code? if you feel this is insufficiently openbsd related, please reply off-list to reduce chatter. cheers, jake I found http://www.icce.rug.nl/documents/cplusplus/ to be an excellent textbook. Another online source is http://www.mindview.net/Books/TICPP/ThinkingInCPP2e.html Peter
Re: Apache speed limitation
On Fri, 7 Apr 2006, edgarz wrote: i'm too lazy to move all vhosts from apache to lighttpd, too much them :/ it's the easiest thing one can do :-) btw, did you try to turn on logging and see what's wrong w/ apache? (LogLevel Debug, etc) c -- I hope I never get so old I get religious. - Ingmar Bergman
Re: Apache speed limitation
1km long apache virtualhost configuration. and rewrite it by hand? uhh... :( As i said, hundreds of connections and used apache bandwidth is about ~3MB/s Norbert TITKO wrote: On Fri, 7 Apr 2006, edgarz wrote: i'm too lazy to move all vhosts from apache to lighttpd, too much them :/ it's the easiest thing one can do :-) btw, did you try to turn on logging and see what's wrong w/ apache? (LogLevel Debug, etc) c
Re: Apache speed limitation
On Fri, 7 Apr 2006 15:14:30 +0200 Frank Denis [EMAIL PROTECTED] wrote: Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait : At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use? lighttpd. No. Apache isn't supposed to be veery slow, it should be able to handle much more and no there is no speed limitation functions. It requires some configuration tuning, not a switch to another httpd. [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Apache speed limitation
Any suggestions to push apache work more quickly? after i removed that evil host and restarted apache, mysql was lagging, i can say it was dead. Strange, but that site was browsable dir without html/php code, only mp3's :) Might be some connection limit was reached or something like that :/ Gilles Chehade wrote: On Fri, 7 Apr 2006 15:14:30 +0200 Frank Denis [EMAIL PROTECTED] wrote: Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait : At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use? lighttpd. No. Apache isn't supposed to be veery slow, it should be able to handle much more and no there is no speed limitation functions. It requires some configuration tuning, not a switch to another httpd. [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Apache speed limitation
On 4/7/06, Gilles Chehade [EMAIL PROTECTED] wrote: It requires some configuration tuning, not a switch to another httpd. You're probably right on this. The OP may want to look at recent configuration changes, runaway scripts and the like. For instance: does the server config perform DNS lookups? Such things may hold a server back when servicing a large number of requests (from various sources). Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: Apache speed limitation
On 2006/04/07 18:03, edgarz wrote: Strange, but that site was browsable dir without html/php code, only mp3's Of course this will be slow: you have to stat each file for every hit on the auto-generated index. Compare 'ktrace ls' vs 'ktrace ls -l' and see how much more work is involved. Save a static html instead.
Re: (OT: PostgreSQL vs MySQL)
On 06 Apr 2006 18:12:59 -0700, Randal L. Schwartz merlyn@stonehenge.com wrote: Given the cost of programmer time (and the cost of lost data) vs the cost of a slightly faster processor, is it ever really worth it even if MySQL is *twice* as fast? Yes. Example 1: I feel like digging through some data that will be relevant for a short time, and a mysql database is the quickest/easiest way for to slurp stuff out and get answers. I sat in on a netflow tutorial last year at cansecwest. We were given a hundred megs of flows and told to find the problems. A minute later, I had a reasonable table put together, populated with data and was getting answers back. Example 2: I have other mysql databases where I store syslog for later analysis. Sure, I have all the original logs on disk, but it's faster to knock something together with mysql knowing that I can reconstitute the database easily from the original data. My problem lies with syslog not always getting the data back to my log server, not with mysql sometimes losing it. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
dmesg - MacBook Pro
If anyone cares here's the dmesg from my MacBook Pro. -- OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,CMOV,MMX,FXSR,SSE,SSE2,SS,SSE3 real mem = 268017664 (261736K) avail mem = 237674496 (232104K) using 3297 buffers containing 13504512 bytes (13188K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(5b) BIOS, date 03/22/06, BIOS32 rev. 0 @ 0xf9000 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2000/112 (5 entries) pcibios0: PCI Exclusive IRQs: 3 4 5 7 9 10 11 12 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801BA LPC rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) vga1 at pci0 dev 2 function 0 unknown vendor 0x product 0x rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ne3 at pci0 dev 5 function 0 Realtek 8029 rev 0x00: irq 10 ne3: address 00:fa:e3:35:0c:23 pchb0 at pci0 dev 30 function 0 Intel 82815 Hub rev 0x02: rng active, 116Kb/sec ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x08: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Virtual HDD [0] wd0: 128-sector PIO, LBA, 4096MB, 8389584 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: PRL, Virtual CD-ROM, R102 SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:0:1): using PIO mode 4 pciide0: channel 1 ignored (disabled) isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ebfd netmask effd ttymask pctr: 686-class user-level performance counters enabled mtrr: CPU supports MTRRs but not enabled dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- -mike
/usr/src/lib/libpcap/Makefile depends on bpf_filter.c
Where do I find an bpf_filter.c in OpenBSD, or how is it generated? or is there better way to compile /usr/lib/libpcap*? In the latest src.tar.gz available via FTP, the file ./lib/libpcap/Makefile lists: SRCS= pcap.c inet.c gencode.c optimize.c nametoaddr.c etherent.c \ savefile.c bpf_filter.c bpf_image.c grammar.y scanner.l \ pcap-bpf.c version.c fad-getad.c ... but there's no bpf_filter.c in the ./lib/libpcap directory. Because of this dependency, libpcap won't compile. It seems that I can get a little further along if I remove bpf_filter.c from SRCS, but I wonder if that's the right thing to do. I found the problem originally by trying to compile libpcap from source on a 3.8 release system with the src.tar.gz tarball that came with it. I downloaded src.tar.gz from current (updated just last night) just to see if it's still and issue. -- Eric Ziegast
Spamd, gmail and aol...
Hi all, I've had several users reporting that mail to them from gmail and aol accounts has been bouncing. I finally got my hands on the bounce messages from one of the gmail messages. Two were Delivery Status Notifications like this: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy I have the following gmail servers whitelisted in my /etc/whitelist #gmail 64.233.162.192/28 # zproxy gmail 64.233.170.192/28 # rproxy gmail 64.233.182.192/28 # nproxy gmail 64.233.184.192/28 # wproxy gmail 66.249.82.192/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. Right now there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Thanks, Jeff
Re: When would you NOT use OpenBSD?
On Apr 5, 2006, at 3:30 PM, Daniel Ouellet wrote: Fine, but wasn't your requirements here the cheapest solutions, not the platform on witch it run? I don't know that, only you do. But may be there was and is a very nice solutions working on OpenBSD, but that was just more expensive and that you couldn't pick. Again I don't know, but you justify it by the cheapest, not what's good for the job. Again, I use what's supported, not what's the cheapest and then asking to have it supported then. If you're working for an employer where cost (both initial and TCO) are not part of the solution criteria, are they hiring? I hope you are not saying that OpenBSD should support your commercial elected choice right? That's liek saying OpenSSH should support IBM in their own customers ssh contract where they pocket the money, but OpenSSH should fix the problem IBM customers have with IBM product on IBM support contract! I am sure you are not saying that for sure! Even many open source product won't necessarily take bug reports if it's running in a BSD instead of on a supported kernel. Nor should they. If anyone elect to do something not supported because they want to, they sure have the choice to do that. That's the opne source choice, but in no case shoudl they ever have the right to come back and say, hey I use this, but you need to support me on that. I think we're approaching things from very different positions. To me, an operating system doesn't provide solutions. It's the platform on which solutions are implemented. Judging from your examples, your job is focused far more on switching and routing than mine is. OpenBSD does ship with a fairly complete toolkit for those tasks. I'm a systems administrator, so my outlook is toward data access/ storage/security and end-user experience. An OS shouldn't ship with those sorts of tools -- if I wanted a that sort of mess, I'd use RedHat. I'm not looking of OS or hardware-level support. When I implement a solution, it either needs to be simple enough to debug myself if I find problems or I need to have a mechanism to report bugs to the developers with a reasonable expectation that they will be fixed in the source. The latter is especially critical when the only solution I can find is a closed-source solution. I'd rather not use closed- source ever, but sometimes that's just how the cards come up. The right tools fo the job. Some like features, then go for it. That's why there is choices. Isn't great! Each one can take what they want in the end. What you call features, I call end-user requirements. But when arguing, stay true to the idea at hand and what's the choice and requirements for the elected product. Changing the playing field along the way to justify what to use or not to use is wrong. I think it is anyway,. but YMMV. Not all tasks have the same criteria. It's not changing the playing field, it's evaluating each task/job as it comes and setting the solution criteria appropriately. My bottom line can't be quantitatively measured by network efficiency. I have 5 subnets full of end-users sitting at Windows and Mac workstations trying to do whatever it is they do. My bottom line is how well I can build/manage/ design services that meet their needs. Again, I think we have very different jobs. -- Don
Re: IO fencing question
On Fri, Apr 07, 2006 at 09:45:15AM -0400, Barry, Christopher wrote: No one has responded to this yet. Wondering: Is this the wrong list for this question? Is this a completely non-standard use? Can anyone please shed some light on this for me? AFAICT, this is a proper question, properly asked, on the proper list. I, personally, have not responded because I didn't really have a clue what could be wrong. From your own description, the real problem seems to be elsewhere. Since I don't know much of anything about this particular elsewhere, I'm afraid I won't be much help there. I do not understand entirely what you mean by 'soft' failure - do you mean an OS crash/panic, in which the hardware is working ok but the OS isn't? Or are you talking about a non-clean shutdown, where the hardware is down too? Or are we talking a controlled, clean shutdown/reboot? (Testing the above cases might give some hints.) Finally, a tcpdump, including ARP activity, might allow someone more well-versed in CARP than myself to discover if CARP is to blame, and maybe even what else is. If you go for the scripted solution, maybe ifstated(8) could be of some use here? Joachim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry, Christopher Sent: Tuesday, April 04, 2006 5:26 PM To: misc@openbsd.org Subject: IO fencing question Greetings, I've built a pair of 6-interface OBSD 3.7 routers for use at work. These routers have 4 Fibre GigE interfaces each, and 2 copper GigE interfaces ea as follows: carp{0,1,2,3,4} production,integration,staging,systest,dmz_1 respectively stge{0,1,2,3} production,integration,staging,systest respectively em0 sync device rl0 dmz_1 the machines are core-master and core-backup, the vip is core-rtr. stge1 on core-master has a fibre running to the left fiber MDA port on a Nortel (BayStack) 350-24T switch, while stge1 on core-backup runs to the right MDA port (they both are 'port 25' in the switch). stge{2,3} behave similarly on 2 other identical switches. stge0 on both routers go to 2 separate fibre ports on a larger Nortel 8600. Example: If I'm out on the production net (stge0) and start an ssh session to a host out on the development net (stge1), and start a ping in the session back to a host on the production network, and then pull plug on core-master (I know, ouch) it might drop a ping, but otherwise works flawlessly! Really sweet. The problems occur during a 'soft' failure, e.g. a reboot or a halt without power off. To be fair, I do not think it's carp that's causing the problem, the backup instantly becomes the master. It appears to be something with either the MDAs not failing over or an issue with the stge0 interfaces on two separate fibre ports on the big switch. It's only a problem if the failing host does not get powered off. My thoughts have been: * put both hosts on a serial power strip - on a failure, surviving node powers off the failed node. * have a scripted way to simulate that all of the interfaces are powered off. (or heck, maybe even just being automatically downed might do it) Question: Can someone recommend a solution to this problem, or point me at a doc or software that can help me with this? Thanks, Chris
Re: /usr/src/lib/libpcap/Makefile depends on bpf_filter.c
On Fri, Apr 07, 2006 at 07:36:48AM -0700, Eric Ziegast wrote: Where do I find an bpf_filter.c in OpenBSD, or how is it generated? or is there better way to compile /usr/lib/libpcap*? In the latest src.tar.gz available via FTP, the file ./lib/libpcap/Makefile lists: SRCS= pcap.c inet.c gencode.c optimize.c nametoaddr.c etherent.c \ savefile.c bpf_filter.c bpf_image.c grammar.y scanner.l \ pcap-bpf.c version.c fad-getad.c ... but there's no bpf_filter.c in the ./lib/libpcap directory. Because of this dependency, libpcap won't compile. It seems that I can get a little further along if I remove bpf_filter.c from SRCS, but I wonder if that's the right thing to do. I found the problem originally by trying to compile libpcap from source on a 3.8 release system with the src.tar.gz tarball that came with it. I downloaded src.tar.gz from current (updated just last night) just to see if it's still and issue. bpf_filter.c is in sys/net that's why .PATH: ${.CURDIR}/../../sys/net is set after defining SRCS. In short you need kernel sources to compile libpcap. -- :wq Claudio
Re: Spamd, gmail and aol...
