Re: When would you NOT use OpenBSD?

[Henning Brauer]

* Miles Keaton [EMAIL PROTECTED] [2006-04-06 03:57]:
 Wondering... since I brought up MySQL, and a few people (thanks
 Henning!) said MySQL in particular has problems, I didn't mention that
 we're about to ditch MySQL anyway, and complete our conversion to
 PostgreSQL, so I wonder...

good move :)

 Does PostgreSQL have the same problems as MySQL on OpenBSD?

not at all. potsgres doesn't use threads.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: help with sendmail

[Matthias Kilian]

On Thu, Apr 06, 2006 at 08:52:19PM -0400, Matt Van Mater wrote:
 I want to set up a host to relay all outgoing mail through a central
 mail hub.  I believe the proper high level steps for me to follow are:
 edit the /usr/share/sendmail/cf/clientproto.mc file, compile it, copy
 the resultant clientproto.cf file to /etc/mail/sendmail.cf and hup the
 sendmail process.  However when I try to send a test message via pine,
 mail is still being sent directly to the internet rather than through
 the relay, and I am stumped.  What am I missing?

grep sendmail_flags /etc/rc.conf is the path to enlightenment, i.e.,
your sendmail probably just uses /etc/mail/localhost.cf instead of
/etc/mail/sendmail.cf.

Ciao,
Kili

Re: 10k pps

[Claudio Jeker]

On Fri, Apr 07, 2006 at 12:17:58AM +0200, Per-Olov Sjvholm wrote:
 On Thursday 06 April 2006 23.08, Claudio Jeker wrote:
  On Thu, Apr 06, 2006 at 11:47:16PM +0300, Claudiu Pruna wrote:
 Hi there list,
  
 I got to a situation at work where I have an OpenBSD 3.9 amd64 router
   acting as bgp and ospf router, and it has to coupe with 100Mbps and
   approx 15.000 packets per second, but it can't at about 10k pps, I have
   like 70% cpu utilisation on iterrupt, and all the traffic becomes an
   extreme sport, it is an Intel P4 3GHz em64 with 512MB of ram and 2 Intel
   Pro100 (fxp) network cards.
  
 Any ideea if/how can I jump over the 10k barrier ?
  
  
  
   P.S.: Claudio thanks for the advice about 3.9 bgpd version and additive
   communities, I works smooth.
  
   Thanks for any sugestion or advice.
 
  Switch to i386. amd64 has some interrupt problems, the amd64 I tested once
  maxed at 80kpps but did 450kpps in i386 mode.
 
 Hi Claudio
 
 What cpu, network cards and pf ruleset size did you use during the test when 
 the server handled 450kpps ? 
 

CPU (actually two CPUs on the board):
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Engineering Sample, 2592.68 MHz
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative

Network cards:
bge0 at pci2 dev 9 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003):
 irq 10, address 00:e0:81:27:e0:a9
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci2 dev 9 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003):
 irq 5, address 00:e0:81:27:e0:aa
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0

PF was disabled (enabling PF with 10 or 20 rules (no states) resulted in a
20-30% drop)

At the time we measured it em(4) was slower (300-350kpps) but fixes went in
to remove the bottlenecks in the em(4) driver.
-- 
:wq Claudio

[OT] Which C learning approach to take

[Stephan A. Rickauer]

With a unix engineer/admin background of seven years I am now interested
in learning C programming. The reason for asking here is, I came across
OpenBSD a year ago and I am still fascinated by its purity and
consistency, which now led me to the idea that people who write such a
cool thing probably do have good advices on how to learn OS related C
programming...

I can't ask specific questions yet, but let's phrase it theoretically:
If I'd like to be a good (=secure, clean, robust) OpenBSD C developer in
a couple of years, which books should I have read and how should I start
to basically understand BSD? Does it make sense to grab a very old
version (4.4BSD?) since it is less complex? Which source code is a good
example for understanding how Unix basically works?

Thanks,

-- 

 Stephan A. Rickauer

 ---
 Institut für Neuroinformatik  Tel: +41 44 635 30 50
 Universität / ETH Zürich  Sek: +41 44 635 30 52
 Winterthurerstrasse 190   Fax: +41 44 635 30 53
 CH-8057 ZürichWeb:  www.ini.ethz.ch

 RSA public key: https://www.ini.ethz.ch/~stephan/pubkey.asc
 ---




signature.asc
Description: PGP signature


signature.asc
Description: OpenPGP digital signature

Re: (OT: PostgreSQL vs MySQL)

[Joachim Schipper]

On Fri, Apr 07, 2006 at 01:17:15AM +0100, Craig Skinner wrote:
 On Thu, Apr 06, 2006 at 10:25:38PM +0200, Joachim Schipper wrote:
  I can second that. I am not a heavy database user by any means - I like
  grep far too much for that - but when it can't be avoided, I'd rather
  use something with a working foreign key implementation (though that
  has apparently improved quite a bit in the 5.x series), and less
  'nonstandard extensions'.
 
 Yep to the above.
 
 PostgreSQL has:
 
 *) foriegn keys
 *) supports ANSII SQL
 *) Full ACIDity
 *) supports views (sort of like symbolic links to entire tables, joins,
 etc)
 
 MySQL is a wee bit faster, but it has none of the above, so it is really
 just an SQL interface to a file system. If you value your data, what
 is the point of that??
 
 If you do not value your data, why bother with a database?
 
 MySQL is pointless.

Not necessarily - a lot of PHP script rely on a database, but I do not
think our forum constitutes critical data. ;-)

That being said, the above forum is run on PostgreSQL.

Joachim

Re: Distribution with CARP load balancing

[Joachim Schipper]

On Thu, Apr 06, 2006 at 06:00:20PM -0700, Andrew Ng wrote:
 Hi,
 
 as noted in the FAQ - it's not expected that you will achieve perfect
 50/50 distribution between the two machines, wonder if there any
 way(software, configuration, hardware etc) to be able control the
 distribution for CARP? Even/control-able distribution is important for
 me as the resources(bandwidth, CPU, diskspace etc) allocated would not
 substain heavy load.

ISTR that CARP uses some sort of hash table to determine which
router/server gets which client. This would not make manual distribution
easy, though you could of course shift whatever is used in the hash
table (MAC?) until it 'works'.

Joachim

Re: [OT] Which C learning approach to take

[Joachim Schipper]

On Fri, Apr 07, 2006 at 10:56:58AM +0200, Stephan A. Rickauer wrote:
 With a unix engineer/admin background of seven years I am now interested
 in learning C programming. The reason for asking here is, I came across
 OpenBSD a year ago and I am still fascinated by its purity and
 consistency, which now led me to the idea that people who write such a
 cool thing probably do have good advices on how to learn OS related C
 programming...
 
 I can't ask specific questions yet, but let's phrase it theoretically:
 If I'd like to be a good (=secure, clean, robust) OpenBSD C developer in
 a couple of years, which books should I have read and how should I start
 to basically understand BSD? Does it make sense to grab a very old
 version (4.4BSD?) since it is less complex? Which source code is a good
 example for understanding how Unix basically works?

The OpenBSD page has a 'book' section, and this has been discussed quite
recently - look at the archives.

As to C, the classic KR book is still (one of) the best. For BSD, see
the book page.

Joachim

Re: Distribution with CARP load balancing

[Stuart Henderson]

On Thu, Apr 06, 2006 at 06:00:20PM -0700, Andrew Ng wrote:
 as noted in the FAQ - it's not expected that you will achieve perfect
 50/50 distribution between the two machines, wonder if there any
 way(software, configuration, hardware etc) to be able control the
 distribution for CARP? Even/control-able distribution is important for
 me as the resources(bandwidth, CPU, diskspace etc) allocated would not
 substain heavy load.

How about a PF box (or pair of them CARP'd) in front of the
servers you're load-balancing and use rdr, with round-robin or
random distribution, with or without sticky-address.

The back-end servers still need to use CARP to get fast failover
if a box goes down (i.e. you rdr to CARP-protected addresses),
you can adjust the rdr rule either by a script or by hand to fine-
tune (list the same address multiple times if you want to increase
the number of requests going to that machine). You could script
to check for service availability (rather than just the box being
up).

pen (in packages) could be another option.

Apache speed limitation

[edgarz]

Hello list!

At the moment i have huge loaded Apache web server, download bw is 
~3MB/s. And almost all sites now is very slow. Is here any built in 
speed limitation functions? If no what should i use?

Re: When would you NOT use OpenBSD?

[Hannah Schroeter]

Hi!

On Wed, Apr 05, 2006 at 04:29:40PM -0600, Chris 'Xenon' Hanson wrote:
Hannah Schroeter wrote:
IIRC there're consultants offering commercial services around OpenBSD,
too. So you could've hired one to fix the Broadcom problem of yours,
just like you paid for Nortel's on-site troubleshooting.

  Not to inflame the issue, but this isn't as solid of an argument as it 
  appears. Knowing in advance whether you'll be able to find a consultant who 
knows enough about your problem to fix it is very tenuous.

Of course you can look out in advance, before you start depending on it,
i.e. first look for people who can support things, perhaps make some
kind of support contract or pre-contract with them, *then* install your
mission critical systems.

[...]

  If one could guarantee that the person who wrote the problematic code 
  were always available as a consultant, the analogy might be closer, but 
frequently that's not the case. Even a commercialized open source OS like 
Red Hat Linux is going to face this issue.

But now, commercial vendors also integrate 3rd party code, and then they
might also not have people who wrote the code *themselves* in house.
E.g. commercial OSes shipping with OpenSSH.

  Then again, OpenBSD is free. No one expects it to be exactly like 
  commercial software, and it has a lot of benefits that commercial software 
won't. Choose the tool that best fits the requirements.

Right.

Kind regards,

Hannah.

Re: 10k pps

[Per-Olov Sjöholm]

On Friday 07 April 2006 10.25, Claudio Jeker wrote:
 On Fri, Apr 07, 2006 at 12:17:58AM +0200, Per-Olov Sjvholm wrote:
  On Thursday 06 April 2006 23.08, Claudio Jeker wrote:
   On Thu, Apr 06, 2006 at 11:47:16PM +0300, Claudiu Pruna wrote:
Hi there list,
   
I got to a situation at work where I have an OpenBSD 3.9 amd64
router acting as bgp and ospf router, and it has to coupe with
100Mbps and approx 15.000 packets per second, but it can't at about
10k pps, I have like 70% cpu utilisation on iterrupt, and all the
traffic becomes an extreme sport, it is an Intel P4 3GHz em64 with
512MB of ram and 2 Intel Pro100 (fxp) network cards.
   
Any ideea if/how can I jump over the 10k barrier ?
   
   
   
P.S.: Claudio thanks for the advice about 3.9 bgpd version and
additive communities, I works smooth.
   
Thanks for any sugestion or advice.
  
   Switch to i386. amd64 has some interrupt problems, the amd64 I tested
   once maxed at 80kpps but did 450kpps in i386 mode.
 
  Hi Claudio
 
  What cpu, network cards and pf ruleset size did you use during the test
  when the server handled 450kpps ?

 CPU (actually two CPUs on the board):
 cpu0 at mainbus0: (uniprocessor)
 cpu0: AMD Engineering Sample, 2592.68 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
 LUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB
 entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8
 4MB entries fully associative

 Network cards:
 bge0 at pci2 dev 9 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3
 (0x2003): irq 10, address 00:e0:81:27:e0:a9
 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
 bge1 at pci2 dev 9 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3
 (0x2003): irq 5, address 00:e0:81:27:e0:aa
 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0

 PF was disabled (enabling PF with 10 or 20 rules (no states) resulted in a
 20-30% drop)

 At the time we measured it em(4) was slower (300-350kpps) but fixes went in
 to remove the bottlenecks in the em(4) driver.


Thanks for the info...

Do you know when these fixes for em went into cvs? After 3.8 ?

Tnx in advance
/Per-Olov
-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: Odd df reporting (On Apr 3 snapshot, data copied via 3.8snapshot)

[Otto Moerbeek]

On Thu, 6 Apr 2006, Whyzzi wrote:

 Yeah! that is the thing I didn't do! Run fsck against the affected
 partition! Anyways, as per your questions:
 
 I copied the with cp, eg:
 # cd /mnt/wd1a
 # cp -R Anime /mnt/wd2d
 
 Here are the raw df output from the current snapshot kernel [brought
 to you by the wonders of OpenSSH]:
 # df
 Filesystem  512-blocks  Used Avail Capacity  Mounted on
 /dev/wd0a 18572172   1062820  16580744 6%/
 /dev/wd0d123841300 4215514788 197101744 14535%/mnt/wd0d
 /dev/wd0e123841300  13434788 10421444811%/mnt/wd0e
 /dev/wd0f212356232  66929816 13480860833%/mnt/wd0f
 #
 
 I had torrent'd the Olive OpenBSD live cd awhile back that was a
 December? -stable 3.8 (I think), could I use that to run fsck against
 the affected partition? That would be easier to do than to hookup the
 40gig that contained the Dec snapshot (I don't have a copy of either
 3.8/3.9 -release available, but I will make one and install it if you
 want me to).

The Olive CD will probably do, although booting a 3.8 kernel from the
boot prompt should work as well; just copy the 3.8 kernel to your root
as bsd38 and type boot bsd38 at the boot prompt.

-Otto

 
 Cheers,  thanks for the reply!!
 
 On 06/04/06, Otto Moerbeek [EMAIL PROTECTED] wrote:
 
 
  On Wed, 5 Apr 2006, Whyzzi wrote:
 
   I've had a strange occurance I'd like to report, in using df -h, but
   the circumstances that brought about this condition are somewhat
   unusual, so I really don't know if it is anything to be concerned
   about. This might also have already been fixed, as I do not follow
   tech/src
  
   Background:
   I have setup a home based samba media file server, originally running
   3.8; a snapshot from Dec. The files on this server was split between 2
   drives, a decrepid 30gig IBM/Hitachi, and a Maxtor 40gig.
  
   Pulled the plug on the two drives, and connected the a Seagate 250Gig
   IDE HD. (primary master IDE). Installed the April 3rd snapshot on it
   via dvdrw. Gave root 9Gig at the front of the drive, swap 1gig,
   created 2 60gig partitions, and 100gig, all with pre-setup mount
   points (df, disklabel, fstab, dmesg included @ end).
  
   Disconnected dvdrw, connected the 250Gig to the secondary IDE master,
   and booted into the older 3.8 snapshot. Mounted one of the partitions
   I created in 3.9, and proceded to copy the files over (yeah, 50+gigs
   over UDMA33 without softdep can take quite some time to copy on a P3
   700). When that was finally done, and since I had the root of 3.9
   accessible, I modified 3.9's fstab to include softdep, modified pf,
   modified rc/rc.conf, plus startup config stuff. Then I turned off the
   PC   removed the 30  40gig drives, mounted the 250gig to the case -
   and reconnected it to the primary ide interface on the mainboard, and
   reconnected the dvdrw drive.
  
   Originally, when I had booted up, df was reporting (no snapshot taken)
   no additional space used by the partition (ie freshly formated, even
   though I had copied stuff there in 3.8). I've since moved the
   directories I wanted to move, and now df is reporting wayy over the
   size limit. So before I move the last of the information around 
   reformat the partition to return accurate results, I thought I'd share
   with the list what I am seeing:
  
   ## df -h
   Filesystem SizeUsed   Avail Capacity  Mounted on
   /dev/wd0a  8.9G519M7.9G 6%/
   /dev/wd0d 59.1G8.0T   94.0G 14535%/mnt/wd0d
   /dev/wd0e 59.1G6.4G   49.7G11%/mnt/wd0e
   /dev/wd0f  101G   31.7G   64.4G33%/mnt/wd0f
 
  How did you copy the files?
 
  There have been some changes wrt filesystems. Too see if they have
  anything to do with it, please try the following:
 
  - run a 3.9 (or 3.8 if you do not have that) release kernel, and check
  the numbers.
  - umount the filesystem and run fsck -f on /dev/wd0d
  - remount and check nunbers - go back to the snap kernel and repeat.
 
  oh and report the output of df without -h, I like to see the raw numbers.
 
  -Otto
 
 
  
   ## disklabel wd0
   # Inside MBR partition 3: type A6 start 63 size 488392002
   # /dev/rwd0c:
   type: ESDI
   disk: ESDI/IDE disk
   label: ST3250823A
   flags:
   bytes/sector: 512
   sectors/track: 63
   tracks/cylinder: 16
   sectors/cylinder: 1008
   cylinders: 16383
   total sectors: 488397168
   rpm: 3600
   interleave: 1
   trackskew: 0
   cylinderskew: 0
   headswitch: 0   # microseconds
   track-to-track seek: 0  # microseconds
   drivedata: 0
  
   16 partitions:
   # sizeoffset  fstype [fsize bsize  cpg]
 a:  1887473763  4.2BSD   2048 16384  328 # Cyl 0*- 
   18724
 b:   2097648  18874800swap   # Cyl 18725 - 
   20805
 c: 488397168 0  unused  0 0  # Cyl 0 
   -484520
 d: 125828640  

Re: Apache speed limitation

[john gotti]

hey ,

i don't know there is speed limitation but i had speed problem with build in
openbsd(3.8) apache espesially mod_proxy  module (  response time  was 2-3
sec  when should be  0,2 - 0,3  sec )  so i put  apache2 and had no more
problems

regards
dalgorno

On 4/7/06, edgarz [EMAIL PROTECTED] wrote:

 Hello list!

