boot problem - freeze after wskbd console keyboard
I have the following problem with a current snapshot, but also with an older 5.9 snaphot, so it might be more a hardware issue. Installation from the install61.iso works fine The problem is that while booting (in normal and also in single user mode) the boot process halts at the line wskbd0 at pckbd0: consolekeyboard I tried the following changes which all did not help: - disabling acpi (in boot -c) - install on SATA HDD or M.2 SSD (samsung 960 pro) - install with GPT or with MBR - use PS2 keyboard or USB keyboard - BIOS changes like disable hyper threading, disable all USBs, etc The PC configuration is as follows: - Mainboard Asus z270k - CPU i7 7700k - 32 GB RAM - M.2 Samsung pro 500gb thanks for any help. Alex.
Re: signify: write to stdout: Broken pipe
I experienced the same. what I did: - install todays snapshot - sysmerge - pkg_add -nu ---> reported the problems - pkg_add -u sudo ---> reported problems but installed correctly anyway - reboot - pkg_add -nu ---> reported no problems - pkg_add -u ---> reported no problems noc clue what the problem was, but it is gone now. Alex. On Sun, Oct 02, 2016 at 02:53:34PM +0200, lvdd wrote: > Hi misc, > > On Sat, 01 Oct 2016 14:50:35 -0400 > "Joe Gidi"wrote: > > > And, as is so often the case, I figured out the problem right after > > sending > > that email. My old 'sudo' package was apparently not entirely > > functional after > > updating the base system. 'doas pkg_add -u' got me an > > up-to-date 'sudo' which > > is once again working properly. > > > > Sheepish apologies for the noise... > > > > sorry for hijacking this but I am seeing the same problem and > 'sudo' is not involved in my case. > > I did a new installation of the -snapshot yesterday and after much > trial and error I can reliably reproduce the issue with > enabling/disabling dbus-session in my .xinitrc. > > I am running jwm and as soon as I enable the dbus session as described > in the dbus pkg-readme I am seeing the errors reported. JWM > configuration doesn't seem to be involved here (tried the stock > configuration and my own). > Starting CWM with the same .xinitrc (dbus enabled or disabled) doesn't > show the errors. Removing my .xinitrc entirely and starting the default > FVWM doesn't show the issue either. As far as I understand dbus is > started with the default FVWM session. The problem does also not appear > on the tty. > > BTW: Even with those error messages new software is installed fine using > pkg_add -vi > > The combination of jwm with dbus has worked for almot 2 years now. I am > somewhat puzzled and don't understand what jwm, dbus, pkg_add and > signify have to do with each other. > > Some input is highly appreciated > > Thanks > Lars > > .xinitrc: > -- > # ignore this darn LVDD port on the motherboard > xrandr --output DP1 --off > > > if [ -x /usr/local/bin/dbus-launch -a -z "${DBUS_SESSION_BUS_ADDRESS}" > ]; then > eval `dbus-launch --sh-syntax --exit-with-session` > fi > > jwm > #cwm > > > $ doas rcctl ls started > cron > messagebus > ntpd > pflogd > smtpd > sndiod > sshd > syslogd > > > > dmesg: > > OpenBSD 6.0-current (GENERIC.MP) #2511: Fri Sep 30 20:12:15 MDT 2016 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8440098816 (8049MB) > avail mem = 8179810304 (7800MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec2f0 (67 entries) > bios0: vendor American Megatrends Inc. version "0806" date 12/14/2015 > bios0: ASUS All Series > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC FPDT LPIT SSDT SSDT MCFG HPET SSDT SSDT > BGRT acpi0: wakeup devices UAR1(S4) PXSX(S4) RP01(S4) PXSX(S4) PXSX(S4) > RP03(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) GLAN(S4) EHC1(S4) > EHC2(S4) XHC_(S4) HDEF(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 > bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: > apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, > 3691.95 MHz cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.45 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 1 (application processor) > cpu2: Intel(R) Core(TM) i3-4360 CPU @ 3.70GHz, 3691.45 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0,