On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote: Hi all, I've had several users reporting that mail to them from gmail and aol accounts has been bouncing. I finally got my hands on the bounce messages from one of the gmail messages. Two were Delivery Status Notifications like this: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy I have the following gmail servers whitelisted in my /etc/whitelist #gmail 64.233.162.192/28 # zproxy gmail 64.233.170.192/28 # rproxy gmail 64.233.182.192/28 # nproxy gmail 64.233.184.192/28 # wproxy gmail 66.249.82.192/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. Right now there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Thanks, Jeff spamd's whitelist is really a non-blacklist. If gmail changes what server IP the mail is coming from each time it retries the email, which is bad for greylisting. If you truly want to whitelist them, try something like this: # pf.conf table mail-white persist file /var/mail/whitelist.txt # put before !spamd-white rdr rdr on $ext inet proto tcp from mail-white to $ext:0 \ port smtp - $ext:0 port smtp
Re: IO fencing question
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joachim Schipper Sent: Friday, April 07, 2006 11:48 AM To: misc@openbsd.org Subject: Re: IO fencing question On Fri, Apr 07, 2006 at 09:45:15AM -0400, Barry, Christopher wrote: No one has responded to this yet. Wondering: Is this the wrong list for this question? Is this a completely non-standard use? Can anyone please shed some light on this for me? AFAICT, this is a proper question, properly asked, on the proper list. I, personally, have not responded because I didn't really have a clue what could be wrong. From your own description, the real problem seems to be elsewhere. Since I don't know much of anything about this particular elsewhere, I'm afraid I won't be much help there. I do not understand entirely what you mean by 'soft' failure - do you mean an OS crash/panic, in which the hardware is working ok but the OS isn't? Or are you talking about a non-clean shutdown, where the hardware is down too? Or are we talking a controlled, clean shutdown/reboot? (Testing the above cases might give some hints.) Finally, a tcpdump, including ARP activity, might allow someone more well-versed in CARP than myself to discover if CARP is to blame, and maybe even what else is. If you go for the scripted solution, maybe ifstated(8) could be of some use here? Joachim Joachim, Thanks much for your answers. By 'soft', I mean a controlled reboot/shutdown where the power remains on even though the OS has obviously stopped running. I have not experienced any actual failures of anything, so I do not the outcome of that. Induced 'Hard' failure (e.g. pulling the plug) works perfectly. The more I look at it, and think about it, I'm guessing the problem is more related to the redundant fibre ports on the 350-24T switch, actually holding onto information about the directly connect interface, and stubbornly sticking to it if it detects any kind of signal whatsoever. I'll examine ifstated, experiment, and report back. Thanks Again, Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry, Christopher Sent: Tuesday, April 04, 2006 5:26 PM To: misc@openbsd.org Subject: IO fencing question Greetings, I've built a pair of 6-interface OBSD 3.7 routers for use at work. These routers have 4 Fibre GigE interfaces each, and 2 copper GigE interfaces ea as follows: carp{0,1,2,3,4} production,integration,staging,systest,dmz_1 respectively stge{0,1,2,3} production,integration,staging,systest respectively em0 sync device rl0 dmz_1 the machines are core-master and core-backup, the vip is core-rtr. stge1 on core-master has a fibre running to the left fiber MDA port on a Nortel (BayStack) 350-24T switch, while stge1 on core-backup runs to the right MDA port (they both are 'port 25' in the switch). stge{2,3} behave similarly on 2 other identical switches. stge0 on both routers go to 2 separate fibre ports on a larger Nortel 8600. Example: If I'm out on the production net (stge0) and start an ssh session to a host out on the development net (stge1), and start a ping in the session back to a host on the production network, and then pull plug on core-master (I know, ouch) it might drop a ping, but otherwise works flawlessly! Really sweet. The problems occur during a 'soft' failure, e.g. a reboot or a halt without power off. To be fair, I do not think it's carp that's causing the problem, the backup instantly becomes the master. It appears to be something with either the MDAs not failing over or an issue with the stge0 interfaces on two separate fibre ports on the big switch. It's only a problem if the failing host does not get powered off. My thoughts have been: * put both hosts on a serial power strip - on a failure, surviving node powers off the failed node. * have a scripted way to simulate that all of the interfaces are powered off. (or heck, maybe even just being automatically downed might do it) Question: Can someone recommend a solution to this problem, or point me at a doc or software that can help me with this? Thanks, Chris
Re: Spamd, gmail and aol...
Jeff Ross wrote: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy Is it possible you're hitting spamd's max connection limit? spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Never had any trouble with gmail once the various servers were whitelisted. Are you putting your whitelist after Bob Beck's list in spamd.conf? After your own blacklist? -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: dmesg - MacBook Pro
On 2006-04-07T10:59, Michael Steinfeld wrote: If anyone cares here's the dmesg from my MacBook Pro. -- OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,CMOV,MMX,FXSR,SSE,SSE2,SS,SSE3 real mem = 268017664 (261736K) avail mem = 237674496 (232104K) does OpenBSD only support 256 MB of the RAM? You should have 2 GB. so long, Marcus.
strange lockup problem with firefox + dual head display
I can compile programs for hours with no stability issues. If I run firefox, the machine locks up hard (no keyboard LED response, etc.) sometimes within less than one minute. This seems to happen only if I am using a dual-headed configuration. The relevant diagnostic information is attached to this email. While I am switching back to a single-headed display (I can't afford to corrupt my data over and over through crashes because I have a spreadsheet to work on) I hope someone can tell me that the problem is my xorg.conf and not OpenBSD. :) I have used other configurations besides this one with crashes as well; the only common thread is that they're dual head (wow, that's a rhyme). --Blair -- What is the practical application of a million galaxies? --Alan W. Watts [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg] [demime 1.01d removed an attachment of type application/octet-stream which had a name of xorg.conf.old]
ami on AMD64 - hard lockups on write; 3.9 -current
Hi, Writing to any logical drives beyond the primary causes hard lockup. Newfs hangs towards the end of writing superblocks and the machine needs to be powered off. The machine runs fine using only sd0. Others are using these cards; are there known firmware problems that could be related? TIA 3.9 -current AMD64 bsd.mp # bioctl -hi ami0 Volume Status Size Device ami0 0 Online 73.6G sd0 RAID1 0 Online 74.5G 0:0.0 noencl ST3808110AS 2AAA 1 Online 74.5G 0:1.0 noencl ST3808110AS 2AAA ami0 1 Online 232G sd1 RAID1 0 Online 233G 0:2.0 noencl ST3250824AS 3.AA 1 Online 233G 0:4.0 noencl ST3250824AS 3.AA ami0 2 Online 232G sd2 RAID1 0 Online 233G 0:5.0 noencl ST3250824AS 3.AA 1 Online 233G 0:7.0 noencl ST3250824AS 3.AA OpenBSD 3.9-current (GENERIC.MP) #769: Mon Apr 3 17:19:21 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2147020800 (2096700K) avail mem = 1835683840 (1792660K) using 22937 buffers containing 214908928 bytes (209872K) of memory mainbus0 (root) ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (MSI RHAPSODY) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 246, 1994.58 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Opteron(tm) Processor 246, 1994.32 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfebfe000, version 11, 4 pins ioapic2 at mainbus0 apid 4 pa 0xfebff000, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 4 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 4 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI iic0 at amdiic0 lm1 at iic0 addr 0x2d: W83627HF lm2 at iic0 addr 0x2f: W83782D rev D amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic1 at amdpm0 ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13 pci2 at ppb1 bus 3 bge0 at pci2 dev 5 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 2 (irq 5), address 00:30:48:77:04:6e brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 5 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 3 (irq 9), address 00:30:48:77:04:6f brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01 ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13 pci3 at ppb2 bus 1 ppb3 at pci3 dev 1 function 0 vendor Intel, unknown product 0x0335 rev 0x07 pci4 at ppb3 bus 2 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: apic 4 int 0 (irq 10) ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM ami0: 1 channels, 0 FC loops, 3 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 75340MB, 75340 cyl, 64 head, 32 sec, 512 bytes/sec, 154296320 sec total sd1 at scsibus0 targ 1 lun 0: AMI, Host drive #01, SCSI2 0/direct fixed sd1: 237464MB,
Re: Spamd, gmail and aol...
