Re: mail server on rental server ,cannot send mail
On 2015-06-23 Tue 20:04 PM |, Edgar Pettijohn wrote: The first thing the postfix guys will tell you is to try without chroot. Well before that, they'll ask for log extracts output from 'postconf -n' + 'postconf -Mf'. http://www.postfix.org/DEBUG_README.html#mail
Re: Question about PHP safe mode
Hey Guys, thanks for the response Am 23.06.2015 um 11:56 schrieb Heiko Zimmermann: Markus, are you kidding? http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-50739/PHP-PHP-5.2.5.html Im aware that php isn't a thing you want to use in a 5.2.4 but we don't have customers who are using php scripts anyway for now. Just one customer asked if we could switch off the safe_mode. And OpenBSD 4.2 is released Nov 1, 2007. You dont think it is important to upgrade? Sure it is, if you grand me 35h/day I will upgrade it right now ... Best Regards, Heiko Am 23.06.2015 um 11:44 schrieb Markus Rosjat: Hi there, just a short question... I have quiet old 4.2 OpenBSD with a 5.2.4 PHP version. The safe_mode is on, a Costumer wants to have it off. Is there any security risk to it or do I need to check something on the system level to disable it but still have my environement secured ? regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Question about PHP safe mode
On 2015-06-24, Markus Rosjat ros...@ghweb.de wrote: And OpenBSD 4.2 is released Nov 1, 2007. You dont think it is important to upgrade? Sure it is, if you grand me 35h/day I will upgrade it right now ... If you don't have time to upgrade, you surely don't have time to investigate a security breach.
mail server on rental server ,cannot recieve mail
Hi,all.
reciprocally i can send mail , but i can not recieve mail with sylpheed .
all that i do is the next.
1) /usr/local/sbin/dovecot-mkcert.sh
2)/etc/postfix/main.cf
-
myhostname = abc.vs.sakura.ne.jp
mydomain = vs.sakura.ne.jp
myorigin = $myhostname
mydestination = $myhostname localhost.$myhostname
inet_interfaces = all
home_mailbox = Maildir/
mynetworks = 127.0.0.0/8
relay_domains = $mydestination
relayhost =
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/postfix
mail_owner = _postfix
inet_protocols = all
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/sbin/newaliases
mailq_path = /usr/local/sbin/mailq
setgid_group = _postdrop
html_directory = /usr/local/share/doc/postfix/html
manpage_directory = /usr/local/mansample_directory = /etc/postfix
readme_directory = /usr/local/share/doc/postfix/readme
3)/etc/postfix/master.cf
---
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
pickupunix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - - 300 1 qmgr
tlsmgrunix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounceunix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verifyunix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scacheunix - - - - 1 scache
4) dovecot.conf
--
protocols = imap
listen = *
dict {
}
!include conf.d/*.conf
!include_try local.conf
5)10-auth.conf
auth_mechanisms = plain login
disable_plaintext_auth = no
!include auth-system.conf.ext
6)10-mail.conf
--
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
}
mmap_disable = yes
first_valid_uid = 1000
mail_plugin_dir = /usr/local/lib/dovecot
mbox_write_locks = fcntl
7) 10-ssl.conf
ssl = no
ssl_cert = /etc/ssl/dovecotcert.pem
ssl_key = /etc/ssl/private/dovecot.pem
8)pf.conf
---
ext_if=vio0
tcp_services={ 22, 80, 143, 587 }
icmp_types=echoreq
set block-policy return
set loginterface $ext_if
set skip on lo
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo }
pass in on $ext_if inet proto tcp from any to ( $ext_if:0 ) port
$tcp_services
pass in inet proto icmp all icmp-type $icmp_types
9)and then
/etc/rc.d/postfix restart
/etc/rc.d/dovecot restart
10)sylpheed
smtp 587
imap 143
but i can send mail , but cannot recieve mail. A)# netstat -a | grep -w
LISTEN is next
tcp 0 0 *.ssh *.*LISTEN
tcp 0 0 *.submissi *.*LISTEN
tcp 0 0 *.imaps*.*LISTEN
tcp 0 0 *.imap *.*LISTEN
tcp 0 0 *.smtp *.*LISTEN
tcp6 0 0 *.smtp *.*LISTEN
tcp6 0 0 *.submissi *.*LISTEN
tcp6 0 0 *.ssh *.*LISTEN
it seems OK.
