Re: Stop SMTP attack with pam_abl

2013-06-04 Thread Lena
 I have different sendmail based servers deployed and all of them are, 
 more or less frequently, subject to dictionary attacks.

 P.S. I'm not sticking with pam_abl if a better solution exists...

In Exim this can be done without separate software,
just with additions to config:
https://github.com/Exim/exim/wiki/BlockCracking
(this blocks both using stolen passwords and dictionary attacks).
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: cannot ftp using proxy

2013-06-04 Thread vadims
I found that environment variables was set trought /etc/login.conf, like 
this:

root:\
:ignorenologin:\

:setenv=http_proxy=http\c//myproxy\c8080,ftp_proxy=http\c//myproxy\c8080:\
:tc=default:

After cutting setenv part in login.conf and setting proxy in .cshrc, 
I can ftp using proxy.


Thank you for help!
VS.

On Mon, 3 Jun 2013, Lawrence K. Chen, P.Eng. wrote:


Delving through the source code...it appears that it only uses the ftp_proxy 
when given an ftp url

something like:


ftp ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT

Requesting ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT
 (via www-proxy.ksu.edu:8080)
100% |***|  3795   26.38 KiB/s00:00 ETA
3795 bytes retrieved in 00:00 (26.36 KiB/s)

Only the fetch side uses proxy (triggered by there being a ':' in the argument.)

The interactive ftp side doesn't.


- Original Message -

Hello!
Still can't resolve problem with ftp utility.

root@ona:/root # ftp ftp2.freebsd.org
ftp: Can't connect to `128.205.32.24:21': Operation timed out
ftp: Can't connect to `ftp2.freebsd.org:ftp'
ftp

socksta -4 tells me that it is not even trying to connect to proxy
server, connecting directly instead:

root@ona:/root # sockstat -4
USER COMMANDPID   FD PROTO  LOCAL ADDRESS FOREIGN
ADDRESS
root ftp54160 3  tcp4   10.10.15.26:50457
128.205.32.24:21


root@ona:/root # uname -a
FreeBSD ona.iem.gov.lv 9.1-RELEASE-p3 FreeBSD 9.1-RELEASE-p3 #0: Mon
Apr 29 18:27:25 UTC 2013
r...@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
 amd64


root@ona:/root # env
TERM=screen
ftp_proxy=http://myproxy:8080
http_proxy=http://myproxy:8080
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin
SHELL=/bin/csh
HOME=/root
USER=root
HOSTTYPE=FreeBSD
VENDOR=amd
OSTYPE=FreeBSD
MACHTYPE=x86_64
SHLVL=1
PWD=/root
LOGNAME=root
GROUP=wheel
HOST=ona
EDITOR=vi
PAGER=more
BLOCKSIZE=K

Tried to google with no luck - no solution works for me. By the way,
fetch works as expected, I can fetch and install ports.
I would appreciate any help and/or any hints!

Best regards!
VS.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
freebsd-questions-unsubscr...@freebsd.org



--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) --  SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkc...@ksu.edu
Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Fw:

2013-06-04 Thread asrofibcllamongan

Wow  http://anisoftworks.com/iphone.html?uvigjvitac=732608jketet=65454

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


How to compile ipoib module manually?

2013-06-04 Thread Alex Liptsin
Hi.

I work with FreeBSD9.1 and Mellanox devices.

