Re: greylisting multiple mail servers, greylisting with SPF, challenge response
On Thu, Aug 27, 2015 at 02:16:45PM -0500, Jeremy C. Reed wrote: > I am curious if any of you still use greylisting? Yes. > I workaround these by adding individual IPs or blocks to my pf rules to > bypass the spamd (so goes direct to mail server). It sounds like you need a better greylisting software. I would recommend "milter-greylist" which works with Sendmail and Postfix. It makes whitelisting e.g. Microsoft's "outlook.com" very easy: # Outlook.com racl whitelist domain .outbound.protection.outlook.com > I can automate updating the pf whitelist table from DNS SPF records, but > that doesn't help with unknown senders. Not sure what you mean by that. But "milter-greylist" has builtin SPF support. Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: Printing to a network printer by IP address
On Sun, Jun 21, 2015 at 02:46:19PM +0100, Gerard Lally wrote: > Is is possible to print to an ethernet-connected printer with just the > standard NetBSD print commands (LPD, LPR), without going through CUPS? Yes, at least if the printer supports HP Jetdirect which most printers (even non-HP ones) do. Please check whether your printer accepts TCP connections on port 9100. If the printers accepts connections on port 9100 simply create an entry in "/etc/printcap" where "lp" is set to "9100@" or "9100@". If you want some clever print "filtering" (e.g. the ability to print images with "lpr") please consider looking at the "magicfilter" package in "pkgsrc". Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: dovecot again/still again
On Thu, Jun 11, 2015 at 06:34:25PM +0100, Steve Blinkhorn wrote: > The Postfix error is particularly odd: apparently Postfix is looking in > the ssl/certs directory for a private key, yet the main.cf file says: > > smtpd_tls_cert_file = /etc/ssl/certs/newpostfix.pem > smtpd_tls_key = /etc/ssl/private/newpostfix.pem Can you please post the output of the following command? grep -i begin /etc/ssl/certs/newpostfix.pem /etc/ssl/private/newpostfix.pem Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: Trace tool for NetBSD
On Wed, Mar 11, 2015 at 02:56:25PM +0100, IT geek 31 wrote: > I can't get strace to compile on NetBSD/cobalt 5.22 either manually or > though pkgsrc. > > Is this the best tool to use for tracing? Not under NetBSD. "strace" is a Linux tool. I wasn't even aware that there is a NetBSD port of it. Please try "ktrace" or "ktruss" instead. Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: ap mod_secure
On Sun, Mar 08, 2015 at 02:20:34PM -0400, el kalin wrote: > i have an apache 2.4 build from prksrc on an netbsd 6.0 and now trying to > add mod_secure to it. every time i try to add it via pkg_add or make > install i get: > > "A different version of apache-2.2.27 is already installed: apache-2.4.3nb1" > > how does that make sense? The "ap-modsecure" package doesn't support Apache 2.4.x because "mod_secure" version 1.x doesn't compile with that version of Apache. As a result it automatically pulls in apache-2.2.27 as a dependence because apache-2.4.3nb1 cannot be used. But you cannot install those two apache packages at the same time. > and how do i get to build the latest mod_secure for the apache version i > have? You have to use (or build) the "ap-modsecure2" package which supports both Apache 2.2.x and 2.4.x. Kind regards P.S. The mailing list "pkgsrc-us...@netbsd.org" might be more appropriate for this discussion. -- Matthias Scheler https://zhadum.org.uk/
Re: base.tgz can't create 'usr/bin/mail' - cross compiled release 6.1
On Sun, Mar 01, 2015 at 11:17:26PM -0600, qabulin wrote: > > $ su root ./build.sh -O ../obj/ -T ../tools/ -D ../dest/ -R ../release/ -U > > -m amd64 -V INSTALLSETS="base etc" > > install=/Users/qabulin/Downloads/netbsd-build/test/ [...] > [—snippet—] > Copying set base > pax: Cannot link file > /Users/qabulin/Downloads/netbsd-build/test/./usr/bin/Mail to itself > [—snippet—] > ERROR: Failed to make installworld to > /Users/qabulin/Downloads/netbsd-build/test/ > *** BUILD ABORTED *** > > I confirmed that the base.tgz found in the release dir does not extract > usr/bin/mail : > $ cp ../release/amd64/binary/sets/base.tgz . > $ tar -xzpf base.tgz > ./usr/bin/mail: Can't create 'usr/bin/mail' > tar: Error exit delayed from previous errors. > $ NetBSD's base system contains both "/usr/bin/Mail" and "/usr/bin/mail": tron@colwyn:~>ls -l /usr/bin/[Mm]ail -r-xr-xr-x 3 root wheel 203235 Feb 28 15:11 /usr/bin/Mail -r-xr-xr-x 3 root wheel 203235 Feb 28 15:11 /usr/bin/mail > What can I do to troubleshoot this further? FYI, my cross compile > build machine is a Mac: > $ sw_vers > ProductName:Mac OS X > ProductVersion: 10.10.2 > BuildVersion: 14C109 That is mostly likely the problem. Mac OS X's file system is not case sensitive by default. However NetBSD base system is designed for a case sensitive file system. The easiest work around is probably to use Disk Uiltity to create a disk image that is formatted as "Mac OS Extended (Case-sensitive, Journaled)", mount that image and use it as the installation directory. Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: Reliable way to run emulated Linux under NetBSD
