Re: ThinkPad T41p suspend is fine from console, hangs from X

[Jonathan Thornburg]

In message http://marc.info/?l=openbsd-miscm=118157353605570w=1
I wrote
# I have a problem with suspend-to-RAM on an IBM/Lenovo ThinkPad T41p
# running OpenBSD 4.1-stable.  Basically, suspend-to-RAM works fine if
# I'm not running X, but hangs the system if I'm running X.  My basic
# question is, has anyone gotten suspend-to-RAM to work while X is
# running on a T41p, and if so, how did you do it?

In message http://marc.info/?l=openbsd-miscm=118158640324339w=1,
Niall O'Higgins suggested
 Try switching to console before suspend.

and in message http://marc.info/?l=openbsd-miscm=118159088829879w=1,
Jussi Peltola offered a pointer to a program to do this automatically.

That's a good idea!  Alas, when I tried it, the results were the same
as when I tried suspend from within X :( :(
# == the moon-shaped status light starts blinking
# and keeps on blinking, disk and fan stay running,
# and the machine is hung (all keyboard input is ignored,
# including 'Fn' and 'Fn-F4'; I have to power-cycle it
# to regain control (which in turn requires fsck-ing all
# mounted the file systems etc))

More generally, the *only* conditions under which suspend-to-RAM works
is if X has *never* been run since the last reboot.

Since X is so tied up in this, I should also note that I do *not* have
an 'xorg.conf' -- the system is using some sort of internally-generated
default X configuration, which works fine (which is why I never bothered
to set up my own 'xorg.conf'.  (My X resolution is 1400x1050, default
depth 16 bits/pixel, other available depths 1, 4, 8, 15, 24, 32.)
One of the things I haven't yet tried, but plan to try soon, is to set
up an explicit 'xorg.conf' (eg there's a T41p configuration on the OpenBSD
laptops page http://www.openbsd.org/i386-laptop.html which gives one),
and see if this helps.

ciao,

-- 
-- Jonathan Thornburg -- remove -animal to reply [EMAIL PROTECTED]
   Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut)
   and School of Mathematics, U of Southampton, England
   Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral.
  -- quote by Freire / poster by Oxfam

libexpat confusion

[Jaap Versteegh]

Hello,

I am running -current and I'm a little confused about expat.
It was removed from the ports tree, with message expat comes with OpenBSD as of 
release 4.2. Indeed I see it is in /usr/src/lib/libexpat. However it is not in 
/usr/src/lib/Makefile, so it isn't being built.
My direct problem is building /usr/ports/devel/apr-util, which aparently looks 
for expat in $X11BASE (/usr/X11R6). Since I don't have X installed this fails.
Furthermore, I don't want to install X and surely apr-util doesn't need to 
depend on it.


Can someone enlighten me about where expat ought to be, so I can modify the 
Makefile for apr-util correctly ?


TIA,
Jaap Versteegh

Re: libexpat confusion

[Stuart Henderson]

On 2007/06/12 12:33, Jaap Versteegh wrote:
 My direct problem is building /usr/ports/devel/apr-util, which aparently 
 looks for expat in $X11BASE (/usr/X11R6). Since I don't have X installed 
 this fails.

you'll need to install xbase. the libraries from xbase are needed
for quite a few things in ports. xbase comes with two setgid binaries,
xlock and xterm, which you may conceivably want to chmod.

you don't need xserv or machdep.allowaperture.

 Furthermore, I don't want to install X and surely apr-util doesn't need to 
 depend on it.

it does, because it uses expat, and that's where expat comes from in
-current.

Spamd variation

[Praveen]

Hi,
   From the man page it appears that spamd relies on 
static information about spam originators.
Why not a more dynamic scheme ?.

Why not run the content of the mail through a spam
detector (like dspam), find the spam score and make
decisions based on that. I know that spam detection
is no where near perfect but it can be used for
assigning a 'badness score' to a site(originator of
email). So a site keeps getting this score and the
average (per msg) exceeds a we black list the site for
fixed duration. Similarly for white listing.

'Badness score' and also be assigned for other things,
like trying to send to non-existant user (a typical
spammer probe), absence of mx entry etc.


A milter(sendmail/postfix) can be implemented for
this.
Thus decisions will be more dynamic and 'configuration
free'.

Does this sound reasonable ?

regards
Praveen


  
___
You snooze, you lose. Get messages ASAP with AutoCheck
in the all-new Yahoo! Mail Beta.
http://advision.webevents.yahoo.com/mailbeta/newmail_html.html

Re: Spamd variation

[RW]

On Tue, 12 Jun 2007 03:04:23 -0700 (PDT), Praveen wrote:

Hi,
   From the man page it appears that spamd relies on 
static information about spam originators.
Why not a more dynamic scheme ?.

Why not run the content of the mail through a spam
detector (like dspam), find the spam score and make
decisions based on that. I know that spam detection
is no where near perfect but it can be used for
assigning a 'badness score' to a site(originator of
email). So a site keeps getting this score and the
average (per msg) exceeds a we black list the site for
fixed duration. Similarly for white listing.

'Badness score' and also be assigned for other things,
like trying to send to non-existant user (a typical
spammer probe), absence of mx entry etc.


A milter(sendmail/postfix) can be implemented for
this.
Thus decisions will be more dynamic and 'configuration
free'.

Does this sound reasonable ?


No.

That would make spamd into bloatware and much less efficient.

People who want milters, content-inspection, RBL lookups and whatever
can run them in conjunction with their MTA.

spamd does all I want it to do with no measureable load on my system. I
do NO content inspection and there have been only 3 spams total which
got to any user in this domain since 1/1/7.

Content inspection practitioners are always playing catchup and
fiddling with ham/spam training for their toys and then along comes the
next trick of the spammers = back to square one.

Thanks to beck@ and company I don't have to play that silly game.

R\/\/.

In the beginning was The Word
and The Word was Content-type: text/plain
The Word of Rod.

Re: Spamd variation

[Lars Hansson]

Praveen wrote:
   From the man page it appears that spamd relies on 
static information about spam originators.


greylisting is pretty dynamic.

---
Lars Hansson

Re: Spamd variation

[Jacob Yocom-Piatt]

RW wrote:
 On Tue, 12 Jun 2007 03:04:23 -0700 (PDT), Praveen wrote:

   
 Hi,
   From the man page it appears that spamd relies on 
 static information about spam originators.
 Why not a more dynamic scheme ?.

 Why not run the content of the mail through a spam
 detector (like dspam), find the spam score and make
 decisions based on that. I know that spam detection
 is no where near perfect but it can be used for
 assigning a 'badness score' to a site(originator of
 email). So a site keeps getting this score and the
 average (per msg) exceeds a we black list the site for
 fixed duration. Similarly for white listing.

 'Badness score' and also be assigned for other things,
 like trying to send to non-existant user (a typical
 spammer probe), absence of mx entry etc.


 A milter(sendmail/postfix) can be implemented for
 this.
 Thus decisions will be more dynamic and 'configuration
 free'.

 Does this sound reasonable ?

 

 No.

 That would make spamd into bloatware and much less efficient.

 People who want milters, content-inspection, RBL lookups and whatever
 can run them in conjunction with their MTA.

 spamd does all I want it to do with no measureable load on my system. I
 do NO content inspection and there have been only 3 spams total which
 got to any user in this domain since 1/1/7.

 Content inspection practitioners are always playing catchup and
 fiddling with ham/spam training for their toys and then along comes the
 next trick of the spammers = back to square one.

   

i second this. started working at my current job and there was a ton of
spam coming through until i setup spamd. some spam outfits, e.g.
OptInBig.com, took a bit of energy and analysis to block (thrown into
blacklists) but now that it's done, we get very little spam. the amount
of energy i have to expend on a regular basis to keep spamd working
effectively is approximately 0.

 Thanks to beck@ and company I don't have to play that silly game.

   

here here! carefully reading the RFCs can be a beautiful thing indeed.

cheers,
jake

 R\/\/.

 In the beginning was The Word
 and The Word was Content-type: text/plain
 The Word of Rod.

Re: libexpat confusion

[Jaap Versteegh]

Thank you for your reponse.

Furthermore, I don't want to install X and surely apr-util doesn't need to 
depend on it.


it does, because it uses expat, and that's where expat comes from in
-current.
That explains the need for the 'depend' from the point of view of the apr-util 
Makefile developer.
From an overall or user perspective, the need for any package that uses the 
expat xml parser to depend on the xbase package, is still entirely unclear. For 
one: this dependency was never neccessary in the past. Shouldn't expat not just 
go into /usr/lib ?


And you are right about the fact that other ports depend on X being present.
Like databases/odbc == gtk+-1.2.10p6 uses X11, but /usr/X11R6 not found.
A database connectivity driver that depends on a GUI toolkit.. sounds fishy to 
me.

I hope OpenBSD doesn't slowly go GNU/Linux in the spaghetti sense.

Jaap

multiple ldap servers with mod_auth_ldap

[Thierry Lacoste]

Hello,

I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1
and I'd like to make it authenticate on 2 ldap servers
in case one is down.

I fought with the AuthLDAPURL directive but with no success.

Any help would be appreciated.

Regards,
Thierry.

Re: libexpat confusion

[Lars Hansson]

Jaap Versteegh wrote:
For one: this dependency was never neccessary in the past. 


Because in the past there was an expat port.


Shouldn't expat not just go into /usr/lib ?


It's part of Xorg and therefore it belong in /usr/X11R6/lib/.

And you are right about the fact that other ports depend on X being 
present.

Like databases/odbc == gtk+-1.2.10p6 uses X11, but /usr/X11R6 not found.
A database connectivity driver that depends on a GUI toolkit.. sounds 
fishy to me.


Complain to the odbc people for depending on gtk. This has nothing to do 
with expat or OpenBSD.



I hope OpenBSD doesn't slowly go GNU/Linux in the spaghetti sense.


This is exactly what is avoided by not also having a standalone port of 
expat.


