Invitation to connect on LinkedIn

[Siju George]

LinkedIn




   
I'd like to add you to my professional network on LinkedIn.

- Siju

Confirm that you know Siju George
https://www.linkedin.com/e/isd/822151356/DQCGCAk9/

Every day, millions of professionals like Siju George use LinkedIn to connect 
with colleagues, find experts, and explore opportunities.



 
--
(c) 2009, LinkedIn Corporation

Re: smtpd rejecting users

[Gilles Chehade]

you need to start smtpd with -dv not -bv to enable debug logging :-)

Gilles

On Mon, Oct 26, 2009 at 11:13:29PM +0100, Robert wrote:
 
 Setup:
 Running as user1 I sent an email to testuser (local) and I expected 
 it  to end up in the root mbox since that was what I configured in 
 aliases.
 
 (note: I know that you shouldn't receive email as root, this is just a 
 test setup for trying out the new smtpd)
 
 
 
 
 /etc/mail/smtpd.conf
 ---
 listen on lo0
 map aliases { source db /etc/mail/aliases.db }
 accept from 127.0.0.1 for local deliver to mbox
 ---
 
 
 /etc/mail/aliases (I've run newaliases after editing)
 ---
 #
 #   $OpenBSD: aliases,v 1.30 2009/05/20 21:10:06 thib Exp $
 #
 #  Aliases in this file will NOT be expanded in the header from
 #  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
 #
 # The program newaliases must be run after
 #NOTE   this file is updated for any changes to
 # show through to sendmail.
 #
 
 # Basic system aliases -- these MUST be present
 MAILER-DAEMON: postmaster
 postmaster: root
 
 # General redirections for important pseudo accounts
 daemon: root
 ftp-bugs: root
 operator: root
 uucp:   root
 www:root
 
 # Redirections for pseudo accounts that should not receive mail
 _afs: /dev/null
 _bgpd: /dev/null
 _btd: /dev/null
 _dhcp: /dev/null
 _dvmrpd: /dev/null
 _fingerd: /dev/null
 _ftp: /dev/null
 _hostapd: /dev/null
 _identd: /dev/null
 _isakmpd: /dev/null
 _kadmin: /dev/null
 _kdc: /dev/null
 _mopd: /dev/null
 _ntp: /dev/null
 _ospfd: /dev/null
 _ospf6d: /dev/null
 _pflogd: /dev/null
 _portmap: /dev/null
 _ppp: /dev/null
 _rbootd: /dev/null
 _relayd: /dev/null
 _ripd: /dev/null
 _rstatd: /dev/null
 _rtadvd: /dev/null
 _rusersd: /dev/null
 _rwalld: /dev/null
 _smtpd: /dev/null
 _snmpd: /dev/null
 _spamd: /dev/null
 _syslogd: /dev/null
 _tcpdump: /dev/null
 _tftpd: /dev/null
 _x11:   /dev/null
 _ypldap: /dev/null
 bin:/dev/null
 named:  /dev/null
 nobody: /dev/null
 popa3d: /dev/null
 proxy:  /dev/null
 smmsp:  /dev/null
 sshd:   /dev/null
 
 # Well-known aliases -- these should be filled in!
 # root:
 # manager:
 # dumper:
 
 # RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
 abuse:  root
 # noc:  root
 security:   root
 
 # RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
 # hostmaster:   root
 # usenet:   root
 # news: usenet
 # webmaster:root
 # ftp:  root
 
 # uncomment this for msgs:
 # msgs: |/usr/bin/msgs -s
 
 testuser: root
 ---
 
 
 command run on local machine
 ---
 mail -s test2 testuser
 test2
 .
 ---
 
 
 smtpd -bv
 ---
 warning: could not load cert: lo0, no SSL/TLS/AUTH support
 startup [debug mode]
 smtpd: max open files 1024
 smtpd: will accept at most 768 clients
 parent_send_config: configuring smtp
 parent_send_config_client_certs: configuring smtp
 parent_send_config_ruleset: reloading rules and maps
 parent_send_config_ruleset: reloading rules and maps
 smtp_setup_events: listen on IPv6:fe80:3::1 port 25 flags 0x0 cert lo0
 smtp_setup_events: listen on IPv6:::1 port 25 flags 0x0 cert lo0
 smtp_setup_events: listen on 127.0.0.1 port 25 flags 0x0 cert lo0
 smtp_accept: incoming client on listener: 0x2051b6000
 smtp_accept: accepted client on listener: 0x2051b6000
 lookup_ptr 127.0.0.1
 lookup_ptr success
 session_pickup: greeting client
 command: EHLO   args: pcc.abc.test
 command: MAIL From  args: us...@pcc.abc.test
 session_rfc5321_mail_handler: sending notification to mfa
 matching: pcc.abc.test to localhost
 matching: pcc.abc.test to pcc.abc.test
 matching: pcc.abc.test to localhost
 matching: pcc.abc.test to pcc.abc.test
 smtp_dispatch_mfa: mfa handled return path
 queue_dispatch_smtp: creating message file
 smtp_dispatch_queue: queue handled message creation
 command: RCPT Toargs: testu...@pcc.abc.test
 matching: pcc.abc.test to localhost
 matching: pcc.abc.test to pcc.abc.test
 smtp_dispatch_mfa: mfa handled return path
 command: DATA   args: (null)
 command: RSET   args: (null)
 command: RSET   args: (null)
 command: MAIL From  args: 
 session_rfc5321_mail_handler: sending notification to mfa
 matching:  to localhost
 matching:  to pcc.abc.test
 smtp_dispatch_mfa: mfa handled return path
 queue_dispatch_smtp: creating message file
 smtp_dispatch_queue: queue handled message creation
 command: RCPT Toargs: us...@pcc.abc.test
 matching: pcc.abc.test to localhost
 matching: pcc.abc.test to pcc.abc.test
 smtp_dispatch_mfa: mfa handled return path
 command: DATA   args: (null)
 command: RSET   args: (null)
 command: RSET   args: (null)
 command: MAIL From  args: 
 session_rfc5321_mail_handler: sending notification to mfa
 matching:  to localhost
 matching:  to pcc.abc.test
 smtp_dispatch_mfa: mfa handled return path
 queue_dispatch_smtp: creating message file
 smtp_dispatch_queue: queue handled message creation
 command: RCPT Toargs: postmas...@pcc.abc.test
 matching: pcc.abc.test to 

Re: smtpd support DIGEST MD5 AUTH ?

[Gilles Chehade]

no need to do this, you can setup startls and ssmtp within a
minute following the instruction in man starttls.

Gilles

On Tue, Oct 27, 2009 at 01:40:34PM +1100, Aaron Mason wrote:
 If you really want to secure the transmission, you could always
 connect to it via stunnel or something similar.
 
 On Tue, Oct 27, 2009 at 2:48 AM, Fernando Quintero
 fernando.a.quint...@gmail.com wrote:
  uhmm ok,
  I got it, smtpd is interfaced to bsdauth (thx gregory) so, I will
  search in that way, really I'm just trying things and I'm verifying
  the simplicity of the configuration, I want to write a HowTo
  (spanish), about OpenSMTPD + auth +pop3s + imaps + webmail, etc ...
 
  Thanks a lot.
 
  On Mon, Oct 26, 2009 at 4:12 AM, Gilles Chehade gil...@openbsd.org wrote:
  On Mon, Oct 26, 2009 at 02:01:01AM -0500, Fernando Quintero wrote:
  Hi all,
 
  first, thx to gilles for this great software,
 
 
  jacekm@ did a lot of work on it too ;-)
 
 
  I'm testing smtpd with TLS and SSL an it works ok, I noticed that the
  AUTH command uses PLAIN LOGIN.
 
  The question is: smtpd supports another thing different to PLAIN LOGIN
  for AUTH?, is possible integrate it to SASL ?
 
 
  currently, smtpd only supports PLAIN and LOGIN on top of tls/ssmtp and
  there's slight chances this will change in a short timeframe as there
  are lots of higher priority things to do.
 
  what are you trying to achieve ?
 
  Gilles
 
 
  --
  Gilles Chehade
  freelance developer/sysadmin/consultant
 
http://www.poolp.org
 
 
 
 
  --
  --
 
  Fernando Quintero
  http://nonroot.blogspot.com/
  *Just a nonroot User*
 
 
 
 If you really want to secure the transmission, you could always
 connect to it via stunnel or something similar.
 
 --
 Aaron Mason - Programmer, open source addict
 - Oh, why does everything I whip leave me?
 

-- 
Gilles Chehade
freelance developer/sysadmin/consultant

   http://www.poolp.org

Free alternative for BMC Patrol

[Tomáš Bodžár]

Hi all,

can't find it with searches on Google or in archives on marc.info but
I'm sure that there was some post about in the past. Do you know free
alternative for similar monitoring infrastructure tool under BSD
licence ? Can't remember its name.


Thx

-- 
http://www.openbsd.org/lyrics.html

Re: smtpd rejecting users

[Robert]

;) just a typo in my post; for the test I started it with -dv

(smtpd would complain otherwise at startup)


Gilles Chehade wrote:

you need to start smtpd with -dv not -bv to enable debug logging :-)

Gilles

On Mon, Oct 26, 2009 at 11:13:29PM +0100, Robert wrote:

Setup:
Running as user1 I sent an email to testuser (local) and I expected 
it  to end up in the root mbox since that was what I configured in 
aliases.