Re: sshd Connection Failures - 2 June Snapshot (amd64)
Hi, I have the same problem... Just installed current (amd64 install60.iso 2016-06-02 17:13 226M) on my Macbooc Pro 10.10.5 in a VirtualBox VM. SSH-ing into it brings the described error. $ uname -a Darwin my.fritz.box 14.5.0 Darwin Kernel Version 14.5.0: Mon Jan 11 18:48:35 PST 2016; root:xnu-2782.50.2~1/RELEASE_X86_64 x86_64 $ ssh -V OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 $ ssh -p 2225 root@localhost -vvv OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 105: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [::1] port 2225. debug1: connect to address ::1 port 2225: Connection refused debug1: Connecting to localhost [127.0.0.1] port 2225. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/Users/agreif/.ssh/id_rsa" as a RSA1 public key debug1: identity file /Users/agreif/.ssh/id_rsa type 1 debug1: identity file /Users/agreif/.ssh/id_rsa-cert type -1 debug1: identity file /Users/agreif/.ssh/id_dsa type -1 debug1: identity file /Users/agreif/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2 debug1: match: OpenSSH_7.2 pat OpenSSH* debug2: fd 5 setting O_NONBLOCK debug3: put_host_port: [localhost]:2225 debug3: load_hostkeys: loading entries for host "[localhost]:2225" from file "/Users/agreif/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /Users/agreif/.ssh/known_hosts:69 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-rsa,ssh-dss-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: kex_parse_kexinit: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com debug2: kex_parse_kexinit: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: kex_parse_kexinit: none,z...@openssh.com debug2: kex_parse_kexinit: none,z...@openssh.com
minor fix in faq4.html
just found this one. thanks, Alex. Index: faq/faq4.html === RCS file: /cvs/www/faq/faq4.html,v retrieving revision 1.460 diff -u -p -u -r1.460 faq4.html --- faq/faq4.html 27 Apr 2016 22:53:06 - 1.460 +++ faq/faq4.html 1 Jun 2016 09:47:01 - @@ -51,7 +51,7 @@ OpenBSD has long been respected for its simple and straightforward installation process, which is very consistent across all platforms. -You are urged to read the platform-specific INSTALL document in the +You are urged to read the platform-specific INSTALL document on the CD-ROM or mirror sites. For example, i386/INSTALL.i386 or sparc/INSTALL.sparc.
php-fpm package missing in snapshot
Hi, few days ago I realized that the php-fpm packages are not in the ftp mirrors (in snapshot/packages). The packages are missing for amd64 and also i386. I searched in the web, but cannot find a reason for its absence. Does anybody have an idea why the package is not built, or when they will reappear? thanks, ALex.
Re: php-fpm package missing in snapshot
thanks for the info and for fixing current.html This was the missing link. Alex.
passwd without argument in sudo
Hi, with the current 5.8 snapshot I have a question on the following passwd(1) behaviour: when I 'sudo su - ' into a root shell and issue a 'passwd' without a username argument, then it does not try to change the passwd for the current user (in this case root) but for the user from which I issued the 'sudo'. Unfortunately the man pages for passwd does not mention the case without an argument, but on some other linux systems passwd without an argument always changes the password of the current user. I would appreciate if somebody could clarify this behaviour. Here is a sample: [agr...@foo.example.net] /home/agreif $ sudo su - [r...@foo.example.net] /root # passwd Changing local password for agreif. why is this not for root? New password: [r...@foo.example.net] /root # echo $SHELL /bin/ksh [r...@foo.example.net] /root # uname -a OpenBSD foo.example.net 5.8 GENERIC.MP#1139 amd64 thanks, Alex.