On Wed, Aug 13, 2014 at 10:22:16AM +0200, Kamil Rytarowski wrote: > I'm looking for a reliable and flawless way to run emulated Linux > (GNU/Linux distribution under some tool). I'm using i386 and amd64. A Xen domU under a NetBSD dom0 would do that job. Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: Raidframe startup / shutdown procedures
On Mon, Jul 21, 2014 at 09:42:44PM -0400, Scott Burns wrote: > My question is should we be adding to /etc/rc.conf: > > raidframe=YES This is the default anyway. You don't need to add it. > This one probably isn't required but is there a benefit to using this method > rather than auto-config? No, at least I'm not aware of one. > raidframeparity=YES > > 1) Does the above basically perform a 'fsck' equivalent (ie. check the > parity calc) against the parity on the drives at start-up? It will check whether it needs to re-calculate the parity. The later might take quite a while depending on your RAID setup. > 2) Is this called prior to the processing of fstab (ie. before mounting)? No. But it is not necessary to do that before accessing the device. Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: ixg(4) performances
On Fri, Jul 04, 2014 at 02:43:19PM +, Emmanuel Dreyfus wrote: > I quote myself here: > > On Wed, Jul 02, 2014 at 02:05:53PM +, Emmanuel Dreyfus wrote: > > TCP connection established. > > Packet size 1k bytes: 114938 KByte/s Tx, 114816 KByte/s Rx. > > Packet size 2k bytes: 114924 KByte/s Tx, 114868 KByte/s Rx. > > Packet size 4k bytes: 114871 KByte/s Tx, 114901 KByte/s Rx. > > Packet size 8k bytes: 114877 KByte/s Tx, 114900 KByte/s Rx. > > Packet size 16k bytes: 114882 KByte/s Tx, 114914 KByte/s Rx. > > Packet size 32k bytes: 114881 KByte/s Tx, 114905 KByte/s Rx. > > ioperf reports awful perfs. But netperf says: > > root@saccharose# netperf -H 10.103.101.117 > TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 10.103.101.117 > (10.103.101.117) port 0 AF_INET > Recv SendSend > Socket Socket Message Elapsed > Size SizeSize Time Throughput > bytes bytes bytessecs.10^6bits/sec > > 32768 32768 3276810.011152.76 > > This look much better: maximum bandwith is 1200 Mb/s as I understand. > > How can this be explained? Probably by a various factors: 1.) Lack of SMP scalabity in the network stack. 2.) No MSIE-X support. 3.) No RSS support in the driver. You will also struggle to sature a 10Gb/s link with a single TCP connection in general. Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: can mount device
On Fri, Apr 11, 2014 at 12:38:07PM -0400, el kalin wrote: > i need help with a weird thing that is happening... > > i'm using netbsd on the amazon ec2 network. when i "attach" a volume to a > machine the dmesg sees it as xbd4 but there is no /dev/xbd4* of any kind an > i can't mount it. > > what do i need to do to mount that device? NetBSD's installation only creates device nodes for "xbd0" to "xbd3" by default. You can create more device nodes like this: su cd /dev ./MAKEDEV xbd4 xbd5 xbd6 xbd7 Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: Which Linux?
On Sat, Feb 08, 2014 at 10:08:41AM -0800, Richard L. Dery wrote: > Pkgsrc comes with three versions of Linux. Which one is preferred for Linux > emulation? That depends on the NetBSD version you are using. NetBSD 5.*: suse100_* NetBSD 6.[01]*: suse121_* NetBSD 6.99.*: suse131_* Kind regards -- Matthias Scheler https://zhadum.org.uk/
Re: Emacsen segfaulting on startup
On Wed, Jan 29, 2014 at 01:53:13AM -0500, Thor Lancelot Simon wrote: > > Yes, should... But we don't rename symbols in 3rd party libraries that are > > not > > included in the base system. > > And, given how pkgsrc works, we can't really bump their major version > numbers in a libc-date-dependent way. > > Again it's starting to look to me as if sooner or later, we had really > better bump the libc major version number instead of continuing with > all this renaming. _That_ would fix the 3rd-party libraries as they > would then depend on a different version of libc. Yes, agreed. But NetBSD probably should still ship the old "libc" as well which requires some build system and/or set building tricks. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Emacsen segfaulting on startup
On Tue, Jan 28, 2014 at 11:06:12AM -0500, Thor Lancelot Simon wrote: > On Tue, Jan 28, 2014 at 09:33:27AM +0000, Matthias Scheler wrote: > > > > This is nothing that NetBSD can ensure. A good example is the 64-bit > > time_t change in NetBSD 6.0. If you compile a shared library and a > > program using this type under NetBSD 5.0 they will use a 32-bit time_t. > > If you now recompile *one* of those two under NetBSD 6.0 it will start > > using 64-bit time_t-s. And as a result it is no longer compatible with > > the NetBSD 5.0 library or program. This will definitely result in crashes. > > All the libraries involved _should_ have appropriately renamed > symbols for any function taking time_t or different library major > version numbers. Yes, all the NetBSD base-system libraries. But imagine a pkgsrc package with a shared library whose API contains something like this: struct foo { time_t when; const char *what; }; extern void bar(const struct foo *); If you now recompile the package with that shared library under NetBSD 6.0 the size and layout of "struct foo" will change. An application in *another* package which wasn't recompiled will very likely trigger a crash when calling bar() because it used the old layout of "struct foo". Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Emacsen segfaulting on startup
