Re: Smtpd use
I use smtpd from OpenBSD 4.7 Release, it is why it doesn't work ? On Tue, 17 Aug 2010 23:06:40 +0200, Gilles Chehade gil...@poolp.org wrote: On Tue, Aug 17, 2010 at 11:24:37PM +0400, open...@e-solutions.re wrote: Hi, Today, i tried to build a mailserver for one domain : totoxx.org Here my smtpd.conf : listen on lo0 listen on em0 hostname puffymail.my.domain map aliases { source db /etc/mail/aliases.db } map virtual { source db /etc/mail/virtual.db } accept for local deliver to mbox accept from all for domain totoxx.org deliver to box I ve a user : contact on the box. And here my virtual file : cont...@totoxx.org: contact I can receive mails. It works good. But how can i send mail? i need to use sendmail? How can i modify my configuration to send emails ? Thank's for your advices. your mail lacks essential information: what smtpd are you running ? is it current ? in which case your configuration is broken is it not current ? in which case you should run smtpd -current Gilles
Re: MTA choice
* Gregory Edigarov g...@bestnet.kharkov.ua [2010-08-17 09:29]: Qmail??? Postfix??? easiest to use Oh, please don't... I would even not give a dime to exim, which of the big guys I love the most, in the terms of ease of configure. So now I definitelly see OpenSMTPD as a very viable alternative. exim is also the one with 80s design (even sendmail abandoned that) and shit code. pretty much ANYTHING else is a better choice. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: MTA choice
On Wed, 18 Aug 2010 10:07:58 +0200 Henning Brauer lists-open...@bsws.de wrote: * Gregory Edigarov g...@bestnet.kharkov.ua [2010-08-17 09:29]: Qmail??? Postfix??? easiest to use Oh, please don't... I would even not give a dime to exim, which of the big guys I love the most, in the terms of ease of configure. So now I definitelly see OpenSMTPD as a very viable alternative. exim is also the one with 80s design (even sendmail abandoned that) and shit code. pretty much ANYTHING else is a better choice. Agreed. That left us to only the choice between sendmail/OpenSMTPD :) I would definitelly advise for Opensmtpd, but not yet, at least not before the 4.8 rel will be rolled, though in 4.7 it is quite stable, and runs perfectly on a handful of my places. Meta1, which is viewed by some as a sendmail made right is still in very deep pre-alpha state... what a pity. -- With best regards, Gregory Edigarov
Re: MTA choice
On Wed, Aug 18, 2010 at 12:10:47PM +0300, Gregory Edigarov wrote: Agreed. That left us to only the choice between sendmail/OpenSMTPD :) I would definitelly advise for Opensmtpd, but not yet, at least not before the 4.8 rel will be rolled, though in 4.7 it is quite stable, and runs perfectly on a handful of my places. It works at home too, with a bit of hackery by myself. A while ago I noticed OpenSMTPD didn't deliver to aliases, but I'm unsure if it has been fixed yet or if I and mouring were the only ones that had the problem. I'm looking for the next release so that I can test this and know for sure! Meta1, which is viewed by some as a sendmail made right is still in very deep pre-alpha state... what a pity. -- With best regards, Gregory Edigarov regards, -peter
Re: AD1984A sound card on -current issue
2010/8/10 Jacob Meuser jake...@sdf.lonestar.org On Tue, Aug 10, 2010 at 04:03:24PM +0300, Oleksii Zhmyrov wrote: Hi, misc@ I'm trying to run -current (20100809) on HP 2133 MiniNote laptop. It seems to me strange that sound card AD1984A on VIA VT8237S HDA controller doesn't appear in dmesg at all. your problem is that the controller, which is a PCI device, is not found. probably has nothing at all to do with the AD1984A codec. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org When acpi0 and apm0 are disabled, sound card works fine. -- Oleksii Zhmyrov National Technical University of Ukraine Kyiv Polytechnic Institute, Institute of Physics and Technology Tel: +38 (063) 496 2695
Re: undeadly article
On Tue, 17 Aug 2010, J.C. Roberts wrote: My article was just a humorous retelling of the very typical problems seen by people traveling. The trouble with humor is it can make no sense across language or cultural barriers. I like to think the world is a better place when we can laugh, but unfortunately, due to cultural and language differences, some people will not understand or appreciate all of the jokes. If you asked me to understand a language other than English, I would fail miserably, but if you asked me to understand jokes in another language or from another culture, I would fail even worse. You would have to explain the jokes to me, and even then I might not get them due to lack of experience. I don't think language was a barrier. He can write in English, unlike me, very well. Anyway, I laughed a lot.
Re: MTA choice
On Wed, Aug 18, 2010 at 12:10:47PM +0300, Gregory Edigarov wrote: On Wed, 18 Aug 2010 10:07:58 +0200 Henning Brauer lists-open...@bsws.de wrote: * Gregory Edigarov g...@bestnet.kharkov.ua [2010-08-17 09:29]: Qmail??? Postfix??? easiest to use Oh, please don't... I would even not give a dime to exim, which of the big guys I love the most, in the terms of ease of configure. So now I definitelly see OpenSMTPD as a very viable alternative. exim is also the one with 80s design (even sendmail abandoned that) and shit code. pretty much ANYTHING else is a better choice. Agreed. That left us to only the choice between sendmail/OpenSMTPD :) I would definitelly advise for Opensmtpd, but not yet, at least not before the 4.8 rel will be rolled, though in 4.7 it is quite stable, and runs perfectly on a handful of my places. Unfortunately it still lacks features required for many setups, I only use it and recommand to use it for people who have simple setups and who know their setup isn't going to evolve for a while... Gilles -- Gilles Chehade freelance developer/sysadmin/consultant http://www.poolp.org
Re: MTA choice
On Wed, Aug 18, 2010 at 11:19:10AM +0200, Peter J. Philipp wrote: On Wed, Aug 18, 2010 at 12:10:47PM +0300, Gregory Edigarov wrote: Agreed. That left us to only the choice between sendmail/OpenSMTPD :) I would definitelly advise for Opensmtpd, but not yet, at least not before the 4.8 rel will be rolled, though in 4.7 it is quite stable, and runs perfectly on a handful of my places. It works at home too, with a bit of hackery by myself. A while ago I noticed OpenSMTPD didn't deliver to aliases, but I'm unsure if it has been fixed yet or if I and mouring were the only ones that had the problem. I'm looking for the next release so that I can test this and know for sure! That is strange, I have a few instances running with aliases resolution, maybe your configuration is broken ? Gilles -- Gilles Chehade freelance developer/sysadmin/consultant http://www.poolp.org
Re: GCC manpage glitch