(note: I know that you shouldn't receive email as root, this is just a 
test setup for trying out the new smtpd)





/etc/mail/smtpd.conf
---
listen on lo0
map aliases { source db /etc/mail/aliases.db }
accept from 127.0.0.1 for local deliver to mbox
---


/etc/mail/aliases (I've run newaliases after editing)
---
#
#   $OpenBSD: aliases,v 1.30 2009/05/20 21:10:06 thib Exp $
#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
#
# The program newaliases must be run after
#NOTE   this file is updated for any changes to
# show through to sendmail.
#

# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root

# General redirections for important pseudo accounts
daemon: root
ftp-bugs: root
operator: root
uucp:   root
www:root

# Redirections for pseudo accounts that should not receive mail
_afs: /dev/null
_bgpd: /dev/null
_btd: /dev/null
_dhcp: /dev/null
_dvmrpd: /dev/null
_fingerd: /dev/null
_ftp: /dev/null
_hostapd: /dev/null
_identd: /dev/null
_isakmpd: /dev/null
_kadmin: /dev/null
_kdc: /dev/null
_mopd: /dev/null
_ntp: /dev/null
_ospfd: /dev/null
_ospf6d: /dev/null
_pflogd: /dev/null
_portmap: /dev/null
_ppp: /dev/null
_rbootd: /dev/null
_relayd: /dev/null
_ripd: /dev/null
_rstatd: /dev/null
_rtadvd: /dev/null
_rusersd: /dev/null
_rwalld: /dev/null
_smtpd: /dev/null
_snmpd: /dev/null
_spamd: /dev/null
_syslogd: /dev/null
_tcpdump: /dev/null
_tftpd: /dev/null
_x11:   /dev/null
_ypldap: /dev/null
bin:/dev/null
named:  /dev/null
nobody: /dev/null
popa3d: /dev/null
proxy:  /dev/null
smmsp:  /dev/null
sshd:   /dev/null

# Well-known aliases -- these should be filled in!
# root:
# manager:
# dumper:

# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
abuse:  root
# noc:  root
security:   root

# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
# hostmaster:   root
# usenet:   root
# news: usenet
# webmaster:root
# ftp:  root

# uncomment this for msgs:
# msgs: |/usr/bin/msgs -s

testuser: root
---


command run on local machine
---
mail -s test2 testuser
test2
.
---


smtpd -bv
---
warning: could not load cert: lo0, no SSL/TLS/AUTH support
startup [debug mode]
smtpd: max open files 1024
smtpd: will accept at most 768 clients
parent_send_config: configuring smtp
parent_send_config_client_certs: configuring smtp
parent_send_config_ruleset: reloading rules and maps
parent_send_config_ruleset: reloading rules and maps
smtp_setup_events: listen on IPv6:fe80:3::1 port 25 flags 0x0 cert lo0
smtp_setup_events: listen on IPv6:::1 port 25 flags 0x0 cert lo0
smtp_setup_events: listen on 127.0.0.1 port 25 flags 0x0 cert lo0
smtp_accept: incoming client on listener: 0x2051b6000
smtp_accept: accepted client on listener: 0x2051b6000
lookup_ptr 127.0.0.1
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: pcc.abc.test
command: MAIL From  args: us...@pcc.abc.test
session_rfc5321_mail_handler: sending notification to mfa
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
queue_dispatch_smtp: creating message file
smtp_dispatch_queue: queue handled message creation
command: RCPT Toargs: testu...@pcc.abc.test
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
command: DATA   args: (null)
command: RSET   args: (null)
command: RSET   args: (null)
command: MAIL From  args: 
session_rfc5321_mail_handler: sending notification to mfa
matching:  to localhost
matching:  to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
queue_dispatch_smtp: creating message file
smtp_dispatch_queue: queue handled message creation
command: RCPT Toargs: us...@pcc.abc.test
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
command: DATA   args: (null)
command: RSET   args: (null)
command: RSET   args: (null)
command: MAIL From  args: 
session_rfc5321_mail_handler: sending notification to mfa
matching:  to localhost
matching:  to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
queue_dispatch_smtp: creating message file
smtp_dispatch_queue: queue handled message creation
command: RCPT Toargs: postmas...@pcc.abc.test
matching: pcc.abc.test to localhost
matching: pcc.abc.test to 

Re: smtpd rejecting users

[Gilles Chehade]

are you running -current ?

Gilles


Robert a C)crit :

;) just a typo in my post; for the test I started it with -dv

(smtpd would complain otherwise at startup)


Gilles Chehade wrote:

you need to start smtpd with -dv not -bv to enable debug logging :-)

Gilles

On Mon, Oct 26, 2009 at 11:13:29PM +0100, Robert wrote:

Setup:
Running as user1 I sent an email to testuser (local) and I 
expected it  to end up in the root mbox since that was what I 
configured in aliases.


(note: I know that you shouldn't receive email as root, this is just 
a test setup for trying out the new smtpd)





/etc/mail/smtpd.conf
---
listen on lo0
map aliases { source db /etc/mail/aliases.db }
accept from 127.0.0.1 for local deliver to mbox
---


/etc/mail/aliases (I've run newaliases after editing)
---
#
#   $OpenBSD: aliases,v 1.30 2009/05/20 21:10:06 thib Exp $
#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks or from 
/usr/libexec/mail.local.

#
# The program newaliases must be run after
#NOTE   this file is updated for any changes to
# show through to sendmail.
#

# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root

# General redirections for important pseudo accounts
daemon: root
ftp-bugs: root
operator: root
uucp:   root
www:root

# Redirections for pseudo accounts that should not receive mail
_afs: /dev/null
_bgpd: /dev/null
_btd: /dev/null
_dhcp: /dev/null
_dvmrpd: /dev/null
_fingerd: /dev/null
_ftp: /dev/null
_hostapd: /dev/null
_identd: /dev/null
_isakmpd: /dev/null
_kadmin: /dev/null
_kdc: /dev/null
_mopd: /dev/null
_ntp: /dev/null
_ospfd: /dev/null
_ospf6d: /dev/null
_pflogd: /dev/null
_portmap: /dev/null
_ppp: /dev/null
_rbootd: /dev/null
_relayd: /dev/null
_ripd: /dev/null
_rstatd: /dev/null
_rtadvd: /dev/null
_rusersd: /dev/null
_rwalld: /dev/null
_smtpd: /dev/null
_snmpd: /dev/null
_spamd: /dev/null
_syslogd: /dev/null
_tcpdump: /dev/null
_tftpd: /dev/null
_x11:   /dev/null
_ypldap: /dev/null
bin:/dev/null
named:  /dev/null
nobody: /dev/null
popa3d: /dev/null
proxy:  /dev/null
smmsp:  /dev/null
sshd:   /dev/null

# Well-known aliases -- these should be filled in!
# root:
# manager:
# dumper:

# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
abuse:  root
# noc:  root
security:   root

# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
# hostmaster:   root
# usenet:   root
# news: usenet
# webmaster:root
# ftp:  root

# uncomment this for msgs:
# msgs: |/usr/bin/msgs -s

testuser: root
---


command run on local machine
---
mail -s test2 testuser
test2
.
---


smtpd -bv
---
warning: could not load cert: lo0, no SSL/TLS/AUTH support
startup [debug mode]
smtpd: max open files 1024
smtpd: will accept at most 768 clients
parent_send_config: configuring smtp
parent_send_config_client_certs: configuring smtp
parent_send_config_ruleset: reloading rules and maps
parent_send_config_ruleset: reloading rules and maps
smtp_setup_events: listen on IPv6:fe80:3::1 port 25 flags 0x0 cert 
lo0

smtp_setup_events: listen on IPv6:::1 port 25 flags 0x0 cert lo0
smtp_setup_events: listen on 127.0.0.1 port 25 flags 0x0 cert lo0
smtp_accept: incoming client on listener: 0x2051b6000
smtp_accept: accepted client on listener: 0x2051b6000
lookup_ptr 127.0.0.1
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: pcc.abc.test
command: MAIL From  args: us...@pcc.abc.test
session_rfc5321_mail_handler: sending notification to mfa
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
queue_dispatch_smtp: creating message file
smtp_dispatch_queue: queue handled message creation
command: RCPT Toargs: testu...@pcc.abc.test
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
command: DATA   args: (null)
command: RSET   args: (null)
command: RSET   args: (null)
command: MAIL From  args: 
session_rfc5321_mail_handler: sending notification to mfa
matching:  to localhost
matching:  to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
queue_dispatch_smtp: creating message file
smtp_dispatch_queue: queue handled message creation
command: RCPT Toargs: us...@pcc.abc.test
matching: pcc.abc.test to localhost
matching: pcc.abc.test to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
command: DATA   args: (null)
command: RSET   args: (null)
command: RSET   args: (null)
command: MAIL From  args: 
session_rfc5321_mail_handler: sending notification to mfa
matching:  to localhost
matching:  to pcc.abc.test
smtp_dispatch_mfa: mfa handled return path
queue_dispatch_smtp: creating message file
smtp_dispatch_queue: queue handled message creation
command: RCPT Toargs: postmas...@pcc.abc.test
matching: 

Re: smtpd rejecting users

[Robert]

No, plain -release amd64 from the CD:
OpenBSD pcc.abc.test 4.6 GENERIC.MP#81 amd64

I have another PC for testing and I will install -current on it to rule 
out any side effects that might have occured on this (pcc) machine (will 
take some time; it's a VIA C3...).


Robert


Gilles Chehade wrote:

are you running -current ?

Gilles

Re: smtpd rejecting users

[Gilles Chehade]

can you also show your /etc/mailer.conf ?

what you experience looks like the result of smtpd looking at a db with
a format it doesn't understand (ie: trying to resolve aliases which are
in a db you built using sendmail's `newaliases`)

Gilles


Robert a C)crit :

No, plain -release amd64 from the CD:
OpenBSD pcc.abc.test 4.6 GENERIC.MP#81 amd64

I have another PC for testing and I will install -current on it to 
rule out any side effects that might have occured on this (pcc) 
machine (will take some time; it's a VIA C3...).


Robert


Gilles Chehade wrote:

are you running -current ?

Gilles

IMBIKEMAG Launches Issue 2!

[IMBIKEMAG Rou Chater]

Hi 

http://www.imbikemag.com/issue2/

I just wanted to get in touch again to let you know that we have
launched Issue 2 of IMBIKEMAG, this time it is even bigger with twice
as much editorial content and it is literally bursting at the seams!
There is even more video content too, so plenty to keep you
entertained when you aren't out riding the trails!

Highlights include, Steve Peat, The Maddest Race on Earth, and a full
feature on night riding including light tests with full video! There
is quite literally loads more to check out, Billy Savage, Hardtail
Tests, even more Technique and a Trail Guide to Afan so be sure to
follow the link and see how much more we have put into Issue 2!

http://www.imbikemag.com/issue2/

We had a fantastic response to Issue 1, and we are looking for an
even better one for Issue 2, we would be most grateful if you would
help us spread the word about the mag and pass on the link to your
friends and share the link around as much as possible!

Many thanks

Rou Chater

Publishing Editor

http://www.imbikemag.com

Re: smtpd support DIGEST MD5 AUTH ?

[Kami Petersen]

a bit longer answer: smtpd is interfaced to bsdauth (see
authenticate(3)). so if you want you can implement authentication
method, just like I did to authenticate smtpd client to pop3 server.


authenticate(3) makes my head spin, it would be awesome if you shared 
how you did that! Has anybody else tried in general to interface with 
other virtual authentication databases, and wish to share some experiences?