---
Lars Hansson

Re: RAIDFrame root autoconfig fails in -current

[Kenneth R Westerback]

On Mon, Jun 11, 2007 at 02:10:34PM -0400, Brian A. Seklecki wrote:
 On Mon, 11 Jun 2007, Otto Moerbeek wrote:
 
 
 Please contact krw@, he has been searching testers for RAIDframe root
 autoconfig on [EMAIL PROTECTED] There's even a diff posted there, iirc.
 
 I'm your point-man there.  A while back I wrote 3 pages of 
 technical detritus on making it work in 3.9/4.0.  ISOs w/ install.sh 
 patches, too.
 
 So we're changing the software raid subsystems eh?
 
 ~BAS
 
 
  -Otto
 
 
 The disklabel is correct, and if I use a non-RAID boot drive, raid0a can
 

I committed the diff to raidframe to 'fix' raidgetdisklabel() so it
behaves/gets used like other drivers. It should be in snapshots
after today.

With this and the other disklabel changes going on, hammering at
raidframe to uncover issues in odd cases (or normal cases for that
matter) much appreciated.

 Ken

chroot'ed httpd howto

[stefan hoffmann]

Hi,

I'm currenly having troubles running MediaWiki on 4.1, but I assume it's 
due to my poor understanding of the chroot'ed httpd and running php.


So is there somewhere an howto or a faq about troubleshooting problems 
in this field?


The actual problem: once a user has logged into and switches to another 
page, the login state is lost.



mfG
-- stefan --

Re: upgrading RAIDFRAME systems

[Nick Bender]

On 6/12/07, Josh Grosse [EMAIL PROTECTED] wrote:

On Mon, Jun 11, 2007 at 06:59:46PM -0400, Nick Holland wrote:
 am I missing something, or did you neglect to help him with his question,
 which was about how to upgrade with RAIDframe in use?

I had everything except building the kernel, and placing it on the one (or
two) non-RAIDFrame controlled partitions for booting.  Yep, I forgot
that. :(



I have several low end machines with dual SATA drives and have the full
install under raidframe with the recommended a=/, b=swap, d=/usr, etc...
Both drives have separate 4gb partitions which each have a full install
serve as the boot partition.

1. Backup all data.
2. Disabe raidframe autoconfiguration.
3. Do a full install on the second drive's 4gb partition and boot on that.
4. Enable raidframe and make install a new kernel.
5. Boot the new version on the second drive.

At this point if everything works you can newfs any of the pre-upgrade
raid partitions and dump/restore from the new install on the second
drive to the raid partitions. If you made separate data partitions that don't
need upgraded you don't have to touch them. Don't forget to resync the
first boot partition with the second and turn on autoconfiguration. Oh,
remember to run installboot as part of resyncing (DOH!).

If for some reason you're new install is faulty you can just resync the
second boot partition with the first (installboot!), re-enable autoconfig,
and a reboot gets you back to square one.

-N

Re: multiple ldap servers with mod_auth_ldap

[Brian A. Seklecki]

You can make a single service host address a highly available 
(active-standby, load-balancing) using a number of mechanisms (hardware, 
network devices, pf(4) w/ NAT) as opposed to trying to do it for every 
protocol in software.


check out bob beck's talk(s) on pf(4)

~BAS

On Tue, 12 Jun 2007, Thierry Lacoste wrote:


Hello,

I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1
and I'd like to make it authenticate on 2 ldap servers
in case one is down.

I fought with the AuthLDAPURL directive but with no success.

Any help would be appreciated.

Regards,
Thierry.




l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?
~James Maynard Keenan

Re: multiple ldap servers with mod_auth_ldap

[Henning Brauer]

* Thierry Lacoste [EMAIL PROTECTED] [2007-06-12 14:35]:
 Hello,
 
 I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1
 and I'd like to make it authenticate on 2 ldap servers
 in case one is down.
 
 I fought with the AuthLDAPURL directive but with no success.

  AuthName something good
  AuthType Basic
  AuthLDAPURL ldap://a.ldap.bsws.de b.ldap.bsws.de/ou=..?uid?sub?objectclass=...
  AuthLDAPBindDN cn=http-auth,...
  AuthLDAPBindPassword ...
  AuthLDAPStartTLS off  # broken... stupid OpenLDAP

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: chroot'ed httpd howto

[Jacob Yocom-Piatt]

stefan hoffmann wrote:

Hi,

I'm currenly having troubles running MediaWiki on 4.1, but I assume 
it's due to my poor understanding of the chroot'ed httpd and running php.


So is there somewhere an howto or a faq about troubleshooting problems 
in this field?


The actual problem: once a user has logged into and switches to 
another page, the login state is lost.




search the misc@openbsd.org archives on MARC for this. troubleshooting 
is, in most cases, a matter of figuring out what you want to run, using 
ldd and copying dependencies inside the chroot.


cheers,
jake



mfG
-- stefan --

Re: multiple ldap servers with mod_auth_ldap

[Thierry Lacoste]

On Tuesday 12 June 2007 15:07, Henning Brauer wrote:
 * Thierry Lacoste [EMAIL PROTECTED] [2007-06-12 14:35]:
  Hello,
 
  I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1
  and I'd like to make it authenticate on 2 ldap servers
  in case one is down.
 
  I fought with the AuthLDAPURL directive but with no success.

   AuthName something good
   AuthType Basic
   AuthLDAPURL ldap://a.ldap.bsws.de
 b.ldap.bsws.de/ou=..?uid?sub?objectclass=... AuthLDAPBindDN
 cn=http-auth,...
   AuthLDAPBindPassword ...
   AuthLDAPStartTLS off  # broken... stupid OpenLDAP
Argh, is this because of AuthLDAPStartTLS that I couldn't make it work?
I will try it just out of curiosity but I've just configured my OpenLDAP
servers to reject non-TLS connexions.
I don't like the idea of cleartext passwords on the wire ...

Thierry.

Re: libexpat confusion

[Joachim Schipper]

On Tue, Jun 12, 2007 at 02:23:06PM +0200, Jaap Versteegh wrote:
 Furthermore, I don't want to install X and surely apr-util doesn't need 
 to depend on it.
 
 it does, because it uses expat, and that's where expat comes from in
 -current.
 That explains the need for the 'depend' from the point of view of the 
 apr-util Makefile developer.
 From an overall or user perspective, the need for any package that uses the 
 expat xml parser to depend on the xbase package, is still entirely unclear. 
 For one: this dependency was never neccessary in the past. Shouldn't expat 
 not just go into /usr/lib ?

Well, OpenBSD's dual system for dealing with software ('base' and
'ports') could be criticized, but unless you want to do that, there is
no more sensible way to do this. The alternative would be to require
someone to install a port before installing X, which makes even less
sense.

Really, this is a non-problem. Just install the whole base system,
including at least xbase, and be done with it.

Joachim

-- 
TFMotD: atc (6) - air traffic controller game

Re: multiple ldap servers with mod_auth_ldap

[Henning Brauer]

* Thierry Lacoste [EMAIL PROTECTED] [2007-06-12 15:27]:
 On Tuesday 12 June 2007 15:07, Henning Brauer wrote:
  * Thierry Lacoste [EMAIL PROTECTED] [2007-06-12 14:35]:
   Hello,
  
   I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1
   and I'd like to make it authenticate on 2 ldap servers
   in case one is down.
  
   I fought with the AuthLDAPURL directive but with no success.
 
AuthName something good
AuthType Basic
AuthLDAPURL ldap://a.ldap.bsws.de
  b.ldap.bsws.de/ou=..?uid?sub?objectclass=... AuthLDAPBindDN
  cn=http-auth,...
AuthLDAPBindPassword ...
AuthLDAPStartTLS off  # broken... stupid OpenLDAP
 Argh, is this because of AuthLDAPStartTLS that I couldn't make it work?
 I will try it just out of curiosity but I've just configured my OpenLDAP
 servers to reject non-TLS connexions.
 I don't like the idea of cleartext passwords on the wire ...

neither do I, nor do i fully remember what the problem was. maybe time 
to retry.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: chroot'ed httpd howto

[stefan hoffmann]

stefan hoffmann schrieb:
I'm currenly having troubles running MediaWiki on 4.1, but I assume it's 
due to my poor understanding of the chroot'ed httpd and running php.

D'oh: I had not changed the rights for /var/www/tmp...

Thanks to all.

mfG
-- stefan --

Re: libexpat confusion

[Jaap Versteegh]

Lars Hansson wrote:


It's part of Xorg and therefore it belong in /usr/X11R6/lib/.

Really ?
I see it in extra's:
http://xorg.freedesktop.org/releases/X11R7.2/src/extras/

I also see perl in there. So should perl go into /usr/X11R6/bin ?

Jaap

Re: chroot'ed httpd howto

[Chris Tankersley]

stefan hoffmann wrote:

Hi,

I'm currenly having troubles running MediaWiki on 4.1, but I assume 
it's due to my poor understanding of the chroot'ed httpd and running php.


So is there somewhere an howto or a faq about troubleshooting problems 
in this field?


The actual problem: once a user has logged into and switches to 
another page, the login state is lost.



mfG
-- stefan --


I moved a MediaWiki install  1.6 from an Ubuntu Server to OpenBSD 
4.1-stable without any issues. Not really much help in your situation, 
but maybe there is something else other than it being in a chroot that 
is causing the issue?


Chris

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: libexpat confusion

[Jaap Versteegh]

Joachim Schipper wrote:

Well, OpenBSD's dual system for dealing with software ('base' and
'ports') could be criticized, but unless you want to do that, there is
no more sensible way to do this. The alternative would be to require
someone to install a port before installing X, which makes even less
sense.
Indeed. It certainly makes sense to put it in the base system, I just don't 
understand why it must be part of xbase rather than base when so many non X 
programs use expat.



Really, this is a non-problem. Just install the whole base system,
including at least xbase, and be done with it.

OK ;)

Jaap

neo0: unknown int / ac97: codec id not read on Dell Latitude LS

[Jan Stary]

Hi all,

I am running 4.1 on a Dell Latitude LS notebook. This machine uses the
Neomagic MagicMedia 256AV audio chip:

...
neo0 at pci1 dev 0 function 1 Neomagic MagicMedia 256AV rev 0x20
audio0 at neo0
...

