Re: IPsec phase 1 and 2 negotiation in an infinite loop.
Mike Tancsa wrote:
On 9/5/2011 11:58 PM, Mikhail Goriachev wrote:
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration
value=7080)(type=enc value=3des)(type=auth
value=preshared)(type=hash value=sha1)(type=group desc
value=modp1024
(vid: len=16 afcad71372a1f1c96b8696fc99570100)
03:17:31.637424 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto
UDP
(17), length 108)
w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -:
phase 1 R ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=lifetype value=sec)(type=lifeduration
value=7080)(type=enc value=3des)(type=auth
value=preshared)(type=hash value=sha1)(type=group desc
value=modp1024
OK, both sides are 3des, psk and sha1 dhgroup 1. Thats good.
Note: a.b.c.d is my end. w.x.y.z is the other end. vid:, ke: and
nonce: are scrambled.
flag=0x8000, lorv=AES-CBC
Sep 5 20:40:27 vpnmach racoon: DEBUG: encryption(aes)
Sep 5 20:40:27 vpnmach racoon: DEBUG: type=Hash Algorithm, flag=0x8000,
lorv=MD5
Sep 5 20:40:27 vpnmach racoon: DEBUG: hash(md5)
Sep 5 20:40:27 vpnmach racoon: DEBUG: type=Authentication Method,
... yet, you have AES and md5 ?? where are those coming from ? Do you
have an extra config for the remote somewhere in your files perhaps that
is matching ?
Nop. There're no extra files. The only thing the other guys gave me was:
Operation Mode: Tunnel (Net to Net)
Authentication Type: Pre shared secret
Phase 1: 3DES/SHA1, DH Group=2
Phase 2: 3DES/SHA1, PFS=no, DH Group=any
Based on that I got it working.
So, do you reckon the other end suddenly began advertising/requesting aes
and md5 instead of 3des and sha1?
---Mike
remote w.x.y.z {
exchange_mode main;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
--
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
--
Mikhail Goriachev
Webanoide
Mobile: +56 9 78772741
Web: www.webanoide.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IPsec phase 1 and 2 negotiation in an infinite loop.
5.4.3.2.1.500: isakmp: phase 1 I ident 00:00:00.000108 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 126: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 1 R ident 00:00:02.022728 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 1 I ident I've restarted both racoon and ipsec several times. Set racoon's log to debug/debug2 but couldn't find any lines relevant to the problem in the logs apart from: [1.2.3.4] DEBUG: malformed cookie received. it has to be as the initiator. Out of desperation and pressure in reestablishing the tunnel I restarted the machine. That did the trick. She's up and running without a problem. Now I'm trying to understand what went wrong and how to prevent this thing from occurring in the future. After doing my homework I suspect that the culprit might've been PF. I completely forgot about it when I was restarting ipsec and racoon. Let me add that the machine was running for months and no settings were changed at all. Could that be the MTU, packet reassembly or anything related to PF? What are the thoughts of people working with VPNs? Configuration files and logs are available on request. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Mobile: +56 9 78772741 Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPsec phase 1 and 2 negotiation in an infinite loop.
Hi Mike, Mike Tancsa wrote: On 9/5/2011 8:06 PM, Mikhail Goriachev wrote: Hi, Can anyone please comment/shed some light/give hints on the following?: I've got a VPN cranking between 8.2-RELEASE-p2 (my end) and an unknown appliance (the other party doesn't want to disclose specs). Everything works just fine and I had a stable and fully established connection for 4 months without a problem. However, today the tunnel went down. I'm using FreeBSD's IPsec and ipsec-tools-0.8.0_2 (racoon). Everything's up to date. The thing is, according to tcpdump, it seems that both machines are trying to get beyond phases 1 and 2 in an infinite loop: 00:00:04.024146 00:11:22:33:44:55 55:44:33:22:11:00, ethertype IPv4 (0x0800), length 378: 1.2.3.4.5.500 5.4.3.2.1.500: isakmp: phase 1 I ident 00:00:01.800582 55:44:33:22:11:00 00:11:22:33:44:55, ethertype IPv4 (0x0800), length 126: 5.4.3.2.1.500 1.2.3.4.5.500: isakmp: phase 1 R ident Configuration files and logs are available on request. post a dozen lines of tcpdump -s0 - -ni external int port 500 I stopped ipsec and racoon. Fired up tcpdump, started ipsec and racoon and sent one ping to the other end. The following is the output: # tcpdump -s0 - -ni eth0 port 500 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 03:17:31.410202 IP (tos 0x0, ttl 64, id 41076, offset 0, flags [none], proto UDP (17), length 128) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024 (vid: len=16 afcad71372a1f1c96b8696fc99570100) 03:17:31.637424 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 108) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=preshared)(type=hash value=sha1)(type=group desc value=modp1024 03:17:31.639838 IP (tos 0x0, ttl 64, id 41077, offset 0, flags [none], proto UDP (17), length 208) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 I ident: (ke: key len=128 c86646bb8a5a05d423e94dba3e59924d815f4edaf4747d98fd7d2d01ceba0bc17e00011efc92b7157d8644082c5655eca7d86c47b6015473446ae5875175f0a64d911bb8b16615f60e967c45a79f4bd225f892cfb9e4de481bc2e1f3ef08b442dafcefe887w3a3604c0932761f11247425b7745529bc879591f67f56dda7b2f6) (nonce: n len=16 ecb2af111bcdd6c6220a487a51d58100) 03:17:32.423407 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 212) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident: (ke: key len=128 f1e1fc68dc231887dd7af4bd758536ae72adaa6c8636ec62bf4a1d97e61fcc8f6af2f287e38de667398ae82286c865gb3301816b31f645f16f592a8a3afd7e3bec7f2d37c355c571700jkac37f288267f2f6a147232463c74f28fga7c89b06ef3aafdc46cf042000f26be2ddg57ede284c393dd7615afbbd64f78d8fea9049b0) (nonce: n len=20 59e43b2c35b61n18d67e7060f32aad1f7891f397) 03:17:32.425834 IP (tos 0x0, ttl 64, id 41085, offset 0, flags [none], proto UDP (17), length 96) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 I ident[E]: [encrypted id] 03:17:33.090177 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 96) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident[E]: [encrypted id] 03:17:33.090311 IP (tos 0x0, ttl 64, id 41092, offset 0, flags [none], proto UDP (17), length 112) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others I inf[E]: [encrypted hash] 03:17:33.090614 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 96) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 1 R ident[E]: [encrypted id] 03:17:33.412039 IP (tos 0x0, ttl 64, id 41093, offset 0, flags [none], proto UDP (17), length 176) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others I oakley-quick[E]: [encrypted hash] 03:17:33.615466 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF], proto UDP (17), length 184) w.x.y.z.500 a.b.c.d.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others R oakley-quick[E]: [encrypted hash] 03:17:33.615585 IP (tos 0x0, ttl 64, id 41094, offset 0, flags [none], proto UDP (17), length 88) a.b.c.d.500 w.x.y.z.500: [udp sum ok] isakmp 1.0 msgid cookie -: phase 2/others I oakley-quick[E]: [encrypted hash] ^C 11 packets captured 200 packets received by filter 0 packets dropped by kernel Note: a.b.c.d is my end. w.x.y.z is the other end. vid:, ke: and nonce: are scrambled. As well
Re: SpamAssassin/Perl eating enormous amounts of memory?
Andrew Moran wrote: [...] Has anyone heard of this? Or any pointers on what I can do to figure out what is causing it? Your advice is much appreciated. As an alternative: You could try mail/mimedefang. It calls spamassassin to evaluate an e-mail but without having it running all the time. This can solve your problem of running out of memory. For instance, sendmail could be the first line of defence with its own rules (rDNS, noMX, RBLs and what not). Then mimedefang with a set of rules to further reject dodgy e-mails (helo/ehlo, spoofings, SPF and so on). After that, spamassassin comes into play (controlled by mimedefang), but only at the end as a last line of defence. By the time it gets to the end, a lion's share has already been rejected and that means less work for spamassassin. I hope this helps. Regards, Mikhail. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disabling inbound email in a jail
Kirk Strauser wrote: I only want sendmail in a jail to do one thing: forward nightly reports from r...@localhost to a real account on another machine. What's the proper way to configure this? Edit /etc/mail/aliases. All reports are pointed to root. But you can point it anywhere you want: root: someacco...@example.org After that execute: # newaliases and you're done. No sendmail_enable is required or whatsoever in the /etc/rc.conf. By default, sendmail_enable=NO in /etc/rc.conf still gives a running sendmail that accepts mail from other hosts: m...@realhost$ echo foo | mail m...@jail.example.com This shouldn't have worked. By default you should've received stat=Deferred: Connection refused by jail.example.com. This is the case if you're sending from a physically different machine to another machine's jail. By default sendmail listens only on localhost and doesn't accept outside connections. It is only used for internal submission, such as daily reports. If you're sending from a host to its jail, then this is another story. In most cases you'll get some unexpected results. m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: from=m...@realhost, size=735, class=0, nrcpts=1, msgid=20090227154335.877a442...@realhost, bodytype=7BIT, proto=ESMTP, daemon=Daemon0, relay=jail.example.com [10.0.5.70] Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: to=m...@jail.example.com, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30983, relay=local, dsn=2.0.0, stat=Sent However, if I set sendmail_enable=NONE, then I can't send outbound email either: m...@jail.example.com$ echo foo | mail m...@realhost m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, size=28, class=0, nrcpts=1, msgid=200902271537.n1rfbbg3086...@jail.example.com, relay...@localhost Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: to...@realhost, ctladdr=me (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] What's the happy medium between sendmail wide open (eg sendmail_enable=NO (WTF?)) and disabled mail system (eg sendmail_enable=NONE)? sendmail_enable=YES accepts outside and local connections sendmail_enable=NO (the default) accepts local connections only sendmail_enable=NONE doesn't start the daemon, sendmail is off Have a look at /etc/rc.d/sendmail for further hints. Regards, Mikhail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PHP5 and ldap
Pieter Donche wrote:
On Tue, 24 Feb 2009, Vasadi I. Claudiu Florin wrote:
what does php --versionsay now?
the same as before :
PHP Warning: PHP Startup: Unable to load dynamic library
'/usr/local/lib/php/20060613/ldap.so' - Shared object libldap-2.4.so.5 not
found, required by ldap.so in Unknown on line 0
PHP 5.2.8 with Suhosin-Patch 0.9.6.3 (cli) (built: Jan 19 2009 08:43:08)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
I had a similar problem. You not gonna love it, but according to
/usr/ports/UPDATING:
20090216:
AFFECTS: users of net/openldap24-{client,server}
AUTHOR: delp...@freebsd.org
OpenLDAP has been upgraded to 2.4.14, which requires a shared
library version bump. Therefore, you need to reinstall all
ports depending on it. Run something like:
# portupgrade -fr net/openldap24-client
Regards,
Mikhail.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 7.0 reboots on Dell 2950
Proskurin Kirill wrote: Hello all. What we have: Dell 2950 with FreeBSD-7.0-p9 on it. It work as mail server(Exim+Dovecot and so on). All latest version from ports. After start a production use - it is start to reboot 3-4 times a day with no reason. We think what it is a hardware problem. We swap RAM - not helps. We swap chassis - not helps. I rebiuld all ports - not helps. (well i notice what it start to be more stable - 1 reboot in 1-2 days) In attach screens of error what i have to catch. Can someone say - what it can be or how to find what may cause this? Check the fan on the CPU. Probably it's dead or malfunctioning. Also check the heat sink underneath the fan. It could be dirty and blocking the airflow. Regards, Mikhail. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Installing Samba : FreeBSD Vs Linux ?
Valentin Bud wrote: hello list, a little story about samba and FreeBSD. I had to make a file server for a company that uses a program for accounting. that software works with lots of files to do the job. the software admin told me that the permissions should be very open on the directories and files so i made them 0777. the software worked like a charm for about 2 months but after that at some point the client couldn't access the files on the samba server. The files were there with the correct permissions but the software refused to access them with an error that they don't exist. I've tried to debug samba but couldn't find [...] Here's another story. Our accounting packages also dump their files, databases and settings onto network drives. This is what we tend to do: 1.- Create a dedicated network drive for every software package with its own letter. Let's say package XYZ gets letter Y:. All users connecting to Samba must load network drive for XYZ as Y:. Otherwise some client instances may complain that the database was installed on Y: but there's nothing because it is actually somewhere else. 2.- Create user xyz and group xyz. Then map the XYZ network drive as xyz:xyz. By this, we avoid permission problems. 3.- Whenever we call tech support, we tell them that our network drives are located on a Windows 2003 machine. This saves us unnecessary headaches and warranty issues. We've been doing this for years and it works like a charm. Regards, Mikhail. -- Mikhail Goriachev Webanoide ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Slapd not starting
[EMAIL PROTECTED] wrote: I was having some troubles with the samba install telling me that openldap 2.3.42 and 2.4.10 would conflict. I had installed openldap 2.4.10 server and I guess that was the problem. It seemed to start up just fine, but since I could not get samba to install and it kept giving me the error that the clients would conflict, I decided just to uninstall 2.4.10 and install the 2.3.42. Now when I try to /usr/local/etc/rc.d/slapd start, it just seems to sit there and then goes back to the prompt. I checked the port with sockstat -4 -p 389 and it is not running. I don't see anything in the /var/log/messages about it so I am not sure what is going on. Check /var/log/debug.log Regards, Mikhail. -- Mikhail Goriachev Webanoide ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: quota and sendmail accepts 10k mail size
Quoting lyd mc [EMAIL PROTECTED]: However, my company wants to have 20meg mbox space per user. If the User exceeds, he/she should not recieved any mail. So, I use system quota to prevent sendmail from writing to mbox of a Let me suggest slightly different approaches: 1.- You could have /usr/ports/mail/mimedefang making the decisions instead of sendmail or system quota. There you can set your own rules and sendmail will abide them. This gives you far better control and you're limited by your own imagination. 2.- Implement a mail server with quota capabilities. For instance cyrus-imap. There you can set quota limits, warning messages to users, percentages and so on. This is the easiest approach. Regards, Mikhail. -- Mikhail Goriachev Webanoide ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: php 4.3.10, manual installation
Zbigniew Szalbot wrote: Hi there, On Mon, 9 Jul 2007 16:54:16 -0500, Josh Paetzel [EMAIL PROTECTED] wrote: On Monday 09 July 2007, [EMAIL PROTECTED] wrote: Hello, I would take a look at cvsweb.freebsd.org and find out when PHP 4.3.10 was in ports, then roll back your ports tree to that date with cvsup and install it from ports. So in this case the commit that updated the port to 4.3.11 was on Mon April 4 2005, so if you roll back the ports tree to April 1 you'll be fine. You'll need cvsup for this. In your ports-supfile add the following line: *default date=2005.04.01.00.00.00 If you have the current versions of gettext, libtool, m4, perl, and expat installed you can simply roll back the lang directory with cvsup, saving you from rolling back the entire tree by commenting out ports-all, and uncommenting ports-base and ports-lang Otherwise, if you want to install the versions of the dependancies that were current at the time of php 4.3.10 you'll want to roll back the entire tree. After you run cvsup you can just portinstall it or cd /usr/ports/lang/php4 make install clean All clear but when I go to install this particular version of PHP I am (rightly) warned about its multiple known vulnerabilities. I read man portinstall but don't think I have seen information how to temporarily switch this security check off when installing a port. Many thanks in advance! Zbigniew Szalbot make -DDISABLE_VULNERABILITIES install Thanks for your patience! However, when I try I get: make -DDISABLE_VULNERABILITIES install clean Dependency warning: used OpenSSL version contains known vulnerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 Stop in /usr/ports/lang/php4. Now I did include WITH_OPENSSL_PORT=1 in pkgtools.conf for php4 but it does not seem to take any effect. I also tried inserting WITH_DISABLE_VULNERABILITIES=1 in this file but it did not help. # make DISABLE_VULNERABILITIES=YES install clean # man ports Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BIND to listen on all interfaces?