Hi Kristaps, not sure misc@ is the ideal list for discussing this (as opposed to, say, discuss at mdocml dot bsd dot lv), but as you started here and the topic will soon be finished: Kristaps Dzonsons wrote on Mon, Aug 16, 2010 at 11:38:09AM +0200: Good catch. For any roff people, the culprit was .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' The \v and \h escapes weren't being properly handled in mandoc (vertical positioning... ugh), nor was a missing sign in \s. Stuff like \s0 or \s12 may not be documented in the GNU troff manuals - i did not check - but the Nroff/Troff User's Manual by Ossanna, Kernighan, and Ritter, available as part of the Heirloom Documentation Tools, see http://heirloom.sourceforge.net/doctools.html does document it: Alternatively the point size may be changed between any two characters by imbedding a \sN at the desired point to set the size to N, or a \s1N (1=N=8) to increment/decrement the size by N; \s0 restores the previous size. (section 2.3) Oh, and by the way, \s39 appears to be equivalent to \s'36', while \s40 appears to be equivalent to \s'4'0 - that is, in the letter case, the character '0' appears in the output stream, in font size 4pt! But i'm not sure we really need to extend quirk-compatibility down to that level of ugliness. Looks like somebody applied the principle of biggest surprise when designing this. Yours, Ingo
Re: help on rewriting ftp-proxy rules for 4.7 up
* Peter N. M. Hansteen pe...@bsdly.net [2010-08-17 12:09]: Dimitar Vassilev dimitar.vassi...@gmail.com writes: $tg_in on $ext_if inet proto udp from any to any port=syslog $tg_in on $ext_if from any to any flags P/FSRPAUEW $tg_in on $ext_if from any to any flags FPU/FSRPAUEW $tg_in on $ext_if from any to any flags FPU/FPU $tg_in on $ext_if from any to any flags /FSRA $tg_in on $ext_if from any to any flags FS/FSRA $tg_in on $ext_if from any to any flags FSPU/FSPRAU $tg_in on $ext_if from any to any flags FPU/FSRPAU $tg_in on $ext_if from any to any flags /FSRPAU $tg_in on $ext_if from any to any flags F/FSRA $tg_in on $ext_if from any to any flags U/FSRAU $tg_in on $ext_if from any to any flags S/FSRPAU $tg_in on $ext_if from any to any flags P/FSRPAU $tg_in on $ext_if from any to any flags A/A $tg_in on $ext_if from any to any flags P/P (otherwise, we will call it 'flags wanking', nevermind the quick gushers) it is nmap masturbation. utterly useless, stupid bullshit. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: undeadly article
Hello, My post was not intended as a direct hit for the article. I told my opinion to misc@ because undeadly ask for subscription, no more anonymous coward post. Am I wrong ? I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. If you start playing, they will answer accordingly, not because you look like a suspect, it is more like an answer. Do you really think they like what they are doing, Robert ? How whould you feel inspecting people's luggage like a thief ? Or suspecting them ? Those are the rules ... I like the humour on undeadly, but this article was not for me. I saw a guy who was tried to get as more attention as he can. You don't need the fifth wheel on a running car, Robert. Four are enough. If you insist to use it, you will get people attention for sure. The gipsy part is not funny also, but this is clear not for m...@. Have fun ! (but not in sensible areas).
Re: undeadly article
And if you are a veteran air traveler you know that those so called security guards aren't what they crack up to be. They do not have a nose for anything and the entire security apparatus is nothing but subsidized labor. On Wed, Aug 18, 2010 at 04:28:57PM +0300, Mihai Popescu B.S. wrote: Hello, My post was not intended as a direct hit for the article. I told my opinion to misc@ because undeadly ask for subscription, no more anonymous coward post. Am I wrong ? I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. If you start playing, they will answer accordingly, not because you look like a suspect, it is more like an answer. Do you really think they like what they are doing, Robert ? How whould you feel inspecting people's luggage like a thief ? Or suspecting them ? Those are the rules ... I like the humour on undeadly, but this article was not for me. I saw a guy who was tried to get as more attention as he can. You don't need the fifth wheel on a running car, Robert. Four are enough. If you insist to use it, you will get people attention for sure. The gipsy part is not funny also, but this is clear not for m...@. Have fun ! (but not in sensible areas).
Re: undeadly article
On Wed, Aug 18, 2010 at 04:28:57PM +0300, Mihai Popescu B.S. wrote: Hello, My post was not intended as a direct hit for the article. I told my opinion to misc@ because undeadly ask for subscription, no more anonymous coward post. Am I wrong ? I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. bullshit. sorry, but that is not true. I regularly get picked on by authority, but it's alwasy just been a pointless hassle. I'll never forget the time a cop stopped me in my own neighborhood, in the rain, for walking against a signal, when his car was the only moving vehicle within a half mile. the best part was when he dropped his papers in a puddle. If you start playing, they will answer accordingly, not because you look like a suspect, it is more like an answer. the only playing was their own game. after all, it is they who choose to start the games. Have fun ! (but not in sensible areas). but see, if authority can't take that you're laughing because their questions and assumptions *really are* ridiculous ... the lady in the office where jcr was held when we met him was in charge of the place. and it's clear why she was in charge. she was sharp and no-nonsense. of course, you want such people in charge of such places. even after we got out of that office I still had to deal with another person who inspected my bags. with this uy though, I shared a good laugh, even though he was pretty thorough. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: GCC manpage glitch
Stuff like \s0 or \s12 may not be documented in the GNU troff manuals - i did not check - but the Nroff/Troff User's Manual by Ossanna, Kernighan, and Ritter, available as part of the Heirloom Documentation Tools, see http://heirloom.sourceforge.net/doctools.html does document it: Alternatively the point size may be changed between any two characters by imbedding a \sN at the desired point to set the size to N, or a \sB1N (1=N=8) to increment/decrement the size by N; \s0 restores the previous size. (section 2.3) Oh, and by the way, \s39 appears to be equivalent to \s'36', while \s40 appears to be equivalent to \s'4'0 - that is, in the letter case, the character '0' appears in the output stream, in font size 4pt! But i'm not sure we really need to extend quirk-compatibility down to that level of ugliness. Looks like somebody applied the principle of biggest surprise when designing this. I procrastinated this morning with a numeric subexpression filter, but it's clear this won't end with super-pretty results. For example, .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] ^^^^ The I is removed in troff -Tascii due to the subsequent \h (with -Tps, it renders). I don't think mandoc should be going down this rabbithole: even with a subexpression parser, which shouldn't be /too/ difficult, it would need full \h intelligence, and thus numeric calculations, to format this properly. Take the pod2man preamble's documentation to heart: .\ Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\ Fear. Run. Save yourself. No user-serviceable parts. .\ fudge factors for nroff and troff Really? In production code? Thanks. Furthermore, as you can see in the \h'-\w'I'u*3/5', the subexpression needn't even be parenthesised. I think the least complicated measure is to teach mandoc to have numeric subexpressions, i.e., only for \s, \h, \v, and \w. The more pod2man we can handle, the better. Or better yet, maybe somebody wants to tackle a pod2mdoc? :-) Kristaps