Re: httpd stops accepting connections after a few hours on current
Hi, maybe this problem is related to this one? http://marc.info/?l=openbsd-miscm=143091663725238w=2 thanks, Alex
Re: df(1) shows strange Avail and Capacity info
thanks for the clarifictions. I will read the FAQs more throroughly in future. Alex. On Tue, May 19, 2015 at 02:31:34PM -0400, Josh Grosse wrote: I believe FAQ 14.14 may clarify df(1) reporting. Here's a link for convenience: http://www.openbsd.org/faq/faq14.html#NegSpace
df(1) shows strange Avail and Capacity info
Hi, I experienced a strange output of df(1) for the root partition. The Size is greater than Used but Avail and Capacity are miscalculated /root/snaps # df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/sd0a 494M488M -18.4M 104%/ /dev/sd0k 27.6G4.7G 21.5G18%/home /dev/sd0d 492M 86.0K467M 0%/tmp /dev/sd0f 2.0G367M1.5G19%/usr /dev/sd0g 1001M200M751M21%/usr/X11R6 /dev/sd0h 2.0G215M1.7G11%/usr/local /dev/sd0j 1001M2.0K951M 0%/usr/obj /dev/sd0i 1001M2.0K951M 0%/usr/src /dev/sd0e 2.9G9.9M2.8G 0%/var I am running a snapshot from 18. Mai 2015 on amd64 in a VM. Please tell me if more log or other output is needed. Thanks, Alex. dmesg output: OpenBSD 5.7-current (GENERIC) #926: Mon May 18 09:52:25 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 520085504 (495MB) avail mem = 500588544 (477MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfd9c0 (10 entries) bios0: vendor Bochs version Bochs date 01/01/2007 bios0: Bochs Bochs acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HPET SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2394.22 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AES,HV,NXE,PAGE1GB,LONG,LAHF cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00 pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: QEMU, QEMU DVD-ROM, 1.1. ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 Intel 82371SB USB rev 0x01: apic 1 int 11 piixpm0 at pci0 dev 1 function 3 Intel 82371AB Power rev 0x03: apic 1 int 10 iic0 at piixpm0 iic0: addr 0x18 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x1a 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x29 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x2b 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x4c 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x4e 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= vga1 at pci0 dev 2 function 0 Cirrus Logic CL-GD5446 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 Qumranet Virtio Network rev 0x00: Virtio Network Device vio0 at virtio0: address 52:54:c1:10:f2:79 virtio0: apic 1 int 11 virtio1 at pci0 dev 4 function 0 Qumranet Virtio Storage rev 0x00: Virtio Block Device vioblk0 at virtio1 scsibus2 at vioblk0: 2 targets sd0 at scsibus2 targ 0 lun 0: VirtIO, Block Device, SCSI3 0/direct fixed sd0: 40960MB, 512 bytes/sector, 83886080 sectors virtio1: apic 1 int 11 virtio2 at pci0 dev 5 function 0 Qumranet Virtio Memory rev 0x00: Virtio Memory Balloon Device viomb0 at virtio2 virtio2: apic 1 int 10 isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: density unknown fd1 at fdc0 drive 1: density unknown com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot): using irq 1 wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot): using irq 12 wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb0 at uhci0: USB
Re: spamd - whitelist sender email addresses
On Mon, May 18, 2015 at 02:20:08PM +0100, Craig Skinner wrote: Hi Craig, yes, this should help, in the case that the sender tries longer than 4 hours. Are there any experiences, after how many hours/days the sender side (at the large ones like google, yahoo, hotmail, etc) gives up? thanks, Alex. On 2015-05-18 Mon 09:26 AM |, Alex Greif wrote: I am using spamd on a current installation in greylisting mode, and have have problems with large sites that have several SMTP servers but no SPF ip-address ranges. Hi Alex, Bumping up the spamd(8) greyexp time to 2-4 days works well (on 5.6): spamd_flags='-G 25:48:864 ...' Sometimes I have more than 10 mail server IPs in the greylisted in spamdb, from the same (friend) email address, and the the sender side finally/unfortunately gives up, so that I don't get the mail. greyexp is 4 hours by default. Unless the same sending server in the pool retries within greyexp hours, it will not be whitelisted. Increasing it to 2+ days works for gmail, yahoo, hotmail, etc It is slow to start with, but once a host is whitelisted, it just works. Cheers.
Re: spamd - whitelist sender email addresses
On Mon, May 18, 2015 at 09:46:19AM +0200, Peter N. M. Hansteen wrote: On Mon, May 18, 2015 at 09:26:13AM +0200, Alex Greif wrote: I am using spamd on a current installation in greylisting mode, and have have problems with large sites that have several SMTP servers but no SPF ip-address ranges. Sometimes I have more than 10 mail server IPs in the greylisted in spamdb, from the same (friend) email address, and the the sender side finally/unfortunately gives up, so that I don't get the mail. In cases like these, it's probably best to try to identify the likely IP address range(s) where their outgoing MXes live, and add those ranges to a nospamd table. I think the spamd man page has a useful example. In addition you can add hosts to the spamd whitelist using spamdb, ie $ sudo spamdb -a nn.mm.xx.yy that is exactly what I am currently doing ... trying to collect all valid IPs an dfeeding them in nospamdb table and adding to the whitelist. But in some cases, the sender mail server tried so often from different SMTP IPs, and finally gave up with an error to the sender. Then the sender and receiver persons are quite unhappy, and a lot of time is vasted. Another problem with IPs is that the SMTP servers often change, so that IPs get obsolete, or new ones are set up. Thanks, ALex.