B)as homework
# postconf -n
command_directory = /usr/local/sbin
config_directory = /etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id sleep 5
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mail_owner = _postfix
pf nat and routing question
Hi, my setup is actually more complicated, but for purpose of this mail I am going to try and keep it simple. My firewall redirects requests to some service from the Internet to server on private network: pass in on $ext_if inet proto tcp from any to $srv-pub port $service rdr-to $srv-priv Internet hosts can access service without problem via its public IP address. Clients on internal network can access service without problem via its private IP address. Now, I have some clients on internal network who are forbidden communication with private address space, so they need to access service via its public IP address. Unfortunately this does not work. Hopefully someone already had this problem and will be able to point me in the right direction. Regards, -- Marko Cupać https://www.mimar.rs/
Re: pf nat and routing question
The solution seem his explain on this link http://www.openbsd.org/faq/pf/rdr.html#reflect Message d'origine De: Marko Cupać Envoyé: mercredi 24 juin 2015 07:21 À: misc@openbsd.org Objet: pf nat and routing question Hi, my setup is actually more complicated, but for purpose of this mail I am going to try and keep it simple. My firewall redirects requests to some service from the Internet to server on private network: pass in on $ext_if inet proto tcp from any to $srv-pub port $service rdr-to $srv-priv Internet hosts can access service without problem via its public IP address. Clients on internal network can access service without problem via its private IP address. Now, I have some clients on internal network who are forbidden communication with private address space, so they need to access service via its public IP address. Unfortunately this does not work. Hopefully someone already had this problem and will be able to point me in the right direction. Regards, -- Marko Cupać https://www.mimar.rs/
Re: panic during boot of 5.7 in de(4) running in Hyper-V
On Tue, Jun 23, 2015 at 09:08:25PM -0600, Theo de Raadt wrote: -bcopy(sc-tulip_setupdata, sc-tulip_setupbuf, - sizeof(sc-tulip_setupbuf)); +bcopy(sc-tulip_setupdata, sc-tulip_setupbuf, TULIP_SETUP); +sc-tulip_setupbuf = dma_alloc(TULIP_SETUP, PR_WAITOK); +sc-tulip_setupdata = malloc(TULIP_SETUP, M_DEVBUF, M_WAITOK); -u_int32_t tulip_setupbuf[192/sizeof(u_int32_t)]; -u_int32_t tulip_setupdata[192/sizeof(u_int32_t)]; +#define TULIP_SETUP (192 / sizeof(u_int32_t)) FWIW, change that to: +#define TULIP_SETUP192 +u_int32_t *tulip_setupbuf; +u_int32_t *tulip_setupdata;
Re: mail server on rental server ,cannot recieve mail
On 06/24/15 15:00, Tuyosi Takesima wrote: thanks for skinner , i now understand the difficulty of dovecot . it is the area of speciallist. so i return to pop3d. about 5 years ago , i can mail server with it . then # pkg_add pop3d The following new rcscripts were installed: /etc/rc.d/pop3d but # /usr/local/sbin/pop3d -d pop3d ready; type:mbox, path:/var/mail/%u fatal: ssl_load_file: Unable to load /etc/ssl/server.crt: No such file or directory Lost pop3 engine pop3d exiting how to make /etc/ssl/server.crt ? about 5 years ago , perhaps /etc/ssl/server.crt is not nesessary. Stolen from smtpd.conf(5) # openssl genrsa -out /etc/ssl/private/mail.example.com.key 4096 # openssl req -new -x509 -key /etc/ssl/private/mail.example.com.key \ -out /etc/ssl/mail.example.com.crt -days 365 # chmod 600 /etc/ssl/mail.example.com.crt # chmod 600 /etc/ssl/private/mail.example.com.key I also saw on the previous email that your pf.conf did not allow traffic on port 25 which is probably not good for a mail server. sylpheed says. --- (sylpheed:4523): LibSylph-WARNING **: sock_read: received EOF (sylpheed:4523): GLib-CRITICAL **: Source ID 14156 was not found when attempting to remove it (sylpheed:4523): LibSylph-WARNING **: [04:28:31] shutdown by remote host.(リモートホストã�«ã‚ˆã�£ã�¦æŽ¥ç¶šã‚’切æ–ã�•ã‚Œã�¾ã�—ã�Ÿã€‚) = regards
Re: beaglebone rj45 cape
On 25/06/15 00:18 +0200, Martijn van Duren wrote: Hello misc@, I'm currently looking into a managed switch for my home and I would like to achieve this with OpenBSD's bridge(4) option and pf. The throughput shouldn't be too high (at most some video streaming to my tv and generic websurfing) and preferably with low power usage. I found the following board which at first glance seems to do exactly what I need [1]. What I would like to know if there's a good chance (or even a guarantee) that it would work with OpenBSD, before I spend my hard earned money on it. If it is expected not to work, would there be an alternative (12 ports plus would be preferred) that would work? Sincerely, Martijn van Duren [1] http://rgb-123.com/product/beaglebone-black-rj45-cape/ It appears that this device is for controlling LEDs, and speaks RS-485. From my quick read it doesn't appear to know anything about ethernet. richo
beaglebone rj45 cape
Hello misc@, I'm currently looking into a managed switch for my home and I would like to achieve this with OpenBSD's bridge(4) option and pf. The throughput shouldn't be too high (at most some video streaming to my tv and generic websurfing) and preferably with low power usage. I found the following board which at first glance seems to do exactly what I need [1]. What I would like to know if there's a good chance (or even a guarantee) that it would work with OpenBSD, before I spend my hard earned money on it. If it is expected not to work, would there be an alternative (12 ports plus would be preferred) that would work? Sincerely, Martijn van Duren [1] http://rgb-123.com/product/beaglebone-black-rj45-cape/
Re: I found a sort bug! - How to sort big files?