Re: No VLAN Tag seen by switch on CARP interface on VLAN interface
All is working fine! Thanks a lot and sorry I had missed the original reply. On 08/17/2010 07:21 AM, Steve Johnson wrote: Excellent, thanks a lot for the reply! Really appreciated. I'll try this out today and will update with results. Steve On 08/16/2010 06:58 PM, Stuart Henderson wrote: On 2010-08-16, Steve Johnsonmaill...@sjohnson.info wrote: Hi, I'm really sorry to resend about this, but I have tried to do this in many different ways and can't figure out anything more. I'm about to do a change and add physical network card to remove VLANs from this FW altogether, but since we would much rather have VLANs functioning, and that by the looks of it it should be, I thought I'd ask just one last time in case someone else sees this and might have a hint. Newsgroups: gmane.os.openbsd.misc From: Stuart Hendersons...@spacehopper.org Subject: Re: No VLAN Tag seen by switch on CARP interface on VLAN interface References:4c584a70.2030...@sjohnson.info 4c5affb1.3080...@sjohnson.info 4c5ffa50.1020...@sjohnson.info Date: Tue, 10 Aug 2010 10:35:55 +0100 User-Agent: slrn/0.9.9p1 (OpenBSD) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID:slrn3vfsi627br.d2t@naiad.spacehopper.org On 2010-08-09, Steve Johnsonmaill...@sjohnson.info wrote: Sorry about forgetting dmesg, thanks for the info about inline/pastebin. Since this was very long information, I really wasn't sure. Here are all the details inline: Thanks, you will need to apply this patch (from r1.242 of /sys/dev/pci/if_em.c), and rebuild a kernel. Alternatively move to -current where it's fixed. Index: if_em.c === RCS file: /cvs/src/sys/dev/pci/if_em.c,v retrieving revision 1.241 retrieving revision 1.242 diff -u -p -r1.241 -r1.242 --- if_em.c 26 Jul 2010 19:21:24 - 1.241 +++ if_em.c 3 Aug 2010 16:21:52 - 1.242 @@ -1816,7 +1816,8 @@ em_setup_interface(struct em_softc *sc) ifp-if_capabilities = IFCAP_VLAN_MTU; #if NVLAN 0 - ifp-if_capabilities |= IFCAP_VLAN_HWTAGGING; + if (sc-hw.mac_type != em_82575) + ifp-if_capabilities |= IFCAP_VLAN_HWTAGGING; #endif #ifdef EM_CSUM_OFFLOAD
Re: AD1984A sound card on -current issue
Here is dmesg with acpi0 and apm0 disabled: OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA C7-M Processor 1600MHz (CentaurHauls 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR real mem = 937717760 (894MB) avail mem = 912420864 (870MB) User Kernel Config UKC disable acpi0 471 acpi0 disabled UKC disable apm0 351 apm0 disabled UKC exit Continuing... mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/20/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfc590 (19 entries) bios0: vendor Hewlett-Packard version 68VGU Ver. F.05 date 08/20/2008 bios0: Hewlett-Packard 3030 acpi at bios0 function 0x0 not configured mpbios0 at bios0: Intel MP Specification 1.4 cpu0 at mainbus0: apid 0 (boot processor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA cpu0: apic clock running at 199MHz mpbios0: bus 0 is type PCI mpbios0: bus 1 is type PCI mpbios0: bus 2 is type PCI mpbios0: bus 3 is type PCI mpbios0: bus 4 is type PCI mpbios0: bus 5 is type PCI mpbios0: bus 6 is type PCI mpbios0: bus 128 is type PCI mpbios0: bus 129 is type ISA ioapic0 at mainbus0: apid 1 pa 0xfec0, version 3, 24 pins ioapic1 at mainbus0: apid 2 pa 0xfecc, version 3, 24 pins mpbios: can't find bus 7 for apic 1 pin 16 pcibios0 at bios0: rev 3.0 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5ed0/208 (11 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237S ISA rev 0x00) pcibios0: PCI bus #128 is the last bus bios0: ROM list: 0xc/0xcc00 cpu0: unknown Enhanced SpeedStep CPU, msr 0x0406081104000811 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1597 MHz: speeds: 1600, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA P4M900 Host rev 0x00 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xf000, size 0x1000 pchb1 at pci0 dev 0 function 1 VIA P4M900 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA P4M900 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA P4M900 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA P4M900 Host rev 0x00 VIA P4M900 IOAPIC rev 0x00 at pci0 dev 0 function 5 not configured pchb5 at pci0 dev 0 function 6 VIA P4M900 Security rev 0x00 pchb6 at pci0 dev 0 function 7 VIA P4M900 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci_intr_map: bus 0 dev 1 func 0 pin 1; line 11 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 1 func 0 pin 2; line 5 pci_intr_map: no MP mapping found pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA Chrome9 HC IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 2 function 0 VIA P4M900 PCI-PCI rev 0x80: apic 2 int 3 (irq 10) pci2 at ppb1 bus 2 Broadcom BCM4312 rev 0x02 at pci2 dev 0 function 0 not configured ppb2 at pci0 dev 3 function 0 VIA P4M900 PCI-PCI rev 0x80: apic 2 int 7 (irq 10) pci3 at ppb2 bus 5 pciide0 at pci0 dev 15 function 0 VIA VT8237S SATA rev 0x00: DMA pciide0: using apic 1 int 21 (irq 5) for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: ST9120817AS wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0xb0: apic 1 int 20 (irq 11) uhci1 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0xb0: apic 1 int 21 (irq 3) uhci2 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0xb0: apic 1 int 23 (irq 7) ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: apic 1 int 21 (irq 3) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237S ISA rev 0x00 iic0 at viapm0 lisa0 at iic0 addr 0x1d: lis331dl spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL5 SO-DIMM pchb7 at pci0 dev 17 function 7 VIA VT8251 VLINK rev 0x00 ppb3 at pci0 dev 19 function 0 VIA VT8237A PCI-PCI rev 0x00 pci_intr_map: bus 0 dev 19 func 0 pin 1; line 3 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 19 func 0 pin 3; line 3 pci_intr_map: no MP mapping found pci4 at ppb3 bus 128 azalia0 at pci4 dev 1 function 0 VIA HD Audio rev 0x10: apic 1 int 17 (irq 5) azalia0: codecs: Analog Devices AD1984A audio0 at azalia0 ppb4 at pci0 dev 19 function 1 VIA VT8237A PCI-PCI rev 0x00 pci_intr_map: bus 0 dev 19 func 1 pin 1; line 3 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 19 func 1 pin 3; line 3 pci_intr_map: no MP mapping found pci5 at ppb4 bus 7 bge0 at pci5 dev 3 function 0 Broadcom BCM5788 rev 0x03pci_intr_map: bus 7 dev 3 func 0 pin 1; line 11 pci_intr_map: no MP mapping found , BCM5705 A3 (0x3003): irq 11, address 00:25:b3:5a:a0:c5 brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2
Re: MTA choice
On Wed, 18 Aug 2010 11:19:10 +0200 Peter J. Philipp p...@centroid.eu wrote: It works at home too, with a bit of hackery by myself. A while ago I noticed OpenSMTPD didn't deliver to aliases, but I'm unsure if it has been fixed yet or if I and mouring were the only ones that had the problem. I'm looking for the next release so that I can test this and know for sure! Make sure that you didn't make the same mistake as I did: http://marc.info/?l=openbsd-miscm=125664373516070 regards, Robert