Nejc Škoberne wrote: Hello, I am running BIND (from base system) on my FreeBSD 5.3 machine. The box is connected to outer world via ADSL connection (tun0 device). If the named is started when the machine is connected to the internet, then everything is OK, I get this by saying netstat -n -a: udp4 0 0 X.X.X.X.53 *.* udp4 0 0 127.0.0.1.53 *.* udp4 0 0 10.0.1.3.53*.* but at boot time, the named starts before the PPP connection is started, so the tun0 interface is not up yet. So that's why I get this: udp4 0 0 127.0.0.1.53 *.* udp4 0 0 10.0.1.3.53*.* In BIND manual, it says: If no listen-on is specified, the server will listen on port 53 on all interfaces. I also tried to specify the ADSL IP address in named.conf (it is static), but it is still a no go. I don't have such problems with other daemons! Any ideas? An idea: Assuming you're using ppp, let it restart named after it connects to the Internet. Have a /etc/ppp/ppp.linkup and put the following or similar into it: adsl: ! /etc/rc.d/named restart Read the ppp man pages for further details. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Fresh install won't compile requirement libraries for cvsup
Andrew Falanga wrote: Hi, [ trim ] After installing the ports tree, I went and did make install clean in the dir for cvsup-without-gui. The script appeared to be working through the requirements just fine too. It downloaded all necessary files and was proceeding to the build phase. I'm not sure in which package this occurred but the build just died on me. No errors, just a hard hang. Nothing worked. I could not even Alt+num to a different pseudo terminal. The system just hard hanged. I rebooted and tried the install again with the same result. Hardware problems. I have 384mb of PC 100 memory laying around that I was going to try and test my theory on, but wanted to consult some of the more experienced on this forum before going hog wild on this. Just out of curiosity, what are the impacts of using memory chips of unlike speeds in the system at the same time? I've heard, in times past, that if one does mix memory chips, the slower chips should be used in the lower priority (i.e. higher numbered) slots. Is this true, or is this bogus? Faster chips match the speed of the slower ones. You could add that extra chip and see what happens. I'm running FreeBSD 6.2 at work on two lost-leader, no name cheap-o laptops also with 256mb of memory with no problems (granted, they are Celeron 1.7gHz but still). I'm even running X with XFCE or KDE on them. I'm really suspecting faulty memory. Oh, by the way, this is to be a web server therefore, I'm not going to be running any GUIs by default. Text based administration only. I'd suggest testing/stressing your memory: http://www.memtest86.com or /usr/ports/sysutils/memtest86 Let us know how it goes. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail startup problem
Roland Smith wrote: On Tue, Jun 12, 2007 at 01:41:22PM -0700, Charlie McElfresh wrote: Hi, I have sendmail disabled in rc.conf, but it starts up anyway. Any hints what might be starting it up? How have you disabled it? It is not enough to do 'sendmail_enable=NO'. To completely disable sendmail you shoud use 'sendmail_enable=NONE'. sendmail_enable=NO and sendmail_enable=NONE are the same and the first one is already present by default in /etc/defaults/rc.conf In order to disable the submission and hence stop sendmail completely, the following should be added into /etc/rc.conf: sendmail_submit_enable=NO Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sendmail startup problem
Chuck Swiger wrote:
On Jun 12, 2007, at 2:43 PM, Mikhail Goriachev wrote:
How have you disabled it? It is not enough to do
'sendmail_enable=NO'.
To completely disable sendmail you shoud use
'sendmail_enable=NONE'.
sendmail_enable=NO and sendmail_enable=NONE are the same and
the first one is already present by default in /etc/defaults/rc.conf
No, they aren't identical. See /etc/rc.d/sendmail:
case ${sendmail_enable} in
[Nn][Oo][Nn][Ee])
sendmail_enable=NO
sendmail_submit_enable=NO
sendmail_outbound_enable=NO
sendmail_msp_queue_enable=NO
;;
esac
In order to disable the submission and hence stop sendmail
completely, the following should be added into /etc/rc.conf:
sendmail_submit_enable=NO
This is a partial solution. The complete set of variables is listed
above or in /etc/defaults/rc.conf...
Oops... I stand corrected. My apologies for the noise.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: [EMAIL PROTECTED]
Web: www.webanoide.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Source code tar ball for the 6.2 production release
Jayendran wrote: Hi, I downloaded all the 6.2 release ISO images for the i386 target. I was unable to find the source code in any of the archives. I went through the FAQs which did not shed light on the location. I found a 'Documentation' links on the home site which had a link to a web browse-able version of the source code. Is the source code not bundled along with the ISO image(s) [earlier this used to be in /usr/src after installation]? If so, is it possible to get a tarball of it for offline use? I have not installed the OS yet. /cdrom/6.2-RELEASE/src/ -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrading to 6.2-RELEASE from 6.2-STABLE
Mark Stout wrote: Thank you, Mark Stout VPM Global Internet Services, Inc. 530-626-4218 x205 Office 530-626-7182 Fax 530-554-9295 VoIP 916-240-2850 Cell www.vpm.com http://www.vpm.com This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. If you are not the intended recipient, you are hereby notified that any use or dissemination of this communication is strictly prohibited, and asked to notify us immediately, then delete this email. E-mail transmission cannot be guaranteed to be secure or error-free and VPM Global Internet Services, Inc. does not accept liability for any errors or omissions in the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of VPM Global Internet Services, Inc. -Original Message- From: Mark Stout [mailto:[EMAIL PROTECTED] Sent: Monday, June 11, 2007 9:24 AM To: Mikhail Goriachev; Abdullah Ibn Hamad Al-Marri Cc: freebsd-questions@freebsd.org Subject: RE: Upgrading to 6.2-RELEASE from 6.2-STABLE -Original Message- From: Mikhail Goriachev [mailto:[EMAIL PROTECTED] Sent: Sunday, June 10, 2007 9:27 AM To: Abdullah Ibn Hamad Al-Marri Cc: Mark Stout; freebsd-questions@freebsd.org Subject: Re: Upgrading to 6.2-RELEASE from 6.2-STABLE Abdullah Ibn Hamad Al-Marri wrote: On 6/10/07, Mark Stout [EMAIL PROTECTED] wrote: So how should I fix this? Thank you, Mark Stout cd /usr/src make cleanworld mergemaster -p make buildworld make buildkernel make installkernel reboot cd /usr/src make installworld mergemaster -iU reboot You are done. :) The *correct* procedure is described in: /usr/src/Makefile and even more detailed at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html Following the tasks in Rebuilding “world” in the handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html I removed the /usr/obj directory and did a buildworld. When tryinmg to compile the kernel its failing on unknown option MD5. Commenting that out it fails on the line above MD5, options LKM. What's happening here? These two options papear in the LINT file. I can't find anything that explains why this would happen. A follow-up to my last email. I copied GENERIC to RADIUS2 and symlinked to /root/kernel. Then added the various LINT options. I started commenting out what is failing when I try to compile a new kernel. All are from the LINT file. Is MD5 a default that does not need to be specifically added? What about ICMP_BANDLIM? And support for IDE drives. Are these already handed elsewhere in GENERIC? # These all failed as unknown options: unknown option MD5 unknown option LKM unknown option CD9660_ROOTDELAY unknown option NSWAPDEV unknown option TCP_COMPAT_42 unknown option ICMP_BANDLIM (found in Handbook in Chapter 14 Securing FreeBSD) # Do not understand why these are fialing config: Error: device acd0 is unknown config: Error: device wfd0 is unknown config: Error: device wst0 is unknown # This failed as a syntax error controller wdc0at isa? port IO_WD1 bio irq 14 Do you really need those options? GENERIC is sufficient for production use. Try running it first and see how it goes. I'd recommend adding/tweaking things only if you understand the outcome and necessity of them. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Upgrading to 6.2-RELEASE from 6.2-STABLE
Abdullah Ibn Hamad Al-Marri wrote: On 6/10/07, Mark Stout [EMAIL PROTECTED] wrote: So how should I fix this? Thank you, Mark Stout cd /usr/src make cleanworld mergemaster -p make buildworld make buildkernel make installkernel reboot cd /usr/src make installworld mergemaster -iU reboot You are done. :) The *correct* procedure is described in: /usr/src/Makefile and even more detailed at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamassassin RBL's
Peter Pluta wrote: How can I enable spamassasssin RBL's. I'm running FreeBSD 6.1, postfix, amavisd-new, and spamassassin with razor. I'm getting many spams that shouldn't be getting thru with RBL's. I havent been able to find anything useful on Google that can explain how to get RBL working with spamassassin. Any feedback would be greatly appreciated. RBL is already enabled in SA. Probably you should increase the values SA assigns to RBL checks. See: http://www.spamhaus.org/effective_filtering.html Skim through: /usr/local/share/spamassassin/20_dnsbl_tests.cf Just a thought. You may consider implementing RBL at MTA level (postfix in your case). It is a lot faster then processing through SA, which is a resource hog. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: passing parameters to configure script of a port
Angelin Lalev wrote: Hi, I want to build squid from ports, but I need to pass some custom options to configure script. Something more, I want to be sure that when I run portupdate it won't revert to default options. Which is the right way to do this ? This might help: http://blog.innerewut.de/articles/2006/01/14/upgrading-ports-and-preserve-make-options Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: startup / shutdown script (rc.d)
gmoniey wrote:
thanks for the ideas, i tried both of your suggestions...i manually ran the
rails.sh file, and everything worked as expected...so i dumped the output to
file...my .sh file looks as such:
[ trim ]
the weird part is that the Rails found stop never printed...and im not sure
why the mongrel_rails fails (im assuming that the kldload works fine as it
doesn't print out any error messages if it is successfull)
i guess i will just keep playing with it...
Let's try a different approach. The following is a working script of
your rails:
---
#!/bin/sh
# PROVIDE: rails
# KEYWORD: nojail shutdown
. /etc/rc.subr
name=rails
start_cmd=${name} start
stop_cmd=${name} stop
rails() {
case ${rc_arg} in
start)
echo -n Starting ${name}:
echo -n 1
echo -n 2
echo 3
;;
stop)
echo -n Stopping ${name}:
echo -n 3
echo -n 2
echo 1
;;
*)
echo dddz
esac
}
load_rc_config ${name}
run_rc_command ${1}
---
It looks different, but this is the new way how the OS fires things up.
Place this script as /usr/local/etc/rc.d/rails. Don't add the
extension to it (.sh). The use of extensions is old school. Chmod it to
555 (or 755).
Now give it a spin:
# /usr/local/etc/rc.d/rails start
# /usr/local/etc/rc.d/rails stop
# /usr/local/etc/rc.d/rails restart
# /usr/local/etc/rc.d/rails blah
See what happens and then boot your machine. You'll see how it starts
and stops. Once you're satisfied, tweak it to your needs.
If you want to control all aspects of the thing then you should read:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-starting-services.html
Also read the rc.d(8) and all of its rc.* related man pages.
You can get lots of good examples in /etc/rc.d/. For instance
/etc/rc.d/usbd is the simplest of them all.
Let us know how it goes.
