Re: OpenBSD email provider

[Jay Patel]

If you are already using your own email server, use it with OpenBSD it will
be best and if you are looking into GUI for openbsd or simple solution
check out http://gayatri-hitech.com/all-products/mailpigeon/

Thanks,
Jay


On Sat, Mar 15, 2014 at 10:24 PM, Jean-Francois Simon jfsimon1...@gmail.com
 wrote:

 Hello all,

 I'm looking for a secure mail provider, i fpossible using OpenBSD, also
 wondering if OpenBSD itself provides it for interested people.
 If anybody has informations thanks would be interesting to share.

 Regards

 Jeff

Re: current/macppc on a Powerbook6,1

[Martin Pieuchot]

On 17/03/14(Mon) 13:58, James Hartley wrote:
 Has the information in FAQ7.4 changed?  That indicates that virtual
 terminals are only supported on amd64, i386,  Alpha.  Zaurus has limited
 support, but with a different keystroke patterns.

Indeed since 5.4 macppc also supports virtual consoles, but nobody has
updated the FAQ yet ;)

Re: ffs2

[Craig R. Skinner]

On 2014-03-17 Mon 21:19 PM |, Adam Thompson wrote:
 OK, obviously I missed something.
 How do you resize ffs filesystems without a dump/restore step?

http://thread.gmane.org/gmane.os.openbsd.misc/207756

Re: OpenBSD email provider

[Zé Loff]

On Mon, Mar 17, 2014 at 10:02:00PM -0400, Daniel Ouellet wrote:
  The last time I checked (and it was a long time ago), GMail rewrote
  either the sender or the reply-to address with the one you use to
  authenticate the connection. Again, it might not be true now, but it
  has happened to me in the past.
 
 Look to me that you should do some research before asking.
 
 simple google search gmail relay email
 
 and second link from the answer.
 
 https://support.google.com/a/answer/2956491?hl=en
 
 Start there and see where you want to go next. But please help
 yourself.
 
 Hopefully this will help you some.
 
 Best
 
 Daniel
 

Hi Daniel

Not sure if you were replying to me or to the OP, but I'll just clarify
things for the archives. I just checked, and what I said remains true:

If you compose a mail from f...@bar.com, and use GMail as a relay, using
some GMail account's credentials (f...@gmail.com) for SMTP auth, the
recipient will get a message in which the From: field has been
rewritten from f...@bar.com to f...@gmail.com. Furthermore, the sent email
will be stored in f...@gmail.com's Sent Mail folder.

Anyway this whole discussion is pointless. If the OP is looking for a
more private ESP using GMail as a relay isn't really an option IMHO.
I just wanted to give a warning about the header rewriting.

Over and out
Zé

-- 

Re: OpenBSD email provider

[Stuart Henderson]

On 2014-03-17, Jean-Francois Simon jfsimon1...@gmail.com wrote:
 Just to mention, I'm looking for a more private ESP. As I know that 
 OpenBSD conveys an idea of security, I tend to trust a provider relying 
 on this OS.

conveys an idea of security won't help you if the provider uses bad
mail daemons or configuration or has an accident, all of which are
just as possible with OpenBSD as another OS.

Choice of mail daemon and knowledge/competence in the whole operating
environment would mean more to me than particular choice of OS.
Fastmail seemed above average to me last time I looked but this was
several years ago, I prefer self-hosting.

Re: obsd pf

[Marko Cupać]

On Tue, 18 Mar 2014 01:15:16 + (UTC)
Stuart Henderson s...@spacehopper.org wrote:

 The ruleset is now traversed in order, changes made in match rules
 are sticky and affect rules lower down in the ruleset. More
 predictable, no more oh this 'nat pass' rule which you included
 halfway down the ruleset actually takes effect before the
 'block quick' rule right at the top... so besides allowing for
 cleaner rulesets, you could say it's a security fix too.