On Tue, Jan 28, 2014 at 09:44:59AM +0100, Manuel Bouyer wrote: > On Tue, Jan 28, 2014 at 09:41:56AM +0100, Volkmar Seifert wrote: > > >I updated to 6.1.3 and even with the stock kernel... and an older > > >emacs (reinstalled) it crashed. > > > > What do you mean by "reinstalled" - you are aware of the fact that > > with a new OS-/Userland-version, you need to rebuild all packages > > that have been installed from pkgsrc? > > that's not really true. It is true, but badly worded. You can of course use packages from an old NetBSD release under a newer NetBSD release. But you cannot *mix* packages built under two different (major) NetBSD releases. > Backward compatibility is a strong point of NetBSD. This is nothing that NetBSD can ensure. A good example is the 64-bit time_t change in NetBSD 6.0. If you compile a shared library and a program using this type under NetBSD 5.0 they will use a 32-bit time_t. If you now recompile *one* of those two under NetBSD 6.0 it will start using 64-bit time_t-s. And as a result it is no longer compatible with the NetBSD 5.0 library or program. This will definitely result in crashes. There have even been programs which use "time_t" in on disk format (a particular bad idea). In this case a NetBSD 5.0 program will happily work under NetBSD 6.0 and read the old data. But as soon as you recompile that program you will get problems. There is again nothing that NetBSD can do about this. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Emacsen segfaulting on startup
On Sun, Dec 29, 2013 at 08:06:25PM +1030, Brett Lymn wrote: > On Sun, Dec 29, 2013 at 10:17:00AM +0100, Riccardo Mottola wrote: > > > > Any ideas/hints ? > > > > There was a fix that went into -current a month or two ago which may > what you are missing. Something to do with the way emacs was > manipulating the environment which caused memory corruption. You are talking about this change ... http://releng.netbsd.org/cgi-bin/req-6.cgi?show=940 ... which is present in the NetBSD 6.1.2 release. So Riccardo's must be something else. It looks like Emacs is crashing while executing the init function of one of shared libraries. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: dovecot again/still
On Mon, Nov 04, 2013 at 11:33:11AM +, Steve Blinkhorn wrote: > > Me too. Is this Postfix from NetBSD's base system or "pkgsrc"? And > > what about OpenSSL? And did you will them with any funky options > > like "-mcpu=moaaarpowwr"? > > Stock Postfix that came with NetBSD. I encountered the same error > message with the original OpenSSL libraries, and then tried the latest > binaries for this release of NetBSD, fetched, IIRC, from NetBSD.org, > or at worst from a mirror site. Okay. > > And what NetBSD version and port is this? > > NetBSD 4.01 on i386. I'm preparing for forthcoming upgrade of > systems, and the idea was to learn the ropes on familiar territory so > as not to go on wild goose chases in the uprated environment. NetBSD 4.* is out of support for a while. I'm not sure whether I used Postfix on that version with TLS support. I used NetBSD 5.0 or newer if I remember correctly. If you don't want to update the system you could try Postfix and OpenSSL from "pkgsrc". The later would require something like this in "/etc/mk.conf": PREFER_PKGSRC+= openssl Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: dovecot again/still
On Tue, Oct 29, 2013 at 12:21:34PM +, Steve Blinkhorn wrote: > > I guess faulty data. Does the following command work? > > > > openssl rsa -in /etc/ssl/private/myname.key -text > > > > Please do *not* post the output of this command if it works because > > it will *reveal your private key*. If the command prompts for a > > password you have found the problem. You need to remove the password > > in that case. > > > > If the key file passes the check you should check the certificate next: > > > > openssl x509 -in /etc/ssl/certs/myname.pem -text > > > > The output of this command is not sensitive. The "Modulus" section > > of the cert should match the "modulus" section of the private key. > > Thank you for a very helpful response - five-finver exercises in kleys > and certificates... > > But my certificate and key pass your tests, so I'm really beginning to > wonder about the libraries. Me too. Is this Postfix from NetBSD's base system or "pkgsrc"? And what about OpenSSL? And did you will them with any funky options like "-mcpu=moaaarpowwr"? And what NetBSD version and port is this? Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Apache with VitualHost ?
On Sat, Oct 26, 2013 at 04:34:19PM +0200, Maurizio Caloro wrote: > The Error Message it's this > > Diese Seite kann nicht angezeigt werden. > > * Vergewissern Sie sich, dass die Webadresse http://hometime.ch stimmt. > * Suchen Sie die Seite mit Ihrer Suchmaschine. > * Aktualisieren Sie die Seite in ein paar Minuten That is not an error message produced by Apache. This is an error message produced by your browsers, most likely a hostname resolution problem. > # > # Use name-based virtual hosting. > # > NameVirtualHost *:80 [...] This looks fine. > but i dont have any Error logs from Apache Because your browser never talks to Apache. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Apache with VitualHost ?