Regards,
Mikhail.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: [EMAIL PROTECTED]
Web: www.webanoide.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Remote Server FSCK
Matt Juszczak wrote: Hi all, I have a dedicated box with a hosting company. The power supply failed in the box this morning, and the company replaced it and brought the box back up. In my logs, I have: Trying to mount root from ufs:/dev/ad0s1a WARNING: / was not properly dismounted WARNING: /home was not properly dismounted WARNING: /tmp was not properly dismounted WARNING: /usr was not properly dismounted /usr: mount pending error: blocks 80 files 1 WARNING: /var was not properly dismounted WARNING: /var/tmp was not properly dismounted In my opinion, this calls for an fsck in single user mode. Unfortunately, I don't have access to the box. Is htis something I should have them do? It seems /usr is affected, and the /var/log/messages shows a few other errors as well. What's the best way to go about fixing this. Should I ask them to `fsck -y` from console in single user mode since I can't be there to look at the prompts? It all depends on the severity of the situation. Next boot may fix your problem or it may not. It is a good idea to do it in single user mode but if you don't have console/physical access to the box then maybe this could help you: fsck_y_enable=YES Just add that into the /etc/rc.conf, reboot and wait awhile. After the machine is up and running, fsck it and see if it throws any errors. Let us know how it goes. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fbsd 6.2 pf starts -- but not on boot
snowcrash+freebsd wrote: hi, i've fbsd 6.2R/p5, with pf compiled into a custom kernel. on boot, pf is, apparently, not starting. but, if i exec /etc/rc.d/pf start immediately after boot to prompt is done, then all's OK. the only related (?) messages -- error or otherwise -- i've found are on startup. any ideas/suggestions as to what might be the prob? and/or how to troubleshoot? Just a shot in the dark. You are probably putting hostnames in your pf.conf instead of IPs. PF starts before Bind. So it can't resolve hostnames in the rules and hence doesn't start. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Static Routes, gateways and the end of my sanity
Reuben A. Popp wrote: Hello everyone, can someone please (_please_!!) let me know what I'm doing wrong in the following example? I am near my wits end on implementing this, any suggestions are greatly appreciated! The scenario is that I have a server here with twin nics, bce0 and bce1; I would like bce0 to be connected to our dmz network (192.168.x.x), while bce1 would be on our internal network. A jail will reside on the ip assigned to bce0, while the regular base system will bind to bce1. My current rc.conf consists of the following: --- defaultrouter=10.228.228.254 ifconfig_bce0=inet 192.168.4.80 netmask 255.255.255.0 ifconfig_bce1=inet 10.228.228.228 media 100BaseTX mediaopt full-duplex netmask 255.255.255.0 # Enable Jails for multi-homed box (video) jail_enable=YES jail_list=video jail_video_rootdir=/usr/local/jail/video jail_video_hostname=video.eastcentral.edu jail_video_ip=192.168.4.80 jail_named_exec_start=/bin/sh /etc/rc jail_video_devfs_enable=YES # Routed and gateway settings static_routes=net1 route_net1=-net 192.168.4.80/24 -netmask 255.255.255.0 192.168.4.254 -- Of course there's other things in there like binding various services (inetd, syslog, et al) to the internal ip. On bringing the machine up, I can ping both ips just fine; what I can't do is ssh to the dmz address. Yes, sshd is running inside the jail ;). The output of tcpdump shows a connect to that ip on bce0, but all responses appear to be going out on bce1. Again, any suggestions or comments are welcome and appreciated. For the record, the machine is a Dell PowerEdge 2950 running the amd64 6.2-RELEASE-p4 branch. I will gladly supply more info if this isn't enough. You can't bind both host and jail to the same IP. I'd suggest the following re-arrangement: ifconfig_bce0=inet 192.168.4.80 netmask 255.255.255.0 ifconfig_bce0_alias0=inet 192.168.4.81 netmask 255.255.255.255 ^^ ^ ^^^ ifconfig_bce1=inet 10.228.228.228 media 100BaseTX mediaopt full-duplex jail_enable=YES jail_list=video jail_interface=bce0 ^ jail_video_rootdir=/usr/local/jail/video jail_video_hostname=video.eastcentral.edu jail_video_ip=192.168.4.81 ^ jail_named_exec_start=/bin/sh /etc/rc jail_video_devfs_enable=YES In other words: Your host binds to bce0 (192.168.4.80) and bce1 (10.228.228.228). The jail binds to bce0_alias0 (192.168.4.81). Also jails will always try to bind to bce0 interface (jail_interface=bce0). You don't need any routes if your machine acts as a gateway. All traffic from 10.0.0.0/8 will find its way to 192.168.0.0/16 through bc1 and from other net via bc0. Hopefully I didn't misinterpret your problem. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reject mail hosts
Jack Barnett wrote: This is in the daily run output. Anyone know what this means? It's it someone trying to relay/spam though me? That's right. Someone's trying to deliver/relay e-mails through your system and such attempts get logged and reported to you. Checking for rejected mail hosts: 2 bcast.americansingles.com (553... exist) 1 gmail.com (550... denied) 1 aol.com (550... denied) 1 (553... required) 553... exist: domain of sender doesn't exist 550... denied: relaying denied / authentication required You shouldn't worry about it. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reject mail hosts
Jack Barnett wrote: Thanks for the info. If all of those requests have been denied (by the way, which file are those logged into?) - then have any of them worked? I just want to make sure I'm not relaying/accepting spam! Please don't top-post. Those are logged into /var/log/maillog file - and none of them worked. You can always test your machine for relays using: http://www.abuse.net/relay.html Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Assignment of device names to external USB drives
[EMAIL PROTECTED] wrote: On 19/05/07, Kevin Downey [EMAIL PROTECTED] wrote: On 5/19/07, Denis Fortin [EMAIL PROTECTED] wrote: Greetings, I am trying to set up a backup server, using a combination of internal and external (USB) disk drives. How can I manage the mapping of USB disk drives to device names? i.e. USB drives get assigned device names like da0, da1, da2... when they are detected. But if one of the drives fails or is not powered up, all other ones will get bumped down one in the list next time I reboot. The problem is that if I automatically mount /dev/da0a /archive/volume1, mount /dev/da1a /archive/volume2, etc. I run the risk of having the wrong disk being mounted on a mount point !?! Is there an obvious solution that I'm missing, or a canonical workaround to this problem? when you newfs a drive use the -L flag to give it a label like 'VOLUME1' then if you load the geom_label module that drive becomes availble under /dev/ufs/VOLUME1 Or, if instead of fdisk, you # glabel label disk0 da0 # bsdlabel -w label/fancy0 # newfs -U label/fancy0a # mount /dev/label/fancy0a /bla In addition, you can modify an already created filesystem (as described in glabel(8)): # tunefs -L data /dev/da4s1a Read the glabel(8) and loader.conf(5) man pages. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail ignores hosts.allow
Maxim Khitrov wrote: Hello, I'm trying to restrict access to sendmail via hosts.allow. Don't need a firewall, since I just want to block everyone but the localhost from sending e-mail out. Anyway, it seems that sendmail ignores these settings even though it was compiled with TCPWRAPPERS. I added sendmail : all : deny as the very first line in hosts.allow, just to see if it will let me connect from anywhere. It does - not just from localhost, but from all remote locations as well. I have no problems connecting and sending e-mail. Am I missing something? I followed your earlier thread (hopefully this is a related topic). This is strange. By default, sendmail is disabled. You don't even have to put anything into rc.conf: # grep sendmail /etc/defaults/rc.conf Sendmail listens and accepts local mail only. You can't connect to it from another machine: # telnet some.host.tld 25 Trying 1.2.3.4... telnet: connect to address 1.2.3.4: Connection refused telnet: Unable to connect to remote host You must've tweaked something to make it behave differently. I tested the same setup with sshd, and that works properly. After a quick search on google it seems that I'm not the only one with this problem, but I couldn't find any solution to this. Any help is greatly appreciated. Share with us your testing methodology. From previous thread, I understand that you just want something to submit your local mail (from daemons, scripts, etc). Then as others already said, a simple alias in /etc/mail/aliases and executing newaliases is sufficient. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail ignores hosts.allow
Maxim Khitrov wrote: On 5/21/07, Mikhail Goriachev [EMAIL PROTECTED] wrote: Maxim Khitrov wrote: Hello, I'm trying to restrict access to sendmail via hosts.allow. Don't need a firewall, since I just want to block everyone but the localhost from sending e-mail out. Anyway, it seems that sendmail ignores these settings even though it was compiled with TCPWRAPPERS. I added sendmail : all : deny as the very first line in hosts.allow, just to see if it will let me connect from anywhere. It does - not just from localhost, but from all remote locations as well. I have no problems connecting and sending e-mail. Am I missing something? I followed your earlier thread (hopefully this is a related topic). This is strange. By default, sendmail is disabled. You don't even have to put anything into rc.conf: # grep sendmail /etc/defaults/rc.conf Sendmail listens and accepts local mail only. You can't connect to it from another machine: # telnet some.host.tld 25 Trying 1.2.3.4... telnet: connect to address 1.2.3.4: Connection refused telnet: Unable to connect to remote host You must've tweaked something to make it behave differently. I tested the same setup with sshd, and that works properly. After a quick search on google it seems that I'm not the only one with this problem, but I couldn't find any solution to this. Any help is greatly appreciated. Share with us your testing methodology. From previous thread, I understand that you just want something to submit your local mail (from daemons, scripts, etc). Then as others already said, a simple alias in /etc/mail/aliases and executing newaliases is sufficient. Ok, so here's my current setup. I have sendmail_enable=NO in rc.conf (same as not having it there I guess), I've modified /etc/mail/aliases to forward everything sent to root to my gmail account, and I added sendmail : all : deny as the first line to /etc/hosts.allow while I'm testing everything. Once I make sure that the deny rule works, I'll allow access to sendmail only from localhost. This is all on FreeBSD 6.2, but it's running in a jail, so that might have some effect. From my previous thread, sendmail is used only to accept messages sent by processes running on the server, and send them to real e-mails specified in /etc/aliases. That part works. However, even though sendmail_enable is set to NO in rc.conf, sendmail still listens on port 25, accepts mail from remote hosts, and the hosts.allow rule doesn't seem to apply. Strange, isn't it? By the way, I just tried removing sendmail_enable line from rc.conf completely and that had no effect. All I do for testing is basically start/restart sendmail, then telnet to the server from my workstation at home. I get a standard reply, and can then do the usual HELO, MAIL FROM, RCPT TO, DATA, and so on. Relaying doesn't work, but sending to and all other aliases works fine (which in this case is bad). Think this might be some bug when sendmail is running in a jail? I haven't modified anything beyond what's mentioned in this e-mail, and I've checked all the settings. I can definitely connect to the server from remote hosts despite the rc.conf and hosts.allow configuration. This is a different story now. On your host machine (as in jails' host), sendmail binds to localhost and never responds to outside world. This is expected. However, sendmail in a jail, binds to jail's IP address and that is why you can talk to it from outside. Run this on your host: # sockstat -4l | grep sendmail The output should look like this: root sendmail 1624 4 tcp4 1.2.3.5:25*:* root sendmail 1624 4 tcp4 1.2.3.4:25*:* root sendmail 1624 4 tcp4 1.2.3.3:25*:* root sendmail 1624 4 tcp4 1.2.3.2:25*:* root sendmail 1208 3 tcp4 127.0.0.1:25 *:* The first four are jails. The last one is host's sendmail being disabled. I'd suggest using a firewall to protect your jails instead of trying to completely disable sendmails. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail ignores hosts.allow
doug wrote: On Mon, 21 May 2007, Maxim Khitrov wrote: On 5/21/07, Mikhail Goriachev [EMAIL PROTECTED] wrote: Maxim Khitrov wrote: Hello, I'm trying to restrict access to sendmail via hosts.allow. Don't need a firewall, since I just want to block everyone but the localhost from sending e-mail out. Anyway, it seems that sendmail ignores these settings even though it was compiled with TCPWRAPPERS. I added sendmail : all : deny as the very first line in hosts.allow, just to see if it will let me connect from anywhere. It does - not just from localhost, but from all remote locations as well. I have no problems connecting and sending e-mail. Am I missing something? I followed your earlier thread (hopefully this is a related topic). This is strange. By default, sendmail is disabled. You don't even have to put anything into rc.conf: # grep sendmail /etc/defaults/rc.conf Sendmail listens and accepts local mail only. You can't connect to it from another machine: # telnet some.host.tld 25 Trying 1.2.3.4... telnet: connect to address 1.2.3.4: Connection refused telnet: Unable to connect to remote host You must've tweaked something to make it behave differently. I tested the same setup with sshd, and that works properly. After a quick search on google it seems that I'm not the only one with this problem, but I couldn't find any solution to this. Any help is greatly appreciated. Share with us your testing methodology. From previous thread, I understand that you just want something to submit your local mail (from daemons, scripts, etc). Then as others already said, a simple alias in /etc/mail/aliases and executing newaliases is sufficient. Ok, so here's my current setup. I have sendmail_enable=NO in rc.conf (same as not having it there I guess), I've modified /etc/mail/aliases to forward everything sent to root to my gmail account, and I added sendmail : all : deny as the first line to /etc/hosts.allow while I'm testing everything. Once I make sure that the deny rule works, I'll allow access to sendmail only from localhost. This is all on FreeBSD 6.2, but it's running in a jail, so that might have some effect. sendmail_enable=NO means there is no sendmail daemon running. You can verify this via ps -aux | grep sendmail. Remove that statement. Without a reboot you can start sendmail by cd /etc/mail; make start. sendmail_enable=NO tells sendmail to bind to localhost only (hence it becomes unreachable from the outside): # sockstat -4l | grep sendmail root sendmail 42310 4 tcp4 127.0.0.1:25 *:* sendmail_enable=YES starts/adds the submit capability: # sockstat -4l | grep sendmail root sendmail 42262 4 tcp4 *:25 *:* root sendmail 42262 5 tcp4 *:587 *:* In both cases, executing ps -aux shows sendmail daemon is running. The first knob is the default as per /etc/defaults/rc.conf Unless you have changed the freebsd.mc file and done a 'make install' I do not believe sendmail will accept from any connections except except on 127.0.0.1 (localhost). This is what you want I think. If that's it as others have said, there is no reason to use the hosts.allow mechanism. This is independent of the jail environment. sockstat|grep sendmail and you can see whats going on. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail ignores hosts.allow