On Fri, 7 Apr 2006, David Hill wrote: On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote: Hi all, I've had several users reporting that mail to them from gmail and aol accounts has been bouncing. I finally got my hands on the bounce messages from one of the gmail messages. Two were Delivery Status Notifications like this: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy I have the following gmail servers whitelisted in my /etc/whitelist #gmail 64.233.162.192/28 # zproxy gmail 64.233.170.192/28 # rproxy gmail 64.233.182.192/28 # nproxy gmail 64.233.184.192/28 # wproxy gmail 66.249.82.192/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. Right now there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Thanks, Jeff spamd's whitelist is really a non-blacklist. If gmail changes what server IP the mail is coming from each time it retries the email, which is bad for greylisting. If you truly want to whitelist them, try something like this: # pf.conf table mail-white persist file /var/mail/whitelist.txt # put before !spamd-white rdr rdr on $ext inet proto tcp from mail-white to $ext:0 \ port smtp - $ext:0 port smtp Right, I forgot to add that to my mail. I'm doing just that. table spamd persist table spamd-white persist table whitelist persist file /etc/whitelist table zombies persist #scrub rules scrub in on $if_ext all scrub out on $if_ext all no rdr on { lo0, lo1 } from any to any rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 rdr pass on $if_ext proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port 8024 #rdr on $if_ext inet proto tcp from port 8025 - 127.0.0.1 port 465 rdr pass on $if_ext proto tcp from any to any port 8025 - 127.0.0.1 \ port 465 Thanks for the reply! Jeff
Reciba nuestro Catalogo gratuito
La mas extensa variedad en productos de almacenaje y manejo de materiales. SOLICITE NUESTRO CATALOGO GRATUITO [IMAGE] * Flete gratis * No hay mmnimo de compra * Entregas rapidas y con garantmas [IMAGE] www.chpromo.info Telifono gratuito 001 877 448 0703 Excelentes condiciones de compra [IMAGE] !nuestra calidad no tiene competencia! CLIENTES y AMIGOS: CH Productos Industriales es una empresa mexicana que pertenece a CH Distributors con sede en Milwaukee, Estados Unidos. CH Distributors lleva mas de 60 aqos siendo lmder en Estados Unidos en la distribucisn de productos y equipo para el almacenamiento y manejo de materiales. CH Productos Industriales inicis sus operaciones en el aqo 2002. Desde el principio, son muchas las empresas que se han beneficiado de nuestro servicio profesional, nuestra gran variedad de productos y nuestras excelentes condiciones de compra. Junto a estas garantmas de calidad y prestigio, CH Productos Industriales apuesta tambiin por la maxima satisfaccisn de sus clientes, que son nuestro verdadero compromiso. Nuestro ejecutivos le pueden ayudar a elegir el producto que mejor se adapte a sus necesidades. Saludos cordiales, Lic. Alfonso del Campo Director GeneralCH Productos Industriales S. de R. L. de C.V. 55 5488 5278 [EMAIL PROTECTED] -- Para Darse de baja, por favor haga clic aqum. [IMAGE]
Re: Spamd, gmail and aol...
On Fri, Apr 07, 2006 at 10:49:06AM -0600, Jeff Ross wrote: On Fri, 7 Apr 2006, David Hill wrote: On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote: Hi all, I've had several users reporting that mail to them from gmail and aol accounts has been bouncing. I finally got my hands on the bounce messages from one of the gmail messages. Two were Delivery Status Notifications like this: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy I have the following gmail servers whitelisted in my /etc/whitelist #gmail 64.233.162.192/28 # zproxy gmail 64.233.170.192/28 # rproxy gmail 64.233.182.192/28 # nproxy gmail 64.233.184.192/28 # wproxy gmail 66.249.82.192/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. Right now there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Thanks, Jeff spamd's whitelist is really a non-blacklist. If gmail changes what server IP the mail is coming from each time it retries the email, which is bad for greylisting. If you truly want to whitelist them, try something like this: # pf.conf table mail-white persist file /var/mail/whitelist.txt # put before !spamd-white rdr rdr on $ext inet proto tcp from mail-white to $ext:0 \ port smtp - $ext:0 port smtp Right, I forgot to add that to my mail. I'm doing just that. table spamd persist table spamd-white persist table whitelist persist file /etc/whitelist table zombies persist #scrub rules scrub in on $if_ext all scrub out on $if_ext all no rdr on { lo0, lo1 } from any to any rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 rdr pass on $if_ext proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port 8024 #rdr on $if_ext inet proto tcp from port 8025 - 127.0.0.1 port 465 rdr pass on $if_ext proto tcp from any to any port 8025 - 127.0.0.1 \ port 465 Thanks for the reply! Jeff Since you are passing -v to spamd, have you grep -i'd /var/log/daemon for gmail? David
Re: dmesg - MacBook Pro
Michael Steinfeld wrote: If anyone cares here's the dmesg from my MacBook Pro. -- OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,CMOV,MMX,FXSR,SSE,SSE2,SS,SSE3 real mem = 268017664 (261736K) avail mem = 237674496 (232104K) using 3297 buffers containing 13504512 bytes (13188K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(5b) BIOS, date 03/22/06, BIOS32 rev. 0 @ 0xf9000 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2000/112 (5 entries) pcibios0: PCI Exclusive IRQs: 3 4 5 7 9 10 11 12 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801BA LPC rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) vga1 at pci0 dev 2 function 0 unknown vendor 0x product 0x rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ne3 at pci0 dev 5 function 0 Realtek 8029 rev 0x00: irq 10 ne3: address 00:fa:e3:35:0c:23 pchb0 at pci0 dev 30 function 0 Intel 82815 Hub rev 0x02: rng active, 116Kb/sec ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x08: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: Virtual HDD [0] wd0: 128-sector PIO, LBA, 4096MB, 8389584 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: PRL, Virtual CD-ROM, R102 SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:0:1): using PIO mode 4 pciide0: channel 1 ignored (disabled) isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ebfd netmask effd ttymask pctr: 686-class user-level performance counters enabled mtrr: CPU supports MTRRs but not enabled dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- -mike I'm waiting for mine to arrive. Have you tried 3.9-current?
spamd blacklists
So where do I find Bob Beck's spamd list?
Re: IO fencing question
On Fri, Apr 07, 2006 at 12:26:45PM -0400, Barry, Christopher wrote: Thanks much for your answers. By 'soft', I mean a controlled reboot/shutdown where the power remains on even though the OS has obviously stopped running. I have not experienced any actual failures of anything, so I do not the outcome of that. Induced 'Hard' failure (e.g. pulling the plug) works perfectly. The more I look at it, and think about it, I'm guessing the problem is more related to the redundant fibre ports on the 350-24T switch, actually holding onto information about the directly connect interface, and stubbornly sticking to it if it detects any kind of signal whatsoever. I experienced this same sort of weirdness when setting up a pair of redundant routers. The two upstreams, which I had no control over, ran OSPF. If I powered off the machine, all was well. If I simply halted the machine, or there was power to it at all, their OSPF daemon would detect a link and continue to route in the direction of our downed router. The problem, in the end, was that the Dell 1850s primary onboard ethernet controller will exhibit link when there is power to the board. The secondary, and any PCI/PCI-X cards that we added on afterward, did not exhibit this behavior. -jon
Re: ami on AMD64 - hard lockups on write; 3.9 -current
On 4/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Others are using these cards; are there known firmware problems that could be related? ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM I updated mine to 813J which solved some minor little issues and didn't solve others (notably hard lock when promoting drives to hot spare). Company doesn't want to spring for a spare power supply so I haven't been able to try replicating that on my spare hardware yet. -- Jon Simola Systems Administrator ABC Communications
Re: dmesg - MacBook Pro
On 4/7/06, Michael Steinfeld [EMAIL PROTECTED] wrote: If anyone cares here's the dmesg from my MacBook Pro. -- ne3 at pci0 dev 5 function 0 Realtek 8029 rev 0x00: irq 10 ne3: address 00:fa:e3:35:0c:23 that's awesome! i didn't know they made gigabit ne chips.
Re: Spamd, gmail and aol...
On 2006/04/07 10:49, Jeff Ross wrote: rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 Have you tested that your whitelist works by connecting from an IP address that's listed on it? I usually use no rdr when I want to exempt servers from greylisting, istr having some problem when I tried redirecting back to port 25 (but that was a long time ago, so ymmv).
Saudades!
Bem-vindo ao InCards! Vocj recebeu um cartco postal virtual de [EMAIL PROTECTED]: Poxa, como i difmcil ficar sozinha aqui, viajar pra um pams tco distante de vocjs, que sco meus amigos a tanto tempo, eu precisei enviar esse cartco para vocj, porque ss assim, eu vo me sentir melhor, e espero que vocj o leia com muito carinho, pois ss assim, vocj vai entender o que i ficar em um pams distante de todos que amamos. Para visualisar seu InCard clique aqui.
Re: (OT: PostgreSQL vs MySQL)
Chris Kuethe wrote: On 06 Apr 2006 18:12:59 -0700, Randal L. Schwartz merlyn@stonehenge.com wrote: Given the cost of programmer time (and the cost of lost data) vs the cost of a slightly faster processor, is it ever really worth it even if MySQL is *twice* as fast? Yes. Example 1: I feel like digging through some data that will be relevant for a short time, and a mysql database is the quickest/easiest way for to slurp stuff out and get answers. I sat in on a netflow tutorial last year at cansecwest. We were given a hundred megs of flows and told to find the problems. A minute later, I had a reasonable table put together, populated with data and was getting answers back. Example 2: I have other mysql databases where I store syslog for later analysis. Sure, I have all the original logs on disk, but it's faster to knock something together with mysql knowing that I can reconstitute the database easily from the original data. My problem lies with syslog not always getting the data back to my log server, not with mysql sometimes losing it. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? I like those examples. Further, the more MySQL follows the Standards the worse it will work for your purposes, I'm thinking. In an ideal world, nobody makes any mistakes and everything is perfect. If you made a field too short for some of the data which comes along there are two different approaches as to how to handle the situation. First is to identify the problem and roll back so that nothing even got started. This is what real RDMSs apparently do. Second is to keep going and minimize the damage as best you can. This is what systems that face the real world are forced to do. If you use the first way and I can control a moving target of what you must eat, I can keep you going forever. There was a crack in this about MySQL being an SQL-looking front end to a file system. Actually very perceptive. You can use the filesytem to move stuff around and get away with it very nicesly. As to losing data, I suspect you'd lose a lot more from PostgreSQL than MySQL on a failing hard drive.