Re: MTA choice
On Wed, Aug 18, 2010 at 07:00:25PM +0200, Robert wrote: On Wed, 18 Aug 2010 11:19:10 +0200 Peter J. Philipp p...@centroid.eu wrote: It works at home too, with a bit of hackery by myself. A while ago I noticed OpenSMTPD didn't deliver to aliases, but I'm unsure if it has been fixed yet or if I and mouring were the only ones that had the problem. I'm looking for the next release so that I can test this and know for sure! Make sure that you didn't make the same mistake as I did: http://marc.info/?l=openbsd-miscm=125664373516070 regards, Robert Thanks. I'm trying to interpret that marc archive right. Was it that you had your /etc/mailer.conf not updated to the opensmtpd binaries? Well anyhow you made me look if my problem persists, so I tried it on a fairly recent -current box (August 2nd) and I'm still seeing the fails that I had before. Here is a session with opensmtpd: # telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 uranus.centroid.eu ESMTP OpenSMTPD helo remote 250 uranus.centroid.eu Hello remote [IPv6:::1], pleased to meet you mail from: p...@solarscale.de 250 2.1.0 Sender ok rcpt to: secur...@solarscale.de 530 5.0.0 Recipient rejected: secur...@solarscale.de quit 221 2.0.0 uranus.centroid.eu Closing connection Connection closed by foreign host. Notice the 530 error, I'm unsure what this means but the log says: Aug 18 19:31:13 caliban smtpd: (none): from=p...@solarscale.de, relay=localhost.solarscale.de [IPv6:::1], stat=LocalError (530 5.0.0 Recipient rejected: secur...@solarscale.de) So to show you my /etc/mailer.conf: # $OpenBSD: mailer.conf,v 1.3 2000/04/06 18:24:19 millert Exp $ # # Execute the real sendmail program, named /usr/libexec/sendmail/sendmail # sendmail/usr/sbin/smtpctl send-mail /usr/sbin/smtpctl makemap /usr/libexec/smtpd/makemap newaliases /usr/libexec/smtpd/makemap Notice, makemap and newaliases point to the opensmtpd binaries. Next I want to show you my aliases file from /etc/mail/aliases: # more aliases # daemon: root operator: root bin:root smmsp: root popa3d: root sshd: root uucp: root www:root named: root proxy: root nobody: root root: pjp pjp:p...@solarscale.de security: root # And lastly I'd like to show you my config: # $OpenBSD: smtpd.conf,v 1.1 2009/03/17 00:00:16 gilles Exp $ # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. hostname uranus.centroid.eu map aliases { source db /etc/mail/aliases.db } listen on localhost listen on vic0 accept for local deliver to mda /usr/local/bin/procmail -f - # must be from all because from local is default accept from all for domain solarscale.de deliver to mda /usr/local/bin/procmail -f - accept from all for domain centroid.eu deliver to mda /usr/local/bin/procmail -f - accept from all for domain uranus.centroid.eu deliver to mda /usr/local/bin/procmail -f - accept from all for domain goldflipper.net deliver to mda /usr/local/bin/procmail -f - accept for all relay via 127.0.0.1 port 9025 So anyhow if you can spot the error, I'd be grateful otherwise I assume what I want from opensmtpd is still not working. Regards, -peter
Re: undeadly article
On Wed, 18 Aug 2010 16:28:57 +0300 Mihai Popescu B.S. mihai...@gmail.com wrote: I like the humour on undeadly, but this article was not for me. I saw a guy who was tried to get as more attention as he can. Mihai, You still don't understand. http://en.wikipedia.org/wiki/Sarcasm In writing, I had the choice between complaining about all of my time wasted by the various security people, or joking about how much time I could waste. The latter is called sarcasm. It's no different than joking about the sun being too bright at night (hint: the sun doesn't shine at night). jcr -- The OpenBSD Journal - http://www.undeadly.org
Re: Some apps kill/hang X when using scrotwm(1) as wm
On Tue, Aug 17, 2010 at 10:20:23PM +0200, Jiri B. wrote: On Tue, 17 Aug 2010 06:40:21 -0500 Marco Peereboom sl...@peereboom.us wrote: dmesg? I have to first eliminate potential involvement of i/o slowdown because of big use of softraid (i have everything except '/' on softraid). On Tue, Aug 17, 2010 at 10:24:17AM +0200, Jiri B. wrote: did someone saw similar problem in scrotwm(1)? Eg. when I start xeyes(1) on empty workspace from menu M-p it simply shut down X. If I start eg. xcalc(1) then everything is ok. Another problem is with xlock(1). When I want to lock my screen and start xlock(1) eg. this way 'xlock -mode atlantis' then my computer completely hangs and I must to turn it off with button on case. Last problem which I discovered is with warzone game. When I start it on empty workspace then it says that timing of monitor is not ok for this app and X is not working anymore and I must kill X from console. So someone here with similar behaviour? scrotwm works OK for me with latest snapshot on Lenovo T400 (i386). But it is incredebily slow comparable with same setup on Ubuntu :( Anyway, this always makes my scrotwm to be f*cked up: `mplayer -fs -vo sdl video' Why are you using sdl for video playing in the first place? Almost always the default XVideo one is the one you want. -0- -- To the systems programmer, users and applications serve only to provide a test load.
Re: Some apps kill/hang X when using scrotwm(1) as wm
On Tue, Aug 17, 2010 at 10:56:58AM -0400, Ted Unangst wrote: On Tue, Aug 17, 2010 at 3:30 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: did someone saw similar problem in scrotwm(1)? Eg. when I start xeyes(1) on empty workspace from menu M-p it simply shut down X. If I start eg. xcalc(1) then everything is ok. Another problem is with xlock(1). When I want to lock my screen and start xlock(1) eg. this way 'xlock -mode atlantis' then my computer completely hangs and I must to turn it off with button on case. Last problem which I discovered is with warzone game. When I start it on empty workspace then it says that timing of monitor is not ok for this app and X is not working anymore and I must kill X from console. For the record, it would be nice to test with a different window manager. Bugs in scrotwm do not count as bugs in OpenBSD. M-?xeyesenter in cwm (on current, amd64) runs fine. So i bet a scrotwm bug. Then again the mail contains at least 3 bugs being mentioned, this only treats the first. As for the third (warzone) the monitor timing is probably a warzone or X bug, the rest of the failure could be the WM or the application just not quitting and keeping the keyboard grabbed (that would be an application bug). That can be tested using ssh and kill -9. As a note, scotwm really needs it own mailing list, scrotwm bugs are not really topical for misc. -0- -- She missed an invaluable opportunity to give him a look that you could have poured on a waffle.
Re: SMTP syntax (was: MTA choice)
On Wed, Aug 18, 2010, Peter J. Philipp wrote: mail from: p...@solarscale.de Syntax error. The RFCs do not allow a space after the colon. rcpt to: secur...@solarscale.de same here. It's fascinating how some broken software caused other software to deal with that kind of garbage and almost every new MTA has to implement those hacks to be backward compatible.