spamd - whitelist sender email addresses
Hi, I am using spamd on a current installation in greylisting mode, and have have problems with large sites that have several SMTP servers but no SPF ip-address ranges. Sometimes I have more than 10 mail server IPs in the greylisted in spamdb, from the same (friend) email address, and the the sender side finally/unfortunately gives up, so that I don't get the mail. Is there a way to define a list of (friendly) sender email addresses or domains in the following form: some.fri...@domail1.com @freinds-domain.com so that spamd ignores greylisting the IPs of the hosts, where these specified senders come from? thanks, Alex.
Re: spamd - whitelist sender email addresses
On Mon, May 18, 2015 at 10:52:52AM +0200, Peter N. M. Hansteen wrote: On Mon, May 18, 2015 at 10:05:45AM +0200, Alex Greif wrote: But in some cases, the sender mail server tried so often from different SMTP IPs, and finally gave up with an error to the sender. Then the sender and receiver persons are quite unhappy, and a lot of time is vasted. In most cases the MXes will be in an identifiable IP address range such as 194.54.104.64/26 (just a random example) you can add to a PF table Another problem with IPs is that the SMTP servers often change, so that IPs get obsolete, or new ones are set up. Again, unless they jump to addresses in totally unrelated ranges, something like the nospamd example in the spamd man page should do the trick. (I make my nospamd file available at http://www.bsdly.net/~peter/nospamd if you want to start from a working examplei in addition to the rules from the man page) thanks, I will do it as you suggested. And will keep an eye on spamdb|grep GREY output. Alex.
Re: httpd 500 error with php-fpm (only https)
Hi, I put in some additional log statements, and it seems that server_tls_readcb(), that is registered as an event callback in server_input(), is called in an endless loop. I have figured out a way to reproduce the bug with two clicks, an will try to find the reason whether the event is fired too often, or whether the entry in the libevent queue is not removed correctly, so that it ends in an endless loop. Unfortunately I am new to C, so that it takes quite long for me to understand the code. Here is a log excerpt. The first two calls contain valid header informations, and all subsequent calls have size 0. server_tls_readcb server_read_http: session 1: size 624, to read -2 server_read_http: session 1: header 'GET: /administrator/index.php?option=com_menusview=menus HTTP/1.1' server_read_http: session 1: header 'Host: jo1.example.com' server_read_http: session 1: header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0' server_read_http: session 1: header 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' server_read_http: session 1: header 'Accept-Language: en-US,en;q=0.5' server_read_http: session 1: header 'Accept-Encoding: gzip, deflate' server_read_http: session 1: header 'Referer: https://jo1.example.com/administrator/index.php?option=com_usersview=users' server_read_http: session 1: header 'Cookie: dfced3b8ef8245f626640a33... server_read_http: session 1: header 'Connection: keep-alive' server_response: /administrator/index.php server_tls_readcb server_read_http: session 1: size 624, to read -2 server_read_http: session 1: header 'GET: /administrator/index.php?option=com_menusview=menus HTTP/1.1' server_read_http: session 1: header 'Host: jo1.example.com' server_read_http: session 1: header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0' server_read_http: session 1: header 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' server_read_http: session 1: header 'Accept-Language: en-US,en;q=0.5' server_read_http: session 1: header 'Accept-Encoding: gzip, deflate' server_read_http: session 1: header 'Referer: https://jo1.example.com/administrator/index.php?option=com_usersview=users' server_read_http: session 1: header 'Cookie: dfced3b8ef8245f626640a33bb1... server_read_http: session 1: header 'Connection: keep-alive' server_response: /administrator/index.php server_tls_readcb server_read_http: session 1: size 0, to read 0 server_response: /administrator/index.php server_tls_readcb server_read_http: session 1: size 0, to read -2 server_response: /administrator/index.php server_tls_readcb server_read_http: session 1: size 0, to read 0 server_response: /administrator/index.php server_tls_readcb server_read_http: session 1: size 0, to read -2 server_response: /administrator/index.php server_tls_readcb server_read_http: session 1: size 0, to read 0 server_response: /administrator/index.php server_tls_readcb server_read_http: session 1: size 0, to read -2 server_response: /administrator/index.php ... thanks, Alex. On Wed, May 06, 