Re: backup solution for home FreeBSD server
Robert Huff wrote: I'm looking for an external backup solution for my FreeBSD file server. I want it to be pluggable via USB interface (I'd share it with a couple of servers). I'd also like to be able to move backups to an off-site storage, so external HDD won't probably work for me. My data size is currently about 50G, but I expect it to grow to about 250G. My price range is below $300. Suggestions? Check out Addonics, particularly the Saturn system. I have one of these: http://www.addonics.com/products/Saturn/aeschd.asp Yep, this looks interesting. However, can you say if there is any significant advantage of this Saturn enclosures over standard ones, besides the cyphering feature? Thanks! -- Vlad Skvortsov, [EMAIL PROTECTED], http://vss.73rus.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
lpd refuses to print from a machine with a DHCP assigned IP address...
Hi, My FreeBSD box picks up its IP through DHCP. Now I configured a printer on this machine, using apsfilter. So far so good. Now when I try to print anything, I see the following error in the lpd-errs file: Apr 6 11:00:03 zimbu lpd[1501]: unable to get official name for local machine zimbu.vxindia.veritas.com: hostname nor servname provided, or not known Apr 6 11:00:03 zimbu lpd[1501]: lp: no line printer device or host name Now, if I add an entry for zimbu in /etc/hosts (with the currently assigned IP address), printing works fine. My printcap is: # APS1_BEGIN:printer1 # - don't delete start label for apsfilter printer1 # - no other printer defines between BEGIN and END LABEL lp|sym6fp1|PSgs;r=300x300;q=medium;c=full;p=a4;m=raw:\ :lp=:\ :rm=sym6fp1.vxindia.veritas.com:\ :rp=sym6fp1:\ :if=/usr/local/etc/apsfilter/basedir/bin/apsfilter:\ :sd=/var/spool/lpd/sym6fp1:\ :lf=/var/spool/lpd/sym6fp1/log:\ :af=/var/spool/lpd/sym6fp1/acct:\ :mx#0:\ :sh: # APS1_END - don't delete this sym6fp1.vxindia.veritas.com is the printer host (actually the printer itself, not an host really). Hence, my question is: Is there some tweak either in printcap, or somewhere else that will tell lpd that my IP address is DHCP assigned? Or how do I get printing enabled, without adding such an entry in /etc/hosts.conf? Any help to fix this issue will be appreciated. Thanks in advance! Best, Amarendra ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
On Thu, Apr 05, 2007 at 11:06:44PM -0700, Vlad Skvortsov wrote: Robert Huff wrote: I'm looking for an external backup solution for my FreeBSD file server. I want it to be pluggable via USB interface (I'd share it with a couple of servers). I'd also like to be able to move backups to an off-site storage, so external HDD won't probably work for me. My data size is currently about 50G, but I expect it to grow to about 250G. My price range is below $300. Suggestions? Check out Addonics, particularly the Saturn system. I have one of these: http://www.addonics.com/products/Saturn/aeschd.asp Yep, this looks interesting. However, can you say if there is any significant advantage of this Saturn enclosures over standard ones, besides the cyphering feature? If you want encryption, you can use geli(8). This encrypts the raw disk with AES. I'm using it with my USB backup disk. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpkwDV5uuBm5.pgp Description: PGP signature
Re: backup solution for home FreeBSD server
Roland Smith wrote: http://www.addonics.com/products/Saturn/aeschd.asp Yep, this looks interesting. However, can you say if there is any significant advantage of this Saturn enclosures over standard ones, besides the cyphering feature? If you want encryption, you can use geli(8). This encrypts the raw disk with AES. I'm using it with my USB backup disk. Yes, I'm aware of that. I guess my question was: why did you refer to this particular enclosure? Or you just happen to have this one and this is the reason? -- Vlad Skvortsov, [EMAIL PROTECTED], http://vss.73rus.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
BSDConTR'07 Call for Papers
First Turkish Conference on BSD Systems (BSDConTR'07) Call for Papers October 20 - 21, 2007 Marmara University, Goztepe Istanbul, Turkey Sponsored by endersys Consultancy Ltd. (http://www.endersys.com) We're proud to announce the first Turkish Conference on BSD systems: BSDConTR. Organized in cooperation with Marmara University and EnderUNIX Software Development team, which is largely known as its ongoing support for BSD systems in Turkey, and its open source projects, the conference will be held on October 20-21, 2007 in Goztepe campus of Marmara University, Istanbul, Turkey. FreeBSD core team member Robert Watson will be attending the conference as guest speaker. During the conference, papers will be presented by various BSD users, developers, and companies. If you would like to submit a paper, you can either choose a topic of your own, or you can choose from one of the following: - Kernel Architecture - Interoperatbility with other Operating Systems - Networking - Embedded systems - Device drivers - Commercial uses (hosting, etc.) - Spam Prevention with BSDs - Ports collection - Desktop - Performance Tuning - Security - Programming - E-commerce - Applications of BSD systems on E-devlet projects - System Administration - Raid and high-volume storage - High-performance - Mass Installation - Networking - Cryptography These are just some of the areas that the organization committee would like to see discussed, although any topics relevant to BSD or the community in general are more than welcome. More up-to-date information is always available from the conference website: http://www.bsdcontr.org If you are interested in submitting a paper, please contact papers at bsdcontr.org with a brief information about about your paper no later than September 7th, 2007. Best regards, Organization comittee http://www.bsdcontr.org http://www.enderunix.org -- Murat http://www.enderunix.org/murat/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
Robert Huff wrote: Check out Addonics, particularly the Saturn system. I have one of these: http://www.addonics.com/products/Saturn/aeschd.asp I recommend against buying anything from a company which (a) uses DES, (b) describes it as bullet proof protection, or (c) doesn't explain how they're using it (there are several methods for performing full disk encryption using a block cipher; some are better than others). Colin Percival ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Skype will can't connect.
B H wrote: Paris Jones skrev: Using FreeBSD 6.0 Stable. Using the linux_base-8 port. I would like to try Skype, but the port will only allow me to use ONE of my devices at a time, so my headset can't hear and talk at the same time, I have to manually swich between the headset and speaker device. Have you tried the suggestion you got from Garret Cooper? If your not willing to try the suggestions you get the chances of fixing problems is very small. If my suggestions don't solve your problem, could you provide in greater detail what the issue is that you are experiencing? Thank you, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
John Levine wrote: I'm looking for an external backup solution for my FreeBSD file server. I want it to be pluggable via USB interface (I'd share it with a couple of servers). I'd also like to be able to move backups to an off-site storage, so external HDD won't probably work for me. My data size is currently about 50G, but I expect it to grow to about 250G. My price range is below $300. Get a couple of 150G USB disks. They work great, you can use dump/restore or just pax -r -w to copy stuff to the disks. I'm a big fan of offsite storage, so I actually have three USB disks. I leave two plugged into the computer so it can dump on alternate nights, and put one in my bank safe deposit box. Every week or so I take one of the two disks down to the bank and swap. R's, John Have you also considered tape backup as well as standard disks? Tapes are a bit more expensive, but overall a more static backup / archiving solution than disks. Besides, they're cheaper in the long run from what remember. Cheers, -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Intel® Server Board S5000VSA support
Hello Does FreeBSD 6.2 release support the Intel® Server Board S5000VSA, http://www.intel.com/design/servers/boards/s5000VSA/index.htm with a Xeon 5110 processor. Also is the Intel® Embedded Server RAID Technology II supported. I have done an extensive search and read the release notes but I am unable to determine if there support for this motherboard and processor. Intel say they have Intel® Embedded Server RAID Technology II drivers for Red Hat Enterprise Linux 3.0 and 4.0 and SUSE Linux Enterprise Server 9.0 SP1 ftp://download.intel.com/support/motherboards/server/sb/d29305004_s5000_server_raid_swg.pdf I would prefer to use FreeBSD. Thanks, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Skype will can't connect.
Using FreeBSD 6.0 Stable. Using the linux_base-8 port. I have decided to make a new post about this problem because my old one was very badly written and I am sure no one could figure out my problem. I would like to try Skype, but the port will only allow me to use ONE of my devices at a time, so my headset can't hear and talk at the same time, I have to manually swich between the headset and speaker device. (There is something called DSP hijacker for this which I do not want to mess with.) I thought that perhaps using the linux version would help, I downloaded the linux static tar.gz with QT compiled in, and when I opened it, I was please to find that in the tools section there is an option for both your input and output device. However, I was upset to find out that I could not call or be called in this version. So, do wrap things up, my problem is: When using the linux build of skype, I can not call or be called, I can't even call the voice testing service. My question is: How can I start calling people and be called? Again, I am using FreeBSD 6 and the linux-base-8 port. Any help would be appricated, thanks. -ARCKEDA - No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cardbus problem - no driver attached
Hallo everybody, I have a problem with a ComBlock COM1300 cardbus card http://www.comblock.com/com1300.htm I know this is an uncommon card type and that probably no one has never been working on it, but I need to get this card working on my laptop since I have to work on it for my thesis project. I wrote a driver for this card but I don't know if it works or not becouse a I get a cardbus detection error on booting. Dmesg with all hw.cbb and hw.cardbus debug options enabled gives me this output: cbb0: card inserted: event=0x, state=3821 cbb0: cbb_power: 3V TUPLE: LINKTARGET [3]: 43 49 53 Product version: 5.2 Product name: MSS | COM 1300 | Manufacturer ID: feff0101 TUPLE: Unknown(0x04) [6]: 03 01 00 00 00 00 TUPLE: Unknown(0x05) [11]: c1 39 71 b5 1e 66 76 54 02 a1 03 cardbus0: Opening BAR: type=IO, bar=10, len=0100 cardbus0: Opening BAR: type=MEM, bar=14, len=10 CIS reading done cardbus0: Non-prefetchable memory at 9000-900f cardbus0: IO port at 4000-40ff cardbus0: old, non-VGA display device at device 0.0 (no driver attached) cbb0: cbb_power: 0V Is this problem related to my laptop hardware configuration or is it a driver problem?? other?? What is TUPLE (0x04 o 0x05) problem?? Please, any suggestion is accepted. Tanks in advance. Michele -- Michele Endrici Via carraia 4 - Don - TN tel: 348-7295670 [EMAIL PROTECTED] -- Michele Endrici Via carraia 4 - Don - TN tel: 348-7295670 [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