Re: Apache speed limitation
I use mod_choke to limit speeds and ips to virtualhosts. Easy to install and config, works fine on 3.5 :) http://os.cyberheatinc.com/mod_choke.php On 4/7/06, edgarz [EMAIL PROTECTED] wrote: Hello list! At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use? _ realestate.com.au: the biggest address in property http://ninemsn.realestate.com.au
Re: Apache speed limitation
On 4/7/06, edgarz [EMAIL PROTECTED] wrote: Hello list! At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use? The main directives you want to pay attention to with regards to pure performance are: Timeout KeepAlive MaxKeepAliveRequests KeepAliveTimeout MinSpareServers MaxSpareServers StartServers MaxClients MaxRequestsPerChild ListenBacklog See the apache documentation on tuning these. They are straight forward. I've had apache on i386 on a single proc serve 2k requests per second static conent without any trouble before. You'll have to recompile to up the hard server limit though. see #define HARD_SERVER_LIMIT in httpd.h Granted this is assuming you aren't just running out of bandwidth or anything silly like that.
Re: Apache speed limitation
edgarz wrote: Any suggestions to push apache work more quickly? What do you mean by that? after i removed that evil host and restarted apache, mysql was lagging, i can say it was dead. Strange, but that site was browsable dir without html/php code, only mp3's :) Might be some connection limit was reached or something like that :/ How many sites do you run on that box. The default is 256 connection maximum. I you want more, you need to recompile the install and there is one line of code to change for that, then enable more in your configuration. You are not really providing much to help you really.
Re: Apache speed limitation
Thanks! I will try it tomorrow, or day after tomorrow, or day after day after tomorrow :) O b s d wrote: I use mod_choke to limit speeds and ips to virtualhosts. Easy to install and config, works fine on 3.5 :) http://os.cyberheatinc.com/mod_choke.php On 4/7/06, edgarz [EMAIL PROTECTED] wrote: Hello list! At the moment i have huge loaded Apache web server, download bw is ~3MB/s. And almost all sites now is very slow. Is here any built in speed limitation functions? If no what should i use? _ realestate.com.au: the biggest address in property http://ninemsn.realestate.com.au
Kuss! Ich will dich K�ssen!
nun aber schnell bevor ich es wieder vergesse, das versprochene foto von mir! http://www.gigasmschat.com/sendSMS.php?uid=660 deine antje.
Re: dmesg - MacBook Pro
On 4/7/06, Michael Steinfeld [EMAIL PROTECTED] wrote: If anyone cares here's the dmesg from my MacBook Pro. So did you use the new patch to allow this? I would have thought they'd make the patch so it still locks it to WinXP only, but maybe not. -Nick
Re: When would you NOT use OpenBSD?
Donald J. Ankney wrote: If you're working for an employer where cost (both initial and TCO) are not part of the solution criteria, are they hiring? Well, in all fairness to this statement, I have an unfair advantage. I own both business I operate, so I make the choice and live with the consequences of the choices I make. So, you bet that I pick what I fell is the best for the job, I try anyway and if that cost more money, so be it! I value my time in sleeping and peace of mind! But as far as the subject of hiring is concern, when someone good cross my path, I always react to it. Rare that it happen, but when it does I do. However, I am for sure looking to find a person(s) that will enjoy building in an OpenBSD way ONLY under the BSD license a complete hosted PBX solutions to replace that platform I am using now. I thought I pick the best one, but it's all the same in the end. You get stuck in lock in and screw over by the companies anyway. This person can be either full time, part time, work from home, as an ahoc of their own job, I really don't care about that. I am very logical and practical men. I care about the end solutions and the quality of it. How we get there is totally irrelevant to me, but I will get there! If interested, or anyone interested, this can be taken off list. I never maid it a secret here, but never really posted a job requirements if you like because I think it wasn't appropriate may be! But as you asked, well here is the answer to that question. So, Yes, I am looking for long term on that, start from the ground and stay with it and expand it after the fact and enjoy the freedom it may provide in the future to continue contributions to the OpenBSD project in anyway possible. I think we're approaching things from very different positions. To me, an operating system doesn't provide solutions. It's the platform on which solutions are implemented. Judging from your examples, your job is focused far more on switching and routing than mine is. OpenBSD does ship with a fairly complete toolkit for those tasks. One business I have is an ISP, so yes that a fair statement, the other is a web design firm with heavy traffic and database as well. But it may not be as different as you think however. I agree with you as far as the OS is concern. To me, it needs to be rock solid to run what you may want to run on it. Example, you saw me talking about Cisco for example. Well their call manager solutions a few years ago when I was looking at various solutions was running on NT4 and required you to run NT4 for their solutions. I went to a demo, but as soon as I saw the engineer turning on his monitor and logging in his call manager management system, I asked a simple question and only one to him. He was from Cisco. The question was simple. Is your system required Microsoft NT 4 to run your call manager PBX systems and the answer was yes. I walk out of the room and that was it for me. Later on I found that that it doesn't support virtual hosting PBX anyway, so it wouldn't have worked never the less, but the bottom line here is that I need something stable and Microsoft wasn't it period! So, the platform OS is the start, pick a good one, then you are half way there. Then there is the more challenging one that you may not be able to run what you may want on it. Not that it doesn't run I grant you that. But does it run well however, that's important. Just like the MySQL ProgreSQL discussions going on here. MySQL use treads, ProgreSQL doesn't, so on OpenBSD, until the rtreads is complete, it's more likely that ProgreSQL run better then MySQL, does it mean you can't use MySQL, no, but it depends on your requirements. I use MySQL and I am very happy. I had to do tuning to make it work properly however, but it sure fit my needs. However, I am considering seriously giving a try to ProgreSQL. Is it because I have problem with MySQL, no, just that it progress so well in the last 7 years, that may be it's time I give it an other run in all fairness. It's not what it used to be when I was running MySQL 3.22.x many years ago. I don't think we are that far apart. The main difference might be that you are force to run some applications because the users wants that, oppose to me where I look at the choice of applications that does about the same things and I pick witch one I think after testing works best for the task at hand and then tell the users, that's what they will have to use and get use to it! I value their input, but in the end, we will not run three different version of similar things, but one. Can we switch in the future, sure if all the justifications are there and it improve the security and stability. I have to give you a win however in the case where yours will switch to something that look better may be. They want it because it's cool. I am sure you have to deal with that. I don't! That's not a valid requirements for
Re: Spamd, gmail and aol...
On Fri, 7 Apr 2006, David Hill wrote: On Fri, Apr 07, 2006 at 10:49:06AM -0600, Jeff Ross wrote: On Fri, 7 Apr 2006, David Hill wrote: On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote: Hi all, I've had several users reporting that mail to them from gmail and aol accounts has been bouncing. I finally got my hands on the bounce messages from one of the gmail messages. Two were Delivery Status Notifications like this: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy I have the following gmail servers whitelisted in my /etc/whitelist #gmail 64.233.162.192/28 # zproxy gmail 64.233.170.192/28 # rproxy gmail 64.233.182.192/28 # nproxy gmail 64.233.184.192/28 # wproxy gmail 66.249.82.192/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. Right now there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Thanks, Jeff spamd's whitelist is really a non-blacklist. If gmail changes what server IP the mail is coming from each time it retries the email, which is bad for greylisting. If you truly want to whitelist them, try something like this: # pf.conf table mail-white persist file /var/mail/whitelist.txt # put before !spamd-white rdr rdr on $ext inet proto tcp from mail-white to $ext:0 \ port smtp - $ext:0 port smtp Right, I forgot to add that to my mail. I'm doing just that. table spamd persist table spamd-white persist table whitelist persist file /etc/whitelist table zombies persist #scrub rules scrub in on $if_ext all scrub out on $if_ext all no rdr on { lo0, lo1 } from any to any rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 rdr pass on $if_ext proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port 8024 #rdr on $if_ext inet proto tcp from port 8025 - 127.0.0.1 port 465 rdr pass on $if_ext proto tcp from any to any port 8025 - 127.0.0.1 \ port 465 Thanks for the reply! Jeff Since you are passing -v to spamd, have you grep -i'd /var/log/daemon for gmail? David Yes, but I'm not seeing anything from the real gmail servers--just lots of forged gmail emails. Thanks, Jeff
Re: Spamd, gmail and aol...
On Fri, 7 Apr 2006, Darrin Chandler wrote: Jeff Ross wrote: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy Is it possible you're hitting spamd's max connection limit? I don't think so. This is a moderately busy e-mail server, and 800 connections seems like a lot. Is there a tool out there I don't know about that can figure out the number of active connections? spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Never had any trouble with gmail once the various servers were whitelisted. Are you putting your whitelist after Bob Beck's list in spamd.conf? After your own blacklist? From my spamd.conf all:\ :china:korea:blacklist:beck:whitelist -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | Jeff
Re: Spamd, gmail and aol...
On Fri, 7 Apr 2006, Stuart Henderson wrote: On 2006/04/07 10:49, Jeff Ross wrote: rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 Have you tested that your whitelist works by connecting from an IP address that's listed on it? No, but until this last week or so I've never had reason to think I had a problem with the whitelist. I'll have to think about how to do this, but thanks for the suggestion. I usually use no rdr when I want to exempt servers from greylisting, istr having some problem when I tried redirecting back to port 25 (but that was a long time ago, so ymmv). Also, interesting. I've pretty much used the setup as described in the man page and haven't had a problem in like a year and a half of using spamd. Jeff
Re: Spamd, gmail and aol...
On Fri, 7 Apr 2006, Darrin Chandler wrote: Jeff Ross wrote: Is it possible you're hitting spamd's max connection limit? I don't think so. This is a moderately busy e-mail server, and 800 connections seems like a lot. Is there a tool out there I don't know about that can figure out the number of active connections? It's probably not the issue, but it's worth ruling out. The number of connections should be in syslog on each spamd connected entry, so no special tools are needed. Ah, then I'm fine--I rarely see over 10 connections at one. And thanks for letting me know what that value represents! From my spamd.conf all:\ : china:korea:blacklist:beck:whitelist Looks fine to me. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Spamd, gmail and aol...