Now, _sometimes_ the boot gets into an endless loop saying

neo0: unknown int

Looking at the source, I see that (sys/dev/pci/neo.c)


/* The interrupt handler */
int
neo_intr(void *p)
{
struct neo_softc *sc = (struct neo_softc *)p;
int status, x;
int rv = 0;

status = nm_rd(sc, NM_INT_REG, sc-irsz);

if (status  sc-playint) {
status = ~sc-playint;

sc-pwmark += sc-pblksize;
sc-pwmark %= sc-pbufsize;

nm_wr(sc, NM_PBUFFER_WMARK, sc-pbuf + sc-pwmark, 4);

nm_ackint(sc, sc-playint);

if (sc-pintr)
(*sc-pintr)(sc-parg);

rv = 1;
}
if (status  sc-recint) {
status = ~sc-recint;

sc-rwmark += sc-rblksize;
sc-rwmark %= sc-rbufsize;

nm_ackint(sc, sc-recint);
if (sc-rintr)
(*sc-rintr)(sc-rarg);

rv = 1;
}
if (status  sc-misc1int) {
status = ~sc-misc1int;
nm_ackint(sc, sc-misc1int);
x = nm_rd(sc, 0x400, 1);
nm_wr(sc, 0x400, x | 2, 1);
printf(%s: misc int 1\n, sc-dev.dv_xname);
rv = 1;
}
if (status  sc-misc2int) {
status = ~sc-misc2int;
nm_ackint(sc, sc-misc2int);
x = nm_rd(sc, 0x400, 1);
nm_wr(sc, 0x400, x  ~2, 1);
printf(%s: misc int 2\n, sc-dev.dv_xname);
rv = 1;
}
if (status) {
status = ~sc-misc2int;
nm_ackint(sc, sc-misc2int);
printf(%s: unknown int\n, sc-dev.dv_xname);
rv = 1;
}

return (rv);
}


How does such such a thing ever happen? Who writes into the card's
NM_INT_REG register and how can an unknown value ever get there?

In other cases, the machine boots and everything works, except that

neo0 at pci1 dev 0 function 1 Neomagic MagicMedia 256AV rev 0x20
1:0:1 10c8:8005 pin B clink 0x01 irq 10 stage 0  WARNING: preserving irq 10
pci_intr_route_link: route PIRQ 0x01 - IRQ 10 preserved BIOS setting
: irq 10
ac97: codec id not read
audio0 at neo0

and I am unable to use any audio. The sound stuff doesn't even
appear in sysctl -a.

Does anybody have the same problem, or even a solution?

Thanks

Jan

Re: Spamd variation

[Bob Beck]

* Praveen [EMAIL PROTECTED] [2007-06-12 05:14]:
 Hi,
From the man page it appears that spamd relies on 
 static information about spam originators.
 Why not a more dynamic scheme ?.

No, it doesn't. please read the man page instead of
trolling.

 
 Why not run the content of the mail through a spam
 detector (like dspam), find the spam score and make
 decisions based on that. I know that spam detection
 is no where near perfect but it can be used for
 assigning a 'badness score' to a site(originator of
 email). So a site keeps getting this score and the
 average (per msg) exceeds a we black list the site for
 fixed duration. Similarly for white listing.
 

No. spamd does not do content filtering.

 'Badness score' and also be assigned for other things,
 like trying to send to non-existant user (a typical
 spammer probe), absence of mx entry etc.
 
 A milter(sendmail/postfix) can be implemented for
 this.
 Thus decisions will be more dynamic and 'configuration
 free'.

As it is, spamd in greylisting mode (the default)
is very configuration free. but it sounds like you
actually don't run it, and are just trolling. 

-Bob

Re: hoststated/spamd

[Bob Beck]

I still don't see how hosts in spamd-white are not sent to spamd.
what if a host is in spamd-white, but not in spamd-exempt..

-Bob


* Stuart Henderson [EMAIL PROTECTED] [2007-06-11 17:21]:
 On 2007/06/08 16:02, Bob Beck wrote:
   rdr-anchor hoststated/smtp from spamd-white
   rdr proto tcp from !spamd-exempt to $MX port smtp - 127.0.0.1 port 
   spamd
  
  The fact that those two table names are different looks suspiciously
  wrong to me.
 
 It took you pointing this out for me to work out exactly how anchors
 with wildcards and host restrictions work, but it does work for me;
 
 rdr-anchor hoststated/smtp from spamd-white
 - spamd-white is handled by hoststated rules in the anchor,
 
 rdr proto tcp from !spamd-exempt to $MX port smtp - 127.0.0.1 port spamd
 - normal hosts hit this reasonably normal spamd rdr,
 
 rdr-anchor hoststated/*
 - spamd-exempt, holding hosts exempted from greylisting, has fallen
 through from the first two; this and non-smtp services are handled by
 hoststated rules.
 

-- 
#!/usr/bin/perl
if ((not 0  not 1) !=  (! 0  ! 1)) {
   print Larry and Tom must smoke some really primo stuff...\n; 
}

Re: About BSD Certification

[Jeff Quast]

On 6/11/07, Karsten McMinn [EMAIL PROTECTED] wrote:

On 6/10/07, Adam [EMAIL PROTECTED] wrote:
 That's just as stupid as requiring people have a cert.  Lots of people have
 certs because so many places toss your resume if you don't have MCSE or
 CCNA listed on it.  Just because they have a cert doesn't mean they don't
 know what they're doing.

alot of anti-cert sentiment. borderline misinformation in
some cases. I've interviewed folks with and without certs.
I don't know why some people insist on arguing
that book != cover[1] with regard to certs. silly.

here's a couple points for consideration:


You lightly touched on it, but there is a very crucial need for this
certification that happily employed IT people can't begin to
understand.

There are many young unemployables who freely code dozens of
languages, but work at gas stations because they have a blank resume.
I know a very good kernel hacker in Flint, MI who does roofing. I met
another C programmer at a small factory where we both made -less- than
minimum wage.

Some young people live in areas with very high unemployment rates. In
these places, it is not so easy to gain even minimal experience under
high competition. With a resume that contains no related work history
or any education, a certification is a cheap way to prove a small
amount of equivalent real-world experience to get a foot in the door.

I support the BSD certification, and will be recommending it to all
students who would like to find work in the field before they graduate
(or if they can't afford to graduate). I think we should all be used
to the idea that many college students also work full time. An
equivalent linux certification, LPI, costs less than a single college
course.

I have been tracking BSDCG's progress in detail, including their
psychometrics, and this may possibly become the best real-world
experience equivalency IT certification yet, and set an example for
others. They're not trying to make this certification any more than it
is, no more than the equivalent of a few months experience.

Lastly, though I think it's already been said, If you don't like or
need the certification, don't take it. If you think it's equivalency
is shit, then don't consider it when making hiring decisions. If
neither of these apply, go shit in somebody else's bed. Don't ruin it
for those who could really use it.

Re: libexpat confusion

[Marc Espie]

We still haven't enabled expat in base/, because it's not audited enough
yet... we `trust' it as an X11 library, but no-one has addressed the multiple
security issues it may have.

Yes, we do know expat is a problem... we finally removed it from ports/
because it makes no sense to build it once.

If you don't trust X11, you can install just a few pieces. expat is mostly
independant from the rest.

There are a lot of conflicting opinions there.

In the end, the sensible solution is to audit libexpat and enable the version
in source. The only issue is that no-one has had time to do that correctly
yet.

Re: libexpat confusion

[Adriaan]

On 6/12/07, Joachim Schipper [EMAIL PROTECTED] wrote:

On Tue, Jun 12, 2007 at 02:23:06PM +0200, Jaap Versteegh wrote:
 Furthermore, I don't want to install X and surely apr-util doesn't need
 to depend on it.
 
 it does, because it uses expat, and that's where expat comes from in
 -current.
 That explains the need for the 'depend' from the point of view of the
 apr-util Makefile developer.
 From an overall or user perspective, the need for any package that uses the
 expat xml parser to depend on the xbase package, is still entirely unclear.
 For one: this dependency was never neccessary in the past. Shouldn't expat
 not just go into /usr/lib ?

Well, OpenBSD's dual system for dealing with software ('base' and
'ports') could be criticized, but unless you want to do that, there is
no more sensible way to do this. The alternative would be to require
someone to install a port before installing X, which makes even less
sense.

Really, this is a non-problem. Just install the whole base system,
including at least xbase, and be done with it.


I follow current by installing binary snapshots and pre-compiled packages.

fetchmail also depends on expat.

Because I don't want the complete xbase41.tgz I just extract the expat libs
and put them in a site41-hostname.tgz

#!/bin/sh

VERSION=41
HOST=diogenes
TARBALL=site${VERSION}-${HOST}.tgz

tar xvzpf xbase41.tgz -C /tmp \*expat\*
tar cvzf $TARBALL -C /tmp usr
tar tvzf $TARBALL

---
During the snapshot install this file gets selected automatically.

Snippet from the install:

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-' to the set name, file name pattern or 'all'. Selected
sets are labelled '[X]'.

   [X] bsd
   [X] bsd.rd
   [ ] bsd.mp
   [X] base41.tgz
   [X] etc41.tgz
   [X] misc41.tgz
   [X] comp41.tgz
   [X] man41.tgz
   [ ] xbase41.tgz
   [ ] xetc41.tgz
   [ ] xshare41.tgz
   [ ] xfont41.tgz
   [ ] xserv41.tgz
   [X] site41-diogenes.tgz



=Adriaan=

Re: About BSD Certification

[Greg Thomas]

On 6/12/07, Jeff Quast [EMAIL PROTECTED] wrote:

On 6/11/07, Karsten McMinn [EMAIL PROTECTED] wrote:
 On 6/10/07, Adam [EMAIL PROTECTED] wrote:
  That's just as stupid as requiring people have a cert.  Lots of people have
  certs because so many places toss your resume if you don't have MCSE or
  CCNA listed on it.  Just because they have a cert doesn't mean they don't
  know what they're doing.

 alot of anti-cert sentiment. borderline misinformation in
 some cases. I've interviewed folks with and without certs.
 I don't know why some people insist on arguing
 that book != cover[1] with regard to certs. silly.

 here's a couple points for consideration:

You lightly touched on it, but there is a very crucial need for this
certification that happily employed IT people can't begin to
understand.