On Mar 16 11:36:08, o...@drijf.net wrote: On Mon, Mar 16, 2015 at 10:20:07AM +, Stuart Henderson wrote: On 2015-03-15, Todd C. Miller todd.mil...@courtesan.com wrote: On Sat, 14 Mar 2015 12:29:21 -, Stuart Henderson wrote: I think the consensus was to try and replace it with another version but not sure what happened. I have a port of the FreeBSD sort but it is slower than our current sort (and slower than GNU sort). Personally I think that is a reasonable trade-off for more actively developed code, and when I tried it on some difficult files it coped better than our current sort (not that this small sample means much in terms of ability to handle every difficult file). Current sort(1) is unmaintanable in many ways. I say switch. Incidentally, reading up on UNIX history, I came across this: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6771921
Re: NetBSD has now support for USB on EdgeRouter Lite
lausg...@gmail.com: Bruno Bigras-2 wrote: 2015-06-18 2:00 GMT-04:00 lausgans: Ah, just still not compiled in: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/octeon/conf/GENERIC.diff? r1=1.17r2=1.18f=h I'm looking forward for this. Is it ready to be tested or should I wait? Could you guys please add usb* at dwctwo? to the snapshots kernels for octeon? So we could actually use it or at least test. Thanks. # cd /sys/arch/octeon/compile/GENERIC; make ... In file included from ../../../../dev/usb/dwc2/dwc2.c:66: ../../../../dev/usb/dwc2/dwc2.h:42:37: error: dev/usb/dwc2/linux/list.h: No such file or directory ... Do you keep dev/usb/dwc2/linux/* in private tree or something? :)
Re: Fwd: Re: Q: Assistance with pf.conf rules
On 06/24/15 18:41, John Nyhuis wrote:
Thanks for the advice...
I think I have discovered the problem...
bond0 is a virtual interface that consists of two LACP bonded NICs.
All rules targeting the bond0 interface are ignored by pf, (I have no
idea why), and only rules targeting the physical NICs that are members
of bond0 get applied...
...so
What does /etc/hostname.bond0 contain?
man_if=bond0 #our Management vNIC is bond0 (bond bnx0, bnx1)
pass quick on $man_if all keep state
...fails without error and is not listed with a pfctl -vf /etc/pf.conf
pass quick on { bnx0, bnx1 } all keep state
...actually loads rules, as seen by pfctl -vf /etc/pf.conf
Any idea why this is the case? Is this a bug in pf? I can't think of
a reason why this strangeness would be by design...
I think I can just work around this by creating a table and changing
my rule:
table fw { bnx0, bnx1 }
pass quick on fw all keep state
ideas or comments? Anyone have a better way?
Thanks,
John Nyhuis
IT Manager, Stam Lab
2211 Elliott Avenue
6th Floor, 6S139
Seattle, WA 98121
O: (206)-267-1097 ext 220
F: (206)-441-3033
Forwarded Message
Subject: Re: Q: Assistance with pf.conf rules
Date: Mon, 22 Jun 2015 18:42:25 -0500
From: Edgar Pettijohn ed...@pettijohn-web.com
To: John Nyhuis jnyh...@uw.edu
I am by no means an expert, but using
# pfctl -vf /etc/pf.conf
will show you how the rules are loaded and may help you spot the error.
I know it has helped me before.
On 06/18/15 19:33, John Nyhuis wrote:
I am building and OpenBSD 5.7 +pf +pfsync +stp bridging firewall.
It's 90% working great, but I have a mistake in my pf.conf, and I've
been staring at it for days, and have not spotted my error.
Would anyone be willing to review my rules and point out my mistake?