Re: undeadly article
J.C. Roberts wrote: On Wed, 18 Aug 2010 16:28:57 +0300 Mihai Popescu B.S. mihai...@gmail.com wrote: I like the humour on undeadly, but this article was not for me. I saw a guy who was tried to get as more attention as he can. Mihai, You still don't understand. http://en.wikipedia.org/wiki/Sarcasm In writing, I had the choice between complaining about all of my time wasted by the various security people, or joking about how much time I could waste. The latter is called sarcasm. It's no different than joking about the sun being too bright at night (hint: the sun doesn't shine at night). jcr -- The OpenBSD Journal - http://www.undeadly.org I thought the writeups from jcr were great. A little lighter and more fun than the usual fare. To be honest, if I had to choose between them and the developer interviews I choose developer interviews. But they are a welcome supplement for sure. I hope they continue.
Re: undeadly article
On Wed, 18 Aug 2010 11:21:19 -0700 Noah Pugsley noa...@bendtel.com wrote: I thought the writeups from jcr were great. A little lighter and more fun than the usual fare. To be honest, if I had to choose between them and the developer interviews I choose developer interviews. But they are a welcome supplement for sure. I hope they continue. mtu@ and I are working on the individual developer interview articles. There's a lot of them, so it will take some time, but we'll publish them as we get them completed. jcr -- The OpenBSD Journal - http://www.undeadly.org
Re: MeTA1 (was: MTA choice)
On Wed, Aug 18, 2010, Gregory Edigarov wrote: Meta1, which is viewed by some as a sendmail made right is still in very deep pre-alpha state... what a pity. Despite being called pre-alpha MeTA1 runs without problems for years at various sites. It's in pre-alpha to make my life easier: I can make changes without offering backward compatibility. While I try to avoid that, it reduces my workload if those changes are deemed necessary (however, I provided scripts/instructions for upgrading each time this happened). Alternatively, I could just go through the release process to make MeTA1-1.0.0 available and then start MeTA1-2.0.PreAlpha0, but I'm not sure whether that's the right thing to do. Do quote the MeTA1 docs: PreAlpha: This means the software is not feature complete and hence might be missing some functionality that is considered important by different users. Additionally, there might be no compatibility in data structures stored on disk between different pre-alpha versions, e.g., when upgrading from PreAlpha16 to PreAlpha17 the main queue format may have changed without checks in the software for this. Hence old queues must be drained before upgrading. Moreover, the protocols used for communication between MeTA1 modules may have changed without providing backward compatibility, therefore modules from different releases must not be used together. Such incompatibilities are usually stated in the list of changes.
Re: MTA choice
On Wed, 18 Aug 2010 19:42:09 +0200 Peter J. Philipp p...@centroid.eu wrote: Thanks. I'm trying to interpret that marc archive right. Was it that you had your /etc/mailer.conf not updated to the opensmtpd binaries? Well anyhow Yes, that's correct. Just to be sure: you did run newaliases? regards, Robert
Re: MTA choice
On Wed, Aug 18, 2010 at 08:47:43PM +0200, Robert wrote: On Wed, 18 Aug 2010 19:42:09 +0200 Peter J. Philipp p...@centroid.eu wrote: Thanks. I'm trying to interpret that marc archive right. Was it that you had your /etc/mailer.conf not updated to the opensmtpd binaries? Well anyhow Yes, that's correct. Just to be sure: you did run newaliases? Yes I did. :-) regards, Robert Cheers, -peter
Re: undeadly article
On Tue, Aug 17, 2010 at 07:30:55PM +0300, Paul Irofti wrote: jcr, please forgive my fellow romanian as us gypsies don't get to travel much and don't know the mysteries of these flying birds and their inner workings. There was enough bigotry and condescension on this list. There was no need to import some more from the Eastern Europe.
networking problem with same vlan on different physical interfaces
I am having an issue with networking and believe that I understand the issue but do not know how to fix the problem. I have two servers set up in a carp + pfsync load balancer on 2 T2000 sparc servers. Each server is configured identically. First I have a physical interface em0 that is plugged into a switch set up as a swithport that is on a vlan629 Second I have a physical interface em2 that is plugged into a switch that is trunked to multiple different vlans including vlan629. The em2 interface is the interface that all the vlans bind to, from there each carp interface binds to appropriate vlan. All of the other vlans are working as expected on the em2 interface except for vlan629. For each vlan I have created a /etc/hostname.vlan* and they all work. Where the problems comes in when I try to ping one of the ip addresses that are assigned to /etc/hostname.vlan629 on either server. I can see ICMP request come in using tcpdump but the ICMP request is not returned. My assumption is that the vlan629 interface does not know how to route back out through the em2 physical interface.Also when using netstat -rn it did not show any routes for vlan629 on em2 but did show the routes for em0. I did some testing by destroying the em0 interface on both servers and rebooting each server. After rebooting the /etc/hostname.vlan629 routes showed up correctly in netstat -rn and I was able to successfully ping each em2 vlan629 interface on both servers. I would like to be able to keep the em0 interface because it has special pf rules that are different than the em2 interface. Any suggestions would be greatly helpful. --jw $ cat /var/run/dmesg.boot console is /virtual-devi...@100/cons...@1 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2010 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.7-current (GENERIC.MP) #53: Mon Jul 12 04:40:58 MDT 2010 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP real mem = 17045651456 (16256MB) avail mem = 16762232832 (15985MB) mainbus0 at root: SPARC Enterprise T2000 cpu0 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu1 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu2 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu3 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu4 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu5 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu6 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu7 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu8 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu9 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu10 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu11 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu12 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu13 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu14 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu15 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu16 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu17 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu18 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu19 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu20 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu21 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu22 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu23 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu24 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu25 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu26 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu27 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu28 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu29 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu30 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz cpu31 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz vbus0 at mainbus0 flashprom at vbus0 not configured cbus0 at vbus0 virtual-channel at cbus0 not configured virtual-channel-client at cbus0 not configured virtual-channel at cbus0 not configured vcons0 at vbus0: ivec 0x111 vrtc0 at vbus0 fma at vbus0 not configured sunvts at vbus0 not configured sunmc at vbus0 not configured explorer at vbus0 not configured led at vbus0 not configured flashupdate at vbus0 not configured ncp at vbus0 not configured vpci0 at mainbus0: bus 2 to 7, dvma map 8000- pci0 at vpci0 ppb0 at pci0 dev 0 function 0 PLX PEX 8532 rev 0xbc pci1 at ppb0 bus 3 ppb1 at pci1 dev 1 function 0 PLX PEX 8532 rev 0xbc pci2 at ppb1 bus 4 em0 at pci2 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: ivec 0x795, address 00:14:4f:cb:95:e4 em1 at pci2 dev 0 function 1 Intel PRO/1000 PT (82571EB) rev 0x06: ivec 0x796, address 00:14:4f:cb:95:e5 ppb2 at pci1 dev 2 function 0 PLX PEX 8532 rev 0xbc pci3 at ppb2 bus 5