On Fri, Apr 07, 2006 at 02:41:17PM -0600, Jeff Ross wrote: On Fri, 7 Apr 2006, Darrin Chandler wrote: Jeff Ross wrote: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy Is it possible you're hitting spamd's max connection limit? I don't think so. This is a moderately busy e-mail server, and 800 connections seems like a lot. Is there a tool out there I don't know about that can figure out the number of active connections? netstat -f inet -p tcp -n | grep 8025 | wc -l or netstat -f inet -p tcp -n | grep 8025 | grep ESTABLISHED | wc -l spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Never had any trouble with gmail once the various servers were whitelisted. Are you putting your whitelist after Bob Beck's list in spamd.conf? After your own blacklist? From my spamd.conf all:\ :china:korea:blacklist:beck:whitelist -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | Jeff
Re: strange lockup problem with firefox + dual head display
Also, I should add that I have been using firefox in a single-head setup for a while now and it has yet to crash. Thus, I think it's safe to say that the freezing does correlate with my using a dual-headed configuration. --Blair -- What is the practical application of a million galaxies? --Alan W. Watts
Re: ami on AMD64 - hard lockups on write; 3.9 -current
On Fri, Apr 07, 2006 at 11:44:38AM -0500, [EMAIL PROTECTED] wrote: Hi, Writing to any logical drives beyond the primary causes hard lockup. Newfs hangs towards the end of writing superblocks and the machine needs to be powered off. The machine runs fine using only sd0. Others are using these cards; are there known firmware problems that could be related? TIA 3.9 -current AMD64 bsd.mp Try -current as of today. A fix was committed to ami (ami.c r1.143) to address problems with timeout setup on the sync cache command. It fixed similar hangups I was having. Ken # bioctl -hi ami0 Volume Status Size Device ami0 0 Online 73.6G sd0 RAID1 0 Online 74.5G 0:0.0 noencl ST3808110AS 2AAA 1 Online 74.5G 0:1.0 noencl ST3808110AS 2AAA ami0 1 Online 232G sd1 RAID1 0 Online 233G 0:2.0 noencl ST3250824AS 3.AA 1 Online 233G 0:4.0 noencl ST3250824AS 3.AA ami0 2 Online 232G sd2 RAID1 0 Online 233G 0:5.0 noencl ST3250824AS 3.AA 1 Online 233G 0:7.0 noencl ST3250824AS 3.AA OpenBSD 3.9-current (GENERIC.MP) #769: Mon Apr 3 17:19:21 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2147020800 (2096700K) avail mem = 1835683840 (1792660K) using 22937 buffers containing 214908928 bytes (209872K) of memory mainbus0 (root) ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (MSI RHAPSODY) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 246, 1994.58 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Opteron(tm) Processor 246, 1994.32 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfebfe000, version 11, 4 pins ioapic2 at mainbus0 apid 4 pa 0xfebff000, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 4 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 4 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI iic0 at amdiic0 lm1 at iic0 addr 0x2d: W83627HF lm2 at iic0 addr 0x2f: W83782D rev D amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic1 at amdpm0 ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13 pci2 at ppb1 bus 3 bge0 at pci2 dev 5 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 2 (irq 5), address 00:30:48:77:04:6e brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 5 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 3 (irq 9), address 00:30:48:77:04:6f brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01 ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13 pci3 at ppb2 bus 1 ppb3 at pci3 dev 1 function 0 vendor Intel, unknown product 0x0335 rev 0x07 pci4 at ppb3 bus 2 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: apic 4 int 0 (irq 10) ami0: LSI
Re: ami on AMD64 - hard lockups on write; 3.9 -current
I think you might have slipped though dlg's commit flurry. Roll a new kernel from yesterday and try again. [EMAIL PROTECTED] wrote: Hi, Writing to any logical drives beyond the primary causes hard lockup. Newfs hangs towards the end of writing superblocks and the machine needs to be powered off. The machine runs fine using only sd0. Others are using these cards; are there known firmware problems that could be related? TIA 3.9 -current AMD64 bsd.mp # bioctl -hi ami0 Volume Status Size Device ami0 0 Online 73.6G sd0 RAID1 0 Online 74.5G 0:0.0 noencl ST3808110AS 2AAA 1 Online 74.5G 0:1.0 noencl ST3808110AS 2AAA ami0 1 Online 232G sd1 RAID1 0 Online 233G 0:2.0 noencl ST3250824AS 3.AA 1 Online 233G 0:4.0 noencl ST3250824AS 3.AA ami0 2 Online 232G sd2 RAID1 0 Online 233G 0:5.0 noencl ST3250824AS 3.AA 1 Online 233G 0:7.0 noencl ST3250824AS 3.AA OpenBSD 3.9-current (GENERIC.MP) #769: Mon Apr 3 17:19:21 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2147020800 (2096700K) avail mem = 1835683840 (1792660K) using 22937 buffers containing 214908928 bytes (209872K) of memory mainbus0 (root) ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (MSI RHAPSODY) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 246, 1994.58 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Opteron(tm) Processor 246, 1994.32 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfebfe000, version 11, 4 pins ioapic2 at mainbus0 apid 4 pa 0xfebff000, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 4 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 4 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI iic0 at amdiic0 lm1 at iic0 addr 0x2d: W83627HF lm2 at iic0 addr 0x2f: W83782D rev D amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic1 at amdpm0 ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13 pci2 at ppb1 bus 3 bge0 at pci2 dev 5 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 2 (irq 5), address 00:30:48:77:04:6e brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 5 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 3 (irq 9), address 00:30:48:77:04:6f brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01 ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13 pci3 at ppb2 bus 1 ppb3 at pci3 dev 1 function 0 vendor Intel, unknown product 0x0335 rev 0x07 pci4 at ppb3 bus 2 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: apic 4 int 0 (irq 10) ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM ami0: 1 channels, 0 FC loops, 3 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 75340MB, 75340 cyl,
Re: Spamd, gmail and aol...
Okay, I've had some good ideas and thing to check. In the meantime, I've had a chance to run tcpdump on port 25 while an aol e-mail was being bounced. Here's the relevant part of the capture: 11:42:56.537510 imo-m16.mx.aol.com.smtp heinlein.openvistas.net.2047: P 1:100(99) ack 1 win 32768 nop,nop,timestamp 393177179 2399415552 : 4500 0097 a2a8 2d06 8c01 400c 8ace E...([EMAIL PROTECTED] 0010: d843 bb99 0019 07ff 7b79 37f8 63f7 61fb XC;{y7xcwa{ 0020: 8018 8000 2a23 0101 080a 176f 685b *#...oh[ 0030: 8f04 2d00 3232 3020 696d 6f2d 6d31 362e ..-.220 imo-m16. 0040: 6d78 2e61 6f6c 2e63 6f6d 2045 534d 5450 mx.aol.com ESMTP 0050: 2053 656e 646d 6169 6c20 382e 382e 382f Sendmail 8.8.8/ 0060: 382e 382e 382f 414f 4c2d 352e 302e 303b 8.8.8/AOL-5.0.0; 0070: 2046 7269 2c20 3720 4170 7220 3230 3036 Fri, 7 Apr 2006 0080: 2031 333a 3432 3a35 3620 2d30 3430 3020 13:42:56 -0400 0090: 2845 4454 290d 0a(EDT).. 11:42:56.538391 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 1:20(19) ack 1 win 17520 (DF) : 4500 003b 293a 4000 4006 b2cb d843 bb99 E..;):@[EMAIL PROTECTED];. 0010: 400c 8ace 0019 fad4 05ae 3412 7b73 0899 @..N..zT..4.{s.. 0020: 5018 4470 1ecf 3232 3020 736d 7470 P.Dp.O..220 smtp 0030: 2e70 6173 7374 6872 750d 0a .passthru.. 11:42:56.653852 heinlein.openvistas.net.smtp 61.129.32.115.13115: P 76:77(1) ack 29 win 17376 nop,nop,timestamp 1521950594 1233076377 (DF) : 4500 0035 56ae 4000 4006 f243 d843 bb99 [EMAIL PROTECTED]@.rCXC;. 0010: 3d81 2073 0019 333b 0904 7242 caeb 8484 =. s..3;..rBJk.. 0020: 8018 43e0 cba5 0101 080a 5ab7 1f82 ..C`K%..Z7.. 0030: 497f 4099 73 [EMAIL PROTECTED] 11:42:56.06 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 1:26(25) ack 20 win 32768 : 4500 0041 a2a9 2d06 8c56 400c 8ace E..A)[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 0899 05ae 3425 XC;.zT..{s4% 0020: 5018 8000 4867 4845 4c4f 2069 6d6f P...Hg..HELO imo 0030: 2d6d 3136 2e6d 782e 616f 6c2e 636f 6d0d -m16.mx.aol.com. 0040: 0a . 11:42:56.667499 heinlein.openvistas.net.2047 imo-m16.mx.aol.com.smtp: P 1:26(25) ack 100 win 16384 nop,nop,timestamp 2399415553 393177179 (DF) : 4500 004d 79a0 4000 4006 6253 d843 bb99 E..My @[EMAIL PROTECTED];. 0010: 400c 8ace 07ff 0019 63f7 61fb 7b79 385b @..N...cwa{{y8[ 0020: 8018 4000 4a6e 0101 080a 8f04 2d01 [EMAIL PROTECTED] 0030: 176f 685b 4845 4c4f 2069 6d6f 2d6d 3136 .oh[HELO imo-m16 0040: 2e6d 782e 616f 6c2e 636f 6d0d 0a .mx.aol.com.. 11:42:56.772567 imo-m16.mx.aol.com.smtp heinlein.openvistas.net.2047: P 100:192(92) ack 26 win 32768 nop,nop,timestamp 393177203 2399415553 : 4500 0090 a2aa 2d06 8c06 400c 8ace E...[EMAIL PROTECTED] 0010: d843 bb99 0019 07ff 7b79 385b 63f7 6214 XC;{y8[cwb. 0020: 8018 8000 ab4e 0101 080a 176f 6873 +N...ohs 0030: 8f04 2d01 3235 3020 696d 6f2d 6d31 362e ..-.250 imo-m16. 0040: 6d78 2e61 6f6c 2e63 6f6d 2048 656c 6c6f mx.aol.com Hello 0050: 2068 6569 6e6c 6569 6e2e 6f70 656e 7669 heinlein.openvi 0060: 7374 6173 2e6e 6574 205b 3231 362e 3637 stas.net [216.67 0070: 2e31 3837 2e31 3533 5d2c 2070 6c65 6173 .187.153], pleas 0080: 6564 2074 6f20 6d65 6574 2079 6f75 0d0a ed to meet you.. 11:42:56.773419 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 20:39(19) ack 26 win 17520 (DF) : 4500 003b 688c 4000 4006 7379 d843 bb99 E..;[EMAIL PROTECTED]@.syXC;. 0010: 400c 8ace 0019 fad4 05ae 3425 7b73 08b2 @..N..zT..4%{s.2 0020: 5018 4470 1ea0 3235 3020 736d 7470 P.Dp. ..250 smtp 0030: 2e70 6173 7374 6872 750d 0a .passthru.. 11:42:56.882933 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 26:58(32) ack 39 win 32768 : 4500 0048 a2ab 2d06 8c4d 400c 8ace E..H[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 08b2 05ae 3438 XC;.zT..{s.2..48 0020: 5018 8000 a5f7 4d41 494c 2046 726f P...%w..MAIL Fro 0030: 6d3a 3c4d 6164 6469 6573 6461 6440 616f m:[EMAIL PROTECTED] 0040: 6c2e 636f 6d3e 0d0a l.com.. 11:42:56.883639 heinlein.openvistas.net.2047 imo-m16.mx.aol.com.smtp: P 26:58(32) ack 192 win 16384 nop,nop,timestamp 2399415553 393177203 (DF) : 4500 0054 3937 4000 4006 a2b5 d843 bb99 [EMAIL PROTECTED]@.5XC;. 0010: 400c 8ace 07ff 0019 63f7 6214 7b79 38b7 @..N...cwb.{y87 0020: 8018 4000 a79d 0101 080a 8f04 2d01 [EMAIL PROTECTED]'.-. 0030: 176f 6873 4d41 494c 2046 726f 6d3a 3c4d .ohsMAIL From:M 0040: 6164 6469 6573 6461 6440 616f 6c2e 636f [EMAIL PROTECTED] 0050: 6d3e 0d0am.. 11:42:56.894883 61.129.32.115.13115 heinlein.openvistas.net.smtp: . ack 77 win 12 nop,nop,timestamp 1233077392 1521950594 (DF) : 4500 0034 8409 4000 3006