 At the moment i have huge loaded Apache web server, download bw is
 ~3MB/s. And almost all sites now is very slow. Is here any built in
 speed limitation functions? If no what should i use?

Re: 10k pps

[Claudio Jeker]

On Fri, Apr 07, 2006 at 01:12:29PM +0200, Per-Olov Sjvholm wrote:
 On Friday 07 April 2006 10.25, Claudio Jeker wrote:
  On Fri, Apr 07, 2006 at 12:17:58AM +0200, Per-Olov Sjvholm wrote:
   On Thursday 06 April 2006 23.08, Claudio Jeker wrote:
...
   Hi Claudio
  
   What cpu, network cards and pf ruleset size did you use during the test
   when the server handled 450kpps ?
 
  CPU (actually two CPUs on the board):
  cpu0 at mainbus0: (uniprocessor)
  cpu0: AMD Engineering Sample, 2592.68 MHz
  cpu0:
  FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
  LUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
  cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
  64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB
  entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8
  4MB entries fully associative
 
  Network cards:
  bge0 at pci2 dev 9 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3
  (0x2003): irq 10, address 00:e0:81:27:e0:a9
  brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
  bge1 at pci2 dev 9 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3
  (0x2003): irq 5, address 00:e0:81:27:e0:aa
  brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
 
  PF was disabled (enabling PF with 10 or 20 rules (no states) resulted in a
  20-30% drop)
 
  At the time we measured it em(4) was slower (300-350kpps) but fixes went in
  to remove the bottlenecks in the em(4) driver.
 
 
 Thanks for the info...
 
 Do you know when these fixes for em went into cvs? After 3.8 ?
 

The fixes are in 3.9 they were commited beginning of this year.

-- 
:wq Claudio

Re: Distribution with CARP load balancing

[Andrew Ng]

Thanks, Stuart.

rdr with PF looks a viable option for me. pen works with tcp
applications only, I would need udp also. Will check for more details on
rdr.

On Fri, 7 Apr 2006 10:49:38 +0100, Stuart Henderson
[EMAIL PROTECTED] said:
 On Thu, Apr 06, 2006 at 06:00:20PM -0700, Andrew Ng wrote:
  as noted in the FAQ - it's not expected that you will achieve perfect
  50/50 distribution between the two machines, wonder if there any
  way(software, configuration, hardware etc) to be able control the
  distribution for CARP? Even/control-able distribution is important for
  me as the resources(bandwidth, CPU, diskspace etc) allocated would not
  substain heavy load.
 
 How about a PF box (or pair of them CARP'd) in front of the
 servers you're load-balancing and use rdr, with round-robin or
 random distribution, with or without sticky-address.
 
 The back-end servers still need to use CARP to get fast failover
 if a box goes down (i.e. you rdr to CARP-protected addresses),
 you can adjust the rdr rule either by a script or by hand to fine-
 tune (list the same address multiple times if you want to increase
 the number of requests going to that machine). You could script
 to check for service availability (rather than just the box being
 up).
 
 pen (in packages) could be another option.
 
-- 
  Andrew Ng
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - Access your email from home and the web

Re: SpamAssassin autolearn problem

[Gabriel George POPA]

Vielen dank. I now made a configuration based on your own. I thought 
that bayes_path is a directory (obviously it should not be this way). I 
started spamd with -u and -d; I realized that -r is useful for sending 
SIGHUP (otherwise spamd will shut down).



George POPA


Andreas Vvgele wrote:


Gabriel George POPA wrote:

   Some e-mails I receive have autolearn=no and others have 
autolearn=failed. I use the classic combination of spamd/spamc and 
the OpenBSD 3.8 provided p5-SpamAssassin package, installed as 
OpenBSD recommends. I tried to follow the instructions at 
spamassassin.apache.org (to use for example /var/spamassassin (0777 
mode) in order to store learnt data, bayes_path and bayes_file_mode, 
restarted spamd etc., nothing worked). What should I do next? I must 
create all those files by hand (the files in /var/spamassassin). I 
must mention that when I was using spamassassin alone (not 
spamc/spamd) for my account autolearn worked correctly.



I've created a spamassassin user and group. The user's home directory 
is /var/spamassassin. Amongst other settings the following paths are 
set in /etc/mail/spamassassin/local.cf:


bayes_path /var/spamassassin/bayes
bayes_file_mode 0770
auto_whitelist_path /var/spamassassin/auto-whitelist
auto_whitelist_file_mode 0770

spamd is started with the following command line arguments:

/usr/local/bin/spamd -d -u spamassassin -H /var/spamassassin -r 
/var/spamassassin/spamd.pid


How do you start spamd?

Re: SpamAssassin autolearn problem

[Gabriel George POPA]

Per-Olov Sjvholm wrote:

On Thursday 06 April 2006 16.15, Gabriel George POPA wrote:
  

Some e-mails I receive have autolearn=no and others have
autolearn=failed. I use the classic combination of spamd/spamc and the
OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD
recommends. I tried to follow the instructions at
spamassassin.apache.org (to use for example /var/spamassassin (0777
mode) in order to store learnt data, bayes_path and bayes_file_mode,
restarted spamd etc., nothing worked). What should I do next? I must
create all those files by hand (the files in /var/spamassassin). I must
mention that when I was using spamassassin alone (not spamc/spamd) for
my account autolearn worked correctly.


Respectfully yours,

Gabriel George POPA



This is what I have got (On 3.8 stable with spamassassin 3.0.4)
[EMAIL PROTECTED]:/tmp#ls -al /var/spamassassin
total 20
drwxr-x---   5 _spamass  _spamass   512 Jan 31 15:42 .
drwxr-xr-x  32 root  wheel 1024 Feb 26 18:45 ..
drwxr-x---   2 _spamass  _spamass   512 Apr  5 16:42 .razor
drwx--   2 _spamass  _spamass   512 Apr  6 23:49 .spamassassin

The files and directories in /var/spamassassin will be automatically created
Note that the  _spamass users home directory is /var/spamassassin


In /etc/rc.local I have...
if [ X${spamassassin_spamd} == XYES -a -x /usr/local/bin/spamd \
-a -e /etc/mail/spamassassin/local.cf ]; then
   echo -n ' Spamassassin spamd'; /usr/local/bin/spamd -d -p 3312 
-u _spamass --max-children=5 --max-conn-per-child=2000 -x
fi

It's called from sendmail through the smtp-vilter connector and it just works. 
 
smtp-vilter talks to spamd.

The only thing you need in /etc/mail/spamassassin/local.cf is... nothing. Well 
you should probably to some tuning. You should probably have:
--snip--
required_score   5.0
report_safe 1
use_bayes   1
skip_rbl_checks 0
--snip--

No path statement is needed in local.cf if you have the correct path for the 
Bayesian db as stated above.

Hope it could be of any use.

Regards
/Per-Olov
  

Very interesting indeed. Anyway, I don't want to use vilter for the 
moment. The problem was the following: I thought bayes_path represents a 
DIRECTORY (not true, obviously). I was too tired to read well the man 
Mail:SpamAssassin::Conf. I understood wrong the indications there. Sorry.

Re: Apache speed limitation

[Frank Denis]

Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait :
At the moment i have huge loaded Apache web server, download bw is 
~3MB/s. And almost all sites now is very slow. Is here any built in 
speed limitation functions? If no what should i use?


 lighttpd.

Re: IO fencing question

[Barry, Christopher]

No one has responded to this yet. 
Wondering: Is this the wrong list for this question? Is this a
completely non-standard use? Can anyone please shed some light on this
for me?

Thanks,
-C

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 On Behalf Of Barry, Christopher
 Sent: Tuesday, April 04, 2006 5:26 PM
 To: misc@openbsd.org
 Subject: IO fencing question
 
 Greetings,
 
   I've built a pair of 6-interface OBSD 3.7 routers for use at
 work. These routers have 4 Fibre GigE interfaces each, and 2 
 copper GigE
 interfaces ea as follows:
 carp{0,1,2,3,4} production,integration,staging,systest,dmz_1
 respectively
 stge{0,1,2,3} production,integration,staging,systest respectively
 em0 sync device
 rl0 dmz_1
 
 the machines are core-master and core-backup, the vip is core-rtr.
 
 stge1 on core-master has a fibre running to the left fiber 
 MDA port on a
 Nortel (BayStack) 350-24T switch, while stge1 on core-backup 
 runs to the
 right MDA port (they both are 'port 25' in the switch). 
 stge{2,3} behave
 similarly on 2 other identical switches. stge0 on both routers go to 2
 separate fibre ports on a larger Nortel 8600.
 
 Example:
 If I'm out on the production net (stge0) and start an ssh session to a
 host out on the development net (stge1), and start a ping in 
 the session
 back to a host on the production network, and then pull plug on
 core-master (I know, ouch) it might drop a ping, but otherwise works
 flawlessly! Really sweet. The problems occur during a 'soft' failure,
 e.g. a reboot or a halt without power off.
 
 To be fair, I do not think it's carp that's causing the problem, the
 backup instantly becomes the master. It appears to be something with
 either the MDAs not failing over or an issue with the stge0 interfaces
 on two separate fibre ports on the big switch.
 
 It's only a problem if the failing host does not get powered off.
 
 My thoughts have been:
 
 * put both hosts on a serial power strip - on a failure, 
 surviving node
 powers off the failed node.
 
 * have a scripted way to simulate that all of the interfaces 
 are powered
 off. (or heck, maybe even just being automatically downed might do it)
 
 
 Question: Can someone recommend a solution to this problem, 
 or point me
 at a doc or software that can help me with this?
 
 
 Thanks,
 Chris

Re: help with sendmail

[Rick Aliwalas]

On Thu, 6 Apr 2006, Matt Van Mater wrote:


I want to set up a host to relay all outgoing mail through a central
mail hub.  I believe the proper high level steps for me to follow are:
edit the /usr/share/sendmail/cf/clientproto.mc file, compile it, copy
the resultant clientproto.cf file to /etc/mail/sendmail.cf and hup the
sendmail process.  However when I try to send a test message via pine,
mail is still being sent directly to the internet rather than through
the relay, and I am stumped.  What am I missing?


You may want to verify that you are indeed using sendmail.cf.  Check
rc.conf/rc.conf.local .  I think the default is localhost.cf .

What does the sendmail in test mode show?

% sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter ruleset address
 3,0 [EMAIL PROTECTED]

-rick


Here are some more details on the steps I describe above.
edit /usr/share/sendmail/cf/clientproto.mc
Specifically i need to change the following line to be the mail server
i want to relay through
FEATURE(nullclient, my.mail.host.net.$m)

[EMAIL PROTECTED] /usr/share/sendmail/cfvi clientproto.mc

[EMAIL PROTECTED] /usr/share/sendmail/cfmake
rm -f clientproto.cf
( cd /usr/share/sendmail/cf  /usr/bin/m4
/usr/share/sendmail/cf/../m4/cf.m4 clientproto.mc 
/usr/share/sendmail/cf/clientproto.cf )
echo ### clientproto.mc ### clientproto.cf
sed -e 's/^/# /' /usr/share/sendmail/cf/clientproto.mc clientproto.cf
chmod 444 clientproto.cf

[EMAIL PROTECTED] /usr/share/sendmail/cfps aux |grep sendmail
root  2870  0.0  0.4   964  1324 ??  Ss 4:45PM0:00.15
sendmail: accepting connections (sendmail)
root 18732  0.0  0.1   288   460 p0  R+ 5:08PM0:00.02 grep sendmail

[EMAIL PROTECTED] /usr/share/sendmail/cfkill -HUP 2870

[EMAIL PROTECTED] /usr/share/sendmail/cfpine -conf |grep smtp
smtp-server=

The step above verifies that pine will use sendmail when sending
outbound messages.  However, at the end of all of this, messages are
sent directly to the internet rather than through the hub.  I don't
see any reference to my central hub in /var/log/maillog

Re: Apache speed limitation

[edgarz]

i'm too lazy to move all vhosts from apache to lighttpd, too much them :/

Frank Denis wrote:

Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait :

At the moment i have huge loaded Apache web server, download bw is 
~3MB/s. And almost all sites now is very slow. Is here any built 
in speed limitation functions? If no what should i use?



 lighttpd.

Re: C++ textbooks: recommendations?

[Peter Hopfgartner]

[EMAIL PROTECTED] wrote:

i need to learn C++, but do not know where to begin with textbooks or online
docs. since, AFAICT, there are a great many skilled programmers on list, i would
appreciate any recommendations that can be made about introductory and
intermediate texts on C++.

my motivation for asking this is to avoid purchasing texts that will sit on my
shelf and collect dust. there are a great many introductory texts on nearly
every subject that do just that and/or don't cover enough material in sufficient
depth.

are there any texts on best practices for writing exploit-free code? if you feel
this is insufficiently openbsd related, please reply off-list to reduce chatter.

cheers,
jake


I found http://www.icce.rug.nl/documents/cplusplus/ to be an excellent 
textbook.


Another online source is 
http://www.mindview.net/Books/TICPP/ThinkingInCPP2e.html


Peter

Re: Apache speed limitation

[Norbert TITKO]

On Fri, 7 Apr 2006, edgarz wrote:


i'm too lazy to move all vhosts from apache to lighttpd, too much them :/


it's the easiest thing one can do :-)
btw, did you try to turn on logging and see what's wrong w/ apache?
(LogLevel Debug, etc)

c

--
I hope I never get so old I get religious. - Ingmar Bergman

Re: Apache speed limitation

[edgarz]

1km long apache virtualhost configuration. and rewrite it by hand? 
uhh... :(

As i said, hundreds of connections and used apache bandwidth is about ~3MB/s


Norbert TITKO wrote:

On Fri, 7 Apr 2006, edgarz wrote:


i'm too lazy to move all vhosts from apache to lighttpd, too much them :/



it's the easiest thing one can do :-)
btw, did you try to turn on logging and see what's wrong w/ apache?
(LogLevel Debug, etc)

c

Re: Apache speed limitation

[Gilles Chehade]

On Fri, 7 Apr 2006 15:14:30 +0200
Frank Denis [EMAIL PROTECTED] wrote:

 Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait :
 At the moment i have huge loaded Apache web server, download bw is
 ~3MB/s. And almost all sites now is very slow. Is here any built in
 speed limitation functions? If no what should i use?

   lighttpd.


No. Apache isn't supposed to be veery slow, it should be able to
handle much more and no there is no speed limitation functions. It
requires some configuration tuning, not a switch to another httpd.

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Apache speed limitation

[edgarz]

Any suggestions to push apache work more quickly?
after i removed that evil host and restarted apache, mysql was lagging, 
i can say it was dead. Strange, but that site was browsable dir without 
html/php code, only mp3's :) Might be some connection limit was reached 
or something like that :/


Gilles Chehade wrote:

On Fri, 7 Apr 2006 15:14:30 +0200
Frank Denis [EMAIL PROTECTED] wrote:



Le Fri, Apr 07, 2006 at 02:03:41PM +0300, edgarz ecrivait :


At the moment i have huge loaded Apache web server, download bw is
~3MB/s. And almost all sites now is very slow. Is here any built in
speed limitation functions? If no what should i use?


 lighttpd.




No. Apache isn't supposed to be veery slow, it should be able to
handle much more and no there is no speed limitation functions. It
requires some configuration tuning, not a switch to another httpd.

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Apache speed limitation

[Rogier Krieger]

On 4/7/06, Gilles Chehade [EMAIL PROTECTED] wrote:
 It requires some configuration tuning, not a switch to another httpd.

You're probably right on this. The OP may want to look at recent
configuration changes, runaway scripts and the like.

For instance: does the server config perform DNS lookups? Such things
may hold a server back when servicing a large number of requests (from
various sources).

Cheers,

Rogier

--
If you don't know where you're going, any road will get you there.

Re: Apache speed limitation

[Stuart Henderson]

On 2006/04/07 18:03, edgarz wrote:
 Strange, but that site was browsable dir without html/php code,
 only mp3's

Of course this will be slow: you have to stat each file for
every hit on the auto-generated index. Compare 'ktrace ls' vs
'ktrace ls -l' and see how much more work is involved.

Save a static html instead.