Thnx!
Kami

Re: smtpd rejecting users

[Gilles Chehade]

On Tue, Oct 27, 2009 at 12:00:44PM +0100, Robert wrote:
 It's the unmodified -release one:
 #   $OpenBSD: mailer.conf,v 1.4 2009/03/16 14:26:22 jacekm Exp $
 #
 # Execute the real sendmail program, named /usr/libexec/sendmail/sendmail
 #
 sendmail/usr/libexec/sendmail/sendmail
 send-mail   /usr/libexec/sendmail/sendmail
 mailq   /usr/libexec/sendmail/sendmail
 makemap /usr/libexec/sendmail/makemap
 newaliases  /usr/libexec/sendmail/sendmail
 hoststat/usr/libexec/sendmail/sendmail
 purgestat   /usr/libexec/sendmail/sendmail
 
 
 I wasn't aware that any changes were needed for smtpd (there is nothing 
 about this in the documentation).
 

From http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd

smtpd is not enabled by default.  In order to use it as the system mail-
 er, ensure the mail queue is empty, then stop sendmail(8):

   # pkill sendmail

 Modify the current mailwrapper(8) settings by editing /etc/mailer.conf:

   sendmail/usr/sbin/smtpctl
   send-mail   /usr/sbin/smtpctl
   mailq   /usr/sbin/smtpctl
   makemap /usr/libexec/smtpd/makemap
   newaliases  /usr/libexec/smtpd/makemap

 Rebuild the aliases database, and enable the daemon:

   # newaliases
   # echo sendmail_flags=NO  /etc/rc.conf.local
   # echo smtpd_flags=  /etc/rc.conf.local
   # smtpd


 Now I rebuild the /etc/mail/aliases.db by executing /usr/bin/newaliases, 
 but this leads to the same result (/var/spool/clientmqueue/...):
 (this seems to be the only newaliases on the system...)
 

yes, but if you look at it more carefully you'll notice that the newaliases
command is actually a link to the mailwrapper command which uses the settings
in /etc/mailer.conf to determine which command to execute for real. As long
as you don't fix your mailer.conf, all commands such as makemap and newaliases
will use sendmail's executables instead of smtpd's and thus aliases and
virtual domains will not work

Gilles

-- 
Gilles Chehade
freelance developer/sysadmin/consultant

   http://www.poolp.org

Re: smtpd rejecting users

[Robert]

It's the unmodified -release one:
#   $OpenBSD: mailer.conf,v 1.4 2009/03/16 14:26:22 jacekm Exp $
#
# Execute the real sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail/usr/libexec/sendmail/sendmail
send-mail   /usr/libexec/sendmail/sendmail
mailq   /usr/libexec/sendmail/sendmail
makemap /usr/libexec/sendmail/makemap
newaliases  /usr/libexec/sendmail/sendmail
hoststat/usr/libexec/sendmail/sendmail
purgestat   /usr/libexec/sendmail/sendmail


I wasn't aware that any changes were needed for smtpd (there is nothing 
about this in the documentation).



Now I rebuild the /etc/mail/aliases.db by executing /usr/bin/newaliases, 
but this leads to the same result (/var/spool/clientmqueue/...):

(this seems to be the only newaliases on the system...)

---

This is a MIME-encapsulated message

--n9RAlYX5022803.1256640455/pcc.abc.test

The original message was received at Tue, 27 Oct 2009 11:47:34 +0100 (CET)
from r...@localhost

   - The following addresses had permanent fatal errors -
testuser
(reason: 530 Recipient rejected)
(expanded from: testuser)

   - Transcript of session follows -
... while talking to [127.0.0.1]:
 RCPT To:testu...@pcc.abc.test
 530 Recipient rejected
554 5.0.0 Service unavailable
 DATA
 503 Need RCPT before DATA

--n9RAlYX5022803.1256640455/pcc.abc.test
Content-Type: message/delivery-status

Reporting-MTA: dns; pcc.abc.test
Arrival-Date: Tue, 27 Oct 2009 11:47:34 +0100 (CET)

Final-Recipient: RFC822; testu...@pcc.abc.test
Action: failed
Status: 5.0.0
Remote-MTA: DNS; [127.0.0.1]
Diagnostic-Code: SMTP; 530 Recipient rejected
Last-Attempt-Date: Tue, 27 Oct 2009 11:47:34 +0100 (CET)

--n9RAlYX5022803.1256640455/pcc.abc.test
Content-Type: message/rfc822

Return-Path: user1
Received: (from r...@localhost)
by pcc.abc.test (8.14.3/8.14.3/Submit) id n9RAlYX4022803
for testuser; Tue, 27 Oct 2009 11:47:34 +0100 (CET)
Date: Tue, 27 Oct 2009 11:47:34 +0100 (CET)
From: user1
Message-Id: 200910271047.n9ralyx4022...@pcc.abc.test
To: testuser
Subject: test3

test3

--n9RAlYX5022803.1256640455/pcc.abc.test--



Gilles Chehade wrote:

can you also show your /etc/mailer.conf ?

what you experience looks like the result of smtpd looking at a db with
a format it doesn't understand (ie: trying to resolve aliases which are
in a db you built using sendmail's `newaliases`)

Gilles


Robert a C)crit :

No, plain -release amd64 from the CD:
OpenBSD pcc.abc.test 4.6 GENERIC.MP#81 amd64

I have another PC for testing and I will install -current on it to 
rule out any side effects that might have occured on this (pcc) 
machine (will take some time; it's a VIA C3...).


Robert


Gilles Chehade wrote:

are you running -current ?

Gilles

4.6 hang

[Steve Shockley]

I recently upgraded my firewall box from 4.4 to 4.6.  At first it was 
running well (about a week), but yesterday I started getting occasional 
hangs where the screen would be blank and it'd stop responding to ping 
(and passing traffic).  Figuring it was a hardware failure, I swapped 
the drive into another box.  I still seem to be getting occasional 
hangs; I even turned off screen blanking, and when it hangs there's 
nothing on the screen (monitor goes to power save).  The only shared 
hardware between the two machines is a Compaq fiber em NIC (which I'll 
replace tonight) and the hard drive (which isn't showing any errors). 
Assuming it is a software problem, how can I diagnose it?  I'll paste 
the dmesg below.  I'm running 4.6 with patch 001 and 002 applied, and 
I've tried both the sp and mp kernels.


OpenBSD 4.6-stable (GENERIC) #1: Tue Oct  6 05:40:03 EDT 2009
r...@build46.localdomain:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.06GHz (GenuineIntel 686-class) 3.07 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR

real mem  = 3220668416 (3071MB)
avail mem = 3120185344 (2975MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/14/04, BIOS32 rev. 0 @ 0xffe90, 
SMBIOS rev. 2.3 @ 0xfae10 (77 entries)

bios0: vendor Dell Computer Corporation version A05 date 10/14/2004
bios0: Dell Computer Corporation PowerEdge 650
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR
acpi0: wakeup devices PCI0(S5) PCI1(S5) PCI2(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins
ioapic1: misconfigured as apic 0, remapped to apid 3
ioapic2 at mainbus0: apid 4 pa 0xfec02000, version 11, 16 pins
ioapic2: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PCI1)
acpiprt2 at acpi0: bus 2 (PCI2)
acpicpu0 at acpi0
bios0: ROM list: 0xc/0x8000 0xc8000/0x4800 0xec000/0x4000!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 ServerWorks GCNB-LE Host rev 0x32
pchb1 at pci0 dev 0 function 1 ServerWorks GCNB-LE Host rev 0x00
pci1 at pchb1 bus 1
em0 at pci1 dev 3 function 0 Intel PRO/1000MT (82546EB) rev 0x01: apic 
3 int 3 (irq 7), address 00:04:23:a5:c8:6e
em1 at pci1 dev 3 function 1 Intel PRO/1000MT (82546EB) rev 0x01: apic 
3 int 4 (irq 5), address 00:04:23:a5:c8:6f
em2 at pci0 dev 3 function 0 Intel PRO/1000 (82542) rev 0x03: apic 3 
int 1 (irq 15), address 00:08:c7:86:39:f5

vga1 at pci0 dev 4 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pciide0 at pci0 dev 5 function 0 CMD Technology PCI0680 rev 0x02
pciide0: bus-master DMA support present
pciide0: channel 0 wired to native-PCI mode
pciide0: using apic 3 int 7 (irq 11) for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: ST340014A
wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 wired to native-PCI mode
piixpm0 at pci0 dev 15 function 0 ServerWorks CSB6 rev 0xa0: SMBus 
disabled

pciide1 at pci0 dev 15 function 1 ServerWorks CSB6 RAID/IDE rev 0xa0: DMA
atapiscsi0 at pciide1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, K.9A ATAPI 5/cdrom removable
cd0(pciide1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 ServerWorks CSB6 USB rev 0x05: apic 2 
int 10 (irq 10), version 1.0, legacy support

pcib0 at pci0 dev 15 function 3 ServerWorks GCLE-2 Host rev 0x00
pchb2 at pci0 dev 16 function 0 ServerWorks CIOB-E rev 0x12
pchb3 at pci0 dev 16 function 2 ServerWorks CIOB-E rev 0x12
pci2 at pchb3 bus 2
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
WARNING: / was not properly unmounted

Re: smtpd rejecting users

[Robert]

That was exactly the problem; it works now.

Since I use -release I only looked at those man pages and there this is 
not mentioned.

(http://www.openbsd.org/cgi-bin/man.cgi?query=smtpdapropos=0sektion=0manpath=OpenBSD+4.6arch=i386format=html)

Thanks again for the quick help!

regards,
Robert


Gilles Chehade wrote:

On Tue, Oct 27, 2009 at 12:00:44PM +0100, Robert wrote:

It's the unmodified -release one:
#   $OpenBSD: mailer.conf,v 1.4 2009/03/16 14:26:22 jacekm Exp $
#
# Execute the real sendmail program, named /usr/libexec/sendmail/sendmail
#
sendmail/usr/libexec/sendmail/sendmail
send-mail   /usr/libexec/sendmail/sendmail
mailq   /usr/libexec/sendmail/sendmail
makemap /usr/libexec/sendmail/makemap
newaliases  /usr/libexec/sendmail/sendmail
hoststat/usr/libexec/sendmail/sendmail
purgestat   /usr/libexec/sendmail/sendmail


I wasn't aware that any changes were needed for smtpd (there is nothing 
about this in the documentation).