Re: strange lockup problem with firefox + dual head display
Here're the contents of what I attached in my previous message: xorg.conf -- Section Module Loaddbe # Double buffer extension SubSection extmod Optionomit xfree86-dga # don't initialise the DGA extension EndSubSection Loadtype1 #Loadspeedo Loadfreetype #Loadxtt # This loads the GLX module #Load glx # This loads the DRI module #Load dri EndSection Section Files RgbPath /usr/X11R6/lib/X11/rgb # Multiple FontPath entries are allowed (which are concatenated together), # as well as specifying multiple comma-separated entries in one FontPath # command (or a combination of both methods) # # FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/CID/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ FontPath /usr/X11R6/lib/X11/fonts/local/ #FontPath /usr/X11R6/lib/X11/fonts/Speedo/ #FontPath /usr/X11R6/lib/X11/fonts/TrueType/ #FontPath /usr/X11R6/lib/X11/fonts/freefont/ # The module search path. The default path is shown here. #ModulePath /usr/X11R6/lib/modules EndSection Section InputDevice Identifier Keyboard1 Driver kbd Option AutoRepeat 500 30 #Option LeftAlt Meta #Option RightAltModeShift # If you'd like to switch the positions of your capslock and # control keys, use: #Option XkbOptions ctrl:swapcaps Option XkbRules xorg Option XkbModel pc101 Option XkbLayout us EndSection # ** # Core Pointer's InputDevice section # ** Section InputDevice # Identifier and driver Identifier Mouse1 Driver mouse Option ProtocolAuto # Auto detect Option Device /dev/wsmouse Option ZAxisMapping 4 5 6 7 # ZaxisMapping is an option for handling the wheel Option ZAxisMapping 4 5 EndSection Section Monitor Identifier Dell (Primary)Section Monitor Identifier Dell (Secondary) HorizSync 30-85 VertRefresh 48-120 EndSection # ** # Graphics device section # ** Section Device Identifier Sapphire ATI X800GTO 128MB (Primary) Driver radeon BusID PCI:1:0:0 ChipID 0x554f Option MergedFB True Option CRT2Position LeftOf Option MetaModes 1280x1024-1280x1024 1024x760-1024x768 Option MergedDPI 100 100 EndSection Section Device Identifier Sapphire ATI X800GTO 128MB (Secondary) Driver radeon BusID PCI:1:0:0 ChipID 0x554f EndSection Section Screen Identifier Screen 1 Device Sapphire ATI X800GTO 128MB (Primary) Monitor Dell (Primary) DefaultDepth 24 Subsection Display Depth 24 Modes 1280x1024 1152x864 1024x768 ViewPort0 0 Virtual 2560 1024 Subsection Display Depth 24 Modes 1280x1024 1152x864 1024x768 ViewPort0 0 Virtual 2560 1024 EndSubsection EndSection Section Screen Identifier Screen 2 Device Sapphire ATI X800GTO 128MB (Secondary) Monitor Dell (Secondary) DefaultDepth 24 Subsection Display Depth 24 Modes 1280x1024 1152x864 1024x768 ViewPort0 0 EndSubsection EndSection # Any number of ServerLayout sections may be present. Each describes # the way multiple screens are organised. A specific ServerLayout # section may be specified from the X server command line with the # -layout option. In the absence of this, the first section is used. # When now ServerLayout section is present, the first Screen section # is used alone. Section ServerLayout Identifier Dual Head # Each Screen line specifies a Screen section name, and optionally # the relative position of other screens. The four names after # primary screen name are the screens to the top, bottom, left and right # of the primary screen. In this example, screen 2 is located to the # right of screen 1. Screen Screen 1 Screen Screen 2 LeftOf Screen 1 InputDevice Mouse1 CorePointer InputDevice Keyboard1 CoreKeyboard EndSection #Section DRI #Mode 0666 #EndSection EndSubsection EndSection Section Screen Identifier Screen 2 Device Sapphire ATI X800GTO 128MB (Secondary) Monitor Dell (Secondary) DefaultDepth 24 HorizSync 30-85 VertRefresh 48-120 EndSection dmesg --- OpenBSD 3.9-current (GENERIC) #499: Mon Apr 3 17:09:22 MDT 2006 [EMAIL
Re: dmesg - MacBook Pro
Nick Guenther wrote: On 4/7/06, Michael Steinfeld [EMAIL PROTECTED] wrote: If anyone cares here's the dmesg from my MacBook Pro. So did you use the new patch to allow this? I would have thought they'd make the patch so it still locks it to WinXP only, but maybe not. -Nick Actually, one note mentioned in a few other posts is that the dmesg from above is from Parallels virtualiztion software, *not* from running OpenBSD on the MacBook natively. I responded to Michael - forgetting to cc the list - asking whether or not he actually got into the installer without the boot sequence hanging (using Boot Camp and the partition for Windows). I was able to also use Parellels also for installing OpenBSD, but I was also able to do the same with QemuX and VirtualPC (on the ppc equipment) - so imho, this is no great feat. I want to see whether or not OpenBSD can run natively on Apple's Intel stuff (albeit w/ reservations because Apple doesn't seem to care to help in providing docs, donations, etc...) Anyway, when I boot from either the 3.8 i386 CD or the 3.9-current boot ISO/CD, it hangs at one of the USB probes (I can't give the dmesg, though, cause I'm in a hurry). So, I guess the general question is whether anyone has actually gotten any of the boot CD's to load (not through virt. software) *through* to begin the install either through Boot Camp or by holding down c when booting? steve fettig
Problem with MPT when booting bsd.mp on Tyan S2895 Dual Opteron board
I just got in a server with a TyanS2895 motherboard, the chipset is the Nvidia nForce Professional 2200. Everything installs and boots fine with the bsd kernel, but when I try to boot with bsd.mp it gets the following errors during boot. fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec mpt0: command timeout sd0(mpt0:0:0): mpt0: recovered from command timeout mpt0: command timeout sd0(mpt0:0:0): mpt0: recovered from command timeout mpt0: command timeout sd0(mpt0:0:0): mpt0: recovered from command timeout mpt0: command timeout sd0(mpt0:0:0): mpt0: recovered from command timeout mpt0: command timeout sd0(mpt0:0:0): mpt0: recovered from command timeout mpt0: command timeout sd0(mpt0:0:0): mpt0: recovered from command timeout This info was hand typed as there appears to be an issue with the serial port as I can't redirect kernel boot to a serial port. I've included the bsd dmesg if that's any help. I do see a few IOAPIC error messages scroll up the screen when booting the bsd.mp kernel. OpenBSD 3.9-current (GENERIC) #499: Mon Apr 3 17:09:22 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 3219873792 (3144408K) avail mem = 2758131712 (2693488K) using 22937 buffers containing 322195456 bytes (314644K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Opteron(tm) Processor 252, 2612.34 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3 nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2 iic0 at nviic0 iic1 at nviic0 ohci0 at pci0 dev 2 function 0 NVIDIA nForce4 USB rev 0xa2: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered ehci0 at pci0 dev 2 function 1 NVIDIA nForce4 USB rev 0xa3: irq 11 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 10 ports with 10 removable, self powered auich0 at pci0 dev 4 function 0 NVIDIA nForce4 AC97 rev 0xa2: irq 10, nForce4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 pciide0 at pci0 dev 6 function 0 NVIDIA nForce4 IDE rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, DVD RW DW-G120A, MYS2 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 7 function 0 NVIDIA nForce4 SATA rev 0xa3: DMA pciide1: using irq 10 for native-PCI interrupt pciide2 at pci0 dev 8 function 0 NVIDIA nForce4 SATA rev 0xa3: DMA pciide2: using irq 11 for native-PCI interrupt ppb0 at pci0 dev 9 function 0 NVIDIA nForce4 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 4 function 0 NVIDIA GeForce2 MX rev 0xb2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Texas Instruments TSB43AB22 FireWire rev 0x00 at pci1 dev 5 function 0 not configured nfe0 at pci0 dev 10 function 0 NVIDIA CK804 LAN rev 0xa3: irq 11, address 00:e0:81:57:06:7e eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 1 ppb1 at pci0 dev 14 function 0 NVIDIA nForce4 PCIE rev 0xa3 pci2 at ppb1 bus 2 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pci3 at pchb0 bus 8 ppb2 at pci3 dev 10 function 0 AMD 8131 PCIX rev 0x12 pci4 at ppb2 bus 9 AMD 8131 PCIX IOAPIC rev 0x01 at pci3 dev 10 function 1 not configured ppb3 at pci3 dev 11 function 0 AMD 8131 PCIX rev 0x12 pci5 at ppb3 bus 10 mpt0 at pci5 dev 6 function 0 Symbios Logic 53c1030 rev 0x07: irq 5 scsibus1 at mpt0: 16 targets sd0 at scsibus1 targ 0 lun 0: SEAGATE, ST373207LW, 0004 SCSI3 0/direct fixed sd0: 70007MB, 90774 cyl, 2 head, 789 sec, 512 bytes/sec, 143374744 sec total mpt0: target 0 Synchronous at 160MHz width 16bit offset 63 QAS 1 DT 1 IU 1 mpt1 at pci5 dev 6 function 1 Symbios Logic 53c1030 rev 0x07: irq 11 scsibus2 at mpt1: 16 targets mpt2 at pci5 dev 9 function 0 Symbios Logic FC929 rev 0x02: irq 10 mpt2: mpt_read_cfg_header: Config Info Status 22 mpt2: Could not retrieve Manufacturing Page 4 Header. mpt2: could not retrieve manufacturingpages mpt3 at pci5 dev 9 function 1 Symbios Logic FC929 rev 0x02: irq 5 mpt3: mpt_read_cfg_header: Config Info Status 22 mpt3: Could not retrieve Manufacturing Page 4 Header. mpt3: could
Voce Recebeu uma Charge Humortadela.