On Sat, Oct 26, 2013 at 04:25:10PM +0200, Manuel Bouyer wrote: > > I'm using "VirtualHost *:80" respectively "VirtualHost *:443" for all > > virtual hosts with Apache 2.4 without problems. The same configuration > > worked fine when I was still using Apache 2.2. > > I'm using NameVirtualHost, this may be the difference. No, that is what I'm using, too. Well, I was using that with Apache 2.2. Apache 2.4 doesn't need "NamedVirtualHost" any more. > I guess it matches the Host HTTP header against ServerName then ? Yes, exactly. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Apache with VitualHost ?
On Sat, Oct 26, 2013 at 02:59:50PM +0200, Maurizio Caloro wrote: > I have done all the changes but stil the same the HomeShine site are not > Available Did you run "/etc/rc.d/apache reload" afterwards? > the Path to this folder are all Ok and i don't know why this error allso > ocure. What is the extact error message that you get? Kind rgards > Am 26.10.2013 14:11, schrieb Maurizio Caloro: > > Am 26.10.2013 13:39, schrieb Matt Sporleder: > > > >> hometime is not homeshine > >> Yes this mod now i have change, but stil the same, no Webpage appair > >> > >> > >> On Oct 26, 2013, at 7:14 AM, Maurizio Caloro wrote: > >> > >>> Hello Together > >>> After try to configure Apache with virtualhost, i have the problem that > >>> the second link "homeshine" are not available. > >>> -Caloro are Browsable = OK > >>> -HomeShine > >>> ony for local Network, but are not Available. > >>> For any Help iam Happy > >>> Regards > >>> Mauri > >>> > >>> [Snip-http.conf] > >>> # Virtual hosts > >>> Include etc/httpd/httpd-vhosts.conf > >>> > >>> [Snip-http-Vhost.conf] > >>> NameVirtualHost *:80 > >>> > >>> > >>> ServerAdmin webmas...@caloro.ch > >>> DocumentRoot "/usr/pkg/share/httpd/htdocs/caloro.ch/" > >>> ServerName caloro.ch > >>> ServerAlias www.caloro.ch > >>> > >>>Options Indexes FollowSymLinks > >>>AllowOverride None > >>>Order allow,deny > >>>Allow from all > >>> > >>> > >>>DirectoryIndex index.html > >>> > >>> ErrorLog /var/log/httpd/caloro_error.logs > >>> TransferLog /var/log/httpd/caloro_trans.logs > >>> > >>> > >>> > >>> ServerAdmin webmas...@homeshine.ch > >>> DocumentRoot "/usr/pkg/share/httpd/htdocs/homeshine.ch/" > >>> ServerName homeshine.ch > >>> ServerAlias www.homeshine.ch > >>> > >>>Options Indexes FollowSymLinks > >>>AllowOverride None > >>>Order allow,deny > >>>Allow from all > >>> > >>> > >>>DirectoryIndex index.html > >>> > >>> ErrorLog /var/log/httpd/homeshine_error.logs > >>> TransferLog /var/log/httpd/homeshine_trans.logs > >>> > >>> > >>> [Snip-Error.conf] > >>> [Sat Oct 26 13:03:36 2013] [notice] Digest: generating secret for digest > >>> authentication ... > >>> [Sat Oct 26 13:03:36 2013] [notice] Digest: done > >>> [Sat Oct 26 13:03:37 2013] [notice] Apache/2.2.25 (Unix) DAV/2 > >>> configured -- resuming normal operations > >>> > >>> [Snip-hosts] > >>> 192.168.0.103 homeshine.ch caloro.ch > >>> > >>> > >>> -- Matthias Scheler http://zhadum.org.uk/
Re: Apache with VitualHost ?