Maxim Khitrov wrote: On 5/21/07, doug [EMAIL PROTECTED] wrote: sendmail_enable=NO means there is no sendmail daemon running. You can verify this via ps -aux | grep sendmail. Remove that statement. Without a reboot you can start sendmail by cd /etc/mail; make start. Unless you have changed the freebsd.mc file and done a 'make install' I do not believe sendmail will accept from any connections except except on 127.0.0.1 (localhost). This is what you want I think. If that's it as others have said, there is no reason to use the hosts.allow mechanism. This is independent of the jail environment. sockstat|grep sendmail and you can see whats going on. Not the case for me, having sendmail_enable=NO and not having it in rc.conf results in the same behavior. Here's sendmail rcvar output: Same behaviour because sendmail_enable=NO is already present in /etc/defaults/rc.conf so putting in /etc/rc.conf or removing it from there is the same thing. Without sendmail_enable in rc.conf: # sendmail $sendmail_enable=NO # sendmail_submit $sendmail_submit_enable=YES # sendmail_clientmqueue $sendmail_msp_queue_enable=YES With sendmail_enable=NO: # sendmail $sendmail_enable=NO # sendmail_submit $sendmail_submit_enable=YES # sendmail_clientmqueue $sendmail_msp_queue_enable=YES With sendmail_enable=NONE: # sendmail $sendmail_enable=NO # sendmail_clientmqueue $sendmail_msp_queue_enable=NO So the first two are identical (I don't see why they wouldn't be). As for the sendmail daemon, here's what grep tells me after the server is started: [EMAIL PROTECTED] [/]# ps -aux | grep sendmail smmsp 16473 0.0 0.1 3384 2276 ?? IsJ 4:47PM 0:00.00 sendmail: Queue [EMAIL PROTECTED]:30:00 for /var/spool/clientmqueue (sendmail root 20951 0.0 0.1 3484 2480 ?? SsJ 5:37PM 0:00.00 sendmail: accepting connections (sendmail) root 21303 0.0 0.0 1592 912 pn S+J 5:37PM 0:00.00 grep sendmail And here's sockstat output: [EMAIL PROTECTED] [/]# sockstat -l4 USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root sendmail 20951 4 tcp4 ip:25 *:* root syslogd45182 6 udp4 ip:514 *:* root sshd 60371 3 tcp4 ip:22 *:* As you can see, sendmail is happily listening for all incoming connections with the NO setting. If it would only listen on localhost, then that would be the end of my problems. However, remember that the jail environment doesn't have localhost. In other words 127.0.0.1 does not refer to the jail. Loopback for me is the server's wan ip (hey that rhymes :), which is why I think that not having 127.0.0.1 may be confusing to sendmail. There you go. You just answered yourself. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail ignores hosts.allow
Maxim Khitrov wrote: On 5/21/07, Mikhail Goriachev [EMAIL PROTECTED] wrote: Maxim Khitrov wrote: On 5/21/07, Mikhail Goriachev [EMAIL PROTECTED] wrote: Maxim Khitrov wrote: Hello, I'm trying to restrict access to sendmail via hosts.allow. Don't need a firewall, since I just want to block everyone but the localhost from sending e-mail out. Anyway, it seems that sendmail ignores these settings even though it was compiled with TCPWRAPPERS. I added sendmail : all : deny as the very first line in hosts.allow, just to see if it will let me connect from anywhere. It does - not just from localhost, but from all remote locations as well. I have no problems connecting and sending e-mail. Am I missing something? I followed your earlier thread (hopefully this is a related topic). This is strange. By default, sendmail is disabled. You don't even have to put anything into rc.conf: # grep sendmail /etc/defaults/rc.conf Sendmail listens and accepts local mail only. You can't connect to it from another machine: # telnet some.host.tld 25 Trying 1.2.3.4... telnet: connect to address 1.2.3.4: Connection refused telnet: Unable to connect to remote host You must've tweaked something to make it behave differently. I tested the same setup with sshd, and that works properly. After a quick search on google it seems that I'm not the only one with this problem, but I couldn't find any solution to this. Any help is greatly appreciated. Share with us your testing methodology. From previous thread, I understand that you just want something to submit your local mail (from daemons, scripts, etc). Then as others already said, a simple alias in /etc/mail/aliases and executing newaliases is sufficient. Ok, so here's my current setup. I have sendmail_enable=NO in rc.conf (same as not having it there I guess), I've modified /etc/mail/aliases to forward everything sent to root to my gmail account, and I added sendmail : all : deny as the first line to /etc/hosts.allow while I'm testing everything. Once I make sure that the deny rule works, I'll allow access to sendmail only from localhost. This is all on FreeBSD 6.2, but it's running in a jail, so that might have some effect. From my previous thread, sendmail is used only to accept messages sent by processes running on the server, and send them to real e-mails specified in /etc/aliases. That part works. However, even though sendmail_enable is set to NO in rc.conf, sendmail still listens on port 25, accepts mail from remote hosts, and the hosts.allow rule doesn't seem to apply. Strange, isn't it? By the way, I just tried removing sendmail_enable line from rc.conf completely and that had no effect. All I do for testing is basically start/restart sendmail, then telnet to the server from my workstation at home. I get a standard reply, and can then do the usual HELO, MAIL FROM, RCPT TO, DATA, and so on. Relaying doesn't work, but sending to and all other aliases works fine (which in this case is bad). Think this might be some bug when sendmail is running in a jail? I haven't modified anything beyond what's mentioned in this e-mail, and I've checked all the settings. I can definitely connect to the server from remote hosts despite the rc.conf and hosts.allow configuration. This is a different story now. On your host machine (as in jails' host), sendmail binds to localhost and never responds to outside world. This is expected. However, sendmail in a jail, binds to jail's IP address and that is why you can talk to it from outside. Run this on your host: # sockstat -4l | grep sendmail The output should look like this: root sendmail 1624 4 tcp4 1.2.3.5:25*:* root sendmail 1624 4 tcp4 1.2.3.4:25*:* root sendmail 1624 4 tcp4 1.2.3.3:25*:* root sendmail 1624 4 tcp4 1.2.3.2:25*:* root sendmail 1208 3 tcp4 127.0.0.1:25 *:* The first four are jails. The last one is host's sendmail being disabled. I'd suggest using a firewall to protect your jails instead of trying to completely disable sendmails. I cna't run that on my host, because I only have access to the jail (I'm paying for a vps server with another host). That makes sense however, I had a feeling that it was jail-related. But what about the hosts.allow problem? I can run a firewall, of course, but hosts.allow seems like a more efficient way of doing the same thing. I've already got it configured and working with sshd, so I see no reason why sendmail doesn't want to work the same way. Oh... right. Can't tell you much about hosts.allow, especially in jails, but I reckon someone else will. Good luck! Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list
Re: How to retrieve the list of files to merge by hand
Andrew Falanga wrote: Hi, I just upgraded my box here at home last night and I made a little mistake (fortunately, not one large enough to keep things from working). I updated my source tree to 6.2-RELEASE-p4 and did the make buildworld and make buildkernel. Then I dropped to single user mode to do the installs for both. At the end, as per some instructions from a friend, I did mergemaster -i -a. At the end was quite a long list of files left for me to merge by hand. This was actually a surprise to me because I'd updated two boxes at work earlier in the week and the largest number of file to update by hand was only 2. At any rate, because I was in single user mode, and hadn't started mergemaster with something like, mergemaster -i -a | tee merge.output or something (that's the small mistake that won't happen again), I don't have the list of files to merge. At any rate, with exception to rc.conf and /etc/ttys, I haven't modified anything the system uses anyway. Is there a way of retrieving this list? As a side note, in an effort to get this list (via a pipe command such as the one above), I reran the mergemaster command, but got a much different set of results. Did I completely eliminate any chance I had at getting them? Just run mergemaster again: # cd /usr/src # mergemaster That should do it. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: jail+IPv6
Wojciech Puchar wrote: is in possible? in what version of FreeBSD? There's no IPv6 support for jails, yet. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can't upgrade to samba-3.0.23c_2,1 to samba-3.0.24,1
Christopher Prance wrote: I'm having problems updating samba. I have tried uninstalling the old version then doing a make install clean and even tried reinstalling the old one then using portupgrade, but still no luck the system is telling me because of vulnerabilities in samba 3.0.24,1 it won't work, update my ports tree. Which I have done and still no luck. I understand that right now the ports tree is frozen due to waiting for Xorg 7.2.0 but I would still think I could figure a work around for samba. I'm using a home network and I'm not too worried about vulnerabilities. I have a hardware netgear firewall that is pretty good about keeping people out well atleast until I can figure out how to setup ipfw. Another day Any help would be apreciated! here is the actuall mesg when trying to make install clean after a fresh cvsup of the ports tree. [EMAIL PROTECTED] /usr/ports/net/samba3]# make install clean === NOTICE: This version of port has changed location of Samba password === NOTICE: (smbpasswd) directory. Files in '/usr/local/private' === NOTICE: have moved to '/usr/local/etc/samba'. === samba-3.0.24,1 has known vulnerabilities: = samba -- multiple vulnerabilities. Reference: http://www.FreeBSD.org/ports/portaudit/3546a833-03ea-11dc-a51d-0019b95d4f14.html = Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/net/samba3. *** Error code 1 Stop in /usr/ports/net/samba3. Try with this knob: DISABLE_VULNERABILITIES=yes Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems upgrading a 6.0 install to 6.2-RELEASE-p4
Andrew Falanga wrote: Hi again, Ok, here's the steps I was given to upgrade my 6.0 system to 6.2-RELEASE-p4. 1) cvsup /usr/src using the tags necessary (I was using RELENG_6_2). 2) cd /usr/src 3) make buildworld 4) make buildkernel KERNCONF=GENERIC *here I actually used a different kernel because I had to add options SMP to the conf 5) make installworld 6) make installkernel KERNCONF=GENERIC 7) reboot (and hopefully all is well) So, everything is great until step 5. When I type make installworld I get, ERROR: Required audit gropup is missing, see /usr/src/UPDATING. So I got to take a look at that file. There is a lot of interesting stuff there, but nothing about an audit group that should be present (at least a search for audit group returned no hits). What is this error talking about? Which section of the UPDATING file should I read and follow to correct this? I read, When upgrading from one major version to another it is generally best to upgrade to the latest code in the currently installed branch first, then do an upgrade to the new branch. Does this refer to an upgrade from, say, 5.1 to 6.2, or does this apply to 6.0 to 6.2 as well? I also see, To rebuild everything and install it on the current system make buildworld make kernel KERNCONF=... reboot in single user mergemaster -p make installworld make delete-old mergemaster reboot Is this the procedure I should follow? What is the correct path to go from here? You really must read the following (or at least skim through): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html and /usr/src/Makefile All correct instructions are in there and you shouldn't skip any steps. mergemaster will take care of that audit group among other things. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems upgrading a 6.0 install to 6.2-RELEASE-p4
Andrew Falanga wrote: On 5/18/07, Mikhail Goriachev [EMAIL PROTECTED] wrote: Andrew Falanga wrote: You really must read the following (or at least skim through): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html and /usr/src/Makefile All correct instructions are in there and you shouldn't skip any steps. mergemaster will take care of that audit group among other things. Regards, Mikhail. Ok, I'm reading through the web link you sent. I see in section 23.4.1 the steps are: # make buildworld # make buildkernel # make installkernel # reboot reboot to single user mode that is # mergemaster -p # make installworld # mergemaster # reboot I did these steps then, and I'm still getting the missing audit group errors. What is this audit group, what's its function, etc.? Since nothing of world has been installed yet, can I simply erase /usr/src and replace with the 6.0-RELEASE cd's, which I have, and then do the cvsup once again. This time doing a mergemaster *before* I buildworld and then installworld? This should put you back on track: # pw add group audit Let us know how it goes. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems upgrading a 6.0 install to 6.2-RELEASE-p4
Andrew Falanga wrote: On 5/18/07, Mikhail Goriachev [EMAIL PROTECTED] wrote: Andrew Falanga wrote: You really must read the following (or at least skim through): http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html and /usr/src/Makefile All correct instructions are in there and you shouldn't skip any steps. mergemaster will take care of that audit group among other things. Regards, Mikhail. Ok, I'm reading through the web link you sent. I see in section 23.4.1 the steps are: # make buildworld # make buildkernel # make installkernel # reboot reboot to single user mode that is # mergemaster -p # make installworld # mergemaster # reboot I did these steps then, and I'm still getting the missing audit group errors. What is this audit group, what's its function, etc.? Since nothing of world has been installed yet, can I simply erase /usr/src and replace with the 6.0-RELEASE cd's, which I have, and then do the cvsup once again. This time doing a mergemaster *before* I buildworld and then installworld? That group is related to Security Event Auditing[1]. The following is the entry about it in /usr/src/UPDATING: 20060204: The 'audit' group was added to support the new auditing functionality in the base system. Be sure to follow the directions for updating, including the requirement to run mergemaster -p. Regards, Mikhail. [1] - http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cvsup ports
David Coder wrote: i'm finding that cvsup comes up empty in trying to update the port tree from cvsup2 cvsup3 (haven't tried others). is there something wrong w/ them or have i missed a crucial turn of events? The ports are being frozen due to Xorg integration[1]. Just hang on for a few days. Regards, Mikhail. [1] - http://docs.freebsd.org/cgi/mid.cgi?464983F2.2060100 -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DNS Cache - Bind
Jack Barnett wrote: I'm running Bind 9.3.4 on FreeBSD 6.2 for my local network. It doesn't have any zones, it's just a local DNS that has a bunch of forwarders. The first request is slow (between 150 and 300 ms) - but after that (the next query on same domain) is fast (less then 10 ms usually). This is nice and working the way I like it. :) What I'm wondering though is: a) How do I flush the cache if I need to (ie. need to get a new update from the forwards) - just restart named? # man rndc # rndc flush b) Are there any settings I can tweak that determine how long the cache is kept? (ie. Say I want to keep all queries for 7 days before they are queried from the upstream DNS servers). [This will probably screw up dynamic DNS sites, but want to see what settings are available] # man named.conf But this is what you're after: max-cache-ttl integer; www.isc.org has a lot more (detailed) info. c) Is there a easy way to 'blacklist' sites? Say I want 'SpammerNetwork.com' to resolve to 127.0.0.1. This is a great start: http://www.cymru.com/Documents/secure-bind-template.html Basically I want to take this host file: http://www.mvps.org/winhelp2002/hosts.htm and then pump it into my DNS server, that way all the LAN clients are protected from these sites. Is there a way to do that? Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disk going bad?