Jerry McAllister wrote: I noticed one grammatical thing of question. In the first paragraph under Use ssh instead of Telnet or rsh/rlogin it says they should never be used to administrate a machine over a network, I think the word should be 'administer' instead of 'administrate' unless this is some sort of British thing. I know, picky picky, but it just stood out to me as I was reading. 10 years ago you might have been correct. An old dictionary on the shelf does not list administrate. However both modern dictionaries I tried listed it with the same meaning as administer in it's oversee sense. On-line, try, for example, WordNet http://wordnet.princeton.edu/ (web interface: http://wordnet.princeton.edu/perl/webwn). I can find over a dozen references with a google for administrate meaning. I can't find any etymology for this specific (and I would agree, in some sense wrong) form however it is clearly in common usage. Language evolves, not always in ways that everyone likes. Administer is a perfectly good word, and there's no need for administrate to exist. But language skills being what they are, someone looks at administration and it's quite understandable how they get to a verb administrate. C.f compensation, for example. --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail
Spam with randomly generated recipient addresses is draining our mail system's life away, and it seems the easiest way would be to verify the receiving party's/parties' address against Active Directory and then TEMPFAIL any mails that don't have any valid internal mails (rejects would allow directory harvesting to work). Our network has a frontline mail filter system running FreeBSD 6.2, Sendmail, milter-regex, Spam Assassin 3.1.8 and Clam AV, which delivers to our internal Exchange server via a smarthost entry. I would prefer to do the check in a milter, if for no other reason than it removes the need to make unorthodox changes to the sendmail configuration files, and they can also be tested offline before being included in the main sendmail configuration, however the one milter I found the seems to provide what I want, LDAPMAP, doesn't seem to compile under FreeBSD (tried both make and gmake). I found LDAPMAP via this link: http://www.issociate.de/board/post/404279/Sendmail_LDAP_access_milter.html So, have I completely missed a milter in the ports tree that fulfils all my dreams, or am I going to have to get a little more exotic? I found milter-ahead (from Snertsoft), but it's no longer free. I found an article (link below) which suggests a rather hacky seeming solution by using LDAP Routing Maps, but I seem to recall reading posts in the past that said that this was a BAD THING(tm) when used in combination with smarthost delivery. http://groups.google.com.au/group/comp.mail.sendmail/browse_thread/thread/e8 0adc7166005b3c/aa657b332703fe6c%23aa657b332703fe6c Am I going to need to use the hacky solution, or is there a cleaner way? I guess what I am trying to avoid is having to set up a duplicate machine so I can test the hacky solution in isolation (I don't feel my understanding of Sendmail is good enough to quickly fix any problems that arise from hacking the config, and the system is already live). Anyone have any suggestions? Has anyone used the hacked LDAProuting method with smarthost and had it work? Maybe I am going to have to hack something together using milter-cli or py-milter to connect up on SMTP port of the Exchange server and do a HELO, FROM and RCPT and see if the account is valid. Am I missing something basic? Currently, we're very happy with the accuracy of our system, but 80% of the spam that hits our quarantine isn't even addressed to someone in the organisation, thus giving us a pile of cruft to go through that is 5 times as big as it should be. Any help or suggestions are appreciated! Chris Martin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Samba and XP permissions management
Hi, I've setup samba3 in freeBSD with a Stuff share under the user/group bob/bob with permission 770. I've also added an ACL to this dir to allow joe r-x access to the directory as well as ensuring the default ACL is nothing more than rwx for user/group. So far the ACL's in unix work and access appears to be correct when connecting from XP to the samba share. When I create a folder in holidayphotos as user bob from xp in the share the holidayphotos dir has the default permissions drwxrwx---+ gary gary holidayphotos With the ACL been the defaults previously set. This is as expected based on the ACL and smb.conf setup Now I want to allow joe to have read/execute access to the holidayphotos directory. I could do this by logging into the server and using setfacl -m u:joe:rx holidayphotos However, I want to instead be able to simply right click the folder at the time I created it in XP, select properties, go to the security tab click add (or go via advanced) and then add joe to the permissions list. The problem I'm facing is that check names will not accept joe as a valid name. The only way I've been able to do this is to add to the share config in smb.conf admin users = bob; Is there any way to allow bob to add new permissions without this? Without it, bob can only change existing permissions. The reason I'd like to avoid this, is that now when I create files, they're defaulted to root:bob which means I now also have to set inherit owner = yes to ensure new files I create are assigned to bob:bob, this has the side effect that should any other users create files in subfolders, those files are also auto switched to bob:bob However, the biggest reason is that if I joe creates (or has a folder created for him) called joes-photos and joe wishes to allow mandy access to view the directory contents, he is unable to add mandy due to the above check names problem. He would also now have to be an admin of the share, which isn't going to happen. From what I can tell, my options are to always admin ACL permissions via ssh, or not allow users to create folders outside of shares they're admins of, which although possible may be a little more inconvenient. Any alternatives or a config option I've missed? One other quick question regarding ACL. If I create a directory with root:wheel rwxr-x--- testing is there any way to add a user bob with rwx permissions to the ACL of that directory without the wheel group having to change to rwx to prevent bob getting an effective r-x permission? Currently I'm using a dummy group with rwx by default to avoid this. Thanks, Gary ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Sysinstall does not install GENERIC kernel
I found a strange problem while making automatic install disk from official iso 6.2-RELEASE. I've made a custom install.cfg: ## # This is the installation configuration file # Turn on extra debugging. debug=yes nonInteractive=yes # My host specific data hostname=testmachine domainname=test.com nameserver=192.168.50.10 # Which installation device to use mediaSetCDROM # Select which distributions we want. #dists=base bin catpages info manpages ports prof dists=base catpages info manpages proflibs kernel distSetCustom disk=ad0 partition=all bootManager=standard diskPartitionEditor # All sizes are expressed in 512 byte blocks! ad0s1-1=ufs 614400 / ad0s1-2=swap 1048576 none ad0s1-3=ufs 2048 /usr 1 ad0s1-4=ufs 0 /var 1 diskLabelEditor diskLabelCommit # OK, everything is set. Do it! installCommit 3 Then I placed it to prepared iso: gunzip mfsroot.gz mdconfig -a -t vnode -f mfsroot mount /dev/md0 /mnt/floppy cp ~/install.cfg /mnt/floppy umount /mnt/floppy mdconfig -d -u 0 gzip mfsroot Then I created a new bootable iso-image and burnt it to CD-RW. But after installing it on the test machine and after rebooting of that machine the system was unable to boot. Because the /boot/kernel/ directory was empty, no modules, no kernels been in there. Why the sysintsall didn't copy GENERIC kernel to my hard disk?? All distribution was copied but only the kernel and modules weren't. Is it a bug or a feature? And how to fix it? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
pf + ftpd: Socket error (Connection refused)
Hello!
My FreeBSD server (HTTP, SMTP, PF, NAT etc.) is running its native
ftpd along with pf and its ftp-proxy. But after a recent make world,
outsiders could no longer connect to this ftpd:
--- 227 Entering Passive Mode (80,204,208,30,208,212)
Connecting data socket to (80.204.208.30) port 53460
Socket error (Connection refused)
Nor with active mode:
--- 200 PORT command successful.
--- LIST
My server's external interface is 80.204.208.30 (ADSL), and my
internal interface is 192.168.187.1, which connects to my workstation
192.168.187.2.
All works well, except ftpd. My pf.conf was inspired by
http://www.openbsd.org/faq/pf/example1.html
# /etc/pf.conf
ext_if=rl0
int_if=ep0
set block-policy return
set skip on { lo }
scrub in
nat on $ext_if from $int_if:network to any - ($ext_if)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any port 5:5 -
192.168.187.2 port 5:5
block in
pass quick on $int_if
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ($ext_if) port {
21, 22, 25, 53, 80, 110, 113, 143 } keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port 53 keep state
pass in inet proto icmp from any to any keep state
pass in on $ext_if inet proto tcp from any to any port
5:5 keep state
Any suggestions to improve or simplify my ruleset are warmly
welcomed. Ffor instance, why does it need 3 instances of what seems
like the same thing? nat-anchor ftp-proxy/*, rdr-anchor
ftp-proxy/* and then anchor ftp-proxy/*?
# /etc/inetd.conf
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
Thanks a lot for your time.
--Kyrre
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Loading a kernel off a FAT partition
Hi there I am basically trying to load FreeBSD off a FAT partition. First I start up GRUB and then in GRUB select to load /loader off the partition. Loader starts up fine, but here's where the trouble starts. While loader has been loaded perfectly, It doesnt seem to be able to read the FAT partition, even though browsing through the source code I see FAT support in loader and libstand. When i try to load /kernel, it says it can't find it, and attempting an ls results in bad path '' . If i load /loader from a FreeBSD partition with GRUB, everything works peachy. Upon googling the web for more info, i found http://lists.freebsd.org/pipermail/freebsd-hackers/2005-January/010011.html however it seems as if no solution was reached. Any help on the matter would be much appreciated. Federico ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
configuring snmpd when setting up jailed environment
I am trying to make snmpd listen on a specific address for the JAIL HOST(aka physical server) and each jailed environment (aka JAIL). The server is server configured using the ezjail framework. As I read man (8) snmpd, I should be able to do this. I am trying to make the JAIL HOST listen on udp:161 192.168.222.90 and a JAIL to listen on udp:161 192.168.222.91 obviously, each JAIL alias IP would be distinct for each jailed environment. I have edited JAIL HOST /usr/local/etc/snmp/snmpd.conf to include agentaddress udp:161 192.168..90 Where do I profile this? How do I make this work? What am I doing wrong? I am humbly asking for assistance :) Thanks Don === Section: Net-SNMP (8) SNMPD SYNOPSIS snmpd [OPTIONS] [LISTENING ADDRESSES] -x ADDRESS Listens for AgentX connections on the specified address rather than the default /var/agentx/master. The address can either be a Unix domain socket path, or the address of a network interface. The format is the same as the format of listening addresses described below. == some of my notes === JAIL Host hier, separate partition for jails /usr/jails basejail newjail /usr/jails/basejail /usr/jails/newjails I did not modify the ezjail.conf file From JAIL HOST # mount_procfs proc /usr/jails/web/proc From within the JAIL I installed /usr/ports/net-mgmt/net-snmp # make # make install clean mkdir /snmp in /usr/local/etc create snmpd.conf file # cp /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmp/snmpd.conf Made minial changes to snmpd.conf in JAIL Host and JAIL. # sec.name source community # com2sec local localhost public com2sec local 192.168.222.91 public com2sec mynetwork 192.168.222.0/24 public Added to JAIL rc.conf and JAIL HOST rc.conf # vi /usr/jails/web/etc/rc.conf snmpd_enable=YES snmpd_flags=-a snmpd_pidfile=/var/run/snmpd.pid restart the JAIL From JAIL # snmpwalk -c public -u com2sec -v 1 web system This does output allot of expected snmp data EXCEPT that it is listing the data for the JAIL HOST, not the JAIL. # less /var/log/snmpd.log init_kmem: kvm_openfiles failed: /dev/mem: No such file or directory ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