The kernel was configured with OFED support but without IB support:


MYKERNEL file:

#
# GENERIC -- Generic kernel configuration file for FreeBSD/amd64
#
# For more information on this file, please read the config(5) manual page,
# and/or the handbook section on Kernel Configuration Files:
#
#
http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html
#
# The handbook is also available locally in /usr/share/doc/handbook
# if you've installed the doc distribution, otherwise always see the
# FreeBSD World Wide Web server (http://www.FreeBSD.org/) for the
# latest information.
#
# An exhaustive list of options and more detailed explanations of the
# device lines is also present in the ../../conf/NOTES and NOTES files.
# If you are in doubt as to the purpose or necessity of a line, check first
# in NOTES.
#
# $FreeBSD: release/9.1.0/sys/amd64/conf/GENERIC 238090 2012-07-04 00:54:16Z 
delphij $

cpu  HAMMER
include GENERIC
ident MYKERNEL

makeoptions   DEBUG=-g   # Build kernel with gdb(1) debug 
symbols

optionsSCHED_ULE # ULE scheduler
optionsPREEMPTION  # Enable kernel thread preemption
optionsINET # InterNETworking
optionsINET6   # IPv6 communications 
protocols
optionsSCTP# Stream Control 
Transmission Protocol
optionsFFS   # Berkeley Fast Filesystem
optionsSOFTUPDATES # Enable FFS soft updates support
optionsUFS_ACL  # Support for 
access control lists
optionsUFS_DIRHASH # Improve performance on big 
directories
optionsUFS_GJOURNAL  # Enable gjournal-based 
UFS journaling
optionsMD_ROOT  # MD is a potential 
root device
optionsNFSCL  # New Network Filesystem 
Client
optionsNFSD# New Network Filesystem 
Server
optionsNFSLOCKD   # Network Lock Manager
optionsNFS_ROOT  # NFS usable as /, requires NFSCL
optionsMSDOSFS# MSDOS Filesystem
optionsCD9660# ISO 9660 
Filesystem
optionsPROCFS# Process 
filesystem (requires PSEUDOFS)
optionsPSEUDOFS   # Pseudo-filesystem framework
optionsGEOM_PART_GPT  # GUID Partition Tables.
optionsGEOM_RAID   # Soft RAID functionality.
optionsGEOM_LABEL # Provides labelization
optionsCOMPAT_FREEBSD32 # Compatible with i386 binaries
optionsCOMPAT_FREEBSD4   # Compatible with FreeBSD4
optionsCOMPAT_FREEBSD5   # Compatible with FreeBSD5
optionsCOMPAT_FREEBSD6   # Compatible with FreeBSD6
optionsCOMPAT_FREEBSD7   # Compatible with FreeBSD7
optionsSCSI_DELAY=5000   # Delay (in ms) before 
probing SCSI
optionsKTRACE# ktrace(1) support
optionsSTACK  # stack(9) support
optionsSYSVSHM # SYSV-style shared 
memory
optionsSYSVMSG # SYSV-style message 
queues
optionsSYSVSEM # SYSV-style 
semaphores
options_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time 
extensions
optionsPRINTF_BUFR_SIZE=128 # Prevent printf output being 
interspersed.
optionsKBD_INSTALL_CDEV# install a CDEV entry in /dev
optionsHWPMC_HOOKS # Necessary kernel hooks for 
hwpmc(4)
optionsAUDIT  # Security event auditing
optionsMAC# TrustedBSD MAC Framework
#options  KDTRACE_FRAME   # Ensure frames are compiled 
in
#options  KDTRACE_HOOKS   # Kernel DTrace hooks
optionsINCLUDE_CONFIG_FILE # Include this file in kernel
optionsKDB # Kernel debugger related 
code
optionsKDB_TRACE # Print a stack trace for a panic

# Make an SMP-capable kernel by default
optionsSMP # Symmetric MultiProcessor 
Kernel

# CPU frequency control
device  cpufreq

# Bus support.
device  acpi
device  pci

# Floppy drives
device  fdc

# ATA controllers
device  ahci # 

why is ports web page so far out of date

2013-06-04 Thread Fbsd8

I can not get current version of the ports system.
The ports web page http://www.freebsd.org/ports/
is almost 2 years out of date. Says the port I am interested in is at 
1.7 version when just 2 weeks ago it was at 2.2. Portsnap is also messed 
up showing the 1.7 version.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Can sasl/sendmail Report IP Of Failed Access?