I am using new syntax for years now, and although there are a lot of
improvements, there is also downside.

I have /24 public network, where I need to have one catch all NAT
rule, but also exceptions (smtp servers translate to other public IPs,
vpn clients to their own public IPs etc).

If I have a lot of subnets behind NAT firewall, I need to specify them
all for catch all NAT rule, listing exceptions (this is of course
shortened, actually I need to declare 100 or so networks and dozens of
exceptions):

table catchallnat { 10.20.69.0/24 10.43.26.0/22 \
  !10.20.69.15 !10.43.26.29 }
smtp = { 10.20.69.15 }
vpn  = { 10.43.26.29 }
...
match out on $ext_if inet from catchallnat to any nat-to $catchallnat
match out on $ext_if inet from $smtp to any nat-to $smtp-nat
match out on $ext_if inet from $vpn  to any nat-to $vpn-nat

I don't know if there would be negative consequences for other pf
aspects, but for me it would be better if more specific match rules
overrided more general match rules. This way I would not have to
maintain catchallnat table with list of subnets and exceptions.
-- 
Marko Cupać

Re: OpenBSD email provider

[Kevin Chadwick]

previously on this list Jean-Philippe Ouellet contributed:

 Also, absolutely sure privacy is totally respected???
 Let me know when you find a jurisdiction in which you can reasonably
 expect that to even be possible to begin with.

Yeah, I believe you have to pin STARTTLS for each host manually for it
not to be easily circumvented.

If you just wish to avoid search companies scanning your mail content
for keywords then I expect there are many providers to choose from.

Otherwise forget the server and use gpg and protect your host or look
for an ISP that gives you a static IP. I find I still have some trouble
with higher paying Cisco customers like banks though using dumb
filter methods.

-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
___

install55.fs

[sven falempin]

For usbs ?

-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: install55.fs

[Marcus MERIGHI]

sven.falem...@gmail.com (sven falempin), 2014.03.18 (Tue) 13:58 (CET):
 For usbs ?
 
is this what you are looking for?

``USB install image for OpenBSD 5.5 - TESTING REQUIRED''
http://marc.info/?l=openbsd-techm=139362793608228

Bye, Marcus

Re: OpenBSD email provider

[Craig R. Skinner]

On 2014-03-17 Mon 20:25 PM |, Jean-Francois Simon wrote:
 
 Just to mention, I'm looking for a more private ESP. As I know that
 OpenBSD conveys an idea of security, I tend to trust a provider
 relying on this OS.
 
 If you want to read documentation, become your own mail provider
 using OpenBSD.
 I have tried some time ago third solution, however I think since I
 have a local dynamic IP, I got soon identified as spam mail server
 and mails would'nt reach their destination.
 

Find an ISP that will provision a static IP address  do it yourself.
Ask around at your local BSD/Linux user groups. Until then;

Outbound: ask your ISP for their relay host detail. Normally it is
mail.isp.net or smtp.isp.net. Usually there is no authentication
required as they only allow connections from the (dynamic) IP addresses
they provide to their customers.

Inbound: Ask your ISP about an ETRN feed, which used to be popular for
businesses connected by dialup/ISDN. If they charge extra for it, ask
about the cost of a static IP connection  compare.


For off site mail, a search for OpenBSD shell hosting providers came up
with these, some of which are used by people on this list:
http://www.devio.us/help#10
http://www.grex.org/staff/system.xhtml
http://openbsd.polarhome.com/

Re: OpenBSD email provider

[James Shupe]

On 3/15/2014 11:54 AM, Jean-Francois Simon wrote:

Hello all,

I'm looking for a secure mail provider, i fpossible using OpenBSD, also
wondering if OpenBSD itself provides it for interested people.
If anybody has informations thanks would be interesting to share.

Regards

Jeff

Get an inexpensive OpenBSD VPS and do it yourself. You don't have to 
muck with your ISP at that point.