From http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd


smtpd is not enabled by default.  In order to use it as the system mail-
 er, ensure the mail queue is empty, then stop sendmail(8):

   # pkill sendmail

 Modify the current mailwrapper(8) settings by editing /etc/mailer.conf:

   sendmail/usr/sbin/smtpctl
   send-mail   /usr/sbin/smtpctl
   mailq   /usr/sbin/smtpctl
   makemap /usr/libexec/smtpd/makemap
   newaliases  /usr/libexec/smtpd/makemap

 Rebuild the aliases database, and enable the daemon:

   # newaliases
   # echo sendmail_flags=NO  /etc/rc.conf.local
   # echo smtpd_flags=  /etc/rc.conf.local
   # smtpd


Now I rebuild the /etc/mail/aliases.db by executing /usr/bin/newaliases, 
but this leads to the same result (/var/spool/clientmqueue/...):

(this seems to be the only newaliases on the system...)



yes, but if you look at it more carefully you'll notice that the newaliases
command is actually a link to the mailwrapper command which uses the settings
in /etc/mailer.conf to determine which command to execute for real. As long
as you don't fix your mailer.conf, all commands such as makemap and newaliases
will use sendmail's executables instead of smtpd's and thus aliases and
virtual domains will not work

Gilles

Re: 4.6 hang

[Gregory Edigarov]

On Tue, 27 Oct 2009 07:10:24 -0400
Steve Shockley steve.shock...@shockley.net wrote:

 I recently upgraded my firewall box from 4.4 to 4.6.  At first it was 
 running well (about a week), but yesterday I started getting
 occasional hangs where the screen would be blank and it'd stop
 responding to ping (and passing traffic).  Figuring it was a hardware
 failure, I swapped the drive into another box.  I still seem to be
 getting occasional hangs; I even turned off screen blanking, and when
 it hangs there's nothing on the screen (monitor goes to power save).
 The only shared hardware between the two machines is a Compaq fiber
 em NIC (which I'll replace tonight) and the hard drive (which isn't
 showing any errors). Assuming it is a software problem, how can I
 diagnose it?  I'll paste the dmesg below.  I'm running 4.6 with patch
 001 and 002 applied, and I've tried both the sp and mp kernels.

Although that may not be the problem, try to turn of acpi in kernel.
Helps me in 90% of sporadic hangs or reboots.
I even made that the routine: if I have new hardware and would like to
test it, first i try run it with acpi on, if it hangs or shows speed
regression - i just turn acpi off, and in 90% i am happy. for
the rest 10% i change my hardware.   

 OpenBSD 4.6-stable (GENERIC) #1: Tue Oct  6 05:40:03 EDT 2009
  r...@build46.localdomain:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Pentium(R) 4 CPU 3.06GHz (GenuineIntel 686-class)
 3.07 GHz cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
 real mem  = 3220668416 (3071MB)
 avail mem = 3120185344 (2975MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 10/14/04, BIOS32 rev. 0 @
 0xffe90, SMBIOS rev. 2.3 @ 0xfae10 (77 entries)
 bios0: vendor Dell Computer Corporation version A05 date 10/14/2004
 bios0: Dell Computer Corporation PowerEdge 650
 acpi0 at bios0: rev 0
 acpi0: tables DSDT FACP APIC SPCR
 acpi0: wakeup devices PCI0(S5) PCI1(S5) PCI2(S5)
 acpitimer0 at acpi0: 3579545 Hz, 32 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: apic clock running at 133MHz
 cpu at mainbus0: not configured
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins
 ioapic0: misconfigured as apic 0, remapped to apid 2
 ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins
 ioapic1: misconfigured as apic 0, remapped to apid 3
 ioapic2 at mainbus0: apid 4 pa 0xfec02000, version 11, 16 pins
 ioapic2: misconfigured as apic 0, remapped to apid 4
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (PCI1)
 acpiprt2 at acpi0: bus 2 (PCI2)
 acpicpu0 at acpi0
 bios0: ROM list: 0xc/0x8000 0xc8000/0x4800 0xec000/0x4000!
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 0 function 0 ServerWorks GCNB-LE Host rev 0x32
 pchb1 at pci0 dev 0 function 1 ServerWorks GCNB-LE Host rev 0x00
 pci1 at pchb1 bus 1
 em0 at pci1 dev 3 function 0 Intel PRO/1000MT (82546EB) rev 0x01:
 apic 3 int 3 (irq 7), address 00:04:23:a5:c8:6e
 em1 at pci1 dev 3 function 1 Intel PRO/1000MT (82546EB) rev 0x01:
 apic 3 int 4 (irq 5), address 00:04:23:a5:c8:6f
 em2 at pci0 dev 3 function 0 Intel PRO/1000 (82542) rev 0x03: apic
 3 int 1 (irq 15), address 00:08:c7:86:39:f5
 vga1 at pci0 dev 4 function 0 ATI Rage XL rev 0x27
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 pciide0 at pci0 dev 5 function 0 CMD Technology PCI0680 rev 0x02
 pciide0: bus-master DMA support present
 pciide0: channel 0 wired to native-PCI mode
 pciide0: using apic 3 int 7 (irq 11) for native-PCI interrupt
 wd0 at pciide0 channel 0 drive 0: ST340014A
 wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors
 wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
 pciide0: channel 1 wired to native-PCI mode
 piixpm0 at pci0 dev 15 function 0 ServerWorks CSB6 rev 0xa0: SMBus 
 disabled
 pciide1 at pci0 dev 15 function 1 ServerWorks CSB6 RAID/IDE rev
 0xa0: DMA atapiscsi0 at pciide1 channel 0 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, K.9A ATAPI 5/cdrom
 removable cd0(pciide1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA
 mode 2 ohci0 at pci0 dev 15 function 2 ServerWorks CSB6 USB rev
 0x05: apic 2 int 10 (irq 10), version 1.0, legacy support
 pcib0 at pci0 dev 15 function 3 ServerWorks GCLE-2 Host rev 0x00
 pchb2 at pci0 dev 16 function 0 ServerWorks CIOB-E rev 0x12
 pchb3 at pci0 dev 16 function 2 ServerWorks CIOB-E rev 0x12
 pci2 at pchb3 bus 2
 usb0 at ohci0: USB revision 1.0
 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1
 isa0 at pcib0
 isadma0 at isa0
 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard, using wsdisplay0
 pms0 at pckbc0 (aux slot)
 pckbc0: using irq 12 for aux slot
 

ldpctl and ldpd

[Aleksandr Gurbo]

Hello,

Where is I can found man pages for ldpd and ldpdctl?

http://www.openbsd.org/cgi-bin/man.cgi?query=ldpdapropos=0sektion=0manpath=OpenBSD+4.6arch=i386format=html

-- 
Alexandr Gurbo

Re: 4.6 reboots x336 ibm server(s)

[FRLinux]

On Mon, Oct 26, 2009 at 9:03 PM, Marco Peereboom sl...@peereboom.us wrote:
 Does it have broadcom nics?

 if do disable those and try again.

I do. I'll try that tomorrow.

On a related matter, can anyone tell me which switches are disabled
during an OpenBSD install (using the official ISO) ? That would help
me narrowing the problem down since I was able to install 4.6 from the
official CD without hassle.

Cheers,
Steph

Re: ldpctl and ldpd

[Rene Maroufi]

On Tue, Oct 27, 2009 at 02:56:16PM +0300, Aleksandr Gurbo wrote:
 Hello,
 
 Where is I can found man pages for ldpd and ldpdctl?
 
 http://www.openbsd.org/cgi-bin/man.cgi?query=ldpdapropos=0sektion=0manpath=OpenBSD+4.6arch=i386format=html

There is no ldpd or ldpdctl program in OpenBSD. Maybe you mean ldp and
lpc?

Regards
Reni
-- 
Reni Maroufi
i...@maroufi.net

minor bump is src/.../shlib_version

[Charles Smith]

Good afternoon!

When there is a major bump in src/.../shlib_version files,
snapshots sets must be correspond with snapshots packages.
For example:
src/lib/libkrb5/shlib_version
src/gnu/lib/libiberty/shlib_version
src/lib/libc/shlib_version
src/lib/libm/shlib_version
 
Maybe with minor bump too?

At UTC 2009.06.26 21:06 and 21:09 there was minor bump in 
src/lib/libc/shlib_version and
src/lib/libm/shlib_version.

i386 packages are from 2009.10.26 beforenoon.

igmp packets in pflog

[Rene Maroufi]

Hi,

I have a (bridging) Firewall with OpenBSD 4.6 stable. In /var/log/pflog
I can see many igmp-packets. But I have no log statement for these
types of connections in my pf.conf. I have only a log statement for some
other hosts (with a different IP). Are igmp packets always logged?

Regards
Reni
-- 
Reni Maroufi
i...@maroufi.net

smtpd, just a quick message

[Gilles Chehade]

Hi tech@ and misc@,

Just a quick mail to thank the many people who are testing smtpd and
sending on and off list bug reports, they are very much appreciated.

While at it, please keep in mind that smtpd is a work in progress so
you'll need to track -current as bugs are only fixed there.

Thanks again !
:wq
Gilles

-- 
Gilles Chehade
freelance developer/sysadmin/consultant

   http://www.poolp.org

A melhor grafica da internet !!!

[Grupo Venda Hoje]

Sr. Cliente, Bom Dia!

Somos uma grafica completa com mais de 10 anos de experiencia de mercado com
pregos e prazos inigualaviis, temos todos os tipos de impressos, tais como:
Cartues de Visita, folders, adesivos, banners, flyers, apresentagues,etc...

Segue em anexo uma breve apresentagco da nossa empresa, temos mais de 1000
produtos em nosso site, todos ja com pregos e prazos de entrega para
facilitar
as suas compras.

Por favor acesse o nosso site: www.vendahoje.com.br e se cadastre no link que
se encontra na parte superior esquerda da tela que voce recebera inteiramente
gratis um excelente brinde de boas vindas.


Vocjs estco precisando de algum tipo de material impresso?

Contato:
Tel.:(11) 3464.3071 / E-mail: grupovendah...@gmail.com

Secure way to delete data in hard disc

[Jordi Espasa Clofent]

Hi all,

The subject is auto-descriptive ;)
After reading a while about wiping [1] I think there's not a unique way 
to do it. Finally I've chosen a simple double-step method:


First,

$ dd if=/dev/urandom of=disk_to_delete

and next

$ dd if=/deb/zero of=disk_to_delete

?Do you think is it safe enough? I mean ?is it enough against the common 
recovery low-level data tools?


[1] http://en.wikipedia.org/wiki/Data_erasure#Standards
--
I must not fear. Fear is the mind-killer. Fear is the little-death that 
brings total obliteration. I will face my fear. I will permit it to pass 
over me and through me. And when it has gone past I will turn the inner 
eye to see its path. Where the fear has gone there will be nothing. Only 
I will remain.


Bene Gesserit Litany Against Fear.

Re: Secure way to delete data in hard disc

[Vijay Sankar]

Jordi Espasa Clofent wrote:

Hi all,

The subject is auto-descriptive ;)
After reading a while about wiping [1] I think there's not a unique way 
to do it. Finally I've chosen a simple double-step method:


First,

$ dd if=/dev/urandom of=disk_to_delete

and next

$ dd if=/deb/zero of=disk_to_delete

?Do you think is it safe enough? I mean ?is it enough against the common 
recovery low-level data tools?


[1] http://en.wikipedia.org/wiki/Data_erasure#Standards


I have typically used rm -P against mount points and that has worked 
well for me. In one situation, someone at a customer site tried to read 
data from the erased directories using various commercial tools he had 
access to and failed.


--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6
Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca

Re: ldpctl and ldpd

[Landry Breuil]

On Tue, Oct 27, 2009 at 2:14 PM, Rene Maroufi i...@maroufi.net wrote:
 On Tue, Oct 27, 2009 at 02:56:16PM +0300, Aleksandr Gurbo wrote:
 Hello,

 Where is I can found man pages for ldpd and ldpdctl?

 http://www.openbsd.org/cgi-bin/man.cgi?query=ldpdapropos=0sektion=0manpath=OpenBSD+4.6arch=i386format=html

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ldpd/ldpd.8?rev=1.1
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ldpctl/ldpctl.8?rev=1.1

Btw, they're not linked to the build yet.. hence no online manpage,
nor in -CURRENT.

Landry

Re: ldpctl and ldpd

[Henning Brauer]

* Rene Maroufi i...@maroufi.net [2009-10-27 14:25]:
 On Tue, Oct 27, 2009 at 02:56:16PM +0300, Aleksandr Gurbo wrote:
  Hello,
  
  Where is I can found man pages for ldpd and ldpdctl?
  
  http://www.openbsd.org/cgi-bin/man.cgi?query=ldpdapropos=0sektion=0manpath=OpenBSD+4.6arch=i386format=html
 
 There is no ldpd or ldpdctl program in OpenBSD. Maybe you mean ldp and
 lpc?

they are not part of the regular builds yet since they aren't ready
really. you have to build them yourself from
/usr/src/usr.sbin/ldp{d,ctl}. manpages will be built then too.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Help with simple pf, how to let traffic out from the firewall ?

[Matthew Young]

Hello,

I have this very simple pf.conf . However Iam unable to specify that
the firewall itself should have unrestricted access, the port
blockings should only apply to the users on the LAN. What is the best
way to accomplish this? Ive tried tagging 127.0.0.1 to be unrestricted
but that didn't work. I also tried adding a pass quick on $t_externa
but this just lets anything from anybody pass out.



# cat /etc/pf.conf
t_externa = re0
t_interna = re1

ssh_users = { 67.199.62.74 }
no_restriction_users = { 172.16.2.5 }

set block-policy return
set loginterface $t_externa
set limit states 1
set limit frags 3
set skip on lo0
set debug urgent
scrub in on $t_externa all
scrub out on $t_externa all random-id

# Perform NAT for $t_interna to access $t_externa
nat on re0 from re1:network to any - re0


block all

antispoof quick for { lo }

## Added for $t_interna to reach the internet #
pass on $t_interna inet proto { tcp } from $no_restriction_users to
any tag NO_RESTRICTION_USERS
pass quick on $t_interna
###

PERMIT DNS:53 CONNECTIONS OUT (UDP,TCP)

pass out quick on $t_externa inet proto { tcp, udp } from ($t_externa) to any \
 port 53 keep state
###

## PERMIT ALL CONNECTIONS OUT SELECTIVE USERS

pass out quick on $t_externa proto { tcp udp }  to any tagged \
NO_RESTRICTION_USERS keep state
###

 PERMIT SQUID PROXY(3128) CONNECTIONS OUT ##

pass out log quick on $t_externa inet proto tcp from ($t_externa) to any \
port { 80 443 } flags S/SA modulate state

 PERMIT ICMP TRAFFIC FOR NETWORK DEBUGGING #
pass inet proto icmp all icmp-type { echoreq, unreach } keep state




--Matt

Re: Secure way to delete data in hard disc

[Rene Maroufi]

On Tue, Oct 27, 2009 at 04:12:54PM +0100, Jordi Espasa Clofent wrote:
 Hi all,
 
 The subject is auto-descriptive ;)
 After reading a while about wiping [1] I think there's not a unique way 
 to do it. Finally I've chosen a simple double-step method:
 
 First,
 
 $ dd if=/dev/urandom of=disk_to_delete
 
 and next
 
 $ dd if=/deb/zero of=disk_to_delete
 
 ?Do you think is it safe enough? I mean ?is it enough against the common 
 recovery low-level data tools?

Last year, I talked with a employee of a data recovery company about
this. My question to him was: Is it enough to overwrite a partition or
harddisk only once, or must i do this many times. His answer was: On all
modern harddisk its enough to do it once (modern means all harddrives
newer than 10 years!). Only one dd if=/dev/zero of=disk_to_delete is
enough, but the real problem is a other: All harddrives have replacement
blocks (to compensate failures). Old data can be in blocks that dd can't
reach because they are marked as corrupt. The use of alternative blocks
in a harddrive is manged by the drive itself. The OS can't reach these
blocks.

Simple forensic tools can't reach these blocks, too, but if you need
really high security you must destroy your harddrive in a secure way
(for example with a degausser).

Regards
Reni
-- 
Reni Maroufi
i...@maroufi.net

Sendmail not working with static IP address

[James Commons]

I'd like to have any daily reports and system-generated mail from my OpenBSD 
machine forwarded to my personal email address. (I have a fresh 4.6 install, 
generic kernel, default sendmail configuration.) I can only get this to work 
with my machine set to DHCP -- messages are not forwarded when I have it set to 
a static IP address.

$ cat .forward
ja...@volcanomail.com

If I have my machine configured with DHCP, the following works (the message is 
sent and forwarded correctly).

$ mail -s 'test' commons
test message
EOT

If I have my machine configured with a static IP address, that same command 
does *not* work. The message is never delivered.

$ cat /var/log/maillog
Oct 27 10:35:50 myserver sendmail[29253]: n9RFZosO029253: from=commons, 
size=41, class=0, nrcpts=1, 
msgid=200910271535.n9rfzoso029...@myserver.mydomainname.net, 
relay=comm...@localhost
Oct 27 10:35:51 myserver sm-mta[31537]: n9RFZolK031537: 
from=comm...@myserver.mydomainname.net, size=387, class=0, nrcpts=1, 
msgid=200910271535.n9rfzoso029...@myserver.mydomainname.net, proto=ESMTP, 
daemon=MTA, relay=localhost [127.0.0.1]
Oct 27 10:35:51 myserver sendmail[29253]: n9RFZosO029253: to=commons, 
ctladdr=commons (1000/10), delay=00:00:01, xdelay=00:00:01, mailer=relay, 
pri=30041, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n9RFZolK031537 
Message accepted for delivery)
Oct 27 10:37:06 myserver sm-mta[3435]: n9RFZolK031537: 
to=comm...@myserver.mydomainname.net, delay=00:01:15, xdelay=00:01:15, 
mailer=esmtp, pri=30387, relay=myname.dyndns.org., dsn=4.0.0, stat=Deferred: 
Connection timed out with myname.dyndns.org.

myserver.mydomainname.net is a CNAME to myname.dyndns.org

The machine is behind a NAT router and is assigned a local network IP address. 
It looks like sendmail is autodetecting myname.dyndns.org based on the external 
IP address of the server.

What I don't understand is why the message is sent correctly when I have my 
OpenBSD box set to DHCP, but not sent when it is set with a static IP address.

James

Re: Help with simple pf, how to let traffic out from the firewall ?

[Maxime DERCHE]

On Tue, 27 Oct 2009 11:05:05 -0500
Matthew Young myoung24...@gmail.com wrote:

 Hello,
 
 I have this very simple pf.conf . However Iam unable to specify that
 the firewall itself should have unrestricted access, the port
 blockings should only apply to the users on the LAN. What is the best
 way to accomplish this? Ive tried tagging 127.0.0.1 to be unrestricted
 but that didn't work. I also tried adding a pass quick on $t_externa
 but this just lets anything from anybody pass out.

Maybe something like 

pass out quick on $t_externa from ($t_externa) 

would do the job (this is actually what I'm using for my humble home
gateway, see
http://www.mouet-mouet.net/doku.php?id=mouet-mouet:routeur#script_de_configuration_pf).


Regards,
Maxime

-- 
Maxime DERCHE
GnuPG public key ID : 0x9A85C4C0
(fingerprint : 0FDC 16AF 5A5B 1908 786C  2B85 2D3C C83E 9A85 C4C0)
http://www.mouet-mouet.net/maxime/blog/index.php

Re: PowerEdge 650 fan speed

[Rodrigo V. Raimundo]

Steve Shockley wrote:
My firwall had a hardware failure, so I threw the drive into a Dell 
PowerEdge 650.  That worked fine, but now I can hear the fans 
screaming down the hall through a closed door.  Other than hardware 
changes (like a resistor or a non-1U server), is there anything I can 
do to shut this machine up?  Does anyone know if the fans in this 
machine would idle down on a supported OS?


It's running 4.6, FWIW.



We have a poweredge 700 tower running 4.2 and the bios takes care of the 
big fan it has. The same is true for a 1900 tower with 4.5.


You should check the bios, maybe something like automatic fan control 
is disabled.