Vlad Skvortsov writes: http://www.addonics.com/products/Saturn/aeschd.asp Yes, I'm aware of that. I guess my question was: why did you refer to this particular enclosure? Or you just happen to have this one and this is the reason? I happen to have this one; it's possible, even likely, similar products are made by others. (As there is no standard nomenclature, finding them by, say, Google was more work than I was willing to do,) And the answer to: can you say if there is any significant advantage of this Saturn enclosures over standard ones, besides the cyphering feature? would be No.. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
Garrett Cooper writes: Have you also considered tape backup as well as standard disks? Tapes are a bit more expensive, but overall a more static backup / archiving solution than disks. Besides, they're cheaper in the long run from what remember. The problem is: tapes are slow; backing up 30 gbytes to a DLT-III used to take 3-4 hours. Or rather the cost of a tape system seems to increase as the square of the transfer speed; a (new) LTO-2 drive will cost $1000+$35/tape. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Virtual Hosting Control Panel
The one I would be a bit afraid of is Plesk... Why? Well first the software is a huge pain if you don't have a hefty support contract with SWSoft. Next... they modified their install method recently. The entire package used to contain precompiled binaries of the basic software required such as MySQL, Apache, etc... if you are a novice then you will run into some issues as they have moved to a ports distributed installation method. Finally... their ports are broken. I spent a day trying to figure out why Horde failed to install the database properly. After a lengthy back and forth with their support it was finally told that their Makefile for two particular ports. I had to modify manually and finally the software installed. Plesk has it's positives... it's pretty, it gives user end a nice interface with options that many other panels might not. Integration of third party software into their install such as Miva Merchant and some php applications make it easy for you to provide little bells and whistles features for web hosting clients. Also the ability to integrate third party billing systems rather than use their HSPComplete is there. At one point when I was with a itty bitty hosting company we had modernbill integrated with the creation utils of Plesk and it made for better client management. But the negatives are sometimes overwhelming. Their gui-fied updating software fails a lot and can cause serious damage that can require you to contact their support which at time is not the quickest to respond. The other issues mainly have to do with administration faults that have to do with tuning specifically with qmail. Their heavily custom install of qmail doesn't allow for much in the way of modification to better tune. We actually produce an in house RedHat/FreeBSD based panel called easyADMIN which allows a lot of flexibility in administration. Where it may not have the same pretty look as Plesk or the other big boys (ensim, cpanel) it makes up for in ease of administration from the web panel and the ability to further tune and expand upon it. If you need to upgrade this or upgrade that, you typically can get away with it. The only requirement under FreeBSD right now is running it using 4.11. We've found 4.11 to be quite stable and reliable. While plans for 6/7 versions are in the works we've had very few issues with 4.11's EOL status. Our other requirement is perl 5.8.0 as the software is dependent on it. With this we've seen very little client complaints... Other things to keep in mind when choosing a control panel are... MTA - is it going to use postfix, qmail, sendmail... which are you the most comfortable when it comes to troubleshooting. If you choose a panel which absolutely requires Exim and you know nothing about it, troubleshooting larger issues which may be costly from the support of the vendor. Most of these companies that are dedicated to virtual hosting control panels rely on the support costs... you are looking at times from 75 - 150 per hour. If you are a person simply running 1 or 2 boxes this may be less than cost efficient. Is it scalable? Some control panels can allow multiple server management from a centralized point. This can be extremely beneficial if your solution grows beyond just one server. There are a ton of other factors, these are just some of my opinions. Apatewna wrote: O/H Apatewna έγραψε: O/H Marc G. Fournier έγραψε: Theres always raqdevil (www/raqdevil http://www.raqdevil.com/) although i'm afraid its BSD not GPL Licenced ;) First thing in favor of it, the BSD license ... second, developed under FreeBSD :) ...third it is abandoned http://www.freshports.org/www/raqdevil *correction* it appears there's a lot of underground work going on for raqdevil, I just googled for it http://www.raqdevil.com/pipermail/raqdevil-commit/2007-March/37.html -- Jay Gordon Unix Systems Administrator DataPipe Managed Hosting Services - What It Means To Be Sure - http://www.datapipe.com Tel: 201.792.1918 x2402 | Fax: 201-792-3090 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: configuring snmpd when setting up jailed environment
I am trying to make snmpd listen on a specific address for the JAIL HOST(aka physical server) and each jailed environment (aka JAIL). The server is server configured using the ezjail framework. As I read man (8) snmpd, I should be able to do this. I am trying to make the JAIL HOST listen on udp:161 192.168.222.90 and a JAIL to listen on udp:161 192.168.222.91 obviously, each JAIL alias IP would be distinct for each jailed environment. I have edited JAIL HOST /usr/local/etc/snmp/snmpd.conf to include agentaddress udp:161 192.168..90 Where do I profile this? How do I make this work? What am I doing wrong? I am humbly asking for assistance :) Thanks Don === Section: Net-SNMP (8) SNMPD SYNOPSIS snmpd [OPTIONS] [LISTENING ADDRESSES] -x ADDRESS Listens for AgentX connections on the specified address rather than the default /var/agentx/master. The address can either be a Unix domain socket path, or the address of a network interface. The format is the same as the format of listening addresses described below. == some of my notes === JAIL Host hier, separate partition for jails /usr/jails basejail newjail /usr/jails/basejail /usr/jails/newjails I did not modify the ezjail.conf file From JAIL HOST # mount_procfs proc /usr/jails/web/proc From within the JAIL I installed /usr/ports/net-mgmt/net-snmp # make # make install clean mkdir /snmp in /usr/local/etc create snmpd.conf file # cp /usr/local/share/snmp/snmpd.conf.example /usr/local/etc/snmp/snmpd.conf Made minial changes to snmpd.conf in JAIL Host and JAIL. # sec.name source community # com2sec local localhost public com2sec local 192.168.222.91 public com2sec mynetwork 192.168.222.0/24 public Added to JAIL rc.conf and JAIL HOST rc.conf # vi /usr/jails/web/etc/rc.conf snmpd_enable=YES snmpd_flags=-a snmpd_pidfile=/var/run/snmpd.pid restart the JAIL From JAIL # snmpwalk -c public -u com2sec -v 1 web system This does output allot of expected snmp data EXCEPT that it is listing the data for the JAIL HOST, not the JAIL. # less /var/log/snmpd.log init_kmem: kvm_openfiles failed: /dev/mem: No such file or directory ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail
Christopher Martin wrote: Spam with randomly generated recipient addresses is draining our mail system's life away, and it seems the easiest way would be to verify the receiving party's/parties' address against Active Directory and then TEMPFAIL any mails that don't have any valid internal mails (rejects would allow directory harvesting to work). Our network has a frontline mail filter system running FreeBSD 6.2, Sendmail, milter-regex, Spam Assassin 3.1.8 and Clam AV, which delivers to our internal Exchange server via a smarthost entry. You don't seem to mention using greylisting-- that will return a 4xx temp failure for all initial connections (except from sites which have been whitelisted). Only if the sender retries will the mail go through-- this works great against dictionary-style attacks. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: lpd refuses to print from a machine with a DHCP assigned IP address...
At 01:16 AM 4/6/2007, Amarendra Godbole wrote: Hi, My FreeBSD box picks up its IP through DHCP. Now I configured a printer on this machine, using apsfilter. So far so good. Now when I try to print anything, I see the following error in the lpd-errs file: Apr 6 11:00:03 zimbu lpd[1501]: unable to get official name for local machine zimbu.vxindia.veritas.com: hostname nor servname provided, or not known Apr 6 11:00:03 zimbu lpd[1501]: lp: no line printer device or host name Now, if I add an entry for zimbu in /etc/hosts (with the currently assigned IP address), printing works fine. My printcap is: # APS1_BEGIN:printer1 # - don't delete start label for apsfilter printer1 # - no other printer defines between BEGIN and END LABEL lp|sym6fp1|PSgs;r=300x300;q=medium;c=full;p=a4;m=raw:\ :lp=:\ :rm=sym6fp1.vxindia.veritas.com:\ :rp=sym6fp1:\ :if=/usr/local/etc/apsfilter/basedir/bin/apsfilter:\ :sd=/var/spool/lpd/sym6fp1:\ :lf=/var/spool/lpd/sym6fp1/log:\ :af=/var/spool/lpd/sym6fp1/acct:\ :mx#0:\ :sh: # APS1_END - don't delete this sym6fp1.vxindia.veritas.com is the printer host (actually the printer itself, not an host really). Hence, my question is: Is there some tweak either in printcap, or somewhere else that will tell lpd that my IP address is DHCP assigned? Or how do I get printing enabled, without adding such an entry in /etc/hosts.conf? Any help to fix this issue will be appreciated. Thanks in advance! Best, Amarendra You don't say if your DHCP IP is a private LAN IP or a public IP. If the IP is public and you don't require direct access to this IP from the internet, put a router in place between your modem and the server and give your server a static private IP. If you do need a public IP on your server, ask your provider for a static IP instead of a DHCP one. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: pf + ftpd: Socket error (Connection refused)
At 14:01 06.04.2007, Kyrre Nygård wrote:
Hello!
My FreeBSD server (HTTP, SMTP, PF, NAT etc.) is
running its native ftpd along with pf and its
ftp-proxy. But after a recent make world,
outsiders could no longer connect to this ftpd:
--- 227 Entering Passive Mode (80,204,208,30,208,212)
Connecting data socket to (80.204.208.30) port 53460
Socket error (Connection refused)
Nor with active mode:
--- 200 PORT command successful.
--- LIST
My server's external interface is 80.204.208.30
(ADSL), and my internal interface is
192.168.187.1, which connects to my workstation 192.168.187.2.
All works well, except ftpd. My pf.conf was
inspired by http://www.openbsd.org/faq/pf/example1.html
# /etc/pf.conf
ext_if=rl0
int_if=ep0
set block-policy return
set skip on { lo }
scrub in
nat on $ext_if from $int_if:network to any - ($ext_if)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021
rdr on $ext_if proto tcp from any to any
port 5:5 - 192.168.187.2 port 5:5
block in
pass quick on $int_if
pass out keep state
anchor ftp-proxy/*
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any
to ($ext_if) port { 21, 22, 25, 53, 80, 110, 113, 143 } keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port 53 keep state
pass in inet proto icmp from any to any keep state
pass in on $ext_if inet proto tcp from any
to any port 5:5 keep state
Any suggestions to improve or simplify my
ruleset are warmly welcomed. Ffor instance, why
does it need 3 instances of what seems like the
same thing? nat-anchor ftp-proxy/*, rdr-anchor
ftp-proxy/* and then anchor ftp-proxy/*?
# /etc/inetd.conf
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
Thanks a lot for your time.
--Kyrre
Problem solved, I just disabled ftp-proxy (guess
I didn't need it) and started forwarding just
5 to 192.168.187.2 instead of the entire
range. 5:5 were my
net.inet.ip.portrange.hifirst and
net.inet.ip.portrange.hilast, so the way things
are now, ftpd has free access to 53334:5, and it seems quite content.
