Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Andy Bradford]

Thus said Gilles Chehade on Thu, 03 Mar 2016 22:48:57 +0100:

> > I don't see this as necessarily an argument for or against - vs +
> > 
> 
> too bad, it means my friend jean-pierre  will not be able to be hosted
> by you if you already host my other friend jean ;-)

This is  true, obviously. If one  user has jean and  jean-* then clearly
jean-pierre@  is already  taken. That  doesn't  mean I  cannt host  your
friend jean-pierre, it just means  he cannot have jean-pierre@, maybe he
will settle for  jean_pierre@ or jean+pierre@, or  any other combination
that suits him and allowed by the hosting software/MTA.

Given the  predominence of @gmail.com  email addresses, clearly  this is
not a problem for  the majority of people in the  email world. There can
only  ever be  one  jean-pie...@gmail.com, right?  Which  means if  your
friend jean-pierre has jean-pie...@gmail.com, then necessarily my friend
jean-pierre cannot also have jean-pie...@gmail.com. Bummer.

Andy
-- 
TAI64 timestamp: 400056d916f3

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Andy Bradford]

Thus said "Constantine A. Murenin" on Thu, 03 Mar 2016 15:09:46 -0600:

> > The MTA will decide who will get foo-bar@.
>
> How? A /dev/mind RPC? :-)

Because the MTA is configured to handle it? :-)

> And what happens if a "conflicting" user gets created after a mail was
> sent, but before it was delivered? "This behaviour is undefined"?

I'm not exactly sure what you mean by conflicting...

The MTA,  again, will already be  configured to deal with  addresses and
mapping them  to users. And the  behavior is not undefined.  If an email
address exists  and the MTA  knows about the  email address it  will get
delivered if  the username configured to  receive it exists. If  the MTA
knows about it, but the OS doesn't  know about it, the MTA will queue it
up until the local user who is supposed to receive it is created. If the
username exists  and the MTA doesn't  have an email address  for it, the
email will bounce.

My MTA  can handle both +  and - for  email addresses and can  map email
addresses to local users in any fashion that the OS supports.

For example,  let's assume  I have  a local  user named  foo and  I have
assigned an email address foo@ and  I have configured that email address
to accept  wildcard extensions (e.g.  foo-*@ gets delivered  to username
test). Then, I create a local  user named foo-bar. Clearly now, I cannot
give the  local username foo-bar  an email address of  foo-bar@ because,
well,  that  is already  superceded  by  test's  wildcard claim  on  the
address. Assuming that I had to  give the user that username, what email
address could I give him? Anything I want,  as long as it is not part of
foo-*@

I have the following mapping which permits username foo to receive email
for foo@, foo-*@, and foo+*@, and another mapping which permits username
foo-bar to receive email for foo_bar@ and foo_bar-*@:

=foo:foo:1004:1004:/home/foo:-::
+foo-:foo:1004:1004:/home/foo:-::
+foo+:foo:1004:1004:/home/foo:-::
=foo_bar:foo-bar:1003:1003:/home/foo-bar:-::
+foo_bar:foo-bar:1003:1003:/home/foo-bar:-::

Is this  sensible to  do? Who knows,  but the point  is, just  because -
exists in usernames  doesn't necessarily mean that it  shouldn't be used
in email  extensions. Must there  be a one-to-one mapping  between email
addresses and  local usernames? In  many systems  it is typical  for the
email address to not even remotely resemble a local username.

Thanks,

Andy
-- 
TAI64 timestamp: 400056d912b2

Re: uvm fault booting

[Alan Corey]

It happened again.  I'm using a laptop with a short power cord and
sometimes I recline my recliner and don't notice it fell out.  I'm
usually only up here in the winter.

Anyway I did the drive diagnostics again, saw the end this time and it
didn't find anything wrong.  Rebooted and it fscked the big partition
OK.

So I'm wondering if maybe when fsck runs on multiple partitions it
could be not freeing some memory or something between?  Or is it doing
them simultaneously and that fails?.  The messages look like it's
doing one at a time, I see the first 2 finish then I get the error.

Next time I see that I'll try just rebooting without doing anything else.

But it happened this time without doing anything with USB at all, I
just ran the battery down.