Re: (OT: PostgreSQL vs MySQL)

[Chris Kuethe]

On 06 Apr 2006 18:12:59 -0700, Randal L. Schwartz merlyn@stonehenge.com wrote:
 Given the cost of programmer time (and the cost of lost data) vs the
 cost of a slightly faster processor, is it ever really worth it even
 if MySQL is *twice* as fast?

Yes.

Example 1: I feel like digging through some data that will be relevant
for a short time, and a mysql database is the quickest/easiest way for
to slurp stuff out and get answers. I sat in on a netflow tutorial
last year at cansecwest. We were given a hundred megs of flows and
told to find the problems. A minute later, I had a reasonable table
put together, populated with data and was getting answers back.

Example 2: I have other mysql databases where I store syslog for later
analysis. Sure, I have all the original logs on disk, but it's faster
to knock something together with mysql knowing that I can reconstitute
the database easily from the original data. My problem lies with
syslog not always getting the data back to my log server, not with
mysql sometimes losing it.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

dmesg - MacBook Pro

[Michael Steinfeld]

If anyone cares here's the dmesg from my MacBook Pro.
--

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz (GenuineIntel 686-class) 2 GHz
cpu0: FPU,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,CMOV,MMX,FXSR,SSE,SSE2,SS,SSE3
real mem  = 268017664 (261736K)
avail mem = 237674496 (232104K)
using 3297 buffers containing 13504512 bytes (13188K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(5b) BIOS, date 03/22/06, BIOS32 rev. 0 @ 0xf9000
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2000/112 (5 entries)
pcibios0: PCI Exclusive IRQs: 3 4 5 7 9 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801BA LPC rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
vga1 at pci0 dev 2 function 0 unknown vendor 0x product 0x rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ne3 at pci0 dev 5 function 0 Realtek 8029 rev 0x00: irq 10
ne3: address 00:fa:e3:35:0c:23
pchb0 at pci0 dev 30 function 0 Intel 82815 Hub rev 0x02: rng
active, 116Kb/sec
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x08: PM disabled
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: Virtual HDD [0]
wd0: 128-sector PIO, LBA, 4096MB, 8389584 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: PRL, Virtual CD-ROM, R102 SCSI0
5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:0:1): using PIO mode 4
pciide0: channel 1 ignored (disabled)
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ebfd netmask effd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: CPU supports MTRRs but not enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

--
-mike

/usr/src/lib/libpcap/Makefile depends on bpf_filter.c

[Eric Ziegast]

Where do I find an bpf_filter.c in OpenBSD, or how is it generated?
or is there better way to compile /usr/lib/libpcap*?

In the latest src.tar.gz available via FTP, the file 
./lib/libpcap/Makefile lists:


 SRCS=   pcap.c inet.c gencode.c optimize.c nametoaddr.c etherent.c \
 savefile.c bpf_filter.c bpf_image.c grammar.y scanner.l \
 pcap-bpf.c version.c fad-getad.c

... but there's no bpf_filter.c in the ./lib/libpcap directory.  Because 
of this

dependency, libpcap won't compile.

It seems that I can get a little further along if I remove bpf_filter.c 
from SRCS,

but I wonder if that's the right thing to do.

I found the problem originally by trying to compile libpcap from source on a
3.8 release system with the src.tar.gz tarball that came with it.  I 
downloaded
src.tar.gz from current (updated just last night) just to see if it's 
still and issue.


--
Eric Ziegast

Spamd, gmail and aol...

[Jeff Ross]

Hi all,

I've had several users reporting that mail to them from gmail and aol 
accounts has been bouncing.  I finally got my hands on the bounce 
messages from one of the gmail messages.  Two were Delivery Status 
Notifications like this:


Delivery to the following recipient has been delayed:

 [EMAIL PROTECTED]

Message will be retried for 1 more day(s)

Technical details of temporary failure:

TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
[ a.mx.openvistas.net. (0): Connection dropped]

culminating in the failure notice of:

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

 [EMAIL PROTECTED]

Technical details of permanent failure:
TEMP_FAILURE: Probe failed: Server Too Busy

I have the following gmail servers whitelisted in my /etc/whitelist

#gmail
64.233.162.192/28   # zproxy gmail
64.233.170.192/28   # rproxy gmail
64.233.182.192/28   # nproxy gmail
64.233.184.192/28   # wproxy gmail
66.249.82.192/28   # xproxy gmail
66.249.92.192/28   # uproxy gmail
216.239.56.240/28   # mproxy gmail

and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. 
Right now there are two separate IP addresses allegedly from gmail 
accounts, but imagine my surprise that both resolve to something else 
entirely.


spamdb is running with the system defaults with the exception of the port
/usr/libexec/spamd -v -p 8024 -G 25:4:864 -g

spamd.conf is using the China, Korea, Bob Beck's trapped list, and my 
own personal whitelist and blacklist.


My next debugging attempt will be to have someone with a gmail account 
send mail while I'm running tcpdump on port 25.


Has anyone else running spamd seen this?  From my qmail logs, I see mail 
from gmail servers through March 23, but none since then.


Thanks,

Jeff

Re: When would you NOT use OpenBSD?

[Donald J. Ankney]

On Apr 5, 2006, at 3:30 PM, Daniel Ouellet wrote:



Fine, but wasn't your requirements here the cheapest solutions, not  
the platform on witch it run? I don't know that, only you do. But  
may be there was and is a very nice solutions working on OpenBSD,  
but that was just more expensive and that you couldn't pick. Again  
I don't know, but you justify it by the cheapest, not what's good  
for the job. Again, I use what's supported, not what's the cheapest  
and then asking to have it supported then.




If you're working for an employer where cost (both initial and TCO)  
are not part of the solution criteria, are they hiring?


I hope you are not saying that OpenBSD should support your  
commercial elected choice right? That's liek saying OpenSSH should  
support IBM in their own customers ssh contract where they pocket  
the money, but OpenSSH should fix the problem IBM customers have  
with IBM product on IBM support contract!


I am sure you are not saying that for sure!

Even many open source product  won't necessarily take bug reports  
if it's running in a BSD instead  of on a supported kernel.


Nor should they. If anyone elect to do something not supported  
because they want to, they sure have the choice to do that. That's  
the opne source choice, but in no case shoudl they ever have the  
right to come back and say, hey I use this, but you need to support  
me on that.




I think we're approaching things from very different positions. To  
me, an operating system doesn't provide solutions. It's the platform  
on which solutions are implemented. Judging from your examples, your  
job is focused far more on switching and routing than mine is.  
OpenBSD does ship with a fairly complete toolkit for those tasks.


I'm a systems administrator, so my outlook is toward data access/ 
storage/security and end-user experience. An OS shouldn't ship with  
those sorts of tools -- if I wanted a that sort of mess, I'd use RedHat.


I'm not looking of OS or hardware-level support. When I implement a  
solution, it either needs to be simple enough to debug myself if I  
find problems or I need to have a mechanism to report bugs to the  
developers with a reasonable expectation that they will be fixed in  
the source. The latter is especially critical when the only solution  
I can find is a closed-source solution. I'd rather not use closed- 
source ever, but sometimes that's just how the cards come up.


The right tools fo the job. Some like features, then go for it.  
That's why there is choices. Isn't great! Each one can take what  
they want in the end.




What you call features, I call end-user requirements.

But when arguing, stay true to the idea at hand and what's the  
choice and requirements for the elected product. Changing the  
playing field along the way to justify what to use or not to use is  
wrong. I think it is anyway,. but YMMV.


Not all tasks have the same criteria. It's not changing the playing  
field, it's evaluating each task/job as it comes and setting the  
solution criteria appropriately. My bottom line can't be  
quantitatively measured by network efficiency. I have 5 subnets full  
of end-users sitting at Windows and Mac workstations trying to do  
whatever it is they do. My bottom line is how well I can build/manage/ 
design services that meet their needs. Again, I think we have very  
different jobs.


-- Don

Re: IO fencing question

[Joachim Schipper]

On Fri, Apr 07, 2006 at 09:45:15AM -0400, Barry, Christopher wrote:
 No one has responded to this yet. 
 Wondering: Is this the wrong list for this question? Is this a
 completely non-standard use? Can anyone please shed some light on this
 for me?

AFAICT, this is a proper question, properly asked, on the proper list.
I, personally, have not responded because I didn't really have a clue
what could be wrong.

From your own description, the real problem seems to be elsewhere. Since
I don't know much of anything about this particular elsewhere, I'm
afraid I won't be much help there.

I do not understand entirely what you mean by 'soft' failure - do you
mean an OS crash/panic, in which the hardware is working ok but the OS
isn't? Or are you talking about a non-clean shutdown, where the hardware
is down too? Or are we talking a controlled, clean shutdown/reboot?
(Testing the above cases might give some hints.)

Finally, a tcpdump, including ARP activity, might allow someone more
well-versed in CARP than myself to discover if CARP is to blame, and
maybe even what else is.

If you go for the scripted solution, maybe ifstated(8) could be of some
use here?

Joachim
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Barry, Christopher
  Sent: Tuesday, April 04, 2006 5:26 PM
  To: misc@openbsd.org
  Subject: IO fencing question
  
  Greetings,
  
  I've built a pair of 6-interface OBSD 3.7 routers for use at
  work. These routers have 4 Fibre GigE interfaces each, and 2 
  copper GigE
  interfaces ea as follows:
  carp{0,1,2,3,4} production,integration,staging,systest,dmz_1
  respectively
  stge{0,1,2,3} production,integration,staging,systest respectively
  em0 sync device
  rl0 dmz_1
  
  the machines are core-master and core-backup, the vip is core-rtr.
  
  stge1 on core-master has a fibre running to the left fiber 
  MDA port on a
  Nortel (BayStack) 350-24T switch, while stge1 on core-backup 
  runs to the
  right MDA port (they both are 'port 25' in the switch). 
  stge{2,3} behave
  similarly on 2 other identical switches. stge0 on both routers go to 2
  separate fibre ports on a larger Nortel 8600.
  
  Example:
  If I'm out on the production net (stge0) and start an ssh session to a
  host out on the development net (stge1), and start a ping in 
  the session
  back to a host on the production network, and then pull plug on
  core-master (I know, ouch) it might drop a ping, but otherwise works
  flawlessly! Really sweet. The problems occur during a 'soft' failure,
  e.g. a reboot or a halt without power off.
  
  To be fair, I do not think it's carp that's causing the problem, the
  backup instantly becomes the master. It appears to be something with
  either the MDAs not failing over or an issue with the stge0 interfaces
  on two separate fibre ports on the big switch.
  
  It's only a problem if the failing host does not get powered off.
  
  My thoughts have been:
  
  * put both hosts on a serial power strip - on a failure, 
  surviving node
  powers off the failed node.
  
  * have a scripted way to simulate that all of the interfaces 
  are powered
  off. (or heck, maybe even just being automatically downed might do it)
  
  
  Question: Can someone recommend a solution to this problem, 
  or point me
  at a doc or software that can help me with this?
  
  
  Thanks,
  Chris

Re: /usr/src/lib/libpcap/Makefile depends on bpf_filter.c

[Claudio Jeker]

On Fri, Apr 07, 2006 at 07:36:48AM -0700, Eric Ziegast wrote:
 Where do I find an bpf_filter.c in OpenBSD, or how is it generated?
 or is there better way to compile /usr/lib/libpcap*?
 
 In the latest src.tar.gz available via FTP, the file 
 ./lib/libpcap/Makefile lists:
 
  SRCS=   pcap.c inet.c gencode.c optimize.c nametoaddr.c etherent.c \
  savefile.c bpf_filter.c bpf_image.c grammar.y scanner.l \
  pcap-bpf.c version.c fad-getad.c
 
 ... but there's no bpf_filter.c in the ./lib/libpcap directory.  Because 
 of this
 dependency, libpcap won't compile.
 
 It seems that I can get a little further along if I remove bpf_filter.c 
 from SRCS,
 but I wonder if that's the right thing to do.
 
 I found the problem originally by trying to compile libpcap from source on a
 3.8 release system with the src.tar.gz tarball that came with it.  I 
 downloaded
 src.tar.gz from current (updated just last night) just to see if it's 
 still and issue.
 

bpf_filter.c is in sys/net that's why .PATH:  ${.CURDIR}/../../sys/net
is set after defining SRCS. In short you need kernel sources to compile
libpcap.

-- 
:wq Claudio

Re: Spamd, gmail and aol...

[David Hill]

On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote:
 Hi all,
 
 I've had several users reporting that mail to them from gmail and aol 
 accounts has been bouncing.  I finally got my hands on the bounce 
 messages from one of the gmail messages.  Two were Delivery Status 
 Notifications like this:
 
 Delivery to the following recipient has been delayed:
 
  [EMAIL PROTECTED]
 
 Message will be retried for 1 more day(s)
 
 Technical details of temporary failure:
 
 TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
 [ a.mx.openvistas.net. (0): Connection dropped]
 
 culminating in the failure notice of:
 
 This is an automatically generated Delivery Status Notification
 
 Delivery to the following recipient failed permanently:
 
  [EMAIL PROTECTED]
 
 Technical details of permanent failure:
 TEMP_FAILURE: Probe failed: Server Too Busy
 
 I have the following gmail servers whitelisted in my /etc/whitelist
 
 #gmail
 64.233.162.192/28   # zproxy gmail
 64.233.170.192/28   # rproxy gmail
 64.233.182.192/28   # nproxy gmail
 64.233.184.192/28   # wproxy gmail
 66.249.82.192/28   # xproxy gmail
 66.249.92.192/28   # uproxy gmail
 216.239.56.240/28   # mproxy gmail
 
 and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. 
 Right now there are two separate IP addresses allegedly from gmail 
 accounts, but imagine my surprise that both resolve to something else 
 entirely.
 
 spamdb is running with the system defaults with the exception of the port
 /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g
 
 spamd.conf is using the China, Korea, Bob Beck's trapped list, and my 
 own personal whitelist and blacklist.
 
 My next debugging attempt will be to have someone with a gmail account 
 send mail while I'm running tcpdump on port 25.
 
 Has anyone else running spamd seen this?  From my qmail logs, I see mail 
 from gmail servers through March 23, but none since then.
 
 Thanks,
 
 Jeff
 

spamd's whitelist is really a non-blacklist.  If gmail changes what
server IP the mail is coming from each time it retries the email, which
is bad for greylisting.

If you truly want to whitelist them, try something like this:

# pf.conf
table mail-white persist file /var/mail/whitelist.txt

# put before !spamd-white rdr
rdr on $ext inet proto tcp from mail-white to $ext:0 \
port smtp - $ext:0 port smtp

Re: IO fencing question

[Barry, Christopher]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 On Behalf Of Joachim Schipper
 Sent: Friday, April 07, 2006 11:48 AM
 To: misc@openbsd.org
 Subject: Re: IO fencing question
 
 On Fri, Apr 07, 2006 at 09:45:15AM -0400, Barry, Christopher wrote:
  No one has responded to this yet. 
  Wondering: Is this the wrong list for this question? Is this a
  completely non-standard use? Can anyone please shed some 
 light on this
  for me?
 
 AFAICT, this is a proper question, properly asked, on the proper list.
 I, personally, have not responded because I didn't really have a clue
 what could be wrong.
 
 From your own description, the real problem seems to be 
 elsewhere. Since
 I don't know much of anything about this particular elsewhere, I'm
 afraid I won't be much help there.
 
 I do not understand entirely what you mean by 'soft' failure - do you
 mean an OS crash/panic, in which the hardware is working ok but the OS
 isn't? Or are you talking about a non-clean shutdown, where 
 the hardware
 is down too? Or are we talking a controlled, clean shutdown/reboot?
 (Testing the above cases might give some hints.)
 
 Finally, a tcpdump, including ARP activity, might allow someone more
 well-versed in CARP than myself to discover if CARP is to blame, and
 maybe even what else is.
 
 If you go for the scripted solution, maybe ifstated(8) could 
 be of some
 use here?
 
   Joachim


Joachim,

Thanks much for your answers. By 'soft', I mean a controlled
reboot/shutdown where the power remains on even though the OS has
obviously stopped running. I have not experienced any actual failures of
anything, so I do not the outcome of that. Induced 'Hard' failure (e.g.
pulling the plug) works perfectly.

The more I look at it, and think about it, I'm guessing the
problem is more related to the redundant fibre ports on the 350-24T
switch, actually holding onto information about the directly connect
interface, and stubbornly sticking to it if it detects any kind of
signal whatsoever.


I'll examine ifstated, experiment, and report back.