Thanks,
Kyrre
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
update from x86 to amd64
Hi. I want to install i386 fbsd 6.2 on my amd64, because there is not much programs that run properly on amd64 arch. I would like to know if it is posible to update from i386 to amd64 later without loosing information? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
snmpd agent 5.3.1_3 segfault
Hi, I have an snmpd agent installed on FreeBSD 6.2 Sparc64. the version is 5.3.1_3 everytime I want to start it, I have the error: Segmentation fault: 11 (core dumped) gdb snmpd (gdb) run -f -Le -C -DALL Produce a lot of output and end with theses lines: Warning: no access control information configured. It's unlikely this agent can serve any useful purpose in this state. Run snmpconf -g basic_setup to help you configure the snmpd.conf file for this agent. trace: snmp_call_callbacks(): callback.c, 321: callback: calling a callback for maj=0 min=0 trace: build_oid_noalloc(): mib.c, 3589: build_oid_noalloc: generated: .6.95.115.110.109.112.100.12.95.116.114.105.103.103.101.114.70.105.114.101.1 trace: netsnmp_tdata_add_row(): table_tdata.c, 220: tdata_add_row: added row (3f2180) compare:index: compare to compare:index: result was 0 Program received signal SIGSEGV, Segmentation fault. 0x403c58bc in mteObjects_createEntry () from /usr/local/lib/libnetsnmpmibs.so.10 Does somebody have any clue ? Regards Guillaume -- Guillaume E-mail: silencer_at_free-4ever_dot_net Blog: http://guillaume.free-4ever.net Site: http://www.free-4ever.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
On Fri, Apr 06, 2007 at 12:08:04PM +0100, Alex Zbyslaw wrote: Jerry McAllister wrote: I noticed one grammatical thing of question. In the first paragraph under Use ssh instead of Telnet or rsh/rlogin it says they should never be used to administrate a machine over a network, I think the word should be 'administer' instead of 'administrate' unless this is some sort of British thing. I know, picky picky, but it just stood out to me as I was reading. 10 years ago you might have been correct. An old dictionary on the shelf does not list administrate. However both modern dictionaries I tried listed it with the same meaning as administer in it's oversee sense. On-line, try, for example, WordNet http://wordnet.princeton.edu/ (web interface: http://wordnet.princeton.edu/perl/webwn). I can find over a dozen references with a google for administrate meaning. I can't find any etymology for this specific (and I would agree, in some sense wrong) form however it is clearly in common usage. Language evolves, not always in ways that everyone likes. Administer is a perfectly good word, and there's no need for administrate to exist. But language skills being what they are, someone looks at administration and it's quite understandable how they get to a verb administrate. C.f compensation, for example. Geeez, the language is falling apart. I was afraid of that. Why did I ever take 8th grade English and have to learn about verb infinitives when I could have been trying to spy on girls gymn class... jerry --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
On Fri, Apr 06, 2007 at 09:12:11AM -0400, Robert Huff wrote: Garrett Cooper writes: Have you also considered tape backup as well as standard disks? Tapes are a bit more expensive, but overall a more static backup / archiving solution than disks. Besides, they're cheaper in the long run from what remember. The problem is: tapes are slow; backing up 30 gbytes to a DLT-III used to take 3-4 hours. Or rather the cost of a tape system seems to increase as the square of the transfer speed; a (new) LTO-2 drive will cost $1000+$35/tape. LTO is pretty fast, though it doesn't seem to have the fast search that was about the only thing I liked about DAT/DDS tape. But the cost of LTO for a home system is hard to swallow. You could get about a dozen USB drives to rotate for a similar cost. Tapes are nice for archiving or long term storage though. Their data format seems less likely to change over time than disk. jerry Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: backup solution for home FreeBSD server
Get a couple of 150G USB disks. They work great, you can use dump/restore or just pax -r -w to copy stuff to the disks. Have you also considered tape backup as well as standard disks? I used to use DLT tapes, and I looked at AIT before I decided on disks. The disks have a couple of advantages that would be hard to match with tape. One is that the backups are completely unattended; I have two USB drives plugged in at a time, and some little scripts wake up each night, figure out which disk has the least recent backups, delete enough old stuff to make room for a new backup, and then use pax -r -w to make the backup from each of the computers on my LAN. The only manual work I need to do is to swap a drive with the one in my safe deposit box once a week. Also, since they're disks, getting files back from a backup is a snap, just cp them from the most recent backup copy. The three disks together cost under $500, and if I need more backup space, I can just buy some more larger ones. To get approximately the same unattended backups I have with my USB disks I would need an AIT jukebox for about $4000. Getting files back would be much more painful, since I would have to spin through an entire dump or cpio image to find a file. Tapes make sense if you have a vast amount of data, multiple terabytes. You need a lot of terabytes before the cheaper media makes up for the much more expensive drives, and it's still nowhere near as convenient as disks. R's, John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to get best results from FreeBSD-questions
How to get the best results from FreeBSD questions. === Last update $Date: 2005/08/10 02:21:44 $ This is a regular posting to the FreeBSD questions mailing list. If you got it in answer to a message you sent, it means that the sender thinks that at least one of the following things was wrong with your message: - You left out a subject line, or the subject line was not appropriate. - You formatted it in such a way that it was difficult to read. - You asked more than one unrelated question in one message. - You sent out a message with an incorrect date, time or time zone. - You sent out the same message more than once. - You sent an 'unsubscribe' message to FreeBSD-questions. If you have done any of these things, there is a good chance that you will get more than one copy of this message from different people. Read on, and your next message will be more successful. This document is also available on the web at http://www.lemis.com/questions.html. = Contents: I:Introduction II: How to unsubscribe from FreeBSD-questions III: Should I ask -questions or -hackers? IV: How to submit a question to FreeBSD-questions V:How to answer a question to FreeBSD-questions I: Introduction === This is a regular posting aimed to help both those seeking advice from FreeBSD-questions (the newcomers), and also those who answer the questions (the hackers). Note that the term hacker has nothing to do with breaking into other people's computers. The correct term for the latter activity is cracker, but the popular press hasn't found out yet. The FreeBSD hackers disapprove strongly of cracking security, and have nothing to do with it. In the past, there has been some friction which stems from the different viewpoints of the two groups. The newcomers accused the hackers of being arrogant, stuck-up, and unhelpful, while the hackers accused the newcomers of being stupid, unable to read plain English, and expecting everything to be handed to them on a silver platter. Of course, there's an element of truth in both these claims, but for the most part these viewpoints come from a sense of frustration. In this document, I'd like to do something to relieve this frustration and help everybody get better results from FreeBSD-questions. In the following section, I recommend how to submit a question; after that, we'll look at how to answer one. II: How to unsubscribe from FreeBSD-questions == When you subscribed to FreeBSD-questions, you got a welcome message from [EMAIL PROTECTED] In this message, amongst other things, it told you how to unsubscribe. Here's a typical message: Welcome to the freebsd-questions@freebsd.org mailing list! If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lists.freebsd.org/mailman/options/freebsd-questions/[EMAIL PROTECTED] (obviously, substitute your mail address for [EMAIL PROTECTED]). You can also make such adjustments via email by sending a message to: [EMAIL PROTECTED] with the word 'help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. Normally, Mailman will remind you of your freebsd.org mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you. Here's the general information for the list you've subscribed to, in case you don't already have it: FREEBSD-QUESTIONS User questions This is the mailing list for questions about FreeBSD. You should not send how to questions to the technical lists unless you consider the question to be pretty technical. Normally, unsubscribing is even simpler than the message suggests: you don't need to specify your mail ID unless it is different from the one which you specified when you subscribed. If Majordomo replies and tells you (incorrectly) that you're not on the list, this may mean one of two things: 1. You have changed your mail ID since you subscribed. That's where keeping the original message from majordomo comes in handy. For example, the sample message above shows my mail ID as [EMAIL PROTECTED] Since then, I have changed it to [EMAIL PROTECTED] If I were to try to remove [EMAIL PROTECTED] from the list, it would fail: I would have to specify the name with which I joined. 2. You're subscribed to a mailing list which is subscribed to
The Complete FreeBSD: errata and addenda
The trouble with books is that you can't update them the way you can a web page or any other online documentation. The result is that most leading edge computer books are out of date almost before they are printed. Unfortunately, The Complete FreeBSD, published by O'Reilly, is no exception. Inevitably, a number of bugs and changes have surfaced. The Complete FreeBSD has been through a total of five editions, including its predecessor Installing and Running FreeBSD. Two of these have been reprinted with corrections. I maintain a series of errata pages. Start at http://www.lemis.com/errata-4.html to find out how to get the errata information. Note also that the book has now been released for free download in PDF form. Instead of downloading the changed pages, you may prefer to download the entire book. See http://www.lemis.com/grog/Documentation/CFBSD/ for more information. Have you found a problem with the book, or maybe something confusing? Please let me know: I'm no longer constantly updating it, but I may be able to help Greg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: slightly OT - my freebsd email topology
Jonathan Horne wrote:
currently, my email server is just a single box, accepting and sending emails
from and to the internet. spamassassin and sendmail, and so far, it works
satisfactory.
i would like to change it up, so that i have a pair of servers doing MX from the
internet, which then passes to an internal server for delivery. if i do that, i
could remove spamassassin from the internal server, and run it on just the 2
external. all those configurations is really not my issue here... what im
really pondering is how would external servers that are seperate from where the
target mailboxes are, know which addressess are acceptable and which to return a
550?
does anyone have any setups that are similar to this, and could advise me or
point me in the right direction?
thanks,
jonathan
Jonathan,
I do just this, a pair of FreeBSD boxes running Sendmail, SpamAssassin
and ClamAV protecting a single internal box. I use MIMEDefang to do a
lot of the heavy lifting. MIMEDefang provides a facility to check the
to: email address against the server that is the ultimate mail
destination before accepting it for delivery, preventing the border
servers from accepting all email to the domain and then having to try to
deliver bounces to faked/invalid from addresses. I think this is what
you were looking for.
The function I am using to do this in mimedefang-filter is
sub filter_recipient {
my($answer, $explanation) =
md_check_against_smtp_server($sender, $recip,
mx.adomain.co.uk, mailhomes.adomain.co.uk);
# Convert TEMPFAIL to CONTINUE
$answer = 'CONTINUE' if ($answer eq 'TEMPFAIL');
return ($answer, $explanation);
}
MIMEDefang can be found here http://www.mimedefang.org/
HTH,
Charlie
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Virtual Hosting Control Panel
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Friday, April 06, 2007 08:48:08 +0300 Apatewna [EMAIL PROTECTED] wrote: O/H Marc G. Fournier έγραψε: Theres always raqdevil (www/raqdevil http://www.raqdevil.com/) although i'm afraid its BSD not GPL Licenced ;) First thing in favor of it, the BSD license ... second, developed under FreeBSD :) ...third it is abandoned http://www.freshports.org/www/raqdevil RAQdevil is not yet available in the FreeBSD ports collection, but we have a port structure available that can be built as any other FreeBSD port as well as packages. Note that RAQdevil is a work in progress, and there is currently no ``official'' upgrade mechanism and upgrades could break existing configurations (though we will try to not do this). - http://www.raqdevil.com/downloads.html - Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFGFpMt4QvfyHIvDvMRAqmlAJ9ovEOG0LakqjfWl/UbOVS2QXIr/gCdEjSn 4Fi5JthV3aRPOdNl0fu1gJ8= =HbpH -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
What am I not understanding about /etc/exports?
Hello all, My /etc/exports contains: / -alldirs -maproot=root 127.0.0.1 #/usr/src -alldirs -maproot=root 127.0.0.1 192.168.19.1 /usr -alldirs -maproot=root 127.0.0.1 192.168.19.1 /public -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /home -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /cdrom -alldirs,quiet,ro 127.0.0.1 -network 192.168 -mask 255.255.0.0 Yet: mountd[735]: mount request denied from 192.168.19.1 for /usr/ports/distfiles And more recently, lupin% sudo showmount -e earth.cybernude.org RPC: Port mapper failure showmount: can't do exports rpc What's going on? Thanks! -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgp4dzIb3GZPM.pgp Description: PGP signature
creating device node?
A program wants to have access to /dev/tap3 which doesn't exist on my machine. I'm a newbie to FreeBSD running FreeBSD 6 and trying wesside but got stuck with this error message: Can't open tap: ... Any help apreciated! Franz ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: No buffer space available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Friday, April 06, 2007 06:17:04 +0100 Chris [EMAIL PROTECTED] wrote: I am seeing the no buffer space error on a machine running 6.2 STABLE feb 24 code, the machine isn't using gmirror. I had to recude recvspace and sendspace to lower values then I want to get round the problem. 67/1163/1230 mbufs in use (current/cache/total) 65/275/340/65536 mbuf clusters in use (current/cache/total/max) 65/255 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max) 0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 146K/840K/987K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/56/8704 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 20233 requests for I/O initiated by sendfile 7740 calls to protocol drain routines What ethernet driver are you using? In my case, its an fxp device ... trying to see if there is *some* sort of common denominator here :( I just upgraded to the latest kernel last night, to see if maybe a recent commit had a side-effect of fixing it, but won't know anything for another 48 hours or so ... - Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . [EMAIL PROTECTED] MSN . [EMAIL PROTECTED] Yahoo . yscrappy Skype: hub.orgICQ . 7615664 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFGFpJ44QvfyHIvDvMRAny4AKCOVStyCBOi5Pwt5uyelgze3ML/kQCgxqCp 6VZ/f9U4ibx/zahMLWu+Fs0= =U8Y1 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What am I not understanding about /etc/exports?
On 2007-04-06 11:36, David Benfell [EMAIL PROTECTED] wrote: Hello all, My /etc/exports contains: / -alldirs -maproot=root 127.0.0.1 #/usr/src -alldirs -maproot=root 127.0.0.1 192.168.19.1 /usr -alldirs -maproot=root 127.0.0.1 192.168.19.1 /public -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /home -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /cdrom -alldirs,quiet,ro 127.0.0.1 -network 192.168 -mask 255.255.0.0 Yet: mountd[735]: mount request denied from 192.168.19.1 for /usr/ports/distfiles And more recently, lupin% sudo showmount -e earth.cybernude.org RPC: Port mapper failure showmount: can't do exports rpc What's going on? Thanks! Do you have /etc/hosts.allow and /etc/hosts.deny files? If yes, what do they contain? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: creating device node?
At 01:15 PM 4/6/2007, Franz Wegwerf wrote: A program wants to have access to /dev/tap3 which doesn't exist on my machine. I'm a newbie to FreeBSD running FreeBSD 6 and trying wesside but got stuck with this error message: Can't open tap: ... Any help apreciated! Franz In FreeBSD 5.X and beyond the /dev entries are created automatically on bootup. If a device isn't being created check your dmesg that the device is found and properly identified. Some devices may need a kernel change or kernel module loaded. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: update from x86 to amd64
On 4/6/07, freenity [EMAIL PROTECTED] wrote: Hi. I want to install i386 fbsd 6.2 on my amd64, because there is not much programs that run properly on amd64 arch. I would like to know if it is posible to update from i386 to amd64 later without loosing information? As far as I know there is no standard method or update tool to do this. That doesn't mean it is not possible, just that there is nothing to hold your hand through it. If you read the list archives (it may not have been on questions but some other list) there is a sort of howto involving doing a temporary install on your swap partition, booting that, and from the temporary install, installing amd64 binaries and kernel over the real system. -- The biggest problem with communication is the illusion that it has occurred. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Problem with portupgrade
Hello,
I'm running 6.2-RELEASE-p2, SMP, x86.
I get the following error when using portupgrade (on every port, not
just this one):
deimos# portupgrade -PR libmpeg2
[Updating the portsdb format:bdb_btree in /usr/ports ... - 16851
port entries found
{lines cut} . done]
[missing key: categories: Cannot read the portsdb!
database file error
{following some ruby errors regarding the fact that the db can't be
read?!}
In /usr/ports/ i have .portsnap.INDEX, INDEX, INDEX-5, INDEX-6,
INDEX-6.db, and of course the ports folders.
Any idea what i'm doing wrong?
Thanks.
--
Best regards,
Ghirai.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problem with portupgrade
deimos# portupgrade -PR libmpeg2
[Updating the portsdb format:bdb_btree in /usr/ports ... - 16851
port entries found
{lines cut} . done]
[missing key: categories: Cannot read the portsdb!
database file error
{following some ruby errors regarding the fact that the db can't be
read?!}
Try removing (or moving so you have a backup) your
/var/db/pkg/pkgdb.db file, then running pkgdb -u to update/create it.
Josh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[2]: Problem with portupgrade
Hello Josh,
Friday, April 6, 2007, 11:08:02 PM, you wrote:
deimos# portupgrade -PR libmpeg2
[Updating the portsdb format:bdb_btree in /usr/ports ... - 16851
port entries found
{lines cut} . done]
[missing key: categories: Cannot read the portsdb!
database file error
{following some ruby errors regarding the fact that the db can't be
read?!}
Try removing (or moving so you have a backup) your
/var/db/pkg/pkgdb.db file, then running pkgdb -u to update/create it.
Josh
I did that, it recreated the file w/o errors, but i get the same error
message.
--
Best regards,
Ghirai.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: slightly OT - my freebsd email topology
On Thu, 5 Apr 2007, Derek Ragona wrote: At 12:36 PM 4/5/2007, Jonathan Horne wrote: currently, my email server is just a single box, accepting and sending emails from and to the internet. spamassassin and sendmail, and so far, it works satisfactory. i would like to change it up, so that i have a pair of servers doing MX from the internet, which then passes to an internal server for delivery. if i do that, i could remove spamassassin from the internal server, and run it on just the 2 external. all those configurations is really not my issue here... what im really pondering is how would external servers that are seperate from where the target mailboxes are, know which addressess are acceptable and which to return a 550? does anyone have any setups that are similar to this, and could advise me or point me in the right direction? thanks, jonathan Generally you want to filter and bounce mail at the point of origin, so your mail server that first accepts the mail. As long as you have the bandwidth on that server you would spam check, virus check there, bouncing any bad ones. Then forward to your internal server only clean mail for delivery. However unless you have terribly underpowered servers, or a lot of email (like 50,000 messages a day) running on two servers should not be necessary. -Derek Our expedience suggests the number is at least 100,000 before you would see any problems and perhaps, if you have limited bandwidth as we do, that would be your first constraint. We run three mail servers with all customer emails coming to one server. Over the last several months we average about 30,000 messages/day. We have had 4 unusual pikes getting as many as 310,000 messages. This was a DoS attack from several hundred sources. The main problem this caused was slowing down the delivery of valid mail. We had one 90,000 message day in our current configuration that went unnoticed. We now use spamcop and greylisting on the customers server, offering bogofilter backed with spamassassin for users who want content filtering. On our internal server we use spamcop and bogofilter under duress adding duls.dnsbl.sorbs.net when a similar attack filled /var. We forward email for about half of our customers which would sorta be similar to having a mail gateway for these clients. Content filtering for this set has caused more problems than it solves. I hope my experience gives you some guidance. Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re[3]: Problem with portupgrade - SOLVED
Hello Ghirai,
Friday, April 6, 2007, 11:48:29 PM, you wrote:
Hello Josh,
Friday, April 6, 2007, 11:08:02 PM, you wrote:
deimos# portupgrade -PR libmpeg2
[Updating the portsdb format:bdb_btree in /usr/ports ... - 16851
port entries found
{lines cut} . done]
[missing key: categories: Cannot read the portsdb!
database file error
{following some ruby errors regarding the fact that the db can't be
read?!}
Try removing (or moving so you have a backup) your
/var/db/pkg/pkgdb.db file, then running pkgdb -u to update/create it.
Josh
I did that, it recreated the file w/o errors, but i get the same error
message.
I did a make deinstall and a make reinstall for portupgrade, which
bumped the version mumber.
It works now.
Compiling new versions, hopefully everything will turn out ok.
I'll report back.
--
Best regards,
Ghirai.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Should sudo be used?
Jerry McAllister wrote: On Thu, Apr 05, 2007 at 11:28:34AM -0500, Jeremy C. Reed wrote: On Thu, 5 Apr 2007, Kevin Kinsey wrote: I thought I might also mention a potential sudo-shortcoming. :-D See: http://bsdwiki.reedmedia.net/wiki/Recognize_basic_recommended_access_methods.html Where I wrote about a quoting problem that occasionally confuses newbs like me. Finally got around to reading the wiki page. It is good. I noticed one grammatical thing of question. In the first paragraph under Use ssh instead of Telnet or rsh/rlogin it says they should never be used to administrate a machine over a network, I think the word should be 'administer' instead of 'administrate' unless this is some sort of British thing. I know, picky picky, but it just stood out to me as I was reading. I'll look into that. I churned out a lot of text, so if that's all you saw, Jeremy must have had his lucky shirt on. ;-) Also, ;-) nothing would prevent you from signing up and making such a change yourself. I'm sure the book could benefit from your wisdom. Also, although telnet is a hole nowdays for logging in to a system with an id and password for the very reasons you have given, it still has a use. You can use it to easily poke at a port and check the response to see if something is up and working. Of course, in that case you would probably not be sending an id and password, just some common handshaking strings that don't reveal any secrets to anyone. This is really a different issue from what was the OP or the intent of the wiki article, of course. Right; the intent, as I see it, is to pound through people's (potential new *BSD system admins) heads the fact that you don't use telnet for remote logins/remote shell work. KDK -- Rocky's Lemma of Innovation Prevention Unless the results are known in advance, funding agencies will reject the proposal. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Jail is pausing . . Ideas please. . ?