Jack Barnett wrote: I think I have a disk going bad. Is there any tools for freebsd that'll check the disk and let me know if there is a hardware problem or not? (I'm getting ECC errors from my controller and trying to firgure out if it's a bad controller or a bad drive [already checked the cables and all that, so just have it down to these 2 peices of hardawre]) I'd suggest downloading your disc manufacturer's diagnostic tools. Those are your better chances to spot faulty drives. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: File System errors
Ross Penner wrote: On 5/15/07, Roland Smith [EMAIL PROTECTED] wrote: On Tue, May 15, 2007 at 12:15:06PM -0600, Ross Penner wrote: I recently had my system freeze so I had to manually restart it. I was worried that there would be some problems with the filesystem so I looked into the matter and discovered the utility fsck. I ran this as root and I got the following: You normally don't have to do this manually. If a filesystem isn't cleanly unmounted, it is automatically checked (in the background if possible, so it might take a while) on the next boot. And in that case fsck won't bother you unless it runs into problems it can't solve. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) Thanks for everybodies help. I restarted in single user mode which allowed me to do the check manually. I'll probably just let the background check go if it happens again. By default, the background checking doesn't do much. In my experience, every time one of the machines goes down, I have to schedule a manual fsck (fsck -fy) in single user mode. Another option, probably, is this: fsck_y_enable=YES It sounds scary though. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unable to mount HDD - Newbie question
Oscar Chavarria wrote: I lost environmental power temporarily a few days ago, and when it was back (almost immediately), the machine restarted without any input from me. I had mounted to /home a 30 GB usb 2.0 hdd. I tried mounting again since I did not find it in df. The prompt is always WARNING: /home was not properly dismounted. The output from dmesg is: da0 at umass-sim0 bus 0 target 0 lun 0 da0: HITACHI- DK23 etc WARNING: /home was not properly dismounted. You have to fsck(8) that disc. Try the following before remounting: # fsck -f /dev/da0s1d Replace da0s1d accordingly (if necessary). Hopefully it helps. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unable to mount HDD - Newbie question
Oscar Chavarria wrote: fsck /dev/da0s1 /home fsck: could not determine filesystem type. Go figure. Might the hdd be damaged? I guess not since boot recognized it, right? Please don't top-post and keep the conversation on the list. It seems like you've tried to fsck only the slice (da0s1). You have to fsck the partition itself: # fsck /dev/da0s1d The last letter should be the one you assigned when you labeled that drive. Show us the output of: # ls /dev/da0* Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unable to mount HDD - Newbie question
Oscar Chavarria wrote: ls /dev/da0s1 /dev/da0s1 Oscar, once again, don't top-post[1] please and show us the output of: # ls /dev/da0* Regards, Mikhail. [1] - http://en.wikipedia.org/wiki/Top-post -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unable to mount HDD - Newbie question
Oscar Chavarria wrote: If you will excuse me for now. I'm trying to solve the top-post problem. I lost environmental power temporarily a few days ago, and when it was back (almost immediately), the machine restarted without any input from me. I had mounted to /home a 30 GB usb 2.0 hdd. I tried mounting again since I did not find it in df. The prompt is always WARNING: /home was not properly dismounted. The output from dmesg is: da0 at umass-sim0 bus 0 target 0 lun 0 da0: HITACHI- DK23 etc WARNING: /home was not properly dismounted. Thank you Paul, tried umount but the result was the same. Tried this: ls /dev/da0* /dev/da0s dev/da0s1 dev/da0s1c dev/da0s1d This is it. Your partition is /dev/da0s1d. Just try: fsck -f /dev/da0s1d ... and then mount it. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Old 4.2 user, with 6.2 newbie questions
Chuck Grimes wrote: [...] My first priority is getting fetchmail running. Here is the fetchmailrc dot file: defaults proto pop3 user mailname poll my.isp.com pass x set daemon 840 As user, I can run fetchmail at the command line, without an error message, but it also doesn't get and deliver any mail. I can send email to myself, but I am sure it never leaves the machine. The [EMAIL PROTECTED] is correct---so sendmail masquerade is working. For example, sendmail does not write: [EMAIL PROTECTED], as it would without masquerade. Fetchmail (new one that is) now can be ran in daemon mode so the following has to be added into /etc/rc.conf: fetchmail_enable=YES fetchmail_polling_interval=300 The fetchmailrc file has to be owned by fetchmail: # ls -al /usr/local/etc/fetchmailrc -rw--- 1 fetchmail fetchmail 6614 Feb 27 11:57 fetchmailrc This is the syntax I use in fetchmailrc: poll pop3.domain.tld proto pop3 no dns user USERNAME1, with password PASSWORD1, is USERNAME1 here; user USERNAME2, with password PASSWORD2, is USERNAME2 here; user USERNAME3, with password PASSWORD3, is USERNAME3 here; Some users aren't located on the same server. So I redirect their correspondence with the help of /etc/mail/aliases: USERNAME3:[EMAIL PROTECTED] I changed the permissions on sendmail back to: $ ll -r-sr-xr-x 1 root wheel 583680 Jan 11 23:42 sendmail from 6.2 default: $ ll -rwsr-xr-x 1 root wheel 583680 Jan 11 23:42 sendmail I've tried it both ways and niether seems to make any difference. For all of that, I didn't have to touch sendmail (apart from aliases). Hopefully this will help you somehow. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: rebuilding the system
Neo [GC] wrote: Hi, first you should get ALL sources. You can do this easily with cvsup. In /usr/share/examples/cvsup/ you find a file called 'stable-supfile'. Copy it to some location (/root for example) and edit it. All you have to change is the line '*default host=CHANGE_THIS.FreeBSD.org'; just chose a FreeBSD CVS-mirror near you. Below you find the line 'src-all', this means you get all kernel and world sources. The line '*default release=cvs tag=RELENG_6' points cvsup to the 6-STABLE branch. Then do a 'cvsup stable-supfile' and wait some time... Check out your /usr/src/, now you should have all files, including UPDATE. Now you can do a 'make buildworld', but remember to cd first into the /usr/src dir. Assuming cvsup is installed, otherwise csup as part of the system is a go. Regards, Mikhail. PS: Please don't top-post. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Complete loss of network on 6_STABLE
Drew wrote: I have a 6 stable box that I cvsup'd at around 5:15am central US time this morning. I did a buildworld and buildkernel on it after checking the UPDATING file and finding nothing since 6.2 release, ran mergemaster and rebooted, so I was a little surprised when it never came back. Once I gained physical access to the box, I discovered it had no apparent ability to open a sock - neither unix, nor udp nor tcp. I can ping localhost, but not other IP's on my network. X tells me host.domain.name:0 is a bad display name. So I need to know how to get things back up and running. Is this a known problem that has been fixed, or have I stumbled across something no one else has seen? As a side note, I have to give major props to all the developers - it sounds like my situation is really bad, but this is the first major problem I've had in over 7 years of tracking -STABLE of one version or another. Let me know if I can just cvsup another 6-stable box and burn it to a disc and copy it off on here, or what I need to do to fix this, because I'm lost. For the record: mergemaster -p make buildworld make buildkernel KERNCONF=mykernel make installworld make installkernel KERNCONF=mykernel mergemaster -a reboot came up with no sockets. At this point: rm -rf /usr/obj make clean make buildworld ...etc - still no sockets. The proper upgrading procedure is described in /usr/src/Makefile (starting from line ~41). Also check the handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html By executing mergemaster -a you don't actually merge the files. This may not update important files. If you're using customised kernel, then probably you took something important out of it. Try GENERIC to rule this one out. I hope this helps. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Complete loss of network on 6_STABLE
Drew wrote: On 4/13/07, *Drew* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Sorry, I had to go back and read my message to see what was there. I've never used -a in my life, and I can only blame that not being a -v on all the trouble I'm having with the keyboard on my wife's laptop. I don't know how she types on this thing. But I'm building a generic kernel and we'll try that. Building and installing Generic was not the answer. It demonstrates exactly the same behavior. I suppose I'll dig /usr/src off of a known good sup and try that. And include /usr/src in my next set of backups here, since space is no longer an issue for storing them. What errors do you get? For instance what happens when you ping hosts on your network? Provide as much info as you can. Maybe someone else would be able to provide some help. Just a shot in the dark. Maybe your problem isn't source related. Try troubleshooting your network connection. See if the network card is up and running. Check if IPs are being assigned (ifconfig). Maybe there's a slight error in /etc/rc.conf. If you can ping localhost then you should also be able to ping NIC's IP. Maybe your firewall isn't playing nice. Those were just random thoughts. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: slightly OT - my freebsd email topology
Derek Ragona wrote: At 12:36 PM 4/5/2007, Jonathan Horne wrote: currently, my email server is just a single box, accepting and sending emails from and to the internet. spamassassin and sendmail, and so far, it works satisfactory. i would like to change it up, so that i have a pair of servers doing MX from the internet, which then passes to an internal server for delivery. if i do that, i could remove spamassassin from the internal server, and run it on just the 2 external. all those configurations is really not my issue here... what im really pondering is how would external servers that are seperate from where the target mailboxes are, know which addressess are acceptable and which to return a 550? does anyone have any setups that are similar to this, and could advise me or point me in the right direction? thanks, jonathan Generally you want to filter and bounce mail at the point of origin, so your mail server that first accepts the mail. As long as you have the bandwidth on that server you would spam check, virus check there, bouncing any bad ones. Then forward to your internal server only clean mail for delivery. Bounces generate backscatters. The idea is to filter and *reject* (instead of bouncing) at the point of origin. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail
Christopher Martin wrote: Spam with randomly generated recipient addresses is draining our mail system's life away, and it seems the easiest way would be to verify the receiving party's/parties' address against Active Directory and then TEMPFAIL any mails that don't have any valid internal mails (rejects would allow directory harvesting to work). [ trim ] Anyone have any suggestions? Has anyone used the hacked LDAProuting method with smarthost and had it work? Maybe I am going to have to hack something together using milter-cli or py-milter to connect up on SMTP port of the Exchange server and do a HELO, FROM and RCPT and see if the account is valid. Am I missing something basic? Currently, we're very happy with the accuracy of our system, but 80% of the spam that hits our quarantine isn't even addressed to someone in the organisation, thus giving us a pile of cruft to go through that is 5 times as big as it should be. Any help or suggestions are appreciated! You could use /usr/ports/mail/mimedefang (www.mimedefang.org) miltered into your sendmail. Sorta like py-milter but in perl. The simplest, quickest and dirtiest solution would be to feed a list of valid recipients into mimedefang and let it accept or reject incoming mail. Then it is a matter of finding a way to keep the list up to date. Or, instead of feeding mimedefang with a list, you could instruct it to poll your internal mail server like you already suggested. For a long term solution I prefer storing aliases, maps, etc. in LDAP. I hope this helps. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: not able to install some ports
dbetts wrote: Mikhail Goriachev wrote: dbetts wrote: I have been trying to install amavisd-new, portgrey, and portupgrade. I get the same error on all ports when they try to install dependencies:(this is an example from trying to install the port portupgrade) [ trim ] Check your connection. Maybe your firewall is a bit tight (NAT problems?). Check what FTP mode you're using. Try to ftp into ftp.freebsd.org. Let us know how it goes. Regards, Mikhail. I am able to ftp into freebsd.org Firewall shouldn't be tight at all, as it is a fresh install of freebsd and I haven't done anything with the firewall. I am running ATT DSL on a 2wire router. Please make sure you also reply to the list. Just a shot in the dark. Try to ftp into ftp.freebsd.org and fetch files manually. If that fails (you're able to ftp, but not download anything) then your router does some blocking. You'd have to start tweaking there. Let us know how it goes. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: updating a jail
Jonathan Horne wrote: im still working on updating 2 jails. i nullfs mounted /usr/src /usr/obj from my host into my jails, and tried to installworld, but got this error: === lib/libcrypt (install) install -C -o root -g wheel -m 444 libcrypt.a /usr/lib install -C -o root -g wheel -m 444 libcrypt_p.a /usr/lib install -s -o root -g wheel -m 444 -fschg -S libcrypt.so.3 /lib install: rename: /lib/[EMAIL PROTECTED] to /lib/libcrypt.so.3: Operation not permitted *** Error code 71 Stop in /usr/src/lib/libcrypt. *** Error code 1 Stop in /usr/src/lib. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. the jail manpage is easy enough to follow, but IMO mastering management and maintenance is much more difficult to learn without good documented guidance. i know many have recommended that i try ezjail and such, but im one of those guys who refuses to pay someone to fix my own car until i fully understand why such an operation is too far above my head. same glutton for pain stance for me on computer stuff too... i force myself to understand the canonical methods first, before i start taking advantage of shortcuts. so... how do i get over or past this error? You can installworld directly from host: host# setenv D /usr/local/jail/JAILNAME host# /etc/rc.d/jail stop JAILNAME host# cd /usr/src host# make installworld DESTDIR=$D host# /etc/rc.d/jail start JAILNAME Don't forget all other mergemaster related steps and the rest of the things mentioned in /usr/src/Makefile. Hopefully this points into the right direction. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: not able to install some ports
dbetts wrote: I have been trying to install amavisd-new, portgrey, and portupgrade. I get the same error on all ports when they try to install dependencies:(this is an example from trying to install the port portupgrade) = bdb-0.6.0.tar.gz doesn't seem to exist in /usr/ports/distfiles/ruby. = Attempting to fetch from ftp://moulon.inra.fr/pub/ruby/. fetch: ftp://moulon.inra.fr/pub/ruby/bdb-0.6.0.tar.gz: Can't open data connection = Attempting to fetch from ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ruby/. fetch: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ruby/bdb-0.6.0.tar.gz: File unavailable (e.g., file not found, no access) = Couldn't fetch it - please try to retrieve this = port manually into /usr/ports/distfiles/ruby and try again. *** Error code 1 I have also tried pkg_add and get the error: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/ruby/bdb-0.6.0.tar.gz: File unavailable (e.g., file not found, no access) Is the ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles down? Or is there a way to install these ports? Check your connection. Maybe your firewall is a bit tight (NAT problems?). Check what FTP mode you're using. Try to ftp into ftp.freebsd.org. Let us know how it goes. Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: www.webanoide.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Moving /var/mail