On 2/29/16, Alan Corey  wrote:
> SMART is on but it's never been tripped.
>
> Windows is scanning the FAT32 partition of my SD card  but it won't do the
> ext3.  I had Linux on a phone but I was having selinux problems anyway.  So
> I was going to put NetBSD on it for my Raspberry Pi.
>
> Sent from my Motorola XT1505
> On Feb 29, 2016 10:23 PM, "Josh Grosse"  wrote:
>
>> On Mon, Feb 29, 2016 at 10:19:23PM -0500, Alan Corey wrote:
>> > ...So maybe the Seagate stuff remapped some
>> > sectors, maybe not.
>>
>> It's hard to say, Alan.  If the drive reports S.M.A.R.T. status
>> it's possible the drive's electronics will admit remapped
>> sectors to smartmontools.  But if the drive doesn't report,
>> it's not proof.
>>
>> I'm glad things are working for you.  :)
>>
>


-- 
Credit is the root of all evil.  - AB1JX

Debugging queues on pf

[Christopher Sean Hilton]

I'm seeing something very strange when I try to debug queues on
pf. I'm simply trying to view queue activity on the net using either:

 # pfctl -vvsq

or

 # systat queue

I'm trying to assign all udp traffic from my iPad to a priority queue
with a ruleset in pf like this:

 ...

 match out on $ext_if inet proto { udp, icmp } \
 set queue ob_default set prio 3
 match out on $ext_if inet proto tcp \
 set queue (ob_default, ob_priorty) set prio (3, 4)
 match out on $ext_if inet proto { tcp, udp } to any port 53 \
 set queue ob_priority set prio 5
 match out on $ext_if inet proto udp from  \
 set queue ob_priority set prio 5

When I start a video chat on the iPad to a friend I'm expecting
the packet and byte counts in the ob_priority queue shown with

# systat queue

to increase. But I didn't initially see that. When I first looked, the
packets in the default queue were increasing and that queue showed A
little less than 2Mbit/s of traffic. I found that consistant with my
video chat being carried on the ob_default queue. No amount of playing
with queueing in my ruleset seemed to fix that, including setting the
default queue to ob_priority and deleting any assignments to the
ob_default queue. In a fit of pique, I rebooted the box against the
"everything goes in the priority queue" config. After that I noticed
that now everything went into the priority queue. And nothing would
change that. I put the box back to the configuration that I thought
would work with both priority and default queues and it appears to
work now.

My question is:

 Is there some way besides rebooting the machine to get pf to
 recognize a change in the queuing and queueing assignment setup
 in /etc/pf.conf without rebooting the box?

I've tried:

 # pfctl -Frules -f/etc/pf.conf
 # pfctl -Fstate 
 # pfctl -Fall -f /etc/pf.conf
 # shutdown -r now

and the only thing that updated the queueing was the reboot.

Thanks for any help
-- Chris

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Gilles Chehade]

On Thu, Mar 03, 2016 at 02:02:22PM -0600, Claus wrote:
> On 3/3/2016 3:14 AM, Gilles Chehade wrote:
> >On Thu, Mar 03, 2016 at 01:54:16AM +0100, ropers wrote:
> >Won't question your need however this + vs - thing has come up often and
> >I'd like to stress out that even though both - and + are valid, use of -
> >introduces ambiguity given that - is allowed in usernames:
> >
> > $ doas useradd -m foo
> > $ doas useradd -m foo-bar
> >
> >Who should get mail for foo-bar@ ?
> >
> >This just doesn't happen with + because:
> >
> >$ doas useradd -m bar
> >$ doas useradd -m bar+baz
> >useradd: `bar+baz' is not a valid login name
> >$
> 
> Seriously, do email hosting providers create local accounts for their users?
> I don't have a clue but I highly doubt it due the need to host multiple
> domains.
> 

My comment wasn't focused on email providers but on email in general ;-)

The default setup for all MTA's that I know of is to map user part of an
email address to a system username. That's been the case since the first
day I got interested in hosting (pre 2k) and is still the case today. It
was the case for my .edu when I was a student & it was the case for many
of the places I worked for since then.


> The ambiguity is there unless the domain owner doesn't allow dashes in
> account names, and I can afford to make that rule for my domain.  Of course
> that doesn't help me if no one supports that. :(
> 

Indeed, but the fact no one supports that should also hint you that this
is going against ... what everyone else does, so it's quite expected you
are going to be in a painful journey ;)


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Gilles Chehade]

On Thu, Mar 03, 2016 at 01:39:54PM -0700, Andy Bradford wrote:
> Thus said Gilles Chehade on Thu, 03 Mar 2016 10:14:48 +0100:
> 
> > Who should get mail for foo-bar@ ?
> 
> The MTA will decide who will get foo-bar@.
> 

How ?