Listers, Currently I am having some strange issues with regard to a jail pausing, hoping someone here might have some ideas. . Here is my Usenet post. . : I am running FreeBSD 6.1-STABLE (SMP), and the the system seems to be pausing. System details: I have da0, da1, da2, da3, each 500GB, I'm also using GEOM_CONCAT to concatenation, amd64 SMP kernel, and 16GB of ram. Running 7 jails, primarily running apache, samba, postfix, pgsql. On what appears to be random occasions (usually several times in 5m) the system seems to pause. For instance, vipw takes 40s to respond, or the smbd which clients use for their mailbox.pst ignores requests from outlook to act on the file. Then moments later it is happy again, and begins working normally. I have been monitoring top while it happens and it appears like it is doing very little. . ie. . last pid: 75014; load averages: 0.00, 0.02, 0.07 up 203+07:20:57 15:24:53 246 processes: 1 running, 244 sleeping, 1 stopped CPU states: 0.0% user, 0.0% nice, 0.2% system, 0.1% interrupt, 99.7% idle Mem: 967M Active, 13G Inact, 320M Wired, 782M Cache, 214M Buf, 569M Free Swap: 4096M Total, 2504K Used, 4093M Free Tried running nice -20 vipw and it still took some time for it to run. Could it be a file locking issue?. . Any thoughts or ideas on further troubleshooting would really be appreciated -- Since that post it actually appears to only be happening in one jail called drzoe. The host system seems to be working properly during these slow downs Other things I've considered: 1) Is there an upper limit to the number of connections a NIC can support? Am I exceeding it? NiC Switches aren't showing any packet loss. 2) Am I running out of IO, to and from the disks? Tried looking at iostat, but I'm exactly sure what a problem would look like. Seems like this wouldn't be jail specific Give it seems to be limited to this jail it seems unlikely to be hardware. . from rc.conf jail_enable=YES jail_list=droutward drinward database drzoe development drimage drmail # Disaster recovery setup for drzoe jail_drzoe_rootdir=/usr/home/drzoe-jail jail_drzoe_hostname=drzoe.mtadistributors.com jail_drzoe_ip=10.0.0.115 jail_drzoe_exec_start=/bin/sh /etc/rc jail_drzoe_exec_stop=/bin/sh /etc/rc.shutdown jail_drzoe_devfs_enable=YES [EMAIL PROTECTED] /]#pkg_info autoconf-2.59_2 Automatically configure source code on many Un*x platforms bash-3.1.10_1 The GNU Project's Bourne Again SHell bsdpan-Filesys-Virtual-0.05 Filesys::Virtual - Perl extension to provide a framework fo bsdpan-Filesys-Virtual-Plain-0.08 Filesys::Virtual::Plain - A Plain virtual filesystem bsdpan-Net-DAV-Server-1.28 Net::DAV::Server - Provide a DAV Server cups-base-1.1.23.0_8 The Common UNIX Printing System: headers, libs, daemons cvsup-without-gui-16.1h_2 General network file distribution system optimized for CVS elinks-0.11.1 Elinks - links text WWW browser with enhancements gettext-0.14.5_1GNU gettext package gmake-3.81_1GNU version of 'make' utility gnutls-1.2.9GNU Transport Layer Security library help2man-1.36.4_1 Automatically generating simple manual pages from program o identify-0.7Client side ident protocol daemon wrapper jbigkit-1.6 Lossless compression for bi-level images such as scanned pa jpeg-6b_3 IJG's jpeg compression utilities libgcrypt-1.2.2 General purpose crypto library based on code used in GnuPG libgpg-error-1.1Common error values for all GnuPG components libiconv-1.9.2_1A character set conversion library m4-1.4.8_1 GNU m4 netpbm-10.26.41 A toolkit for conversion of images between different format p5-Authen-PAM-0.14 A Perl interface to the PAM library p5-Net-SSLeay-1.30_1 Perl5 interface to SSL p5-gettext-1.05_1 Message handling functions pcre-6.6_1 Perl Compatible Regular Expressions library perl-5.8.7_2Practical Extraction and Report Language pkgconfig-0.20 A utility to retrieve information about installed libraries png-1.2.8_3 Library for manipulating PNG images popt-1.7A getopt(3) like library with a number of enhancements, fro portaudit-0.5.10Checks installed ports against a list of security vulnerabi postgresql-client-8.1.4 PostgreSQL database (client) proftpd-1.3.1.r2_3 Highly configurable ftp daemon rsync-2.6.7_1 A network file distribution/synchronization utility samba-2.2.12_2 A free SMB and CIFS client and server for UNIX tiff-3.8.0 Tools and library routines for working with TIFF images unison-2.13.16_1A user-level file synchronization tool usermin-1.220_1 Web-based interface for performing some user tasks vim-lite-7.0.66 Vi workalike, with many additional features (Lite package webmin-1.290Web-based interface for system administration for Unix [EMAIL PROTECTED] /]# portaudit Affected package: gnutls-1.2.9 Type of problem: gnutls -- RSA Signature Forgery
mail server blues
Hello, I have been going nuts trying to get a remote POP/SMTP mail server to work on 6.2-RELEASE. My mx and cnames are hosted at dyndns. I have tried exim, postfix and sendmail along with courier imap as the pop. Is there any good docs that can get me going? I appreciate any help Thank You! Brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Buildworld error
Hey guys, I'm following the handbook to rebuild world. I updated via csup (Supfile: http://pastebin.ca/427631 ) right before I ran make buildworld. Now I'm getting this error: http://pastebin.ca/427605 I just installed the system before doing this, so the /usr/src dir should be fresh. Any ideas? Thanks in advance to everyone. Without IRC and the mailing lists, I would be using Windows ;-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What am I not understanding about /etc/exports?
On Fri, 06 Apr 2007 22:08:50 +0300, Giorgos Keramidas wrote: On 2007-04-06 11:36, David Benfell [EMAIL PROTECTED] wrote: Hello all, My /etc/exports contains: / -alldirs -maproot=root 127.0.0.1 #/usr/src -alldirs -maproot=root 127.0.0.1 192.168.19.1 /usr -alldirs -maproot=root 127.0.0.1 192.168.19.1 /public -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /home -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /cdrom -alldirs,quiet,ro 127.0.0.1 -network 192.168 -mask 255.255.0.0 Yet: mountd[735]: mount request denied from 192.168.19.1 for /usr/ports/distfiles And more recently, lupin% sudo showmount -e earth.cybernude.org RPC: Port mapper failure showmount: can't do exports rpc What's going on? Thanks! Do you have /etc/hosts.allow and /etc/hosts.deny files? I don't actually implement these, so they should essentially be from the default install. I do not have /etc/hosts.deny on either the server or the client. The first attachment is /etc/hosts.allow from the server. The second attachment is /etc/hosts.allow from the client. (Both systems are FreeBSD 6.2 stable, within a little over a week or so.) Thanks! -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). # # hosts.allow access control file for tcp wrapped applications. # $FreeBSD: src/etc/hosts.allow,v 1.19.8.1 2006/02/19 14:57:01 ume Exp $ # # NOTE: The hosts.deny file is deprecated. # Place both 'allow' and 'deny' rules in the hosts.allow file. # See hosts_options(5) for the format of this file. # hosts_access(5) no longer fully applies. #_ _ _ # | | __ __ __ _ _ __ ____ __ | | ___ | | # | _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | | # | |___ | (_| | | | | | | | | |_) | | | | __/ |_| # |_| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_) # |_| # !!! This is an example! You will need to modify it for your specific # !!! requirements! # Start by allowing everything (this prevents the rest of the file # from working, so remove it when you need protection). # The rules here work on a First match wins basis. ALL : ALL : allow # Wrapping sshd(8) is not normally a good idea, but if you # need to do it, here's how #sshd : .evil.cracker.example.com : deny # Protect against simple DNS spoofing attacks by checking that the # forward and reverse records for the remote host match. If a mismatch # occurs, access is denied, and any positive ident response within # 20 seconds is logged. No protection is afforded against DNS poisoning, # IP spoofing or more complicated attacks. Hosts with no reverse DNS # pass this rule. ALL : PARANOID : RFC931 20 : deny # Allow anything from localhost. Note that an IP address (not a host # name) *MUST* be specified for rpcbind(8). ALL : localhost 127.0.0.1 : allow # Comment out next line if you build libwrap with NO_INET6=yes. ALL : [::1] : allow ALL : my.machine.example.com 192.0.2.35 : allow # To use IPv6 addresses you must enclose them in []'s ALL : [fe80::%fxp0]/10 : allow ALL : [fe80::]/10 : deny ALL : [2001:db8:2:1:2:3:4:3fe1] : deny ALL : [2001:db8:2:1::]/64 : allow # Sendmail can help protect you against spammers and relay-rapers sendmail : localhost : allow sendmail : .nice.guy.example.com : allow sendmail : .evil.cracker.example.com : deny sendmail : ALL : allow # Exim is an alternative to sendmail, available in the ports tree exim : localhost : allow exim : .nice.guy.example.com : allow exim : .evil.cracker.example.com : deny exim : ALL : allow # Rpcbind is used for all RPC services; protect your NFS! # (IP addresses rather than hostnames *MUST* be used here) rpcbind : 192.0.2.32/255.255.255.224 : allow rpcbind : 192.0.2.96/255.255.255.224 : allow rpcbind : ALL : deny # NIS master server. Only local nets should have access ypserv : localhost : allow ypserv : .unsafe.my.net.example.com : deny ypserv : .my.net.example.com : allow ypserv : ALL : deny # Provide a small amount of protection for ftpd ftpd : localhost : allow ftpd : .nice.guy.example.com : allow ftpd : .evil.cracker.example.com : deny ftpd : ALL : allow # You need to be clever with finger; do _not_ backfinger!! You can easily # start a finger war. fingerd : ALL \ : spawn (echo Finger. | \ /usr/bin/mail -s tcpd\: [EMAIL PROTECTED] fingered me! root) \ : deny # The rest of the daemons are protected. ALL : ALL \ : severity auth.info \ : twist /bin/echo You are not welcome to use %d from %h. # # hosts.allow access control file for tcp wrapped applications. # $FreeBSD: src/etc/hosts.allow,v 1.19.8.1 2006/02/19 14:57:01 ume Exp $ # # NOTE: The hosts.deny file is deprecated. # Place both 'allow' and 'deny' rules in the
Re: You have been unsubscribed from the freebsd-questions mailing list
It takes months to find new users, but only seconds to lose one... the good news is that we should run out of them in no time. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What am I not understanding about /etc/exports?
On 2007-04-06 15:26, David Benfell [EMAIL PROTECTED] wrote: On Fri, 06 Apr 2007 22:08:50 +0300, Giorgos Keramidas wrote: On 2007-04-06 11:36, David Benfell [EMAIL PROTECTED] wrote: Hello all, My /etc/exports contains: / -alldirs -maproot=root 127.0.0.1 #/usr/src -alldirs -maproot=root 127.0.0.1 192.168.19.1 /usr -alldirs -maproot=root 127.0.0.1 192.168.19.1 /public -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /home -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /cdrom -alldirs,quiet,ro 127.0.0.1 -network 192.168 -mask 255.255.0.0 Yet: mountd[735]: mount request denied from 192.168.19.1 for /usr/ports/distfiles Do you have /etc/hosts.allow and /etc/hosts.deny files? I don't actually implement these, so they should essentially be from the default install. I do not have /etc/hosts.deny on either the server or the client. The first attachment is /etc/hosts.allow from the server. The server's `hosts.allow' file needs a bit of configuration: # hosts.allow access control file for tcp wrapped applications. # $FreeBSD: src/etc/hosts.allow,v 1.19.8.1 2006/02/19 14:57:01 ume Exp $ [...] # Allow anything from localhost. Note that an IP address (not a host # name) *MUST* be specified for rpcbind(8). ALL : localhost 127.0.0.1 : allow The 127.0.0.1 address above allows rpcbind (and other RPC-based services) to work for localhost - localhost connections. # Rpcbind is used for all RPC services; protect your NFS! # (IP addresses rather than hostnames *MUST* be used here) rpcbind : 192.0.2.32/255.255.255.224 : allow rpcbind : 192.0.2.96/255.255.255.224 : allow rpcbind : ALL : deny These rules allow rpcbind to work for hosts in the IP ranges matching the first two lines. To allow NFS mounts to work correctly from hosts in the IP ranges 192.168.18.XXX, 192.168.19.XXX listed in your /etc/exports file, you will have to extend the list of addressed permitted for 'rpcbind'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
send email with mail command
Hello, I tested the mail command in console and my question is, it is possible to indicate the MAIL FROM: [EMAIL PROTECTED] ? Thank you :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
locking down scsi device id's in 6.2
Hello, I've got a situation where three devices, one a scsi tape drive and the other two ide burners under scsi emulation with atapicam are fighting for scsi id's and i'd like to lock them down to specific id's. When the tape drive isn't plugged in the burners get 000 and 010 scsi ids, but when the tape goes in it takes 050 and the burners are on bus2 200 and 210 respectively. I hope this makes sense. I've been over loader and device.hints as well and i'm lost. I'd appreciate any info on this. Thanks. Dave. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: update from x86 to amd64
On Fri, 6 Apr 2007 12:11:59 -0300 freenity [EMAIL PROTECTED] wrote: Hi. I want to install i386 fbsd 6.2 on my amd64, because there is not much programs that run properly on amd64 arch. I would like to know if it is posible to update from i386 to amd64 later without loosing information? Will you every have 4Gb or more of memory on the machine? If the answer is no, there is no compelling reason to ever go to amd64. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Fontconfig question... .
When I fire up mozilla, firefox, OO-2.1.0, and whatever else,
I'll see this to stdout:
pe 16:37 tao [5433] mozilla
Fontconfig warning: no cachedir elements found. Check configuration.