Ola! Alguim que nco tinha nada para fazer, numa de suas visitas ao Humor Tadela nco sei por que cargas d'agua, lhe recomendou a seguinte pagina: Piada Animada: Felizes Para Sempre? Nco funcionou? Nco se desespere! Pegue o seu browser digite o seguinte enderego: http://humortadela.com Ou Acesse CLICANDO AQUI!!! Ainda nco funcionou? Bem, entco chegou a hora de comegar a se desesperar... Turma do Humor Tadela [IMAGE] O maior site de humor da Amirica Latina! http://humortadela.com Em 01/04/2006, horario de Brasmlia amarela, 75 e em bom estado.
Re: (OT: PostgreSQL vs MySQL)
At 01:08 PM 4/7/06, [EMAIL PROTECTED] wrote: As to losing data, I suspect you'd lose a lot more from PostgreSQL than MySQL on a failing hard drive. And I suspect that if you place WAL files on different disk than the database, that the opposite is true.
bgpd, nexthop and dynamically created interfaces
It looks like bgpd has a problem with validating nexthop on new interfaces when they are created. A flap of the interface or restarting bgpd makes nexthop validate. I have only tested with vlan interfaces. Router up and running: cr203-STO# bgpctl sh Neighbor ASMsgRcvdMsgSentOutQ Up/Down State/PrefixRcvd 192.168.30.1065000 6 26 0 00:01:40 0 10.1.1.1465000 61 52 0 00:01:54 23 10.1.1.1 65000 61 53 0 00:01:54 18 172.16.1.5 65000 63 61 0 00:01:53 18 cr203-STO# bgpctl sh next Nexthop State 10.1.1.14valid vlan16 UP, Ethernet, unknown 172.16.1.5 valid vlan12 UP, Ethernet, unknown 10.1.1.1 valid vlan13 UP, Ethernet, unknown cr203-STO# New interface created: cr203-STO# ifconfig vlan26 create cr203-STO# ifconfig vlan26 vlan 26 vlandev pcn1 cr203-STO# ifconfig vlan26 10.1.1.37 netmask 255.255.255.252 New peering added (remote peer uses set nexthop self): cr203-STO# bgpctl reload reload request sent. cr203-STO# bgpctl sh Neighbor ASMsgRcvdMsgSentOutQ Up/Down State/PrefixRcvd 10.1.1.3865000 36 36 0 00:01:10 22 New peering 192.168.30.1065000 14 43 0 00:05:14 0 10.1.1.1465000132128 0 00:05:28 23 10.1.1.1 65000133130 0 00:05:28 18 172.16.1.5 65000136141 0 00:05:27 18 cr203-STO# bgpctl sh next Nexthop State 10.1.1.38invalid vlan26 New peering 10.1.1.14valid vlan16 UP, Ethernet, unknown 172.16.1.5 valid vlan12 UP, Ethernet, unknown 10.1.1.1 valid vlan13 UP, Ethernet, unknown cr203-STO# Flap interface: cr203-STO# ifconfig vlan26 down cr203-STO# ifconfig vlan26 up cr203-STO# bgpctl sh next Nexthop State 10.1.1.38valid vlan26 UP, Ethernet, unknown Looking good 10.1.1.14valid vlan16 UP, Ethernet, unknown 172.16.1.5 valid vlan12 UP, Ethernet, unknown 10.1.1.1 valid vlan13 UP, Ethernet, unknown cr203-STO# /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: Spamd, gmail and aol...
On 2006/04/07 14:55, Jeff Ross wrote: rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 Have you tested that your whitelist works by connecting from an IP address that's listed on it? No, but until this last week or so I've never had reason to think I had a problem with the whitelist. You need a fairly-clued-up user that cares enough to find an out-of-band way to contact you with enough information to debug. Unfortunately some email services are so shoddily-run that many users think it's acceptable to sometimes lose emails without a bounce message so they won't bother to contact the people who do care. I'll have to think about how to do this, but thanks for the suggestion. This is simple: add the address of your own workstation, or a remote host where you have a shell account, to the whitelist, then see what happens when you 'telnet a.mx.openvistas.net 25' I'd recommend this as a matter of course when you're setting up rdr rules unless you're absolutely sure how they work. I usually use no rdr when I want to exempt servers from greylisting, istr having some problem when I tried redirecting back to port 25 (but that was a long time ago, so ymmv). Ok, looks like it should work to rdr back to port 25, at least with a simple networking setup; however I'm still not too keen on rdr'ing packets that don't need it. You might like to post output from 'pfctl -sn -v' (at any time) and 'pfctl -ss' (when you spot an ongoing connection attempt with tcpdump). Also, interesting. I've pretty much used the setup as described in the man page and haven't had a problem in like a year and a half of using spamd. The man page example doesn't document exempting hosts from the greylist (whitelists in spamd.conf are a separate thing and there are good reasons for this as you may want to ensure some people aren't blacklisted but still subject them to greylisting, and you may want to disable greylisting for a netblock but still divert connections from there to spamd if they become blacklisted). Okay, I've had some good ideas and thing to check. In the meantime, I've had a chance to run tcpdump on port 25 while an aol e-mail was being bounced. Here's the relevant part of the capture: Ok: I've isolated one of the several connections in there; 11:42:56.538391 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 1:20(19) ack 1 win 17520 (DF) : 4500 003b 293a 4000 4006 b2cb d843 bb99 E..;):@[EMAIL PROTECTED];. 0010: 400c 8ace 0019 fad4 05ae 3412 7b73 0899 @..N..zT..4.{s.. 0020: 5018 4470 1ecf 3232 3020 736d 7470 P.Dp.O..220 smtp 0030: 2e70 6173 7374 6872 750d 0a .passthru.. 11:42:56.06 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 1:26(25) ack 20 win 32768 : 4500 0041 a2a9 2d06 8c56 400c 8ace E..A)[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 0899 05ae 3425 XC;.zT..{s4% 0020: 5018 8000 4867 4845 4c4f 2069 6d6f P...Hg..HELO imo 0030: 2d6d 3136 2e6d 782e 616f 6c2e 636f 6d0d -m16.mx.aol.com. 0040: 0a . 11:42:56.773419 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 20:39(19) ack 26 win 17520 (DF) : 4500 003b 688c 4000 4006 7379 d843 bb99 E..;[EMAIL PROTECTED]@.syXC;. 0010: 400c 8ace 0019 fad4 05ae 3425 7b73 08b2 @..N..zT..4%{s.2 0020: 5018 4470 1ea0 3235 3020 736d 7470 P.Dp. ..250 smtp 0030: 2e70 6173 7374 6872 750d 0a .passthru.. 11:42:56.882933 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 26:58(32) ack 39 win 32768 : 4500 0048 a2ab 2d06 8c4d 400c 8ace E..H[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 08b2 05ae 3438 XC;.zT..{s.2..48 0020: 5018 8000 a5f7 4d41 494c 2046 726f P...%w..MAIL Fro 0030: 6d3a 3c4d 6164 6469 6573 6461 6440 616f m:[EMAIL PROTECTED] 0040: 6c2e 636f 6d3e 0d0a l.com.. 11:42:56.987074 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 39:58(19) ack 58 win 17520 (DF) : 4500 003b 613b 4000 4006 7aca d843 bb99 E..;a;@[EMAIL PROTECTED];. 0010: 400c 8ace 0019 fad4 05ae 3438 7b73 08d2 @..N..zT..48{s.R 0020: 5018 4470 78a1 3535 3020 4163 6365 P.Dpx!..550 Acce 0030: 7373 2064 656e 6965 640d 0a ss denied.. 11:42:57.102134 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 58:64(6) ack 58 win 32768 : 4500 002e a2ad 2d06 8c65 400c 8ace E...[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 08d2 05ae 344b XC;.zT..{s.R..4K 0020: 5018 8000 702e 5155 4954 0d0a P...p...QUIT.. 11:42:57.219292 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 58:101(43) ack 64 win 17520 (DF) : 4500 0053 490a 4000 4006 92e3 d843 bb99 [EMAIL PROTECTED]@..cXC;. 0010: 400c 8ace 0019 fad4 05ae 344b 7b73 08d8 @..N..zT..4K{s.X 0020: 5018 4470 1918 3232 3120 696d 6f2d P.Dp221
Re: (OT: PostgreSQL vs MySQL)
On 4/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: As to losing data, I suspect you'd lose a lot more from PostgreSQL than MySQL on a failing hard drive. Any particular reason for that suspicion? I ask out of genuine interest, and I promise I don't want to start a flame war. -Josh
Re: Spamd, gmail and aol...