> > This just doesn't happen with + because:
> 
> It also doesn't happen with an MTA that can figure these things out.
>

How ?


> I don't see this as necessarily an argument for or against - vs +
> 

too bad, it means my friend jean-pierre will not be able to be hosted by
you if you already host my other friend jean ;-)


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Constantine A. Murenin]

On 2 March 2016 at 14:19, Claus Niesen  wrote:
> Sorry for the off topic question but I'm hoping that maybe some of your
> know of or work for an email hosting provider that provides minus/hyphen
> ("-") addressing with custom domain.  All I can find are provider that
> offer plus addressing, which makes it hard for a smooth transition since
> I'm using minus addressing extensively.
>
> I used to run my own at home mailserver (openbsd + qmail) .  Since I no
> longer have a static IP, I switched to an email provider that supports
> minus addressing but operates in the dark ages, especially in regards to
> security updates.  Needless to say I need a better host.  I'd rather not
> host my own mailserver but so far haven't been able to find an
> alternative.
>
> Your suggestions are greatly appreciated.  Feel free to contact me off
> list.
> Thanks,
> Claus
>
> Specific requirements:
> - allows usage of custom domain
> - allows multiple email accounts
> - qmail style '-' addressing
> - some kind of spam filtering (gray-listing & bayes filter)
> - alias
> - imap
> - reliable and secure

So, how much are you willing to pay for this service?

Static IP costs on a residential connection usually start at 5 USD/mo
in the US.  Presumably, that's also how much you'd be willing to pay
for a "reliable and secure"  email service with a custom domain and
qmail-style addressing.  (That's not even considering any extra you'd
have to pay for a provider specifically targeting the niche of serving
it OpenBSD-style.)

At this price, nowadays you might as well get a whole virtual or even
a dedicated bare metal server to play with, from Hetzner, Online,
OVH/Kimsufi et al (I maintain a list at http://dedi.su/ ), and run an
actual qmail on it, or even OpenSMTPD, as you see fit.  (OpenBSD works
great on most of these hosts, even if it's not specifically advertised
as supported.)

Otherwise, what is it that we are missing from your requirements that
makes this a worthwhile discussion for misc@openbsd.org?

C.

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Constantine A. Murenin]

On 3 March 2016 at 14:39, Andy Bradford  wrote:
> Thus said Gilles Chehade on Thu, 03 Mar 2016 10:14:48 +0100:
>
>> Who should get mail for foo-bar@ ?
>
> The MTA will decide who will get foo-bar@.

How?  A /dev/mind RPC? :-)

>> This just doesn't happen with + because:
>
> It also doesn't happen with an MTA that can figure these things out.

So, how would it figure it out?

And what happens if a "conflicting" user gets created after a mail was
sent, but before it was delivered?  "This behaviour is undefined"?

C.

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Andy Bradford]

Thus said Gilles Chehade on Thu, 03 Mar 2016 10:14:48 +0100:

> Who should get mail for foo-bar@ ?

The MTA will decide who will get foo-bar@.

> This just doesn't happen with + because:

It also doesn't happen with an MTA that can figure these things out.

I don't see this as necessarily an argument for or against - vs +

Andy
-- 
TAI64 timestamp: 400056d8a13e

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Claus]

On 3/3/2016 3:14 AM, Gilles Chehade wrote:

On Thu, Mar 03, 2016 at 01:54:16AM +0100, ropers wrote:
Won't question your need however this + vs - thing has come up often and
I'd like to stress out that even though both - and + are valid, use of -
introduces ambiguity given that - is allowed in usernames:

 $ doas useradd -m foo
 $ doas useradd -m foo-bar

Who should get mail for foo-bar@ ?

This just doesn't happen with + because:

$ doas useradd -m bar
$ doas useradd -m bar+baz
useradd: `bar+baz' is not a valid login name
$


Seriously, do email hosting providers create local accounts for their 
users?  I don't have a clue but I highly doubt it due the need to host 
multiple domains.


The ambiguity is there unless the domain owner doesn't allow dashes in 
account names, and I can afford to make that rule for my domain.  Of 
course that doesn't help me if no one supports that. :(


  Claus

Re: What's good safe PPC/MIPS/SPARC networking hardware with open firmware that works well with OpenBSD? Many ethernet plugs and 1U rack mount = bonus.