Fontconfig warning: adding cachedir/var/db/fontconfig/cachedir
Fontconfig warning: adding cachedir~/.fontconfig/cachedir
I've got a seriously old, severely cheep CD with 1500 fonts, plus
hundreds more I've gleaned that are free. I've clicked around on
firefox and mozilla but have no idea how to find, much less:
Check configuration.
I've read the html in /usr/X11R6/share/doc/fonconfig, but don't
see any {/usr/local}/etc/fonts directory. [???]
Can anybody clue me in?
gary
--
Gary Kline [EMAIL PROTECTED] www.thought.org Public Service Unix
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Monitoring tool for Compaq Smart Array 5300
Date: Thu, 5 Apr 2007 10:34:15 +0200 From: Valerio Daelli [EMAIL PROTECTED] Subject: Monitoring tool for Compaq Smart Array 5300 To: freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi we would like to monitor the status of a Compaq Smart Array 5300 installed on a HP Proliant DL360. Is there any tool for FreeBSD 6.2? Thanks for the help Valerio Daelli camcontrol is a first-order tool. Not much detail, but it will tell you whether the array is OK or something other than OK. # camcontrol inquiry da0 pass0: COMPAQ RAID 1 VOLUME OK Fixed Direct Access SCSI-0 device pass0: 135.168MB/s transfers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[Fwd: Intel® Server Board S5000VSA support]
Original Message Subject:Intel® Server Board S5000VSA support Date: Fri, 06 Apr 2007 17:57:56 +1000 From: Ivan Carey [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: freebsd-questions@freebsd.org Hello Does FreeBSD 6.2 release support the Intel® Server Board S5000VSA, http://www.intel.com/design/servers/boards/s5000VSA/index.htm with a Xeon 5110 processor. Also is the Intel® Embedded Server RAID Technology II supported. I have done an extensive search and read the release notes but I am unable to determine if there support for this motherboard and processor. Intel say they have Intel® Embedded Server RAID Technology II drivers for Red Hat Enterprise Linux 3.0 and 4.0 and SUSE Linux Enterprise Server 9.0 SP1 ftp://download.intel.com/support/motherboards/server/sb/d29305004_s5000_server_raid_swg.pdf I would prefer to use FreeBSD. Thanks, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Intel® Server Board S5000VSA support
Hello Does FreeBSD 6.2 release support the Intel® Server Board S5000VSA, http://www.intel.com/design/servers/boards/s5000VSA/index.htm with a Xeon 5110 processor. Also is the Intel® Embedded Server RAID Technology II supported. I have done an extensive search and read the release notes but I am unable to determine if there support for this motherboard and processor. Intel say they have Intel® Embedded Server RAID Technology II drivers for Red Hat Enterprise Linux 3.0 and 4.0 and SUSE Linux Enterprise Server 9.0 SP1 ftp://download.intel.com/support/motherboards/server/sb/d29305004_s5000_server_raid_swg.pdf I would prefer to use FreeBSD. Thanks, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: send email with mail command
Olivier Regnier wrote: Hello, I tested the mail command in console and my question is, it is possible to indicate the MAIL FROM: [EMAIL PROTECTED] ? Thank you :) Not sure about mail(1); manpage says environment variable REPLYTO is honored; you might try to modify the headers to add the -f [EMAIL PROTECTED] switch. That said, I have EMAIL defined here because mutt's manpage says it can be used for exactly what you are asking about, and plain mail(1) seems to honor that in a local test. You might give it a try; either define it in your shell resource scripts or your ~/.mailrc. BTW, if you're wanting to use mail from console, I'd recommend mutt over mail(1) any day of the week, unless you have some mitigating circumstance HTH, Kevin Kinsey -- One difference between a man and a machine is that a machine is quiet when well oiled. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
some thoughts about gmirror
Hi, Currently I am using gmirror and ggated to run a live network mirror. Obviously this can cause problems if the server exporting the 'backup' device is offline then the mirror is broken - when the machines reconnect a full mirror sync takes place. This is fine over gbit crossover and if the size of the mirror is only a few 100Gb. Is it feasible that when the connection to one of the mirror devices breaks gmirror starts to log the changes to the mirror (obviously you would need to configure up this mirror device as a 'lazy' mirror member with a spare local device to write the changes to) - when the machines reconnect gmirror would only then have to sync the actual changes. This is sort of achieves a similar result to Live Network Backup on NetBSD (http://kerneltrap.org/node/5058). It could be used for laptop users mirroring their whole drive, allowing a fast sync when they are on their local lan and should the laptop get lost it would be possible to restore the whole machine with a simple dd. If they were using a usb key as the device to log the changes while they were disconnected from the network and they remember to unplug/plug this each time they use the laptop then it could even be possible to recover the data to the point they actually lost the machine. It could also be used for asynchronous mirrors over slow links, if the log device was always written to first then the write latency for long distant links could be removed. Im not sure if it would be possible to achieve this using just a modified ggatec instead which has a local device used as a write cache. Mike. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server blues
go with qmail... it rocks http://www.qmailrocks.org/ it's a damn good mta. Jay Gordon Unix Systems Administrator DataPipe Managed Hosting Services - What It Means To Be Sure - [EMAIL PROTECTED] | http://www.datapipe.com Tel: 201.792.1918 x2402 | Fax: 201-792-3090 -Original Message- From: [EMAIL PROTECTED] on behalf of Brian Hartley Sent: Fri 4/6/2007 5:36 PM To: freebsd-questions@FreeBSD.ORG Subject: mail server blues Hello, I have been going nuts trying to get a remote POP/SMTP mail server to work on 6.2-RELEASE. My mx and cnames are hosted at dyndns. I have tried exim, postfix and sendmail along with courier imap as the pop. Is there any good docs that can get me going? I appreciate any help Thank You! Brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server blues
On 2007-04-06 20:31, Jay Gordon [EMAIL PROTECTED] wrote: Brian Hartley wrote: Hello, I have been going nuts trying to get a remote POP/SMTP mail server to work on 6.2-RELEASE. My mx and cnames are hosted at dyndns. I have tried exim, postfix and sendmail along with courier imap as the pop. Is there any good docs that can get me going? I appreciate any help go with qmail... it rocks http://www.qmailrocks.org/ it's a damn good mta. I don't think qmail is a silver bullet that can solve anyone's problems, even it it rocked. What the original poster needs is someone with enough ``MTA-foo'' to design a mail system which can satisfy his needs of an email pop server. Brian, are you the one who should install the POP/SMTP mail server? FreeBSD 6.2-RELEASE along with any one of the MTAs mentioned above (Sendmail, Postfix, Exim or qmail, coupled with an IMAP/POP) can work pretty well as an SMTP gateway and IMAP or POP server. There's no single, One True Reference(TM) which can help you along the steps of installing an arbitrary combination of the software you are planning to install, mostly because there are so many combinations it's literally impossible to describe all of them in one document. But if you have already tried *some* combination, as you said, and you have problems making it work, you can always start by describing to the list what you are trying to do, what steps you took to make it happen, and what went wrong. Then we can work through the details of your particular setup, until what is broken is fixed. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: mail server blues
Agreed... in a worst case situation if you incapable of configuring it due to inexperience or just plain out not getting it, there are some pre-built freebsd mail software solutions that provide mta, pop/imap and gui interfaces like plesk, cpanel, ensim or even atmail. if you are brave and wanna DIY it... first decide what your needs are. do you need a system with ease of administration... are you going to have a large amount of users? do users need to be able to have access to webmail? an administration web based panel for adding autoresponders and the like? with the different mta's you have tried... what exactly went wrong? Jay Gordon Unix Systems Administrator DataPipe Managed Hosting Services - What It Means To Be Sure - [EMAIL PROTECTED] | http://www.datapipe.com Tel: 201.792.1918 x2402 | Fax: 201-792-3090 -Original Message- From: Giorgos Keramidas [mailto:[EMAIL PROTECTED] Sent: Fri 4/6/2007 8:53 PM To: Jay Gordon Cc: Brian Hartley; freebsd-questions@freebsd.org Subject: Re: mail server blues On 2007-04-06 20:31, Jay Gordon [EMAIL PROTECTED] wrote: Brian Hartley wrote: Hello, I have been going nuts trying to get a remote POP/SMTP mail server to work on 6.2-RELEASE. My mx and cnames are hosted at dyndns. I have tried exim, postfix and sendmail along with courier imap as the pop. Is there any good docs that can get me going? I appreciate any help go with qmail... it rocks http://www.qmailrocks.org/ it's a damn good mta. I don't think qmail is a silver bullet that can solve anyone's problems, even it it rocked. What the original poster needs is someone with enough ``MTA-foo'' to design a mail system which can satisfy his needs of an email pop server. Brian, are you the one who should install the POP/SMTP mail server? FreeBSD 6.2-RELEASE along with any one of the MTAs mentioned above (Sendmail, Postfix, Exim or qmail, coupled with an IMAP/POP) can work pretty well as an SMTP gateway and IMAP or POP server. There's no single, One True Reference(TM) which can help you along the steps of installing an arbitrary combination of the software you are planning to install, mostly because there are so many combinations it's literally impossible to describe all of them in one document. But if you have already tried *some* combination, as you said, and you have problems making it work, you can always start by describing to the list what you are trying to do, what steps you took to make it happen, and what went wrong. Then we can work through the details of your particular setup, until what is broken is fixed. - Giorgos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: mail server blues
go with qmail... it rocks I entirely agree. http://www.qmailrocks.org/ That uses way too many dodgy patches, as does the qmail port in the ports tree. I've been meaning to add a less overpatched port for netqmail, but in the meantime, you might want to get the O'Reilly qmail book and follow its installation advice. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of The Internet for Dummies, Information Superhighwayman wanna-be, http://www.johnlevine.com More Wiener schnitzel, please, said Tom, revealingly. PS: Look at the cover of the book, and you'll know why I think so highly of it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
atacontrol rebuild on non-identical disks
We have a (very) remote FreeBSD 5.5-RELEASE system running on Asus RS120 hardware and historically configured with 2 identical SATA drives using atacontrol RAID1 and the system installed on ar0. One of the drives has died, however no identical replacement drive could be easily sourced at the remote location. So, attempting to get things back to normal RAID1 operation as quickly as possible we have tried a same size but non-identical drive and attempted an atacontrol rebuild. However, this is stuck indefinitely at 0% rebuild progess. While I'm aware that some RAID1 mechanisms e.g. CCD seem to insist on identical disks, the documentation isn't so clear on ATA and I figured it was worth a try. Does anyone know if it is possible to overcome the non-identical disk issue and allow ata RAID1 to work again? I've also considered keeping the current ar0 setup on the single working disk and setting up a gmirror RAID1 copy on the second disk would work. Current config info is as follows: From atacontrol list: ATA channel 2: Master: ad4 WDC WD2000JD-00HBB0/08.02D08 Serial ATA v1.0 ATA channel 3: Master: ad6 HDT722525DLA380/V44OA9BA Serial ATA v1.0 From the permanently going nowhere rebuild output of atacontrol status: ar0: ATA RAID1 subdisks: ad4 ad6 status: REBUILDING 0% completed The WDC WD2000JD on ad4 is the functional system drive and orignial member of the RAID1 array. ad6 is the new spare and presumably is completely blank still at this stage. I realise that sourcing an identical drive is probably the right (or at least easy) answer. The original drives (WDC WD2000JD on ad4) are still available for purchase, just not anywhere near where the machine lives - so getting a replacement drive would be a logistically difficult and time-consuming exercise. Thanks, JS ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Skype can't connect. (All the data inside!)