--
James Shupe

Re: OpenBSD email provider

[Giancarlo Razzolini]

Em 18-03-2014 09:44, Kevin Chadwick escreveu:
 previously on this list Jean-Philippe Ouellet contributed:

 Also, absolutely sure privacy is totally respected???
 Let me know when you find a jurisdiction in which you can reasonably
 expect that to even be possible to begin with.
 Yeah, I believe you have to pin STARTTLS for each host manually for it
 not to be easily circumvented.

 If you just wish to avoid search companies scanning your mail content
 for keywords then I expect there are many providers to choose from.

 Otherwise forget the server and use gpg and protect your host or look
 for an ISP that gives you a static IP. I find I still have some trouble
 with higher paying Cisco customers like banks though using dumb
 filter methods.

A static IP address without a meaningful reverse name mapping such as
mail.myopenbsdhomeserver.com isn't very useful. Most ISP's wont do
reverse mappings or will charge your eyeballs for it. Also, you can host
anything these days using dynamic ip addresses. If your IP address
changes you will stay a few seconds without receiving any mail, and also
may have some mail delayed, but you shouldn't lose anything. And you can
use services for relaying your mail, instead of sending them directly
from your home server. I use amazon ses and it works like a charm. It
has DKIM and most mail servers accepts their mail without any problems.

-- 
Giancarlo Razzolini
GPG: 4096R/77B981BC

Re: OpenBSD email provider

[Jan Stary]

 I'm looking for a more private ESP.

Personally, I am also fed up with people
interfering with my earthquake precognitions.

pf and nat

[Friedrich Locke]

Hi folks,

i am studying pf and a doubt arose!

Since my state policy if if-bound (set state-policy if-bound) i need two
rules for each traffic i want to pass. Is that understanding right ?

For instance, for nat i could :

pass out on tl0 from dc0:network to any nat-to tl0

pass in on dc0 from dc0:network to any

Is this understanding correct ? Or only the first rule is ok?

Thanks.

link in faq leads to inexisting page

[Marko Cupać]

Hi,

I just noticed that link FTP Reviewed:
http://www.pintday.org/whitepapers/ftp-review.shtml

...in More information on FTP section of PF: Issues with FTP:
http://www.openbsd.org/faq/pf/ftp.html#info

...leads to inexisting page.

Perhaps this could be fixed.
-- 
Marko Cupać

Re: OpenBSD email provider

[Kevin Chadwick]

On Tue, 18 Mar 2014 11:23:12 -0300
Giancarlo Razzolini wrote:

 A static IP address without a meaningful reverse name mapping such as
 mail.myopenbsdhomeserver.com isn't very useful. Most ISP's wont do
 reverse mappings or will charge your eyeballs for it.

It's perfectly useful, mail is only dropped by some idiotic systems
(already mentioned) that don't understand or care about more effective
anti spam methods or the little guy and when the big guys cause almost
all of the spam.

 Also, you can host
 anything these days using dynamic ip addresses. If your IP address
 changes you will stay a few seconds without receiving any mail, and also
 may have some mail delayed, but you shouldn't lose anything.

Except that if whoever has just been using that ip address is part of a
botnet or likes mass mailing then you may well get blocked as you have
no trackable reputation. There are things like DKIM but they aren't
universally checked yet and serve more as assurance than combating spam.
DKIM should be coupled with spf too.

Re: OpenBSD email provider

[Giancarlo Razzolini]

Em 18-03-2014 15:56, Kevin Chadwick escreveu:
 On Tue, 18 Mar 2014 11:23:12 -0300
 Giancarlo Razzolini wrote:

 It's perfectly useful, mail is only dropped by some idiotic systems
 (already mentioned) that don't understand or care about more effective
 anti spam methods or the little guy and when the big guys cause almost
 all of the spam. 
But there are still these idiotic systems that won't deliver you mail if
you do not have reverse dns name.
 Except that if whoever has just been using that ip address is part of
 a botnet or likes mass mailing then you may well get blocked as you
 have no trackable reputation. There are things like DKIM but they
 aren't universally checked yet and serve more as assurance than
 combating spam. DKIM should be coupled with spf too. 
Yes, that is why I use amazon ses for the sending part. And I also use
spf, of course.