Re: undeadly article
Personally, I liked the article. Small change in perspective changes an ordeal into an adventure. Jacob Meuser wrote: On Wed, Aug 18, 2010 at 04:28:57PM +0300, Mihai Popescu B.S. wrote: Hello, My post was not intended as a direct hit for the article. I told my opinion to misc@ because undeadly ask for subscription, no more anonymous coward post. Am I wrong ? I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. bullshit. sorry, but that is not true. Smart security will inevitably outsmart itself. Add respect to polite in the brew. He inspects you. You inspect him. You respect each other. Works better. I regularly get picked on by authority, but it's alwasy just been a pointless hassle. I'll never forget the time a cop stopped me in my own neighborhood, in the rain, for walking against a signal, when his car was the only moving vehicle within a half mile. the best part was when he dropped his papers in a puddle. If you start playing, they will answer accordingly, not because you look like a suspect, it is more like an answer. the only playing was their own game. after all, it is they who choose to start the games. If they are wasting your time they will keep it up. If you are wasting their time they will drop you in a hurry. The best tactic is when you are obviously suppressing a laugh. Have fun ! (but not in sensible areas). but see, if authority can't take that you're laughing because their questions and assumptions *really are* ridiculous ... the lady in the office where jcr was held when we met him was in charge of the place. and it's clear why she was in charge. she was sharp and no-nonsense. of course, you want such people in charge of such places. even after we got out of that office I still had to deal with another person who inspected my bags. with this uy though, I shared a good laugh, even though he was pretty thorough. Watch how a person laughs. Even more a window into the soul than the eyes. Customs tends to be sharper than security. They probably do have a sense of humor, but it is never shared with outsiders. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: networking problem with same vlan on different physical interfaces
vlans or not, it will generally not work as you seem to expect to have two interfaces in the same subnet. pf and route-to might be enough to make it work, but you should probably just configure the different addresses on one interface. Or, maybe I'm completely mistaken, but judging from only a dmesg it is rather hard to tell what you're trying to accomplish. You should include at least ifconfig output and hostname.* files, probably also the pf rules you mention. Jussi Peltola
Re: undeadly article
J.C. Roberts wrote: On Wed, 18 Aug 2010 11:21:19 -0700 Noah Pugsley noa...@bendtel.com wrote: I thought the writeups from jcr were great. A little lighter and more fun than the usual fare. To be honest, if I had to choose between them and the developer interviews I choose developer interviews. But they are a welcome supplement for sure. I hope they continue. mtu@ and I are working on the individual developer interview articles. There's a lot of them, so it will take some time, but we'll publish them as we get them completed. jcr -- The OpenBSD Journal - http://www.undeadly.org Oh of course. I completely understand. Hope that didn't sound like a complaint. I'm thankful for how fast they've been coming so far. Anyway.
Re: undeadly article
Mihai Popescu B.S. mihai...@gmail.com wrote: I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. The only security personnel with a good nose are those cute little dogs that smell out apples and other food items you are not allowed to bring into the country. -- Christian naddy Weisgerber na...@mips.inka.de
Re: Some apps kill/hang X when using scrotwm(1) as wm
On 08/18/10 14:02, Owain Ainsworth wrote: ... As a note, scotwm really needs it own mailing list, scrotwm bugs are not really topical for misc. and a graphic! don't forget a graphi...er..hmmm Maybe that wouldn't be such a good idea. Nick.
Re: undeadly article
On Wed, Aug 18, 2010 at 04:39:30PM -0400, Tony Abernethy wrote: Personally, I liked the article. Small change in perspective changes an ordeal into an adventure. Jacob Meuser wrote: On Wed, Aug 18, 2010 at 04:28:57PM +0300, Mihai Popescu B.S. wrote: Hello, My post was not intended as a direct hit for the article. I told my opinion to misc@ because undeadly ask for subscription, no more anonymous coward post. Am I wrong ? I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. bullshit. sorry, but that is not true. Smart security will inevitably outsmart itself. Add respect to polite in the brew. He inspects you. You inspect him. You respect each other. Works better. sure. I am always very polite wih authority. there was never any disrespect put out by me. as I said, I *want* these people to do a good job. they've got good people, it's the things/ways they are/aren't taught that is the problem. I regularly get picked on by authority, but it's alwasy just been a pointless hassle. I'll never forget the time a cop stopped me in my own neighborhood, in the rain, for walking against a signal, when his car was the only moving vehicle within a half mile. the best part was when he dropped his papers in a puddle. If you start playing, they will answer accordingly, not because you look like a suspect, it is more like an answer. the only playing was their own game. after all, it is they who choose to start the games. If they are wasting your time they will keep it up. If you are wasting their time they will drop you in a hurry. The best tactic is when you are obviously suppressing a laugh. well, they held us there, for nothing but having more than one laptop and looking like a poor hippie. I didn't care, I figured it was all going to happen anyway. but maybe while they were busy with us, they were letting some slick and polite well dressed one laptop carrying creep go who they should have looked at closer? who knows. Have fun ! (but not in sensible areas). but see, if authority can't take that you're laughing because their questions and assumptions *really are* ridiculous ... the lady in the office where jcr was held when we met him was in charge of the place. and it's clear why she was in charge. she was sharp and no-nonsense. of course, you want such people in charge of such places. even after we got out of that office I still had to deal with another person who inspected my bags. with this uy though, I shared a good laugh, even though he was pretty thorough. Watch how a person laughs. Even more a window into the soul than the eyes. Customs tends to be sharper than security. They probably do have a sense of humor, but it is never shared with outsiders. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
PF 'traceroute -I host' 'tracert host' problem