2013-06-04 Thread Tim Daneliuk

I am seeing login dictionary attacks on a FreeBSD mail server being
reported.  Is there a way to determine the IPs that are doing this
so they can be blocked at the firewall?   auth.log only
notes the attempted user name, not the IP of origin.
--
---
Tim Daneliuk
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can sasl/sendmail Report IP Of Failed Access?

2013-06-04 Thread Waitman Gobble
On Jun 4, 2013 9:00 AM, Tim Daneliuk tun...@tundraware.com wrote:

 I am seeing login dictionary attacks on a FreeBSD mail server being
 reported.  Is there a way to determine the IPs that are doing this
 so they can be blocked at the firewall?   auth.log only
 notes the attempted user name, not the IP of origin.
 --
 ---
 Tim Daneliuk
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org

On Jun 4, 2013 9:00 AM, Tim Daneliuk tun...@tundraware.com wrote:

 I am seeing login dictionary attacks on a FreeBSD mail server being
 reported.  Is there a way to determine the IPs that are doing this
 so they can be blocked at the firewall?   auth.log only
 notes the attempted user name, not the IP of origin.
 --
 ---
 Tim Daneliuk
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org

one idea is to run auth on a different service / machine on a non-standard
port, that at least cuts down the noise from non-targetted scans.

Waitman Gobble
San Jose California USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can sasl/sendmail Report IP Of Failed Access?

2013-06-04 Thread Mark Felder
On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk tun...@tundraware.com  
wrote:



I am seeing login dictionary attacks on a FreeBSD mail server being
reported.  Is there a way to determine the IPs that are doing this
so they can be blocked at the firewall?   auth.log only
notes the attempted user name, not the IP of origin.


I don't use sendmail, but aren't the login attempts at least logged in  
maillog as well? If so, you could use fail2ban to ban them. We do this  
with postfix/exim/dovecot/etc.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Fw:

2013-06-04 Thread Aserene20

Wow  http://chorus-trier.de/iphone.html?popavasjq=248394nalydy=31411

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can sasl/sendmail Report IP Of Failed Access?

2013-06-04 Thread Doug Hardie

On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote:

 I am seeing login dictionary attacks on a FreeBSD mail server being
 reported.  Is there a way to determine the IPs that are doing this
 so they can be blocked at the firewall?   auth.log only
 notes the attempted user name, not the IP of origin.
 -- 
 

I wrote some code to find the appropriate maillog entries which do include the 
IP addresses.  It automagically adds the IP addresses to the pf blackhole table 
if certain criteria is met.  The criteria is changeable.  If you would like a 
copy, let me know.  
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can sasl/sendmail Report IP Of Failed Access?

2013-06-04 Thread Tim Daneliuk

On 06/04/2013 04:51 PM, Doug Hardie wrote:


On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote:


I am seeing login dictionary attacks on a FreeBSD mail server being
reported.  Is there a way to determine the IPs that are doing this
so they can be blocked at the firewall?   auth.log only
notes the attempted user name, not the IP of origin.
--



I wrote some code to find the appropriate maillog entries which do include the 
IP addresses.  It automagically adds the IP addresses to the pf blackhole table 
if certain criteria is met.  The criteria is changeable.  If you would like a 
copy, let me know.



Yes, I'd love a look at that, thanks.

--

Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can sasl/sendmail Report IP Of Failed Access?

2013-06-04 Thread Chris Hill

On Tue, 4 Jun 2013, Doug Hardie wrote:


On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote:


I am seeing login dictionary attacks on a FreeBSD mail server being
reported.  Is there a way to determine the IPs that are doing this
so they can be blocked at the firewall?   auth.log only
notes the attempted user name, not the IP of origin.
--



I wrote some code to find the appropriate maillog entries which do 
include the IP addresses.  It automagically adds the IP addresses to 
the pf blackhole table if certain criteria is met.  The criteria is 
changeable.  If you would like a copy, let me know.