Lisa Casey wrote: Hi, I want to move /var/mail to /usr/var/mail, then symlink /var/mail to /usr/var/mail to free up space on my (too small on this machine) /var. Of course, I wish to maintain file permissions, ownerships, etc. I decided to try a dry run using a user home directory first to make sure this would work right. Good thing I did... I created /usr/kellyw and attempted to copy the contents of /home/kellyw/ to it. First of all, I tried tar cvpf /usr/kellyw/kellyw.tar /home/kellyw/ When I unpack the tar file, I wind up with /usr/kellyw/home/kellyw/* Not what I wanted. I wanted all of the files in /home/kellyw/ to wind up in /usr/kellyw/ So I then tried to just copy the files using cp -p but I can't get the syntax right on that: # cd /home/kellyw # ls -l total 16 -rw-r--r-- 1 kellyw kellyw 767 Aug 18 14:52 .cshrc -rw-r--r-- 1 kellyw kellyw 248 Aug 18 14:52 .login -rw-r--r-- 1 kellyw kellyw 158 Aug 18 14:52 .login_conf -rw--- 1 kellyw kellyw 373 Aug 18 14:52 .mail_aliases -rw-r--r-- 1 kellyw kellyw 331 Aug 18 14:52 .mailrc -rw-r--r-- 1 kellyw kellyw 797 Aug 18 14:52 .profile -rw--- 1 kellyw kellyw 276 Aug 18 14:52 .rhosts -rw-r--r-- 1 kellyw kellyw 975 Aug 18 14:52 .shrc # cp -p /home/kellyw/* /usr/kellyw/* cp: No match. # cp -p /home/kellyw/ /usr/kellyw/ cp: /home/kellyw/ is a directory (not copied). # cp -p /home/kellyw/*.* /usr/kellyw/*.* cp: No match. Can someone help me out with my syntax? The tar method would probably be better (I guess) though I don't really care which method I use as long as it works (and preserves permissions, etc.). There are only about 60 mailboxes on this system. You could do something like this[1]: # tar -cvf - -C /home/kellyw . | tar -xpBf - -C /usr/kellyw Regards, Mikhail. [1] - Taken from 'man tar', EXAMPLES section. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: freebsd doesm't see my script on boot
Gregory Edigarov wrote: [...] #PROVIDE l2tpd #REQUIRE NETWORKING Try changing those lines to: # PROVIDE: l2tpd # REQUIRE: NETWORKING ^ ^ (add empty spaces and colons) Regards, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: fetchmail - sendmail problem
Karsten Fuhrmann wrote: Hello, i have a problem with some strange spam emails, which lock up my email reception. The problem is the following : I am using fetchmail to download my email (from a pop3 server), and fetchmail passes the email to my local sendmail daemon who gives it to my local imap server (cyrus). This works fine. But sometimes i got a spam email, which has an unresolveable dns origin, and this makes my sendmail crazy in a way, that sendmail wants to resolve but gets a timeout (around 20s). In the meantime the fetchmail which is actualy waiting for sendmail to accept the message gets a timeout from the pop server where it is connected to. Because of that timeout fetchmail stops receiving email from pop server and tries again next time, but next time it will start with the same spam email again, and it all starts again, actually no more new mails will arrive until i delete this particular email from the pop server manually. Is there a way to tweak the timeout behavior of sendmail, or maybe even no dns resolve option for sendmail, or even better some way to tell fetchmail to use the idle command to keep the connectio to the pop server open ? Add this to your .mc file: FEATURE(accept_unresolvable_domains) and let us know how it goes. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HP-1022 laser printer
Andriy Babiy wrote: Hello, Could anybody advise me on the HP-1022 laser printer? Does anyone have this model working on the FreeBSD? I'm going to buy it, therefore I wanted to check if there are any issues/problems about it. I found postings about USB port busy problem, but guys didn't specify clearly the platform they used. Especially, I'm interested in positive experiences. Originally, I posted the question to freebsd-hardware, with no answer though. Thank you for your time. This might come in handy: http://www.linuxprinting.org/show_printer.cgi?recnum=HP-LaserJet_1022 Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Customized Install CD
Cody Holland wrote: I'm looking at trying to build my own customized FreeBSD install CD. The purpose of this is to be able to install FreeBSD with customized kernel, certain packages installed and some added scripts of my own. Being that I have no idea how to do this I have two questions. 1. Is this feasible? 2. Is there some good literature regarding this on the internet that you recommend? Any information would be greatly appreciated! Hi, This might put you on the right track: man release(7) http://www.freebsd.org/doc/en_US.ISO8859-1/articles/releng/release-build.html Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: having hard time with mounting floppies
Tuomas wrote: ajm, Thanks for taking the pains to reply. This is what I tried: localhost# newfs -L FreeBSD /dev/fd0 newfs: wtfs: 512 bytes at sector 2879: Input/output error localhost# newfs_msdos -f 1440 -L MSDOS /dev/fd0 /dev/fd0: 2847 sectors in 2847 FAT12 clusters (512 bytes/cluster) bps=512 spc=1 res=1 nft=2 rde=224 sec=2880 mid=0xf0 spf=9 spt=18 hds=2 hid=0 newfs_msdos: /dev/fd0: Input/output error On another forum, someone suggested to me that I should try FreeBSD 6.x. FreeBSD 5.x has, according to this guy, some problems with some floppies. So maybe I try FreeBSD 6.x, or I will use Linux on this machine. Hi, I suspect the problem does not lie in FreeBSD, but elsewhere. Have you tried using different floppy discs? Specially another brand? Maybe the cable connecting your floppy drive is playing on you or even the drive itself is faulty. I just tried the following on a fresh 5.5-RELEASE install without any problems: # mount -t msdos /dev/fd0 /mnt [...] # fdformat /dev/fd0 # newfs -L FreeBSD /dev/fd0 # newfs_msdos -f 1440 -L MSDOS /dev/fd0 I hope this helps. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.5 and SMP
Noah wrote: Hi there, I just installed 5.5 for the first time and I am trying to make sure that SMP is operating properly. The kernel I have loaded is rebuilt with SMP support. okay the dmesg is showing two logical CPUs. I actually only have one CPU as you can tell by the boot information. I am wondering why top is always displaying '0' in the C column? on my 4.11 machines that number is set to 0 or 1 depending on the logical CPU that is accessed. --- snip Aug 27 19:19:24 hurricane kernel: Hyperthreading: 2 logical CPUs Aug 27 19:19:24 hurricane kernel: real memory = 2145849344 (2046 MB) Aug 27 19:19:24 hurricane kernel: avail memory = 2094419968 (1997 MB) Aug 27 19:19:24 hurricane kernel: FreeBSD/SMP: Multiprocessor System Detected: 2 CP Us Aug 27 19:19:24 hurricane kernel: cpu0 (BSP): APIC ID: 0 Aug 27 19:19:24 hurricane kernel: cpu1 (AP): APIC ID: 1 snip --- Hi, You have to activate hyperthreading: http://docs.freebsd.org/cgi/mid.cgi?20060730235206.7A7B743D45 Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project: A quick reminder ...
Marc G. Fournier wrote: Just a quick reminder to all those that have installed /usr/ports/sysutils/bsdstats ... pre-v3.0 clients no longer work, due to the changes that were made to the database ... please upgrade, and run, the new version available in ports ... Also, as another reminder, the first run of the script after upgrading will take ~15 minutes to run ... there is a 15 min sleep in the script that is enforced at the server end ... Right now, we are at ~40% of the hosts that we were before v3.0, and I'm still seeing database hits on the *old* database, indicating that ppl are still running the old client :( BTW, for those that haven't looked recently at http://www.bsdstats.org ... the US is, of course, leading the pack with ~20% of the installed FreeBSD servers (a whole 129 servers) ... Germany following a close second with ~15% ... And, Canada (my country) is woefully in 5th place with 4% ... come on folks, we need to get all of the numbers up ... Hi, I just upgraded the thing to v3.0_3 and when executing I get: : not found To protect against abuse, the initial challenge/response phase contains a 15 minute pause. Please be patient while this time limit elapses Not sure what happens with that : not found. I also commented sleep 900 line. Waiting for 15 mins is a bit too long. Oh, and Chile is missing again. Thanks for this project Marc! Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project: A quick reminder ...
Bill Moran wrote: Not sure what happens with that : not found. I also commented sleep 900 line. Waiting for 15 mins is a bit too long. That doesn't work. The server also enforces the limit, and your attempt to bypass it will result in you not being registered. See the archives, where this was already discussed once. Just background the job and work on something else until it finishes. Thanks for the info. Uncommented those lines and re-executed the thing (no 15 mins of waiting though) and 3 out of 4 boxes managed to appear in the stats. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project: A quick reminder ...
Marc G. Fournier wrote: On Sat, 26 Aug 2006, Mikhail Goriachev wrote: : not found To protect against abuse, the initial challenge/response phase contains a 15 minute pause. Please be patient while this time limit elapses Fixed ... Not sure what happens with that : not found. I also commented sleep 900 line. Waiting for 15 mins is a bit too long. Oh, and Chile is missing again. Because you removed the 15 minute delay :) Run it now and you'll see Chile pop back up ... the 15 minute delay is enforced on the server side :) Thanks for that Marc. I've got another issue. I registered 4 machines but only 3 appear on the list. One of them is being behind another one through NAT. Could this be the problem? Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project: A quick reminder ...
Marc G. Fournier wrote: On Sun, 27 Aug 2006, Mikhail Goriachev wrote: Thanks for that Marc. I've got another issue. I registered 4 machines but only 3 appear on the list. One of them is being behind another one through NAT. Could this be the problem? Check /var/db/bsdstats, let me know what the KEY value is for the 4 machines ... before you do, try re-running all 4, to make sure that the '4th' didn't get re-run within the 15 minute period ... Yep, re-ran all 4 of them and these are the results: Machine #1: KEY='075cab6e3f3999dfc9d53ba9ba3fdee0' Machine #2: KEY='29da5d0f6b866d9e656448c5aff53da9' Machine #3: KEY='ce8011da3ce748c3e82cc4787e839ce7' Machine #4: KEY='d219c42fca591f6c82251722261b497a' Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project: A quick reminder ...
Marc G. Fournier wrote: On Sun, 27 Aug 2006, Mikhail Goriachev wrote: Marc G. Fournier wrote: On Sun, 27 Aug 2006, Mikhail Goriachev wrote: Thanks for that Marc. I've got another issue. I registered 4 machines but only 3 appear on the list. One of them is being behind another one through NAT. Could this be the problem? Check /var/db/bsdstats, let me know what the KEY value is for the 4 machines ... before you do, try re-running all 4, to make sure that the '4th' didn't get re-run within the 15 minute period ... Fixed ... all four were in there, but one had '' listed for country code ... I've updated the database ... Thanks! -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: remote access solutions for rebuild world ??
ke han wrote: I am about to purchase a new server for FreeBSD 6.1. For rebuilding world, I will need secure remote access to the server while booting in order to startup in single user mode. What solutions do other user recommend for this? Any particular favored than others? Specific hardware recommendations are welcome. thanks, ke han In addition, you could also use something like this: http://www.raritan.com/products/kvm_switches/dominion_kx/prd_line.aspx Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Rebuilding Kernel
Giorgos Keramidas wrote: On 2006-08-21 16:28, beno [EMAIL PROTECTED] wrote: Hi; I just barely finished upgrading from 5.3 to 6.1 and all is well, however, now I realize I have to rebuild my kernel again to accommodate PF. I've edited the correct GENERIC file (I'm on an i386 box). Don't edit GENERIC. It's very rarely a good idea. If you spend some time to fine tune GENERIC to your own particular setup, matching your own preferences, you may be surprised in a very bad way after the next CVSup run, when all your local modifications are blown away by CVSup as it updates your 'GENERIC' configuration to the official GENERIC status. It is a *FAR* better idea to copy GENERIC and edit a copy. Most of the time I even go as far as copying GENERIC _outside_ of the `/usr/src' tree, i.e. in `/root/kernconf/LOCAL' and symlink that file inside the source tree, i.e. at `/usr/src/sys/i386/conf'. Are these commands sufficient? make buildkernel make installkernel Not necessarily. or do I need to redo all this? make buildkernel make installkernel sh /etc/rc.shutdown pkill sendmail pkill syslogd mergemaster -p make installworld mergemaster reboot /usr/local/bin/portmanager -u -f -l -y make delete-old-libs Why are you running `/etc/rc.shutdown' manually? Why are you using `pkill' on Sendmail and syslogd? That was just an *example*[1] I gave Beno for the remote upgrade. Apparently, it's been taken very seriously and copy-pasted. Cheers, Mikhail. [1] - http://lists.freebsd.org/pipermail/freebsd-questions/2006-August/129129.html -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: help me please
Vitaliy Best wrote: Good day! Tell me please, what version of FreeBSD have russian manpages? Or where I can to find russian handbook of FreeBSD? http://www.freebsd.org/ru/ http://www.opennet.ru/ Подпишитесь тоже на рассылку: [EMAIL PROTECTED] Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how to change the root user's name on FreeBSD 6.1 running postfix
Paul Hamilton wrote: Hi, I am running postfix on FreeBSD 4.11 and 6.1 servers. In FreeBSD 4.11, you can run 'chsh root' and edit the name to what you want. However, on my FreeBSD 6.1 servers, I still receive email addressed from 'root unix'. I would like to be able to differentiate the root mail according to server the mail came from :-) Any idea's? Hi, You're after: chpass(1) Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
:::. P4 HTT and DUMP: Corrupted MAC on input.
Hi, I've got the following problem. A few servers, periodically dump(8) through ssh to a central server. That central server comes with a P4 HTT (single core - no frills) processor. A few weeks ago I decided to activate hyperthreading and add SMP capabilities to it. Just for the sake of it. Before those modifications, all servers were dumping without any problems for months, literally. However, now I get random disconnects. It may disconnect after 4%, 95% or not at all. But eventually, some dump processes get randomly disconnected. This is the sample error I get: [...] DUMP: dumping (Pass IV) [regular files] DUMP: 4.60% done, finished in 1:44 at Fri Aug 18 08:45:04 2006 Received disconnect from 192.168.0.1: 2: Corrupted MAC on input. DUMP: Broken pipe DUMP: The ENTIRE dump is aborted. [...] After several days of googling and pulling my hair out, for some reason I decided to get rid off HTT and SMP... and to my amusement, everything is back to normal. I put back SMP+HTT and the disconnects are back again. So in conclusion, in this case, SMP+HTT causes random problems in ssh. Any thoughts on why this is happening? I really would like to know. What about real SMP machines, are they affected as well? Thanks in advance. Cheers, Mikhail. PS: All servers are 6.1-RELEASE-p3 without go-fast-pc flags or whatever. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: cdrecord
dick hoogendijk wrote: Installed cdrecord from ports. This version does not include DVD-R/DVD-RW support code. Cdrecord-porDVD is needed. I want to burn DVD-R's. Can this be done with FreeBSD? Do I need cdrecord-devel for this? Does this help: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/creating-dvds.html Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Rebuilding, Got Questions
beno - wrote: Thank you to everyone who responded. Consolidating your responses, I have revised thus: make.conf file: PERL_VER=5.8.5 PERL_VERSION=5.8.5 PERL_ARCH=mach NOPERL=yo NO_PERL=yo NO_PERL_WRAPPER=yo CFLAGS= -O -pipe NO_BLUETOOTH= true# I have no need of this NO_SENDMAIL= true# I use qmail I'd suggest avoiding extra tweaking. Just leave PERL (anyway it won't affect you since it isn't in the base): PERL_VER=5.8.5 PERL_VERSION=5.8.5 Compile bluetooth and sendmail even though you won't use them. This'll save you extra headaches if something goes horribly wrong. PROCEDURE: /etc/6stable-supfile cvsup -L 2 /etc/6stable-supfile Read the handbook. Especially: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html shut down all services except ssh cd /usr/src make -j4 buildworld // single CPU system You should avoid -j4. make buildkernel make installkernel mergemaster -p reboot Have a look at procedures in file: /usr/src/Makefile Otherwise you're actually forgetting mergemaster step, which is very important. * Instead of jumping directly to /etc/6stable-supfile perhaps I should upgrade to 5.5 and then to 6 (and is this actually 6.1?) How do I do the interim upgrade? And do I want 5.5 or some other version? And is that even necessary? It is possible to go 5.3 - 6.1. Been there, done that and haven't had a single trouble. I got plenty ideas from the following article: http://www.mikestammer.com/dokuwiki/doku.php?id=bsd:updateos However, that one requires some modifications if you're doing it remotely (like in your case). I upgraded one 5.3 a month ago from a completely another continent. So it's possible. * How do I make sure userland and the new kernel are synchronized before rebooting? * How do I make sure the new kernel is capable of booting before actually rebooting? This is what I did (roughly out of my head): 1.- synch your source to 6.1 (or whatever) 2.- make buildworld 3.- make buildkernel 4.- make installkernel 5.- sh /etc/rc.shutdown # kills all your services 6.- pkill sendmail 7.- pkill syslogd 8.- mergemaster -p 9.- make installworld 10- mergemaster # this one is a lot of fun, be careful 11- make delete-old # this one is breath-taking 12- reboot # best suspense ever 13- make delete-old-libs With mergemaster, make sure you read and understand everything. Don't just merge the thing. Also, read /usr/src/UPDATING. That file is the most important file. Don't forget the backups. Good luck! Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project v2.0 ...