---ix0 - ix1 --
| world |-| pf bridge |--| switch |
--- - --
\/
\ /
$man_if
ix0 connects from the WAN and is filtered and bridged to ix1, which is
connected to the LAN switch
bond0 = $man_if (bnx0 + bnx1) is connected from the management
interface on the bridge to the switch
My problem: ssh connections from the world to the management
interface of the bridge are being blocked. ssh connections from the
world to the switch are not, implying that my mistake is in my
management interface rule block.
cat /etc/pf.conf
##JN general rules that apply to all interfaces and this specific server
set skip on lo #ignore local interface
man_if=bond0 #our Management vNIC is bond0 (bond: bnx0, bnx1)
br=ix0# This is a bridge, so only filter on one
bridge interface
int_if=ix1#internal interface of bridge
#set block-policy drop #drop packets rather then send
rejections.
set block-policy return #means we refuse packets, sending back a
response
match in all scrub (no-df) #means we reassemble all incoming
packets to fix any overflows, etc.
block in log on $br all #Default deny all in, exceptions must
be listed below
pass out on $br all #We trust ourselves, don't block
outgoing
pass in quick on $int_if all#don't filter on internal interface,
only external
pass out quick on $int_if all #don't filter on internal interface,
only external
pass quick on pfsync0 proto pfsync keep state #Allow pfsync to sync
firewall states
#ICMP: allow ping from any network -JN
pass in on $br inet proto icmp from any icmp-type echoreq
#SSH: ssh ports protected from brute force by fail2ban, allow ssh into
DMZ by default
pass in on any proto tcp from any to any port 22 keep state
pass out on any proto tcp from any to any port 22 keep state
##JN Rules for Firewalls
table fw { 140.142.217.141, 140.142.217.140 } #JN Lister and Rimmer
pass out quick on $man_if all keep state#We trust ourselves
##SSH: allow in from world, should be redundant, but SSH is being
blocked -JN
pass in on $man_if proto tcp from any to fw port 22 keep state
##Block brute force attacks
table bruteforce persist
block quick log from bruteforce
pass log on $man_if inet proto tcp from any to any port ssh flags S/SA
keep state (max-src-conn 100, \
max-src-conn-rate 15/5, overload bruteforce flush global)
##JN Rules for Switch 140.142.217.135, the DMZ switch
table sw135 { 140.142.217.135 }
#pass out on $br proto { tcp, udp, icmp } from sw135 to any keep
state
##SSH: allow in from world, already allowed by default -JN
#pass in on $br proto tcp from any to sw135 port 22 keep state
##Hacker IP Addresses [LEAVE THIS RULE LAST]
table bad { 202.131.227.252, 220.231.54.232, 200.118.119.48 }
#addresses of known hackers
block drop in log quick on $br from bad to any
If anyone could point out why I can ssh into the LAN, but get blocked
by sshing to the management interface of the firewall, you have my
gratitude.
Re: Any books about OpenBSD ARM programming?
On 06/24/2015 11:26 AM, Piotr Kubaj wrote: Hi all, I'm mainly a FreeBSD user but want to learn OpenBSD. I'm also interested in basic electronics, like programming own thermometer. That's why I want to install OpenBSD on my BeagleBone Black and write some simple programs using I/O pins. Are there any tutorials on this? I have found some books about FreeBSD kernel programming, but none for OpenBSD. Thanks for your help. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] For programming I/O pins there is probably a driver already written. User processes could do what you want. If you want to write a parallel pin driver, a general familiarity with kernel concepts is probably enough. Then copy something like the lpt driver. The McKusick books are a reasonable introduction to the kernel as it was some decades ago. The concepts haven't changed. The System V book also. General familiarity with concepts like address spaces, interrupts, process contexts, memory management, etc. helps a lot. Once you have that basis reading the man pages and the code is a lot easier. FreeBSD and OpenBSD have diverged but not so far as to make the conceptual bases incompatible. Linux went its own way from the beginning and it isn't close to BSD. Geoff Steckel
Fwd: Re: Q: Assistance with pf.conf rules
Thanks for the advice...
I think I have discovered the problem...
bond0 is a virtual interface that consists of two LACP bonded NICs.
All rules targeting the bond0 interface are ignored by pf, (I have no idea why), and only rules targeting the physical NICs that are members of
bond0 get applied...
...so
man_if=bond0 #our Management vNIC is bond0 (bond bnx0, bnx1)
pass quick on $man_if all keep state
...fails without error and is not listed with a pfctl -vf /etc/pf.conf
pass quick on { bnx0, bnx1 } all keep state
...actually loads rules, as seen by pfctl -vf /etc/pf.conf
Any idea why this is the case? Is this a bug in pf? I can't think of a reason
why this strangeness would be by design...
I think I can just work around this by creating a table and changing my rule:
table fw { bnx0, bnx1 }
pass quick on fw all keep state
ideas or comments? Anyone have a better way?
