Re: UTF-8 problem with php-7.4
Op Thu, 24 Sep 2020 02:56:51 +0200 schreef Andrew Hewus Fresh : On Wed, Sep 23, 2020 at 09:11:44AM +0200, Boudewijn Dijkstra wrote: Op Thu, 10 Sep 2020 04:01:30 +0200 schreef Bambero : > Hi, > > It seems that perl regular expressions lost one polish letter (ą): > https://www.compart.com/en/unicode/U+0105 > > I can see this problem only under OpenBSD 6.7 with php-7.4 (same > version of php under linux is OK) > > Ex.: > > PHP 7.4.10 or 7.4.5 > int(1) // OK > > PHP 7.4.10 or 7.4.5 > int(0) // UPS??? > > PHP 7.3.21 > int(1) // OK > > PHP 7.3.21 > int(1) // OK > > Any ideas how to fix that? > > Regards, > Bambero The same happens with any UTF-8 sequence that ends in 0x85. I guess (a part of) PHP's PCRE code is not in UTF-8 mode, causing triggers on CHAR_NEL (=0x85). I don't know a lot about PHP or the external PCRE library, but my guess would be that php is treating the string as bytes not characters. Can you try using the "u" (PCRE_UTF8) modifier? https://www.php.net/manual/en/reference.pcre.pattern.modifiers.php Indeed with "u" the expected 1 is returned! Now the question is, why is this needed on OpenBSD but not in Linux or Windows? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: UTF-8 problem with php-7.4
Op Thu, 10 Sep 2020 04:01:30 +0200 schreef Bambero : Hi, It seems that perl regular expressions lost one polish letter (ą): https://www.compart.com/en/unicode/U+0105 I can see this problem only under OpenBSD 6.7 with php-7.4 (same version of php under linux is OK) Ex.: PHP 7.4.10 or 7.4.5 The same happens with any UTF-8 sequence that ends in 0x85. I guess (a part of) PHP's PCRE code is not in UTF-8 mode, causing triggers on CHAR_NEL (=0x85). for ($i = 0x75; $i <= 0x825; $i++) { $u = mb_chr($i); $str = 'dasw' . $u . 'zdas'; $r = preg_match('/^.{5,64}$/', $str); if ($r == 0) { printf("%04x:", $i); for ($j = 0; $j < strlen($u); $j++) { $b = ord(substr($str, 4 + $j)); printf(" %02x", $b); } printf(": %s\n", $str); } } -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamDB - blacklist mode
Op Thu, 27 Feb 2020 00:19:59 +0100 schreef : Questions: Does the spamDB play a role at all in pure Black listing mode ? No, that DB is used for bookkeeping and decision-making. In blacklist-only mode, there is none of that. Does the spamDB only get created/configured when running in Normal/Grey mode ? It should. Does is require Manual creation ? No. Issue: When Attempting to review SPAMDB entries i get an error: spamdb: cannot open /var/db/spamd for reading: No such file or directory What kind of entries did you expect to find? Setup: [...] -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: dhcpd and unbound on a small LAN
Op Mon, 06 Jan 2020 13:24:50 +0100 schreef Anders Andersson : I'm in the process of replacing an aging OpenWRT device on my home LAN with an apu4d4 running OpenBSD as my personal router. I would like to use unbound as a caching DNS server for my local hosts, but I'm trying to figure out how to handle local hostnames. It seems like a common scenario but I can't find a solution that feels like the "right" way. I have two problems, one is trivial compared to the other. My first and very minor issue is that I would like to register my static hosts in a more convenient way than what's currently offered by unbound. From what I understand you would configure your local hosts something like this: local-zone: "home.lan." static local-data: "laptop.home.lan.IN A 10.0.0.2" local-data-ptr: "10.0.0.2 laptop.home.lan" Every time information has to be entered twice there is room for error and inconsistencies, so preferably this list should be automatically generated from a simpler file, maybe /etc/hosts. I can of course easily write such a script, but I'm wondering if there might be a standard, go-to way of doing this. My second and more difficult issue is that I can't seem to find a way to feed information from the DHCP server into unbound, so that locally assigned hosts can be queried by their hostnames. To clarify with an example: 1. I install a new system and in the installation procedure I name it "alice". 2. "alice" asks for and receives an IP number from my DHCP server. 3. Every other machine can now connect to "alice" by name, assuming that "alice" informed the DHCP server of its name when asking for an address. Currently this works because OpenWRT is using dnsmasq which is both a caching DNS server and a DHCP server, so the left hand knows what the right hand is doing. How can I solve this in OpenBSD base without jumping through hoops? Right now I'm considering something that monitors dhcpd.leases for changes and updates a running unbound using unbound-control(8) but I don't feel confident enough writing such a tool that does not miss a lot of corner cases and handle startup/shutdown gracefully. I'm also thinking that it can't be such an unusual use case, so someone surely must have written such a tool already. I just haven't found any in my search. Or am I doing this the wrong way? I've now read about things like mDNS and Zeroconf and Avahi and I'm just getting more and more confused. Ideas are welcome! Another way is to configure the DHCP server to give alice the same address every time. host alice { hardware ethernet 00:19:b9:e0:2f:de; fixed-address 192.168.0.68; } -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Blank/black screen for 6.6 - any general debugging hints?
Op Mon, 30 Dec 2019 19:07:10 +0100 schreef lu hu : Hello, I was using 6.5 on a desktop PC. I did a sysupgrade, but after the blue boot text, I only get black/blank screen. I don't think it is just the screen, since I cannot reach it via network. I booted the 6.6 bsd.rd then did a clean install with 6.6. The same issue. I had the same issue (I have yet to report it.) Disabling amdgpu fixed it for me. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Erratically losing connection on usb port from UPS unit
Op Wed, 21 Aug 2019 15:06:17 +0200 schreef Walter Alejandro Iglesias : [...] It has been working for days (with and without NUT) apparently without problems except for three times in which the usb signal from the ups got cut, apparently for no reason. I get this message in console: upd0 detached uhidev0 detached I have a similar recurring message, also very erratically, mean period is about a month: ugen0 detached ugen0 at uhub1 port 2 "American Power Conversion Smart-UPS 1000 FW:UPS 09.2 / ID=18" rev 2.00/1.06 addr 2 While using NUT I got "stale" messages from upsmon when that happened. I'm using apcupsd, I also get messages for these occurrences. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: lrint(INT_MAX) != INT_MAX
Op Fri, 09 Aug 2019 19:19:14 +0200 schreef Jan Stary : On Jul 31 14:40:42, mailinglists.boudew...@indes.com wrote: Op Tue, 30 Jul 2019 17:12:56 +0200 schreef : > This is what happens on my relatively current > OpenBSD bbb.stare.cz 6.5 GENERIC#0 armv7 (BeagleBone Black) > OpenBSD ppc.stare.cz 6.5 GENERIC#0 macppc (an old MacMini) > > #include > #include > #include > > int > main() > { >long l; >double d = INT_MAX; > >l = lrint(d); >printf("%f is %ld\n", d, l); > >l = lround(d); >printf("%f is %ld\n", d, l); > >return 0; > } > > 2147483647.00 is -1 > 2147483647.00 is -1 > > That doesn't seem right: isn't INT_MAX representable as a long, > even on these machines where sizeof(int) == sizeof(long)? If it is less than LONG_MAX, then yes. Less than, as in strictly less? Why? Do you mean <= ? My statement is true for both < and <=, but I guess it would have been less confusing if I had written "less then or equal to". > If so, shouldn't lrint(INT_MAX) == INT_MAX = lround(INT_MAX)? If the double type provides enough mantisse (which I think it does on all platforms), and if I read a few C standards correctly, then yes. > On i386 (an ALIX), I see > > 2147483647.00 is 2147483647 > 2147483647.00 is -1 > > so lrint() returns the expected value but lround() does not. > > On the amd64s I have, I see the expected: > 2147483647.00 is 2147483647 > 2147483647.00 is 2147483647 > > Is this a bug or am I missing something obvious? I'd say it's a bug. Also with a float variable and with lrintf/lroundf the outcome should ideally be 2147483647. OK, how can I help debug this? (The code in lib/libm/src/*rint*.c seems a bit over my head.) What Otto said. You could download {Free,Net}BSD code and expand your program to compare different variants. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: lrint(INT_MAX) != INT_MAX
Op Tue, 30 Jul 2019 17:12:56 +0200 schreef : This is what happens on my relatively current OpenBSD bbb.stare.cz 6.5 GENERIC#0 armv7(BeagleBone Black) OpenBSD ppc.stare.cz 6.5 GENERIC#0 macppc (an old MacMini) #include #include #include int main() { long l; double d = INT_MAX; l = lrint(d); printf("%f is %ld\n", d, l); l = lround(d); printf("%f is %ld\n", d, l); return 0; } 2147483647.00 is -1 2147483647.00 is -1 That doesn't seem right: isn't INT_MAX representable as a long, even on these machines where sizeof(int) == sizeof(long)? If it is less than LONG_MAX, then yes. If so, shouldn't lrint(INT_MAX) == INT_MAX = lround(INT_MAX)? If the double type provides enough mantisse (which I think it does on all platforms), and if I read a few C standards correctly, then yes. On i386 (an ALIX), I see 2147483647.00 is 2147483647 2147483647.00 is -1 so lrint() returns the expected value but lround() does not. On the amd64s I have, I see the expected: 2147483647.00 is 2147483647 2147483647.00 is 2147483647 Is this a bug or am I missing something obvious? I'd say it's a bug. Also with a float variable and with lrintf/lroundf the outcome should ideally be 2147483647. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: How to synchronise 2 spamd instances
Op Fri, 31 May 2019 00:34:39 +0200 schreef Mik J : Hello, I'm back again with spamd synchronisation. I made further tests and it seems to me that only new entries in spamd are synchronised. All existing entries before the synchronisation and not sent to the other spamd instance. Is it supposed to work like that ? Yes. From the spamd(8) manual: "The databases are synchronised for greylisted and trapped entries; whitelisted entries and entries made manually using spamdb(8) are not updated." -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: could use some spamdb output
Op Fri, 21 Dec 2018 17:10:46 +0100 schreef Gilles Chehade : spamdb | grep -E '^(GREY|WHITE)\|' | cut -d\| -f1,2 -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Running your own mail server
Op Sat, 08 Sep 2018 17:36:07 +0200 schreef Ken M : On Sat, Sep 08, 2018 at 11:32:00AM -0400, Jay Hart wrote: I've run my own email server for 15 years now I think. I stick with Linux for email server, OpenBSD for routing/firewall. I personally find this is the best of both worlds... Just my 35 cents... Dare I ask, is there a specific technical reason for using Linux as your email server. I ask as I already run a Debian web server on Digital Ocean. Hmm, non-spammers use DigitalOcean too? I have them blacklisted. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: clearing the disk cache
Op Tue, 03 Jul 2018 16:06:37 +0200 schreef Maximilian Pichler : Now I'm resorting to "sysctl kern.bufcachepercent=5; sysctl kern.bufcachepercent=90" to "almost" clear the cache. If only setting it to 0 were allowed... --- sys/kern/kern_sysctl.c.orig Mon Feb 19 09:59:52 2018 +++ sys/kern/kern_sysctl.c Wed Jul 4 10:20:53 2018 @@ -602,7 +602,7 @@ ); if (error) return(error); - if (bufcachepercent > 90 || bufcachepercent < 5) { + if (bufcachepercent > 90) { bufcachepercent = opct; return (EINVAL); } -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Virtualbox vs latest snapshot
Op Thu, 12 Apr 2018 15:47:18 +0200 schreef Consus: On 08:28 Thu 12 Apr, Nick Holland wrote: Another "failure mode" of VirtualBox people should be aware of: I understand through good sources, Oracle monitors the IP addresses that it's downloaded from, and if they can trace it back to a commercial IP (i.e., not a home address), and if they see you download (or update) the "not for unrestricted free use" parts, their lawyers will contact you and send you a bill...and they really don't care about "for work" or "not for work related" uses. I'd really recommend removing this product from your computers. This won't stand in court. You sources are so high on crack it's not even funny. The point is not to go to court, the point is to bully people into paying up. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Virtualbox vs latest snapshot
Op Thu, 12 Apr 2018 14:28:14 +0200 schreef Nick Holland: Another "failure mode" of VirtualBox people should be aware of: I understand through good sources, Oracle monitors the IP addresses that it's downloaded from, and if they can trace it back to a commercial IP (i.e., not a home address), and if they see you download (or update) the "not for unrestricted free use" parts, their lawyers will contact you and send you a bill...and they really don't care about "for work" or "not for work related" uses. I suppose this only works if you have your own netblock. Otherwise they cannot know the legal entity behind an IP-address. Except in totalitarian states I guess. I'd really recommend removing this product from your computers. By which you mean the Oracle VM VirtualBox Extension Pack, presumably. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: noob question: driver separation?