Thanks Again,
Chris

   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
   On Behalf Of Barry, Christopher
   Sent: Tuesday, April 04, 2006 5:26 PM
   To: misc@openbsd.org
   Subject: IO fencing question
   
   Greetings,
   
 I've built a pair of 6-interface OBSD 3.7 routers for use at
   work. These routers have 4 Fibre GigE interfaces each, and 2 
   copper GigE
   interfaces ea as follows:
   carp{0,1,2,3,4} production,integration,staging,systest,dmz_1
   respectively
   stge{0,1,2,3} production,integration,staging,systest respectively
   em0 sync device
   rl0 dmz_1
   
   the machines are core-master and core-backup, the vip is core-rtr.
   
   stge1 on core-master has a fibre running to the left fiber 
   MDA port on a
   Nortel (BayStack) 350-24T switch, while stge1 on core-backup 
   runs to the
   right MDA port (they both are 'port 25' in the switch). 
   stge{2,3} behave
   similarly on 2 other identical switches. stge0 on both 
 routers go to 2
   separate fibre ports on a larger Nortel 8600.
   
   Example:
   If I'm out on the production net (stge0) and start an ssh 
 session to a
   host out on the development net (stge1), and start a ping in 
   the session
   back to a host on the production network, and then pull plug on
   core-master (I know, ouch) it might drop a ping, but 
 otherwise works
   flawlessly! Really sweet. The problems occur during a 
 'soft' failure,
   e.g. a reboot or a halt without power off.
   
   To be fair, I do not think it's carp that's causing the 
 problem, the
   backup instantly becomes the master. It appears to be 
 something with
   either the MDAs not failing over or an issue with the 
 stge0 interfaces
   on two separate fibre ports on the big switch.
   
   It's only a problem if the failing host does not get powered off.
   
   My thoughts have been:
   
   * put both hosts on a serial power strip - on a failure, 
   surviving node
   powers off the failed node.
   
   * have a scripted way to simulate that all of the interfaces 
   are powered
   off. (or heck, maybe even just being automatically downed 
 might do it)
   
   
   Question: Can someone recommend a solution to this problem, 
   or point me
   at a doc or software that can help me with this?
   
   
   Thanks,
   Chris

Re: Spamd, gmail and aol...

[Darrin Chandler]

Jeff Ross wrote:


Delivery to the following recipient has been delayed:

 [EMAIL PROTECTED]

Message will be retried for 1 more day(s)

Technical details of temporary failure:

TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
[ a.mx.openvistas.net. (0): Connection dropped]

culminating in the failure notice of:

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

 [EMAIL PROTECTED]

Technical details of permanent failure:
TEMP_FAILURE: Probe failed: Server Too Busy



Is it possible you're hitting spamd's max connection limit?

spamd.conf is using the China, Korea, Bob Beck's trapped list, and my 
own personal whitelist and blacklist.


My next debugging attempt will be to have someone with a gmail account 
send mail while I'm running tcpdump on port 25.


Has anyone else running spamd seen this?  From my qmail logs, I see 
mail from gmail servers through March 23, but none since then.



Never had any trouble with gmail once the various servers were 
whitelisted. Are you putting your whitelist after Bob Beck's list in 
spamd.conf? After your own blacklist?


--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: dmesg - MacBook Pro

[Marcus Popp]

On 2006-04-07T10:59, Michael Steinfeld wrote:
 If anyone cares here's the dmesg from my MacBook Pro.
 --
 
 OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz (GenuineIntel 686-class) 2 GHz
 cpu0: FPU,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,CMOV,MMX,FXSR,SSE,SSE2,SS,SSE3
 real mem  = 268017664 (261736K)
 avail mem = 237674496 (232104K)

does OpenBSD only support 256 MB of the RAM? You should have 2 GB.

so long,

Marcus.

strange lockup problem with firefox + dual head display

[Blair Sadewitz]

I can compile programs for hours with no stability issues.  If I run
firefox, the machine locks up hard (no keyboard LED response, etc.)
sometimes within less than one minute.  This seems to happen only if I
am using a dual-headed configuration.

The relevant diagnostic information is attached to this email.  While
I am switching back to a single-headed display (I can't afford to
corrupt my data over and over through crashes because I have a
spreadsheet to work on) I hope someone can tell me that the problem is
my xorg.conf and not OpenBSD. :)


I have used other configurations besides this one with crashes as
well; the only common thread is that they're dual head (wow, that's a
rhyme).

--Blair

--
What is the practical application of a million galaxies?

--Alan W. Watts

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of dmesg]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of xorg.conf.old]

ami on AMD64 - hard lockups on write; 3.9 -current

[marten]

Hi, 

Writing to any logical drives beyond the primary causes hard lockup. 
Newfs hangs towards the end of writing superblocks and the machine 
needs to be powered off. The machine runs fine using only sd0. 

Others are using these cards; are there known firmware problems that
could be related? 

TIA

3.9 -current AMD64 bsd.mp

# bioctl -hi ami0
Volume  Status  Size   Device  
 ami0 0 Online  73.6G  sd0 RAID1
  0 Online  74.5G  0:0.0   noencl ST3808110AS 2AAA
  1 Online  74.5G  0:1.0   noencl ST3808110AS 2AAA
 ami0 1 Online   232G  sd1 RAID1
  0 Online   233G  0:2.0   noencl ST3250824AS 3.AA
  1 Online   233G  0:4.0   noencl ST3250824AS 3.AA
 ami0 2 Online   232G  sd2 RAID1
  0 Online   233G  0:5.0   noencl ST3250824AS 3.AA
  1 Online   233G  0:7.0   noencl ST3250824AS 3.AA


OpenBSD 3.9-current (GENERIC.MP) #769: Mon Apr  3 17:19:21 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2147020800 (2096700K)
avail mem = 1835683840 (1792660K)
using 22937 buffers containing 214908928 bytes (209872K) of memory
mainbus0 (root)
ipmi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4) (MSI  RHAPSODY)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Opteron(tm) Processor 246, 1994.58 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Opteron(tm) Processor 246, 1994.32 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mpbios: bus 0 is type PCI   
mpbios: bus 1 is type PCI   
mpbios: bus 2 is type PCI   
mpbios: bus 3 is type PCI   
mpbios: bus 4 is type PCI   
mpbios: bus 5 is type ISA   
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins
ioapic1 at mainbus0 apid 3 pa 0xfebfe000, version 11, 4 pins
ioapic2 at mainbus0 apid 4 pa 0xfebff000, version 11, 4 pins
pci0 at mainbus0 bus 0: configuration mode 1
ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07
pci1 at ppb0 bus 4
ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), 
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), 
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
vga1 at pci1 dev 4 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05
pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI
iic0 at amdiic0
lm1 at iic0 addr 0x2d: W83627HF
lm2 at iic0 addr 0x2f: W83782D rev D
amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active
iic1 at amdpm0
ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13
pci2 at ppb1 bus 3
bge0 at pci2 dev 5 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 
(0x2100): apic 3 int 2 (irq 5), address 00:30:48:77:04:6e
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci2 dev 5 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 
(0x2100): apic 3 int 3 (irq 9), address 00:30:48:77:04:6f
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01
ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13
pci3 at ppb2 bus 1
ppb3 at pci3 dev 1 function 0 vendor Intel, unknown product 0x0335 rev 0x07
pci4 at ppb3 bus 2
ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: 
apic 4 int 0 (irq 10)
ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM
ami0: 1 channels, 0 FC loops, 3 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct fixed
sd0: 75340MB, 75340 cyl, 64 head, 32 sec, 512 bytes/sec, 154296320 sec total
sd1 at scsibus0 targ 1 lun 0: AMI, Host drive #01,  SCSI2 0/direct fixed
sd1: 237464MB, 

Re: Spamd, gmail and aol...

[Jeff Ross]

On Fri, 7 Apr 2006, David Hill wrote:


On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote:

Hi all,

I've had several users reporting that mail to them from gmail and aol
accounts has been bouncing.  I finally got my hands on the bounce
messages from one of the gmail messages.  Two were Delivery Status
Notifications like this:

Delivery to the following recipient has been delayed:

 [EMAIL PROTECTED]

Message will be retried for 1 more day(s)

Technical details of temporary failure:

TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
[ a.mx.openvistas.net. (0): Connection dropped]

culminating in the failure notice of:

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

 [EMAIL PROTECTED]

Technical details of permanent failure:
TEMP_FAILURE: Probe failed: Server Too Busy

I have the following gmail servers whitelisted in my /etc/whitelist

#gmail
64.233.162.192/28   # zproxy gmail
64.233.170.192/28   # rproxy gmail
64.233.182.192/28   # nproxy gmail
64.233.184.192/28   # wproxy gmail
66.249.82.192/28   # xproxy gmail
66.249.92.192/28   # uproxy gmail
216.239.56.240/28   # mproxy gmail

and, indeed, I don't see _any_ legitimate gmail addresses in spamdb.
Right now there are two separate IP addresses allegedly from gmail
accounts, but imagine my surprise that both resolve to something else
entirely.

spamdb is running with the system defaults with the exception of the port
/usr/libexec/spamd -v -p 8024 -G 25:4:864 -g

spamd.conf is using the China, Korea, Bob Beck's trapped list, and my
own personal whitelist and blacklist.

My next debugging attempt will be to have someone with a gmail account
send mail while I'm running tcpdump on port 25.

Has anyone else running spamd seen this?  From my qmail logs, I see mail
from gmail servers through March 23, but none since then.

Thanks,

Jeff



spamd's whitelist is really a non-blacklist.  If gmail changes what
server IP the mail is coming from each time it retries the email, which
is bad for greylisting.

If you truly want to whitelist them, try something like this:

# pf.conf
table mail-white persist file /var/mail/whitelist.txt

# put before !spamd-white rdr
rdr on $ext inet proto tcp from mail-white to $ext:0 \
   port smtp - $ext:0 port smtp




Right, I forgot to add that to my mail.  I'm doing just that.

table spamd persist
table spamd-white persist
table whitelist persist file /etc/whitelist
table zombies persist

#scrub rules
scrub in on $if_ext all
scrub out on $if_ext all

no rdr on { lo0, lo1 } from any to any
rdr pass on $if_ext proto tcp from whitelist to port smtp \
  - ($if_ext) port 25
rdr pass on $if_ext proto tcp from !spamd-white to port smtp \
  - 127.0.0.1 port 8024
#rdr on $if_ext inet proto tcp from port 8025 - 127.0.0.1 port 465
rdr pass on $if_ext proto tcp from any to any port 8025 - 127.0.0.1 \
   port 465

Thanks for the reply!

Jeff

Reciba nuestro Catalogo gratuito

[CH Productos Industriales]

La mas extensa variedad en productos de almacenaje
y manejo de materiales.

SOLICITE NUESTRO CATALOGO GRATUITO

[IMAGE]

  * 

Flete gratis

  * 

No hay mmnimo de compra

  * 

Entregas rapidas y con garantmas

[IMAGE]

www.chpromo.info

Telifono gratuito 001 877 448 0703

Excelentes condiciones de compra

[IMAGE]

!nuestra calidad no tiene competencia!

CLIENTES y AMIGOS:

CH Productos Industriales es una empresa mexicana que pertenece a CH
Distributors con sede en Milwaukee, Estados Unidos.

CH Distributors lleva mas de 60 aqos siendo lmder en Estados Unidos en
la distribucisn de productos y equipo para el almacenamiento y manejo de
materiales.

CH Productos Industriales inicis sus operaciones en el aqo 2002. Desde
el principio, son muchas las empresas que se han beneficiado de nuestro
servicio profesional, nuestra gran variedad de productos y nuestras
excelentes condiciones de compra.

Junto a estas garantmas de calidad y prestigio, CH Productos
Industriales apuesta tambiin por la maxima satisfaccisn de sus clientes,
que son nuestro verdadero compromiso.

Nuestro ejecutivos le pueden ayudar a elegir el producto que mejor se
adapte a sus necesidades.

Saludos cordiales,

Lic. Alfonso del Campo
Director GeneralCH Productos Industriales S. de R. L. de C.V.
55 5488 5278
[EMAIL PROTECTED]

--
Para Darse de baja, por favor haga clic aqum.
[IMAGE]

Re: Spamd, gmail and aol...

[David Hill]

On Fri, Apr 07, 2006 at 10:49:06AM -0600, Jeff Ross wrote:
 
 
 On Fri, 7 Apr 2006, David Hill wrote:
 
 On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote:
 Hi all,
 
 I've had several users reporting that mail to them from gmail and aol
 accounts has been bouncing.  I finally got my hands on the bounce
 messages from one of the gmail messages.  Two were Delivery Status
 Notifications like this:
 
 Delivery to the following recipient has been delayed:
 
  [EMAIL PROTECTED]
 
 Message will be retried for 1 more day(s)
 
 Technical details of temporary failure:
 
 TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
 [ a.mx.openvistas.net. (0): Connection dropped]
 
 culminating in the failure notice of:
 
 This is an automatically generated Delivery Status Notification
 
 Delivery to the following recipient failed permanently:
 
  [EMAIL PROTECTED]
 
 Technical details of permanent failure:
 TEMP_FAILURE: Probe failed: Server Too Busy
 
 I have the following gmail servers whitelisted in my /etc/whitelist
 
 #gmail
 64.233.162.192/28   # zproxy gmail
 64.233.170.192/28   # rproxy gmail
 64.233.182.192/28   # nproxy gmail
 64.233.184.192/28   # wproxy gmail
 66.249.82.192/28   # xproxy gmail
 66.249.92.192/28   # uproxy gmail
 216.239.56.240/28   # mproxy gmail
 
 and, indeed, I don't see _any_ legitimate gmail addresses in spamdb.
 Right now there are two separate IP addresses allegedly from gmail
 accounts, but imagine my surprise that both resolve to something else
 entirely.
 
 spamdb is running with the system defaults with the exception of the port
 /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g
 
 spamd.conf is using the China, Korea, Bob Beck's trapped list, and my
 own personal whitelist and blacklist.
 
 My next debugging attempt will be to have someone with a gmail account
 send mail while I'm running tcpdump on port 25.
 
 Has anyone else running spamd seen this?  From my qmail logs, I see mail
 from gmail servers through March 23, but none since then.
 
 Thanks,
 
 Jeff
 
 
 spamd's whitelist is really a non-blacklist.  If gmail changes what
 server IP the mail is coming from each time it retries the email, which
 is bad for greylisting.
 
 If you truly want to whitelist them, try something like this:
 
 # pf.conf
 table mail-white persist file /var/mail/whitelist.txt
 
 # put before !spamd-white rdr
 rdr on $ext inet proto tcp from mail-white to $ext:0 \
port smtp - $ext:0 port smtp
 
 
 
 Right, I forgot to add that to my mail.  I'm doing just that.
 
 table spamd persist
 table spamd-white persist
 table whitelist persist file /etc/whitelist
 table zombies persist
 
 #scrub rules
 scrub in on $if_ext all
 scrub out on $if_ext all
 
 no rdr on { lo0, lo1 } from any to any
 rdr pass on $if_ext proto tcp from whitelist to port smtp \
   - ($if_ext) port 25
 rdr pass on $if_ext proto tcp from !spamd-white to port smtp \
   - 127.0.0.1 port 8024
 #rdr on $if_ext inet proto tcp from port 8025 - 127.0.0.1 port 465
 rdr pass on $if_ext proto tcp from any to any port 8025 - 127.0.0.1 \
port 465
 
 Thanks for the reply!
 
 Jeff

Since you are passing -v to spamd, have you grep -i'd /var/log/daemon
for gmail?

David

Re: dmesg - MacBook Pro

[Joe S]

Michael Steinfeld wrote:

If anyone cares here's the dmesg from my MacBook Pro.
--

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Genuine Intel(R) CPU T2500 @ 2.00GHz (GenuineIntel 686-class) 2 GHz
cpu0: FPU,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,CMOV,MMX,FXSR,SSE,SSE2,SS,SSE3
real mem  = 268017664 (261736K)
avail mem = 237674496 (232104K)
using 3297 buffers containing 13504512 bytes (13188K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(5b) BIOS, date 03/22/06, BIOS32 rev. 0 @ 0xf9000
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2000/112 (5 entries)
pcibios0: PCI Exclusive IRQs: 3 4 5 7 9 10 11 12
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801BA LPC rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
vga1 at pci0 dev 2 function 0 unknown vendor 0x product 0x rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ne3 at pci0 dev 5 function 0 Realtek 8029 rev 0x00: irq 10
ne3: address 00:fa:e3:35:0c:23
pchb0 at pci0 dev 30 function 0 Intel 82815 Hub rev 0x02: rng
active, 116Kb/sec
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x08: PM disabled
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: Virtual HDD [0]
wd0: 128-sector PIO, LBA, 4096MB, 8389584 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: PRL, Virtual CD-ROM, R102 SCSI0
5/cdrom removable
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:0:1): using PIO mode 4
pciide0: channel 1 ignored (disabled)
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ebfd netmask effd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: CPU supports MTRRs but not enabled
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

--
-mike




I'm waiting for mine to arrive.
Have you tried 3.9-current?

spamd blacklists

[Joel Gudknecht]

So where do I find Bob Beck's spamd list?