Hi I move from 4.6 to 4.7, rewrite my pf.conf rules to match new style. Everything works fine, but when I try to traceroute a host with -I flag (force to use icmp) on my obsd fw I got Request time out on all hops exclude the last one, which I was my target to traceroute. Here is an example: [ns]~$ traceroute -I data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 web.data.bg (195.149.248.130) 0.740 ms 0.707 ms 0.733 ms As you can see only the last hop is present. Example without -I flag (using udp); [ns]~$ traceroute data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 40 byte packets 1 gw.tbc.bg (94.26.7.33) 0.591 ms 0.462 ms 0.443 ms 2 peer.tbc.bg (94.26.50.2) 0.961 ms 1.317 ms 1.965 ms 3 85.91.141.65 (85.91.141.65) 0.866 ms 0.905 ms 1.93 ms 4 web.data.bg (195.149.248.130) 0.847 ms 0.732 ms 0.712 ms When I use 'tracert host' on MS Windows box behind my obsd fw, I got a same behavior C:\Users\Administratortracert data.bg Tracing route to data.bg [195.149.248.130] over a maximum of 30 hops: 11 ms1 ms1 ms ns.bsdbg.net [192.168.1.1] 2 *** Request timed out. 3 *** Request timed out. 4 *** Request timed out. 51 ms 1 ms 1 ms web.data.bg [195.149.248.130] Trace complete. Here first hop is my obsd fw. I use tcpdump to see what actually happens: [ns]~# tcpdump -nettti pflog0 host vlado and icmp tcpdump: listening on pflog0, link-type PFLOG Aug 19 02:29:32.165656 rule 85/(match) pass in on em1: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168104 rule 120/(match) pass out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168117 rule 17/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168128 rule 16/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168593 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:33.168613 rule 14/(match) block out on em1: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:36.960715 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:40.960831 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:44.962196 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:48.961438 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:52.961678 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:56.960795 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:00.960785 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:05.002249 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:08.960640 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.961639 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.962888 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply When I turn off pf (pfctl -d) 'traceroute -I' work as it should. I really don't know what happen. Thanks in advance, Atanas Here is my pf.conf ## pf.conf ## Macros ## ### Interfaces ### ExtIf =em0 IntIf =em1 ### Hosts ### vl=192.168.1.2 jl=192.168.1.3 ve=192.168.1.4 ntp=192.168.1.5 ### Queues, States and Types ### IcmpType =icmp-type 8 code 0 SynState =flags S/SAFR synproxy state TcpState =flags S/SAFR modulate state UdpState =keep state ### Ports ### # Squid squid=2020 # Remote Desktop Connection rdc_int=3389 rdc_ext=4000 # Skype vl_skype=30001 jl_skype=30002 ve_skype=30003 # uTorrent vl_torrent=30004 jl_torrent=30005 ve_torrent=30006 urange=30004:30006 # HFS vl_hfs=8080 # VsFTP ftprange=55000:6 FtpPort =8021 # Symux symux=2100 # Battle.net bnet=6112 # Ssh ssh_ext=443 ### Stateful Tracking Options (STO) ### ExtIfSTO =(max 9000, source-track rule, max-src-conn 2000, max-src-nodes 254) IntIfSTO =(max 250, source-track rule, max-src-conn 100, max-src-nodes 254, max-src-conn-rate 75/20) PostfxSTO =(max 100, source-track rule, max-src-states 5, max-src-nodes 30, max-src-conn-rate 10/300, overload BLACKLIST flush global, tcp.established 45) SpamdSTO =(max 500, source-track rule, max-src-conn 10, max-src-nodes 300, max-src-conn-rate 2/300, tcp.established 10) SshSTO=(max 10, source-track rule, max-src-conn 10, max-src-nodes
Re: Some apps kill/hang X when using scrotwm(1) as wm
On 19 August 2010 01:07, Nick Holland n...@holland-consulting.net wrote: On 08/18/10 14:02, Owain Ainsworth wrote: ... As a note, scotwm really needs it own mailing list, scrotwm bugs are not really topical for misc. and a graphic! don't forget a graphi... Here you go: http://i.imgur.com/Bns7H.png regards, --ropers
Re: Some apps kill/hang X when using scrotwm(1) as wm
Nick Holland wrote on Wed, Aug 18, 2010 at 07:07:14PM -0400: On 08/18/10 14:02, Owain Ainsworth wrote: As a note, scotwm really needs it own mailing list, and a graphic! don't forget a graphi...er..hmmm Maybe that wouldn't be such a good idea. Why? What's wrong with a graphic for scot-wm? I imagine something with a kilt, and a bagpipe, and some sheep. And a tartan background for the screen, perhaps...
Re: Some apps kill/hang X when using scrotwm(1) as wm
On Wed, Aug 18, 2010 at 5:18 PM, ropers rop...@gmail.com wrote: Here you go: http://i.imgur.com/Bns7H.png I lol'd.
Re: undeadly article
On Wed, Aug 18, 2010 at 11:42:11PM +, Jacob Meuser wrote: On Wed, Aug 18, 2010 at 04:39:30PM -0400, Tony Abernethy wrote: Personally, I liked the article. Small change in perspective changes an ordeal into an adventure. Jacob Meuser wrote: On Wed, Aug 18, 2010 at 04:28:57PM +0300, Mihai Popescu B.S. wrote: Hello, My post was not intended as a direct hit for the article. I told my opinion to misc@ because undeadly ask for subscription, no more anonymous coward post. Am I wrong ? I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. bullshit. sorry, but that is not true. Smart security will inevitably outsmart itself. Add respect to polite in the brew. He inspects you. You inspect him. You respect each other. Works better. sure. I am always very polite wih authority. there was never any disrespect put out by me. as I said, I *want* these people to do a good job. they've got good people, it's the things/ways they are/aren't taught that is the problem. I regularly get picked on by authority, but it's alwasy just been a pointless hassle. I'll never forget the time a cop stopped me in my own neighborhood, in the rain, for walking against a signal, when his car was the only moving vehicle within a half mile. the best part was when he dropped his papers in a puddle. If you start playing, they will answer accordingly, not because you look like a suspect, it is more like an answer. the only playing was their own game. after all, it is they who choose to start the games. If they are wasting your time they will keep it up. If you are wasting their time they will drop you in a hurry. The best tactic is when you are obviously suppressing a laugh. well, they held us there, for nothing but having more than one laptop and looking like a poor hippie. I didn't care, I figured it was all going to happen anyway. but maybe while they were busy with us, they were letting some slick and polite well dressed one laptop carrying creep go who they should have looked at closer? who knows. That would have been me. Enjoy the contraband chili boys. Have fun ! (but not in sensible areas). but see, if authority can't take that you're laughing because their questions and assumptions *really are* ridiculous ... the lady in the office where jcr was held when we met him was in charge of the place. and it's clear why she was in charge. she was sharp and no-nonsense. of course, you want such people in charge of such places. even after we got out of that office I still had to deal with another person who inspected my bags. with this uy though, I shared a good laugh, even though he was pretty thorough. Watch how a person laughs. Even more a window into the soul than the eyes. Customs tends to be sharper than security. They probably do have a sense of humor, but it is never shared with outsiders. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: PF 'traceroute -I host' 'tracert host' problem