Thanks,
John Nyhuis
IT Manager, Stam Lab
2211 Elliott Avenue
6th Floor, 6S139
Seattle, WA 98121
O: (206)-267-1097 ext 220
F: (206)-441-3033
Forwarded Message
Subject: Re: Q: Assistance with pf.conf rules
Date: Mon, 22 Jun 2015 18:42:25 -0500
From: Edgar Pettijohn ed...@pettijohn-web.com
To: John Nyhuis jnyh...@uw.edu
I am by no means an expert, but using
# pfctl -vf /etc/pf.conf
will show you how the rules are loaded and may help you spot the error.
I know it has helped me before.
On 06/18/15 19:33, John Nyhuis wrote:
I am building and OpenBSD 5.7 +pf +pfsync +stp bridging firewall.
It's 90% working great, but I have a mistake in my pf.conf, and I've
been staring at it for days, and have not spotted my error.
Would anyone be willing to review my rules and point out my mistake?
---ix0 - ix1 --
| world |-| pf bridge |--| switch |
--- - --
\/
\ /
$man_if
ix0 connects from the WAN and is filtered and bridged to ix1, which is
connected to the LAN switch
bond0 = $man_if (bnx0 + bnx1) is connected from the management
interface on the bridge to the switch
My problem: ssh connections from the world to the management
interface of the bridge are being blocked. ssh connections from the
world to the switch are not, implying that my mistake is in my
management interface rule block.
cat /etc/pf.conf
##JN general rules that apply to all interfaces and this specific server
set skip on lo #ignore local interface
man_if=bond0 #our Management vNIC is bond0 (bond: bnx0, bnx1)
br=ix0# This is a bridge, so only filter on one
bridge interface
int_if=ix1#internal interface of bridge
#set block-policy drop #drop packets rather then send
rejections.
set block-policy return #means we refuse packets, sending back a
response
match in all scrub (no-df) #means we reassemble all incoming
packets to fix any overflows, etc.
block in log on $br all #Default deny all in, exceptions must
be listed below
pass out on $br all #We trust ourselves, don't block outgoing
pass in quick on $int_if all#don't filter on internal interface,
only external
pass out quick on $int_if all #don't filter on internal interface,
only external
pass quick on pfsync0 proto pfsync keep state #Allow pfsync to sync
firewall states
#ICMP: allow ping from any network -JN
pass in on $br inet proto icmp from any icmp-type echoreq
#SSH: ssh ports protected from brute force by fail2ban, allow ssh into
DMZ by default
pass in on any proto tcp from any to any port 22 keep state
pass out on any proto tcp from any to any port 22 keep state
##JN Rules for Firewalls
table fw { 140.142.217.141, 140.142.217.140 } #JN Lister and Rimmer
pass out quick on $man_if all keep state#We trust ourselves
##SSH: allow in from world, should be redundant, but SSH is being
blocked -JN
pass in on $man_if proto tcp from any to fw port 22 keep state
##Block brute force attacks
table bruteforce persist
block quick log from bruteforce
pass log on $man_if inet proto tcp from any to any port ssh flags S/SA
keep state (max-src-conn 100, \
max-src-conn-rate 15/5, overload bruteforce flush global)
##JN Rules for Switch 140.142.217.135, the DMZ switch
table sw135 { 140.142.217.135 }
#pass out on $br proto { tcp, udp, icmp } from sw135 to any keep state
##SSH: allow in from world, already allowed by default -JN
#pass in on $br proto tcp from any to sw135 port 22 keep state
##Hacker IP Addresses [LEAVE THIS RULE LAST]
table bad { 202.131.227.252, 220.231.54.232, 200.118.119.48 }
#addresses of known hackers
block drop in log quick on $br from bad to any
If anyone could point out why I can ssh into the LAN, but get blocked
by sshing to the management interface of the firewall, you have my
gratitude.
Issue with OpenBGPD
Hi, I'm adding a static route to the OpenBGPD process. The route is distributed correctly. But when I delete the route, OpenBGPD still distribute it, even it is no longer in the routing (netstat -rn4) I have to restart the OpenBGPD process to delete the route. I'm using pfsense 2.2.2 (FreeBSD release 10.1) Is there any way to force OpenBGPD to delete the routes without restart? Thanks!
Any books about OpenBSD ARM programming?