Marc G. Fournier wrote: On Mon, 7 Aug 2006, Chris wrote: Just my .02 worth - that Sparc64 listing Is mine Wheee! There are two Sparc64 listings ... both yours? The 8 in Panama are all mine :) Where's Chile? I just added 4 boxes and they're not listed. Excellent job Marc! Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: BSDstats Project v2.0 ...
Marc G. Fournier wrote: On Tue, 8 Aug 2006, Mikhail Goriachev wrote: Marc G. Fournier wrote: On Mon, 7 Aug 2006, Chris wrote: Just my .02 worth - that Sparc64 listing Is mine Wheee! There are two Sparc64 listings ... both yours? The 8 in Panama are all mine :) Where's Chile? I just added 4 boxes and they're not listed. You are now :) Awesome! Thanks for that. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Gotta start somewhere ... how many of us are really out there?
User Freebsd wrote: On Wed, 2 Aug 2006, Nikolas Britton wrote: This may sound dumb but why don't we just put a registration link on the FreeBSD main page... or registration in sysinstall. Isn't this how everyone else handles the problem? User A installs FreeBSD, registers, works with it for a week, finds he isn't getting anything done with it, wipes the drive and goes to something else ... User B installs FreeBSD 5.x, registers, works with it for a while and decides to CVSup to -CURRENT, so now we have an artificially high # of 6.x installs, and an artificially low # of 7.x installs ... nobody looks to be moving to 7.x, therefore why support it from a vendors perspective ... Right, I've been following this thread from the start but didn't want to get involved, even though I felt this is important and necessary. I've come up with this token-based registration idea: Agent: Knock, knock... Server: Hi, give us your last 2 tokens... Agent: I don't have them... I'm a newborn. Server: Ok. Here's one for you $token1 and come back in 7 days. 7 days later (or more if it's a laptop) Agent: Knock, knock... Server: Hi, give us your last 2 tokens... Agent: I only have 1 token. Server: Ok. There you go $token2. Get back in 7 days. 7 days later (or more if it's a laptop) Agent: Knock, knock... Server: Hi, give us your last 2 tokens... Agent: Take them, $token1 and $token2. Server (compares tokens): Thanks, now give us some info about yourself. Agent: Ok, sending $information. Server: Thanks, this is another $token3 for you. Come back in 7 days. ... beyond this point the agent is officially registered but must maintain its rego by reporting every 7 days and keep providing latest 2 tokens ... In short, an agent must earn the registration. In this case it takes 2 weeks. Once it registers, it becomes a real number in the stats. If that agent stops reporting for a few months then it gets removed from the stats. If agent's computer upgrades, then it doesn't matter because it still sends $information (with updates) every time it reports. If another agent steals the tokens then it isn't an issue. The victim gets rejected until it collects new tokens. This is because stolen tokens already got registered. The burglar, in the other hand, stays with that stolen registration and resubmits its own $information (uname, dmesg, whatever), which overwrites victim's data. To strengthen the system and avoid token high-jacks we could increment the number and complexity of tokens. From users' point of view, there are no registration or scary configurations. The system takes over and does everything behind the scenes. For sure, the only necessary thing would be an enable_rego=YES or similar line in /etc/rc.conf. In order to cater for the demand, I reckon there would be enough people willing to donate servers and bandwidth (I'd be one of them). Agents also could detect the closest server on their own and report to it (fastest_cvsup[1] style)... Ok, I'll stop here for now. Cheers, Mikhail. [1] - http://www.freebsd.org/cgi/url.cgi?ports/sysutils/fastest_cvsup/pkg-descr -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: update info on ports
dick hoogendijk wrote: Normally I upgrade my ports if I see new versions. But now I have a question: I saw a new apache22 version (apache-2.2.2_1) but on the apache site I could not find anything related to security bugs or whatever. I *did* find a version 2.2.3 though (not yet in ports!) So now I wonder, what is the difference of port apache-2.2.2 and the latest one apache-2.2.2_1 Imho it should be nice to have some kind of info file in the port telling the reasons to upgrade. Does anyone know? Or should I just wait for apache-2.2.3 (can't be that long). Others already mentioned you about the vulnerability found in v2.2.2. As an addition, you might want to consider installing this: http://www.freebsd.org/cgi/url.cgi?ports/security/portaudit/pkg-descr It'll check and report on a daily basis any vulnerabilities found in your currently installed ports. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: newbee to freebsd, unix, etc...
Bryan Bonifacio wrote: Hi Charlie, I am presently trying to teach myself FreeBSD too and the best HOWTO/Tutorial/Book out there for guys like us are, in my opinion, the FreeBSD Handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/) and Greg Lehey's The Complete FreeBSD (http://www.lemis.com/grog/Documentation/CFBSD/). I've found the two to be very helpful. In addition, after you're done with those, there are excellent articles on www.onlamp.com site. For instance, the ones about ports[1] are just amazing. Cheers, Mikhail. [1] - http://www.onlamp.com/pub/a/bsd/2003/08/07/FreeBSD_Basics.html http://www.onlamp.com/pub/a/bsd/2003/09/18/FreeBSD_Basics.html -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems setting up and properly compiling imap-uw.
Steven Lake wrote: Looking for some help in this rather baffling issue. I'm trying to get a new mail server setup with webmail capabilities (via squirrelmail) and I'm hitting a little snag. Squirrelmail says that the imap server won't accept plain text passwords, yet I compiled from source for plaintext using make -E WITHOUT_SSL and I also tried make -E WITH_SSL_AND_PLAINTEXT. Neither worked. Squirrelmail still complains saying that the imap server doesn't allow plaintext passwords. Any idea what I can do to fix this? Is it a config file I have to change or something? I don't want nor need to do ssl for logins as this will be located on a secure lan, so I'd like to avoid all the crazy stuff that comes with doing an SSL setup. Any help is appreciated. You're forgetting to assign values to your variables. # make -E WITHOUT_SSL=yes or # make -E WITH_SSL_AND_PLAINTEXT=yes Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Problems setting up and properly compiling imap-uw.
Steven Lake wrote: You're forgetting to assign values to your variables. # make -E WITHOUT_SSL=yes or # make -E WITH_SSL_AND_PLAINTEXT=yes Ok, tried that and I got this at compile time: [EMAIL PROTECTED] imap-uw]# make -E WITH_SSL_AND_PLAINTEXT=yes === Vulnerability check disabled, database not found === Extracting for imap-uw-2004g_1,1 = MD5 Checksum OK for imap-2004g.tar.Z. = SHA256 Checksum OK for imap-2004g.tar.Z. === Patching for imap-uw-2004g_1,1 === Applying FreeBSD patches for imap-uw-2004g_1,1 === imap-uw-2004g_1,1 depends on shared library: c-client4.8 - found === Configuring for imap-uw-2004g_1,1 === Building for imap-uw-2004g_1,1 Your imap-uw port matches the version of your cclient port. Fine. SSL check passed. We want SSL support, and cclient has it. Good. make sslunix.nopwd + + Building in full compliance with RFC 3501 security + requirements: ++ TLS/SSL encryption is supported ++ Unencrypted plaintext passwords are prohibited + Followed below here by the typical compile stuff. When I run the config test script I still get this error: ERROR: Your server doesn't allow plaintext logins. Try enabling another authentication mechanism like CRAM-MD5, DIGEST-MD5 or TLS-encryption in the SquirrelMail configuration. Am I still missing something, or didn't the compile go right? My memory is a bit rusty, but you also have to (re)compile cclient[1] with the same knob. If I may ask, out of curiosity. Why imap-uw and not something else that supports maildir format instead of mbox? For instance, courier-imap or dovecot are far better options. Cheers, Mikhail. [1] - /usr/ports/mail/cclient -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple DNS Configuration
David Stanford wrote:
On 7/25/06, Mikhail Goriachev [EMAIL PROTECTED] wrote:
David Stanford wrote:
I've tried everyone's suggestions to no avail. Here's my actual
configuration:
[EMAIL PROTECTED] ~]# /etc/rc.d/named stop
Stopping named.
[EMAIL PROTECTED] ~]# tail -12 /etc/namedb/named.conf
I can't stop mine and then start it again (running in chrooted mode). I
do:
# make rndc reload
Isn't named's default behaviour to run chrooted? It appears so whn looking
at the rc script.
Yep, it is. I got burnt a few times using stop and start in the past.
That is why I only use 'rndc reload'.
Also, when something goes wrong, named won't reload but logs a complaint
into /var/log/messages. So it is a good idea to check logs every time a
change is made.
zone daemonbox.net {
type master;
file master/daemonbox.net;
};
/*
zone 140.246.66.in-addr.arpa {
type master;
file master/140.246.66.in-addr.arpa;
};
*/
[EMAIL PROTECTED] ~]# cat /etc/namedb/master/daemonbox.net
$TTL 3600; 1 hour
daemonbox.net. IN SOA chadwick.daemonbox.net.
dstanford.daemonbox.net. (
2006072400 ; Serial
^^
^^
Make sure your serial increments with every change you make.
I've been ignoring that to save time while troubleshooting as (from my
understanding) it is only used by other name servers so they know to
update their information:
The serial number identifies this version of the zone configuration. Remote
name servers
first retreive the SOA record and check if the serial number has incremented
before
deciding whether to access the rest of the zone, which could be large. Make
sure you
increment this field every time you edit the file. If you don't, your
updates will not
propagate to other name servers. -The Complete FreeBSD, Greg Lehey
Good point. I also got burnt with this one a few times in the past...
now incrementing is my habit. I guess its use depends on the weather.
1d ; Refresh
2h ; Retry
100d; Expire
1h ); Minimum TTL
; DNS Servers
@ IN NS chadwick.daemonbox.net.
@ IN NS ns1.nac.net.
@ IN NS ns2.nac.net.
Remove/comment those nac.net servers just in case (just for now while
testing). Get yours cranking first.
Good point.
; MX Records
IN MX 10 mail.daemonbox.net.
; Machine Names
localhost IN A 127.0.0.1
chadwick IN A 66.246.140.170
mail IN A 66.246.246.58
www IN A 66.246.140.170
@IN A 66.246.140.170
; Aliases
www IN CNAME @
I personally wouldn't use that line. Previous 2 lines are sufficient.
Yea, I feel I may just use the A records as the additional query issue you
mentioned previously leaves me thinking it's the better configuration...it
still bothers me I can't figure it out though. :-/
Not sure what you mean.
[EMAIL PROTECTED] ~]# /etc/rc.d/named start
Starting named.
Check your logs.
I've been checking /var/log/messages but see nothing after recieving that
error. Are all named logs placed here by default?
This is the only place where I look. As far as I'm concerned, if a
reload was unsuccessful, then you'll get something in there. Otherwise
nothing gets logged.
[EMAIL PROTECTED] ~]# host -t a daemonbox.net localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
Host daemonbox.net not found: 2(SERVFAIL)
Does anyone see anything wrong with this? Thanks for all your help!
Can you resolve other domains (e.g.: freebsd.org)? Can't think of
anything else right now.
Yes, as I noted, when I remove the CNAME entry everything works fine. Very
strange...
Not sure about that either. I guess you shouldn't use it then. Anyway,
at least your domain is responding now:
$ host -t a daemonbox.net chadwick.daemonbox.net
Using domain server:
Name: chadwick.daemonbox.net
Address: 66.246.140.170#53
Aliases:
daemonbox.net has address 66.246.140.170
$ host -t a www.daemonbox.net chadwick.daemonbox.net
Using domain server:
Name: chadwick.daemonbox.net
Address: 66.246.140.170#53
Aliases:
www.daemonbox.net has address 66.246.140.170
http://www.dnsreport.com/tools/dnsreport.ch?domain=daemonbox.net
www.dnsreport.com is a great tool for all your DNS needs.