2015 at 04:37:05PM +0200, Antoine Jacoutot wrote: On Wed, May 06, 2015 at 02:52:33PM +0200, Antoine Jacoutot wrote: On Wed, May 06, 2015 at 02:49:44PM +0200, Alex Greif wrote: Hi, With the current snapshot on amd64 and have the following problem: I am running httpd and php-fpm with a custom joomla (php) installation, that crashes when I access the site with https. Http runs fine without any problems. FWIW I have this exact same issue on a wordpress installation (httpd(8) with tls and php_fpm). I haven't had the time to look at it at all yet... but I just wanted to add a +1 Also happens with php-5.6... With https, php-fpm spawns the max number of max children, and then never releases them. Finally httpd throws a 500 error. I cannot figure oy whether it is a httpd or a php-fpm problem, but I understand the httpd webserver as s sort of proxy in front of the fastcgi daemon. So I assume thet the problem is with httpd tls, but I am really not sure. Here is my setup... installed: httpd, php-5.6, php-fpm-5.6, postgresql manually installed from tarball: joomla 3.4.1 The first https request works fine, but (in admin mode) switching between the menus User Manager and Menu Manager triggers the error. my php-fpm.conf settings (I also used higher values, but this made no difference): pm = dynamic pm.max_children = 20 pm.start_servers = 15 pm.min_spare_servers = 10 pm.max_spare_servers = 20 php-fpm spawns children gradually and then it is running permanently with the max children. Here are the logs from (/usr/local/sbin/php-fpm-5.6 -F -O) [06-May-2015 11:18:49.940744] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0
httpd 500 error with php-fpm (only https)
Hi, With the current snapshot on amd64 and have the following problem: I am running httpd and php-fpm with a custom joomla (php) installation, that crashes when I access the site with https. Http runs fine without any problems. With https, php-fpm spawns the max number of max children, and then never releases them. Finally httpd throws a 500 error. I cannot figure oy whether it is a httpd or a php-fpm problem, but I understand the httpd webserver as s sort of proxy in front of the fastcgi daemon. So I assume thet the problem is with httpd tls, but I am really not sure. Here is my setup... installed: httpd, php-5.6, php-fpm-5.6, postgresql manually installed from tarball: joomla 3.4.1 The first https request works fine, but (in admin mode) switching between the menus User Manager and Menu Manager triggers the error. my php-fpm.conf settings (I also used higher values, but this made no difference): pm = dynamic pm.max_children = 20 pm.start_servers = 15 pm.min_spare_servers = 10 pm.max_spare_servers = 20 php-fpm spawns children gradually and then it is running permanently with the max children. Here are the logs from (/usr/local/sbin/php-fpm-5.6 -F -O) [06-May-2015 11:18:49.940744] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 [06-May-2015 11:18:50.950807] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 [06-May-2015 11:18:51.960904] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 [06-May-2015 11:18:52.970830] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 my httpd.conf settings: server jo1.example.com { listen on * port 80 listen on * tls port 443 tls key /etc/ssl/private/jo1.example.com.key tls certificate /etc/ssl/jo1.example.com.crt # Set max upload size to 513M (in bytes) connection max request body 537919488 root /jo1 directory { no auto index, index index.php } # Any other PHP file location *.php { fastcgi socket /run/php-fpm.sock } } Here are the last log messages from httpd (httpd -d -vvv) server jo1.example.com, client 3 (5 active), ip:42380 - ip:443, Connection refused (500 Internal Server Error) server jo1.example.com, client 6 (2 active), ip:48145 - ip, done server jo1.example.com, client 4 (6 active), ip:48128 - ip, done server jo1.example.com, client 8 (5 active), ip:48142 - ip, done server jo1.example.com, client 9 (4 active), ip:48143 - ip, done server jo1.example.com, client 6 (4 active), ip:48137 - ip, done server jo1.example.com, client 5 (3 active), ip:48135 - ip, done jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 2 (3 active), ip:42379 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 1 (2 active), ip:42376 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 10 (1 active), ip:42402 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 1 (1 active), ip:42377 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 1 (2 active), ip:42375 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 2 (1 active), ip:42378 - ip:443, bad request (400 Bad Request) I am quite new to OpenBSD so an tips are appreciated how I can get more logs or find the cause of the problem. Thanks, Alex.