Hi all, I'm mainly a FreeBSD user but want to learn OpenBSD. I'm also interested in basic electronics, like programming own thermometer. That's why I want to install OpenBSD on my BeagleBone Black and write some simple programs using I/O pins. Are there any tutorials on this? I have found some books about FreeBSD kernel programming, but none for OpenBSD. Thanks for your help. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: nsd configuration problem
On Jun 24, 2015, at 10:02 AM, Graham Stephens gra...@thestephensdomain.com wrote: I've tried to set up nsd on 5.7 x64 and it's not working as it should, but I'm lost as to where to look to correct the issue. I was hoping for some pointers. :) (possible) Symptoms: Starting nsd causes three processes to start - is this normal? This is normal. If I use nslookup blahname 127.0.0.1 from the local host, I get a response as expected. The nslookup tool is not a good option for debugging DNS, see for example http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html If you can repeat the tests with dig(1), as in dig @127.0.0.1 example.com, that would make it easier for me to follow. Just using nslookup blahname gives as error of: ;; Got recursion not available from 127.0.0.1, trying next server. Getting recursion not available sounds correct if you are querying NSD. since it is an authoritative only server, it should not allow recursive queries. This should still give you a result for a domain owned by NSD though (without the ra (recursion available) bit set. Please try this with dig(1) instead of nslookup and report the results. From another machine on the lan, using nslookup blahname returns: Server: blahname2.domain.com Address: 10.0.2.1 *** blahname2.domain.com can't find blahname: Query refused The main reason I would expect a REFUSED response from NSD would be if you queried it for a domain name that it was not authoritative for. Again, please show the results of dig(1) (including the commandline used). -- Patrik Lundin
Vancouver BSD
I started a BUG in Vancouver, have already had several meetings. There is a VanBUG mailing list for discussion and meeting announcements http://vancouvercommunity.net/lists/info/van-bug The domain www.vanbug.ca currently forwards to Meetup page for announcements of next meeting.
Re: mail server on rental server ,cannot recieve mail
On 2015-06-24 Wed 20:43 PM |, Tuyosi Takesima wrote:
C)
# cat /var/log/maillog
Jun 24 20:00:01 abc newsyslog[2762]: logfile turned over
Jun 24 20:01:38 abc postfix/anvil[6614]: statistics: max connection rate
1/60s for (submission:1.2.3.4) at Jun 24 19:58:17
Jun 24 20:01:38 abc postfix/anvil[6614]: statistics: max connection count 1
for (submission:1.2.3.4) at Jun 24 19:58:17
Jun 24 20:01:38 abc postfix/anvil[6614]: statistics: max cache size 1 at Jun
24 19:58:17
it doses not tell about dovecot.
Hi Tuyosi,
The first thing to do is to get dovecot logging.
There should be dovecot start messages like this in /var/log/maillog:
Jun 24 04:15:45 teak dovecot: master: Dovecot v2.2.10 starting up for imap, lmtp
Unless:
1) /etc/syslog.conf has a dovecot entry to log to another file.
2) /etc/dovecot/conf.d/10-logging.conf has been changed.
Set verbose logging in here.
To start dovecot in the foreground with rc debugging;-
stop it, then add dovecot_flags='-F' to /etc/rc.conf.local and
$ sudo /etc/rc.d/dovecot -d start
some thing is wrong.
but i cannot know it .
i am glad if someone show his settings about files of dovecot.
Check the ouput of 'doveconf -n' has something like:
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = _postfix
mode = 0660
user = _postfix
}
}
protocols = imap lmtp
See:
http://wiki2.dovecot.org/HowTo/PostfixDovecotLMTP
/usr/local/share/doc/postfix/html/SASL_README.html#server_dovecot_comm
/usr/local/share/doc/postfix/html/SASL_README.html#server_sasl_enable
/usr/local/share/doc/dovecot/wiki/HowTo.PostfixAndDovecotSASL.txt
When it is working, there will be lots of lmtp activity in
/var/log/maillog, from both dovecot postfix
Cheers.
--
Artistic ventures highlighted. Rob a museum.
Re: Any books about OpenBSD ARM programming?
On Thu, Jun 25, 2015 at 12:50 AM, Mike Burns mike+open...@mike-burns.com wrote: On 2015-06-24 19.18.42 +0200, Piotr Kubaj wrote: On 06/24/15 19:11, Michael McConville wrote: On Wed, Jun 24, 2015 at 05:26:10PM +0200, Piotr Kubaj wrote: I'm mainly a FreeBSD user but want to learn OpenBSD. I'm also interested in basic electronics, like programming own thermometer. That's why I want to install OpenBSD on my BeagleBone Black and write some simple programs using I/O pins. Are there any tutorials on this? I have found some books about FreeBSD kernel programming, but none for OpenBSD. Thanks for your help. http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black I doubt there's much of what you're looking for. The Design and Implementation of the OpenBSD Operating System doesn't exist, and there isn't (to my knowledge) much long-form writing about the OpenBSD kernel. I don't really have any kernel experience. I took interest in some basic electronics, but I'm a sysadmin, I want to do it only for fun. I know how to program, but didn't do anything related to kernel programming (neither on OpenBSD nor any other OS). But since I've wanted to learn OpenBSD for quite some time, I figured I would connect both (embedded device programming and OpenBSD). But if there are no sources to learn from (apart from source code), I guess I will stay with FreeBSD. I recommend these man pages: - intro(9) - boot(9) - autoconf(9) - config_attach(9) Thanks, those man pages seem like good starting points. The online man (man.cgi) for intro(9) is very short I suppose the other man pages in section 9 (kernel developer's manual) will have more details. Is there a way to see all of the pages in section 9 using man.cgi (or man)? Thanks Hrishi
Re: Any books about OpenBSD ARM programming?