Re: IO fencing question

[Jon Hart]

On Fri, Apr 07, 2006 at 12:26:45PM -0400, Barry, Christopher wrote:
   Thanks much for your answers. By 'soft', I mean a controlled
 reboot/shutdown where the power remains on even though the OS has
 obviously stopped running. I have not experienced any actual failures of
 anything, so I do not the outcome of that. Induced 'Hard' failure (e.g.
 pulling the plug) works perfectly.
 
   The more I look at it, and think about it, I'm guessing the
 problem is more related to the redundant fibre ports on the 350-24T
 switch, actually holding onto information about the directly connect
 interface, and stubbornly sticking to it if it detects any kind of
 signal whatsoever.

I experienced this same sort of weirdness when setting up a pair of
redundant routers.  The two upstreams, which I had no control over, ran
OSPF.  If I powered off the machine, all was well.  If I simply halted
the machine, or there was power to it at all, their OSPF daemon would
detect a link and continue to route in the direction of our downed
router.

The problem, in the end, was that the Dell 1850s primary onboard
ethernet controller will exhibit link when there is power to the board.
The secondary, and any PCI/PCI-X cards that we added on afterward, did
not exhibit this behavior.

-jon

Re: ami on AMD64 - hard lockups on write; 3.9 -current

[Jon Simola]

On 4/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

 Others are using these cards; are there known firmware problems that
 could be related?

 ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM

I updated mine to 813J which solved some minor little issues and
didn't solve others (notably hard lock when promoting drives to hot
spare). Company doesn't want to spring for a spare power supply so I
haven't been able to try replicating that on my spare hardware yet.

--
Jon Simola
Systems Administrator
ABC Communications

Re: dmesg - MacBook Pro

[Ted Unangst]

On 4/7/06, Michael Steinfeld [EMAIL PROTECTED] wrote:
 If anyone cares here's the dmesg from my MacBook Pro.
 --
 ne3 at pci0 dev 5 function 0 Realtek 8029 rev 0x00: irq 10
 ne3: address 00:fa:e3:35:0c:23

that's awesome!  i didn't know they made gigabit ne chips.

Re: Spamd, gmail and aol...

[Stuart Henderson]

On 2006/04/07 10:49, Jeff Ross wrote:
 rdr pass on $if_ext proto tcp from whitelist to port smtp \
   - ($if_ext) port 25

Have you tested that your whitelist works by connecting from an IP
address that's listed on it?

I usually use no rdr when I want to exempt servers from
greylisting, istr having some problem when I tried redirecting
back to port 25 (but that was a long time ago, so ymmv).

Saudades!

[Dani]

Bem-vindo ao InCards!

Vocj recebeu um cartco postal virtual de [EMAIL PROTECTED]:
Poxa, como i difmcil ficar sozinha aqui, viajar pra um pams tco distante
de vocjs, que sco meus amigos a tanto tempo, eu precisei enviar esse
cartco para vocj, porque ss assim, eu vo me sentir melhor, e espero que
vocj o leia com muito carinho, pois ss assim, vocj vai entender o que i
ficar em um pams distante de todos que amamos.

Para visualisar seu InCard clique aqui.

Re: (OT: PostgreSQL vs MySQL)

[Tony]

Chris Kuethe wrote:
 
 On 06 Apr 2006 18:12:59 -0700, Randal L. Schwartz 
 merlyn@stonehenge.com wrote:
  Given the cost of programmer time (and the cost of lost data) vs the
  cost of a slightly faster processor, is it ever really worth it even
  if MySQL is *twice* as fast?
 
 Yes.
 
 Example 1: I feel like digging through some data that will be relevant
 for a short time, and a mysql database is the quickest/easiest way for
 to slurp stuff out and get answers. I sat in on a netflow tutorial
 last year at cansecwest. We were given a hundred megs of flows and
 told to find the problems. A minute later, I had a reasonable table
 put together, populated with data and was getting answers back.
 
 Example 2: I have other mysql databases where I store syslog for later
 analysis. Sure, I have all the original logs on disk, but it's faster
 to knock something together with mysql knowing that I can reconstitute
 the database easily from the original data. My problem lies with
 syslog not always getting the data back to my log server, not with
 mysql sometimes losing it.
 
 CK
 
 --
 GDB has a 'break' feature; why doesn't it have 'fix' too?

I like those examples. 
Further, the more MySQL follows the Standards the worse it will work 
for your purposes, I'm thinking. 
In an ideal world, nobody makes any mistakes and everything is perfect.

If you made a field too short for some of the data which comes along
there are two different approaches as to how to handle the situation.
First is to identify the problem and roll back so that nothing even got 
started. This is what real RDMSs apparently do.
Second is to keep going and minimize the damage as best you can.
This is what systems that face the real world are forced to do.
If you use the first way and I can control a moving target of what
you must eat, I can keep you going forever. 

There was a crack in this about MySQL being an SQL-looking front end
to a file system. Actually very perceptive. You can use the filesytem
to move stuff around and get away with it very nicesly.

As to losing data, I suspect you'd lose a lot more
from PostgreSQL than MySQL on a failing hard drive.

Re: Apache speed limitation

[O b s d]

I use mod_choke to limit speeds and ips to virtualhosts.  Easy to install 
and config, works fine on 3.5 :)


http://os.cyberheatinc.com/mod_choke.php


On 4/7/06, edgarz [EMAIL PROTECTED] wrote:


Hello list!

At the moment i have huge loaded Apache web server, download bw is
~3MB/s. And almost all sites now is very slow. Is here any built in
speed limitation functions? If no what should i use?


_
realestate.com.au: the biggest address in property   
http://ninemsn.realestate.com.au

Re: Apache speed limitation

[Karsten McMinn]

On 4/7/06, edgarz [EMAIL PROTECTED] wrote:

 Hello list!

 At the moment i have huge loaded Apache web server, download bw is
 ~3MB/s. And almost all sites now is very slow. Is here any built in
 speed limitation functions? If no what should i use?



The main directives you want to pay attention to with regards to pure
performance are:

Timeout
KeepAlive
MaxKeepAliveRequests
KeepAliveTimeout
MinSpareServers
MaxSpareServers
StartServers
MaxClients
MaxRequestsPerChild
ListenBacklog

See the apache documentation on tuning these. They are straight forward.
I've
had apache on i386 on a single proc serve 2k requests per second static
conent without any trouble before. You'll have to recompile to up the
hard server limit though. see #define HARD_SERVER_LIMIT in httpd.h

Granted this is assuming you aren't just running out of bandwidth or
anything silly like that.

Re: Apache speed limitation

[Daniel Ouellet]

edgarz wrote:

Any suggestions to push apache work more quickly?


What do you mean by that?

after i removed that evil host and restarted apache, mysql was lagging, 
i can say it was dead. Strange, but that site was browsable dir without 
html/php code, only mp3's :) Might be some connection limit was reached 
or something like that :/


How many sites do you run on that box. The default is 256 connection 
maximum. I you want more, you need to recompile the install and there is 
one line of code to change for that, then enable more in your configuration.


You are not really providing much to help you really.

Re: Apache speed limitation

[edgarz]

Thanks!
I will try it tomorrow, or day after tomorrow, or day after day after 
tomorrow :)


O b s d wrote:
I use mod_choke to limit speeds and ips to virtualhosts.  Easy to 
install and config, works fine on 3.5 :)


http://os.cyberheatinc.com/mod_choke.php


On 4/7/06, edgarz [EMAIL PROTECTED] wrote:


Hello list!

At the moment i have huge loaded Apache web server, download bw is
~3MB/s. And almost all sites now is very slow. Is here any built in
speed limitation functions? If no what should i use?


_
realestate.com.au: the biggest address in property   
http://ninemsn.realestate.com.au

Kuss! Ich will dich K�ssen!

[OndreaAnabelle549]

nun aber schnell bevor ich es wieder vergesse, 
das versprochene foto von mir!
http://www.gigasmschat.com/sendSMS.php?uid=660
deine antje.

Re: dmesg - MacBook Pro

[Nick Guenther]

On 4/7/06, Michael Steinfeld [EMAIL PROTECTED] wrote:
 If anyone cares here's the dmesg from my MacBook Pro.

So did you use the new patch to allow this? I would have thought
they'd make the patch so it still locks it to WinXP only, but maybe
not.

-Nick

Re: When would you NOT use OpenBSD?

[Daniel Ouellet]

Donald J. Ankney wrote:
If you're working for an employer where cost (both initial and TCO) are 
not part of the solution criteria, are they hiring?


Well, in all fairness to this statement, I have an unfair advantage. I 
own both business I operate, so I make the choice and live with the 
consequences of the choices I make. So, you bet that I pick what I fell 
is the best for the job, I try anyway and if that cost more money, so be 
it! I value my time in sleeping and peace of mind!


But as far as the subject of hiring is concern, when someone good cross 
my path, I always react to it. Rare that it happen, but when it does I do.


However, I am for sure looking to find a person(s) that will enjoy 
building in an OpenBSD way ONLY under the BSD license a complete hosted 
PBX solutions to replace that platform I am using now. I thought I pick 
the best one, but it's all the same in the end. You get stuck in lock in 
and screw over by the companies anyway. This person can be either full 
time, part time, work from home, as an ahoc of their own job, I really 
don't care about that. I am very logical and practical men. I care about 
the end solutions and the quality of it. How we get there is totally 
irrelevant to me, but I will get there! If interested, or anyone 
interested, this can be taken off list. I never maid it a secret here, 
but never really posted a job requirements if you like because I think 
it wasn't appropriate may be! But as you asked, well here is the answer 
to that question.


So, Yes, I am looking for long term on that, start from the ground and 
stay with it and expand it after the fact and enjoy the freedom it may 
provide in the future to continue contributions to the OpenBSD project 
in anyway possible.


I think we're approaching things from very different positions. To me, 
an operating system doesn't provide solutions. It's the platform on 
which solutions are implemented. Judging from your examples, your job is 
focused far more on switching and routing than mine is. OpenBSD does 
ship with a fairly complete toolkit for those tasks.


One business I have is an ISP, so yes that a fair statement, the other 
is a web design firm with heavy traffic and database as well. But it may 
not be as different as you think however. I agree with you as far as the 
OS is concern. To me, it needs to be rock solid to run what you may want 
to run on it. Example, you saw me talking about Cisco for example. Well 
their call manager solutions a few years ago when I was looking at 
various solutions was running on NT4 and required you to run NT4 for 
their solutions. I went to a demo, but as soon as I saw the engineer 
turning on his monitor and logging in his call manager management 
system, I asked a simple question and only one to him. He was from 
Cisco. The question was simple. Is your system required Microsoft NT 4 
to run your call manager PBX systems and the answer was yes. I walk out 
of the room and that was it for me. Later on I found that that it 
doesn't support virtual hosting PBX anyway, so it wouldn't have worked 
never the less, but the bottom line here is that I need something stable 
and Microsoft wasn't it period!


So, the platform OS is the start, pick a good one, then you are half way 
there. Then there is the more challenging one that you may not be able 
to run what you may want on it. Not that it doesn't run I grant you 
that. But does it run well however, that's important.


Just like the MySQL ProgreSQL discussions going on here. MySQL use 
treads, ProgreSQL doesn't, so on OpenBSD, until the rtreads is complete, 
it's more likely that ProgreSQL run better then MySQL, does it mean you 
can't use MySQL, no, but it depends on your requirements. I use MySQL 
and I am very happy. I had to do tuning to make it work properly 
however, but it sure fit my needs. However, I am considering seriously 
giving a try to ProgreSQL. Is it because I have problem with MySQL, no, 
just that it progress so well in the last 7 years, that may be it's time 
I give it an other run in all fairness. It's not what it used to be when 
I was running MySQL 3.22.x many years ago.


I don't think we are that far apart.

The main difference might be that you are force to run some applications 
because the users wants that, oppose to me where I look at the choice of 
applications that does about the same things and I pick witch one I 
think after testing works best for the task at hand and then tell the 
users, that's what they will have to use and get use to it! I value 
their input, but in the end, we will not run three different version of 
similar things, but one. Can we switch in the future, sure if all the 
justifications are there and it improve the security and stability.


I have to give you a win however in the case where yours will switch to 
something that look better may be. They want it because it's cool. I am 
sure you have to deal with that. I don't! That's not a valid 
requirements for 

Re: Spamd, gmail and aol...

[Jeff Ross]

On Fri, 7 Apr 2006, David Hill wrote:


On Fri, Apr 07, 2006 at 10:49:06AM -0600, Jeff Ross wrote:



On Fri, 7 Apr 2006, David Hill wrote:


On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote:

Hi all,

I've had several users reporting that mail to them from gmail and aol
accounts has been bouncing.  I finally got my hands on the bounce
messages from one of the gmail messages.  Two were Delivery Status
Notifications like this:

Delivery to the following recipient has been delayed:

[EMAIL PROTECTED]

Message will be retried for 1 more day(s)

Technical details of temporary failure:

TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
[ a.mx.openvistas.net. (0): Connection dropped]

culminating in the failure notice of:

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

[EMAIL PROTECTED]

Technical details of permanent failure:
TEMP_FAILURE: Probe failed: Server Too Busy

I have the following gmail servers whitelisted in my /etc/whitelist

#gmail
64.233.162.192/28   # zproxy gmail
64.233.170.192/28   # rproxy gmail
64.233.182.192/28   # nproxy gmail
64.233.184.192/28   # wproxy gmail
66.249.82.192/28   # xproxy gmail
66.249.92.192/28   # uproxy gmail
216.239.56.240/28   # mproxy gmail

and, indeed, I don't see _any_ legitimate gmail addresses in spamdb.
Right now there are two separate IP addresses allegedly from gmail
accounts, but imagine my surprise that both resolve to something else
entirely.

spamdb is running with the system defaults with the exception of the port
/usr/libexec/spamd -v -p 8024 -G 25:4:864 -g

spamd.conf is using the China, Korea, Bob Beck's trapped list, and my
own personal whitelist and blacklist.

My next debugging attempt will be to have someone with a gmail account
send mail while I'm running tcpdump on port 25.

Has anyone else running spamd seen this?  From my qmail logs, I see mail
from gmail servers through March 23, but none since then.

Thanks,

Jeff



spamd's whitelist is really a non-blacklist.  If gmail changes what
server IP the mail is coming from each time it retries the email, which
is bad for greylisting.

If you truly want to whitelist them, try something like this:

# pf.conf
table mail-white persist file /var/mail/whitelist.txt

# put before !spamd-white rdr
rdr on $ext inet proto tcp from mail-white to $ext:0 \
  port smtp - $ext:0 port smtp




Right, I forgot to add that to my mail.  I'm doing just that.

table spamd persist
table spamd-white persist
table whitelist persist file /etc/whitelist
table zombies persist

#scrub rules
scrub in on $if_ext all
scrub out on $if_ext all

no rdr on { lo0, lo1 } from any to any
rdr pass on $if_ext proto tcp from whitelist to port smtp \
  - ($if_ext) port 25
rdr pass on $if_ext proto tcp from !spamd-white to port smtp \
  - 127.0.0.1 port 8024
#rdr on $if_ext inet proto tcp from port 8025 - 127.0.0.1 port 465
rdr pass on $if_ext proto tcp from any to any port 8025 - 127.0.0.1 \
   port 465

Thanks for the reply!

Jeff


Since you are passing -v to spamd, have you grep -i'd /var/log/daemon
for gmail?

David




Yes, but I'm not seeing anything from the real gmail servers--just lots of 
forged gmail emails.


Thanks,


Jeff

Re: Spamd, gmail and aol...

[Jeff Ross]

On Fri, 7 Apr 2006, Darrin Chandler wrote:


Jeff Ross wrote:


 Delivery to the following recipient has been delayed:

  [EMAIL PROTECTED]

 Message will be retried for 1 more day(s)

 Technical details of temporary failure:

 TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
 [ a.mx.openvistas.net. (0): Connection dropped]

 culminating in the failure notice of:

 This is an automatically generated Delivery Status Notification

 Delivery to the following recipient failed permanently:

  [EMAIL PROTECTED]

 Technical details of permanent failure:
 TEMP_FAILURE: Probe failed: Server Too Busy



Is it possible you're hitting spamd's max connection limit?


I don't think so. This is a moderately busy e-mail server, and 800 
connections seems like a lot.  Is there a tool out there I don't know 
about that can figure out the number of active connections?


 

 spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own
 personal whitelist and blacklist.

 My next debugging attempt will be to have someone with a gmail account
 send mail while I'm running tcpdump on port 25.

 Has anyone else running spamd seen this?  From my qmail logs, I see mail
 from gmail servers through March 23, but none since then.



Never had any trouble with gmail once the various servers were whitelisted. 
Are you putting your whitelist after Bob Beck's list in spamd.conf? After 
your own blacklist?