> > [Snip-http.conf] > > # Virtual hosts > > Include etc/httpd/httpd-vhosts.conf > > > > [Snip-http-Vhost.conf] > > NameVirtualHost *:80 > > > > > > ServerAdmin webmas...@caloro.ch > > [...] > > > > > > > > ServerAdmin webmas...@homeshine.ch > > [...] > > > > You don't want 2 default virtualhost. > Change the second one to > I have to disagree. "VirtualHost" only defines which listen address a virtual host applied to. And "*" means all of them which is definitely correct here. I'm using "VirtualHost *:80" respectively "VirtualHost *:443" for all virtual hosts with Apache 2.4 without problems. The same configuration worked fine when I was still using Apache 2.2. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Policy routing (NetBSD 5.1)
On Wed, Oct 23, 2013 at 09:02:44AM -0400, Chris Ross wrote: > My home gateway is a NetBSD 5.1_STABLE machine. Not terribly up to > date, and in need of an upgrade, but in the more immediate term, I > have a desire to run multiple outgoing links. Is there any way to > determine next-hop (either based on source address, or also > setting source-address appropriately) dynamically in NetBSD 5.x? You can use one of the packet filters for that purpose. Both PF and IPFilter support this feature. In "pf.conf" you need to use the "route-to" keyword (see "man 5 pf.conf"). In "ipf.conf" you need to use "fastroute" (see "man 5 ipf.conf"). Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: dovecot again/still
On Wed, Oct 23, 2013 at 05:48:27PM +0100, Steve Blinkhorn wrote: > But no - I shifted the certificate and key into > /usr/pkg/etc/openssl/certs and private, That is definitely not necessary. I've got my key and certificate stored in "/etc/postfix/certs" and it works fine. > The bit I don't get is that the private key is specified to be in the > private subdirector, not the certs subdirectory, and it is specified > as having the extension .key, not .pem. I used openssl asn1parse as > you suggested, and the key and certificate both make plausible > reading. > > Permissions on the subdirectories are 0755. > > Have I got faulty libraries, faulty data, or both? I guess faulty data. Does the following command work? openssl rsa -in /etc/ssl/private/myname.key -text Please do *not* post the output of this command if it works because it will *reveal your private key*. If the command prompts for a password you have found the problem. You need to remove the password in that case. If the key file passes the check you should check the certificate next: openssl x509 -in /etc/ssl/certs/myname.pem -text The output of this command is not sensitive. The "Modulus" section of the cert should match the "modulus" section of the private key. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: State of ZFS?
On Tue, Oct 08, 2013 at 11:18:12AM -0400, David Wetzel wrote: > how is the state of netbsd's ZFS vs the ZFS in FreeBSD 9.2? > How is support for SSDs? Not usable unfortunately. It needs work on both ZFS and the generic vnode layer in NetBSD as far as I know. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Various size of (Project) ideas for NetBSD and pkgsrc
On Sun, Sep 29, 2013 at 10:09:53AM +0900, Ryo ONODERA wrote: > (5) Add XFS support to NetBSD > I have heard Red Hat Enterprise Linux will use XFS as standard filesystem. I very doubt that. Based on the experience in my previous job XFS doesn't work particular well. It has bug which lock up your system (and Red Hat took a look time to integrate the fixes into the RHEL 6 kernel) and it doesn't perform very well under certain work loads. > Accessing Linux's filesystem is useful and important feature. The long hanging fruit would be to improve NetBSD's ext2 support to include ext3 support. The next target should probably be ext4 because that is the bread and butter file-system at the moment. > (9) Add Microsoft's Hyper-V support to NetBSD > There is two types of Hyper-V, Windows Server 2012's Hyper-V > and Windows Server 2012R2's Hyper-V. NetBSD should just work under HyperV. But having para-virtualised drivers would help performance. > (21) Enable Firefox's WebRTC support > Something is wrong and I cannot enable Firefox's WebRTC support. > Problem is in SCTP (what is it?) code and libxul.so linking. SCTP is a layer 4 network protocol like TCP or UDP. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: imap configuration
On Fri, Sep 27, 2013 at 11:04:43AM +0200, Niels Dettenbach wrote: > i'm just wondering how much non sense is circulating about dovecot as other > email solutions around from and in the dovecot community / "scene", > especially from peoples which are "new" to very new to the email "stuff". I'm not new to email "stuff". > Dovecot is not "more secure" nor "more performant" then solutions like cyrus > or ... I've never user Cyrus IMAP. But Dovecot is magnitudes faster than UW-IMAP and Microsoft Exchange. > ... even exim Exim is an MTA, Dovecot an POP3 and IMAP server. I'm not sure why you are comparing those two. > (which i prefer since around 15 years as our myjor smtp) - as in > most mailer setups, I've never configured Exim, only its predecessor Smail. And I didn't like SMail very much because it had too many ways to do the same thing. As a result you could never understand an SMail setup that somebody else had configured. My impression of Exim is (my two previous employers used it for a while) that it struggles very much if your mail queue has 1,000 or more mails in it. But that might have improved in the last few years. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: imap configuration