There are many young unemployables who freely code dozens of
languages, but work at gas stations because they have a blank resume.
I know a very good kernel hacker in Flint, MI who does roofing. I met
another C programmer at a small factory where we both made -less- than
minimum wage.



Does the cert cover coding?

In any case I completely ignore certs when hiring or finding
contractors.  I've found too many times that people can't answer
simple questions about administration even when they're a CCNA or MCSE
or the like.

In the case of developers I'll take someone without experience if they
bring their own code and can explain it to me in layman's terms, and
if they can take some basic undocumented code of ours and document it.

Greg

--
http://ticketmastersucks.org/tracker.html
Run over your friends in stolen Volkswagens
And tell them I sent you, and tell them I sent ... YOU - Mclusky

openbsd 3.9, openbsd 4.0 install errors, most likely hardware

[John Mendenhall]

openbsd gurus,

As my saga continues...
I have a newly built server on which I am attempting to install
openbsd 4.0.  Problems occurred on install of sets, where comp
set keeps throwing errors.  Suggestion was made that it was probably
a bad CD.  Try a previous CD of an earlier version.  I had 3.9
available.  The logs of the attempts are posted at:

  http://www.surfutopia.net/openbsd/

The logs are separated by the boot log, an install log not
including the install of the sets, and two passes of the install
of the sets, all dying in the comp set install.

I have two drives in the server.  I only installed on one (wd0).
I have had the same types of errors when only installing on the
second (wd1).  So, it is most likely not a problem with the
specific drive.  However, the probability could exist.

So, based on these logs, from different openbsd cd versions,
my hypothesis is there is some weird sort of hardware problem.
My question is, what tools do you all use to determine where
the hardware problem could be?

I have already ran the memory through the memtests.  There is
not a problem there.

I am willing to try (almost) anything to play around with
this.  I would like to get the server up and running so I
can move on to the next one.  No time pressure, though.

Thank you in advance for any pointers you can provide.

Thanks!

JohnM

-- 
john mendenhall
[EMAIL PROTECTED]
surf utopia
internet services

Re: multiple ldap servers with mod_auth_ldap

[Thierry Lacoste]

On Tuesday 12 June 2007 15:49, Henning Brauer wrote:
 * Thierry Lacoste [EMAIL PROTECTED] [2007-06-12 15:27]:
  On Tuesday 12 June 2007 15:07, Henning Brauer wrote:
   * Thierry Lacoste [EMAIL PROTECTED] [2007-06-12 14:35]:
Hello,
   
I'm using mod_auth_ldap-1.6.0p3 on OpenBSD 4.1
and I'd like to make it authenticate on 2 ldap servers
in case one is down.
   
I fought with the AuthLDAPURL directive but with no success.
  
 AuthName something good
 AuthType Basic
 AuthLDAPURL ldap://a.ldap.bsws.de
   b.ldap.bsws.de/ou=..?uid?sub?objectclass=... AuthLDAPBindDN
   cn=http-auth,...
 AuthLDAPBindPassword ...
 AuthLDAPStartTLS off  # broken... stupid OpenLDAP
 
  Argh, is this because of AuthLDAPStartTLS that I couldn't make it work?
  I will try it just out of curiosity but I've just configured my OpenLDAP
  servers to reject non-TLS connexions.
  I don't like the idea of cleartext passwords on the wire ...

 neither do I, nor do i fully remember what the problem was. maybe time
 to retry.
Well it actually seems to work perfectly with my two OpenLDAP servers and TLS.
This is on OpenBSD 3.8 and I will try tomorrow with 4.1.
AFAICS my problem was just a matter of using the correct syntax
for AuthLDAPURL. Thank you very much.

Thierry.

PS: FWIW I don't use AuthLDAPBindDN nor AuthLDAPBindPassword.

Re: hoststated/spamd

[Stuart Henderson]

On 2007/06/12 09:04, Bob Beck wrote:
   I still don't see how hosts in spamd-white are not sent to spamd.
 what if a host is in spamd-white, but not in spamd-exempt..

# pfctl -sn -vv|grep -E '(smtp|hoststated)'
@0 rdr-anchor hoststated/smtp from spamd-white:1440 to any
@1 rdr inet proto tcp from ! spamd-exempt:122 to XXX port = smtp - 127.0.0.1 
port 8025
@2 rdr inet proto tcp from ! spamd-exempt:122 to YYY port = smtp - 127.0.0.1 
port 8025
@3 rdr-anchor hoststated/* all

hosts in spamd-white are handled by the anchor at @0 (see below)
hosts in spamd-exempt fall through this, past @1/@2, and hit the anchor at @3

now I worked out how to display translation rules under anchors
(pfctl -sn -a '*' doesn't recurse through them), so here they are:

# pfctl -sn -vv -a hoststated/smtp|grep smtp
@0 rdr on vlan2204 inet proto tcp from any to XXX port = smtp - smtp port 25 
round-robin
@1 rdr on vlan2244 inet proto tcp from any to XXX port = smtp - smtp port 25 
round-robin
@2 rdr on vlan2204 inet proto tcp from any to YYY port = smtp - smtp port 25 
round-robin
@3 rdr on vlan2244 inet proto tcp from any to YYY port = smtp - smtp port 25 
round-robin

..smtp parts of hoststated.conf:

table smtp-lb {
real port smtp
check send  expect 220*SMTP*
host XXX
host YYY
}

service smtp {
virtual host XXX port smtp interface vlan2244
virtual host XXX port smtp interface vlan2204
virtual host YYY port smtp interface vlan2244
virtual host YYY port smtp interface vlan2204
table smtp-lb
}

Re: openbsd 3.9, openbsd 4.0 install errors, most likely hardware

[John Mendenhall]

Maxim,

 set keeps throwing errors.  Suggestion was made that it was probably
 a bad CD.  Try a previous CD of an earlier version.  I had 3.9
 available.  The logs of the attempts are posted at:
 
 In my case when I had the same problem it was the CD-rom reader that
 was bad. Replacing cdrom with DVD drive from my workstation helped.

Could that explain the errors I am seeing?
It appears the error is on the write, not the read,
though I could be wrong.

JohnM

-- 
john mendenhall
[EMAIL PROTECTED]
surf utopia
internet services

Re: need a machine for an itanium port

[Aaron Glenn]

On 6/8/07, Diana Eichert [EMAIL PROTECTED] wrote:


So where are the other 18 or so folks?



right here.

- USD $100.00 [DON] DONATION to the OpenBSD Project

Re: openbsd 3.9, openbsd 4.0 install errors, most likely hardware

[Brian A. Seklecki]

I've seen this before.  On old HP gear.  Is your HP?  Only FreeBSD would 
run on the system.  NetBSD/OpenBSD dead in the water.  Some obscure bug 
when the I/O went up (Symbios SCSI).


One of many reason why I want nothing to do with HP (H-PHUX) ever again.

Anyway, how about underclocking your Duron some?  Reset the BIOS timings 
and power levels to failsafe?  The old K7+VIA Chipset boards were a rough 
crowd.



~BAS

On Tue, 12 Jun 2007, John Mendenhall wrote:


openbsd gurus,

As my saga continues...
I have a newly built server on which I am attempting to install
openbsd 4.0.  Problems occurred on install of sets, where comp
set keeps throwing errors.  Suggestion was made that it was probably
a bad CD.  Try a previous CD of an earlier version.  I had 3.9
available.  The logs of the attempts are posted at:

 http://www.surfutopia.net/openbsd/

The logs are separated by the boot log, an install log not
including the install of the sets, and two passes of the install
of the sets, all dying in the comp set install.

I have two drives in the server.  I only installed on one (wd0).
I have had the same types of errors when only installing on the
second (wd1).  So, it is most likely not a problem with the
specific drive.  However, the probability could exist.

So, based on these logs, from different openbsd cd versions,
my hypothesis is there is some weird sort of hardware problem.
My question is, what tools do you all use to determine where
the hardware problem could be?

I have already ran the memory through the memtests.  There is
not a problem there.

I am willing to try (almost) anything to play around with
this.  I would like to get the server up and running so I
can move on to the next one.  No time pressure, though.

Thank you in advance for any pointers you can provide.

Thanks!

JohnM

--
john mendenhall
[EMAIL PROTECTED]
surf utopia
internet services




l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?
~James Maynard Keenan

Re: openbsd 3.9, openbsd 4.0 install errors, most likely hardware

[Peter N. M. Hansteen]

John Mendenhall [EMAIL PROTECTED] writes:

 So, based on these logs, from different openbsd cd versions,
 my hypothesis is there is some weird sort of hardware problem.
 My question is, what tools do you all use to determine where
 the hardware problem could be?

google turns up a few references on various BSD mailing list for the
search string OpenBSD ffs_valloc: dup alloc.  No clear cut
solutions, but the popular suspicion runs in the direction of buggy
(S)ATA controllers or, of course, possibly subtle, hard to trigger
bugs in the operating system's controller support code.  Swapping out
motherboards could be unpleasant, but seeing that the error occurs at
pretty much exactly the same spot on the CDs, have you tried swapping
out the CD/DVD drive for a different unit?

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Sometime NAT, sometimes NOT?

[Brian A. Seklecki]

pfctl -x loud   tail -f /var/log/messages

~BAS

On Mon, 11 Jun 2007, Geraerts Andy wrote:




We have an OpenBSD firewall running for a while now. Since a few days we
encounter some sort of selective natting. I try to ping a host, I get reply,
and 2 minutes later I try to ping the same host and I dont get replies.



So despite the state being created in both instances, you see a packet
egress your external interface with the source address of the internal
host instead of the external interface of the NAT box?