That sounds incredibly useful. Can you post it somewhere?


--
Chris Hill   ch...@monochrome.org
** [ Busy Expunging / ]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: System Calls that do DNS

2013-06-04 Thread Waitman Gobble
On Jun 3, 2013 10:22 PM, Doug Hardie bc...@lafn.org wrote:


 On 3 June 2013, at 20:39, staticsafe m...@staticsafe.ca wrote:

  On Mon, Jun 03, 2013 at 07:57:07PM -0700, Doug Hardie wrote:
  I have an unusual situation.  A program is doing a DNS lookup and
often the IP address has no reverse DNS entries.  As a result the program
hangs for several timeouts.  The call is not being made directly in its
code, but is occurring in a system call.  There are no specific calls to
DNS, its something else doing it.  I have been trying to track down which
system call is doing it, but without success so far.  I have tried syslog
calls around each of the system calls I thought might be the culprit, but
my guessing is not very good.  How can I identify the system call that is
calling DNS?  If I can find it, I hopefully can find another way to do
whatever it does that does not involve a reverse DNS lookup.
 
 
 
  Use truss:
  http://www.freebsd.org/cgi/man.cgi?query=truss
 
  The truss utility traces the system calls called by the specified
  process or program.
  --
  staticsafe
  O ascii ribbon campaign - stop html mail - www.asciiribbon.org
  Please don't top post - http://goo.gl/YrmAb
  Don't CC me! I'm subscribed to whatever list I just posted on.
 

 Unfortunately truss does not show anything more than ktrace.  I know what
is going out on the internet connection.  Its a plain old reverse DNS
request.  The question is what library module (probably not a system call
now that I think about it) is making that request.  Interestingly enough,
adding the IP address with a dummy name in /etc/hosts causes the reverse
request to succeed and there are no time delays.  So whatever module it is,
is not using bind.  Bind doesn't check the hosts files as far as I can tell.
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org

maybe try ldd and see if it is linked to a library like c-ares? or try
running it in gdb to see whats going on? some ideas.

Waitman Gobble
San Jose California USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Can sasl/sendmail Report IP Of Failed Access?

2013-06-04 Thread Warren Block

On Tue, 4 Jun 2013, Tim Daneliuk wrote:


On 06/04/2013 04:51 PM, Doug Hardie wrote:


On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote:


I am seeing login dictionary attacks on a FreeBSD mail server being
reported.  Is there a way to determine the IPs that are doing this
so they can be blocked at the firewall?   auth.log only
notes the attempted user name, not the IP of origin.
--



I wrote some code to find the appropriate maillog entries which do include 
the IP addresses.  It automagically adds the IP addresses to the pf 
blackhole table if certain criteria is met.  The criteria is changeable. 
If you would like a copy, let me know.




Yes, I'd love a look at that, thanks.


sshguard is supposed to be capable of analyzing log files beyond just 
ssh.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: System Calls that do DNS

2013-06-04 Thread Adam Vande More
On Tue, Jun 4, 2013 at 12:21 AM, Doug Hardie bc...@lafn.org wrote:
 Unfortunately truss does not show anything more than ktrace.

Normally most people use truss first, then fall back to ktrace ;)

 Bind doesn't check the hosts files as far as I can tell.

System requests obey nsswitch.conf(5)

--
Adam Vande More
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: System Calls that do DNS

2013-06-04 Thread Enno Davids
See if whois can tell you who owns the block the IP is in. That may give
you some insight into what is asking for the reverse.

E.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: System Calls that do DNS

2013-06-04 Thread Doug Hardie

On 4 June 2013, at 22:19, Enno Davids e...@metva.com wrote:

 See if whois can tell you who owns the block the IP is in. That may give
 you some insight into what is asking for the reverse.

Its ATT.  Its probably at least a state's worth of DSL addresses.  I am 
physically at one of them for a couple more days.  After that I have no way to 
test this.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org