On Fri, Sep 27, 2013 at 09:47:13AM +0200, Manuel Bouyer wrote: > > I would recommend to user neither Sendmail nor Cyrus SASL. Both have > > a very poor security track record. The combination of Postfix and > > Dovecot (for IMAP, POP3 and SMTP with TLS and authentication) > > works very well. > > True. But both have not had serious issue for quite some time > (2009 for both sendmail and cyrus-sasl). There's been CVEs for > dovecot and postfix newer than that :) Because nobody cares anymore? ;-) But seriously: 2009 was about the time I gave up on Sendmail (after about 15 years). I find Postfix more flexible, easier to configure and a lot faster. You wouldn't think that you notice a difference between Sendmail and Postfix on a Dual Core 1.83GHz amd64 machine between a 800Kb/s A-DSL link. But the first time I sent an mail to a local mailing list I found that Postfix would deliver e-mails faster than I could switch windows and enter "mailq" which was quite impressive. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: please answer this query
On Thu, Sep 19, 2013 at 08:49:47PM +0530, Prateek Lokur wrote: > 1. Please give me the architecture diagram of netBSD OS(OS > schematic diagram). The internals are documented here: http://www.netbsd.org/docs/internals/en/ > 2. Brief on the performance on the NetBSD OS. I'm sorry but that is a very vague question. > 3. Monolithic kernels are not portable. I'm afraid that the existence of a lot of ports of NetBSD, FreeBSD and Linux proves you wrong. > But NetBSD is portable. What is the reason behind the portability feature? It is designed to be portable. Architecture specific and platfrom independend code are separated reasonably well. Please read this article about porting NetBSD to a new platform. It might help you to understand the principles: http://www.netbsd.org/docs/kernel/porting_netbsd_arm_soc.html Kind regards P.S. I would suggest to use the "tech-k...@netbsd.org" mailing list for further questions. -- Matthias Scheler http://zhadum.org.uk/
Re: imap configuration
On Thu, Sep 26, 2013 at 10:57:25AM -0500, Michael Parson wrote: > >I guess this is all obvious once you know it, but if there's a "how to > >get started with port 587" guide, that would be really helpful. > > Personally, I'd go with port 993 (imaps), imap over ssl. Dovecot (the IMAP server) and all modern mail clients will use "STARTTLS" in case of IMAP over port 143 and enable encryption that wayt. > That will have you up and running with a self-signed cert, which will > throw warnings to your users depending on what clients they are running. > If you don't want to deal with that, you'll need to jump through the > additional hoops for getting a CA signed cert. Getting a properly signed certificate is easy these days. You can even get a free one for private use here: https://www.startssl.com/?app=12 A free certificate from StartSSL will be accepted by the usual mail clients e.g. Thunderbird or iOS Mail. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: imap configuration
On Thu, Sep 26, 2013 at 06:22:23PM +0200, Manuel Bouyer wrote: > On Thu, Sep 26, 2013 at 02:52:51PM +0100, Steve Blinkhorn wrote: > > I have the need to configure my mail servers to accept remote mail > > from company smartphones, which will have unpredictable IP addresses > > at any given time. > > > > As I understand it, this is best done using port 587 and a suitably > > configured imapd, but it is not clear to me whether stock imapd can do > > the job. I get the impression that I need to build something like > > dovecot - but what is the difference between dovecot and dovecot2? > > > > I guess this is all obvious once you know it, but if there's a "how to > > get started with port 587" guide, that would be really helpful. > > No, that's not imap job's, that's the job of the MTA, sendmail or postfix. Well, it is the IMAP servers job if you combine Dovecot and Postfix. > It needs to have SASL auth enabled. In this case it's better to use TLS too. Indeed. > With sendmail this is done with: > PKG_OPTIONS.sendmail+=sasl tls > and rebuild sendmail. This should pull in cyrus-sasl. I would recommend to user neither Sendmail nor Cyrus SASL. Both have a very poor security track record. The combination of Postfix and Dovecot (for IMAP, POP3 and SMTP with TLS and authentication) works very well. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: imap configuration
On Thu, Sep 26, 2013 at 02:52:51PM +0100, Steve Blinkhorn wrote: > I have the need to configure my mail servers to accept remote mail > from company smartphones, which will have unpredictable IP addresses > at any given time. Not a problem, see below. > As I understand it, this is best done using port 587 ... I would recommend to support both port 25 and 587. > ... and a suitably configured imapd, but it is not clear to me whether > stock imapd can do the job. What you really need is SMTP authentication. It however happens that Dovecot, a very good IMAP server, can also be used to add support for SMTP authentication to Postfix, a very good Mail Transport Agent and SMTP server. > I get the impression that I need to build something like > dovecot - but what is the difference between dovecot and dovecot2? I would recommend to build Dovecot 2.x from "pkgsrc/mail/dovecot2". > I guess this is all obvious once you know it, but if there's a "how to > get started with port 587" guide, that would be really helpful. Please refer to the Dovecot wiki or the Postfix documentation for configuration examples: http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL http://www.postfix.org/SASL_README.html#server_dovecot I've got such a setup running on my mail server and it works very well. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: high load, no bottleneck