We indeed see the state being created. The packet egresses on the external 
interface without NAT. So the ip packet contains the source ip address of my 
laptop and therefor further on the path gets blocked because it isn't natted. A 
few seconds/minutes later I try again and everything works again.

Is there a way to see why it isn't doing the NAT?

(There are around 80 interfaces (vlan + carp) on the box.)

Regards,

Andy.



No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.13/843 - Release Date: 10/06/2007 13:39


__

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager at : 
[EMAIL PROTECTED] or call +32-(0)11-240234.
This footnote also confirms that this email message has been swept by Sophos 
for the presence of computer viruses.
__




l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?
~Maynard James Keenan

dhcp server with 2 interfaces and 2 different subnets

[Jeff Santos]

Hi,

I am trying to setup a DHCP server on a multi-homed firewall. One of the
interfaces is vr0 and should supply addresses 172.16.255.x/24. The other
is sk0 and should supply 200.232.140.x/24.

My /etc/dhcpd.interfaces looks like

sk0
vr0

My /etc/dhcpd.conf looks like

shared-network LOCAL-NET {
  option domain-name-servers 200.232.140.1;

  subnet 200.232.140.0 netmask 255.255.255.0 {
 option routers 200.232.140.1;
 range 200.232.140.20 200.232.140.200;
  }


  subnet 172.16.255.0 netmask 255.255.255.0 {
 option routers 172.16.255.1;
 range 172.16.255.20 172.16.255.200;
  }
}

Now how can I tell the dhcp server to only allocate 172.16.255
addresses to vr0 and 200.232.140.0 to sk0?

Thank you very much.

Jeff

--
Get a Free E-mail Account at Mail.com!
Choose From 100+ Personalized Domains
Visit http://www.mail.com today

Re: beck's greyscanner for spamd 4.1

[Anton Karpov]

It's good to see I'm not the only one;-)  I checked the archives and I
must have missed the memo.  Here shows an updated version:
http://www.ualberta.ca/~beck/greyscanner/


Ah, thanks. I've googled for greyscanner and found only beck@'s
presentation...
But now I see it.. thanks ;)

Re: dhcp server with 2 interfaces and 2 different subnets

[Brian A. Seklecki]

The following:

$ sudo tcpdump -i vr0 port bootpc || port bootps  tcpdump -i sk0 port 
bootpc || port bootps


$ sudo dhcpd -vf

$ sudo netstat -tan|egrep -i 67|68

~BAS

On Tue, 12 Jun 2007, Jeff Santos wrote:


Hi,

I am trying to setup a DHCP server on a multi-homed firewall. One of the
interfaces is vr0 and should supply addresses 172.16.255.x/24. The other
is sk0 and should supply 200.232.140.x/24.

My /etc/dhcpd.interfaces looks like

sk0
vr0

My /etc/dhcpd.conf looks like

shared-network LOCAL-NET {
 option domain-name-servers 200.232.140.1;

 subnet 200.232.140.0 netmask 255.255.255.0 {
option routers 200.232.140.1;
range 200.232.140.20 200.232.140.200;
 }


 subnet 172.16.255.0 netmask 255.255.255.0 {
option routers 172.16.255.1;
range 172.16.255.20 172.16.255.200;
 }
}

Now how can I tell the dhcp server to only allocate 172.16.255
addresses to vr0 and 200.232.140.0 to sk0?

Thank you very much.

Jeff

--
Get a Free E-mail Account at Mail.com!
Choose From 100+ Personalized Domains
Visit http://www.mail.com today




l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?
~Maynard James Keenan

keyboard map configuration

[Alex Popov]

I use ksh under OpenBSD/arm 4.1 and noticed that command line history feature
(up-arrow) suddenly stopped working. Pressing up-arrow inserts control code, but
command completion (tab-key) works fine.

`kbd -l` doesn't list any map and attempt to do `kbd en` returns error. 

I was under impression that keyboard maps defined in kernel, so I am not sure
how is it possible to 'lose' mapping.

Any help troubleshooting this problem is appreciated.

Alex

Re: ThinkPad T41p suspend is fine from console, hangs from X

[John Rodenbiker]

On Jun 12, 2007, at 2:28 AM, Jonathan Thornburg wrote:


In message http://marc.info/?l=openbsd-miscm=118157353605570w=1
I wrote
# I have a problem with suspend-to-RAM on an IBM/Lenovo ThinkPad T41p
# running OpenBSD 4.1-stable.  Basically, suspend-to-RAM works fine if
# I'm not running X, but hangs the system if I'm running X.  My basic
# question is, has anyone gotten suspend-to-RAM to work while X is
# running on a T41p, and if so, how did you do it?


I think I may have experienced the same problem as you on my ThinkPad 
R40 and ThinkPad X24.


When you say your system hangs, does your screen go blank except for a 
blinking cursor in the top-left corner? I run into this all the time 
when the BIOS is set to put the computer to sleep when the lid is 
closed and I'm running X (or KDE or Gnome or whatever on X)


My extensive searching the web leads me to believe it's a driver issue. 
I come to this conclusion because I have seen many, many reports of 
identical symptoms on various Linux boards where the solution has been 
to update nvidia or ati drivers and the problem disappears.


Unfortunately, I am not a skilled enough coder, nor do I have the time, 
to learn the inner workings of X and OpenBSD display drivers to 
properly diagnose and solve the problem. :(


My solution has been to disable the setting in the BIOS that puts the 
computer sleep when I close the lid.

--
Freedom, truth, love, beauty.
John Rodenbiker
[EMAIL PROTECTED]

pkg_add on macppc stall at end of ftp

[Daniel Ouellet]

Hi,

Not sure if this is a new problem, or specific to 4.1 on powerpc, or all 
architecture.


But I setup a few times an old iMac for my sun that really wanted to try 
OpenBSD desktop setup and so far loved it! (;


In the process of installing packages on it, I always have the same 
issue recurring at various places, but always constant however.


I can do pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/`machine 
-a`/enlightenment-0.16.7.2p2.tgz or many other packages, like the 
kdebase-3.5.6.tgz, etc.


All goes well, but some dependency will stop and freeze the download 
when all is finish and the screen display 100%, or sometime 96% and 
nothing happen after that.


looking at top, etc. I see that the process of download is really finish 
and the only ting I do is to kill the ftp process, nothing else and then 
the pkg_add process continue as normal and all is install properly, etc. 
This happen on many packages, sometime twice in the same process out or 
50 for example.


I never had to do this before and I haven't tested, or have problem on 
i386 or AMD64 yet. I am not saying there is issue on them, or that there 
isn't either. I haven't tested that yet as I install a much limited 
number of packages on my servers and never did I experience this problem 
yet.


I don't know if that's following many changes to the pkg_add that was 
done for 4.1 and definitely continue heavy now from source-changes@, but 
I thought to pass that along and if you need more details, I could 
provide some. Didn't try current yet as the kid spend a lots of time 
ready the FAQ to get this going and I had to help out because of the 
issue on the powerpc install not creating the MSDOS partition properly 
for the i one. I have to follow step by step the process here:


http://marc.info/?l=openbsd-ppcm=117871289207004w=2

Meaning trick the disklabel to get it going.

Best,

Daniel

Re: dhcp server with 2 interfaces and 2 different subnets

[Jussi Peltola]

#/etc/dhcpd.conf
 
option domain-name-servers 200.232.140.1;

subnet 200.232.140.0 netmask 255.255.255.0 {
   option routers 200.232.140.1;
   range 200.232.140.20 200.232.140.200;
}

subnet 172.16.255.0 netmask 255.255.255.0 {
   option routers 172.16.255.1;
   range 172.16.255.20 172.16.255.200;
}

Re: dhcp server with 2 interfaces and 2 different subnets

[Jeff Santos]

Hi,

Thank you.

Although I did not understand your recommendation.

My problem is that for some reason, DHCP server is allocating IP
addresses from the subnet 200.232.140.0 for stations in the
172.16.255.0 segment. I would like to control which addresses
should be given to each segment.

Regards,

Jeff.

- Original Message -
From: Brian A. Seklecki
To: Jeff Santos
Subject: Re: dhcp server with 2 interfaces and 2 different subnets
Date: Tue, 12 Jun 2007 16:25:24 -0400 (EDT)



The following:

$ sudo tcpdump -i vr0 port bootpc || port bootps  tcpdump -i
sk0 port bootpc || port bootps

$ sudo dhcpd -vf

$ sudo netstat -tan|egrep -i 67|68

~BAS

On Tue, 12 Jun 2007, Jeff Santos wrote:

 Hi,

 I am trying to setup a DHCP server on a multi-homed firewall. One of the
 interfaces is vr0 and should supply addresses 172.16.255.x/24. The other
 is sk0 and should supply 200.232.140.x/24.

 My /etc/dhcpd.interfaces looks like

 sk0
 vr0

 My /etc/dhcpd.conf looks like

 shared-network LOCAL-NET {
  option domain-name-servers 200.232.140.1;

  subnet 200.232.140.0 netmask 255.255.255.0 {
 option routers 200.232.140.1;
 range 200.232.140.20 200.232.140.200;
  }


  subnet 172.16.255.0 netmask 255.255.255.0 {
 option routers 172.16.255.1;
 range 172.16.255.20 172.16.255.200;
  }
 }

 Now how can I tell the dhcp server to only allocate 172.16.255
 addresses to vr0 and 200.232.140.0 to sk0?

 Thank you very much.

 Jeff

 --
 Get a Free E-mail Account at Mail.com!
 Choose From 100+ Personalized Domains
 Visit http://www.mail.com today



l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

 Guilty? Yeah. But he knows it. I mean, you're guilty.
 You just don't know it. So who's really in jail?
 ~Maynard James Keenan


--
Get a Free E-mail Account at Mail.com!
Choose From 100+ Personalized Domains
Visit http://www.mail.com today

A question about OpenBSD

[John Tate]

I am downloading OpenBSD 4.2, I know how to use everything in that but being
young I am not too sure about the checksum format, md5 tends to rule the
world these days.

What is it called exactly?