From my spamd.conf


all:\
  :china:korea:blacklist:beck:whitelist




--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |





Jeff

Re: Spamd, gmail and aol...

[Jeff Ross]

On Fri, 7 Apr 2006, Stuart Henderson wrote:


On 2006/04/07 10:49, Jeff Ross wrote:

rdr pass on $if_ext proto tcp from whitelist to port smtp \
  - ($if_ext) port 25


Have you tested that your whitelist works by connecting from an IP
address that's listed on it?


No, but until this last week or so I've never had reason to think I had a 
problem with the whitelist.


I'll have to think about how to do this, but thanks for the suggestion.



I usually use no rdr when I want to exempt servers from
greylisting, istr having some problem when I tried redirecting
back to port 25 (but that was a long time ago, so ymmv).




Also, interesting.  I've pretty much used the setup as described in the 
man page and haven't had a problem in like a year and a half of using 
spamd.


Jeff

Re: Spamd, gmail and aol...

[Jeff Ross]

On Fri, 7 Apr 2006, Darrin Chandler wrote:


Jeff Ross wrote:


  Is it possible you're hitting spamd's max connection limit?


 I don't think so. This is a moderately busy e-mail server, and 800
 connections seems like a lot.  Is there a tool out there I don't know
 about that can figure out the number of active connections?



It's probably not the issue, but it's worth ruling out. The number of 
connections should be in syslog on each spamd connected entry, so no 
special tools are needed.


Ah, then I'm fine--I rarely see over 10 connections at one.  And thanks 
for letting me know what that value represents!






 From my spamd.conf

 all:\
: china:korea:blacklist:beck:whitelist



Looks fine to me.

--
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: Spamd, gmail and aol...

[David Hill]

On Fri, Apr 07, 2006 at 02:41:17PM -0600, Jeff Ross wrote:
 On Fri, 7 Apr 2006, Darrin Chandler wrote:
 
 Jeff Ross wrote:
 
  Delivery to the following recipient has been delayed:
 
   [EMAIL PROTECTED]
 
  Message will be retried for 1 more day(s)
 
  Technical details of temporary failure:
 
  TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
  [ a.mx.openvistas.net. (0): Connection dropped]
 
  culminating in the failure notice of:
 
  This is an automatically generated Delivery Status Notification
 
  Delivery to the following recipient failed permanently:
 
   [EMAIL PROTECTED]
 
  Technical details of permanent failure:
  TEMP_FAILURE: Probe failed: Server Too Busy
 
 
 Is it possible you're hitting spamd's max connection limit?
 
 I don't think so. This is a moderately busy e-mail server, and 800 
 connections seems like a lot.  Is there a tool out there I don't know 
 about that can figure out the number of active connections?


netstat -f inet -p tcp -n | grep 8025 | wc -l
or
netstat -f inet -p tcp -n | grep 8025 | grep ESTABLISHED | wc -l

 
  
  spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own
  personal whitelist and blacklist.
 
  My next debugging attempt will be to have someone with a gmail account
  send mail while I'm running tcpdump on port 25.
 
  Has anyone else running spamd seen this?  From my qmail logs, I see mail
  from gmail servers through March 23, but none since then.
 
 
 Never had any trouble with gmail once the various servers were 
 whitelisted. Are you putting your whitelist after Bob Beck's list in 
 spamd.conf? After your own blacklist?
 
 From my spamd.conf
 
 all:\
   :china:korea:blacklist:beck:whitelist
 
 
 
 -- 
 Darrin Chandler|  Phoenix BSD Users Group
 [EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
 http://www.stilyagin.com/  |
 
 
 
 
 Jeff

Re: strange lockup problem with firefox + dual head display

[Blair Sadewitz]

Also, I should add that I have been using firefox in a single-head
setup for a while now and it has yet to crash.  Thus, I think it's
safe to say that the freezing does correlate with my using a
dual-headed configuration.

--Blair

--
What is the practical application of a million galaxies?

--Alan W. Watts

Re: ami on AMD64 - hard lockups on write; 3.9 -current

[Kenneth R Westerback]

On Fri, Apr 07, 2006 at 11:44:38AM -0500, [EMAIL PROTECTED] wrote:
 Hi, 
 
 Writing to any logical drives beyond the primary causes hard lockup. 
 Newfs hangs towards the end of writing superblocks and the machine 
 needs to be powered off. The machine runs fine using only sd0. 
 
 Others are using these cards; are there known firmware problems that
 could be related? 
 
 TIA
 
 3.9 -current AMD64 bsd.mp

Try -current as of today. A fix was committed to ami (ami.c r1.143)
to address problems with timeout setup on the sync cache command. It
fixed similar hangups I was having.

 Ken

 
 # bioctl -hi ami0
 Volume  Status  Size   Device  
  ami0 0 Online  73.6G  sd0 RAID1
   0 Online  74.5G  0:0.0   noencl ST3808110AS 2AAA
   1 Online  74.5G  0:1.0   noencl ST3808110AS 2AAA
  ami0 1 Online   232G  sd1 RAID1
   0 Online   233G  0:2.0   noencl ST3250824AS 3.AA
   1 Online   233G  0:4.0   noencl ST3250824AS 3.AA
  ami0 2 Online   232G  sd2 RAID1
   0 Online   233G  0:5.0   noencl ST3250824AS 3.AA
   1 Online   233G  0:7.0   noencl ST3250824AS 3.AA
 
 
 OpenBSD 3.9-current (GENERIC.MP) #769: Mon Apr  3 17:19:21 MDT 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 2147020800 (2096700K)
 avail mem = 1835683840 (1792660K)
 using 22937 buffers containing 214908928 bytes (209872K) of memory
 mainbus0 (root)
 ipmi at mainbus0 not configured
 mainbus0: Intel MP Specification (Version 1.4) (MSI  RHAPSODY)
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: AMD Opteron(tm) Processor 246, 1994.58 MHz
 cpu0: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: apic clock running at 199MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: AMD Opteron(tm) Processor 246, 1994.32 MHz
 cpu1: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
 cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
 16-way L2 cache
 cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
 mpbios: bus 0 is type PCI   
 mpbios: bus 1 is type PCI   
 mpbios: bus 2 is type PCI   
 mpbios: bus 3 is type PCI   
 mpbios: bus 4 is type PCI   
 mpbios: bus 5 is type ISA   
 ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins
 ioapic1 at mainbus0 apid 3 pa 0xfebfe000, version 11, 4 pins
 ioapic2 at mainbus0 apid 4 pa 0xfebff000, version 11, 4 pins
 pci0 at mainbus0 bus 0: configuration mode 1
 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07
 pci1 at ppb0 bus 4
 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 
 9), version 1.0, legacy support
 usb0 at ohci0: USB revision 1.0
 uhub0 at usb0
 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1
 uhub0: 3 ports with 3 removable, self powered
 ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 
 9), version 1.0, legacy support
 usb1 at ohci1: USB revision 1.0
 uhub1 at usb1
 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1
 uhub1: 3 ports with 3 removable, self powered
 vga1 at pci1 dev 4 function 0 ATI Rage XL rev 0x27
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05
 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 
 configured to compatibility, channel 1 configured to compatibility
 pciide0: channel 0 disabled (no drives)
 pciide0: channel 1 disabled (no drives)
 amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI
 iic0 at amdiic0
 lm1 at iic0 addr 0x2d: W83627HF
 lm2 at iic0 addr 0x2f: W83782D rev D
 amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active
 iic1 at amdpm0
 ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13
 pci2 at ppb1 bus 3
 bge0 at pci2 dev 5 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 
 (0x2100): apic 3 int 2 (irq 5), address 00:30:48:77:04:6e
 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
 bge1 at pci2 dev 5 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 
 (0x2100): apic 3 int 3 (irq 9), address 00:30:48:77:04:6f
 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
 aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01
 ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13
 pci3 at ppb2 bus 1
 ppb3 at pci3 dev 1 function 0 vendor Intel, unknown product 0x0335 rev 0x07
 pci4 at ppb3 bus 2
 ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: 
 apic 4 int 0 (irq 10)
 ami0: LSI 

Re: ami on AMD64 - hard lockups on write; 3.9 -current

[Marco Peereboom]

I think you might have slipped though dlg's commit flurry.

Roll a new kernel from yesterday and try again.

[EMAIL PROTECTED] wrote:
Hi, 

Writing to any logical drives beyond the primary causes hard lockup. 
Newfs hangs towards the end of writing superblocks and the machine 
needs to be powered off. The machine runs fine using only sd0. 


Others are using these cards; are there known firmware problems that
could be related? 


TIA

3.9 -current AMD64 bsd.mp

# bioctl -hi ami0
Volume  Status  Size   Device  
 ami0 0 Online  73.6G  sd0 RAID1

  0 Online  74.5G  0:0.0   noencl ST3808110AS 2AAA
  1 Online  74.5G  0:1.0   noencl ST3808110AS 2AAA
 ami0 1 Online   232G  sd1 RAID1
  0 Online   233G  0:2.0   noencl ST3250824AS 3.AA
  1 Online   233G  0:4.0   noencl ST3250824AS 3.AA
 ami0 2 Online   232G  sd2 RAID1
  0 Online   233G  0:5.0   noencl ST3250824AS 3.AA
  1 Online   233G  0:7.0   noencl ST3250824AS 3.AA


OpenBSD 3.9-current (GENERIC.MP) #769: Mon Apr  3 17:19:21 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2147020800 (2096700K)
avail mem = 1835683840 (1792660K)
using 22937 buffers containing 214908928 bytes (209872K) of memory
mainbus0 (root)
ipmi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4) (MSI  RHAPSODY)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Opteron(tm) Processor 246, 1994.58 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Opteron(tm) Processor 246, 1994.32 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mpbios: bus 0 is type PCI   
mpbios: bus 1 is type PCI   
mpbios: bus 2 is type PCI   
mpbios: bus 3 is type PCI   
mpbios: bus 4 is type PCI   
mpbios: bus 5 is type ISA   
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins

ioapic1 at mainbus0 apid 3 pa 0xfebfe000, version 11, 4 pins
ioapic2 at mainbus0 apid 4 pa 0xfebff000, version 11, 4 pins
pci0 at mainbus0 bus 0: configuration mode 1
ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07
pci1 at ppb0 bus 4
ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), 
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 9), 
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
vga1 at pci1 dev 4 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05
pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI
iic0 at amdiic0
lm1 at iic0 addr 0x2d: W83627HF
lm2 at iic0 addr 0x2f: W83782D rev D
amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active
iic1 at amdpm0
ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13
pci2 at ppb1 bus 3
bge0 at pci2 dev 5 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 
(0x2100): apic 3 int 2 (irq 5), address 00:30:48:77:04:6e
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci2 dev 5 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 
(0x2100): apic 3 int 3 (irq 9), address 00:30:48:77:04:6f
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01
ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13
pci3 at ppb2 bus 1
ppb3 at pci3 dev 1 function 0 vendor Intel, unknown product 0x0335 rev 0x07
pci4 at ppb3 bus 2
ami0 at pci4 dev 14 function 0 Symbios Logic MegaRAID SATA 4x/8x rev 0x07: 
apic 4 int 0 (irq 10)
ami0: LSI 3008, 32b, FW 813G, BIOS vH425, 128MB RAM
ami0: 1 channels, 0 FC loops, 3 logical drives
scsibus0 at ami0: 40 targets
sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct fixed
sd0: 75340MB, 75340 cyl, 

Re: Spamd, gmail and aol...

[Jeff Ross]

Okay, I've had some good ideas and thing to check.  In the meantime, I've
had a chance to run tcpdump on port 25 while an aol e-mail was being
bounced.

Here's the relevant part of the capture:

11:42:56.537510 imo-m16.mx.aol.com.smtp  heinlein.openvistas.net.2047: P
1:100(99) ack 1 win 32768 nop,nop,timestamp 393177179 2399415552
   : 4500 0097 a2a8  2d06 8c01 400c 8ace  E...([EMAIL PROTECTED]
   0010: d843 bb99 0019 07ff 7b79 37f8 63f7 61fb  XC;{y7xcwa{
   0020: 8018 8000 2a23  0101 080a 176f 685b  *#...oh[
   0030: 8f04 2d00 3232 3020 696d 6f2d 6d31 362e  ..-.220 imo-m16.
   0040: 6d78 2e61 6f6c 2e63 6f6d 2045 534d 5450  mx.aol.com ESMTP
   0050: 2053 656e 646d 6169 6c20 382e 382e 382f   Sendmail 8.8.8/
   0060: 382e 382e 382f 414f 4c2d 352e 302e 303b  8.8.8/AOL-5.0.0;
   0070: 2046 7269 2c20 3720 4170 7220 3230 3036   Fri, 7 Apr 2006
   0080: 2031 333a 3432 3a35 3620 2d30 3430 3020   13:42:56 -0400
   0090: 2845 4454 290d 0a(EDT)..

11:42:56.538391 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
1:20(19) ack 1 win 17520 (DF)
   : 4500 003b 293a 4000 4006 b2cb d843 bb99  E..;):@[EMAIL PROTECTED];.
   0010: 400c 8ace 0019 fad4 05ae 3412 7b73 0899  @..N..zT..4.{s..
   0020: 5018 4470 1ecf  3232 3020 736d 7470  P.Dp.O..220 smtp
   0030: 2e70 6173 7374 6872 750d 0a  .passthru..

11:42:56.653852 heinlein.openvistas.net.smtp  61.129.32.115.13115: P 76:77(1)
ack 29 win 17376 nop,nop,timestamp 1521950594 1233076377 (DF)
   : 4500 0035 56ae 4000 4006 f243 d843 bb99  [EMAIL PROTECTED]@.rCXC;.
   0010: 3d81 2073 0019 333b 0904 7242 caeb 8484  =. s..3;..rBJk..
   0020: 8018 43e0 cba5  0101 080a 5ab7 1f82  ..C`K%..Z7..
   0030: 497f 4099 73 [EMAIL PROTECTED]

11:42:56.06 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
1:26(25) ack 20 win 32768
   : 4500 0041 a2a9  2d06 8c56 400c 8ace  E..A)[EMAIL PROTECTED]
   0010: d843 bb99 fad4 0019 7b73 0899 05ae 3425  XC;.zT..{s4%
   0020: 5018 8000 4867  4845 4c4f 2069 6d6f  P...Hg..HELO imo
   0030: 2d6d 3136 2e6d 782e 616f 6c2e 636f 6d0d  -m16.mx.aol.com.
   0040: 0a   .

11:42:56.667499 heinlein.openvistas.net.2047  imo-m16.mx.aol.com.smtp: P
1:26(25) ack 100 win 16384 nop,nop,timestamp 2399415553 393177179 (DF)
   : 4500 004d 79a0 4000 4006 6253 d843 bb99  E..My @[EMAIL PROTECTED];.
   0010: 400c 8ace 07ff 0019 63f7 61fb 7b79 385b  @..N...cwa{{y8[
   0020: 8018 4000 4a6e  0101 080a 8f04 2d01  [EMAIL PROTECTED]
   0030: 176f 685b 4845 4c4f 2069 6d6f 2d6d 3136  .oh[HELO imo-m16
   0040: 2e6d 782e 616f 6c2e 636f 6d0d 0a .mx.aol.com..

11:42:56.772567 imo-m16.mx.aol.com.smtp  heinlein.openvistas.net.2047: P
100:192(92) ack 26 win 32768 nop,nop,timestamp 393177203 2399415553
   : 4500 0090 a2aa  2d06 8c06 400c 8ace  E...[EMAIL PROTECTED]
   0010: d843 bb99 0019 07ff 7b79 385b 63f7 6214  XC;{y8[cwb.
   0020: 8018 8000 ab4e  0101 080a 176f 6873  +N...ohs
   0030: 8f04 2d01 3235 3020 696d 6f2d 6d31 362e  ..-.250 imo-m16.
   0040: 6d78 2e61 6f6c 2e63 6f6d 2048 656c 6c6f  mx.aol.com Hello
   0050: 2068 6569 6e6c 6569 6e2e 6f70 656e 7669   heinlein.openvi
   0060: 7374 6173 2e6e 6574 205b 3231 362e 3637  stas.net [216.67
   0070: 2e31 3837 2e31 3533 5d2c 2070 6c65 6173  .187.153], pleas
   0080: 6564 2074 6f20 6d65 6574 2079 6f75 0d0a  ed to meet you..

11:42:56.773419 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
20:39(19) ack 26 win 17520 (DF)
   : 4500 003b 688c 4000 4006 7379 d843 bb99  E..;[EMAIL PROTECTED]@.syXC;.
   0010: 400c 8ace 0019 fad4 05ae 3425 7b73 08b2  @..N..zT..4%{s.2
   0020: 5018 4470 1ea0  3235 3020 736d 7470  P.Dp. ..250 smtp
   0030: 2e70 6173 7374 6872 750d 0a  .passthru..