On Tue, Sep 17, 2013 at 02:30:56PM +, Emmanuel Dreyfus wrote: > On Tue, Sep 17, 2013 at 12:54:59PM +, Emmanuel Dreyfus wrote: > > I have a NFS server that exhibit a high load (20-30) when supporting > > about 30 clients, while there is no apparent bottleneck: low disck > > activity, CPU idle most of the time, plenty of available RAM. > > > > Of course service is crapy, with many timouts. Any hint of what can be > > going on? > > I found the bottleneck. ps does not show it because it happens within > the differen threads of nfsd. DDB tells me that almost all nfsd threads > are waiting on tstile with this backtrace: > > turnstile_block > rw_vector_enter > genfs_lock > VOP_LOCK > vn_lock > vget > ufs_ihashget > ffs_vget > ufs_fhtovp > VFS_FHTOVP > nfsrv_fhtovp > nfsrv_write > nfssvc_nfsd > sys_nfssvc What version of NetBSD is this? Does the local file-system on the NetBSD NFS servers use WAPBL? Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: SoftRAID on amd64
On Fri, Sep 20, 2013 at 07:08:46AM +0200, Achim Dirks wrote: > i would like to set up a Bootable Software RAID on an amd64 Machine > running NetBSD 6.1. On the manpages for raidctl it says that booting > the kernel from a RAID is currently not supported on amd64. That is not true: tron@colwyn:~>uname -srm NetBSD 6.1_STABLE amd64 tron@colwyn:~>sysctl kern.root_device kern.root_device = raid0 > Is this true or is there a slim chance that the manpage is outdated? The manual page is indeed outdated. I've now corrected it. Thanks for the hint -- Matthias Scheler http://zhadum.org.uk/
Re: netbsd-6.1: squid from pkgsrc-2013-Q2 uses too much CPU time
On Sun, Sep 15, 2013 at 08:44:42AM -0700, Hisashi T Fujinaka wrote: > On Sun, 15 Sep 2013, Matthias Scheler wrote: > > >On Sun, Sep 15, 2013 at 01:39:33PM +0200, Adrian Immanuel Kie? wrote: > >>I thank you for your suggestions but testing the DNS time is nonsense > >>because my DNS server runs on another boxen and the IPNAT configuration > >>on this NetBSD boxen works very fine because without the squid proxy I > >>can connect very much faster to the outer world. > > > >You are making the assumption here that the behaviour you observe in > >a browser allows conclusion to Squid's behaviour. > > > >So please humour me and run those two commands. It will only take > >a few seconds. > > There does appear to be something that uses a lot of CPU in squid. I've > just been restarting it several times a day. Okay. > ktrace and what was the other command you wanted him to run? I'll look > into this as well. My commands were related to the big delays in page loads. If you don't experience those it is not related. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: netbsd-6.1: squid from pkgsrc-2013-Q2 uses too much CPU time
On Sun, Sep 15, 2013 at 01:39:33PM +0200, Adrian Immanuel Kieß wrote: > I thank you for your suggestions but testing the DNS time is nonsense > because my DNS server runs on another boxen and the IPNAT configuration > on this NetBSD boxen works very fine because without the squid proxy I > can connect very much faster to the outer world. You are making the assumption here that the behaviour you observe in a browser allows conclusion to Squid's behaviour. So please humour me and run those two commands. It will only take a few seconds. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: netbsd-6.1: squid from pkgsrc-2013-Q2 uses too much CPU time
On Fri, Sep 13, 2013 at 05:22:47AM +0200, Adrian Immanuel Kieß wrote: > I installed the default squid from /usr/pkgsrc/www/squid using > pkgsrc-2013-Q2. Every HTTP webpage request lets squid meditate for > several seconds until the page is served. The network download itself > seems comparatively fast. Can you please run the following two commands and tell us the output? time host -t www.google.com. time host -t a www.google.com. Thanks in advance -- Matthias Scheler http://zhadum.org.uk/
Re: OpenSSL - Any good tutorials (or cook-books) available?
On Sat, Aug 24, 2013 at 01:57:22AM +0200, Jan Danielsson wrote: >I'm guessing that since you want something unfancy, yet are looking > for openssl commands, that you want to generate a CA certificate, a > server key+certificate and tell the server to use them, and then tell > the client to use TLS. Even for an "unfancy" setup you have have certificate created by a trusted CA. StartSSL give out free certificates. Please look here for details: http://www.startssl.com/?app=1 If you use them you only need to create the RSA key and the cert request and submit the later one to them. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: OpenSSL - Any good tutorials (or cook-books) available?
On Sat, Aug 24, 2013 at 08:28:31AM +0100, Patrick Welche wrote: > On Fri, Aug 23, 2013 at 02:10:05PM -0700, Paul Goyette wrote: > > I don't think I need anything fancy, just need to provide a secure > > channel between my local machine(s) and a remote imaps server, so > > that the server can authenticate me without sending a clear-text > > password on the wire. > > > > Suggestions, anyone? > > When talking of IMAP, SASL springs to mind (security/cyrus-sasl) - any > use? Dovecot ("pkgsrc/mail/dovecot2") has SASL support built in and can be used as backend for the Postfix distributed with NetBSD. This combination works very well for me at home. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Poor SSD write performance (new install)
On Tue, Sep 10, 2013 at 05:23:47PM +0100, Justin Cormack wrote: > > You could however try to change the BIOS settings and configure the > > SATA ports to use AHCI mode. > > If Linux is only giving 25MB/s this suggests AHCI is not on, and the > performance will be awful. Or it could mean that Linux knows how to enable AHCI mode if the BIOS didn't do that. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Poor SSD write performance (new install)