I'm stuck with a Windows box at the moment, otherwise some thought and
pressing tab a couple of times would probably help me :p.

I probably just need to RTFM and I can make sure these FTP transfers
actually went down alright (I'm guessing they did but my router is a D-Link
turd that crashes and reboots itself sometimes). If any files have failed
ill just have to download them again.

John.

-- 
Faced with the fact that Intelligent Design doesn't meet the criteria for a
scientific theory, leading proponent redefines what a scientific theory is.
Result: Astrology now a scientific theory.

Re: dhcp server with 2 interfaces and 2 different subnets

[Peter N. M. Hansteen]

Jeff Santos [EMAIL PROTECTED] writes:

 Now how can I tell the dhcp server to only allocate 172.16.255
 addresses to vr0 and 200.232.140.0 to sk0?

The two ranges are not subnets of a larger net you control. Put them
in separate 'shared-network' definitions and see if that doesn't get
you what you want.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: dhcp server with 2 interfaces and 2 different subnets

[Stuart Henderson]

On 2007/06/12 16:41, Jeff Santos wrote:
 My problem is that for some reason, DHCP server is allocating IP
 addresses from the subnet 200.232.140.0 for stations in the
 172.16.255.0 segment. I would like to control which addresses
 should be given to each segment.

Well, describing the problem is a good start and was missing from
your first message...

  shared-network LOCAL-NET {

This is only needed in rare cases as described in dhcpd.conf(5),
try removing it and restarting dhcpd.

If this doesn't help, please send ifconfig -A (and if any bridges
are configured, also brconfig -A).

troubleshooting a core dump

[Bryan Irvine]

I have a mail server that has been running fine for a couple years
running 3.7 and has recently started crashing every couple days.  I
know that it's well beyond the support window, but if someone can help
me out using gdb/ddb to figure out the problem I'd appreciate it.

I've got the bsd.n[.core] files and have tinkered with them a little
(just following what's in the crash(8) manpage). Specifically I'm
having trouble with the Crash Location Determination section using
ddb, which says:

First, in ddb(4) find the function that caused the crash.  It is either
 the function at the top of the traceback or the function under the call
 to panic() or uvm_fault().

How do I find the function that caused it?

I'm sure it's probably a memory thing but I figure this would be a
good chance to learn some deeper troubleshooting techniques. :-)

--Bryan

Re: keyboard map configuration

[Nick Guenther]

On 6/12/07, Alex Popov [EMAIL PROTECTED] wrote:

I use ksh under OpenBSD/arm 4.1 and noticed that command line history feature
(up-arrow) suddenly stopped working. Pressing up-arrow inserts control code, but
command completion (tab-key) works fine.

`kbd -l` doesn't list any map and attempt to do `kbd en` returns error.

I was under impression that keyboard maps defined in kernel, so I am not sure
how is it possible to 'lose' mapping.

Any help troubleshooting this problem is appreciated.



Have you rebooted?
What does `wsconsctl keyboard.map` show?

-Nick

Re: A question about OpenBSD

[Peter N. M. Hansteen]

John Tate [EMAIL PROTECTED] writes:

 I am downloading OpenBSD 4.2, I know how to use everything in that
 but being young I am not too sure about the checksum format, md5
 tends to rule the world these days.

You're a bit early for 4.2, the closest you'll get is 4.1-current
snapshots these days.  In the same directory where you find the
OpenBSD install files for your platform, you will also find two files
called CKSUM and MD5, which contain checksums and MD5 sums,
respectively for the files in the directory.  You can use the md5 or
cksum commands to generate sums and check that the results are the
same on your local copy as the one listed in the files (paranoids can
fetch checksum files and install files from different mirrors)

 I'm stuck with a Windows box at the moment, otherwise some thought and
 pressing tab a couple of times would probably help me :p.

IIRC both md5 and chksum are available in Windows versions.

 I probably just need to RTFM and I can make sure these FTP transfers
 actually went down alright (I'm guessing they did but my router is a D-Link
 turd that crashes and reboots itself sometimes). If any files have failed
 ill just have to download them again.

See if you can get hold of an ftp client which supports file resume.  

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
First, we kill all the spammers The Usenet Bard, Twice-forwarded tales
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: pkg_add on macppc stall at end of ftp

[Brian A. Seklecki]

Maybe the FTP control connection is timing out before the data connection, 
the fetch(1)/ftp(1) cant gracefully send a disconnect command?


Try HTTP instead?

I think that you can set FETCH_COMMAND or FTP_COMMAND or

FETCH_CMD ?= /usr/bin/ftp -V -m

To enable debugging

Use tcpdump(8) if things get back.

~BAS

On Tue, 12 Jun 2007, Daniel Ouellet wrote:


Hi,

Not sure if this is a new problem, or specific to 4.1 on powerpc, or all 
architecture.


But I setup a few times an old iMac for my sun that really wanted to try 
OpenBSD desktop setup and so far loved it! (;


In the process of installing packages on it, I always have the same issue 
recurring at various places, but always constant however.


I can do pkg_add ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/`machine 
-a`/enlightenment-0.16.7.2p2.tgz or many other packages, like the 
kdebase-3.5.6.tgz, etc.


All goes well, but some dependency will stop and freeze the download when all 
is finish and the screen display 100%, or sometime 96% and nothing happen 
after that.


looking at top, etc. I see that the process of download is really finish and 
the only ting I do is to kill the ftp process, nothing else and then the 
pkg_add process continue as normal and all is install properly, etc. This 
happen on many packages, sometime twice in the same process out or 50 for 
example.


I never had to do this before and I haven't tested, or have problem on i386 
or AMD64 yet. I am not saying there is issue on them, or that there isn't 
either. I haven't tested that yet as I install a much limited number of 
packages on my servers and never did I experience this problem yet.


I don't know if that's following many changes to the pkg_add that was done 
for 4.1 and definitely continue heavy now from source-changes@, but I thought 
to pass that along and if you need more details, I could provide some. Didn't 
try current yet as the kid spend a lots of time ready the FAQ to get this 
going and I had to help out because of the issue on the powerpc install not 
creating the MSDOS partition properly for the i one. I have to follow step by 
step the process here:


http://marc.info/?l=openbsd-ppcm=117871289207004w=2

Meaning trick the disklabel to get it going.

Best,

Daniel




l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?
~Maynard James Keenan

Re: A question about OpenBSD

[Stuart Henderson]

On 2007/06/13 07:48, John Tate wrote:
 I am downloading OpenBSD 4.2

4.2, that's impressive (-:

 I know how to use everything in that but being
 young I am not too sure about the checksum format, md5 tends to rule the
 world these days.
 
 What is it called exactly?

You mean, in CKSUM? Cyclic redundancy check. See cksum(1).

Re: A question about OpenBSD

[Karsten McMinn]

On 6/12/07, John Tate [EMAIL PROTECTED] wrote:

I am downloading OpenBSD 4.2, I know how to use everything in that but being
young I am not too sure about the checksum format, md5 tends to rule the
world these days.

What is it called exactly?


I'm confused, what exactly are you asking? If its how to check
a checksum, then read md5(1), cksum(1), otherwise be more
clear.

Re: A question about OpenBSD

[Diana Eichert]

On Wed, 13 Jun 2007, John Tate wrote:


I am downloading OpenBSD 4.2, I know how to use everything in that but being
young I am not too sure about the checksum format, md5 tends to rule the
world these days.


OpenBSD 4.2?  perhaps you meant 4.1?


What is it called exactly?


what is What called exactly?


I'm stuck with a Windows box at the moment, otherwise some thought and
pressing tab a couple of times would probably help me :p.


man pages?


I probably just need to RTFM and I can make sure these FTP transfers
actually went down alright (I'm guessing they did but my router is a D-Link
turd that crashes and reboots itself sometimes). If any files have failed
ill just have to download them again.


d/l cd41.iso, burn CD, boot from CD, install across network.  I'm doing 
something similar as I type with a Plextor landisk thingy.  By the way you 
didn't mention the platform.



John.


g.day

PS FWIW the vagueness of your e-mail verges on trollness, but I decided to 
reply anyway.

Re: RAIDFrame root autoconfig fails in -current

[Josh Grosse]

On Tue, Jun 12, 2007 at 08:36:03AM -0400, Kenneth R Westerback wrote:
 I committed the diff to raidframe to 'fix' raidgetdisklabel() so it
 behaves/gets used like other drivers. It should be in snapshots
 after today.

Unfortunately, this patch to rf_openbsdkintf.c didn't solve whatever
problem I'm having ... even with softraid0 removed from the config.
 
 With this and the other disklabel changes going on, hammering at
 raidframe to uncover issues in odd cases (or normal cases for that
 matter) much appreciated.

FAT32 mount problem

[Mark Voortman]

Hello folks,

After mounting a fat32 partition, the directory listings show
everything in uppercase, except when a filename contains a
combination of uppercase and lowercase characters or the extension is
not 3 characters long, then it shows the names correctly. The uppercases
are very annoying. Does anyone know how to make this work correctly?

Thanks,
Mark

Re: keyboard map configuration

[Alex Popov]

Nick Guenther kousue at gmail.com writes:

 Have you rebooted?
Yes.