relayd.conf man page question
Hi, while reading the relayd.conf man page, I found the following unclear paragraph: ... RELAYS listen on address [port port] [tls] ... If the port option is not specified, the port from the listen on directive will be used. My question: which *other* listen on directive is meant here? Or is the port mandatory? Thanks, ALex.
Re: httpd 500 error with php-fpm (only https)
On Wed, May 06, 2015 at 04:37:05PM +0200, Antoine Jacoutot wrote: On Wed, May 06, 2015 at 02:52:33PM +0200, Antoine Jacoutot wrote: On Wed, May 06, 2015 at 02:49:44PM +0200, Alex Greif wrote: Hi, With the current snapshot on amd64 and have the following problem: I am running httpd and php-fpm with a custom joomla (php) installation, that crashes when I access the site with https. Http runs fine without any problems. FWIW I have this exact same issue on a wordpress installation (httpd(8) with tls and php_fpm). I haven't had the time to look at it at all yet... but I just wanted to add a +1 Also happens with php-5.6... yes, I also experienced the problem with php-5.5 and php-5.6 with the current snapshot With https, php-fpm spawns the max number of max children, and then never releases them. Finally httpd throws a 500 error. I cannot figure oy whether it is a httpd or a php-fpm problem, but I understand the httpd webserver as s sort of proxy in front of the fastcgi daemon. So I assume thet the problem is with httpd tls, but I am really not sure. Here is my setup... installed: httpd, php-5.6, php-fpm-5.6, postgresql manually installed from tarball: joomla 3.4.1 The first https request works fine, but (in admin mode) switching between the menus User Manager and Menu Manager triggers the error. my php-fpm.conf settings (I also used higher values, but this made no difference): pm = dynamic pm.max_children = 20 pm.start_servers = 15 pm.min_spare_servers = 10 pm.max_spare_servers = 20 php-fpm spawns children gradually and then it is running permanently with the max children. Here are the logs from (/usr/local/sbin/php-fpm-5.6 -F -O) [06-May-2015 11:18:49.940744] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 [06-May-2015 11:18:50.950807] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 [06-May-2015 11:18:51.960904] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 [06-May-2015 11:18:52.970830] DEBUG: pid 7845, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20 active children, 0 spare children, 20 running children. Spawning rate 1 my httpd.conf settings: server jo1.example.com { listen on * port 80 listen on * tls port 443 tls key /etc/ssl/private/jo1.example.com.key tls certificate /etc/ssl/jo1.example.com.crt # Set max upload size to 513M (in bytes) connection max request body 537919488 root /jo1 directory { no auto index, index index.php } # Any other PHP file location *.php { fastcgi socket /run/php-fpm.sock } } Here are the last log messages from httpd (httpd -d -vvv) server jo1.example.com, client 3 (5 active), ip:42380 - ip:443, Connection refused (500 Internal Server Error) server jo1.example.com, client 6 (2 active), ip:48145 - ip, done server jo1.example.com, client 4 (6 active), ip:48128 - ip, done server jo1.example.com, client 8 (5 active), ip:48142 - ip, done server jo1.example.com, client 9 (4 active), ip:48143 - ip, done server jo1.example.com, client 6 (4 active), ip:48137 - ip, done server jo1.example.com, client 5 (3 active), ip:48135 - ip, done jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 2 (3 active), ip:42379 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 1 (2 active), ip:42376 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 10 (1 active), ip:42402 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 1 (1 active), ip:42377 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 1 (2 active), ip:42375 - ip:443, bad request (400 Bad Request) jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0 server jo1.example.com, client 2 (1 active), ip:42378 - ip:443, bad request (400 Bad Request) I am quite new to OpenBSD so an tips are appreciated how I can get more logs or find the cause of the problem. Thanks, Alex
cwm does not spawn 'ssh to' dialog when known_hosts is missing
Hi, just installed the current snapshot and I am running cwm. M-. should spawn the 'ssh to' dialog. It works fine if the known_hosts file exists (with entries or blank does not matter), but the dialog is not spawned if the file is missing. IMO the dialog should be spawned also if the known_hosts file is missing, otherwise I have to open a new shell and type in 'ssh ...' first, to get the known_hosts file created, and this should not be a special case for the 'ssh to' functionality. Sorry for the noise if the current behaviour is intended, but I could not read about it in the man page. thanks, Alex.