This has been fixed 4.8 On Thu, Aug 19, 2010 at 03:08:23AM +0300, ?? ?? wrote: Hi I move from 4.6 to 4.7, rewrite my pf.conf rules to match new style. Everything works fine, but when I try to traceroute a host with -I flag (force to use icmp) on my obsd fw I got Request time out on all hops exclude the last one, which I was my target to traceroute. Here is an example: [ns]~$ traceroute -I data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 web.data.bg (195.149.248.130) 0.740 ms 0.707 ms 0.733 ms As you can see only the last hop is present. Example without -I flag (using udp); [ns]~$ traceroute data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 40 byte packets 1 gw.tbc.bg (94.26.7.33) 0.591 ms 0.462 ms 0.443 ms 2 peer.tbc.bg (94.26.50.2) 0.961 ms 1.317 ms 1.965 ms 3 85.91.141.65 (85.91.141.65) 0.866 ms 0.905 ms 1.93 ms 4 web.data.bg (195.149.248.130) 0.847 ms 0.732 ms 0.712 ms When I use 'tracert host' on MS Windows box behind my obsd fw, I got a same behavior C:\Users\Administratortracert data.bg Tracing route to data.bg [195.149.248.130] over a maximum of 30 hops: 11 ms1 ms1 ms ns.bsdbg.net [192.168.1.1] 2 *** Request timed out. 3 *** Request timed out. 4 *** Request timed out. 51 ms 1 ms 1 ms web.data.bg [195.149.248.130] Trace complete. Here first hop is my obsd fw. I use tcpdump to see what actually happens: [ns]~# tcpdump -nettti pflog0 host vlado and icmp tcpdump: listening on pflog0, link-type PFLOG Aug 19 02:29:32.165656 rule 85/(match) pass in on em1: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168104 rule 120/(match) pass out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168117 rule 17/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168128 rule 16/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168593 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:33.168613 rule 14/(match) block out on em1: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:36.960715 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:40.960831 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:44.962196 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:48.961438 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:52.961678 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:56.960795 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:00.960785 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:05.002249 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:08.960640 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.961639 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.962888 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply When I turn off pf (pfctl -d) 'traceroute -I' work as it should. I really don't know what happen. Thanks in advance, Atanas Here is my pf.conf ## pf.conf ## Macros ## ### Interfaces ### ExtIf =em0 IntIf =em1 ### Hosts ### vl=192.168.1.2 jl=192.168.1.3 ve=192.168.1.4 ntp=192.168.1.5 ### Queues, States and Types ### IcmpType =icmp-type 8 code 0 SynState =flags S/SAFR synproxy state TcpState =flags S/SAFR modulate state UdpState =keep state ### Ports ### # Squid squid=2020 # Remote Desktop Connection rdc_int=3389 rdc_ext=4000 # Skype vl_skype=30001 jl_skype=30002 ve_skype=30003 # uTorrent vl_torrent=30004 jl_torrent=30005 ve_torrent=30006 urange=30004:30006 # HFS vl_hfs=8080 # VsFTP ftprange=55000:6 FtpPort =8021 # Symux symux=2100 # Battle.net bnet=6112 # Ssh ssh_ext=443 ### Stateful Tracking Options (STO) ### ExtIfSTO =(max 9000, source-track rule, max-src-conn 2000, max-src-nodes 254) IntIfSTO =(max 250, source-track rule, max-src-conn 100, max-src-nodes 254, max-src-conn-rate 75/20) PostfxSTO =(max 100, source-track rule, max-src-states 5, max-src-nodes 30, max-src-conn-rate 10/300, overload
Re: Some apps kill/hang X when using scrotwm(1) as wm
On Wed, Aug 18, 2010 at 8:18 PM, ropers rop...@gmail.com wrote: On 19 August 2010 01:07, Nick Holland n...@holland-consulting.net wrote: On 08/18/10 14:02, Owain Ainsworth wrote: ... As a note, scotwm really needs it own mailing list, scrotwm bugs are not really topical for misc. and a graphic! don't forget a graphi... Here you go: http://i.imgur.com/Bns7H.png nd I now have coffee all over my laptop. many thanks for that.
KDM Login and fbtab device permissions
Hello: For a while now I have wanted to use the KDM login screen. However the problem I'm facing is that KDM doesn't use fbtab by default like login does. I want KDM to set device permissions, but for the life of me in all my research I can't find any information about how to configure kdm to do that. If this is not possible then I can deal with that, but if it is possible, can someone at least please point me to the right documentation or just outright tell me how to do it. I don't mind reading any material, as I do enjoy learning about OpenBSD. I just want to stop running around in circles on this. DMESG as follows: OpenBSD 4.7 (GENERIC) #112: Wed Mar 17 20:43:49 MDT 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1072627712 (1022MB) avail mem = 1032663040 (984MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0100 (38 entries) bios0: vendor Award Software International, Inc. version F18 date 03/30/2006 bios0: Gigabyte Technology Co., Ltd. nForce acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpi0: wakeup devices HUB0(S5) HUB1(S4) USB0(S3) USB1(S3) USB2(S3) F139(S3) MMAC(S5) MMCI(S5) UAR1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 Processor 3000+, 2010.02 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 200MHz ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (HUB0) acpiprt2 at acpi0: bus 1 (AGPB) acpiprt3 at acpi0: bus -1 (HUB1) acpicpu0 at acpi0: PSS acpipwrres0 at acpi0: ISAV acpibtn0 at acpi0: PWRB cpu0: Cool'n'Quiet K8 2010 MHz: speeds: 2000 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 NVIDIA nForce3 250 PCI Host rev 0xa1 agp at pchb0 not configured pcib0 at pci0 dev 1 function 0 NVIDIA nForce3 250 ISA rev 0xa2 nviic0 at pci0 dev 1 function 1 NVIDIA nForce3 250 SMBus rev 0xa1 iic0 at nviic0 spdmem0 at iic0 addr 0x50: 1GB DDR SDRAM non-parity PC3200CL3.0 iic1 at nviic0 ohci0 at pci0 dev 2 function 0 NVIDIA nForce3 250 USB rev 0xa1: apic 2 int 20 (irq 5), version 1.0, legacy support ohci1 at pci0 dev 2 function 1 NVIDIA nForce3 250 USB rev 0xa1: apic 2 int 20 (irq 5), version 1.0, legacy support ehci0 at pci0 dev 2 function 2 NVIDIA nForce3 250 USB rev 0xa2: apic 2 int 20 (irq 5) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1 nfe0 at pci0 dev 5 function 0 NVIDIA nForce3 LAN rev 0xa2: apic 2 int 20 (irq 10), address 00:14:85:f4:a2:4b icsphy0 at nfe0 phy 1: ICS1893 10/100 PHY, rev. 1 auich0 at pci0 dev 6 function 0 NVIDIA nForce3 250 AC97 rev 0xa1: apic 2 int 20 (irq 9), nForce3 AC97 ac97: codec id 0x414c4790 (Avance Logic ALC850 rev 0) audio0 at auich0 pciide0 at pci0 dev 8 function 0 NVIDIA nForce3 250 IDE rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST3300831A wd0: 16-sector PIO, LBA48, 286167MB, 586070255 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: PHILIPS, DVD+-RW DVD8701, 5D24 ATAPI 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 atapiscsi1 at pciide0 channel 1 drive 1 scsibus1 at atapiscsi1: 2 targets sd0 at scsibus1 targ 0 lun 0: IOMEGA, ZIP 250, 51.G ATAPI 0/direct removable sd0: drive offline sd0(pciide0:1:1): using PIO mode 3 pciide1 at pci0 dev 10 function 0 NVIDIA nForce3 250 SATA rev 0xa2: DMA pciide1: using apic 2 int 20 (irq 11) for native-PCI interrupt ppb0 at pci0 dev 11 function 0 NVIDIA nForce3 250 AGP rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce 7600 GS rev 0xa2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 14 function 0 NVIDIA nForce3 250 PCI-PCI rev 0xa2 pci2 at ppb1 bus 2 Creative Labs SoundBlaster Audigy LS rev 0x00 at pci2 dev 9 function 0 not configured ESS ES2898 Modem rev 0x02 at pci2 dev 10 function 0 not configured pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
Información sobre servicios Web
Buenas tardes, Le saludamos cordialmente y por medio de este correo ponemos a su disposicisn nuestros servicios de Webhosting y Soluciones Web. Entre las ventajas que ofrecemos a nuestros clientes estan las siguientes: -99.9% de reduccisn de SPAM -Plataforma robusta en C.R. -Seguridad en las transacciones -Sitios Web administrables -Sistemas de comercio electrsnico certificados por los principales bancos de C.R. -Soporte y respaldo de una empresa con 10 aqos en el mercado y mas de 400 clientes en centroamirica. Saludos cordiales Para mas informacisn, escrmbanos a ven...@procom.co.cr PROCOM Tech Group 25240052 ven...@procom.co.cr www.procom.co.cr [IMAGE]