 What does `wsconsctl keyboard.map` show?
reiter# wsconsctl keyboard.map
keyboard.map=
keycode 0 = Control_L
keycode 2 = Tab Tab Caps_Lock Caps_Lock
keycode 3 = Cmd_Screen1 f2 F2
keycode 4 = Cmd_Screen0 f1 F1
keycode 5 = Cmd_Screen2 f3 F3
keycode 6 = Cmd_Screen3 f4 F4
keycode 8 = 1 exclam
keycode 9 = 2 quotedbl
keycode 10 = q Q
keycode 11 = w W asciicircum asciicircum
keycode 12 = a A
keycode 13 = z Z
keycode 14 = Cmd Alt_L
keycode 16 = Cmd_BrightnessDown 3 numbersign
keycode 17 = Cmd_BrightnessUp 4 dollar
keycode 18 = e E equal equal
keycode 19 = s S
keycode 20 = d D grave grave
keycode 21 = x X
keycode 24 = 5 percent
keycode 25 = r R plus plus
keycode 26 = t T bracketleft bracketleft
keycode 27 = f F backslash backslash
keycode 28 = c C
keycode 29 = minus minus at at
keycode 30 = Cmd_Debugger Escape
keycode 32 = 6 ampersand
keycode 33 = y Y bracketright bracketright
keycode 34 = g G semicolon semicolon
keycode 35 = v V
keycode 36 = b B underscore underscore
keycode 37 = space
keycode 38 = KP_Enter
keycode 40 = 7 apostrophe
keycode 41 = 8 parenleft
keycode 42 = u U braceleft braceleft
keycode 43 = h H colon colon
keycode 44 = n N
keycode 45 = comma slash less less
keycode 46 = Cmd_Screen4 f5 F5
keycode 48 = 9 parenright
keycode 49 = i I braceright braceright
keycode 50 = j J asterisk asterisk
keycode 51 = m M
keycode 52 = period question greater greater
keycode 54 = KP_Left KP_Left Home Home
keycode 56 = 0 asciitilde
keycode 57 = o O
keycode 58 = k K
keycode 59 = l L bar bar
keycode 61 = KP_Up KP_Up Prior Prior
keycode 62 = KP_Down KP_Down Next Next
keycode 64 = Delete BackSpace
keycode 65 = p P
keycode 68 = Return
keycode 70 = KP_Right KP_Right End End
keycode 80 = KP_Right
keycode 81 = KP_Down
keycode 83 = Shift_R
keycode 84 = Shift_L
keycode 88 = KP_Left
keycode 89 = KP_Up
keycode 93 = Mode_switch
reiter# kbd -l
reiter# kbd en
kbd: unknown encoding en

The hardware is Sharp Zaurus (SL-3200) and all key mappings worked fine until
few days ago. It coinsided with a system crash. Prior to that I haven't rebooted
it for quite some time and were building lots of packages from ports. So its
also possible that installation of one of the ports got the mapping screed up,
but how is beyond me. 

Just in case here's the list of packes that I built:

abs-0.8p1   free spreadsheet with graphical user interface
amap-5.2p1  next generation scanning tool
apg-2.2.3p0 automated password generator
atk-1.10.3p2accessibility toolkit used by gtk+
autoconf-2.13p0 automatically configure source code on many Un*x platforms
autoconf-2.59p1 automatically configure source code on many Un*x platforms
blackbox-0.70.1 small  pretty window manager for 8 and more bits displays
brs-4.00l1  bible reader
bsd-airtools-0.2p2  wireless auditing suite
bzip2-1.0.4 block-sorting file compressor, unencumbered
cairo-1.2.6 vector graphics library
cbb-0.73p1  checkbook balancing tool
ccrypt-1.7p1encrypt and decrypt AES files and streams
clex-3.13   commandline shell and file manager
d1489-1.4   cp866koi8-r  cp1251koi8-r decoders and font converter
db-3.1.17p8 Berkeley DB package, revision 3
db-4.2.52p11Berkeley DB package, revision 4
deco-3.8.3p0Demos Commander, a free Norton Commander clone
dillo-0.8.6p0   Fast and light gtk-based web browser
dsniff-2.3p2sniffing tools for penetration testing
elinks-0.11.2   full-featured text WWW browser
expat-2.0.0 XML 1.0 parser written in C
freetype-1.3.1p3free and portable TrueType font rendering engine
fvwm2+fvicons-2.4.19p0 multiple virtual desktop window manager, with icons
gacc-0.7.5  personal accounts manager
gdbm-1.8.3p0GNU dbm
gettext-0.14.6  GNU gettext
ghostscript-fonts-8.11 35 standard PostScript fonts with Adobe name aliases
glib-1.2.10p1   useful routines for C programming
glib2-2.10.3p0  general-purpose utility library
glitz-0.5.6 OpenGL image compositing library
gmake-3.80p1GNU make
gmp-4.2.1   library for arbitrary precision arithmetic
gnuchess-5.07   Classic Gnu Chess
gone-1.3.5  terminal locking utility
gtk+-1.2.10p4   General Toolkit for X11 GUI
gtk+2-2.8.20p3  multi-platform graphical toolkit
help2man-1.29   GNU help2man
hicolor-icon-theme-0.9 high-color icon theme shell for GNOME and KDE
imlib-1.9.14p4  image manipulation library for X11
ion-20070203light, keyboard friendly window manager
jasper-1.701.0p1reference implementation of JPEG-2000
jbigkit-1.6p1   lossless image compression library
jpeg-6bp3   IJG's JPEG compression utilities
konqueror-20060121p0 stand-alone Qt-based web browser
lcms-1.15   color management library
ledger-2.3  command line double-entry accounting ledger
libdnet-1.10p2  portable low-level networking library
libfakekey-0.1p0   

Re: openbsd 3.9, openbsd 4.0 install errors, most likely hardware

[John Mendenhall]

 Things to try (in any order you please):
 1. check IDE cables
 2. check whether Master/Slave/CS settings are correct
 3. In case Brian is right, you might want to put CD on the same cable
 as hd0, to slow-down IDE.
 4. also check where you disks are connected - to IDE bus or to ATA-133
 controller on the board. Sometimes it does make a difference.
 5. my BIOS was updated to the latest one, as there was some bug about
 large hard disks not working correctly (your ones seem to be 120G, so
 it is unlikely BIOS is a problem here).
 6. the last step would be to try another harddisk.
 
 Or (just got this idea) you could simply try ftp install. If CD-rom
 reader is bad, boot from CD but install from ftp - this would
 definitely rule out the 'bad cd-rom drive' hypothesis :)

I just tried the ftp install.  Same problem, same
location.

I have tried another hard disk, same approximate
size.  Same problem, same location.

I am going to look for any bios updates online,
if I can find any.  I will also be checking the
cables, master/slave/cs settings, and cd + hd0
on same cable.

As for IDE bus or ATA-133 controller on board,
the cables are connected to the std ide0 and ide1
connectors on the motherboard.  When you say IDE
bus, are you referring to another connector?

JohnM

-- 
john mendenhall
[EMAIL PROTECTED]
surf utopia
internet services

Re: keyboard map configuration

[Alex Popov]

This issue has been resolved. It turned out that I lost 'set -o emacs' 
somehow...
I still don't understand why `kbd -l` doesn't list any maps, but can live with
that :)

Thanks to all who replied to my post on and off the list.

Alex

Re: openbsd 3.9, openbsd 4.0 install errors, most likely hardware

[John Mendenhall]

Peter,

 google turns up a few references on various BSD mailing list for the
 search string OpenBSD ffs_valloc: dup alloc.  No clear cut
 solutions, but the popular suspicion runs in the direction of buggy
 (S)ATA controllers or, of course, possibly subtle, hard to trigger
 bugs in the operating system's controller support code.  Swapping out
 motherboards could be unpleasant, but seeing that the error occurs at
 pretty much exactly the same spot on the CDs, have you tried swapping
 out the CD/DVD drive for a different unit?

I tried loading the sets via ftp, same error, same location.

JohnM

-- 
john mendenhall
[EMAIL PROTECTED]
surf utopia
internet services

Re: openbsd 3.9, openbsd 4.0 install errors, most likely hardware

[John Mendenhall]

Brian,

 I've seen this before.  On old HP gear.  Is your HP?  Only FreeBSD would 
 run on the system.  NetBSD/OpenBSD dead in the water.  Some obscure bug 
 when the I/O went up (Symbios SCSI).
 
 One of many reason why I want nothing to do with HP (H-PHUX) ever again.
 
 Anyway, how about underclocking your Duron some?  Reset the BIOS timings 
 and power levels to failsafe?  The old K7+VIA Chipset boards were a rough 
 crowd.

This is a custom white box server, all put together.
It is not an HP.
I will try to reset the bios timings and power levels.

JohnM




 On Tue, 12 Jun 2007, John Mendenhall wrote:
 
 openbsd gurus,
 
 As my saga continues...
 I have a newly built server on which I am attempting to install
 openbsd 4.0.  Problems occurred on install of sets, where comp
 set keeps throwing errors.  Suggestion was made that it was probably
 a bad CD.  Try a previous CD of an earlier version.  I had 3.9
 available.  The logs of the attempts are posted at:
 
  http://www.surfutopia.net/openbsd/
 
 The logs are separated by the boot log, an install log not
 including the install of the sets, and two passes of the install
 of the sets, all dying in the comp set install.
 
 I have two drives in the server.  I only installed on one (wd0).
 I have had the same types of errors when only installing on the
 second (wd1).  So, it is most likely not a problem with the
 specific drive.  However, the probability could exist.
 
 So, based on these logs, from different openbsd cd versions,
 my hypothesis is there is some weird sort of hardware problem.
 My question is, what tools do you all use to determine where
 the hardware problem could be?
 
 I have already ran the memory through the memtests.  There is
 not a problem there.
 
 I am willing to try (almost) anything to play around with
 this.  I would like to get the server up and running so I
 can move on to the next one.  No time pressure, though.
 
 Thank you in advance for any pointers you can provide.
 
 Thanks!
 
 JohnM

-- 
john mendenhall
[EMAIL PROTECTED]
surf utopia
internet services

Re: Spamd variation

[Soner Tari]

From what I understand from the post, you are suggesting a scheme
similar to what snort2pf is doing for snort and pf. In layman terms,
when snort issues an alert, snort2pf informs pf about the attacker's IP,
and pf takes an action. AFAIK, this is currently the only way to convert
snort from an IDS into an IPS on OpenBSD (snort inline works only on
Linux, if I'm not mistaken).

Similarly, when SpamAssassin or DSPAM determine that an e-mail is spam,
(again in layman terms) they inform spamd about the spammer IP and
then-after that IP is handled by spamd. Please beware this scheme does
not require any change to spamd functioning. And if implemented, it
could save processing resources of the system, because the spammers
which are not in any blacklist could be dynamically added to the spamd
blacklists and could not reach content scanners like SpamAssassin and
DSPAM, which are much more expensive in terms of processing resources.