building kernel and userland while normal operation or in single user mode?
Hi, I follow current and rebuild kernel and userland as described faq5.html but I wonder about the following, that I could not find in the docs: can I recompile and install everything while all the daemons are still running (eg pf, httpd, spamd, relayd, dovecot, postgresql, ...) or is it better to stop all deamons that I started in rc.conf.local before recompiling, or is it even better to boot into single user mode? Any tips on the prefered method is appreciated. Thanks, Alex.
Re: building kernel and userland while normal operation or in single user mode?
Hi Ingo, you are completely right, for my planned system, updating snapshots is the much easier way, without needeing to recompile. Unfortunately the way, how to update snapshots is not explicitely described on the OpenBSD website. But I found good references here: http://homing-on-code.blogspot.de/2015/02/rolling-with-snapshots.html http://bsdly.blogspot.de/2012/07/keeping-your-openbsd-system-in-trim.html Thanks, Alex. Am 5/2/15 um 1:27 PM schrieb Ingo Schwarze: Hi Alex, Alex Greif wrote on Sat, May 02, 2015 at 12:27:07PM +0200: I follow current and rebuild kernel and userland as described faq5.html but I wonder about the following, that I could not find in the docs: can I recompile and install everything while all the daemons are still running (eg pf, httpd, spamd, relayd, dovecot, postgresql, ...) If these are daemons used or testing, no need to bother. The worst thing that might happen is that a few of them crash or stop working and you need to restart them afterwards. If you are talking about a production server running all these services, i wonder why you are compiling from source rather than running snapshots anyway. Compiling from source is for people doing active development on major parts of the system (and even most of those run snapshots rather than building from source, including most developers), not for people who simply want to track -current. or is it better to stop all deamons that I started in rc.conf.local before recompiling, That depends on the individual daemons and how they changed. If a particular daemon will get confused by the changes since you last compiled, it may be necessary to restart it, and depending on the way in which it might get confused, it might be helpful to stop it before the make install step. That will only be needed in a minority of cases, though. or is it even better to boot into single user mode? Definitely not. Single user mode is for system maintenance, not for doing real work. I never tried such a crazy thing, but i'd be quite surprised if make build went through in single user mode at all. I'd expect it to fail rather sooner than later. Any tips on the prefered method is appreciated. The way you ask your questions sounds as if you don't want to compile from source at all but run snapshots. Yours, Ingo
Re: bypass xlock/slock
thanks for the tips/answers, I will use xdm in future Alex.
bypass xlock/slock
Hi, I am currently trying to find a solution to lock my desktop system (openbsd 5.6, amd64), but with the following steps I can always bypass xlock or slock: - run X session with startx - lock it with xlock or slock - switch to text console 2 (with [CTRL]+[ALT]+[F2]) - switch to text console 1, where X server seems to run in foreground. The last message is (II) AIGLX: Suspending AIGLX clients fro VT switch ... now the problem begins... - CTRL-C a few times - xinit is killed - you are in the login shell of the user who locked the screen ... arrgh Is there a security advice how to prevent killing the X session by switching the text console and killing xinit? thanks, Alex
Re: Hannover BSD meetup
hi, ... same for me here in Berlin Alex. On Thu, Jan 22, 2015 at 08:05:13PM +0100, Jan Lambertz wrote: Hey Reyk, that sounds great. Unfortunately the Way to Hannover is 600km from here. I hope something simliar is happening soon near Munich. I was not able to find any Meeting for OpenBSD here. Jan