-- 
Giancarlo Razzolini
GPG: 4096R/77B981BC

Re: link in faq leads to inexisting page

[Fred]

On 03/18/14 19:13, Marko Cupać wrote:

Hi,

I just noticed that link FTP Reviewed:
http://www.pintday.org/whitepapers/ftp-review.shtml

...in More information on FTP section of PF: Issues with FTP:
http://www.openbsd.org/faq/pf/ftp.html#info

...leads to inexisting page.

Perhaps this could be fixed.

The file was removed in some time after 2 July 2010 - but versions can 
be found on the Internet Achive:


http://web.archive.org/web/20020507140135/http://www.pintday.org/whitepapers/ftp-review.shtml

Fred

Re: OpenBSD email provider

[Ted Unangst]

On Tue, Mar 18, 2014 at 11:23, Giancarlo Razzolini wrote:

 anything these days using dynamic ip addresses. If your IP address
 changes you will stay a few seconds without receiving any mail, and also
 may have some mail delayed, but you shouldn't lose anything. And you can

Unless of course the new owner of your old IP decides to accept the mail.

Re: OpenBSD email provider

[Giancarlo Razzolini]

Em 18-03-2014 18:18, Ted Unangst escreveu:
 On Tue, Mar 18, 2014 at 11:23, Giancarlo Razzolini wrote:

 anything these days using dynamic ip addresses. If your IP address
 changes you will stay a few seconds without receiving any mail, and also
 may have some mail delayed, but you shouldn't lose anything. And you can
 Unless of course the new owner of your old IP decides to accept the mail.
Yes, there is this risk. They accept, drop the message or, in the most
extreme cases, can be malicious and accept and store the message and
you'll never know you should had received. But, with a very small ttl on
the dns record (I use 60 seconds), this risk can be reduced. Anyway, of
course you should always host your e-mail on a static ip. But it is
possible to do so on a dynamic one.

Cheers,

-- 
Giancarlo Razzolini
GPG: 4096R/77B981BC

A small package browser

[marst]

Really, nothing out of the ordinary...

Been working lately on a simple OpenBSD package browser.  No extensive
graphics, works from the terminal with navigation similar to vim.  I do this
for fun.  I find it convenient for exploring existing packages.

Small description and screenshot available here.
http://mariostg.blogspot.ca/2014/03/openbsd-sqlport-browser.html
My first blog article :).

Mario

Old Sony Vaio and ACPI problem

[hannu . vuolasaho]

Hello everyone!

I'm trying to run rather old 32-bit Sony Vaio with 5.4 fresh install.
Its chassis says
Sony-Vaio-PCG-7M1M

and dmesg
bios0: Sony Corporation VGN-FS515B

Anyway. If I have APM enabled iwi0 doesn't work. On the other hand if I 
disable apm from UKC I get thermal shutdown but iwi works. And that machine 
isn't hot. It's on my lap.


Is it possible to configure thermal shutdown off without recompiling kernel or 
will this information help to add more apm tricks to next release?


This data is collected with

SYS=Sony-Vaio-PCG-7M1M-disable-apm
mkdir $SYS; cd $SYS
acpidump -o $SYS  $SYS.aml
dmesg  $SYS.dmesg
cd ..;tar czf $SYS.tgz $SYS

http://www.cs.tut.fi/~vuolasah/openbsd_vaio/Sony-Vaio-PCG-7M1M-default-boot.tgz
http://www.cs.tut.fi/~vuolasah/openbsd_vaio/Sony-Vaio-PCG-7M1M-disable-apm.tgz

Best regards,
Hannu Vuolasaho