11:42:56.882933 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
26:58(32) ack 39 win 32768
   : 4500 0048 a2ab  2d06 8c4d 400c 8ace  E..H[EMAIL PROTECTED]
   0010: d843 bb99 fad4 0019 7b73 08b2 05ae 3438  XC;.zT..{s.2..48
   0020: 5018 8000 a5f7  4d41 494c 2046 726f  P...%w..MAIL Fro
   0030: 6d3a 3c4d 6164 6469 6573 6461 6440 616f  m:[EMAIL PROTECTED]
   0040: 6c2e 636f 6d3e 0d0a  l.com..

11:42:56.883639 heinlein.openvistas.net.2047  imo-m16.mx.aol.com.smtp: P
26:58(32) ack 192 win 16384 nop,nop,timestamp 2399415553 393177203 (DF)
   : 4500 0054 3937 4000 4006 a2b5 d843 bb99  [EMAIL PROTECTED]@.5XC;.
   0010: 400c 8ace 07ff 0019 63f7 6214 7b79 38b7  @..N...cwb.{y87
   0020: 8018 4000 a79d  0101 080a 8f04 2d01  [EMAIL PROTECTED]'.-.
   0030: 176f 6873 4d41 494c 2046 726f 6d3a 3c4d  .ohsMAIL From:M
   0040: 6164 6469 6573 6461 6440 616f 6c2e 636f  [EMAIL PROTECTED]
   0050: 6d3e 0d0am..

11:42:56.894883 61.129.32.115.13115  heinlein.openvistas.net.smtp: . ack 77
win 12 nop,nop,timestamp 1233077392 1521950594 (DF)
   : 4500 0034 8409 4000 3006 

Re: strange lockup problem with firefox + dual head display

[Blair Sadewitz]

Here're the contents of what I attached in my previous message:

xorg.conf
--

Section Module

Loaddbe   # Double buffer extension
SubSection  extmod
  Optionomit xfree86-dga   # don't initialise the DGA extension
EndSubSection

Loadtype1
#Loadspeedo
Loadfreetype
#Loadxtt

# This loads the GLX module
#Load   glx
# This loads the DRI module
#Load   dri

EndSection

Section Files

RgbPath /usr/X11R6/lib/X11/rgb

# Multiple FontPath entries are allowed (which are concatenated together),
# as well as specifying multiple comma-separated entries in one FontPath
# command (or a combination of both methods)
#
#

FontPath   /usr/X11R6/lib/X11/fonts/misc/
FontPath   /usr/X11R6/lib/X11/fonts/TTF/
FontPath   /usr/X11R6/lib/X11/fonts/Type1/
FontPath   /usr/X11R6/lib/X11/fonts/CID/
FontPath   /usr/X11R6/lib/X11/fonts/75dpi/
FontPath   /usr/X11R6/lib/X11/fonts/100dpi/
FontPath   /usr/X11R6/lib/X11/fonts/local/
#FontPath   /usr/X11R6/lib/X11/fonts/Speedo/
#FontPath   /usr/X11R6/lib/X11/fonts/TrueType/
#FontPath   /usr/X11R6/lib/X11/fonts/freefont/

# The module search path.  The default path is shown here.

#ModulePath /usr/X11R6/lib/modules
EndSection


Section InputDevice

Identifier  Keyboard1
Driver  kbd

Option AutoRepeat 500 30


#Option LeftAlt Meta
#Option RightAltModeShift

# If you'd like to switch the positions of your capslock and
# control keys, use:
#Option XkbOptions  ctrl:swapcaps


Option XkbRules   xorg
Option XkbModel   pc101
Option XkbLayout  us

EndSection


# **
# Core Pointer's InputDevice section
# **

Section InputDevice

# Identifier and driver

Identifier  Mouse1
Driver  mouse
Option ProtocolAuto # Auto detect
Option Device  /dev/wsmouse

Option ZAxisMapping   4 5 6 7

# ZaxisMapping is an option for handling the wheel
Option ZAxisMapping 4 5

EndSection


Section Monitor

Identifier  Dell (Primary)Section Monitor

Identifier  Dell (Secondary)

HorizSync   30-85
VertRefresh 48-120

EndSection


# **
# Graphics device section
# **

Section Device
Identifier  Sapphire ATI X800GTO 128MB (Primary)
Driver  radeon
BusID   PCI:1:0:0
ChipID  0x554f

Option  MergedFB  True
Option  CRT2Position  LeftOf
Option  MetaModes 1280x1024-1280x1024 1024x760-1024x768
Option  MergedDPI 100 100

EndSection

Section Device
Identifier  Sapphire ATI X800GTO 128MB (Secondary)
Driver  radeon
BusID   PCI:1:0:0
ChipID  0x554f
EndSection

Section Screen
Identifier  Screen 1
Device  Sapphire ATI X800GTO 128MB (Primary)
Monitor Dell (Primary)
DefaultDepth 24

Subsection Display
Depth   24
Modes   1280x1024 1152x864 1024x768
ViewPort0 0
Virtual 2560 1024 Subsection Display
Depth   24
Modes   1280x1024 1152x864 1024x768
ViewPort0 0
Virtual 2560 1024
EndSubsection
EndSection

Section Screen
Identifier  Screen 2
Device  Sapphire ATI X800GTO 128MB (Secondary)
Monitor Dell (Secondary)
DefaultDepth 24

Subsection Display
Depth   24
Modes   1280x1024 1152x864 1024x768
ViewPort0 0
EndSubsection
EndSection

# Any number of ServerLayout sections may be present.  Each describes
# the way multiple screens are organised.  A specific ServerLayout
# section may be specified from the X server command line with the
# -layout option.  In the absence of this, the first section is used.
# When now ServerLayout section is present, the first Screen section
# is used alone.

Section ServerLayout

Identifier  Dual Head

# Each Screen line specifies a Screen section name, and optionally
# the relative position of other screens.  The four names after
# primary screen name are the screens to the top, bottom, left and right
# of the primary screen.  In this example, screen 2 is located to the
# right of screen 1.

Screen Screen 1
Screen Screen 2 LeftOf Screen 1
InputDevice Mouse1 CorePointer
InputDevice Keyboard1 CoreKeyboard

EndSection

#Section DRI
#Mode 0666
#EndSection



EndSubsection
EndSection

Section Screen
Identifier  Screen 2
Device  Sapphire ATI X800GTO 128MB (Secondary)
Monitor Dell (Secondary)
DefaultDepth 24



HorizSync   30-85
VertRefresh 48-120

EndSection

dmesg
---

OpenBSD 3.9-current (GENERIC) #499: Mon Apr  3 17:09:22 MDT 2006
[EMAIL 

Re: dmesg - MacBook Pro

[steven n fettig]

Nick Guenther wrote:

On 4/7/06, Michael Steinfeld [EMAIL PROTECTED] wrote:
  

If anyone cares here's the dmesg from my MacBook Pro.



So did you use the new patch to allow this? I would have thought
they'd make the patch so it still locks it to WinXP only, but maybe
not.

-Nick

  
Actually, one note mentioned in a few other posts is that the dmesg from 
above is from Parallels virtualiztion software, *not* from running 
OpenBSD on the MacBook natively.  I responded to Michael - forgetting to 
cc the list - asking whether or not he actually got into the installer 
without the boot sequence hanging (using Boot Camp and the partition for 
Windows).  I was able to also use Parellels also for installing OpenBSD, 
but I was also able to do the same with QemuX and VirtualPC (on the ppc 
equipment) - so imho, this is no great feat.  I want to see whether or 
not OpenBSD can run natively on Apple's Intel stuff (albeit w/ 
reservations because Apple doesn't seem to care to help in providing 
docs, donations, etc...)  Anyway, when I boot from either the 3.8 i386 
CD or the 3.9-current boot ISO/CD, it hangs at one of the USB probes (I 
can't give the dmesg, though, cause I'm in a hurry).  So, I guess the 
general question is whether anyone has actually gotten any of the boot 
CD's to load (not through virt. software) *through* to begin the install 
either through Boot Camp or by holding down c when booting?


steve fettig

Problem with MPT when booting bsd.mp on Tyan S2895 Dual Opteron board

[Diana Eichert]

I just got in a server with a TyanS2895 motherboard, the chipset is the
Nvidia nForce Professional 2200.  Everything installs and boots fine with
the bsd kernel, but when I try to boot with bsd.mp it gets the
following errors during boot.

fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
mpt0: command timeout
sd0(mpt0:0:0): mpt0: recovered from command timeout
mpt0: command timeout
sd0(mpt0:0:0): mpt0: recovered from command timeout
mpt0: command timeout
sd0(mpt0:0:0): mpt0: recovered from command timeout
mpt0: command timeout
sd0(mpt0:0:0): mpt0: recovered from command timeout
mpt0: command timeout
sd0(mpt0:0:0): mpt0: recovered from command timeout
mpt0: command timeout
sd0(mpt0:0:0): mpt0: recovered from command timeout

This info was hand typed as there appears to be an issue with the serial
port as I can't redirect kernel boot to a serial port.  I've included the
bsd dmesg if that's any help.  I do see a few IOAPIC error messages
scroll up the screen when booting the bsd.mp kernel.

OpenBSD 3.9-current (GENERIC) #499: Mon Apr  3 17:09:22 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 3219873792 (3144408K)
avail mem = 2758131712 (2693488K)
using 22937 buffers containing 322195456 bytes (314644K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Opteron(tm) Processor 252, 2612.34 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
pci0 at mainbus0 bus 0: configuration mode 1
NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3
nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2
iic0 at nviic0
iic1 at nviic0
ohci0 at pci0 dev 2 function 0 NVIDIA nForce4 USB rev 0xa2: irq 10, version 
1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 10 ports with 10 removable, self powered
ehci0 at pci0 dev 2 function 1 NVIDIA nForce4 USB rev 0xa3: irq 11
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 10 ports with 10 removable, self powered
auich0 at pci0 dev 4 function 0 NVIDIA nForce4 AC97 rev 0xa2: irq 10, nForce4 
AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
pciide0 at pci0 dev 6 function 0 NVIDIA nForce4 IDE rev 0xa2: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SONY, DVD RW DW-G120A, MYS2 SCSI0 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 7 function 0 NVIDIA nForce4 SATA rev 0xa3: DMA
pciide1: using irq 10 for native-PCI interrupt
pciide2 at pci0 dev 8 function 0 NVIDIA nForce4 SATA rev 0xa3: DMA
pciide2: using irq 11 for native-PCI interrupt
ppb0 at pci0 dev 9 function 0 NVIDIA nForce4 PCI-PCI rev 0xa2
pci1 at ppb0 bus 1
vga1 at pci1 dev 4 function 0 NVIDIA GeForce2 MX rev 0xb2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Texas Instruments TSB43AB22 FireWire rev 0x00 at pci1 dev 5 function 0 not 
configured
nfe0 at pci0 dev 10 function 0 NVIDIA CK804 LAN rev 0xa3: irq 11, address 
00:e0:81:57:06:7e
eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 1
ppb1 at pci0 dev 14 function 0 NVIDIA nForce4 PCIE rev 0xa3
pci2 at ppb1 bus 2
pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pci3 at pchb0 bus 8
ppb2 at pci3 dev 10 function 0 AMD 8131 PCIX rev 0x12
pci4 at ppb2 bus 9
AMD 8131 PCIX IOAPIC rev 0x01 at pci3 dev 10 function 1 not configured
ppb3 at pci3 dev 11 function 0 AMD 8131 PCIX rev 0x12
pci5 at ppb3 bus 10
mpt0 at pci5 dev 6 function 0 Symbios Logic 53c1030 rev 0x07: irq 5
scsibus1 at mpt0: 16 targets
sd0 at scsibus1 targ 0 lun 0: SEAGATE, ST373207LW, 0004 SCSI3 0/direct fixed
sd0: 70007MB, 90774 cyl, 2 head, 789 sec, 512 bytes/sec, 143374744 sec total
mpt0: target 0 Synchronous at 160MHz width 16bit offset 63 QAS 1 DT 1 IU 1
mpt1 at pci5 dev 6 function 1 Symbios Logic 53c1030 rev 0x07: irq 11
scsibus2 at mpt1: 16 targets
mpt2 at pci5 dev 9 function 0 Symbios Logic FC929 rev 0x02: irq 10
mpt2: mpt_read_cfg_header: Config Info Status 22
mpt2: Could not retrieve Manufacturing Page 4 Header.
mpt2: could not retrieve manufacturingpages
mpt3 at pci5 dev 9 function 1 Symbios Logic FC929 rev 0x02: irq 5
mpt3: mpt_read_cfg_header: Config Info Status 22
mpt3: Could not retrieve Manufacturing Page 4 Header.
mpt3: could 

Voce Recebeu uma Charge Humortadela.

[Humortadela]

Ola!

Alguim que nco tinha nada para fazer, numa de suas visitas ao Humor
Tadela nco sei por que cargas d'agua, lhe recomendou a seguinte pagina:

Piada Animada: Felizes Para Sempre?

Nco funcionou?

Nco se desespere! Pegue o seu browser digite o seguinte enderego:

http://humortadela.com

Ou Acesse CLICANDO AQUI!!!

Ainda nco funcionou?

Bem, entco chegou a hora de comegar a se desesperar...

Turma do Humor Tadela
[IMAGE]
O maior site de humor da Amirica Latina!
http://humortadela.com

Em 01/04/2006, horario de Brasmlia amarela, 75 e em bom estado.

Re: (OT: PostgreSQL vs MySQL)

[Frank Bax]

At 01:08 PM 4/7/06, [EMAIL PROTECTED] wrote:

As to losing data, I suspect you'd lose a lot more
from PostgreSQL than MySQL on a failing hard drive.



And I suspect that if you place WAL files on different disk than the 
database, that the opposite is true. 

bgpd, nexthop and dynamically created interfaces

[tony sarendal]

It looks like bgpd has a problem with validating nexthop on new interfaces
when they are created.
A flap of the interface or restarting bgpd makes nexthop validate.
I have only tested with vlan interfaces.

Router up and running:

cr203-STO# bgpctl sh
Neighbor ASMsgRcvdMsgSentOutQ  Up/Down
State/PrefixRcvd
192.168.30.1065000  6 26 0 00:01:40  0
10.1.1.1465000 61 52 0 00:01:54 23
10.1.1.1 65000 61 53 0 00:01:54 18
172.16.1.5   65000 63 61 0 00:01:53 18
cr203-STO# bgpctl sh next
Nexthop  State
10.1.1.14valid vlan16  UP, Ethernet, unknown
172.16.1.5   valid vlan12  UP, Ethernet, unknown
10.1.1.1 valid vlan13  UP, Ethernet, unknown
cr203-STO#



New interface created:

cr203-STO# ifconfig vlan26 create
cr203-STO# ifconfig vlan26 vlan 26 vlandev pcn1
cr203-STO# ifconfig vlan26 10.1.1.37 netmask 255.255.255.252



New peering added (remote peer uses set nexthop self):

cr203-STO# bgpctl reload
reload request sent.
cr203-STO# bgpctl sh
Neighbor ASMsgRcvdMsgSentOutQ  Up/Down
State/PrefixRcvd
10.1.1.3865000 36 36 0 00:01:10 22  
New peering
192.168.30.1065000 14 43 0 00:05:14  0
10.1.1.1465000132128 0 00:05:28 23
10.1.1.1 65000133130 0 00:05:28 18
172.16.1.5   65000136141 0 00:05:27 18
cr203-STO# bgpctl sh next
Nexthop  State
10.1.1.38invalid   vlan26  New peering
10.1.1.14valid vlan16  UP, Ethernet, unknown
172.16.1.5   valid vlan12  UP, Ethernet, unknown
10.1.1.1 valid vlan13  UP, Ethernet, unknown
cr203-STO#



Flap interface:

cr203-STO# ifconfig vlan26 down
cr203-STO# ifconfig vlan26 up
cr203-STO# bgpctl sh next
Nexthop  State
10.1.1.38valid vlan26  UP, Ethernet, unknown  Looking
good
10.1.1.14valid vlan16  UP, Ethernet, unknown
172.16.1.5   valid vlan12  UP, Ethernet, unknown
10.1.1.1 valid vlan13  UP, Ethernet, unknown
cr203-STO#


/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   I couldn't help it, it's my nature =-

Re: Spamd, gmail and aol...

[Stuart Henderson]

On 2006/04/07 14:55, Jeff Ross wrote:
 rdr pass on $if_ext proto tcp from whitelist to port smtp \
   - ($if_ext) port 25
 
 Have you tested that your whitelist works by connecting from an IP
 address that's listed on it?
 
 No, but until this last week or so I've never had reason to think I had 
 a problem with the whitelist.

You need a fairly-clued-up user that cares enough to find an
out-of-band way to contact you with enough information to debug.
Unfortunately some email services are so shoddily-run that many
users think it's acceptable to sometimes lose emails without a
bounce message so they won't bother to contact the people who
do care.