Re: igmp packets in pflog

[Rene Maroufi]

On Tue, Oct 27, 2009 at 02:25:03PM +0100, Rene Maroufi wrote:
 Hi,
 
 I have a (bridging) Firewall with OpenBSD 4.6 stable. In /var/log/pflog
 I can see many igmp-packets. But I have no log statement for these
 types of connections in my pf.conf. I have only a log statement for some
 other hosts (with a different IP). Are igmp packets always logged?

Addition:

my only rule with log is following:

# grep log /etc/pf.conf
match in log on $iffilter proto tcp from any os windows to any

tcpdump -ttt -n -r /var/log/pflog shows lines like:

Oct 27 17:19:09.543501 192.168.3.204  224.0.0.22: igmp-2 [v2] (DF) [tos
0xc0] [ttl 1]
Oct 27 17:19:09.543525 192.168.3.204  224.0.0.22: igmp-2 [v2] (DF) [tos
0xc0] [ttl 1]

But igmp is not tcp and the host with 192.168.3.204 is a linux host.

Regards
Rene
-- 
Reni Maroufi
i...@maroufi.net

Re: Secure way to delete data in hard disc

[Rodrigo V. Raimundo]

It may not erase all data if the device can do block relocation and you 
don't have direct access to phisical blocks. But if data remains on 
hidden or discarted blocks it is still hard to someone else recover it.


Jordi Espasa Clofent wrote:

Hi all,

The subject is auto-descriptive ;)
After reading a while about wiping [1] I think there's not a unique 
way to do it. Finally I've chosen a simple double-step method:


First,

$ dd if=/dev/urandom of=disk_to_delete

and next

$ dd if=/deb/zero of=disk_to_delete

?Do you think is it safe enough? I mean ?is it enough against the 
common recovery low-level data tools?


[1] http://en.wikipedia.org/wiki/Data_erasure#Standards

Re: Secure way to delete data in hard disc

[Josh Grosse]

On Tue, 27 Oct 2009 17:14:52 +0100, Rene Maroufi wrote

 Last year, I talked with a employee of a data recovery company about
 this. My question to him was: Is it enough to overwrite a partition 
 or harddisk only once, or must i do this many times. His answer was: 
 On all modern harddisk its enough to do it once (modern means all harddrives
 newer than 10 years!). Only one dd if=/dev/zero of=disk_to_delete 
 is enough, but the real problem is a other: All harddrives have replacement
 blocks (to compensate failures). Old data can be in blocks that dd can't
 reach because they are marked as corrupt. The use of alternative blocks
 in a harddrive is manged by the drive itself. The OS can't reach 
 these blocks.
 
 Simple forensic tools can't reach these blocks, too, but if you need
 really high security you must destroy your harddrive in a secure way
 (for example with a degausser).

According to the Center for Magnetic Recording Research, 'Secure erase does a
single on-track erasure of the data on the disk drive. The U.S. National
Security Agency published an Information Assurance Approval of single pass
overwrite, after technical testing at CMRR showed that multiple on-track
overwrite passes gave no additional erasure.'

http://en.wikipedia.org/wiki/Data_erasure

See the secerase master command of atactl(8), to force ATA hardware that is
-capable- of it to overwrite sectors that have previously been reallocated. 
Note: FREEZE LOCK is used by sys/dev/ata/wd.c at boot, so either a custom
kernel or a power cycle of the drive will be needed to enable the capability.

I don't know if SCSI devices have similar secerase capability.

Re: Sendmail not working with static IP address

[Remco]

James Commons wrote:

 
 What I don't understand is why the message is sent correctly when I have
 my OpenBSD box set to DHCP, but not sent when it is set with a static IP
 address.
 

Is it possible that you rely on DHCP to give you a default route, so there
is none when using a static IP address ? (man mygate may be your friend)

regards,
Remco

Dear customer

[Bank of America]

Dear Bank of America  member,

We are sorry to inform you that your Bank of America Online 
Account has been suspended. A high number of failed login 
attempts have been recorded on your online account. As a security 
measure we had to temporarily suspend your account.

To restore your account we have attached a form to this email. 
Please download the form and follow the instructions on your 
screen.

NOTE: The form needs to be opened in a modern, javascript 
enabled, browser (ex: Internet Explorer 8, Firefox 3, Safari 3, 
Opera 9).

We apologize for any inconvenience this may have caused.
Sincerely, the Bank of America security team.



) Copyright 2009 Bank of America Financial Group. All rights 
reserved.
Bank of America. All rights reserved.

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of Restore_your_account.12764DEFANGED-html]

Re: Secure way to delete data in hard disc

[Matthew Szudzik]

On Tue, Oct 27, 2009 at 04:12:54PM +0100, Jordi Espasa Clofent wrote:
 to do it. Finally I've chosen a simple double-step method:

 First,

 $ dd if=/dev/urandom of=disk_to_delete

 and next

 $ dd if=/deb/zero of=disk_to_delete

I overwrite the disk 7 times with arandom, using the following command

 for x in `jot -s ' ' 7`; do dd if=/dev/arandom of=/dev/rDEVc bs=BLOCKSb ; done

where DEV is the abbreviated disk name (for example, sd2), and where
BLOCKS is the number of blocks to buffer.  The speed of the operation is
highly dependent on a proper choice of BLOCKS.  I have used 128 with a
160GB external hard drive, and it takes approximately 16 hours to
complete all 7 overwrites.  You'll have to experiment to see what choice
of BLOCKS is fastest on your hardware.

I use arandom instead of urandom because it's slightly faster.

Re: OpenBSD 4.6 release Oct 28, 2009

[Andres Genovez]

2009/10/19 FRLinux frli...@gmail.com

 On Sun, Oct 18, 2009 at 4:38 PM, Theo de Raadt dera...@cvs.openbsd.org
 wrote:
  We are pleased to announce the official release of OpenBSD 4.6.
  This is our 26th release on CD-ROM (and 27th via FTP).  We remain
  proud of OpenBSD's record of more than ten years with only two remote
  holes in the default install.

 And thanks a lot for the new kick ass installer, tried it out today
 and absolutely loved it :)

 Steph

 Thanks OpenBSD Team I received the CD today!

Greetings from South America

here is a little picture: http://www.crice.org/?q=node/353

--
Atentamente

Andris Genovez Tobar / Sistemas
COMERCIAL SALVADOR PACHECO MORA S.A. / DESDE 1945
Tecnologmas
Cuenca, Luis Cordero 9-70 y Gran Colombia

Telifono. 593-7-2842388 ext 408
Fax. 593-7-2842388 ext 120
Celular 593-97670874
  593-96816996 Alegro
Mail:ageno...@cspmsa.com
Personal: andresgeno...@gmail.com
www.cspmsa.com
www.crice.org

Re: Secure way to delete data in hard disc

[Brad Tilley]

On Tue, Oct 27, 2009 at 11:12 AM, Jordi Espasa Clofent
jordi.esp...@opengea.org wrote:
 $ dd if=/deb/zero of=disk_to_delete

 ?Do you think is it safe enough? I mean ?is it enough against the common
 recovery low-level data tools?

There is no evidence of over-written data *ever* being recovered.
There is some theory in research papers that suggests it may be
possible. There may be aliens and bigfoot and the NSA may be able to
recover over-written data if you are of interest to them. OK, back to
reality... the only suggestion I would make is to use arandom rather
than urandom. You can cron that same command except output to a file
rather than to the device to periodically overwrite the unallocated
sectors. I do that. It kills a lot of the forensics tools that have
the ability to recover deleted files, etc.

Something like this on each partition:

file=$$.random
dd if=/dev/arandom of=$file
sync
rm -f $file
sync

Brad

Re: Secure way to delete data in hard disc

[Ted Unangst]

On Tue, Oct 27, 2009 at 11:12 AM, Jordi Espasa Clofent
jordi.esp...@opengea.org wrote:
 After reading a while about wiping [1] I think there's not a unique way to
 do it. Finally I've chosen a simple double-step method:

You take the hard drive out, you melt it, then you put a new one in.
If your data isn't worth a $100 hard drive replacement, it isn't worth
wiping, let alone recovering.

Re: Secure way to delete data in hard disc

[Nick Holland]

Jordi Espasa Clofent wrote:
...

$ dd if=/deb/zero of=disk_to_delete

?Do you think is it safe enough? I mean ?is it enough against the common 
recovery low-level data tools?


Do just this, and no software-based recovery tool will ever see all your 
data again.  You might get some pay-dirt if you can release the locked 
out bad blocks...and there are some...and y contain data that is useful 
in small chunks (and yes, some data is).


If you think about the claims of data recovery from zeroed disks, they 
basically imply there is astronomical storage capacity in drives that is 
not tapped...and I do not believe the manufacturers have been holding 
out on us.  It may be possible to get hints of data, but with massive 
error rates and gaps.


If you are worried about recovering data after a single pass of writing 
zeros to the entire disk, you need to grind up or melt down the disk. 
If you are convinced there is (or will be) mysterious technology that 
can recover zeroed disks and your data is that interesting to these 
people, you don't know the abilities of it, so don't assume process X 
will keep your data deleted and never recovered.


Nick.

Re: Secure way to delete data in hard disc

[STeve Andre']

On Tuesday 27 October 2009 14:12:56 Brad Tilley wrote:
 On Tue, Oct 27, 2009 at 11:12 AM, Jordi Espasa Clofent
 jordi.esp...@opengea.org wrote:
  $ dd if=/deb/zero of=disk_to_delete
 
  ?Do you think is it safe enough? I mean ?is it enough against the common
  recovery low-level data tools?
 
 There is no evidence of over-written data *ever* being recovered.
 There is some theory in research papers that suggests it may be
 possible. There may be aliens and bigfoot and the NSA may be able to
 recover over-written data if you are of interest to them. OK, back to
 reality... the only suggestion I would make is to use arandom rather
 than urandom. You can cron that same command except output to a file
 rather than to the device to periodically overwrite the unallocated
 sectors. I do that. It kills a lot of the forensics tools that have
 the ability to recover deleted files, etc.
 
 Something like this on each partition:
 
 file=$$.random
 dd if=/dev/arandom of=$file
 sync
 rm -f $file
 sync
 
 Brad

Saying that data has never been recovered is not true.  I personally
was involved with a disk disaster on a 10M RLL disk back in 1985 or
so, and there was some--not all, but some--data recovered after being
overwriten.  

Today's disks are far different.  No, I don't think you can scoop up
data en mass on a 500G disk.  Wether multiple overwrites provides more
security is a matter of debate.  The real danger today are sectors 
that got mapped out which are bad, but could contain interesting or
embaressing data; 512 bytes could hold a lot of stuff, like passwords.