On Thu, Jun 25, 2015 at 9:39 AM, Hrishikesh Muruk hris...@gmail.com wrote: Thanks, those man pages seem like good starting points. The online man (man.cgi) for intro(9) is very short I suppose the other man pages in section 9 (kernel developer's manual) will have more details. Is there a way to see all of the pages in section 9 using man.cgi (or man)? Thanks Hrishi I did tried this: A . in the search window with Search with apropos query selected and the section set to 9 http://goo.gl/qIxokF But it does not seem to get a complete list of pages in section 9
Re: nsd configuration problem
NSD (name server daemon) is for authoritative DNS - answering the question for internet users what is the IP address of my servers. You may want to use Unbound. It is a recursive DNS lookup that answers the question: what is the IP address of a server out on the internet that belongs to someone else. On Wed, Jun 24, 2015 at 2:06 PM, Graham Stephens gra...@thestephensdomain.com wrote: Hi, I was under the impression that unbound was like a proxy server for dns - I haven't got round to looking at that yet; my brain can only handle one task at a time :) I didn't think I needed it for local dns? --- On 24/06/2015 18:43, mxb wrote: Hey, this is a bit different from bind/named. nsd is a authoritative server ONLY. unbound is a caching server ONLY. I use those together on the same machine. nsd is handling all zones, unbound answers queries. nsd.conf: server: verbosity: 2 logfile: /var/nsd/logs/nsd.log hide-version: yes do-ip6: no port: 5353 ip-address: 127.0.0.1 zonefiles-write: 600 remote-control: control-enable: yes zone: name: homelan.com zonefile: homelan.com zone: name: 78.168.192.in-addr.arpa zonefile: revers.78 unbound.conf: server: # verbosity: 3 # logfile: /var/unbound/log/unbound.log interface: 127.0.0.1 interface: 192.168.78.124 port: 53 do-ip6: no do-udp: yes do-tcp: yes access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow access-control: 192.168.78.0/24 allow hide-identity: yes hide-version: yes harden-glue: yes harden-dnssec-stripped: yes cache-min-ttl: 3600 cache-max-ttl: 86400 prefetch: yes ## this one important to be able to query nsd do-not-query-localhost: no private-domain: homelan.com ## this one important to be able to query nsd local-zone: 78.168.192.in-addr.arpa. transparent remote-control: control-enable: yes ## forward to nsd forward-zone: name: homelan.com forward-addr: 127.0.0.1@5353 ## forward to nsd forward-zone: name: 78.168.192.in-addr.arpa forward-addr: 127.0.0.1@5353 ## forward to google forward-zone: name: . forward-addr: 8.8.8.8 Hope this helps. //mxb On 2015-06-24 19:02, Graham Stephens wrote: I've tried to set up nsd on 5.7 x64 and it's not working as it should, but I'm lost as to where to look to correct the issue. I was hoping for some pointers. :) (possible) Symptoms: Starting nsd causes three processes to start - is this normal? If I use nslookup blahname 127.0.0.1 from the local host, I get a response as expected. Just using nslookup blahname gives as error of: ;; Got recursion not available from 127.0.0.1, trying next server. From another machine on the lan, using nslookup blahname returns: Server: blahname2.domain.com Address: 10.0.2.1 *** blahname2.domain.com can't find blahname: Query refused Any ideas what the issue(s) might be?
Re: Any books about OpenBSD ARM programming?
On Wed, Jun 24, 2015 at 05:26:10PM +0200, Piotr Kubaj wrote: Hi all, I'm mainly a FreeBSD user but want to learn OpenBSD. I'm also interested in basic electronics, like programming own thermometer. That's why I want to install OpenBSD on my BeagleBone Black and write some simple programs using I/O pins. Are there any tutorials on this? I have found some books about FreeBSD kernel programming, but none for OpenBSD. Thanks for your help. http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black I doubt there's much of what you're looking for. The Design and Implementation of the OpenBSD Operating System doesn't exist, and there isn't (to my knowledge) much long-form writing about the OpenBSD kernel. That said, the code is engineered to be easy to understand and modify if you understand the core concepts, so much of your FreeBSD and general kernel experience will probably translate. I'm pretty new to this, so I might have missed something.