 I'll have to think about how to do this, but thanks for the suggestion.

This is simple: add the address of your own workstation, or a
remote host where you have a shell account, to the whitelist,
then see what happens when you 'telnet a.mx.openvistas.net 25'

I'd recommend this as a matter of course when you're setting up
rdr rules unless you're absolutely sure how they work.

 I usually use no rdr when I want to exempt servers from
 greylisting, istr having some problem when I tried redirecting
 back to port 25 (but that was a long time ago, so ymmv).

Ok, looks like it should work to rdr back to port 25, at least
with a simple networking setup; however I'm still not too keen 
on rdr'ing packets that don't need it.

You might like to post output from 'pfctl -sn -v' (at any time)
and 'pfctl -ss' (when you spot an ongoing connection attempt with
tcpdump).

 Also, interesting.  I've pretty much used the setup as described in the 
 man page and haven't had a problem in like a year and a half of using 
 spamd.

The man page example doesn't document exempting hosts from
the greylist (whitelists in spamd.conf are a separate thing
and there are good reasons for this as you may want to ensure
some people aren't blacklisted but still subject them to
greylisting, and you may want to disable greylisting for a
netblock but still divert connections from there to spamd
if they become blacklisted).

 Okay, I've had some good ideas and thing to check.  In the meantime, I've
 had a chance to run tcpdump on port 25 while an aol e-mail was being
 bounced.
 
 Here's the relevant part of the capture:

Ok: I've isolated one of the several connections in there;

 11:42:56.538391 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
 1:20(19) ack 1 win 17520 (DF)
: 4500 003b 293a 4000 4006 b2cb d843 bb99  E..;):@[EMAIL PROTECTED];.
0010: 400c 8ace 0019 fad4 05ae 3412 7b73 0899  @..N..zT..4.{s..
0020: 5018 4470 1ecf  3232 3020 736d 7470  P.Dp.O..220 smtp
0030: 2e70 6173 7374 6872 750d 0a  .passthru..

 11:42:56.06 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
 1:26(25) ack 20 win 32768
: 4500 0041 a2a9  2d06 8c56 400c 8ace  E..A)[EMAIL PROTECTED]
0010: d843 bb99 fad4 0019 7b73 0899 05ae 3425  XC;.zT..{s4%
0020: 5018 8000 4867  4845 4c4f 2069 6d6f  P...Hg..HELO imo
0030: 2d6d 3136 2e6d 782e 616f 6c2e 636f 6d0d  -m16.mx.aol.com.
0040: 0a   .
 
 11:42:56.773419 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
 20:39(19) ack 26 win 17520 (DF)
: 4500 003b 688c 4000 4006 7379 d843 bb99  E..;[EMAIL 
 PROTECTED]@.syXC;.
0010: 400c 8ace 0019 fad4 05ae 3425 7b73 08b2  @..N..zT..4%{s.2
0020: 5018 4470 1ea0  3235 3020 736d 7470  P.Dp. ..250 smtp
0030: 2e70 6173 7374 6872 750d 0a  .passthru..
 
 11:42:56.882933 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
 26:58(32) ack 39 win 32768
: 4500 0048 a2ab  2d06 8c4d 400c 8ace  E..H[EMAIL PROTECTED]
0010: d843 bb99 fad4 0019 7b73 08b2 05ae 3438  XC;.zT..{s.2..48
0020: 5018 8000 a5f7  4d41 494c 2046 726f  P...%w..MAIL Fro
0030: 6d3a 3c4d 6164 6469 6573 6461 6440 616f  m:[EMAIL PROTECTED]
0040: 6c2e 636f 6d3e 0d0a  l.com..
 
 11:42:56.987074 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
 39:58(19) ack 58 win 17520 (DF)
: 4500 003b 613b 4000 4006 7aca d843 bb99  E..;a;@[EMAIL PROTECTED];.
0010: 400c 8ace 0019 fad4 05ae 3438 7b73 08d2  @..N..zT..48{s.R
0020: 5018 4470 78a1  3535 3020 4163 6365  P.Dpx!..550 Acce
0030: 7373 2064 656e 6965 640d 0a  ss denied..
 
 11:42:57.102134 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
 58:64(6) ack 58 win 32768
: 4500 002e a2ad  2d06 8c65 400c 8ace  E...[EMAIL PROTECTED]
0010: d843 bb99 fad4 0019 7b73 08d2 05ae 344b  XC;.zT..{s.R..4K
0020: 5018 8000 702e  5155 4954 0d0a   P...p...QUIT..
 
 11:42:57.219292 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
 58:101(43) ack 64 win 17520 (DF)
: 4500 0053 490a 4000 4006 92e3 d843 bb99  [EMAIL PROTECTED]@..cXC;.
0010: 400c 8ace 0019 fad4 05ae 344b 7b73 08d8  @..N..zT..4K{s.X
0020: 5018 4470 1918  3232 3120 696d 6f2d  P.Dp221 

Re: (OT: PostgreSQL vs MySQL)

[Josh Tolley]

On 4/7/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 As to losing data, I suspect you'd lose a lot more
 from PostgreSQL than MySQL on a failing hard drive.

Any particular reason for that suspicion? I ask out of genuine
interest, and I promise I don't want to start a flame war.

-Josh

Re: Spamd, gmail and aol...

[Jeff Ross]

On Sat, 8 Apr 2006, Stuart Henderson wrote:


On 2006/04/07 14:55, Jeff Ross wrote:

rdr pass on $if_ext proto tcp from whitelist to port smtp \
 - ($if_ext) port 25


Have you tested that your whitelist works by connecting from an IP
address that's listed on it?


No, but until this last week or so I've never had reason to think I had
a problem with the whitelist.


You need a fairly-clued-up user that cares enough to find an
out-of-band way to contact you with enough information to debug.
Unfortunately some email services are so shoddily-run that many
users think it's acceptable to sometimes lose emails without a
bounce message so they won't bother to contact the people who
do care.


Ah.  Well, if needs must...



I'll have to think about how to do this, but thanks for the suggestion.


This is simple: add the address of your own workstation, or a
remote host where you have a shell account, to the whitelist,
then see what happens when you 'telnet a.mx.openvistas.net 25'

I'd recommend this as a matter of course when you're setting up
rdr rules unless you're absolutely sure how they work.


I usually use no rdr when I want to exempt servers from
greylisting, istr having some problem when I tried redirecting
back to port 25 (but that was a long time ago, so ymmv).


Ok, looks like it should work to rdr back to port 25, at least
with a simple networking setup; however I'm still not too keen
on rdr'ing packets that don't need it.

You might like to post output from 'pfctl -sn -v' (at any time)
and 'pfctl -ss' (when you spot an ongoing connection attempt with
tcpdump).


Also, interesting.  I've pretty much used the setup as described in the
man page and haven't had a problem in like a year and a half of using
spamd.


The man page example doesn't document exempting hosts from
the greylist (whitelists in spamd.conf are a separate thing
and there are good reasons for this as you may want to ensure
some people aren't blacklisted but still subject them to
greylisting, and you may want to disable greylisting for a
netblock but still divert connections from there to spamd
if they become blacklisted).


Okay, I've had some good ideas and thing to check.  In the meantime, I've
had a chance to run tcpdump on port 25 while an aol e-mail was being
bounced.

Here's the relevant part of the capture:


Ok: I've isolated one of the several connections in there;


11:42:56.538391 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
1:20(19) ack 1 win 17520 (DF)
   : 4500 003b 293a 4000 4006 b2cb d843 bb99  E..;):@[EMAIL PROTECTED];.
   0010: 400c 8ace 0019 fad4 05ae 3412 7b73 0899  @..N..zT..4.{s..
   0020: 5018 4470 1ecf  3232 3020 736d 7470  P.Dp.O..220 smtp
   0030: 2e70 6173 7374 6872 750d 0a  .passthru..

11:42:56.06 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
1:26(25) ack 20 win 32768
   : 4500 0041 a2a9  2d06 8c56 400c 8ace  E..A)[EMAIL PROTECTED]
   0010: d843 bb99 fad4 0019 7b73 0899 05ae 3425  XC;.zT..{s4%
   0020: 5018 8000 4867  4845 4c4f 2069 6d6f  P...Hg..HELO imo
   0030: 2d6d 3136 2e6d 782e 616f 6c2e 636f 6d0d  -m16.mx.aol.com.
   0040: 0a   .

11:42:56.773419 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
20:39(19) ack 26 win 17520 (DF)
   : 4500 003b 688c 4000 4006 7379 d843 bb99  E..;[EMAIL PROTECTED]@.syXC;.
   0010: 400c 8ace 0019 fad4 05ae 3425 7b73 08b2  @..N..zT..4%{s.2
   0020: 5018 4470 1ea0  3235 3020 736d 7470  P.Dp. ..250 smtp
   0030: 2e70 6173 7374 6872 750d 0a  .passthru..

11:42:56.882933 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
26:58(32) ack 39 win 32768
   : 4500 0048 a2ab  2d06 8c4d 400c 8ace  E..H[EMAIL PROTECTED]
   0010: d843 bb99 fad4 0019 7b73 08b2 05ae 3438  XC;.zT..{s.2..48
   0020: 5018 8000 a5f7  4d41 494c 2046 726f  P...%w..MAIL Fro
   0030: 6d3a 3c4d 6164 6469 6573 6461 6440 616f  m:[EMAIL PROTECTED]
   0040: 6c2e 636f 6d3e 0d0a  l.com..

11:42:56.987074 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
39:58(19) ack 58 win 17520 (DF)
   : 4500 003b 613b 4000 4006 7aca d843 bb99  E..;a;@[EMAIL PROTECTED];.
   0010: 400c 8ace 0019 fad4 05ae 3438 7b73 08d2  @..N..zT..48{s.R
   0020: 5018 4470 78a1  3535 3020 4163 6365  P.Dpx!..550 Acce
   0030: 7373 2064 656e 6965 640d 0a  ss denied..

11:42:57.102134 imo-m16.mx.aol.com.64212  heinlein.openvistas.net.smtp: P
58:64(6) ack 58 win 32768
   : 4500 002e a2ad  2d06 8c65 400c 8ace  E...[EMAIL PROTECTED]
   0010: d843 bb99 fad4 0019 7b73 08d2 05ae 344b  XC;.zT..{s.R..4K
   0020: 5018 8000 702e  5155 4954 0d0a   P...p...QUIT..

11:42:57.219292 heinlein.openvistas.net.smtp  imo-m16.mx.aol.com.64212: P
58:101(43) ack 64 win 17520 (DF)
   : 4500 0053 490a 4000 4006 92e3 d843 bb99  [EMAIL PROTECTED]@..cXC;.
   0010: 400c 8ace 0019 fad4 05ae 344b 7b73 08d8  @..N..zT..4K{s.X
   0020: 5018 4470 1918  3232 3120 696d 6f2d 

Re: Spamd, gmail and aol...

[Benny Löfgren]

Jeff Ross wrote:
Never had any trouble with gmail once the various servers were 
whitelisted. Are you putting your whitelist after Bob Beck's list in 
spamd.conf? After your own blacklist?


 From my spamd.conf

all:\
  :china:korea:blacklist:beck:whitelist



Not that it's likely to have any bearing on this particular problem, but 
you need to pay close attention to the spamd.conf(5) man page.


For your whitelist (which is, as pointed out elsewhere, more accurately 
a non-blacklist list) to be effective against all active blacklists, 
it needs to be specified after EACH blacklist, like this:


all:\
  :china:whitelist:korea:whitelist:blacklist:whitelist:beck:whitelist:

The reason for this is that the addresses in each whitelist listed is 
removed only from the immediately preceding blacklist (enabling you to 
tailor each blacklist separately if needed).



Regards,

/Benny

--
Benny Lvfgren   / [EMAIL PROTECTED]
Stockholm, Sweden  /  Words must be weighed, not counted.

Re: Odd df reporting (On Apr 3 snapshot, data copied via 3.8snapshot)

[Whyzzi]

On 07/04/06, Otto Moerbeek [EMAIL PROTECTED] wrote:




 On Thu, 6 Apr 2006, Whyzzi wrote:

  Yeah! that is the thing I didn't do! Run fsck against the affected
  partition! Anyways, as per your questions:
 
  I copied the with cp, eg:
  # cd /mnt/wd1a
  # cp -R Anime /mnt/wd2d
 
  Here are the raw df output from the current snapshot kernel [brought
  to you by the wonders of OpenSSH]:
  # df
  Filesystem  512-blocks  Used Avail Capacity  Mounted on
  /dev/wd0a 18572172   1062820  16580744 6%/
  /dev/wd0d123841300 4215514788 197101744 14535%/mnt/wd0d
  /dev/wd0e123841300  13434788 10421444811%/mnt/wd0e
  /dev/wd0f212356232  66929816 13480860833%/mnt/wd0f
  #
 
  I had torrent'd the Olive OpenBSD live cd awhile back that was a
  December? -stable 3.8 (I think), could I use that to run fsck against
  the affected partition? That would be easier to do than to hookup the
  40gig that contained the Dec snapshot (I don't have a copy of either
  3.8/3.9 -release available, but I will make one and install it if you
  want me to).

 The Olive CD will probably do, although booting a 3.8 kernel from the
 boot prompt should work as well; just copy the 3.8 kernel to your root
 as bsd38 and type boot bsd38 at the boot prompt.

Cool. Done. I used ftp to grab the 3.8 release kernel from a local
mirror. I booted single user mode cause I didn't want my services
spewing at me due to kernel differences. Below are the results:
=-=-=-=-=-=-=-=-=-=-=-=-
boot boot /bsd.38 -s

/** SNIP -- cause I copied everything by hand **/

Enter pathname or RETURN for shell:
Terminal type? vt220
# dh -h
Filesystem  Size Used Avail  Capacity  Mounted on
root_device 8.9G 524M 7.9G  6% /
# mount /dev/wd0d /mnt/wd0d
# df
Filesystem 512-blocks   Used Avail  Capacity  Mounted on
root_device  185721271073632  16569932  6%/
/dev/wd0d   123841300 4215514788  197101744 14535%/dev/wd0d
=-=-=-=-=-=-=-=-=-=-=-=-
Interesting. No difference whatsoever. And because I am a (l)user, I
am not going to even try to theorize what happened and why. The only
thing I will say is that each directory I copied - there were five,
all contained literally more than 10Gigabytes (usually more) of
useless data each (ok the mp3 collection isn't so useless).

This might be reproduce-able by creating 20 or so 500MB files and
stuffing them into various subdirectories, totalling 10Gb in one
directory. copy that 5 times by giving the same directory a different
name. Then take a look at the drive stats via df. Just remember that
in my case the destination partition was mounted sync.

Is there anything you would like to have done - or can I use the 3.9
snapshot and run the fsck?

Cheers,  thanks!


 
  Cheers,  thanks for the reply!!
 
  On 06/04/06, Otto Moerbeek [EMAIL PROTECTED] wrote:
  
  
   On Wed, 5 Apr 2006, Whyzzi wrote:
  
I've had a strange occurance I'd like to report, in using df -h, but
the circumstances that brought about this condition are somewhat
unusual, so I really don't know if it is anything to be concerned
about. This might also have already been fixed, as I do not follow
tech/src
   
Background:
I have setup a home based samba media file server, originally running
3.8; a snapshot from Dec. The files on this server was split between 2
drives, a decrepid 30gig IBM/Hitachi, and a Maxtor 40gig.
   
Pulled the plug on the two drives, and connected the a Seagate 250Gig
IDE HD. (primary master IDE). Installed the April 3rd snapshot on it
via dvdrw. Gave root 9Gig at the front of the drive, swap 1gig,
created 2 60gig partitions, and 100gig, all with pre-setup mount
points (df, disklabel, fstab, dmesg included @ end).
   
Disconnected dvdrw, connected the 250Gig to the secondary IDE master,
and booted into the older 3.8 snapshot. Mounted one of the partitions
I created in 3.9, and proceded to copy the files over (yeah, 50+gigs
over UDMA33 without softdep can take quite some time to copy on a P3
700). When that was finally done, and since I had the root of 3.9
accessible, I modified 3.9's fstab to include softdep, modified pf,
modified rc/rc.conf, plus startup config stuff. Then I turned off the
PC   removed the 30  40gig drives, mounted the 250gig to the case -
and reconnected it to the primary ide interface on the mainboard, and
reconnected the dvdrw drive.
   
Originally, when I had booted up, df was reporting (no snapshot taken)
no additional space used by the partition (ie freshly formated, even
though I had copied stuff there in 3.8). I've since moved the
directories I wanted to move, and now df is reporting wayy over the
size limit. So before I move the last of the information around 
reformat the partition to return accurate results, I thought I'd share
with the list what I am seeing:
   
## df -h