If you aren't using the disk for really sensitive data, erase it and
be done with it.  If its sensitive, have some fun by taking it apart
(you can recycle the aluminium) and do something creative with the
platters.  I think Theo once took a blowtorch to some?  That might
provide entertainmant.

--STeve Andre'

Re: Secure way to delete data in hard disc

[Josh Grosse]

On Tue, 27 Oct 2009 15:25:51 -0400, STeve Andre' wrote

 ...The real danger today are 
 sectors that got mapped out which are bad, but could contain 
 interesting or embaressing data; 512 bytes could hold a lot of stuff,
  like passwords.

Perhaps what I already noted, in this thread, suggesting atactl's secerase
master to overwrite those bad sectors got lost in the noise.

http://marc.info/?l=openbsd-miscm=125666302218718w=2

Re: Secure way to delete data in hard disc

[Bryan Irvine]

/dev/zero is like a bazillion times faster, and just as secure.

-B

p.s. Why do I have deja vu?

http://archives.neohapsis.com/archives/openbsd/2008-09/1453.html
http://archives.neohapsis.com/archives/openbsd/2008-09/thread.html#1215


On Tue, Oct 27, 2009 at 8:12 AM, Jordi Espasa Clofent
jordi.esp...@opengea.org wrote:
 Hi all,

 The subject is auto-descriptive ;)
 After reading a while about wiping [1] I think there's not a unique way to
 do it. Finally I've chosen a simple double-step method:

 First,

 $ dd if=/dev/urandom of=disk_to_delete

 and next

 $ dd if=/deb/zero of=disk_to_delete

 ?Do you think is it safe enough? I mean ?is it enough against the common
 recovery low-level data tools?

 [1] http://en.wikipedia.org/wiki/Data_erasure#Standards
 --
 I must not fear. Fear is the mind-killer. Fear is the little-death that
 brings total obliteration. I will face my fear. I will permit it to pass
 over me and through me. And when it has gone past I will turn the inner eye
 to see its path. Where the fear has gone there will be nothing. Only I will
 remain.

 Bene Gesserit Litany Against Fear.

Re: Secure way to delete data in hard disc

[STeve Andre']

On Tuesday 27 October 2009 15:47:37 Josh Grosse wrote:
 On Tue, 27 Oct 2009 15:25:51 -0400, STeve Andre' wrote
 
  ...The real danger today are 
  sectors that got mapped out which are bad, but could contain 
  interesting or embaressing data; 512 bytes could hold a lot of stuff,
   like passwords.
 
 Perhaps what I already noted, in this thread, suggesting atactl's secerase
 master to overwrite those bad sectors got lost in the noise.
 
 http://marc.info/?l=openbsd-miscm=125666302218718w=2

But that assumes that the firmware on the disk will do just that.
Someone, Toshiba I think had problems with that on travelstar type
disks in the past.

You can't truly trust being able to talk to an entire disk these days.
Well, maybe, if you have a test jig for it, or have documentation on
some hardware strap to throw to get into some interesting mode.

Complexity gives rise to all sorts of tools, and possibly, mischief.

--STeve Andre'

Re: Secure way to delete data in hard disc

[Jonathan Thornburg]

Another route to securely erasing information is encryption.  OpenBSD
includes at least 3 systems for disk encryption (svnd, softraid, and
cfs (ports)).  I've personally used cfs and svnd, and as is usually
the case on OpenBSD, both work nicely once you RTFM.  (I should really
write an undeadly article on how to use svnd.)  If you erase/forget the
keys (passphrases), then to the extent that you trust the crypto, the
data is effectively erased.

You can erase an encrypted disk (whether partition, filesystem, or
file) this way even if the physical disk drive is broken and won't let
you do 'rm -P' or other such overwriting.

Moreover, if your hardware is still alive, there's probably considerable
synergism between encryption and secure deletion:  it seems likely
that data recovery is much easier if the recovered data can be easily
recognizable as such, rather than looking like random noise.  Good
crypto results in in the on-disk data before secure deletion looking
like random noise, so it should make data-recovery harder.  (To get
any useful information, data-recovery would then have to be followed
by somehow breaking the encryption.)

ciao,

-- 
-- Jonathan Thornburg [remove -animal to reply] 
jth...@astro.indiana-zebra.edu
   Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
   Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral.
  -- quote by Freire / poster by Oxfam

Re: Secure way to delete data in hard disc

[Robert]

A paper has been published about the claim that you can recover data 
with an electron microscope 
(http://www.springerlink.com/content/408263ql11460147/).
Unfortunately the paper is not available for free, but the summary is 
that after overwriting it 1 time you can't recover data anymore with 
hardware (not to mention software); only if you're very lucky you might 
retrieve some bytes. After 3 wipes you will only see random noise (on a 
magnetic level).


So if you really want to be sure use either 3xdd or run dban.org.

If your data is so valuable that an attacker will go the length (and has 
the resources) to retrieve bytes from reallocated sectors and then try 
to solve this puzzle, then you need way more protective measures than 
just encryption.
See also http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis and 
http://en.wikipedia.org/wiki/Social_engineering_(security).


regards,
Robert


Vijay Sankar wrote:

Jordi Espasa Clofent wrote:

Hi all,

The subject is auto-descriptive ;)
After reading a while about wiping [1] I think there's not a unique 
way to do it. Finally I've chosen a simple double-step method:


First,

$ dd if=/dev/urandom of=disk_to_delete

and next

$ dd if=/deb/zero of=disk_to_delete

?Do you think is it safe enough? I mean ?is it enough against the 
common recovery low-level data tools?


[1] http://en.wikipedia.org/wiki/Data_erasure#Standards


I have typically used rm -P against mount points and that has worked 
well for me. In one situation, someone at a customer site tried to read 
data from the erased directories using various commercial tools he had 
access to and failed.

Sun V120 gem and hme interfaces hang

[Bryan S. Leaman]

Hi All,

I have a production firewall on a Sun V120 running OpenBSD 4.5 sparc64,
with 2 active interfaces.  Two weeks ago, the gem1 interface suddenly hung
and I was able to revive it using ifconfig gem1 down; ifconfig gem1 up. 
I found the following m...@openbsd thread from March 2009:

http://www.mail-archive.com/misc@openbsd.org/msg73257.html

After contacting Daniel, it seems the issue was fixed in a newer gem.c. 
But since this appeared to be specific to the gem/eri hardware, I
installed a quad hme card and moved over to hme0 and hme1.  Today the same
thing happened with hme1, and the ifconfig down/up brought it back. 
System was only up for 1 day when this happened.

Where should I be looking to track down this problem?  With gem I noticed
some Ierrs in netstat but no Oerrs.  With hme, I see Oerrs but no Ierrs. 
Either way, on the switch (Cisco 2924) I get a handful of input errors. 
The /var/log/messages shows nothing.

I thought maybe it's a cable or switch problem, but then why would the
ifconfig down/up in OpenBSD bring it back without touching the cable or
switch at all?  I swapped the hme1 cable today just to see if it has any
effect on the error counters.

netstat -i after each failure:

gem11500  Link  00:03:ba:ce:da:8a 146389240114 1119483645   
 0 0
hme11500  Link  08:00:20:ee:8d:4d 31718821 0 3163259928 
   0

switch interface status after hme failure:

23870059 packets input, 63580130 bytes
Received 124 broadcasts, 0 runts, 0 giants, 0 throttles
26 input errors, 26 CRC, 0 frame, 26 overrun, 26 ignored
0 watchdog, 0 multicast
0 input packets with dribble condition detected
24011555 packets output, 2096322509 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Bryan

Re: 4.6 hang

[Steve Shockley]

On 10/27/2009 7:44 AM, Gregory Edigarov wrote:

Although that may not be the problem, try to turn of acpi in kernel.
Helps me in 90% of sporadic hangs or reboots.


Thanks for the reply.  I'm trying with ACPI disabled now, but during the 
day today I did get a panic, details below.


panic: pool_do_get(mcl2k): free list modified: page 0xd99dd000; item 
addr 0xd99dd800; offset 0x0=0x800aabb

Stopped at  Debugger+0x4:   leave

Trace:
Debugger(d9695800,d0894098,df670e30,d99dd800,d0894020) at Debugger+0x4
panic(d0716100,d08470a0,d99dd000,d99dd800,0) at panic+0x55
pool_do_get(d0894020,0,df670ea0,df670e50,d0363faf,d0894020) at 
pool_do_get+0x2e3

pool_get(d0894020,0,df670ea0,d039afee,0) at pool_get+0x46
m_clget(d977c500,1,d3acb830,800) at m_clget+0x74
em_get_buf(d3acb800,d,200e0a0,d3acb830) at em_get_buf+0x64
em_rxfill(d3acb800,fffe,c0,0) at em_rxfill+0x3a
em_intr(d3acb800) at em_intr+0x9e
Xintr_ioapic() at Xintr_ioapic1+0x68
--- interrupt ---
cpu_idle_cycle(d09408e0) at cpu_idle_cycle+0xf
Bad frame pointer: 0xd09e9e78

ps on request, since I'm typing by hand from a digital photo.

ola amor

[Duda]

 - This mail is a HTML mail. Not all elements could be shown in plain text
mode. -

olaa!!
Por que vocj faz isso comigo? Passou por mim ontem e fingiu que nem me viu...
sera que podermamos conversar um pouco? Nco sei se vocj lembra dessa foto que
tiramos juntos. Espero que goste um pouco de mim, nem que seja pela nossa
amizade. Beijos, te adoro muito. !!
Bejos!
anexo:
DSC1010.jpg
(43kb)

propossition confidentielle

[Mrs Aliman Usman]

You are invited to propossition confidentielle.