Re: Any books about OpenBSD ARM programming?
On 06/24/15 19:11, Michael McConville wrote: On Wed, Jun 24, 2015 at 05:26:10PM +0200, Piotr Kubaj wrote: Hi all, I'm mainly a FreeBSD user but want to learn OpenBSD. I'm also interested in basic electronics, like programming own thermometer. That's why I want to install OpenBSD on my BeagleBone Black and write some simple programs using I/O pins. Are there any tutorials on this? I have found some books about FreeBSD kernel programming, but none for OpenBSD. Thanks for your help. http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black I doubt there's much of what you're looking for. The Design and Implementation of the OpenBSD Operating System doesn't exist, and there isn't (to my knowledge) much long-form writing about the OpenBSD kernel. That said, the code is engineered to be easy to understand and modify if you understand the core concepts, so much of your FreeBSD and general kernel experience will probably translate. I'm pretty new to this, so I might have missed something. I don't really have any kernel experience. I took interest in some basic electronics, but I'm a sysadmin, I want to do it only for fun. I know how to program, but didn't do anything related to kernel programming (neither on OpenBSD nor any other OS). But since I've wanted to learn OpenBSD for quite some time, I figured I would connect both (embedded device programming and OpenBSD). But if there are no sources to learn from (apart from source code), I guess I will stay with FreeBSD. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Any books about OpenBSD ARM programming?
On 2015-06-24 19.18.42 +0200, Piotr Kubaj wrote: On 06/24/15 19:11, Michael McConville wrote: On Wed, Jun 24, 2015 at 05:26:10PM +0200, Piotr Kubaj wrote: I'm mainly a FreeBSD user but want to learn OpenBSD. I'm also interested in basic electronics, like programming own thermometer. That's why I want to install OpenBSD on my BeagleBone Black and write some simple programs using I/O pins. Are there any tutorials on this? I have found some books about FreeBSD kernel programming, but none for OpenBSD. Thanks for your help. http://www.tedunangst.com/flak/post/OpenBSD-on-BeagleBone-Black I doubt there's much of what you're looking for. The Design and Implementation of the OpenBSD Operating System doesn't exist, and there isn't (to my knowledge) much long-form writing about the OpenBSD kernel. I don't really have any kernel experience. I took interest in some basic electronics, but I'm a sysadmin, I want to do it only for fun. I know how to program, but didn't do anything related to kernel programming (neither on OpenBSD nor any other OS). But since I've wanted to learn OpenBSD for quite some time, I figured I would connect both (embedded device programming and OpenBSD). But if there are no sources to learn from (apart from source code), I guess I will stay with FreeBSD. I recommend these man pages: - intro(9) - boot(9) - autoconf(9) - config_attach(9) And then start reading from here: - /usr/src/sys/kern/init_main.c - look at main - /usr/src/sys/arch/arm/arm/autoconf.c - look at cpu_configure There is not, so far as I know, a tutorial for OpenBSD + ARM. -Mike (Oh, and style(9).)
Re: nsd configuration problem
On Wed, June 24, 2015 2:28 pm, Peter Pauly wrote: NSD (name server daemon) is for authoritative DNS - answering the question for internet users what is the IP address of my servers. You may want to use Unbound. It is a recursive DNS lookup that answers the question: what is the IP address of a server out on the internet that belongs to someone else. Unbound also has local-zone and will answer what is the IP address of a computer on my LAN. http://daemonforums.org/showthread.php?t=9170
Re: mail server on rental server ,cannot recieve mail
thanks for skinner , i now understand the difficulty of dovecot . it is the area of speciallist. so i return to pop3d. about 5 years ago , i can mail server with it . then # pkg_add pop3d The following new rcscripts were installed: /etc/rc.d/pop3d but # /usr/local/sbin/pop3d -d pop3d ready; type:mbox, path:/var/mail/%u fatal: ssl_load_file: Unable to load /etc/ssl/server.crt: No such file or directory Lost pop3 engine pop3d exiting how to make /etc/ssl/server.crt ? about 5 years ago , perhaps /etc/ssl/server.crt is not nesessary. sylpheed says. --- (sylpheed:4523): LibSylph-WARNING **: sock_read: received EOF (sylpheed:4523): GLib-CRITICAL **: Source ID 14156 was not found when attempting to remove it (sylpheed:4523): LibSylph-WARNING **: [04:28:31] shutdown by remote host.(ãªã¢ã¼ããã¹ãã«ãã£ã¦æ¥ç¶ãåæããã¾ããã) = regards