Cheers,
Mikhail.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: [EMAIL PROTECTED]
Web: http://www.webanoide.org
PGP Key ID: 0x4E148A3B
PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B
Re: problems connecting to cvsup servers
Dave wrote: Hello, Is there anything up with the freebsd cvsup servers? I've been trying to update my ports collection for the past two days always getting the same error message: access limit exceeded. I have tried various servers all with the same result. Thanks. Dave. Sounds like those servers are busy. Try neighbouring countries or other continents. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple DNS Configuration
Hi, Try this and let us know how it goes. $ORIGIN example.org. $TTL 3600; 1 hour example.org. IN SOAns.example.org. admin.example.org. ( 2006072400 ; Serial 1d; Refresh 2h; Retry 100d ; Expire 1h ) ; Minimum TTL @ IN NS ns.example.org. IN A 192.168.1.1 ; or whatever your IP is. ; Machine Names localhost IN A 127.0.0.1 host1 IN A 192.168.1.1 host2 IN A 192.168.1.2 host3 IN A 192.168.1.3 = Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple DNS Configuration
David Stanford wrote: Thanks Mikhail, that was it: = @ IN NS ns.example.org. = No worries, glad to hear it's cranking. Now it appears to be working correctly and responding to queries, however I'm noticing I continue to get that same error when I add my CNAME entry: = @ IN CNAMEwww.example.org. = Hmmm... Not sure how that one goes. Doesn't the @ simply represent the domain, in this case example.org? Yes, that's correct. That makes this translate from example.org - www.example.org, correct? The following gives you the result you want: @ IN A192.168.1.1 ; whatever your www's IP is So your DNS will respond with the same IP no matter if it's example.org or www.example.org (assuming www has been declared somewhere as well). Hopefully this helps. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: problems connecting to cvsup servers
Dave wrote: Hello, Thanks for your suggestion. I've tried cvsup1 through cvsup9 and let it try to connect upwards of nearly half an hour, i think this issue has something to do with my boxes, but i don't know what. They can contact the various cvsup servers, but everytime they always get the access limit msg, as if my machines have tried to connect more than once. I've checked for cvsup processes and haven't found any. Is there a lock file or something i can delete? Any other suggestions welcome. Give it a go with this Australian server: cvsup2.au.FreeBSD.org If it fails then show us the content of your cvsup-supfile. Can't think of anything else at the moment. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail system Suggestions
Bill Moran wrote: I don't know enought about Dovecot in particular to say whether or not the speed is _purely_ the result of caching (and being written in C). But I can state a couple of reasons why the server-side cache helps. Keep in mind that IMAP is specifically designed as a clieng/server protocol. I generally have the same mailbox open from three computers: my home, my work and my laptop. When changes are made from one of these, the other two need to get synchronized. Like most people, I try to keep my mails organized into folders that don't get too big, but I still end up with 1000s of mails in each folder. Dovecot keeping a cache/index on the server side allows Dovecot to quickly provide information when the clients want to sync up. When a mail client is first started, it needs to do the equivalent of send me a list of all the emails in this folder. If Dovecot needs to scan each and every message, it can be pretty slow, but if it has an index maintained that it can more or less just ship as is, that's much faster. How often these types of overall sync operations occur under normal usage, I don't know. While I'm not an expert, I believe that Courier maintains indexes as well. Fair enough, thanks for your thoughts. I guess I'll give dovecot a spin when the right time comes (apparently it's still in beta). Meanwhile I'll stick with courier-imap. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail system Suggestions
Martin Hudec wrote: You can give dovecot a try now :), I use it on all mailservers in production environments. It handles my ~54k mails in my mail account pretty well (only slowdown is detected if I use gprs connection ~56kbits). One good thing that counts in for dovecot is that postfix in its current 2.3.x line is able to do smtp authentication directly via dovecot (so no use for sasl* packages) to any backend you use (mysql, ldap etc.) in your dovecot config. Nice and clean. More info: http://www.postfix.org/SASL_README.html#server_dovecot Dovecot with its 1.0 version is pretty stable now, I have been using it since 0.99.x versions (now alpha port is in use, upgrade to beta is planned). Courier-imap is good choice too, I have no objections to it, but my one subjective one perhaps: in its older versions (3.0.x) it seemed to have some kind of psychic problems when dealing with Thunderbird mailclients. Then I switched to Dovecot. Thanks for the info. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail system Suggestions
Martin Hepworth wrote: On a side note, I found Outlook 2003 really shoddy/poor at working with IMAP based systems, esp when you have lots of rules to run and lots of emails to download first thing in the morning. eg would easily 10 minutes to synchonise, whereas thunderbird takes about 10 seconds! So from now I say Outlook doesn't work with IMAP, but merely tolerates them ;-( Yes, Outlook is hard to get along with. I go mental with it a few times a week. Just waiting for the right opportunity and swap it for something else... like Thunderbird. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple DNS Configuration
Matthias Fechner wrote: Hi David, David Stanford wrote: Now it appears to be working correctly and responding to queries, however I'm noticing I continue to get that same error when I add my CNAME entry: = @ IN CNAMEwww.example.org. = write: www IN CNAME example.org. I wouldn't recommend using CNAME for www due to extra DNS lookups[1]. Cheers, Mikhail. See bottom of the page: [1] - http://www.dnsreport.com/tools/dnsreport.ch?domain=microsoft.com -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple DNS Configuration
David Stanford wrote:
I've tried everyone's suggestions to no avail. Here's my actual
configuration:
[EMAIL PROTECTED] ~]# /etc/rc.d/named stop
Stopping named.
[EMAIL PROTECTED] ~]# tail -12 /etc/namedb/named.conf
I can't stop mine and then start it again (running in chrooted mode). I do:
# make rndc reload
Also, when something goes wrong, named won't reload but logs a complaint
into /var/log/messages. So it is a good idea to check logs every time a
change is made.
zone daemonbox.net {
type master;
file master/daemonbox.net;
};
/*
zone 140.246.66.in-addr.arpa {
type master;
file master/140.246.66.in-addr.arpa;
};
*/
[EMAIL PROTECTED] ~]# cat /etc/namedb/master/daemonbox.net
$TTL 3600; 1 hour
daemonbox.net. IN SOA chadwick.daemonbox.net.
dstanford.daemonbox.net. (
2006072400 ; Serial
^^
^^
Make sure your serial increments with every change you make.
1d ; Refresh
2h ; Retry
100d; Expire
1h ); Minimum TTL
; DNS Servers
@ IN NS chadwick.daemonbox.net.
@ IN NS ns1.nac.net.
@ IN NS ns2.nac.net.
Remove/comment those nac.net servers just in case (just for now while
testing). Get yours cranking first.
; MX Records
IN MX 10 mail.daemonbox.net.
; Machine Names
localhost IN A 127.0.0.1
chadwick IN A 66.246.140.170
mail IN A 66.246.246.58
www IN A 66.246.140.170
@IN A 66.246.140.170
; Aliases
www IN CNAME @
I personally wouldn't use that line. Previous 2 lines are sufficient.
[EMAIL PROTECTED] ~]# /etc/rc.d/named start
Starting named.
Check your logs.
[EMAIL PROTECTED] ~]# host -t a daemonbox.net localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
Host daemonbox.net not found: 2(SERVFAIL)
Does anyone see anything wrong with this? Thanks for all your help!
Can you resolve other domains (e.g.: freebsd.org)? Can't think of
anything else right now.
Cheers,
Mikhail.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: [EMAIL PROTECTED]
Web: http://www.webanoide.org
PGP Key ID: 0x4E148A3B
PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Simple DNS Configuration
Mikhail Goriachev wrote: David Stanford wrote: I've tried everyone's suggestions to no avail. Here's my actual configuration: [EMAIL PROTECTED] ~]# /etc/rc.d/named stop Stopping named. [EMAIL PROTECTED] ~]# tail -12 /etc/namedb/named.conf I can't stop mine and then start it again (running in chrooted mode). I do: # make rndc reload Oops, I meant: # rndc reload -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DHCPd Will Not Listen on the Correct Interface
Serban Giuroiu wrote: Hello, everybody. I have a fresh install of FreeBSD 6.1-RELEASE on a machine with several NICs, and I need to run different DHCP servers for different subnets on different NICs. I installed isc-dhcp3-server-3.0.4_2 from ports with the default options enabled (of importance: DHCP_PARANOIA and DHCP_JAIL). These are the interfaces I need to run DHCPd on: fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 [...] rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 What happens if you add them into /etc/rc.conf?: dhcpd_ifaces=fxp0 rl0 According to the man page, dhcpd takes as a last argument the interface it should bind to. I run one dhcpd for the interface rl0 like so: /usr/local/sbin/dhcpd -cf /usr/local/etc/dhcpd.conf.rl0.10.0.0.0 -lf /var/db/dhcpd.leases.rl0.10.0.0.0 -pf /var/run/dhcpd.pid.rl0.10.0.0.0 -user dhcpd -group dhcpd rl0 I prefer using: (necessary variables are declared in /etc/rc.conf) # /usr/local/etc/rc.d/isc-dhcpd.sh start After searching through Google, forums, and mailing lists, I have not encountered a post describing a similar situation. Does anybody know what the problem might be? I hope this helps. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DHCPd Will Not Listen on the Correct Interface
Serban Giuroiu wrote: On Saturday 22 July 2006 02:43, Erik Nørgaard wrote: Do you have a particular reason to run two daemons separately? In your dhcpd.conf you can specify multiple subnets and just start the daemon, dhcpd will send a reply matching the subnet of the interface a request was received on. It won't send replys on subnets it have no configuration for. I didn't think of that! I condensed my configuration into one file, and DHCPd is now happily serving both subnets. It's still listening on all interfaces, but a little PF magic will ensure that isn't a problem. Instead of PF, you can control serving interfaces from /etc/rc.conf: dhcpd_ifaces=fxp0 rl0 Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mail system Suggestions
jan gestre wrote: On 7/22/06, Dave [EMAIL PROTECTED] wrote: Hi, I would recommend dovecot. It's capable of both imap as well as pop if you later want to add that and can do encrypted versions of those protocols as well. Dovecot is also in my opinion much easier to configure and less resource intensive than other imap servers. If i can be of any assistance let me know. Thanks. Dave. i second it, dovecot works great, try it. I'm not into starting a flaming session, but dovecot's indexing/caching capabilities are the only things that make it fast. Am I right? Well, it is also written in C. I came across a few posts[1][2], though they're old, saying that everything depends on e-mail clients as well. I'm responsible for 2 courier-imap in production and about to start working on a new one. This and previous threads regarding dovecot caught my attention and it sounds interesting. However, what good is there having indexes on IMAP server and on local machine? I realised that my Thunderbird keeps record of all my folders and their contents. So roughly I've got ~800MB of e-mails on IMAP and 12MB of indexes in Thunderbird's profile. Also, apparently Outlook 2003 caches absolutely everything. I've seen accounts with 2.9GB worth of e-mails on IMAP and generated outlook.pst as big as 950MB. Maybe dovecot's indexing features would be great in webmail environments? Maybe I just got lost somewhere. Any input would be highly appreciated. Cheers, Mikhail. [1] - http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg19821.html [2] - http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg19834.html -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: no more /var/run/sendmail.pid file
Noah wrote: Hi there, FreeBSD 4.11 ESMTP Sendmail 8.13.7/8.13.7 might you please help me with generating and/or finding an appropriate /etc/mail/Makefile ? since I upgraded to 8.13.7 there appears to no longer be a /var/run/sendmail.pid file . # make restart /bin/kill -HUP `head -1 /var/run/sendmail.pid` head: /var/run/sendmail.pid: No such file or directory usage: kill [-s signal_name] pid ... kill -l [exit_status] kill -signal_name pid ... kill -signal_number pid ... *** Error code 1 Hi, Is it at least running? # ps -auxw | grep sendmail If not, then, what happens if you do: # make start Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: :::. Sendmail WorkAroundBrokenAAAA.
Doug Hardie wrote: That option has worked quite well for me. However, there may be something unusual with the DNS for that domain. You will probably need to provide some specifics on the domain so we can see what DNS is returning. Thanks for looking into this. I just realised that the domain in question got fixed overnight after notifying the sysadmin. I guess this is a good thing, yet I'm left puzzled with the difference between confBIND_OPTS option and compiled INET6 support. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: :::. Sendmail WorkAroundBrokenAAAA.
Dan Busarow wrote: On Wednesday, July 19, 2006, at 01:09 AM, Mikhail Goriachev wrote: Doug Hardie wrote: That option has worked quite well for me. However, there may be something unusual with the DNS for that domain. You will probably need to provide some specifics on the domain so we can see what DNS is returning. Thanks for looking into this. I just realised that the domain in question got fixed overnight after notifying the sysadmin. I guess this is a good thing, yet I'm left puzzled with the difference between confBIND_OPTS option and compiled INET6 support. WorkAroundBroken does not disable IPv6 lookups, it simply changes the behaviour when receiving SERVFAIL during an IPv6 lookup. Thanks for your input Dan. This was exactly my problem. I was getting SERVFAIL and the WorkAroundBroken wasn't doing its job despite its purpose to overcome broken DNS responses. Hence, I decided to recompile sendmail without INET6 support and it worked. From the sendmail ops manual Use “WorkAroundBroken” when faced with a broken nameserver that returns SERVFAIL (a temporary failure) on T_ (IPv6) lookups during hostname canonification. Dan -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: :::. Sendmail WorkAroundBrokenAAAA.
David Robillard wrote: Thanks for looking into this. I just realised that the domain in question got fixed overnight after notifying the sysadmin. I guess this is a good thing, yet I'm left puzzled with the difference between confBIND_OPTS option and compiled INET6 support. Hello Mikhail, The difference is rather simple. The sendmail program will look up records only if it is built with the NETINET6 compile-time macro defined. If so, it looks up records first, then A records. Thus, if sendmail is not compiled for IPv6, then the resolver will never query records. Hence there will never have a problem related to the WorkAroundBroken. See 24.9.91 as ResolverOptions and 9.2.7 as Broken IPv6 Name Servers in the sendmail book by O'Reilly (the so called Bat Book ISBN: 1-56592-839-3) I actually came across someone on the net mentioning that book and related IPv6 problems. This is where I got the idea of recompiling sendmail without INET6 support. The book recommends the following if you find a broken Name Server: a) Notifiy the hostmaster running the broken name server. The sooner the broken name servers are fixed, the cleaner the internet will run. Yep, did that and it got fixed. b) Add the define(`confBIND_OPTS', `+WorkAroundBroken')dnl into your sendmail.mc file. I tried that and it didn't work for me. That is why I started this thread. That line should've fixed my problem but nothing happened. I noticed you have an extra '+' in your line. I was using: define(`confBIND_OPTS', `WorkAroundBroken')dnl Not sure if that would've made any difference. Thanks for your input David. Regards, David -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
:::. Sendmail WorkAroundBrokenAAAA.
Hi everyone, I found a problem and its solution. Now I'd like someone to help me understand a few things please. My stock sendmail cannot send emails to a certain domain due to broken DNS () responses. All correspondence gets queued with a: (Deferred: Name server: server here.: host name lookup failure) Apparently, the following line in sendmail's .mc config file is sufficient: define(`confBIND_OPTS', `WorkAroundBroken')dnl However, this doesn't help me at all. The only workaround that does the job is to recompile sendmail with NO_INET6=YES in /etc/make.conf. After that, everything gets sent immediately without problems. So my question is: why define(`confBIND... line doesn't get picked up by sendmail when compiled with INET6 support? The whole set-up is running on: FreeBSD 6.1-RELEASE-p3 Sendmail 8.13.6 Any input on the matter would be highly appreciated. Cheers, Mikhail. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: [EMAIL PROTECTED] Web: http://www.webanoide.org PGP Key ID: 0x4E148A3B PGP Key Fingerprint: D96B 7C14 79A5 8824 B99D 9562 F50E 2F5D 4E14 8A3B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