Probably a simple shell script could do the job, which would look at
SpamAssassin logs to find out the spam score and IP address, and insert
into spamd blacklists as necessary. The only caveat is that threshold
spam score for blacklisting should be kept very high to prevent
inserting false positives into spamd blacklist.

In my experience spamd is very successful, but SpamAssassin catches some
spam e-mails that spamd misses occasionally. (After all, OpenBSD
maillists also use both, see http://www.openbsd.org/mail.html).

Please correct me if I am wrong, but I believe the OP's point was missed
in the other replies. I also would like to know what people at misc@
think about such a scheme.

On Tue, 2007-06-12 at 03:04 -0700, Praveen wrote:
 Hi,
From the man page it appears that spamd relies on 
 static information about spam originators.
 Why not a more dynamic scheme ?.
 
 Why not run the content of the mail through a spam
 detector (like dspam), find the spam score and make
 decisions based on that. I know that spam detection
 is no where near perfect but it can be used for
 assigning a 'badness score' to a site(originator of
 email). So a site keeps getting this score and the
 average (per msg) exceeds a we black list the site for
 fixed duration. Similarly for white listing.
 
 'Badness score' and also be assigned for other things,
 like trying to send to non-existant user (a typical
 spammer probe), absence of mx entry etc.
 
 
 A milter(sendmail/postfix) can be implemented for
 this.
 Thus decisions will be more dynamic and 'configuration
 free'.
 
 Does this sound reasonable ?

Re: Spamd variation

[Darren Spruell]

On 6/12/07, Soner Tari [EMAIL PROTECTED] wrote:

Probably a simple shell script could do the job, which would look at
SpamAssassin logs to find out the spam score and IP address, and insert
into spamd blacklists as necessary. The only caveat is that threshold
spam score for blacklisting should be kept very high to prevent
inserting false positives into spamd blacklist.

In my experience spamd is very successful, but SpamAssassin catches some
spam e-mails that spamd misses occasionally. (After all, OpenBSD
maillists also use both, see http://www.openbsd.org/mail.html).

Please correct me if I am wrong, but I believe the OP's point was missed
in the other replies. I also would like to know what people at misc@
think about such a scheme.


I think you summed it up; no modifications to spamd are necessary,
your post-spamd filters can modify blacklists directly with a little
ingenuity and some script-fu. Remember, it's unix. Modular. Pieces.
Simplicity.

DS

Re: A question about OpenBSD

[Todd Alan Smith]

On 6/12/07, John Tate [EMAIL PROTECTED] wrote:

I am downloading OpenBSD 4.2, I know how to use everything in that but being
young I am not too sure about the checksum format, md5 tends to rule the
world these days.

What is it called exactly?

I'm stuck with a Windows box at the moment, otherwise some thought and
pressing tab a couple of times would probably help me :p.

I probably just need to RTFM and I can make sure these FTP transfers
actually went down alright (I'm guessing they did but my router is a D-Link
turd that crashes and reboots itself sometimes). If any files have failed
ill just have to download them again.


John, you might want to consider purchasing the official OpenBSD 4.1
CD set. In your case, it may save you a lot of time and trouble with
your downloading problems. Plus, you'll get cool stickers and printed
installation instructions. Last, but not least, you'll be supporting
the project!

http://openbsd.org/items.html

-Todd

Load balancing with DSR

[Linden Varley]

Hi,

Anyone know of any load balancing software for OpenBSD that can do 
direct-server return? (our load balancers (openbsd boxes) are co-located 
and we pay for all data bandwidth).


Something like BalanceNG (which unfortunately doesnt run on OpenBSD) 
woudl be ideal.


It is generally for http layer requests but I don't think apache 
re-directs will suffice.


Cheers,
Linden.

Re: Load balancing with DSR

[bofh]

On 6/12/07, Linden Varley [EMAIL PROTECTED] wrote:

It is generally for http layer requests but I don't think apache
re-directs will suffice.


You may want to look at pound.  A lot of people seem to like it.

--
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.

Re: Load balancing with DSR

[Lars Hansson]

Linden Varley wrote:
Anyone know of any load balancing software for OpenBSD that can do 
direct-server return? (our load balancers (openbsd boxes) are co-located 
and we pay for all data bandwidth).


hoststated?

---
Lars Hansson

Re: OpenBSD router playing up

[Karl Kopp]

Hi Guys,

Its been stable since I sent the msg, and I can't replicate at will :(
I have setup SNMP and am monitoring with MRTG, so will keep an eye on
that. If it happens again, will run a few of the suggested commands,
but until then I sit and wait...

Thanks again for your suggestions...

Karl

On 6/7/07, Brian A. Seklecki [EMAIL PROTECTED] wrote:


pfctl -x loud when the SHTF

pfctl -s and netstat -s

Net-SNMP + MRTG on your interfaces?

Any errors on netstat -i ?

~BAS

On Tue, 5 Jun 2007, Open Phugu wrote:

 On 6/5/07, Karl Kopp [EMAIL PROTECTED] wrote:
 Hi All,

 I have a strange issue. We are using a OpenBSD 3.9 box running on an
 AMD64 CPU. Its doing BGP with our upstream provider and has some basic
 pf rules.

 Occasionally, the network slows to a crawl. I setup some external
 monitoring, and while a few simple HTTP checks of boxes on our network
 normally take a second or 2 (from 2 separate locations outside our
 network), this just went up to over 100 seconds and was only resolved
 by restarting the box.

 I'm learning this stuff, so am super keen if a) this is normal
 behavior (I'm guessing not) and b) how can I work out what is causing
 the problems? I've checked messages, and there is nothing strange in
 there (just some ftp-proxy 'client reset connection' and 'server
 refused connection' messages) and daemon (a few BGP updates not many).
 On restart, I get a flood of BGP updates.

 Where should I be looking? Should I just restart bgpd next time or
 does this seem like something else?? Any advice would be greatly
 appreciated!
 Post your dmesg, the contents of /etc/pf.conf and your BGP configuration
 file. Doing so will not solve your issue but it will give other members of
 the list more information about your setup.



l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
   http://www.spiritual-machines.org/

 Guilty? Yeah. But he knows it. I mean, you're guilty.
 You just don't know it. So who's really in jail?
 ~James Maynard Keenan

Spamd tarpit question

[Kevin Nelson]

Hi,

I have checked the archives and searched online but not quite found 
what I'm about to ask, and yet can't believe I'm the first one to 
ask this question.  I have several domains and look after equipment 
(including mail systems) for several clients.  All have their own 
primary and backup mail systems - some Postfix, some Exchange, some 
Symantec Mail Security.  All clients have two or three valid MX 
records.  We see a lot of spam targeting high-pref MX records.  
Some domains have a highest-pref MX record for a host that doesn't 
exist, meaning some of this spam tries to connect to a host that 
doesn't exist, and wastes a little of their time.  I'm wondering if 
a common spamd tarpit across all domains and clients - judicious 
use of -b and -4 and -s options should do the trick - sitting 
at this highest-pref MX might give me some information on email 
addresses that get targeted for spam, and tie up the spamming hosts 
for a period of time, and also (perhaps slightly) reduce spam that 
gets targeted at valid mail systems.  It should also have the 
advantage of requiring no change - other than one DNS record - for 
each client.  I have taken a vanilla 4.1-RELEASE i386 box, set 
sendmail_flags=NO and spamd_flags=-p 25 -b -4 -s 2, but I'm not 
seeing the behaviour I would expect (primarily the '-s' option I'm 
getting immediate reponse from spamd).  Ideally I want a setup that 
does not accept mail for local delivery, requires no ongoing 
configuration changes, but just takes its time with connections and 
then returns a 45x try again later message.

If this question has been asked before (or is documented elsewhere) 
please point me in that direction, and please feel free to suggest 
improvements (or flaws) with this idea, and why I might be seeing 
the immediate response rather than the one-character-every-three-
seconds behaviour.

Thanks,
Kevin

--
Bad web design can hurt your business! Click to hire a professional
http://tagline.hushmail.com/fc/CAaCXv1RYWfdyDg4DWC1FPzUZ9B5N7bk/

Re: Spamd tarpit question

[Kevin Nelson]

On Wed, 13 Jun 2007 16:19:21 +1200 Stuart Henderson 
[EMAIL PROTECTED] wrote:
On 2007/06/13 15:36, Kevin Nelson wrote:
 We see a lot of spam targeting high-pref MX records.  

Did you notice -M?

No (well yes, but mis-read low priority MX as low preference 
MX), good point, I'll take a look.

Kevin

--
Click to generate a targeted mailing list to grow your business
http://tagline.hushmail.com/fc/CAaCXv1S2s5hgBz4ncygj1ViHwvcGd4u/

Re: Load balancing with DSR

[Pierre-Yves Ritschard]

On Wed, 13 Jun 2007 10:54:58 +0800
Lars Hansson [EMAIL PROTECTED] wrote:

 Linden Varley wrote:
  Anyone know of any load balancing software for OpenBSD that can do 
  direct-server return? (our load balancers (openbsd boxes) are
  co-located and we pay for all data bandwidth).
 
 hoststated?
 
No, hoststated won't do DSR yet, neither will any load balancers on
OpenBSD.
DSR needs Layer 2 trickery that is not possible with OpenBSD.
Maybe someday, it is on my todo-list if I find a clean way to do it.

Re: FAT32 mount problem

[Nick Guenther]

On 6/12/07, Mark Voortman [EMAIL PROTECTED] wrote:

Hello folks,

After mounting a fat32 partition, the directory listings show
everything in uppercase, except when a filename contains a
combination of uppercase and lowercase characters or the extension is
not 3 characters long, then it shows the names correctly. The uppercases
are very annoying. Does anyone know how to make this work correctly?


No.
As far as I know, the OpenBSD FAT driver just does that. It's
annoying, but the FAT driver doesn't get much love (which shouldn't be
too surprising).

So, to answer you question in the technical and typical way of this
list: submit a patch.

-Nick