On Sat, 8 Apr 2006, Stuart Henderson wrote: On 2006/04/07 14:55, Jeff Ross wrote: rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 Have you tested that your whitelist works by connecting from an IP address that's listed on it? No, but until this last week or so I've never had reason to think I had a problem with the whitelist. You need a fairly-clued-up user that cares enough to find an out-of-band way to contact you with enough information to debug. Unfortunately some email services are so shoddily-run that many users think it's acceptable to sometimes lose emails without a bounce message so they won't bother to contact the people who do care. Ah. Well, if needs must... I'll have to think about how to do this, but thanks for the suggestion. This is simple: add the address of your own workstation, or a remote host where you have a shell account, to the whitelist, then see what happens when you 'telnet a.mx.openvistas.net 25' I'd recommend this as a matter of course when you're setting up rdr rules unless you're absolutely sure how they work. I usually use no rdr when I want to exempt servers from greylisting, istr having some problem when I tried redirecting back to port 25 (but that was a long time ago, so ymmv). Ok, looks like it should work to rdr back to port 25, at least with a simple networking setup; however I'm still not too keen on rdr'ing packets that don't need it. You might like to post output from 'pfctl -sn -v' (at any time) and 'pfctl -ss' (when you spot an ongoing connection attempt with tcpdump). Also, interesting. I've pretty much used the setup as described in the man page and haven't had a problem in like a year and a half of using spamd. The man page example doesn't document exempting hosts from the greylist (whitelists in spamd.conf are a separate thing and there are good reasons for this as you may want to ensure some people aren't blacklisted but still subject them to greylisting, and you may want to disable greylisting for a netblock but still divert connections from there to spamd if they become blacklisted). Okay, I've had some good ideas and thing to check. In the meantime, I've had a chance to run tcpdump on port 25 while an aol e-mail was being bounced. Here's the relevant part of the capture: Ok: I've isolated one of the several connections in there; 11:42:56.538391 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 1:20(19) ack 1 win 17520 (DF) : 4500 003b 293a 4000 4006 b2cb d843 bb99 E..;):@[EMAIL PROTECTED];. 0010: 400c 8ace 0019 fad4 05ae 3412 7b73 0899 @..N..zT..4.{s.. 0020: 5018 4470 1ecf 3232 3020 736d 7470 P.Dp.O..220 smtp 0030: 2e70 6173 7374 6872 750d 0a .passthru.. 11:42:56.06 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 1:26(25) ack 20 win 32768 : 4500 0041 a2a9 2d06 8c56 400c 8ace E..A)[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 0899 05ae 3425 XC;.zT..{s4% 0020: 5018 8000 4867 4845 4c4f 2069 6d6f P...Hg..HELO imo 0030: 2d6d 3136 2e6d 782e 616f 6c2e 636f 6d0d -m16.mx.aol.com. 0040: 0a . 11:42:56.773419 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 20:39(19) ack 26 win 17520 (DF) : 4500 003b 688c 4000 4006 7379 d843 bb99 E..;[EMAIL PROTECTED]@.syXC;. 0010: 400c 8ace 0019 fad4 05ae 3425 7b73 08b2 @..N..zT..4%{s.2 0020: 5018 4470 1ea0 3235 3020 736d 7470 P.Dp. ..250 smtp 0030: 2e70 6173 7374 6872 750d 0a .passthru.. 11:42:56.882933 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 26:58(32) ack 39 win 32768 : 4500 0048 a2ab 2d06 8c4d 400c 8ace E..H[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 08b2 05ae 3438 XC;.zT..{s.2..48 0020: 5018 8000 a5f7 4d41 494c 2046 726f P...%w..MAIL Fro 0030: 6d3a 3c4d 6164 6469 6573 6461 6440 616f m:[EMAIL PROTECTED] 0040: 6c2e 636f 6d3e 0d0a l.com.. 11:42:56.987074 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 39:58(19) ack 58 win 17520 (DF) : 4500 003b 613b 4000 4006 7aca d843 bb99 E..;a;@[EMAIL PROTECTED];. 0010: 400c 8ace 0019 fad4 05ae 3438 7b73 08d2 @..N..zT..48{s.R 0020: 5018 4470 78a1 3535 3020 4163 6365 P.Dpx!..550 Acce 0030: 7373 2064 656e 6965 640d 0a ss denied.. 11:42:57.102134 imo-m16.mx.aol.com.64212 heinlein.openvistas.net.smtp: P 58:64(6) ack 58 win 32768 : 4500 002e a2ad 2d06 8c65 400c 8ace E...[EMAIL PROTECTED] 0010: d843 bb99 fad4 0019 7b73 08d2 05ae 344b XC;.zT..{s.R..4K 0020: 5018 8000 702e 5155 4954 0d0a P...p...QUIT.. 11:42:57.219292 heinlein.openvistas.net.smtp imo-m16.mx.aol.com.64212: P 58:101(43) ack 64 win 17520 (DF) : 4500 0053 490a 4000 4006 92e3 d843 bb99 [EMAIL PROTECTED]@..cXC;. 0010: 400c 8ace 0019 fad4 05ae 344b 7b73 08d8 @..N..zT..4K{s.X 0020: 5018 4470 1918 3232 3120 696d 6f2d
Re: Spamd, gmail and aol...
Jeff Ross wrote: Never had any trouble with gmail once the various servers were whitelisted. Are you putting your whitelist after Bob Beck's list in spamd.conf? After your own blacklist? From my spamd.conf all:\ :china:korea:blacklist:beck:whitelist Not that it's likely to have any bearing on this particular problem, but you need to pay close attention to the spamd.conf(5) man page. For your whitelist (which is, as pointed out elsewhere, more accurately a non-blacklist list) to be effective against all active blacklists, it needs to be specified after EACH blacklist, like this: all:\ :china:whitelist:korea:whitelist:blacklist:whitelist:beck:whitelist: The reason for this is that the addresses in each whitelist listed is removed only from the immediately preceding blacklist (enabling you to tailor each blacklist separately if needed). Regards, /Benny -- Benny Lvfgren / [EMAIL PROTECTED] Stockholm, Sweden / Words must be weighed, not counted.
Re: Odd df reporting (On Apr 3 snapshot, data copied via 3.8snapshot)
On 07/04/06, Otto Moerbeek [EMAIL PROTECTED] wrote: On Thu, 6 Apr 2006, Whyzzi wrote: Yeah! that is the thing I didn't do! Run fsck against the affected partition! Anyways, as per your questions: I copied the with cp, eg: # cd /mnt/wd1a # cp -R Anime /mnt/wd2d Here are the raw df output from the current snapshot kernel [brought to you by the wonders of OpenSSH]: # df Filesystem 512-blocks Used Avail Capacity Mounted on /dev/wd0a 18572172 1062820 16580744 6%/ /dev/wd0d123841300 4215514788 197101744 14535%/mnt/wd0d /dev/wd0e123841300 13434788 10421444811%/mnt/wd0e /dev/wd0f212356232 66929816 13480860833%/mnt/wd0f # I had torrent'd the Olive OpenBSD live cd awhile back that was a December? -stable 3.8 (I think), could I use that to run fsck against the affected partition? That would be easier to do than to hookup the 40gig that contained the Dec snapshot (I don't have a copy of either 3.8/3.9 -release available, but I will make one and install it if you want me to). The Olive CD will probably do, although booting a 3.8 kernel from the boot prompt should work as well; just copy the 3.8 kernel to your root as bsd38 and type boot bsd38 at the boot prompt. Cool. Done. I used ftp to grab the 3.8 release kernel from a local mirror. I booted single user mode cause I didn't want my services spewing at me due to kernel differences. Below are the results: =-=-=-=-=-=-=-=-=-=-=-=- boot boot /bsd.38 -s /** SNIP -- cause I copied everything by hand **/ Enter pathname or RETURN for shell: Terminal type? vt220 # dh -h Filesystem Size Used Avail Capacity Mounted on root_device 8.9G 524M 7.9G 6% / # mount /dev/wd0d /mnt/wd0d # df Filesystem 512-blocks Used Avail Capacity Mounted on root_device 185721271073632 16569932 6%/ /dev/wd0d 123841300 4215514788 197101744 14535%/dev/wd0d =-=-=-=-=-=-=-=-=-=-=-=- Interesting. No difference whatsoever. And because I am a (l)user, I am not going to even try to theorize what happened and why. The only thing I will say is that each directory I copied - there were five, all contained literally more than 10Gigabytes (usually more) of useless data each (ok the mp3 collection isn't so useless). This might be reproduce-able by creating 20 or so 500MB files and stuffing them into various subdirectories, totalling 10Gb in one directory. copy that 5 times by giving the same directory a different name. Then take a look at the drive stats via df. Just remember that in my case the destination partition was mounted sync. Is there anything you would like to have done - or can I use the 3.9 snapshot and run the fsck? Cheers, thanks! Cheers, thanks for the reply!! On 06/04/06, Otto Moerbeek [EMAIL PROTECTED] wrote: On Wed, 5 Apr 2006, Whyzzi wrote: I've had a strange occurance I'd like to report, in using df -h, but the circumstances that brought about this condition are somewhat unusual, so I really don't know if it is anything to be concerned about. This might also have already been fixed, as I do not follow tech/src Background: I have setup a home based samba media file server, originally running 3.8; a snapshot from Dec. The files on this server was split between 2 drives, a decrepid 30gig IBM/Hitachi, and a Maxtor 40gig. Pulled the plug on the two drives, and connected the a Seagate 250Gig IDE HD. (primary master IDE). Installed the April 3rd snapshot on it via dvdrw. Gave root 9Gig at the front of the drive, swap 1gig, created 2 60gig partitions, and 100gig, all with pre-setup mount points (df, disklabel, fstab, dmesg included @ end). Disconnected dvdrw, connected the 250Gig to the secondary IDE master, and booted into the older 3.8 snapshot. Mounted one of the partitions I created in 3.9, and proceded to copy the files over (yeah, 50+gigs over UDMA33 without softdep can take quite some time to copy on a P3 700). When that was finally done, and since I had the root of 3.9 accessible, I modified 3.9's fstab to include softdep, modified pf, modified rc/rc.conf, plus startup config stuff. Then I turned off the PC removed the 30 40gig drives, mounted the 250gig to the case - and reconnected it to the primary ide interface on the mainboard, and reconnected the dvdrw drive. Originally, when I had booted up, df was reporting (no snapshot taken) no additional space used by the partition (ie freshly formated, even though I had copied stuff there in 3.8). I've since moved the directories I wanted to move, and now df is reporting wayy over the size limit. So before I move the last of the information around reformat the partition to return accurate results, I thought I'd share with the list what I am seeing: ## df -h