I would first like to say sorry Garret, my previous questions were not in good detail. FREEBSD 6.0 STABLE Using the linux_base-8 port. --I am using a USB headset, but have also tried one that plugs directly into my microphone and speaker slots on my computer. Now, since my USB headset will input sound from one device, and output from another, I am in a little problem. here is a picture of the options for headset in the skype port: http://www.arckeda.org/Skype_port.png As you can see, there is only one device I can use for my headset, (there is supposed to be a program called DSP highjacker for this, but I would think that there would be a better way.) Now, I downloaded the Linux static binary with QT compiled in from the skype website (www.skype.com) and tried it on my computer, if I go into the options in that one, I see this: http://www.arckeda.org/Skype_native.png You may want to know why I am even writing this if I can just use the Linux Skype, well, I am writing this because the Linux build will not let me call anyone: http://www.arckeda.org/Skype_native_cant_call.png it will just keep saying connecting, and nothing ever happens, I can however see who is online at the moment: http://www.arckeda.org/Skype_native_can_see.png So, my question is, how can I either make the Skype port let me use two devices or, allow the Linux Skype to let me call people and receive calls. I think that about sums it up. Thank you. -ARCKEDA - Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
resolve.cong
hi, my computer gets DHCP IP from my router, and also writes my resolve.confin my /etc by dhclient (as I learned from the handbook). It writes search hsd1.md.comcast.net. and nameserver 192.168.0.1 in the resolve.conf. I found this is not very efficient. Once I put nameserver 68.87.73.242 (which is actually copied from the router status), my network works better. But since dhclient keeps change the conf file back to the way it was, Is there anyway i can make dhclient writes down this line?? thank you!! TFC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: resolve.cong
On Friday 06 April 2007, Tsu-Fan Cheng said:
hi,
my computer gets DHCP IP from my router, and also writes my
resolve.confin my /etc by dhclient (as I learned from the
handbook). It writes search
hsd1.md.comcast.net. and nameserver 192.168.0.1 in the
resolve.conf. I found this is not very efficient. Once I put
nameserver 68.87.73.242 (which is actually copied from the router
status), my network works better. But since dhclient keeps change
the conf file back to the way it was, Is there anyway i can make
dhclient writes down this line?? thank you!!
TFC
Put the following into /etc/dhclient.conf changing the interface to
yours:
interface ath0 {
supersede domain-name-servers 68.87.73.242;
}
See man(5) dhclient.conf for more options.
Beech
--
---
Beech Rintoul - Port Maintainer - [EMAIL PROTECTED]
/\ ASCII Ribbon Campaign | FreeBSD Since 4.x
\ / - NO HTML/RTF in e-mail | http://www.freebsd.org
X - NO Word docs in e-mail | Latest Release:
/ \ - http://www.freebsd.org/releases/6.2R/announce.html
---
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Slow write with EADDR
Doing a write with a NULL pointer takes surprisingly long to return
with an EADDR error. A short write to a file typically takes 4 uS,
but a write with a NULL pointer seems to take 1000 - 2000 uS. This is
on a 3 GHz dual Xeon running 5.4-RELEASE-p12. I don't get the same
behavior on 6.2-PRERELEASE. I wonder what it could be doing all that
time?
Here's a ktrace showing it:
4126 t_slow_write 1175913192.425918 CALL open(0x804873d,0x201,0x1ff)
4126 t_slow_write 1175913192.425934 NAMI t_slow_write.out
4126 t_slow_write 1175913192.425950 RET open 3
4126 t_slow_write 1175913192.425963 CALL write(0x3,0xbfbfea9c,0x100)
4126 t_slow_write 1175913192.425988 GIO fd 3 wrote 256 bytes
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
4126 t_slow_write 1175913192.425993 RET write 256/0x100
4126 t_slow_write 1175913192.425998 CALL write(0x3,0,0x100)
4126 t_slow_write 1175913192.427442 RET write -1 errno 14 Bad
address
4126 t_slow_write 1175913192.427503 CALL write(0x3,0xbfbfea9c,0x100)
4126 t_slow_write 1175913192.427518 GIO fd 3 wrote 256 bytes
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
4126 t_slow_write 1175913192.427520 RET write 256/0x100
4126 t_slow_write 1175913192.427526 CALL write(0x3,0,0x100)
4126 t_slow_write 1175913192.429024 RET write -1 errno 14 Bad
address
4126 t_slow_write 1175913192.429042 CALL write(0x3,0xbfbfea9c,0x100)
4126 t_slow_write 1175913192.429068 GIO fd 3 wrote 256 bytes
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
4126 t_slow_write 1175913192.429070 RET write 256/0x100
4126 t_slow_write 1175913192.429076 CALL write(0x3,0,0x100)
4126 t_slow_write 1175913192.430560 RET write -1 errno 14 Bad
address
4126 t_slow_write 1175913192.430571 CALL write(0x3,0xbfbfea9c,0x100)
4126 t_slow_write 1175913192.430586 GIO fd 3 wrote 256 bytes
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
4126 t_slow_write 1175913192.430588 RET write 256/0x100
4126 t_slow_write 1175913192.430593 CALL write(0x3,0,0x100)
4126 t_slow_write 1175913192.432443 RET write -1 errno 14 Bad
address
4126 t_slow_write 1175913192.432453 CALL write(0x3,0xbfbfea9c,0x100)
4126 t_slow_write 1175913192.432468 GIO fd 3 wrote 256 bytes
\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
4126 t_slow_write 1175913192.432470 RET write 256/0x100
4126 t_slow_write 1175913192.432475 CALL write(0x3,0,0x100)
4126 t_slow_write 1175913192.433958 RET write -1 errno 14 Bad
address
4126 t_slow_write 1175913192.433977 CALL close(0x3)
4126 t_slow_write 1175913192.433998 RET close 0
4126 t_slow_write 1175913192.434047 CALL exit(0)
Here's the little program to demo it:
--
#include stdlib.h
#include stdio.h
#include unistd.h
#include fcntl.h
#include string.h
int main()
{
int fd,i;
char buf[256];
fd=open(t_slow_write.out, O_WRONLY|O_CREAT, 0777);
memset(buf, 0, sizeof(buf));
for (i=0; i5; i++) {
write(fd, buf, 256);
write(fd, NULL, 256);
}
close(fd);
}
--
Compile with gcc -o t_slow_write t_slow_write.c
--
Trevor Blackwell [EMAIL PROTECTED]http://tlb.org 650 776 7870
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What am I not understanding about /etc/exports?
On Sat, 07 Apr 2007 01:56:41 +0300, Giorgos Keramidas wrote: On 2007-04-06 15:26, David Benfell [EMAIL PROTECTED] wrote: On Fri, 06 Apr 2007 22:08:50 +0300, Giorgos Keramidas wrote: On 2007-04-06 11:36, David Benfell [EMAIL PROTECTED] wrote: Hello all, My /etc/exports contains: / -alldirs -maproot=root 127.0.0.1 #/usr/src -alldirs -maproot=root 127.0.0.1 192.168.19.1 /usr -alldirs -maproot=root 127.0.0.1 192.168.19.1 /public -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /home -alldirs -maproot=root 127.0.0.1 192.168.18.45 192.168.18.46 192.168.19.1 /cdrom -alldirs,quiet,ro 127.0.0.1 -network 192.168 -mask 255.255.0.0 Yet: mountd[735]: mount request denied from 192.168.19.1 for /usr/ports/distfiles Do you have /etc/hosts.allow and /etc/hosts.deny files? I don't actually implement these, so they should essentially be from the default install. I do not have /etc/hosts.deny on either the server or the client. The first attachment is /etc/hosts.allow from the server. The server's `hosts.allow' file needs a bit of configuration: # hosts.allow access control file for tcp wrapped applications. # $FreeBSD: src/etc/hosts.allow,v 1.19.8.1 2006/02/19 14:57:01 ume Exp $ [...] # Allow anything from localhost. Note that an IP address (not a host # name) *MUST* be specified for rpcbind(8). ALL : localhost 127.0.0.1 : allow The 127.0.0.1 address above allows rpcbind (and other RPC-based services) to work for localhost - localhost connections. # Rpcbind is used for all RPC services; protect your NFS! # (IP addresses rather than hostnames *MUST* be used here) rpcbind : 192.0.2.32/255.255.255.224 : allow rpcbind : 192.0.2.96/255.255.255.224 : allow rpcbind : ALL : deny These rules allow rpcbind to work for hosts in the IP ranges matching the first two lines. To allow NFS mounts to work correctly from hosts in the IP ranges 192.168.18.XXX, 192.168.19.XXX listed in your /etc/exports file, you will have to extend the list of addressed permitted for 'rpcbind'. I'd definitely missed that. Unfortunately, correcting it (both on client and server) seems to have made no difference. I still have the same symptoms, as if I need to send a HUP signal someplace (but if this is true, then where?). Thanks! -- David Benfell, LCP [EMAIL PROTECTED] --- Resume available at http://www.parts-unknown.org/ NOTE: I sign all messages with GnuPG (0DD1D1E3). pgpaKv227wTnH.pgp Description: PGP signature
Re: slightly OT - my freebsd email topology
Derek Ragona wrote: At 12:36 PM 4/5/2007, Jonathan Horne wrote: currently, my email server is just a single box, accepting and sending emails from and to the internet. spamassassin and sendmail, and so far, it works satisfactory. i would like to change it up, so that i have a pair of servers doing MX from the internet, which then passes to an internal server for delivery. if i do that, i could remove spamassassin from the internal server, and run it on just the 2 external. all those configurations is really not my issue here... what im really pondering is how would external servers that are seperate from where the target mailboxes are, know which addressess are acceptable and which to return a 550? does anyone have any setups that are similar to this, and could advise me or point me in the right direction? thanks, jonathan Generally you want to filter and bounce mail at the point of origin, so your mail server that first accepts the mail. As long as you have the bandwidth on that server you would spam check, virus check there, bouncing any bad ones. Then forward to your internal server only clean mail for delivery. Bounces generate backscatters. The idea is to filter and *reject* (instead of bouncing) at the point of origin. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail
Christopher Martin wrote: Spam with randomly generated recipient addresses is draining our mail system's life away, and it seems the easiest way would be to verify the receiving party's/parties' address against Active Directory and then TEMPFAIL any mails that don't have any valid internal mails (rejects would allow directory harvesting to work). [ trim ] Anyone have any suggestions? Has anyone used the hacked LDAProuting method with smarthost and had it work? Maybe I am going to have to hack something together using milter-cli or py-milter to connect up on SMTP port of the Exchange server and do a HELO, FROM and RCPT and see if the account is valid. Am I missing something basic? Currently, we're very happy with the accuracy of our system, but 80% of the spam that hits our quarantine isn't even addressed to someone in the organisation, thus giving us a pile of cruft to go through that is 5 times as big as it should be. Any help or suggestions are appreciated! You could use /usr/ports/mail/mimedefang (www.mimedefang.org) miltered into your sendmail. Sorta like py-milter but in perl. The simplest, quickest and dirtiest solution would be to feed a list of valid recipients into mimedefang and let it accept or reject incoming mail. Then it is a matter of finding a way to keep the list up to date. Or, instead of feeding mimedefang with a list, you could instruct it to poll your internal mail server like you already suggested. For a long term solution I prefer storing aliases, maps, etc. in LDAP. I hope this helps. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