On Tue, Sep 10, 2013 at 09:42:40AM +, Nick LaForge wrote: > What is puzzling is: if the performance loss is not likely to be related to > any filesystem implementation / option, one logical hypothesis is that the > partitions are not aligned to 4k blocks, but this has already been > falsified by booting Linux and observing better performance for the exact > same ext2 partition. I'm not sure that NetBSD's ext2 implementation has received as much performance tuning as the ffs file-system. So you are better of comparing NetBSD's ffs to a suitable Linux file-system e.g. ext3 or ext4. > I can only think that the loss of performance is related to the NetBSD > kernel's idea of the entire disk (/dev/wd0). E.g., dma is not being > utilized, or maximum sata data rates are not taken advantage of, etc. This > is also strange, since the machine is not new (it is from 2009). The kernel message you provided suggests that DMA is used: wd0(piixide0:0:0): using PIO mode 4, Ultra-DMA mode 4 (Ultra/66) (using DMA) You could however try to change the BIOS settings and configure the SATA ports to use AHCI mode. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Poor SSD write performance (new install)
On Tue, Sep 10, 2013 at 01:27:57AM +, Nick LaForge wrote: > Specifically, copying large files from a tmpfs mount to home yields only > 40% of that of Linux 3.0.21 on the same machine. This is independent of > the fs mounted in NetBSD (both ffs and ext2 give this result). Have you tried to use "ffs" with the "log" option? Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Slow external USB enclosure with SATA disk
On Wed, Aug 21, 2013 at 08:16:32AM -0700, Andy Ruhl wrote: > I recently bought a USB3 disk enclosure for a SATA disk. I put a disk in > there, and writes are really slow with NetBSD. Less than 1MB/s. I formatted > it normally, I made a NetBSD fdisk partition, then made a disklabel with > just one slice, called sd0a which fills the entire fdisk partition. I tried > formatting with regular ffs and also with -O 2. The format process was > pretty slow for both filesystem types, so I guess the problem is lower down. I suspect that it attaches only in USB 1.1 mode, not in 2.0. Can you please provide the full output of "dmesg" from your system? That should tell us which USB controller it gets connected to. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Problem configuring IPV6 - Kindly help
On Mon, Mar 11, 2013 at 05:29:11PM +, Matthias Scheler wrote: > On Mon, Mar 11, 2013 at 10:36:34PM +0530, Michael David wrote: > > In /etc/rc.conf: I have: *ip6mode=host* > > Correct. Did you reboot the machine after changing this? > > > In /etc/ifconfig.re0: I have:*inet6 2a02:e00::23:a00b:9aff:feed:88ea > > prefixlen 64 alias* > > Why the "alias"? You shouldn't use that for the primary IPv6 address. > You also don't need "prefixlen 64" as it is the default. BTW: can you please try to change the fifth octect from "a00b" to ""? You are setting the multicast bit which shouldn't matter here but might nevertheless. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: tw_cli reports not configured
On Thu, Jan 10, 2013 at 04:06:46PM +, Stephen Borrill wrote: > >>I've been using the FreeBSD binary tw_cli for a number of years. This > >>machine is running 5.1_STABLE from July-ish. I'm sure when I was running > >>an earlier netbsd-5 version it worked fine. > >> > >>backup 1# tw_cli rescan > >> > >>(0x08:0x0006): (0x08:0x0006): Device not configured > >> > >>Segmentation fault (core dumped) > >> > >>ktrace shows a number of these: > >> 11741 1 tw_cli CALL open(0xbfbfd540,2,0xbfbfd948) > >> 11741 1 tw_cli NAMI "/emul/freebsd/dev/twe0" > >> 11741 1 tw_cli NAMI "/dev/twe0" > >> 11741 1 tw_cli RET open -1 errno 6 Device not configured > > > >Is the major number of /dev/twe0 97? > > Thanks :-) > > > backup 1# ls -l /dev/twe0 > crw--- 1 root wheel 146, 0 Jan 10 10:46 /dev/twe0 > backup 2# rm /dev/twe0 > backup 3# cd /dev > backup 4# sh MAKEDEV twe0 > backup 5# ls -l /dev/twe0 > crw--- 1 root wheel 97, 0 Jan 10 16:05 /dev/twe0 > backup 6# tw_cli rescan > Rescanning controller /c0 for units and drives ...Done. > Found the following unit(s): [none]. > Found the following drive(s): [none]. Does the command now actually work for you? Because it doesn't for me under NetBSD/i386 6.0_STABLE even with the correct major number: tron@beaver:/dev#ls -l twe0 crw--- 1 root wheel 97, 0 Mar 11 18:34 twe0 tron@beaver:/dev#tw_cli info c0 u1 Error: (CLI:006) Specified unit does not exist. This command worked fine under NetBSD 5.0 and 5.1. Kind regards -- Matthias Scheler http://zhadum.org.uk/
Re: Problem configuring IPV6 - Kindly help
On Mon, Mar 11, 2013 at 10:36:34PM +0530, Michael David wrote: > In /etc/rc.conf: I have: *ip6mode=host* Correct. Did you reboot the machine after changing this? > In /etc/ifconfig.re0: I have:*inet6 2a02:e00::23:a00b:9aff:feed:88ea > prefixlen 64 alias* Why the "alias"? You shouldn't use that for the primary IPv6 address. You also don't need "prefixlen 64" as it is the default. > where *2a02:e00::23:a00b:9aff:feed:88ea* is the static IP I want to > assign to my server. > > I do not know how to set the IPV6 gateway. This is documented in "man 5 rc.conf". You can e.g. set the variable "defaultroute6" in "/etc/rc.conf". > Everything else works beautifully and I am loving NetBSD so far. Only this > remains. Can you please post your full "/etc/rc.conf", the output of "ifconfig -a" and "netstat -f inet6 -r -n"? Thanks in advance -- Matthias Scheler http://zhadum.org.uk/