By your host Mrs Aliman Usman:


 Date:  Wednesday October 28, 2009

 Time:  12:00 am - 1:00 am (GMT +00:00)
 Street:Cher Salut, Je suis Mrs, Aliman Usman, comptable a la 
BANQUE COMMERCIALE DU BURKINA (BCB) je vais virie $6.350 000.00 million (usd) ` 
etranger si vous pour vais me aide . je vous enverrons tous les ditails sur la 
fagon donc on va fait le demache et igalement noter que vous aurez 30% du 
montant indiqui .si vous jtes d'accord pour m'aider ` exicuter cette 
transaction. reponne moi rapidement et s.v.p ces un propossition confidentielle 
merci, contact moi mrs_ali...@rocketmail.com

Guests:

 * mell...@hotmail.fr
 * mel...@hotmail.fr
 * melnini...@yahoo.fr
 * melo...@hotmail.fr
 * melouchouc...@hotmail.fr
 * melo...@caramail.com
 * melpau...@hotmail.com
 * melph...@yahoo.fr
 * melquint...@free.fr
 * melsebn...@hotmail.fr
 * mels...@yahoo.fr
 * melson...@hotmail.com
 * melso...@hotmail.com
 * meltet...@yahoo.fr
 * mely...@hotmail.fr
 * mely...@hotmail.fr
 * meme_magique...@hotmail.com
 * memeidhoupline...@hotmail.fr
 * meme...@hotmail.com
 * menali...@hotmail.fr
 * menie...@hotmail.fr
 * meni...@hotmail.fr
 * meste...@yahoo.fr
 * meto...@hotmail.fr
 * metto...@hotmail.fr
 * meuhni...@free.fr
 * mflaho...@yahoo.fr
 * mfpir...@yahoo.fr
 * mhar...@yahoo.fr
 * mhco...@yahoo.fr
 * michel.broullion...@yahoo.fr
 * michel.dup...@endel.fr
 * michele.fouge...@wanadoo.fr
 * michelegai...@yahoo.fr
 * michelguyoma...@yahoo.fr
 * michelle.lu...@hotmail.fr
 * mickaelc...@yahoo.fr
 * mickcool...@hotmail.fr
 * mif...@hotmail.com
 * mijabou...@yahoo.fr
 * milani...@hotmail.fr
 * mimihopp...@hotmail.fr
 * mimiletofreih...@hotmail.fr
 * minouchedu...@hotmail.fr
 * misc@openbsd.org
 * miss-chocola...@hotmail.f
 * miss-chocola...@hotmail.fr
 * miss-sexy-...@hotmail.fr
 * miss-sexy-s...@hotmail.com
 * miss-skyrock-2...@hotmail.fr
 * miss_cricr...@hotmail.fr
 * misss-tokio-ho...@hotmail.fr
 * misst...@hotmail.fr
 * mj.jc.deni...@free.fr
 * mjacolin.nackae...@yahoo.fr
 * mjame...@yahoo.fr
 * mjid_mirl...@hotmail.fr
 * mkacha...@yahoo.fr
 * mmiatud...@hotmail.com
 * mmwi...@yahoo.fr
 * mnsr...@hotmail.fr
 * mo.la...@wanadoo.fr
 * mo.laur...@aliceadsl.fr
 * mogne...@hotmail.fr
 * mohamed13...@hotmail.fr
 * moi_la_fole...@hotmail.fr
 * moiambre...@hotmail.fr
 * moicristo...@hotmail.fr
 * moivincen...@yahoo.fr
 * mokhtarijul...@laposte.net
 * mollermela...@hotmail.com
 * mol...@hotmail.fr
 * molosseducat...@hotmail.fr
 * momo123...@hotmail.f
 * momomam...@hotmail.com
 * mon_lol...@hotmail.fr
 * monamieclement...@hotmail.com
 * moncoinlect...@hotmail.com
 * mondeiced...@hotmail.fr
 * mongis.mic...@hotmail.fr

invitation_add_to_your_yahoo_calendar:

 
http://calendar.yahoo.com/?v=60ST=20091028T00%2BTITLE=propossition+confidentielleDUR=0100VIEW=din_st=Cher+Salut,+Je+suis+Mrs,+Aliman+Usman,+comptable+a+la+BANQUE+COMMERCIALE+DU+BURKINA+(BCB)+je+vais+vir%c3%a9e+$6.350+000.00+million+(usd)+%c3%a0+etranger+si+vous+pour+vais+me+aide+.+je+vous+enverrons+tous+les+d%c3%a9tails+sur+la+fa%c3%a7on+donc+on+va+fait+le+demache+et+%c3%a9galement+noter+que+vous+aurez+30%25+du+montant+indiqu%c3%a9+.si+vous+%c3%aates+d%27accord+pour+m%27aider+%c3%a0+ex%c3%a9cuter+cette+transaction.+reponne+moi+rapidement+et+s.v.p+ces+un+propossition+confidentielle+merci,+contact+moi+mrs_ali...@rocketmail.comTYPE=10


Copyright ) 2009 All Rights Reserved
 www.yahoo.com

Privacy Policy:
 http://privacy.yahoo.com/privacy/us

Terms of Service:
 http://docs.yahoo.com/info/terms/

Re: 4.6 hang

[Steve Shockley]

Just as an update, I've replaced the one NIC, so the only thing carried 
over from the other machine is the hard drive, and I'm still getting the 
exact same issue.

Re: Sendmail not working with static IP address

[James Commons]

re...@d-compu.dyndns.org wrote:
 James Commons wrote:
 
 What I don't understand is why the message is sent correctly when I have
 my OpenBSD box set to DHCP, but not sent when it is set with a static IP
 address.

Is it possible that you rely on DHCP to give you a default route, so there
is none when using a static IP address ? (man mygate may be your friend)


There is definitely a gateway defined despite the static IP:

$ cat /etc/mygate
192.168.123.254

(And route show lists the same gateway on both static IP and DHCP 
configurations.)

I was able to get mail to forward properly by changing the hostname on the 
machine with the static IP (/etc/myname and /etc/hosts) from 
myserver.mydomain.net (which is a CNAME to a DynDNS hostname) to 
myserver.my.domain (which isn't a real domain and can't be resolved).

$ ping myserver.mydomain.net
PING myhost.dyndns.org (XX.XX.XX.XX): 56 data bytes
64 bytes from XX.XX.XX.XX: icmp_seq=0 ttl=64 time=0.454 ms
64 bytes from XX.XX.XX.XX: icmp_seq=1 ttl=64 time=0.290 ms

$ ping myhost.my.domain
ping: unknown host: myhost.my.domain

It looks like sendmail is doing some type of smart lookups. When my machine 
name can be resolved back to an IP address, it tries to use that IP address to 
send the message (and fails), but when my machine name doesn't resolve sendmail 
defaults to its local MTA to send the message which works.

Changing the hostname is a workaround -- now I need to figure out how to change 
the sendmail configuration to not do these smart lookups.

James

Como vencer na vida. SABER COMANDAR E SABER INSTRUIR.

[as1780...@sapo.pt]

MAIL ERROR

ldpd in OpenBSD 4.6

[Nick Davey]

Hello,
I noticed the release notes of 4.6 referred to ldpd, and label
switching functionality, but I haven't found any of the binaries or
man pages. Did this feature not make the release?

Thanks,
Nick

powering off with shutdown -hp?

[Fred Snurd]

I've just resurrected an old Pentium 3 system with the 22 October i386 snapshot 
of OpenBSD 4.6-current.  It works great, however after issuing shutdown -hp 
now (I'm greeted with the message shutdown: switch -p must be used with -h. 
when using shutdown -p now), I'm getting the system message syncing disks... 
done followed by Attempting to power down  The system never shuts off.

From the dmesg (below), this appears to be an old APM-based motherboard.  The 
shutdown(8) manpage states that  not all hardware supports automatic power 
down.  That's fine if this hardware doesn't support it, but given the 
Attempting to power down... message, I am curious if it might be possible.

I'm including the dmesg output below along with pcidump -v and pcidump -x.  If 
you would like more information, please let me know.

Thanks!.

# dmesg | more
OpenBSD 4.6-current (GENERIC) #325: Thu Oct 22 20:38:45 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class, 512KB L2 cache) 599 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX,FXSR,SSE
real mem  = 804864000 (767MB)
avail mem = 771416064 (735MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/17/00, BIOS32 rev. 0 @ 0xfd7a0, SMBIOS 
rev. 2.1 @ 0xefbe0 (
42 entries)
bios0: vendor Intel Corp. version 4S4EB2X0.86A.0024.P17 date 08/17/2000
bios0: Intel Corporation SE440BX-2
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd7a0/0x860
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xe/0x4000! 
0xe4000/0xc000
cpu0 at mainbus0: (uniprocessor)
cpu0: disabling processor serial number
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xf800, size 0x400
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 Matrox MGA G400/G450 AGP rev 0x05
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 
wired to compatibility
, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: ST3160815A
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: PLEXTOR, DVDR PX-820A, 1.00 ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 9
piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x02: SMI
iic0 at piixpm0
lmenv0 at iic0 addr 0x2d: adm9240 rev 2, starting scan
spdmem0 at iic0 addr 0x50: 256MB SDRAM ECC PC133CL2
spdmem1 at iic0 addr 0x51: 256MB SDRAM ECC PC133CL2
spdmem2 at iic0 addr 0x52: 256MB SDRAM ECC PC133CL2
em0 at pci0 dev 13 function 0 Intel PRO/1000GT (82541GI) rev 0x05: irq 11, 
address 00:1b:21:0f:8b:
43
fxp0 at pci0 dev 14 function 0 Intel 8255x rev 0x08, i82559: irq 10, address 
00:90:27:a7:50:80
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
ohci0 at pci0 dev 15 function 0 NEC USB rev 0x43: irq 5, version 1.0
ohci1 at pci0 dev 15 function 1 NEC USB rev 0x43: irq 9, version 1.0
ehci0 at pci0 dev 15 function 2 NEC USB rev 0x04: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 NEC EHCI root hub rev 2.00/1.00 addr 1
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 NEC OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 NEC OHCI root hub rev 1.00/1.00 addr 1
biomask eb65 netmask ef65 ttymask 
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

# pcidump -v
Domain /dev/pci0:
 0:0:0: Intel 82443BX AGP
0x: Vendor ID: 8086 Product 

Re: minor bump is src/.../shlib_version

[Philip Guenther]

On Tue, Oct 27, 2009 at 5:16 AM, Charles Smith chasm_...@yahoo.com wrote:
 When there is a major bump in src/.../shlib_version files,
 snapshots sets must be correspond with snapshots packages.
...
 Maybe with minor bump too?

No.  That's the difference between a major bump and a minor bump:
major must match exactly, while the minor version may be higher on the
library than what the executable was linked against.

(Yes, this implies that developers must have a discipline about
version number bumps, but it's a subtler problem from the developer
side, gauging when a minor or major is needed, so some times there are
slips that get caught later...)


Philip Guenther