Op Mon, 19 Feb 2018 21:19:27 +0100 schreef Hess THR: I mean.. did it ever happened in the history that a microphone driver sent its data via the network? Quite unlikely with open source drivers. And even load-modules can be checked to see which kernel functions they call. The recently introduced random ordering of kernel objects (KARL) makes it very difficult to call a function without explicitly linking to it. if these attacks aren't very likely, then I was just loudly thinking.. wouldn't it be great to held some idea day for: "how to increase security? " If you are really concerned about security, then there are other ways of achieving physical separation. Like using separate devices. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: noob question: driver separation?
Op Fri, 16 Feb 2018 21:51:12 +0100 schreef Hess THR: Hello, are there any (at least on plan or theoretical level) that drivers will be/are/would be separated? ex.: - touchpad drivers shouldn't have to do anything with network access - wireless drivers shouldn't be able to touch anything from ex.: /home - graphics/wireless/sound/disk/etc. drivers shouldn't be able to get anything from keyboards - and so on. or is this only a dream or bad concept that separation needed "inside kernel level"? Why do you think it is needed? Did you see any dubious or sketchy OpenBSD driver code? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: fsck: CANNOT READ: BLK 4235468160
Op Sun, 07 Jan 2018 03:45:06 +0100 schreef Maximilian Pichler: If the disk is damaged, shouldn't the problematic blocks be consistent? If you mean the actual platters, then probably yes, but there are other components that can damage. If for instance the bearings are worn, you can get a HDD that works fine at first and starts getting more and more read errors as it heats up.
Re: nobreak powers down openbsd
Op Mon, 23 Oct 2017 20:08:56 +0200 schreef Friedrich Locke: When i wrote nobreak, i really meant UPS. I don't have a model; may some one suggest a model that power off openbsd ? I'm using an APC UPS with apcupsd. You can define time-outs, thresholds, also script events and do more complicated stuff by parsing the UPC status report. Small caveat is this particular device requires disabling of uhidev(4) in the kernel. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd randomly and silently dying on OpenBSD 6.1
Op Fri, 06 Oct 2017 10:49:39 +0200 schreef rosjat: [...] Is there some way to get a more verbose autput when the process is daemonized? the -v switch only seems to aplay to the foreground mode. Depends on your syslog.conf; I have: !!spamd daemon.err;daemon.warn;daemon.info;daemon.debug /var/log/spamd !* Have you checked whether interaction with spamd-setup is causing any problems? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: openSMTPD relaying and aliases
Op Wed, 04 Oct 2017 11:31:25 +0200 schreef rosjat: [...] But I get mails in my log account From: r...@machinename.domain.tld To:r...@machinename.domain.tld but i would like to have a it with From: r...@machinename.domain.tld To: logs+...@domain.tld to make my filtering easier in the mail account. So is it possible to get smtpd to use the alias in the to: field by default when sending a mail from a user account? Can't you filter using the "Delivered-To" header? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: the whole greylisting, spam filtering thing
Op Sun, 01 Oct 2017 22:11:27 +0200 schreef Rupert Gallagher: Spammers keep trying, from the same IPs, for days here, so graylisting is useless for us. All of them? On my end about 90% only try once. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: FF vs. Chrome/Chromium
Op Wed, 27 Sep 2017 16:44:01 +0200 schreef Theo de Raadt: Firefox has W^X compliance and so runs with the secure defaults. it uses page aliasing, which is a shitty way of being compliant Do you mean dual-mapping a.k.a. double-mapping? I found some old patches using a temporarily file and mmap w/ fd to achieve this, but they never went in. This blog: https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/ suggests that it is simply switching between RW and RX using mprotect. Can you please elaborate? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: running spamd on firewall ord on the mailsystem
Op Tue, 19 Sep 2017 09:35:04 +0200 schreef Peter N. M. Hansteen: On 09/19/17 09:10, rosjat wrote: I like to get some opinions on where to use the spamd daemon. Is it better to do the heavy stuff on the firewall or let it all pass to the mailsystem and do the filtering there? OpenBSD's spamd is not in any way a 'heavy' service. Indeed. On my site, with 12k messages tarpitted last week, spamd (with -v) took about the same cpu time as ntpd. Spamlogd even less. Together about 7.5M resident memory. It's entirely possible to run it on the actual mail server, but I tend to recommend stopping unwanted traffic early and set up on the directly internet-facing host (aka the firewall). Note that the spamd(8) manual page assumes it's the same machine, so using different machines is a less trivial pf.conf setup. IIRC it requires route-to in stead of divert-to for your whitelist(s), or a divert-to with a relayd/nc relay. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Spamtrap doesn't work for me
Op Thu, 18 May 2017 10:23:40 +0200 schreef Peter N. M. Hansteen: On Thu, May 18, 2017 at 06:09:19AM +, Mik J wrote: I was reading the man spamd http://man.openbsd.org/spamd Which was saying "When a host that is currently greylisted attempts to send mail to a spamtrap address, it is blacklisted for 24 hours by adding the host to the spamd blacklist . Spamtrap addresses are added to the /var/db/spamd database with the following spamdb(8) command:" So I'm expecting a spamd-greytrap table That does sound like we should look into rephrasing that bit of the man page. I'll see if I can come up with suitable wording unless somebody beats me to it. Every time a pf table is mentioned, it says "pf table" or "table" with the name of the table in angle brackets. In this case it doesn't say "table" but "list", but perhaps the name could be between quotes. --- libexec/spamd/spamd.8 16 Mar 2017 15:16:21 - 1.133 +++ libexec/spamd/spamd.8 19 May 2017 07:43:41 - @@ -385,7 +385,7 @@ spamtrap address, it is blacklisted for 24 hours by adding the host to the .Nm blacklist -. +'spamd-greytrap'. Spamtrap addresses are added to the .Pa /var/db/spamd database with the following -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Spamtrap doesn't work for me
Op Wed, 17 May 2017 16:59:27 +0200 schreef Peter N. M. Hansteen <pe...@bsdly.net>: On 05/17/17 16:51, Boudewijn Dijkstra wrote: Op Wed, 17 May 2017 13:55:58 +0200 schreef Mik J <mikyde...@yahoo.fr>: SPAMTRAP|<t...@mydomain.org> It looks like spamdb actually accepts addresses both with and without angle brackets - It accepts anything that has contains an '@'. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Spamtrap doesn't work for me
Op Wed, 17 May 2017 13:55:58 +0200 schreef Mik J: Hello, I'm trying to make spamtrap to work I added a spamtrap address# spamdb | grep trap SPAMTRAP| From spamdb(8): If adding or deleting a SPAMTRAP address (-T), keys should be specified as email addresses: spamt...@mydomain.org So without angle brackets. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd and outlook.com
Op Fri, 21 Apr 2017 14:12:56 +0200 schreef Reyk Floeter <r...@openbsd.org>: On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote: Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <r...@openbsd.org>: > On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote: > > On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote: > > > > > I use the attached script to fetch the SPF entries recursively, in a > plain text format that can be fed into pfctl. Have you tried mx3a.certifiedfactory.info ? ;) great I think you got something wrong: I don't use this simple script automatically or for "untrusted domains", I just use it _manually_ and for _well-known_ offenders like outlook.com that break greylisting. I only pointed out a weakness. Infinite loops may happen regardless of trust or reputation, so the weakness should IMHO be either documented or fixed. SPF is not a security solution, but it is a band-aid that helps to handle these stupid cloud-based MTAs. The script below fixes it - or akpoff's slightly more complicated (and probably more correct) version. Thanks. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd and outlook.com
Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter: On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote: On Fri, Apr 21, 2017 at 11:25:14AM +0200, Markus Rosjat wrote: > I use the attached script to fetch the SPF entries recursively, in a plain text format that can be fed into pfctl. Have you tried mx3a.certifiedfactory.info ? ;) -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Spamd question with Spamtrap
Op Mon, 13 Mar 2017 18:25:30 +0100 schreef Mik J: Spamd has been really efficient in blocking spam. A few of them passed through once in a while but there's no discomfort. So this is not really an OpenSMTPd question. But, I'm not able to use spamtrap. # spamdb -T -a " " The example in the manpage doesn't use angle brackets. Remove them. # spamdb | grep SPAMTRAP SPAMTRAP| But when I telnet port 25 and try to send a mail, a GREY entry is created, and after the holdtime mail are passing through When a SPAMTRAP is hit, no GREY entry is created. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Spammer whitelisted by spamd. How?
Op Sat, 04 Feb 2017 10:03:02 +0100 schreef Clint Pachl: Can someone explain how the spammer at 81.7.16.33 got white listed by spamd and delivered 3 spam emails to me? What exactly triggered the white listing? I may not understand spamd's behavior, but according to the spamd log below, the spammer attempted only 5 deliveries via spamd, each with a different envelope-from address. Correct? At 17:12 there is a 6th connection. Presumably this is a re-try of one of the existing grey entries. With -v you would have seen something like: Feb 3 17:12:29 zeus spamd[34374]: (GREY) 81.7.16.33: -> /B If so, shouldn't white listing be considered only if, during passtime, the retries from a GREY host contain the same envelope-from and envelope-to? Legitimate mail would be resent with the same envelope-from/-to, but spammers (this one in particular) often do not. Ensuring consistent envelope addresses may be a way to stop more spam. No? # passtime set short as I'm currently experimenting $ rcctl get spamd | grep flags spamd_flags=-G 1:10:1080 $ fgrep 81.7.16.33 /var/log/spamd Feb 3 16:58:27 zeus spamd[34374]: 81.7.16.33: connected (3/1) Feb 3 17:00:05 zeus spamd[21625]: new entry 81.7.16.33 from to , helo minyu1esc.com Feb 3 17:00:10 zeus spamd[34374]: 81.7.16.33: disconnected after 103 seconds. Feb 3 17:06:50 zeus spamd[34374]: 81.7.16.33: connected (3/2) Feb 3 17:07:10 zeus spamd[21625]: new entry 81.7.16.33 from to , helo minyu1esc.com Feb 3 17:07:10 zeus spamd[34374]: 81.7.16.33: disconnected after 20 seconds. Feb 3 17:07:47 zeus spamd[34374]: 81.7.16.33: connected (3/2) Feb 3 17:08:00 zeus spamd[21625]: new entry 81.7.16.33 from to , helo minyu1esc.com Feb 3 17:08:02 zeus spamd[34374]: 81.7.16.33: disconnected after 15 seconds. Feb 3 17:08:28 zeus spamd[34374]: 81.7.16.33: connected (4/3) Feb 3 17:08:41 zeus spamd[21625]: new entry 81.7.16.33 from to , helo minyu1esc.com Feb 3 17:08:41 zeus spamd[34374]: 81.7.16.33: disconnected after 13 seconds. Feb 3 17:10:22 zeus spamd[34374]: 81.7.16.33: connected (4/3) Feb 3 17:10:39 zeus spamd[21625]: new entry 81.7.16.33 from to , helo minyu1esc.com Feb 3 17:10:39 zeus spamd[34374]: 81.7.16.33: disconnected after 17 seconds. Feb 3 17:12:13 zeus spamd[34374]: 81.7.16.33: connected (5/4) Feb 3 17:12:29 zeus spamd[34374]: 81.7.16.33: disconnected after 16 seconds. Feb 3 17:12:50 zeus spamd[17428]: queueing add of 81.7.16.33 Feb 3 17:12:50 zeus spamd[17428]: whitelisting 81.7.16.33 in /var/db/spamd -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Memory alignment
Op Sat, 28 Jan 2017 06:26:16 +0100 schreef Damian McGuckin: What is the recommended most portable way to force memory alignment for a datum of any type, assuming one has a pointer say char *x I currently use something like char *xany = aligntonext(x, sizeof(long)) where I use my own function 'aligntionext' which is defined below and I also assume that a 'long' will be the natural word-size of the machine and that any datum things just needs to align to this boundary. That said, if the second argument is say 4k, the function will align its result to a 4k boundary. I was wondering if there is an optimal, better, more acceptable, or more portable, way. Easy and very portable: void * aligntonext(void *x, size_t size) { return (void *)uintptr_t)x + size - 1u) / size) * size); } Whether it is optimal depends on compiler optimization. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd: howto blacklist hosts in greylisting mode?
Op Mon, 16 Jan 2017 16:26:25 +0100 schreef Harald Dunkel <harald.dun...@aixigo.de>: On 01/16/17 13:58, Boudewijn Dijkstra wrote: Op Mon, 16 Jan 2017 11:08:06 +0100 schreef Harald Dunkel <harald.dun...@aixigo.de>: But spamd's blacklisting (without "-b") lacks proper documen- tation. spamd-setup(8) says that it sends blacklist data to spamd, but it doesn't tell the details. Which details do you need and what do you need them for? For verification I would like to see the IP addresses it blocks without waiting for an appropriate spam mail. Obviously spamdb doesn't tell. I have a cronjob that mirrors my blacklists and I use those mirrors in my spamd.conf. With [z]less I can then view the addresses. How can I drop an IP address from the blacklist, in case that there is a false positive, and go back to grey- listing? You can add those addresses to a list in spamd.conf with the :white: capability, which doesn't have a corresponding table in pf. And spamd(8) mentions spamd-setup only for "blacklist-only" mode. No. You know what I mean: "When spamd is run in default mode, it will greylist connections from new hosts. Depending on its configuration, it may choose to blacklist the host or, if the checks described below are met, eventually whitelist it. When spamd is run in blacklist-only mode, using the -b flag, it will consult a pre-defined set of blacklist addresses to decide whether to tarpit the host or not." The missing part here is the work-together between spamd and spamd- setup in default mode. Isn't that described in spamd-setup(8)? I don't see any missing part, I'm sorry. Where does spamd store the information retrieved form spamd-setup? Its not in spamdb, I checked. In the memory allocated to one of spamd's processes. So on a restart of spamd all blacklist information is gone until cron runs spamd-setup next morning? I had expected that spamd would use spamdb for its blacklists as well. When starting up, spamd runs spamd-setup, see /etc/rc.d/spamd . -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd: howto blacklist hosts in greylisting mode?
Op Mon, 16 Jan 2017 11:08:06 +0100 schreef Harald Dunkel: Hi folks, I am running spamd for greylisting on my MTA for several years. I also know how to use spamd for blacklist-only mode and how to configure pf.conf accordingly (even though I never tried). But spamd's blacklisting (without "-b") lacks proper documen- tation. spamd-setup(8) says that it sends blacklist data to spamd, but it doesn't tell the details. Which details do you need and what do you need them for? And spamd(8) mentions spamd-setup only for "blacklist-only" mode. No. How are blacklisted sites supposed to be redirected to spamd for tarpitting, if spamd-setup doesn't update ? Because in default mode, you redirect everything to spamd except your whitelist(s). Is it reasonable to omit the "-b"? Only if you omit it from both spamd and spamd-setup. Where does spamd store the information retrieved form spamd-setup? Its not in spamdb, I checked. In the memory allocated to one of spamd's processes. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd and network whitelisting
Op Tue, 20 Dec 2016 12:31:05 +0100 schreef Clint Pachl: [...] grep "^GREY" | tr "|" "\t" | [...] I've learned to do all parsing of /var/db/spamd via the interface as the envelope-from sometimes contains a "|" (pipe) character. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd and network whitelisting
Op Tue, 20 Dec 2016 12:51:19 +0100 schreef Clint Pachl: Devin Reade wrote on 12/19/16 12:59: With respect to dealing with SPF, the simple solution (permitting an IP if it is on the sending domain's SPF list) doesn't work too well in the general case since it appears many spammers publish SPF records. You're right. When I ran ruby-spf against the the TRAPPED IPs in my spamdb, a surprising number passed SPF (like 15%). On the other hand, one of the popular email domains from our customer DB is @att.net, which doesn't even publish SPF. After some real life testing against our client email DB, I determined SPF was not effective in filtering spam for us. If it is used, it should be a small factor at best. SPF was never meant for making accept/reject decisions on arbitrary domains. If you don't trust the sending domain, then SPF evaluation is pointless. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: OpenBSD green computing tips
- adaptive fan speed (??) Can often be set to "auto" in BIOS. - lcd (??) wsdisplay(4) WSDISPLAYIO_PARAM_BACKLIGHT - cdrom (??) Unplug it? - hard-drives (??) atactl(8) or use solid-state. - usb (??) Unplug it? - 802.11 power-saving (??) Don't transmit packets. - vmd (suspending/hibernation for vms?) Does vmctl stop not do what you want? What are your experience with decreasing energy usage of OpenBSD boxes - laptops but also home-servers. Two tips: * only decrease energy usage when it's worth it * use modern but modest hardware. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: How to make spamd more annoying ?
Op Wed, 14 Dec 2016 18:07:15 +0100 schreef Craig Skinner <skin...@britvault.co.uk>: On Tue, 13 Dec 2016 18:29:00 + (UTC) Mik J wrote: I use spamlogd so that every outgoing mail adds the remote mx IP in my whitelist. As with many domains, large mail services deploy/out source separate inbound & outbound clusters, so spamlogd'ing outbound mail wont help. These spamlogd flags seem to work best here: spamlogd_flags='-I -Y ... -Y ... -Y ' I'm not sure I understood what this patch does. It's used to give some additional statistics? spamd expires trapped IP addresses after 24 hours. Boudewijn's patch keeps them trapped while they continue to spam. His stats prove it works. My stats just prove that senders exist who will happily continue delivery attempts for weeks or months. ;) To see that it works, you have to turn on verbose logging and realise that spammers who get greytrapped sometimes also use valid envelope-to addresses. My patch is intended to reduce the chances of those spammers getting whitelisted. It can also be used as an ad-hoc blacklist for e.g. senders of daily newsletters who refuse to unsubscribe you. I read somewhere that gmail servers change their IPs when they retry to send the mails. This tool helps to auto white list silly round robin senders: http://web.Britvault.Co.UK/products/ungrey-robins/ (SPF lists are often not trustworthy.) Whitelisting an address simply because it appears on an SPF record of a domain used for legitimate mail, is indeed a bad idea. SPF was never meant for that. SPF can be used for accept/reject decisions, but your policy of what to do with a certain SPF result should be based on your level of trust in the publishing domain. -- Boudewijn Dijkstra Indes-IDS B.V. +31 345 545 535
Re: Disable Laptops Keyboard in OpenBSD
Op Tue, 22 Nov 2016 10:24:16 +0100 schreef pasta: Hi, I can't figure out how to disable my laptops keyboard so I can only use my USB one. xinput doesn't list each keyboard as in Linux I believe. I could write a xorg.conf but what if I dont have my keyboard with myself then? wsconsctl can't disable a keyboard, can it? Have you tried wsconscfg(8)? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Because in this day and age, there’s no one else doing what OpenBSD is doing?
Op Tue, 15 Nov 2016 22:14:23 +0100 schreef SOUL_OF_ROOT 55: Theo de Raadt wrote: *Because in this day and age, there's no one else doing what OpenBSD is doing?* The interview was published July 2005. Do you think that "this day and age" still applies? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: strange behaviour spamd
Op Thu, 21 Jul 2016 17:34:37 +0200 schreef Markus Rosjat: I noticed that a trapped ip gets whitelisted when there are still greylisted messages. this shouldn't happen when I use the -a -t switches to trap the ip or do I miss something here ? Indeed it shouldn't and since OpenBSD 4.9 it is believed that it doesn't. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec/spamd/grey.c.diff?r1=1.49=1.50=h If it does anyway, then maybe there is a mistake in your configuration or your spamlogd is interfering (w/ outgoing mail). -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: making OpenBSD 5.9 live system on USB key
Op Sat, 09 Jul 2016 14:10:26 +0200 schreef Matthias Apitz: dwiic at acpi0 not configured dwiic at acpi0 not configured What is connected to these? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: making OpenBSD 5.9 live system on USB key
Op Sat, 09 Jul 2016 16:16:45 +0200 schreef Matthias Apitz: El día Saturday, July 09, 2016 a las 02:44:39PM +0200, Peter N. M. Hansteen escribió: [...] I suspect that's the case with your touchpad as well. [...] Re/ the touchpad: the imt(4) man page says, it should have support. Is there some method in OpenBSD to get verboseor even debug boot messages and -DIHIDEV_DEBUG to verify that the imt(4) driver is in the kernel? config(8), boot_config(8) fgrep imt /usr/src/sys/arch/amd64/conf/GENERIC I read that OpenBSD does not have loadable kernel modules, true? True. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Quick APU2 review
Op Fri, 15 Apr 2016 18:12:41 +0200 schreef Christian Weisgerber: A "make -j4 build" took exactly 120 minutes. Using which physical disk type(s)? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Redirect SMTP traffic
Op Thu, 14 Apr 2016 11:51:25 +0200 schreef: Hello the list, I trying to put SPAMD in front of an Exchange Server but i think doing it in the wrong way. My Lab is like this : FW | SPAMD--Exchange SPAMD and Exchange are in separate LAN. Routing is done via the FW I'm just running smtpd on the spamd box with: listen on egress accept from any for any relay via smtp://Exchange \ hostname spamd.example.com -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: segfault with stripped lib, works fine when non-stripped
Op Mon, 04 Jan 2016 22:54:24 +0100 schreef Jeremie Le Hen: Yeah... when you read that subject you probably had this weird gaze ô_Ò like I did when I came to that conclusion. I've been experiencing segfaults in milter-greylist [...] So after some more tinkering I came to the following conclusion: if I run strip(1) on /usr/local/lib/libbind/libbind.so.5.0 to remove the debugging symbols, then it will crash with the stacktrace below. Has anyone of you seen such a behavior in the past? #0 0x1cc53e386d40 in memcpy (dst0=0x1cc5c48b7000, src0=Variable "src0" is not available. ) at /usr/src/lib/libc/string/memcpy.c:94 #1 0x1cc4f4d496d8 in __res_vinit () from /usr/local/lib/libbind/libbind.so.5.0 #2 0x1cc4f4d48bda in __res_ninit () from /usr/local/lib/libbind/libbind.so.5.0 #3 0x1cc50b181905 in SPF_dns_resolv_lookup (spf_dns_server=0x1cc5c48ab780, domain=0x1cc55122c1d0 "mydomain.org", rr_type=ns_t_spf, should_cache=1) at spf_dns_resolv.c:261 [...] I had the same stack trace with a simple test application (http://www.libspf2.org/docs/html/ ). Except that my memcpy showed src=0, len=16. OpenBSD 5.8 i386 with stock libs (from packages). The prebuilt tools (in /usr/local/libexec/libspf2/) ran fine. My Makefile had: LDADD+= -lspf2 Segfaults disappeared when I changed that to: LDADD+= -lbind -lspf2 So yeah, looks like conflicts between symbols. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: verification spamd and traffic
Op Tue, 13 Oct 2015 20:55:27 +0200 schreef Stuart Henderson <s...@spacehopper.org>: On 2015-10-13, Boudewijn Dijkstra <sp4mtr4p.boudew...@indes.com> wrote: Op Thu, 08 Oct 2015 11:06:45 +0200 schreef Markus Rosjat <ros...@ghweb.de>: Hi there, I have a spamd running in greylisting mode and maintain my own blacklist that I update manually. So far so good yesterday I just did a quite radical adding to my blacklist :) and I noticed my outgoing traffic jumped from around 500mb per day to 3,2gb per day. I checked the traffic with tcpdump and it was no strange traffic going on just my mailports and the 25 for the spamd. So my question is, could the radical adding of IPs cause this (and yeah its a lot because I added some ranges)? As far as I understand it when some IP is on a blacklist it get redirected to spamd right away by pf and then I get some traffic going on. If a IP is not on the blacklist and not known Greylisting jumps in an sends the server away to come back later to decide if it goes through or on the blacklist. So by adding a lot of possible spammer on a black list in the first place I generate traffic with them. Could someone confirm this ? Adding to a blacklist shouldn't increasetraffic. It's totally possible. Blacklist mode by default returns a temporary failure so a standard MTA would keep trying, whereas with greylisting or no spamd it would stop after the mail is accepted. And in stuttering mode you send one character per packet so there's one TCP header for each character. Retries do indeed increase outgoing traffic, but assuming 'normal' SMTP conversations, 'normal' outgoing mail bodies and 'normal' spammers, the increase in outgoing application-layer traffic should barely be noticeable. If the OP was measuring IP bytes, then yes there might be a significant increase. By how much, mostly depends on the number and ratio of incoming/outgoing SMTP conversations, I think. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: verification spamd and traffic
Op Thu, 08 Oct 2015 11:06:45 +0200 schreef Markus Rosjat: Hi there, I have a spamd running in greylisting mode and maintain my own blacklist that I update manually. So far so good yesterday I just did a quite radical adding to my blacklist :) and I noticed my outgoing traffic jumped from around 500mb per day to 3,2gb per day. I checked the traffic with tcpdump and it was no strange traffic going on just my mailports and the 25 for the spamd. So my question is, could the radical adding of IPs cause this (and yeah its a lot because I added some ranges)? As far as I understand it when some IP is on a blacklist it get redirected to spamd right away by pf and then I get some traffic going on. If a IP is not on the blacklist and not known Greylisting jumps in an sends the server away to come back later to decide if it goes through or on the blacklist. So by adding a lot of possible spammer on a black list in the first place I generate traffic with them. Could someone confirm this ? Adding to a blacklist shouldn't increase traffic. I suspect there is an error in your pf.conf. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: odd behaviour of spamdb
Op Mon, 13 Jul 2015 09:14:37 +0200 schreef Markus Rosjat ros...@ghweb.de: hi there, I have a script the following script to delete spam mx ip from the spamd whitelist and write them in my own blacklist. After that I reload the blacklist with spamd- setup. This seems to work but I noticed when the same ip has another mail in the greylist the ip becomes whitelisted if the delivery attempt is successful (which it shouldnt in the first place because I trapped the ip and put it in my blacklist). This seems like an odd behaviour to me, its not the end of the world but it feels kinda wrong :) here is the script: ip_range=$1 for i in `spamdb | grep $ip_range | grep WHITE | awk -F | '{print $2}'`; do echo $i /usr/sbin/spamdb -d $i /usr/sbin/spamdb -a -t $i echo $i /etc/mail/blacksheep.txt done /usr/libexec/spamd-setup maybe someone give me some hints for improvement The explicit deletion (-d) is unnecessary and may have race condition problems. An IP that is both trapped and grey will not be re-added to the whitelist, unless spamlogd interferes. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Random PID implementation and security
Op Tue, 26 May 2015 11:07:06 +0200 schreef Simon openbsd.li...@whitewinterwolf.com: Le 2015-05-26 00:10, Miod Vallat a écrit : It is not the responsibility of the operating system to protect its users against software which assumes using the pid as a random source is a bright and wise idea. Isn't this the whole goal of random PIDs, to put a defense at OS level protecting software against themselves when they make wrong assumption regarding the PID and use it for wrong purposes? One can protect against programmers assuming sequential allocation and one can protect against programmers assuming random allocation, but not both. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Performance Counters
Op Wed, 18 Feb 2015 10:15:26 +0100 schreef Sai Prajeeth cspraje...@gmail.com: Is there any command that will let me access the processor's performance counters?? I am looking for something like Linux's perf / FreeBSDs pmcstat that will help me get the IPC (Instructions per cycle) of the system. $ apropos 'performance counter' pctr(1) - display CPU performance counters pctr(4/amd64) - driver for CPU performance counters pctr(4/i386) - driver for CPU performance counters uperf(4/sparc64) - performance counters driver -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: LibreSSL Official T-shirts
Op Thu, 29 Jan 2015 17:53:10 +0100 schreef OpenBSD Store Misc m...@openbsdstore.com: Some new awesome LibreSSL T-shirts are available to help fund developments. You can see them on https://www.openbsdstore.com. Why not use Comic Sans? Or: This T-shirt specifically designed to annoy web hipsters -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Former Yugoslavia in countrycodes
Op Sun, 04 Jan 2015 14:42:41 +0100 schreef Milun Rajkovic rmi...@gmail.com: Because it's not a country (Kosovo). It is not recognized as an independent state by an overwhelming majority of nations (but a majority nonetheless). Btw it uses mobile networks of Monaco or Luxembour or something like that, and landlines (and call number +381) from Serbian infrastructure. +383 since this year. On Sun, Jan 4, 2015 at 12:58 PM, Jan Stary h...@stare.cz wrote: The breakup of Yugoslavia seems to be incomplete in countrycodes. AFAIK, Kosovo does not have a country code assigned. Indeed not assigned yet, but XK seems to be used for now. https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#XK -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
spamd.conf blacklists link
spamlinks.net server currently not responding, last update 2010: https://web.archive.org/web/20140208054036/http://spamlinks.net/filter-bl.htm Last blog entry 2010: http://blog.spamlinks.net/ I don't know a replacement page, but maybe somebody else does... --- /etc/mail/spamd.conf.orig Thu Sep 11 01:42:13 2014 +++ /etc/mail/spamd.confMon Sep 22 16:05:08 2014 @@ -12,9 +12,6 @@ # all must be here, and defines the order in which lists are applied. # Lists specified with the :white: capability apply to the previous # list with a :black: capability. -# -# As of November 2004, a place to search for blacklists is -# http://spamlinks.net/filter-bl.htm all:\ :uatraps:nixspam: -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: low power device
Op Fri, 12 Sep 2014 15:27:39 +0200 schreef Martijn van Duren martijn...@gmail.com: [...] I would like to acquire something [...] low power, and has at least 2 sata ports, [...]. Spinning hard disks also use power. Why 2× SATA? -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Alix 3D3 disconnects from network after random amount of time
Op Sat, 30 Aug 2014 14:20:43 +0200 schreef Erwin Geerdink open...@erwingeerdink.com: pcibios0: bad IRQ table checksum pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: Warning, unable to fix up PCI interrupt routing vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, auglx0 at pci0 dev 15 function 3 AMD CS5536 Audio rev 0x01: irq 11, Could there be a problem with IRQ sharing? -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
[spamd] longer retention of blacklist entries
OBSOLETE WHEN UA.CA IMPLEMENTS NEW SPAMLOGD Because traplist.gz sometimes expires hosts that are still sending spam to the world, I'd like to keep these addresses tarpitted for a while after they are removed, say 24 hours. This logic doesn't apply to the nixspam list because it contains addresses of legitimate hosts that temporarily send spam. (I've found that keeping these addresses tarpitted longer is counterproductive.) This blacklist specifies single addresses (not blocks), so I could add/update all these addresses as TRAPPED entries in /var/db/spamd, but that would make the database quite unwieldy and also makes it impossible to see in the log files which blacklist it was. So I modified spamdb(8) to add an -f option for specifying an alternate db file and an -e option for removing all expired entries. Then I created a script that is called by cron every half hour (:15 and :45) and does the following: - sleep randomly 0..5 minutes to spread the peak load - fetch traplist.gz using wget/curl (because ftp(1) doesn't do HTTP timestamping) - add/update the addresses from this list in a separate db file - remove expired db entries - dump the db into a new blacklist file - run spamd-setup(8), aggregating this new file (and a few others) I've been running this set-up for a few months now. The DB manipulation places a significant load on the server, but I believe that further optimizations are possible. Does anyone feel the need to comment on this approach? -- Boudewijn Dijkstra Indes-IDS B.V. +31 345 545 535
Re: Sorry OpenBSD people, been a bit busy
Op Wed, 09 Oct 2013 00:01:13 +0200 schreef Scott McEachern sc...@blackstaff.ca: On 10/08/13 16:41, Kevin Chadwick wrote: Back in the pre-WW2 days, Belgium (or was it the Netherlands? I forget.) kept detailed census and medical data on their citizens, including their religious affiliation. It was useful data for a friendly government, never to be abused. I don't know about Belgium, but certainly in the Netherlands local authorities were required to keep resident registration, except at that time not medical data. Then WW2 happened, and Hitler's Nazis invaded. They found that data, especially the religion part, quite useful, and we all know how that turned out. The problem was not that the data existed, the problem was that there wasn't a general preparedness to hide, evacuate or destroy it when justified. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: spamd(8) more persistent greytrapping
Op Thu, 29 Aug 2013 14:04:59 +0200 schreef Boudewijn Dijkstra sp4mtr4p.boudew...@indes.com: Here's a suggested improvement to spamlogd(8) which keeps greytrap entries tarpitted while they keep trying. [...] Because at least one person expressed an interest in my modification, find below an updated patch that fixes a subtle bug. The previous version could accidentally trap hosts that were just whitelisted but not yet added in the pf table spamd-white. The version below leaves these entries alone. --- spamlogd.c.54 Fri Mar 18 23:37:06 2011 +++ spamlogd.c Mon Sep 9 10:52:51 2013 @@ -21,7 +21,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* watch pf log for mail connections, update whitelist entries. */ +/* watch pf log for mail connections, update spamdb entries. */ #include sys/types.h #include sys/socket.h @@ -33,6 +33,7 @@ #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h +#include netinet/tcp.h #include arpa/inet.h #include net/pfvar.h @@ -64,6 +65,7 @@ int greylist = 1; FILE *grey = NULL; +u_short spamd_port; u_short sync_port; int syncsend; u_int8_tflag_debug = 0; @@ -74,13 +76,14 @@ pcap_t *hpcap = NULL; struct syslog_data sdata = SYSLOG_DATA_INIT; time_t whiteexp = WHITEEXP; +time_t trapexp = TRAPEXP; extern char*__progname; void logmsg(int , const char *, ...); void sighandler_close(int); intinit_pcap(void); void logpkt_handler(u_char *, const struct pcap_pkthdr *, const u_char *); -intdbupdate(char *, char *); +intdbupdate(char *, char *, int); void usage(void); void @@ -110,9 +113,11 @@ init_pcap(void) { struct bpf_program bpfp; - charfilter[PCAPFSIZ] = ip and port 25 and action pass - and tcp[13]0x12=0x2; + charfilter[PCAPFSIZ]; + snprintf(filter, PCAPFSIZ, ip and (port 25 or %d) and action pass + and tcp[13]0x12=0x2, spamd_port); + if ((hpcap = pcap_open_live(pflogif, PCAPSNAP, 1, PCAPTIMO, errbuf)) == NULL) { logmsg(LOG_ERR, Failed to initialize: %s, errbuf); @@ -157,6 +162,11 @@ const struct ip *ip = NULL; const struct pfloghdr *hdr; char ipstraddr[40] = { '\0' }; + int white = 1; + unsigned int off; + const struct tcphdr *tcp; + unsigned int iplen; + unsigned int port; hdr = (const struct pfloghdr *)sp; if (hdr-length MIN_PFLOG_HDRLEN) { @@ -185,26 +195,34 @@ else if (hdr-dir == PF_OUT !flag_inbound) inet_ntop(af, ip-ip_dst, ipstraddr, sizeof(ipstraddr)); + off = ntohs(ip-ip_off); + if ((off 0x1fff) == 0) { + iplen = ip-ip_hl * 4; + tcp = (const struct tcphdr *)(sp + hdrlen + iplen); + port = ntohs(tcp-th_dport); + if (port == spamd_port) + white = 0; + } } if (ipstraddr[0] != '\0') { - if (hdr-dir == PF_IN) - logmsg(LOG_DEBUG,inbound %s, ipstraddr); - else - logmsg(LOG_DEBUG,outbound %s, ipstraddr); - dbupdate(PATH_SPAMD_DB, ipstraddr); + logmsg(LOG_DEBUG, %s %s %s, + hdr-dir == PF_IN ? inbound : outbound, + white ? white : spamd, + ipstraddr); + dbupdate(PATH_SPAMD_DB, ipstraddr, white); } } int -dbupdate(char *dbname, char *ip) +dbupdate(char *dbname, char *ip, int white) { HASHINFOhashinfo; DBT dbk, dbd; DB *db; struct gdatagd; time_t now; - int r; + int r, mod; struct in_addr ia; now = time(NULL); @@ -224,7 +242,7 @@ dbk.data = ip; memset(dbd, 0, sizeof(dbd)); - /* add or update whitelist entry */ + /* add or update entry */ r = db-get(db, dbk, dbd, 0); if (r == -1) { logmsg(LOG_NOTICE, db-get failed (%m)); @@ -237,18 +255,11 @@ gd.first = now; gd.bcount = 1; gd.pass = now; - gd.expire = now + whiteexp; - memset(dbk, 0, sizeof(dbk)); - dbk.size = strlen(ip); - dbk.data = ip; - memset(dbd, 0, sizeof(dbd)); - dbd.size = sizeof(gd); - dbd.data = gd; - r = db-put(db, dbk, dbd, 0); - if (r) { - logmsg(LOG_NOTICE, db-put failed (%m)); - goto bad
Re: spamd(8) more persistent greytrapping
Op Thu, 29 Aug 2013 14:04:59 +0200 schreef Boudewijn Dijkstra sp4mtr4p.boudew...@indes.com: Here's a suggested improvement to spamlogd(8) which keeps greytrap entries tarpitted while they keep trying. To this end I modified spamlogd.c [...] Is anybody even remotely interested in this? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
spamd(8) more persistent greytrapping
Hello folks, Here's a suggested improvement to spamlogd(8) which keeps greytrap entries tarpitted while they keep trying. To this end I modified spamlogd.c so that a known greytrapped host is updated as a greytrap entry in /var/db/spamd on every incoming connection to port 8025. This requires a pf(4) rule that logs incoming connections to this port. In spamd(8)'s default mode, also greylisted hosts connect to this port, so we have to look in the database and not interfere with the greylisting process. In spamd(8)'s blacklist-only mode, this idea could be used to add/update greytrap entries for all blacklisted hosts (so also those from spamd.conf(5)). However, these blacklists often contain false positives and legitimate hosts that are blacklisted for a short period, so this is probably not a good idea. Thoughts? $ diff -u spamlogd.c{.54,} --- spamlogd.c.54 Wed Aug 21 18:13:30 2013 +++ spamlogd.c Thu Aug 29 13:30:58 2013 @@ -21,7 +21,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* watch pf log for mail connections, update whitelist entries. */ +/* watch pf log for mail connections, update spamdb entries. */ #include sys/types.h #include sys/socket.h @@ -33,6 +33,7 @@ #include netinet/in.h #include netinet/in_systm.h #include netinet/ip.h +#include netinet/tcp.h #include arpa/inet.h #include net/pfvar.h @@ -64,6 +65,7 @@ int greylist = 1; FILE *grey = NULL; +u_short spamd_port; u_short sync_port; int syncsend; u_int8_tflag_debug = 0; @@ -74,13 +76,14 @@ pcap_t *hpcap = NULL; struct syslog_data sdata = SYSLOG_DATA_INIT; time_t whiteexp = WHITEEXP; +time_t trapexp = TRAPEXP; extern char*__progname; void logmsg(int , const char *, ...); void sighandler_close(int); intinit_pcap(void); void logpkt_handler(u_char *, const struct pcap_pkthdr *, const u_char *); -intdbupdate(char *, char *); +intdbupdate(char *, char *, int); void usage(void); void @@ -110,9 +113,11 @@ init_pcap(void) { struct bpf_program bpfp; - charfilter[PCAPFSIZ] = ip and port 25 and action pass - and tcp[13]0x12=0x2; + charfilter[PCAPFSIZ]; + snprintf(filter, PCAPFSIZ, ip and (port 25 or %d) and action pass + and tcp[13]0x12=0x2, spamd_port); + if ((hpcap = pcap_open_live(pflogif, PCAPSNAP, 1, PCAPTIMO, errbuf)) == NULL) { logmsg(LOG_ERR, Failed to initialize: %s, errbuf); @@ -157,6 +162,11 @@ const struct ip *ip = NULL; const struct pfloghdr *hdr; char ipstraddr[40] = { '\0' }; + int white = 1; + unsigned int off; + const struct tcphdr *tcp; + unsigned int iplen; + unsigned int port; hdr = (const struct pfloghdr *)sp; if (hdr-length MIN_PFLOG_HDRLEN) { @@ -185,26 +195,34 @@ else if (hdr-dir == PF_OUT !flag_inbound) inet_ntop(af, ip-ip_dst, ipstraddr, sizeof(ipstraddr)); + off = ntohs(ip-ip_off); + if ((off 0x1fff) == 0) { + iplen = ip-ip_hl * 4; + tcp = (const struct tcphdr *)(sp + hdrlen + iplen); + port = ntohs(tcp-th_dport); + if (port == spamd_port) + white = 0; + } } if (ipstraddr[0] != '\0') { - if (hdr-dir == PF_IN) - logmsg(LOG_DEBUG,inbound %s, ipstraddr); - else - logmsg(LOG_DEBUG,outbound %s, ipstraddr); - dbupdate(PATH_SPAMD_DB, ipstraddr); + logmsg(LOG_DEBUG, %s %s %s, + hdr-dir == PF_IN ? inbound : outbound, + white ? white : spamd, + ipstraddr); + dbupdate(PATH_SPAMD_DB, ipstraddr, white); } } int -dbupdate(char *dbname, char *ip) +dbupdate(char *dbname, char *ip, int white) { HASHINFOhashinfo; DBT dbk, dbd; DB *db; struct gdatagd; time_t now; - int r; + int r, mod; struct in_addr ia; now = time(NULL); @@ -224,7 +242,7 @@ dbk.data = ip; memset(dbd, 0, sizeof(dbd)); - /* add or update whitelist entry */ + /* add or update entry */ r = db-get(db, dbk, dbd, 0); if (r == -1) { logmsg(LOG_NOTICE, db-get failed (%m)); @@ -237,27 +255,29 @@ gd.first = now; gd.bcount = 1; gd.pass = now; - gd.expire = now + whiteexp; - memset(dbk, 0, sizeof(dbk)); - dbk.size =
Re: spamd database breaks after time_t change
Op Tue, 20 Aug 2013 18:33:46 +0200 schreef Renaud Allard ren...@allard.it: I just found out that spamd database breaks after upgrading to a snapshot with the 64 bits time_t resulting in: Aug 20 16:04:18 pippin spamd[26092]: scan of /var/db/spamd failed Aug 20 16:05:18 pippin spamd[26092]: bogus entry in spamd database As for the utmp and lastlog, a clear of the database obviously solves the problem. Or if you value your white and spamtrap entries, do something like the following: Before upgrade: spamdb|grep '^WHITE|'|cut -d'|' -f2/var/db/spamd.white spamdb|grep '^SPAMTRAP|'|cut -d'|' -f2/var/db/spamd.spamtrap After upgrade: rm -f /var/db/spamd for a in `cat /var/db/spamd.white`; do spamdb -a $a; done for a in `cat /var/db/spamd.spamtrap`; do spamdb -Ta $a; done rm -f /var/db/spamd.{white,spamtrap} -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
Re: remove entry from spamdb greylist
Op Tue, 13 Aug 2013 17:49:51 +0200 schreef ML mail mlnos...@yahoo.com: I am using spamd in greylisting mode and would like to delete the following entry: GREY|207.126.144.121|eu1sys200aog106.obsmtp.com|no_reply@sender|recipient@domain|1376398715|1376400232|1376413115|4|0 I tried the following command: spamdb -d 207.126.144.121 Unfortunately it does not remove the entry as it is still there. Any ideas what could be wrong? An IP address can only be used as a key for WHITE and TRAPPED entries. The spamdb(8) utility was not designed to remove GREY entries, but if you are clever, you might be able to use it for this purpose. Anyway, the important question is: what are you trying to accomplish? -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
Re: remove entry from spamdb greylist
If that PF table is spamd-white, then it will get reset when you run spamd-setup(8) or reboot. Maybe a better way is to manually add this IP to the spamdb whitelist: spamdb -a 207.126.144.121 In this case the grey entry will be ignored and stay in the database until it expires. Or, even better, regularly add/update all OBSMTP addresses in your whitelist via SPF. Search the archives for people who made scripts for this kind of thing. Greylisting is great, but some mail delivery networks need a little help in the form of manual whitelisting of their netblocks. Op Wed, 14 Aug 2013 15:38:50 +0200 schreef ML mail mlnos...@yahoo.com: This mail server has been somehow wrongly marked as grey and would stay stuck like in this state not allowing mails flowing in. Somehow after 3 attempts it should have whitelisted this IP so it didn't. What I now did is to manually add this IP my PF spamd whitelist. The final goal being simply to allow mail coming in from this mail server. Regards, M.L. From: Boudewijn Dijkstra sp4mtr4p.boudew...@indes.com To: misc misc@openbsd.org Sent: Wednesday, August 14, 2013 12:39 PM Subject: Re: remove entry from spamdb greylist Op Tue, 13 Aug 2013 17:49:51 +0200 schreef ML mail mlnos...@yahoo.com: I am using spamd in greylisting mode and would like to delete the following entry: GREY|207.126.144.121|eu1sys200aog106.obsmtp.com|no_reply@sender|recipient@ domain|1376398715|1376400232|1376413115|4|0 I tried the following command: spamdb -d 207.126.144.121 Unfortunately it does not remove the entry as it is still there. Any ideas what could be wrong? An IP address can only be used as a key for WHITE and TRAPPED entries. The spamdb(8) utility was not designed to remove GREY entries, but if you are clever, you might be able to use it for this purpose. Anyway, the important question is: what are you trying to accomplish? -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
Re: spamd and greyscanner help needed..
Op Tue, 16 Oct 2012 22:01:54 +0200 schreef Joakim Aronius joa...@aronius.com: I need somone to hit me with a clue-by-four.. Im trying to set up spamd and greyscanner to trap a flood of incoming spam. Now running with default settings for spamd and with recomended pf.conf rules. Can't get it to work properly.. joakim@heimdall$ uname -rsv OpenBSD 5.1 GENERIC#160 joakim@heimdall$ grep spam /etc/rc.conf.local spamd_flags=-v -h mail.aronius.se Example: joakim@heimdall$ grep 81.172.0.62 /var/log/spamd Oct 16 21:38:33 heimdall spamd[14216]: 81.172.0.62: connected (2/0) Oct 16 21:38:44 heimdall spamd[14216]: (GREY) 81.172.0.62: skeptic...@yahoo.nl - a8c9...@aronius.com Oct 16 21:38:44 heimdall spamd[14216]: 81.172.0.62: disconnected after 11 seconds. Hosts are _immediately_ listed as both WHITE and GREY: joakim@heimdall$ spamdb |grep 81.172.0.62 WHITE|81.172.0.62|||1350416314|1350416314|1353526714|1|0 GREY|81.172.0.62|81.172.0.62.dyn.user.ono.com|skeptic...@yahoo.nl|a8c9...@aronius.com|1350416324|1350430724|1350430724|1|0 Looking at the WHITE record it has the same time for 'first' and 'pass' joakim@heimdall$ date -r 1350416314 Tue Oct 16 21:38:34 CEST 2012 Is it not first supposed to be GREY until the sender tries again after 'passtime' but before 'greyexp' and then is added as WHITE? Yes. As the sender is now whitelisted 'greyscanner' will not touch it so I assume that the above is the root problem.. The _real_ root problem is the thing that is broken. Any ideas on what I am doing wrong? I would guess that there is a mistake in your pf.conf. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
Re: the idea of /fastboot ?
Op Wed, 10 Oct 2012 03:43:35 +0200 schreef Artturi Alm artturi@gmail.com: 2012/10/10 Philip Guenther guent...@gmail.com: On Tue, Oct 9, 2012 at 5:01 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: Yes, it is a relic. You may take action against it, Ted. Don't forget to also remove the shutdown(8) bits that use it. Philip Guenther was bored, does this miss anything? Index: rc.8 Index: pathnames.h Index: shutdown.8 Index: shutdown.c Index: rc What about init.8 and init.c? They also mention fastboot. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
Re: OpenBSD's webpage desing
Op Wed, 27 Jun 2012 10:54:11 +0200 schreef Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar: On 2012-06-26 18:46, Pablo Velasco Fernández wrote: Hi. I was loolong the FreeBSD web page. And its a cool page with a cool desing. Maybe OpenBSD should change their own page to a most visual web page. ( Its only my opinion ) What do you think? The FreeBSD website seems optimized for really low resolution, and I've over 50% of my monitor covered in white margins. The OpenBSD website fills my monitor with lots of information. The idea of a large monitor, is, to be able to see more stuff on screen. Yet, on the other hand, it'll still work fine on lynx. I don't see how FreeBSD's is an improvement. Smaller columns make speed reading easier. My browser windows don't all take up the whole width of my screen, and some of my browser tabs don't take up the whole width of the browser window it is in. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
spamd(8) more persistent blacklisting
Hello folks, Here's a suggested improvement to spamd(8) that keeps blacklisted entries tarpitted while they keep trying. Rationale: often blacklists like uatraps will remove hosts because they have stopped trying there, but will continue elsewhere. If your host is 'elsewhere', and a blacklisted spammer has tried to deliver mail to you, then you will want to keep this spammer trapped for a while even though it has vanished from the blacklist. With this diff, a tarpitted host is inserted or updated as a TRAPPED entry in /var/db/spamd on every incoming tarpit connection. A downside is that the jailed process is no longer chrooted. If that is unacceptable, it could perhaps chroot to dirname(PATH_SPAMD_DB) instead. --- /usr/src/libexec/spamd/spamd.c Sat Feb 20 18:59:32 2010 +++ /usr/src/libexec/spamd/spamd.c Mon Jun 4 10:01:10 2012 @@ -45,6 +45,7 @@ extern int server_lookup(struct sockaddr *, struct sockaddr *, struct sockaddr *); +extern int trapupdate(char *, char *); struct con { int fd; @@ -660,6 +661,7 @@ if (greylist blackcount maxblack) cp-stutter = 0; cp-lists = strdup(loglists(cp)); + trapupdate(PATH_SPAMD_DB, cp-addr); } else cp-lists = NULL; @@ -1306,11 +1308,6 @@ } jail: - if (chroot(/var/empty) == -1 || chdir(/) == -1) { - syslog(LOG_ERR, cannot chdir to /var/empty.); - exit(1); - } - if (pw) if (setgroups(1, pw-pw_gid) || setresgid(pw-pw_gid, pw-pw_gid, pw-pw_gid) || --- /dev/null Mon Jun 4 09:52:51 2012 +++ /usr/src/libexec/spamd/trapupdate.c Wed Mar 7 09:54:38 2012 @@ -0,0 +1,89 @@ +/* update trapped entries. */ + +#include sys/types.h /* inet_pton, dbopen */ +#include sys/socket.h /* inet_pton */ + +#include netinet/in.h /* inet_pton */ +#include arpa/inet.h /* inet_pton */ + +#include db.h /* dbopen */ +#include errno.h /* errno */ +#include fcntl.h /* dbopen */ +#include syslog.h /* syslog_r */ +#include string.h /* memset, strerror */ + +#include grey.h +#include sync.h + +extern int debug; +extern struct syslog_data sdata; +extern int syncsend; +extern time_t trapexp; + +int +trapupdate(char *dbname, char *ip) +{ + HASHINFOhashinfo; + DBT dbk, dbd; + DB *db; + struct gdatagd; + time_t now; + int r; + + now = time(NULL); + memset(hashinfo, 0, sizeof(hashinfo)); + db = dbopen(dbname, O_EXLOCK|O_RDWR, 0600, DB_HASH, hashinfo); + if (db == NULL) { + syslog_r(LOG_ERR, sdata, Can not open db %s: %s, dbname, + strerror(errno)); + return -1; + } + memset(dbk, 0, sizeof(dbk)); + dbk.size = strlen(ip); + dbk.data = ip; + memset(dbd, 0, sizeof(dbd)); + + /* add or update trapped entry */ + r = db-get(db, dbk, dbd, 0); + if (r == -1) { + syslog_r(LOG_NOTICE, sdata, db-get failed (%m)); + goto bad; + } + + if (r) { + /* new entry */ + memset(gd, 0, sizeof(gd)); + gd.first = now; + gd.pass = now; + gd.bcount = 1; + } else { + if (dbd.size != sizeof(gd)) { + /* whatever this is, it doesn't belong */ + db-del(db, dbk, 0); + goto bad; + } + memcpy(gd, dbd.data, sizeof(gd)); + gd.bcount++; + } + gd.pcount = -1; + gd.expire = now + trapexp; + memset(dbk, 0, sizeof(dbk)); + dbk.size = strlen(ip); + dbk.data = ip; + memset(dbd, 0, sizeof(dbd)); + dbd.size = sizeof(gd); + dbd.data = gd; + r = db-put(db, dbk, dbd, 0); + db-close(db); + if (r) { + syslog_r(LOG_NOTICE, sdata, db-put failed (%m)); + return -1; + } + if (syncsend) + sync_trapped(now, now + trapexp, ip); + return 0; +bad: + db-close(db); + return -1; +} + -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
Re: OpenBSD 5.0-current (GENERIC) #65: Thu Nov 3 00:58:36 MDT 2011
Op Fri, 20 Jan 2012 11:12:31 +0100 schreef Remco re...@d-compu.dyndns.org: Martin Pelikan wrote: On Thu, Jan 19, 2012 at 06:16:59PM +0100, Francois Pussault wrote: I use this : # echo $PKG_PATH ftp://ftp.openbsd.org/pub/OpenBSD/5.0/packages/sparc64/ In case someone googles that and would think it's a good idea to set the variable like so, here's a better alternative: echo 'export PKG_PATH=ftp://ftp.XX.openbsd.org/pub/OpenBSD/`uname -r`/packages/`uname -m`/' ~/.profile for -release and -stable, or echo 'export PKG_PATH=ftp://ftp.XX.openbsd.org/pub/OpenBSD/snapshots/packages/`uname -m`/' ~/.profile for guess what? -current of course! Even that your -current might not be exactly the same one these packages were built on. I was advised some time ago that using `uname -m` is wrong: (`arch -s` should be a better choice) http://marc.info/?l=openbsd-miscm=131694698627338w=2 That's why I've using this in the past (`arch -s` == `machine -a`): # selected FTP mirrors in order of distance OPENBSD_FTP_TIER2='ftp.eu.openbsd.org anga.funkfeuer.at ftp.usa.openbsd.org' OPENBSD_FTP_TIER3='mirror.hostfuss.com ftp.nluug.nl' PKG_DIR=pub/`uname -s`/`uname -r`/packages/`machine -a`/ PKG_CACHE=/home/ftp/$PKG_DIR PKG_PATH=$PKG_CACHE for s in $OPENBSD_FTP_TIER3 $OPENBSD_FTP_TIER2; do PKG_PATH=$PKG_PATH:ftp://$s/$PKG_DIR done; s= And yes, it's time to update my list. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: spamd-setup in crontab
Op Mon, 14 Nov 2011 15:28:43 +0100 schreef James J. Lippard lippard-open...@discord.org: I had the same problem, which I worked around by changing my spamd.conf to use a local file instead of FTP, and downloading the traplist.gz file in my daily.local. That is, my spamd.conf now looks like this: uatraps:\ :black:\ :msg=Your address %A has sent mail to a ualberta.ca spamtrap\n\ within the last 24 hours:\ :method=file:\ :file=/etc/mail/traplist.gz: And my daily.local now has this: echo Getting traplist.gz. /usr/bin/ftp -o /etc/mail/traplist.gz http://www.openbsd.org/spamd/traplist.gz I have a slightly more complicated setup which fetches traplist and nixspam every two hours: root's crontab: # update spamd on :15 every two hours 15 */2 * * * /etc/mail/spamd-setup.sh spamd-setup.sh: #!/bin/sh # sleep 0..15 minutes /bin/sleep $(($RANDOM / 72)) /usr/local/bin/wget -o /dev/null -NxP /home/ftp/pub/mirrors -nv \ http://www.openbsd.org/spamd/{traplist,nixspam}.gz /usr/libexec/spamd-setup Also, china and korea are fetched in daily.local: # http://www.openbsd.org/spamd/{china,korea}cidr.txt.gz are not mirrored # regularly, so we use the original source /usr/local/bin/wget -NxP /home/ftp/pub/mirrors -nv \ http://www.okean.com/{china,korea}cidr.txt The advantage of using wget(1) (or curl(1) if you like) is that it will only fetch the file if the timestamp has changed. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: dedicating a server to spamd
Op Tue, 25 Oct 2011 15:17:45 +0200 schreef ML mail mlnos...@yahoo.com: Many thanks for your solution based on using the local sendmail installation. That makes sense and sendmail will then be taking care of routing the mails to the qmail server, a nice solution which I will give a go. So is this basically the only solution if someone wants to use spamd on a dedicated box? You could also use pfctl to periodically dump the spamd-white table and place it where it can be downloaded by the firewall. If you don't have any white entries in spamd.conf, then you could also use /var/db/spamd. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: dhclient, resolv.conf
Op Sat, 22 Oct 2011 10:41:56 +0200 schreef Philippe Meunier meun...@ccs.neu.edu: Kenneth R Westerback wrote: If you are using dhclient, then /etc/resolv.conf is not really a configuration file. Unless your machine runs its own DNS server. Then you really don't want dhclient-script to mess with your /etc/resolv.conf. But dhclient-script will still blindly mess with /etc/resolv.conf if the DHCP server says so, despite the fact that your /etc/dhclient.conf never asked for anything related to DNS servers in the first place. Then you will have to mess with supersede and /etc/resolv.conf.tail in order to fix dhclient-script's mess. If the DHCP server says things that are wrong, then _that_ needs to be fixed. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: spamd.black pfctl
Op Mon, 10 Oct 2011 12:12:23 +0200 schreef pavel pocheptsov lilit-aibo...@mail.ru: hello misc. I have spamd before mail server. and it's work nice with liberal setting like this: spamd_flags=-v -l 127.0.0.1 -G 10:4:864 -h mail.server pf.conf: [...] block in log quick on { $ext_if_a, $ext_if_b } from { bruteforce, private, spamd-black } to any [...] but I won't want to reload all rules. In best way I want to add in pf spamd-black table only new IP, that I past in the top of spam.txt file. [...] I also employ a manual blacklist, but I import it through spamd.conf(5). This way, the entries are not blocked by pf, but enter spamd's tarpit. This will keep the spammer's machine busy and delay the delivery of other spam. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
fortune(6) lies
Some of the historic fortune(6) adages are good to have, but I have my doubts about this one: === Imagine that Cray computer decides to make a personal computer. It has a 150 MHz processor, 200 megabytes of RAM, 1500 megabytes of disk storage, a screen resolution of 4096 x 4096 pixels, relies entirely on voice recognition for input, fits in your shirt pocket and costs $300. What's the first question that the computer community asks? Is it PC compatible? === -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
Re: fortune(6) lies
Op Fri, 24 Jun 2011 13:12:44 +0200 schreef Nick Holland n...@holland-consulting.net: On 06/24/11 04:44, Boudewijn Dijkstra wrote: Some of the historic fortune(6) adages are good to have, but I have my doubts about this one: === Imagine that Cray computer decides to make a personal computer. It has a 150 MHz processor, 200 megabytes of RAM, 1500 megabytes of disk storage, a screen resolution of 4096 x 4096 pixels, relies entirely on voice recognition for input, fits in your shirt pocket and costs $300. What's the first question that the computer community asks? Is it PC compatible? === What lie? Looks dead-on to me. Taken out of its unspecified context into the present day, the computer community won't ask that. As someone who's interest in the small computer predates the IBM PC (0.625M RAM, 10M HD, 4.8MHz proc, 320x200 graphics), I can relate to everything on that quote, other than an imbalance in the imagined progress (STILL waiting for my 4096x4096 screen). That the 'computer community' would ask that question, is based entirely on the assumption that the PC platform is and will be the only platform that has a decent choice in apps. Did the 'computer community' worry about app availability when the iPhone came out? Hardly. The gradual miniaturization of computer platforms has expanded the 'computer community' to almost every consumer. The above phrase imagine that not only includes technological progress, but also sociological changes. Granted, the latter is much harder to predict. yes, there was a time when Meg was a woman's name and Gig was something a band did, and if you said gigahertz to someone, they'd probably look around to see if there were any children or members of the opposite sex around, and all those numbers were absurdly big. Long ago (~1989), in a job much closer than where I'm working now, I worked for Zenith Data Systems. We had an interesting machine called a Z-1000 -- an asymetric multi-processor machine (20MHz 80386 work processors, 16MHz 80386 control processor...or maybe other way around, I'm not going to swear to those specs), fair amount of RAM for the day per processor, no video board, lots of serial port concentrators. Ran SCO Xenix, about the size of a dorm room fridge, and a lot heavier. To deal with the questions (which I found annoying), I put a sign on it, Zenith Z-1000. Not PC Compatable. Will not run Flight Simulator, will not run Lotus 123, not even at gun point. I was somewhat horrified to find out it would boot a PC's version of MSDOS over the serial console, but fortunately no one noticed my experiment or that it worked. Didn't sell a single one of them. That's all people wanted to know. Is it PC compatible? Does it run Flight Simulator? Does it run Lotus 123? (FS and 123 were the benchmarks of PC compatibility. In the earlier days, there were a few machines which were built to the benchmarks, ran Lotus 123 and Flight Simulator and little else). Nick. (showing his age) I often seem to somehow get old people to tell good stories. ;) -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: man cp: -i versus -f
Op Wed, 15 Jun 2011 16:52:12 +0200 schreef Jan Stary h...@stare.cz: The manpage of cp says -f For each existing destination pathname, remove it and create a new file, without prompting for confirmation, regardless of its permissions. This option overrides any use of -i. -i Write a prompt to the standard error output before copying a file that would overwrite an existing file. If the response from the standard input begins with the character `y', the file copy is attempted. but that isnot what cp actually does: $ rm -f echo bar $ echo new foo $ echo old bar $ cp -fi foo bar overwrite bar? n $ cat bar old Accoording to the manpage, the '-f' should have overrided the '-i'. Instead, it asked for confirmation, which said 'n', and cp(1) did not copy foo over bar, as it still has the old content. Manpage has been like this forever. Looks like the behaviour has been bugged since 1999: --- src/bin/cp/cp.c 1998/07/03 17:43:56 1.12 +++ src/bin/cp/cp.c 1999/05/06 18:19:45 1.13 @@ -91,7 +91,7 @@ static char rcsid[] = $OpenBSD: cp.c,v 1.12 1998/07/0 PATH_T to = { to.p_path, }; uid_t myuid; -int Rflag, iflag, pflag, rflag; +int Rflag, fflag, iflag, pflag, rflag; int myumask; enum op { FILE_TO_FILE, FILE_TO_DIR, DIR_TO_DNE }; @@ -129,10 +129,12 @@ main(argc, argv) Rflag = 1; break; case 'f': + fflag = 1; iflag = 0; break; case 'i': iflag = isatty(fileno(stdin)); + fflag = 0; break; case 'p': pflag = 1; So the behaviour depends on the order of the arguments. E.g. when doing: $ cp -if foo bar no confirmation is asked, and: $ cat bar new . Here's a fix (tested): --- src/bin/cp/cp.c.origSun Nov 4 03:01:57 2007 +++ src/bin/cp/cp.c Wed Jun 15 17:20:25 2011 @@ -113,8 +113,10 @@ iflag = 0; break; case 'i': - iflag = isatty(STDIN_FILENO); - fflag = 0; + if (!fflag) { + iflag = isatty(STDIN_FILENO); + fflag = 0; + } break; case 'p': pflag = 1; -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: spamd in blacklist mode 4.8 not working?
Op Wed, 25 May 2011 15:46:01 +0200 schreef Ivo Chutkin open...@bgone.net: On 25.5.2011 P3. 15:32 Q%07., Stuart Henderson wrote: On 2011-05-25, Ivo Chutkinopen...@bgone.net wrote: Hello Misc, Some months ago I upgraded my firewall to 4.8 -stable form 4.5. Everything went well except my spamd setup. I run it in blacklist mode only. It is running according to logs, netstat, ps ax and top. The table spamd in pf.conf gets populated by spamd-setup but nothing gets to the spamd. I am missing something obvious here but I am lost... in /etc/rc look for this line /usr/libexec/spamd-setup -D please add -b to it, see if that helps, and report back. I did so, but I am not able to reboot it now. It is production system. When I get it done I will report back for sure. You can run that as root without rebooting. But, it should also be run periodically from crontab. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply.)
Re: A bad entry in the spamdb kills pfctl
Op Tue, 23 Nov 2010 18:05:14 +0100 schreef Peter Fraser p...@thinkage.ca: Somehow I have an bad entry in my /var/db/spamdb the entry in question is a follows. GREY|kadorken.thspamdb -t -a itroll.03092...@thinkage.chinkage.on.ca|spamdb -t -a kgdykesb...@thinkage.on.ca|spamdb -t -a kgdykesb...@thinkage.on.ca|spamdb -t -a kgdykescxspamdb|1160168514|0|0|1|-2 I have no idea how the entry got there. How can I delete it? I cannot get the spamdb -d to work, it is expecting an IP address The entry ends with 0|0|1|-2 so it is actually a spamtrap entry that contains newlines. That's why it didn't expire although you'd think it should have. I could successfully use spamdb(8) to add spamtrap entries containing a few newlines and then remove them (phew!). So try this: # spamdb -Td 'kadorken.thspamdb -t -a itroll.03092...@thinkage.chinkage.on.ca spamdb -t -a kgdykesb...@thinkage.on.ca spamdb -t -a kgdykesb...@thinkage.on.ca spamdb -t -a kgdykescxspamdb' If that doesn't work, then possibly the real key is longer and you need a modified version of spamdb(8) to extract it. -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/
Re: spamd -G whiteexp not honored?
Op Mon, 01 Nov 2010 20:08:00 +0100 schreef Daniel Perup dan...@perup.net: I'm having problems with spamd and the -G option. It seems that spamd does not honor the whiteexp value at all, but uses the default value at all times: That is a sweeping statement, coming from just one test case. # pkill spam # /usr/libexec/spamd -G 4:10:500 # /usr/libexec/spamd-setup -D # /usr/libexec/spamlogd # spamdb -a 1.2.3.4 # spamdb|grep 1.2.3.4 WHITE|1.2.3.4|||1288600451|1288600451|1291710851|1|0 # date -r 1288600451 Mon Nov 1 09:34:11 CET 2010 # date -r 1291710851 Tue Dec 7 09:34:11 CET 2010 As you can see, the default 36 days are still in effect. spamdb(8) doesn't talk to spamd(8) when whitelisting, not even to receive the whiteexp value. It just manipulates spamd's database using default values. This happens with all the whiteexp values I have tried, from 50 to 5000. I am using OpenBSD 4.6, but I have not seen anything related to this in the newer changelogs. It should be easy for someone on 4.7 (or 4.8) to verify if this behaviour is still there. Thanks, Daniel -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/
Re: zombies - solved
Op Wed, 12 Mar 2008 17:05:01 +0100 schreef Pete Vickers [EMAIL PROTECTED]: If you want to serve http content via IPv6, then perhaps you can run httpd on your (IPv4) loopback interface, and have relayd listen on your public IPv6 interface, and forward requests over IPv4 to it ? And then what if the HTTP request reads something like GET [::1] ? -- Boudewijn Dijkstra Indes - IDS B.V. +31 345 545 535
Re: The Dilbert Problem...
Op Wed, 05 Mar 2008 13:42:48 +0100 schreef Peter N. M. Hansteen [EMAIL PROTECTED]: Mayuresh Kathe [EMAIL PROTECTED] writes: The first (dilbert) tab takes a long time to load during which the other tabs too show nothing, they get stuck at Looking up... another data point - here the dilbert site loads very slowly in a firefox with about 15 tabs open already (lots of graphics it seems) but other sites opened after it in separate tabs load normally. The delay is most likely caused by the DNS requests for all the different advert sites. My guess is that Firefox handles the DNS requests in order, using the same execution context for all tabs, waiting for each one before proceeding to the next. Requesting an record that does not exist (or trying to connect to the first four bytes of an IPv6-address) might very well cause an additional slowdown. -- Boudewijn Dijkstra Indes - IDS B.V. +31 345 545 535
Re: Monitoring Battery...
Op Mon, 25 Feb 2008 13:08:10 +0100 schreef Mayuresh Kathe [EMAIL PROTECTED]: Is there any way to monitor the charge left on the battery of a laptop? Like how much percentage of the battery charge is left to allow us to estimate how long it will work without connecting to a wall socket? I googled for monitoring battery openbsd but got nothing satisfactory. $ apropos power|grep '(8)' apm (8) - Advanced Power Management control program apmd (8) - Advanced Power Management monitor daemon -- Boudewijn Dijkstra Indes - IDS B.V. +31 345 545 535
Re: Monitoring Battery...
Op Mon, 25 Feb 2008 13:22:24 +0100 schreef Mayuresh Kathe [EMAIL PROTECTED]: On Mon, Feb 25, 2008 at 5:45 PM, Antoine Jacoutot [EMAIL PROTECTED] wrote: On Mon, 25 Feb 2008, Mayuresh Kathe wrote: I googled for monitoring battery openbsd but got nothing satisfactory. apm(8) I tried 'apm -b' to get the battery status, but it showed 255, which is 'unknown', is it because my laptop isn't properly supported? $ if [ `dmesg|grep apm` ];then echo No.;else echo Yes.;fi -- Boudewijn Dijkstra Indes - IDS B.V. +31 345 545 535