[Chris Cappuccio]

Tinker [ti...@openmailbox.org] wrote:
> On 2016-02-28 05:26, Karel Gardas wrote:
> >Open firmware? What do you mean by that precisely?
> 
> Or just as little firmware as possible, just to minimize that as attack
> vector.
> 
> >Anyway, while asking such question it would also help if you tell
> >something about intended usage scenario of such box(es). fw?/app
> >server?/storage?/nas? etc.
> 
> Network infrastructure, so, among those categories it would be FW.
> 
> 
> What hardware is advisable here?
> 

PC Engines APU uses open source CoreBoot.

I wouldn't be surprised if the CoreBoot load still includes binary-only
support for AMD's remote management stuff (similar to Intel ME).

Re: Question about logo

[Leonardo Santagostini]

Thank you all, for answer me.

OpenBSD its amazing, thankyou for your work. Happy user since 5.1 =)

Yours Leonardo

Saludos.-
Leonardo Santagostini






2016-03-03 16:09 GMT-03:00 Theo de Raadt :

> > There are people selling shirts on Zazzle, CafePress, etc. which have the
> > OpenBSD logo - easy to find via google.  I'm assuming those people are
> not
> > authorized by OpenBSD nor do they pass on profits, alas.
>
> That is correct.
>
> There are layers of cheaters and enablers out there.  Like playing
> whack-a-mole.
>
> I haven't put much effort into fighting it because it isn't fun.

Re: Question about logo

[Theo de Raadt]

> There are people selling shirts on Zazzle, CafePress, etc. which have the
> OpenBSD logo - easy to find via google.  I'm assuming those people are not
> authorized by OpenBSD nor do they pass on profits, alas.

That is correct.

There are layers of cheaters and enablers out there.  Like playing
whack-a-mole.

I haven't put much effort into fighting it because it isn't fun.

Re: Question about logo

[andrew fabbro]

On Wed, Mar 2, 2016 at 11:37 PM, Janne Johansson 
wrote:

> http://www.openbsd.org/art1.html says:
>
> Most images provided here are copyright by OpenBSD, by Theo de Raadt, or by
> other members or developers of the OpenBSD group. However, it is our intent
> that anyone be able to use these images to represent OpenBSD in a positive
> light -- but do not make profit from them. [...] So enjoy them and let the
> world see them, if that is your wish.


There are people selling shirts on Zazzle, CafePress, etc. which have the
OpenBSD logo - easy to find via google.  I'm assuming those people are not
authorized by OpenBSD nor do they pass on profits, alas.

-- 
andrew fabbro
and...@fabbro.org

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[ropers]

On 3 March 2016 at 10:14, Gilles Chehade  wrote:

>
> - is allowed in usernames:
>
> $ doas useradd -m foo
> $ doas useradd -m foo-bar
>
> Who should get mail for foo-bar@ ?
>
> This just doesn't happen with + because:
>
> $ doas useradd -m bar
> $ doas useradd -m bar+baz
> useradd: `bar+baz' is not a valid login name
>

Oh. Thank you. :) I did not know that.

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Gilles Chehade]

On Thu, Mar 03, 2016 at 01:54:16AM +0100, ropers wrote:
> On 2 March 2016 at 23:59, Jason Barbier  wrote:
> 
> > [You're] probably going to have to suck it up at some point and use +
> > [delimiters] like most people have moved to doing since according to the
> > RFC - is a valid email address char.
> >
> 
> So is +.
> http://tools.ietf.org/html/rfc3696#section-3
> - is not any more legal than +, just maybe more common, and you're still
> more likely to encounter non-RFC compliant implementations that don't deal
> with plus correctly, especially in web form email "verification" scripts --
> but many of those suck monkey balls anyway.
> 

Won't question your need however this + vs - thing has come up often and
I'd like to stress out that even though both - and + are valid, use of -
introduces ambiguity given that - is allowed in usernames:

$ doas useradd -m foo
$ doas useradd -m foo-bar

Who should get mail for foo-bar@ ?

This just doesn't happen with + because:

$ doas useradd -m bar
$ doas useradd -m bar+baz
useradd: `bar+baz' is not a valid login name
$

Now as far as your issue is concerned, what you could do if you can't go
without - is to take an account anywhere that supports + then just setup
a simple mail forwarder at a vps host to rewrite - to +, this way you'll
be able to transition without being limited in hosting choices.

just my opinion ;)

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg