Re: Bernstein puts qmail in public domain
(Ugh, I wish I had noticed this message a few minutes earlier.) On 11/29/07, Tobias Weisserth [EMAIL PROTECTED] wrote: I just wanted to point out that D.J. Bernstein has put qmail in public domain. I'm not implying anything but wouldn't it be a perfect opportunity to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in OpenBSD? qmail's security record is better and many OpenBSD users prefer it to sendmail. I'm interested seeing this happen and am willing to contribute patches if they stand a chance of being accepted. :-)
Replace sendmail with qmail?
Dan Bernstein has placed qmail 1.03 into the public domain (see http://cr.yp.to/qmail/dist.html). Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy?
Re: Bernstein puts qmail in public domain
On 2007/11/30 10:41, Lars Noodin wrote: Postfix, the license isn't good for base Exim the license isn't good for base qmail never had a license - now it's in the public domain it's allowed to distribute it, but I don't like to imagine what misc@ would look like after the following release if it was to be switched in base...
Re: Bernstein puts qmail in public domain
The most logical step to me seems to be readding qmail and other DJB tools to ports. # Han
Re: ilo (ipmi) and serial console redirection
On Fri, 30 Nov 2007, holger glaess wrote: of cause , i try to setup com2 but the system says at bootpromt com port is not aviable , but if the kernel already loaded the com port is aviable. there is no setting options at the bios to change the com port from the ipmi board. Doesn't the bootloader number the com ports from zero on? AFAIR I could set the bootloader on a DL 385 to use the ILO com port via setting up com1 in boot.conf. This is a few month since I did that and I have no physical access to that machine now, so I can't look at it further. Best Regards, Markus
sendmail question
Hi, On Fri, 30.11.2007 at 15:27:15 +0100, Pete Vickers [EMAIL PROTECTED] wrote: In case it's needed (which I doubt), I'll voice my VERY strongly preference for sendmail instead of all these other pretenders. I take your plug for sendmail as an invitation to ask a sendmail question: I have a box that serves as a VPN gateway: N1 --- box in question -- Internet --- other gateway --- N2 N1 = 192.168.2.0/24 N2 = 192.168.1.0/24 Of course, on the Internet side of it, it has an official IP address. Now, I'd like to send mail, eg. the usual daily reports, via the tunnel to a mail server in N2. There is also no other way to reach that mail server except via the tunnel, and of course, I want the information transferred be protected from prying eyes. In the various sendmail configuration files, I've placed statements similar to O ClientPortOptions=Family=inet, Address=192.168.2.5 and DS [192.168.1.10] Unfortunately, sending mail that way fails because Sendmail insists in using the IP address of the interface going out to the Internet. What gives? TIA! Best, --Toni++
Re: Replace sendmail with qmail?
Does qmail have the ability to block all email concerning replacing sednmail in base? On Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky wrote: Dan Bernstein has placed qmail 1.03 into the public domain (see http://cr.yp.to/qmail/dist.html). Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy?
Re: cbb0: controller is missing in dmesg
I cvsup'd today and saw that /usr/src/sys/dev/pci/pccbb.c had been changed. I turned on all the bugging code I could, and I get in the dmesg cbb0: controller is missing. Yet right above it in the dmesg is says cbb0 at pci6 dev 4 function 0 TIPCIXX12 Cardbus I was wondering if there is something special about my laptop so that OpenBSD can't support cardbus and pcmcia? PCMCIA cards work fine in FreeBSD and Vista. This is a new paranoia check which appears to be too sensitive with TI cardbus chips. I have commited a workaround which skips this check for TI devices. Please update to pccbb.c r1.54 and pccbbvar.h r1.13 and it should work again. Miod Hi Miod, Thanks for your help but I am back to where I was in the beginning. No power gets to the PCMCIA cards. Here is the DMESG with debug options turned on. Sincerely, Rob. -- OpenBSD 4.2-current (ROBKERN2) #1: Fri Nov 30 02:03:02 PST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ROBKERN2 cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz (GenuineIntel 686-class) 2.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR real mem = 2145415168 (2046MB) avail mem = 2067042304 (1971MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/12/07, BIOS32 rev. 0 @ 0xfdbd0, SMBIOS rev. 2.4 @ 0xdc010 (19 entries) bios0: vendor Phoenix Technologies LTD version R0112N0 date 04/12/2007 bios0: Sony Corporation VGN-SZ460N pcibios0 at bios0: rev 2.1 @ 0xfdbd0/0x430 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/352 (20 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #10 is the last bus bios0: ROM list: 0xc/0xf000 0xdc000/0x4000! 0xe/0x1c00! acpi0 at mainbus0: rev 2 acpi0: tables DSDT FACP APIC HPET MCFG TCPA SLIC APIC BOOT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PWRB(S4) S1F0(S4) S1F1(S4) S1F2(S4) S1F3(S4) S1F4(S4) S1F5(S4) S1F6(S4) S1F7(S4) TLAN(S3) DLAN(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) SLT0(S4) EC0_(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PEGP) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus 6 (RP02) acpiprt4 at acpi0: bus 7 (RP03) acpiprt5 at acpi0: bus 8 (RP04) acpiprt6 at acpi0: bus 9 (PCIB) acpiec0 at acpi0 acpicpu0 at acpi0: C2 acpitz0 at acpi0: critical temperature 99 degC acpitz1 at acpi0: critical temperature 100 degC acpitz2 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibat0 at acpi0: BAT1 type LION oem Sony Corp. acpiac0 at acpi0: AC unit online acpidock at acpi0 not configured cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x060b0c2206000c22 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2000 MHz (1244 mV): speeds: 2000, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03 agp at pchb0 not configured ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03: irq 5 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor NVIDIA, unknown product 0x01d8 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 10 azalia0: codec[s]: Sigmatel 83847661, Conexant/0x2bfa, using Sigmatel 83847661 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: irq 5 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: irq 10 pci3 at ppb2 bus 6 wpi0 at pci3 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: irq 10, MoW1, address 00:19:d2:31:93:15 ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: irq 10 pci4 at ppb3 bus 7 mskc0 at pci4 dev 0 function 0 Marvell Yukon 88E8036 rev 0x16, Yukon-2 FE (0x1): irq 10 msk0 at mskc0 port A: address 00:13:a9:90:7c:69 eephy0 at msk0 phy 0: Marvell 88E3082 10/100 PHY, rev. 3 ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: irq 10 pci5 at ppb4 bus 8 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: irq 10 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: irq 10 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: irq 10 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: irq 10 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci6 at ppb5 bus 9 cbb0 at pci6 dev 4 function 0 TI PCIXX12 CardBus rev 0x00 (chipflags 2)cbb0: socket base address 0x7ff0 : intrpin A, intrtag 255 : irq 10 TI PCIXX12 FireWire rev 0x00 at pci6 dev 4 function 1 not configured TI
Re: Replace sendmail with qmail?
Wouldn't such reasoning about a gift apply equally to a BSD-license on free-as-in-beer software? Andrew Ruscica wrote: ... Why the Public Domain Isn't a License (Linux Journal) http://www.linuxjournal.com/article/6225 From the article: ... Unfortunately, such gifts are illusory. Under basic contract law, a gift cannot be enforced. The donor can retract his gift at any time, for any reason - scant security for someone intending to make long-term use of a piece of software.
Re: Postfix(chroot) and Postgresql
Thanks, Not sure if this mail is showing in correct thread - lost your mail att google server. On Fri, Nov 30, 2007 at 10:15:29PM +, Craig Skinner wrote: On Fri, Nov 30, 2007 at 10:33:04PM +0100, Bengt Frost wrote: Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Pull the user data from PostgreSQL and generate the files: /etc/sasldb2.db (copy to /var/spool/postfix/etc postfix reload) /etc/cram-md5.pwd e.g: have a cron driven perl script check for changes to the user tables in the last 15 mins if so, then generate new files. Stops PostgreSQL becoming a bottleneck when under high load (a spam attack). Ok. Not quite sure I'm following you. You mean pull user data from PostgreSQL and generate flat(db) user file for smtp-auth using p5-Authen-SASL-2.10p0 ... As your site grows, you can punt the flat files out across your mail farm from your central db/admin box, use rdist or something similar. Then pull out 'other' Postfix data maps via (f.ex) Perl script across my 'mail farm'. Not sure yet how to do it - but I figure it out. How about - using OpenLDAP? Thanks --bfrost
Re: pflog filling up /var mount every 2-3 days!
Jake Conk wrote: I have to keep coming here each couple of days to check if that is full and delete them. My question is, is this normal and I just created my /var mount too small? I think the fact that my pflog is that big is the actual problem, does anyone know of a way to fix this? Well, may be I read that wrong, but if you are going there only every few days to look if the file is filling your drive, then I guess you are not looking at the logs, so stop logging then and your problem will be gone. (; Or just log what you really need. And yes, your var was obviously to small if you fill it up every few days. So log else where on a bigger partition. Plenty of solution, but the most obvious one based on your comment is to stop logging as doesn't look like you look at the content of it.
Re: pflog filling up /var mount every 2-3 days!
Jake Conk P=P0P?P8QP0: Hello, I have my /var partitioned out to be 150mb which I thought was a enough but every 2-3 days it gets full because I end up with a pflog file that is ridiculously large! Right now I have one that is 53.6mb and I have gotten them larger like 100mb +!! Because of this my /var partition fills up and other programs have problems witting logs and stuff... Here is an example: $ ls -lah /var/log/ | grep pflog -rw--- 1 root wheel 98.0K Nov 30 18:02 pflog -rw--- 1 root wheel 53.6M Nov 30 02:00 pflog.0 -rw--- 1 root wheel 1.3M Nov 30 02:00 pflog.0.gz -rw--- 1 root wheel 2.2M Nov 30 01:00 pflog.1.gz -rw--- 1 root wheel 1.7M Nov 30 00:00 pflog.2.gz -rw--- 1 root wheel 1.7M Nov 29 23:00 pflog.3.gz -rw--- 1 root wheel 7.0M Nov 29 20:25 pflog.bad.630d9931 I have to keep coming here each couple of days to check if that is full and delete them. My question is, is this normal and I just created my /var mount too small? I think the fact that my pflog is that big is the actual problem, does anyone know of a way to fix this? Thanks, - Jake Perhaps you want to see what's inside it? Look at your pf.conf, see what you're logging and if you do need it to be logged. Remove anything unnecessary, setup newsyslogd to rotate it - there are plenty of options to solve your problem. It's all in the FAQ / man pages.
Update RAIDFrame-Enabled ISO for 4.2
Updated diff, ISO image, build instructions. http://people.collaborativefusion.com/~seklecki/obsd_wRAIDFrame.html Note: There's a small problem with my regex in install.sub that prevents scanning of RAIDFrame boot lines in dmesg.boot. The work-around from the bsd.rd shell is to: $ export MDDKDEVS=/^raid[0-9]/p $ ./upgrade Its ugly but it works. Also, don't forget to: $ cd /dev $ sh MAKEDEV raid0 $ sh MAKEDEV raid1 ...beforehand. Tested a 4.0-stable to 4.2-stable upgrade (2x) ~BAS
Listing of family practice doctors and 34 more specialties
Here is the package deal we're running for this week Board Certified Doctors in the USA 788,035 in total * 17,693 emails Featuring coverage for more than 30 specialties like Internal Medicine, Family Practice, Opthalmology, Anesthesiologists, Cardiologists and more 16 different sortable fields Pharmaceutical Companies in the US Personal email addresses (47,000 in total) and names for top level executives American Hospitals complete contact information for CEO's, CFO's, Directors and more - over 23,000 listings in total for more than 7,000 hospitals in the USA Database of American Dentists More than half a million listings [worth $499 alone!] American Chiropractors Listing Complete data for all chiropractors in America (a $250 value) Price for new customers - $394 for all 5 datasets Email us at: [EMAIL PROTECTED] valid thru Nov 30
Re: Replace sendmail with qmail?
No, I think you missed the point of the article. It's trying to say that you retain copyright like a sticky booger. Merely saying 'this stuff is in public domain now' is not enough to make it so. Strangely, it appears that you have no right put something in the public domain, it just happens 70 years after you die. (Copyright lawyers feel free to chime in here) Unfortunately for fans of djb, I think this means the license issue is still hanging tough. -B On Nov 30, 2007 3:19 PM, Andrew Hart [EMAIL PROTECTED] wrote: Wouldn't such reasoning about a gift apply equally to a BSD-license on free-as-in-beer software? Andrew Ruscica wrote: ... Why the Public Domain Isn't a License (Linux Journal) http://www.linuxjournal.com/article/6225 From the article: ... Unfortunately, such gifts are illusory. Under basic contract law, a gift cannot be enforced. The donor can retract his gift at any time, for any reason - scant security for someone intending to make long-term use of a piece of software.
Re: VPN Concentrator
On Fri, 30 Nov 2007, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. That's a tall order. In Cisco-land a VPNC3000k will run you $5k plus SMARTNet. You'll need isakmpd(8) policies. You'll need dhclient-server relay support. You'll need XAuth authentication (Possibly via PAM). You'll need IPSEC NAT-T. Maybe tie it all together with LDAP and PKI.
pflog filling up /var mount every 2-3 days!
Hello, I have my /var partitioned out to be 150mb which I thought was a enough but every 2-3 days it gets full because I end up with a pflog file that is ridiculously large! Right now I have one that is 53.6mb and I have gotten them larger like 100mb +!! Because of this my /var partition fills up and other programs have problems witting logs and stuff... Here is an example: $ ls -lah /var/log/ | grep pflog -rw--- 1 root wheel 98.0K Nov 30 18:02 pflog -rw--- 1 root wheel 53.6M Nov 30 02:00 pflog.0 -rw--- 1 root wheel 1.3M Nov 30 02:00 pflog.0.gz -rw--- 1 root wheel 2.2M Nov 30 01:00 pflog.1.gz -rw--- 1 root wheel 1.7M Nov 30 00:00 pflog.2.gz -rw--- 1 root wheel 1.7M Nov 29 23:00 pflog.3.gz -rw--- 1 root wheel 7.0M Nov 29 20:25 pflog.bad.630d9931 I have to keep coming here each couple of days to check if that is full and delete them. My question is, is this normal and I just created my /var mount too small? I think the fact that my pflog is that big is the actual problem, does anyone know of a way to fix this? Thanks, - Jake
Re: Postfix(chroot) and Postgresql
Ok, Efficiency can sometimes be important. Had no idea about this solution - have to figure out how to do it. Thanks! Is OpenLDAP something to consider. --bfrost Genadijus Paleckis wrote: Instead of that I would recommend you to use DB files generated at regular intervals instead of 'online' access to postgresql. It is less CPU expensive and much faster. But if you wish to use SQL maps I guess you may want to use 127.0.0.1 instead of local socket and of course you need to configure postgresql to accept network access. *Addition* to above: In pg_hba.conf (PosgreSQL):
Re: pflog filling up /var mount every 2-3 days!
On Fri, 30 Nov 2007, Jake Conk wrote: Hello, I have my /var partitioned out to be 150mb which I thought was a You're probably getting a lot of log hits on a default block log all at the end of your rules. You can prevent a lot of crud by doing block quicks w/o log statements for the following: -) Multicast crud (Apple users) -) Windows NetBIOS/CIFS Broadcast crap -) IPv6 Good examples can be found. ~BAS
Re: Postfix(chroot) and Postgresql
On Fri, Nov 30, 2007 at 10:33:04PM +0100, Bengt Frost wrote: Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Pull the user data from PostgreSQL and generate the files: /etc/sasldb2.db (copy to /var/spool/postfix/etc postfix reload) /etc/cram-md5.pwd e.g: have a cron driven perl script check for changes to the user tables in the last 15 mins if so, then generate new files. Stops PostgreSQL becoming a bottleneck when under high load (a spam attack). As your site grows, you can punt the flat files out across your mail farm from your central db/admin box, use rdist or something similar. DB down? DB backing up? No probs as mail still goes through until you are finished. Probably not the answers you are looking for -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: Postfix(chroot) and Postgresql
*Addition* to above: In pg_hba.conf (PosgreSQL): vmail(user) access to datab with md5 password local(and host) --bfrost Bengt Frost wrote: Hi, I am trying to use PostgreSQL as a backend for my Postfix virtual mail system and dovecot(psql) for smtp-auth. 'Postfix' is chrooted - most of it - and with MySQL socket there is no problem to auth users and use Postfix transport_maps and virtual_*_maps. I have problem with postgresql socket(.s.PGSQL.5432). Neither dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have tried to google, read OpenBSD misc and ports maillinglists with no success. Here is some files with related 'stuff': ### rc - system /etc/rc.local: # Postfix - PostgreSQL if [ -x /usr/local/bin/pg_ctl ]; then echo -n ' postgresql' su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \ -D /var/postgresql/data -l /var/postgresql/logfile \ -o '-D /var/postgresql/data' /dev/null su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp fi /etc/rc.shutdown: # Posfix - PostgreSQL if [ -f /var/postgresql/data/postmaster.pid ]; then su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \ -D /var/postgresql/data rm -f /var/postgresql/data/postmaster.pid \ /var/spool/postfix/tmp/.s.PGSQL.5432 \ /var/spool/postfix/tmp/.s.PGSQL.5432.lock \ /tmp/.s.PGSQL.5432 \ /tmp/.s.PGSQL.5432.lock fi ### Dovecot: /etc/dovecot.conf: passdb sql { args = /etc/dovecot-pgsql.conf } ... userdb sql { args = /etc/dovecot-pgsql.conf ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = _postfix group = _postfix } /etc/dovecot-pgsql: # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = CRYPT # also above schemes # Database options # UNIX socket - see host connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x ### Postfix - referensed from main.conf(pgsql: - no proxymap used): /etc/postfix/pgsql_transport: # UNIX socket - PostgreSQL - relative path(chroot) hosts = unix:/tmp/.s.PGSQL.5432 # inet: for TCP connections (default) #hosts = localhost ##hosts = 127.0.0.1 ### PostgreSQL /var/postgresql/postgresql.conf: unix_socket_directory = '/var/spool/postfix/tmp' # tmp directory in Postfix root : rwxrwxr-t permission and 'owned' by _postfix _postgresql Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Thanks! --bfrost
Is the tree borked, or am I?
The last time I built -current was Nov 22. Now I can't build the kernel. Yes, I've made the change to config ala the upgrade FAQ. I've gotten a new /usr/src/sys thinking that CVS messed up somehow, but that didn't change anything. I'm doing the standard make clean ; make depend ; make What happens during the compile is normal 'till the kernel is linked ld -Ttext 0xD0200120 -e start -N --warn-common -S -x -o bsd ${SYSTEM_OBJ} vers.o vga.o(.text+0x30a): In function `vga_selectfont': : undefined reference to `strncmp' vga.o(.text+0x33b): In function `vga_selectfont': : undefined reference to `strncmp' vga.o(.text+0xee9): In function `vga_load_font': : undefined reference to `strlcpy' wdc.o(.text+0x15a): In function `wdc_log': : undefined reference to `memset' bha.o(.text+0x82a): In function `bha_create_ccbs': : undefined reference to `memset' bha.o(.text+0x1733): In function `bha_inquire_setup_information': : undefined reference to `strlcpy' gdt_common.o(.text+0x13b8): In function `gdt_internal_cache_cmd': : undefined reference to `strlcpy' gdt_common.o(.text+0x13e3): In function `gdt_internal_cache_cmd': : undefined reference to `strlcpy' gdt_common.o(.text+0x1854): In function `gdt_internal_cmd': : undefined reference to `memset' gdt_common.o(.text+0x1d8d): In function `gdt_ioctl_inq': : undefined reference to `strlcpy' There are complaints of about 750 functions total. Have I forgotten something new? I've not had a problem like this in years. Thanks, STeve Andre'
Re: OpenBSD version / build question
Hi Patrick, Patrick Smith wrote on Fri, Nov 30, 2007 at 10:50:48AM -0800: I'm upgrading a server from OpenBSD 4.1 to 4.2 and there are a number of servers that have been done already. 'uname -a' tells me that they are: OpenBSD hostname 4.2 GENERIC#375 i386 OpenBSD hostname 4.2 GENERIC#410 i386 OpenBSD hostname 4.2 GENERIC#468 i386 375, 410, 468: Are these build numbers? Yes. But they are build numbers specific to the particular machine on which these kernels happen to have been built. So having two kernels with the same number doesn't tell you these kernels are identical, and a kernel with a larger number can be older than a kernel with a smaller number - they might have been built on different machines. And a kernel built today might still be crap if the sources were too old. Or do they mean something else? Would they signify security fixes that are important? No way to know given the information you supply. If i knew a list of official snapshot build numbers by heart, i could start guessing - but that would be just that, guesswork. Should I be concerned that they are not the same across our different servers if our goal is to keep a consistent setup? Yes! In particular, you should reconsider your procedures. If you want to keep your servers up to date, you definitely want to know who is responsible for installing what to which server and under which circumstances. And where it ought to be written down when it has been done. So if you go to some machine and the kernel it is running comes as a surprise - put bluntly, it appears you do not know what you are doing. By the way, the following command is more useful for your purpose: [EMAIL PROTECTED] $ sysctl kern.version kern.version=OpenBSD 4.2-current (GENERIC) #69: Sun Nov 18 22:43:19 CET 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC Here you see whether you are running -release, -stable or -current, and here the build number also tells you something: Here you see who (root) built the kernel when (Nov 18), on which host (athene.usta.de) and in which source tree. But don't overestimate the importance of having the right kernel installed: Unless you have documented procedures being actually followed, finding the correct kernel doesn't tell you whether userland and packages are also up to date. In fact, finding out whether userland is up to date is usually more difficult than finding out whether the kernel is OK. But no less important... You now have quite a bit of work to do: Talk to your colleagues, find out what happened, decide whether you want -stable or -current, decide who will do this kind of maintenance in the future, and then upgrade *all* machines using the official upgrade process. In case you want -stable but some already have -current (which i suspect), those need to be reinstalled from scratch. Good luck with your random kernels,-) Ingo
Postfix(chroot) and Postgresql
Hi, I am trying to use PostgreSQL as a backend for my Postfix virtual mail system and dovecot(psql) for smtp-auth. 'Postfix' is chrooted - most of it - and with MySQL socket there is no problem to auth users and use Postfix transport_maps and virtual_*_maps. I have problem with postgresql socket(.s.PGSQL.5432). Neither dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have tried to google, read OpenBSD misc and ports maillinglists with no success. Here is some files with related 'stuff': ### rc - system /etc/rc.local: # Postfix - PostgreSQL if [ -x /usr/local/bin/pg_ctl ]; then echo -n ' postgresql' su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \ -D /var/postgresql/data -l /var/postgresql/logfile \ -o '-D /var/postgresql/data' /dev/null su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp fi /etc/rc.shutdown: # Posfix - PostgreSQL if [ -f /var/postgresql/data/postmaster.pid ]; then su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \ -D /var/postgresql/data rm -f /var/postgresql/data/postmaster.pid \ /var/spool/postfix/tmp/.s.PGSQL.5432 \ /var/spool/postfix/tmp/.s.PGSQL.5432.lock \ /tmp/.s.PGSQL.5432 \ /tmp/.s.PGSQL.5432.lock fi ### Dovecot: /etc/dovecot.conf: passdb sql { args = /etc/dovecot-pgsql.conf } ... userdb sql { args = /etc/dovecot-pgsql.conf ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = _postfix group = _postfix } /etc/dovecot-pgsql: # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = CRYPT # also above schemes # Database options # UNIX socket - see host connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x ### Postfix - referensed from main.conf(pgsql: - no proxymap used): /etc/postfix/pgsql_transport: # UNIX socket - PostgreSQL - relative path(chroot) hosts = unix:/tmp/.s.PGSQL.5432 # inet: for TCP connections (default) #hosts = localhost ##hosts = 127.0.0.1 ### PostgreSQL /var/postgresql/postgresql.conf: unix_socket_directory = '/var/spool/postfix/tmp' # tmp directory in Postfix root : rwxrwxr-t permission and 'owned' by _postfix _postgresql Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Thanks! --bfrost
Re: Narrow down the stability of amd64.mp on Sun X4100 to mpi.c
Marco Peereboom wrote: I will dig my x4100 out of storage any day now. Last time I used it it was stable on i386 and amd64. Only amd64.mp is not stable ( and only in writing to the disk) , amd64 is stable as well as either i386 kernel are stable. And in case it does make a difference, it's the M2 version. Thanks for checking if you have some time. It would be very appreciated. I am still poking at it never the less. Many hours a day and all night long still. I think I reach the point where it would be a personal satisfaction way more then getting it to work. Victory over the beast I guess. So far that beast is looking down on me from it's stand still however. (; I even got myself a 12 packs for when I fell the rush of victory in the hope I might find it and it is calling me.
Re: Replace sendmail with qmail?
On Fri, Nov 30, 2007 at 01:45:02PM -0500, Andrew Ruscica wrote: On Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky wrote: Dan Bernstein has placed qmail 1.03 into the public domain (see http://cr.yp.to/qmail/dist.html). Might be worthwhile reading this (from a US legal perspective at least): Why the Public Domain Isn't a License (Linux Journal) http://www.linuxjournal.com/article/6225 From the article: ...there is nothing that permits the dumping of copyrighted works into the public domain, except as happens in due course when any applicable copyrights expire. Until those copyrights expire, no mechanism is in the law by which an owner of software can simply elect to place it in the public domain. This is exactly what I mean in my mail.
Re: removing sendmail
Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. Just to bad that this didn't happen in OpenBSD 2.9 when QMail was removed as at the time, it may had a chance to be in the default install with the numerous issues sendmail had back then. QMail is good and I sure used it for years, but now I do prefer Postfix much more and it is more with it's time now then QMail is. Now if Postfix had a BSD license, I don't know if it might not be more seriously consider, but my guess is it might not. Sendmail got much better in the last 7 years. Still bulky and yes I still don't use it, but it is not a bad mailer these days. I just prefer the configuration simplicity of Qmail, Postfix and sendmail in the order with QMail the easiest by far when you know none of them to start with. Plus for an MTA, it is surprisingly small foot print. Now if djbdns was under BSD license, I wonder if that didn't have a bigger chance to make it into the base and replace bind... But what I think is not relevant or important here, there is just a few person that may decide that for sure and at large, we are none of them. Seeing the GNU directory in the base getting smaller and have more and more BSD in OpenBSD is nice to see however. Lets give pcc time to may be make it in first and replace gcc for good over time. Interesting time.
Re: Narrow down the stability of amd64.mp on Sun X4100 to mpi.c
I will dig my x4100 out of storage any day now. Last time I used it it was stable on i386 and amd64. On Wed, Nov 28, 2007 at 10:51:00PM +1000, David Gwynne wrote: this diff cannot affect the behavior of your system. the code below deals with domain validation on SPI mpi variants while the x4100 uses SAS mpi. the code you patched isnt run on your machine. do you have these crashes on all x4100s running amd64 mp, or only on this one machine? dlg On 28/11/2007, at 6:17 PM, Daniel Ouellet wrote: Hi, I need some help here to narrow this down more or may be someone might find the answer quickly. I have pinpoint the crash/reboot for the Sun X4100 to the usage of the Ultra160: enable dual xfers, even if I think it is U360, but I could be wrong. Couldn't find the specs just yet. In any case, this is not the way to fix it and I agree that it may be very stupid, but to do my best to isolate this so far, I dig as much as I could would the documentations and specs to find a way for now in making the box rock solid. This is not a patch as I don't know how to fix it yet anyway, but here is what I did as a test to bypass the problem for now and make it rock solid and no more crash. Obviously this is wrong and what I did is simply force it to work in U80 mode instead of what it look like the mpi drive detect it and try to use the U160 mode and after some overflow or something like that when I send the data to fast, it crash. But with this below, it doesn't anymore. Again, this is not right and not very brilliant either, but I simply force it to use U80 and all bugs and crashes are now gone. This is showing up ONLY when you use the amd64.MP kernel, not when you use the single processor one, or when you use the i386 single, or mp kernel. Anyone could help me more please. I am reaching pretty soon the maximum of where I can go in this kernel part here. Best, Daniel Index: mpi.c === RCS file: /cvs/src/sys/dev/ic/mpi.c,v retrieving revision 1.89 diff -u -p -r1.89 mpi.c --- mpi.c 12 Sep 2007 13:42:49 - 1.89 +++ mpi.c 28 Nov 2007 08:07:57 - @@ -458,10 +458,10 @@ mpi_ppr(struct mpi_softc *sc, struct scs switch (try) { case 0: /* U320 */ - break; + /* break; */ case 1: /* U160 */ - pg1.req_period = 0x09; - break; + /* pg1.req_period = 0x09; */ + /* break; */ case 2: /* U80 */ pg1.req_period = 0x0a; break;
Re: removing sendmail
On 30 November 2007, Geoff Steckel [EMAIL PROTECTED] wrote: Liviu Daia wrote: On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. Given this anecdotal history I would suggest not running Postfix in a large production environment. Well, the point I was trying to make was about Postfix code being audited. But since I'm never the man to turn down a pissing contest, here we go: I have seen several installations of Sendmail go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Sendmail lovers, so I have always assumed that the installation was correct. In the many cases I saw tested replacing Sendmail with Postfix resulted in no further problems. Given this anecdotal history I would suggest not running Sendmail in a large production environment. A story just as valid as yours. :) Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: Replace sendmail with qmail?
On Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky wrote: Dan Bernstein has placed qmail 1.03 into the public domain (see http://cr.yp.to/qmail/dist.html). Might be worthwhile reading this (from a US legal perspective at least): Why the Public Domain Isn't a License (Linux Journal) http://www.linuxjournal.com/article/6225 From the article: ...there is nothing that permits the dumping of copyrighted works into the public domain, except as happens in due course when any applicable copyrights expire. Until those copyrights expire, no mechanism is in the law by which an owner of software can simply elect to place it in the public domain. and Unfortunately, such gifts are illusory. Under basic contract law, a gift cannot be enforced. The donor can retract his gift at any time, for any reason - scant security for someone intending to make long-term use of a piece of software.
OpenBSD version / build question
Hi List! I'm upgrading a server from OpenBSD 4.1 to 4.2 and there are a number of servers that have been done already. 'uname -a' tells me that they are: OpenBSD hostname 4.2 GENERIC#375 i386 OpenBSD hostname 4.2 GENERIC#410 i386 OpenBSD hostname 4.2 GENERIC#468 i386 375, 410, 468: Are these build numbers? Or do they mean something else? Would they signify security fixes that are important? Should I be concerned that they are not the same across our different servers if our goal is to keep a consistent setup? Thanks, Patrick Smith -- View this message in context: http://www.nabble.com/OpenBSD-version---build-question-tf4923181.html#a14088909 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: removing sendmail
Liviu Daia wrote: On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. Given this anecdotal history I would suggest not running Postfix in a large production environment. geoff steckel
Re: removing sendmail
Hi Antti, Except that when doing package upgrade with pkg_add the sendmail configuration (in mailer.conf) will be restored and it won't be re-enabled until manually doing postfix-enable. You have a point there. To me, however, this falls under the 'no magic' clause. I try to use as many standard operations as possible, to reduce the numbers of errors I could make. Hence the 'postfix-enable' command after any postfix install/upgrade is standard ('no magic') to me. At least it used to be like that, correct me if the pkgtools has the needed features nowadays to prevent that. Hmm... What Steve said, I guess. I didn't check, I just run 'postfix-enable'. :-) Be well... Nico
Re: Replace sendmail with qmail?
On Friday 30 November 2007 10:50:09 Gregory Edigarov wrote: Pete Vickers wrote: In case it's needed (which I doubt), I'll voice my VERY strongly preference for sendmail instead of all these other pretenders. I agree. Please do not remove sendmail. it is the most advanced opensourced mailer, I do strongly prefer it. I don't think anyone needs to worry about sendmail leaving. --STeve Andre'
Re: Performance problem with CF card on AMD CS5536 IDE
Here are some results using the Lexar Professional UDMA 300x CF drives. My favorite CF-IDE and CF-SATA converters are from Addonics http://www.addonics.com/products/flash_memory_reader/adidecf.asp Here are some typical boot messages from one of my servers with the Lexar/Addonics combo: wd0 at pciide1 channel 1 drive 0: LEXAR ATA FLASH CARD wd0: 1-sector PIO, LBA, 7631MB, 15630048 sectors wd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2 I ran the same commands that others in this thread tried, here are my results: # dd if=/dev/zero of=nulls bs=65536 count=1600 1600+0 records in 1600+0 records out 104857600 bytes transferred in 65.142 secs (1609668 bytes/sec) # dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 21.049 secs (4981460 bytes/sec) # dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 0.051 secs (2036109439 bytes/sec) # dd if=nulls of=/dev/null bs=65536 1600+0 records in 1600+0 records out 104857600 bytes transferred in 0.051 secs (2044286745 bytes/sec) # uname -a OpenBSD svn01.clark-communications.com 4.2 GENERIC#0 amd64 # sysctl hw hw.machine=amd64 hw.model=Dual Core AMD Opteron(tm) Processor 275 HE hw.ncpu=1 hw.byteorder=1234 hw.physmem=4226789376 hw.usermem=4226785280 hw.pagesize=4096 hw.disknames=cd0,wd0,sd0 hw.diskcount=3 hw.sensors.admcts0.temp0=37.00 degC (Internal) hw.sensors.admcts0.temp1=46.00 degC (External) hw.sensors.admcts0.temp2=-90.00 degC (External) hw.sensors.admcts0.fan2=2647 RPM hw.sensors.admcts0.volt0=3.30 VDC (Vbat) hw.sensors.admcts0.volt1=3.32 VDC (3.3 V standby) hw.sensors.admcts0.volt2=3.30 VDC (3.3 V main) hw.sensors.admcts0.volt3=5.41 VDC (5 V) hw.sensors.admcts0.volt4=1.17 VDC (Vccp) hw.sensors.admcts0.volt5=12.06 VDC (12 V) hw.sensors.admcts0.volt6=-0.60 VDC (-12 V) hw.sensors.arc0.drive0=online (sd0), OK hw.cpuspeed=2205 hw.vendor=RIOWORKS hw.product=HDAMA hw.serialno=0123456789
How can I get alarms about my arc/Areca raid controller?
Hello, I have an Opteron machine running OpenBSD 4.2/amd64 I have an Areca ARC-1110 RAID controller in this machine. I'd like to be able to query or get notified of alarms on the raid controller, how can I do that? I can do: # bioctl -v -q sd0 sd0: Areca, ARC-1110-VOL#00, R001, serial 000591171972 # bioctl -a get arc0 alarm is currently enabled But if I try # bioctl -v -a silence arc0 bioctl: BIOCALARM: Input/output error What do I need to do to obtain the alarm state, and reset it if necessary? Thanks Here is my dmesg: # dmesg OpenBSD 4.2-stable (GENERIC) #0: Wed Oct 24 12:44:40 PDT 2007 [EMAIL PROTECTED] :/home/4.2/src/sys/arch/amd64/compile/GENERIC real mem = 4226789376 (4030MB) avail mem = 4093644800 (3904MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.34 @ 0xfbf7c000 (33 entries) bios0: vendor Phoenix Technologies Ltd. version V1.11 date 05/10/2006 bios0: RIOWORKS HDAMA acpi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Dual Core AMD Opteron(tm) Processor 275 HE, 2205.29 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 1 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: irq 11, version 1.0, legacy support ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: irq 11, version 1.0, legacy support vga1 at pci1 dev 6 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci1 dev 7 function 0 CMD Technology SiI3114 SATA rev 0x02: DMA pciide0: using irq 5 for native-PCI interrupt usb0 at ohci0: USB revision 1.0 uhub0 at usb0: AMD OHCI root hub, rev 1.00/1.00, addr 1 usb1 at ohci1: USB revision 1.0 uhub1 at usb1: AMD OHCI root hub, rev 1.00/1.00, addr 1 pcib0 at pci0 dev 7 function 0 AMD 8111 LPC rev 0x05 pciide1 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E-N, 1.AA SCSI0 5/cdrom removable cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2 wd0 at pciide1 channel 1 drive 0: LEXAR ATA FLASH CARD wd0: 1-sector PIO, LBA, 7631MB, 15630048 sectors wd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2 amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI iic0 at amdiic0 amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic1 at amdpm0 admcts0 at iic1 addr 0x2c ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13 pci2 at ppb1 bus 2 bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 11, address 00:50:45:5f:13:ce brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:50:45:5f:13:cf brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 10 function 1 not configured ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13 pci3 at ppb2 bus 3 ppb3 at pci3 dev 1 function 0 Intel IOP331 PCIX-PCIX rev 0x0a pci4 at ppb3 bus 4 arc0 at pci4 dev 14 function 0 Areca ARC-1110 rev 0x00: irq 11 arc0: 4 SATA Ports, 256MB SDRAM, FW Version: V1.43 2007-4-17 scsibus1 at arc0: 16 targets sd0 at scsibus1 targ 0 lun 0: Areca, ARC-1110-VOL#00, R001 SCSI3 0/direct fixed sd0: 476837MB, 56514 cyl, 36 head, 480 sec, 512 bytes/sec, 976562176 sec total AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 11 function 1 not configured pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 dkcsum: wd0 matches BIOS drive 0x80 dkcsum: sd0 matches BIOS drive 0x81 root on wd0a swap on wd0b dump on wd0b
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
Hi, I am having the same issue. Have you succeed at waking up the video? Pau 2007/11/7, Mark Thomas [EMAIL PROTECTED]: On Nov 6, 2007 5:34 AM, Mark Thomas [EMAIL PROTECTED] wrote: If I close the lid on this laptop ( Thinkpad T41 ) the machine goes into a deep sleep but will not recover with OpenBSD 4.2. With 4.1 this worked flawlessly. xorg is not running during these tests. Well apparently it's just video related. The machine still responds to typed commands I just cannot see what I'm typing. :) -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Replace sendmail with qmail?
Matthew Dempsky schrieb: Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy? No. In ports yes, in base no. I don't see any advantage switching from sendmail to qmail. ...and yes, i know qmail. It was the first mailserver i get in touch with and used it for several years. But after qmail and (later) postfix, i'm nowadays using sendmail as prefered server. -- Ralph
Great posters !
Nope, this is not a spam ;) We ordered posters some time ago and they just appeared in a wall near me, I now have a Puffy watching my code and roaring if I use strcpy ;) Posters are great and high quality, thank you OpenBSD !
Re: removing sendmail
Antti Harri wrote: Except that when doing package upgrade with pkg_add the sendmail configuration (in mailer.conf) will be restored and it won't be re-enabled until manually doing postfix-enable. At least it used to be like that, correct me if the pkgtools has the needed features nowadays to prevent that. It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it.
Re: Trouble with LSI Megaraid 8204/8208XLP in 4.2
LSI decided to make non raid cards use the same marketing name as actual raid cards. Very nasty of them. We currently do not support fake raid (driver assisted) cards. On a positive note we are debating on how to possibly support some of these in the future. If anyone is familiar with metadata formats that vendors are using drop me an email. On Wed, Nov 28, 2007 at 02:50:30PM -0800, Preston Norvell wrote: Recently we were building a couple new amd64 machines and purchased a couple LSI 8204XLP's on the speculation that they would be supported in 4.2 (though only their bigger brother the 8208XLP was listed explicitly). Only slightly to our surprise did we discover that the 8204XLP's would not work. The device would be found, but instead of the RAID1 logical disk, it would report the two physical disks (RAID firmware configuration was checked/rechecked/checkedsomemore). We tried installing the OS on the low order disk just to see what would happen. The OS would install, but on subsequent boot would fail at the root device: stage. Feeling a certain amount of shame in defying the HCL, we purchased 8208XLPs as a replacement. These failed in exactly the same way. It turns out that they really are brothers in the sense that the 8204 is an 8208 card with a blank spot where the second connector would be. Then we decided to try 4.2 release (we were using -current), and the drive(s) are not seen at all by the OS installer for 4.2. We then switched to a newer -current (from Nov. 1) and ran into the same problem as the previous attempts with -current. In some looking though, we see that the card appears to be identified with the mpi driver instead of the mfi driver as it should, at least according to mfi(4). We now have two of each card here that aren't useful to us in the near term, so we would be happy to send one of each of them along to the driver dev if it would help future development. The rest of this message is the dmesg from booting off the Nov 1 -current. OpenBSD 4.2-current (RAMDISK_CD) #1295: Thu Nov 1 19:18:55 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 2146996224 (2047MB) avail mem = 2075045888 (1978MB) mainbus0 at root acpi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Dual-Core AMD Opteron(tm) Processor 2212, 2010.58 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLU SH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 NVIDIA MCP55 Memory rev 0xa2 at pci0 dev 0 function 0 not configured NVIDIA MCP55 ISA rev 0xa3 at pci0 dev 1 function 0 not configured NVIDIA MCP55 SMBus rev 0xa3 at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 NVIDIA MCP55 USB rev 0xa1: irq 7, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 NVIDIA MCP55 USB rev 0xa2: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1 pciide0 at pci0 dev 4 function 0 NVIDIA MCP55 IDE rev 0xa1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, DW-224E-V, 1.CA SCSI0 5/cdrom removable cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 5 function 0 NVIDIA MCP55 SATA rev 0xa3: DMA pciide1: using irq 11 for native-PCI interrupt pciide2 at pci0 dev 5 function 1 NVIDIA MCP55 SATA rev 0xa3: DMA pciide2: using irq 5 for native-PCI interrupt pciide3 at pci0 dev 5 function 2 NVIDIA MCP55 SATA rev 0xa3: DMA pciide3: using irq 10 for native-PCI interrupt ppb0 at pci0 dev 6 function 0 NVIDIA MCP55 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 6 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) nfe0 at pci0 dev 8 function 0 NVIDIA MCP55 LAN rev 0xa3: irq 10, address 00:30:48:7c:97:22 eephy0 at nfe0 phy 2: Marvell 88E1149 Gigabit PHY, rev. 1 nfe1 at pci0 dev 9 function 0 NVIDIA MCP55 LAN rev 0xa3: irq 11, address 00:30:48:7c:97:23 eephy1 at nfe1 phy 3: Marvell 88E1149 Gigabit PHY, rev. 1 ppb1 at pci0 dev 10 function 0 NVIDIA MCP55 PCIE rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 NEC PCIE-PCIX rev 0x07 pci3 at ppb2 bus 3 ppb3 at pci2 dev 0 function 1 NEC PCIE-PCIX rev 0x07 pci4 at ppb3 bus 4 mpi0 at pci4 dev 6 function 0 Symbios Logic SAS1068 rev 0x02: irq 5 scsibus1 at mpi0: 173 targets sd0 at scsibus1 targ 0 lun 0: ATA, WDC WD1600YS-01S, 6C06 SCSI3 0/direct fixed sd0: 157066MB, 157067 cyl, 16 head, 127 sec, 512 bytes/sec, 321672960
Re: ilo (ipmi) and serial console redirection
Markus Hennecke wrote: Doesn't the bootloader number the com ports from zero on? AFAIR I could set the bootloader on a DL 385 to use the ILO com port via setting up com1 in boot.conf. This is a few month since I did that and I have no physical access to that machine now, so I can't look at it further. The DL1xx has a very different ILO than the other HP servers. I don't have any of those, so I can't comment on the problem.
Re: VPN Concentrator
On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. If I have say a mac user at home wanting to connect into my network using the built in mac os client how should I set up the vpn server? Will it auth using usernames and passwords or is certificates only simple way to authenticate to the vpn server? How would I know which is better to use for this application out of PPTP or IPsec? Any and all input welcome. Khalid I'm embarking down the same path for what it's worth, but I'm actually doing it to eventually get rid of my Cisco 3005. My main structure though is ipsec between static fixed devices/locations and I don't need to worry about supporting PPTP or L2TP over IPSEC, or supplying addresses- yet. I think Brian A. Seklecki's response: `That's a tall order. In Cisco-land a VPNC3000k will run you $5k plus SMARTNet. You'll need isakmpd(8) policies. You'll need dhclient-server relay support. You'll need XAuth authentication (Possibly via PAM). You'll need IPSEC NAT-T. Maybe tie it all together with LDAP and PKI. Kind of hit the nail on the head of my worries as well. I'm busy enough now making a secure network between offices using an OpenBSD box as the hub, but when I need to start adapting for Road Warriors things may get tricky. For example, your Mac user at home, assuming Tiger's built in client (I'm not clear on Leopard's new VPN protocols), can only use PPTP or L2TP over IPSEC. I don't know if it's even possible to support all protocols easily on an OpenBSD concentrator, so I plan to push my Road Warriors into using clients such as VPN Tracker or The Greenbow client, though open source alternatives would be preferable. In my perfect world it would be isakmp/ipsec only for me and to hell with clients. Too bad that can't always happpen... So, anyway, lots of ramble for little benefit, but at least I know somebody else is doing it...
Re: Where/how can I set the flags for savecore during boot?
On Fri, Nov 30, 2007 at 09:19:37AM -0800, Don Jackson wrote: When I boot the machine, I see: root on wd0a swap on wd0b dump on wd0b I guess the kernel devaults to wd0b for swap and dump? it defaults to root disk, partition b (wd0b for you). But later in the boot messages I see: savecore: /dev/wd0b: Device not configured you do not actually have a /dev/wd0b, right? i think that is causing the problem. How can I configure savecore to use the real swap partition on this system? i don;t think the error message comes from savecore. the problem is there is no wd0b (i'm guessing). i think you have two solutions: - create a minimal /dev/wd0b - build a kernel telling it to use sd0b as swap. look at the config bsd root on dev [swap on dev] ... line in config(8). jmc
Re: cbb0: controller is missing in dmesg
I cvsup'd today and saw that /usr/src/sys/dev/pci/pccbb.c had been changed. I turned on all the bugging code I could, and I get in the dmesg cbb0: controller is missing. Yet right above it in the dmesg is says cbb0 at pci6 dev 4 function 0 TIPCIXX12 Cardbus I was wondering if there is something special about my laptop so that OpenBSD can't support cardbus and pcmcia? PCMCIA cards work fine in FreeBSD and Vista. This is a new paranoia check which appears to be too sensitive with TI cardbus chips. I have commited a workaround which skips this check for TI devices. Please update to pccbb.c r1.54 and pccbbvar.h r1.13 and it should work again. Miod Hi Miod, I just cvsup'd and the version of pccbb.c is still at 1.53. It must take quite a bit of time for the change to propagate. I will keep watch for the new version. Sincerely, Rob. -- Emancipate yourself from mental slavery, none but ourselves can free our minds Bob Marley, Redemption Song
Re: Replace sendmail with qmail?
In case it's needed (which I doubt), I'll voice my VERY strongly preference for sendmail instead of all these other pretenders. /Pete On 30 Nov 2007, at 10:25 AM, Matthew Dempsky wrote: On 11/30/07, Peter Hessler [EMAIL PROTECTED] wrote: That being said, its really easy to install qmail yourself and have it replace the in-tree sendmail (see mailer.conf). Right, and maybe for a future OpenBSD release you could swap the placement of sendmail and qmail in that sentence. :-) To be clear, I suggested replacing sendmail with qmail because 1) it would further OpenBSD's efforts of eliminating unacceptably licensed code and 2) I'm familiar with qmail, so I can actually contribute patches. If there's a more suitable MTA, I'd be even happier to see it go in (as long as I can keep using qmail ;-).
Re: Replace sendmail with qmail?
Pete Vickers wrote: In case it's needed (which I doubt), I'll voice my VERY strongly preference for sendmail instead of all these other pretenders. I agree. Please do not remove sendmail. it is the most advanced opensourced mailer, I do strongly prefer it. -- With best regards, Gregory Edigarov
ral-rt2860 wireless mini-pci
Greetings I am trying to use the SparkLan WMIR-215GN in a Soekris 5501. The mini-pci is not seen as a rt2860 chipset. The dmesg follows: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 500 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 536440832 (511MB) avail mem = 511070208 (487MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/71/05, BIOS32 rev. 0 @ 0xfac40 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0xa800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x30 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 6 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:00:24:c9:29:4c ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 7 function 0 VIA VT6105M RhineIII rev 0x96: irq 5, address 00:00:24:c9:29:4d ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 8 function 0 VIA VT6105M RhineIII rev 0x96: irq 9, address 00:00:24:c9:29:4e ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr3 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, address 00:00:24:c9:29:4f ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 ral0 at pci0 dev 14 function 0 Ralink RT2561S rev 0x00: irq 10, address 00:08:a1:b1:99:f3 ral0: MAC/BBP RT2561C, RF RT2527 vendor Ralink, unknown product 0x0601 (class network subclass miscellaneous, rev 0x00) at pci0 dev 17 function 0 not configured thia is the mini-pci ^ pcib0 at pci0 dev 20 function 0 AMD CS5536 ISA rev 0x03 pciide0 at pci0 dev 20 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: SanDisk SDCFH2-4096 wd0: 4-sector PIO, LBA, 3919MB, 8027712 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 21 function 0 AMD CS5536 USB rev 0x02: irq 7, version 1.0, legacy support ehci0 at pci0 dev 21 function 1 AMD CS5536 USB rev 0x02: irq 7 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: AMD EHCI root hub, rev 2.00/1.00, addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio0 at nsclpcsio0: 29 pins npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo usb1 at ohci0: USB revision 1.0 uhub1 at usb1: AMD OHCI root hub, rev 1.00/1.00, addr 1 biomask e1c5 netmask ffe5 ttymask ffe7 pctr: user-level cycle counter enabled mtrr: K6-family MTRR support (2 registers) dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b Any help Bret
X2100, no mgmt card, no sensors
Can anyone think of a better fix than disable ipmi to make sensors start showing up again on a (non-M2) X2100 without the management card? Unfortunately I don't have a spare X2100 and I'm a bit limited with what I can try on these ones. Two dmesg follow (one from October, and one from another box that still has a kernel from May where the sensors were still used). OpenBSD 4.2-current (GENERIC) #1: Mon Oct 22 22:39:43 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Opteron(tm) Processor 148 (AuthenticAMD 686-class, 1024KB L2 cache) 1.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD erratum 89 present, BIOS upgrade may be required real mem = 1072103424 (1022MB) avail mem = 1028878336 (981MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/06/06, BIOS32 rev. 0 @ 0xfa780, SMBIOS rev. 2.3 @ 0xf (41 entries) bios0: vendor Sun Microsystems version 1.1.3 date 11/06/2006 bios0: Sun Microsystems Sun Fire(TM) X2100 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xcc44 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfcb20/288 (16 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 16 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 3 5 7 10 11 pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x1600 0xce000/0x1800 ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 cpu0 at mainbus0 cpu0: Cool'n'Quiet K8 1006 MHz: speeds: 2200 2000 1800 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3 nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2 iic0 at nviic0 iic0: skipping sensors to avoid ipmi0 interactions spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM ECC PC3200CL3.0 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM ECC PC3200CL3.0 iic1 at nviic0 iic1: skipping sensors to avoid ipmi0 interactions spdmem2 at iic1 addr 0x50: 512MB DDR SDRAM ECC PC3200CL3.0 spdmem3 at iic1 addr 0x51: 512MB DDR SDRAM ECC PC3200CL3.0 ohci0 at pci0 dev 2 function 0 NVIDIA nForce4 USB rev 0xa2: irq 10, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 NVIDIA nForce4 USB rev 0xa3: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1 pciide0 at pci0 dev 6 function 0 NVIDIA nForce4 IDE rev 0xf2: DMA, channel 0 configured to compatibility, channel 1 configured to comp atibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 7 function 0 NVIDIA nForce4 SATA rev 0xf3: DMA pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: HITACHI HDS7280SASUN80G 0644MT91LM wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide2 at pci0 dev 8 function 0 NVIDIA nForce4 SATA rev 0xf3: DMA pciide2: using irq 10 for native-PCI interrupt ppb0 at pci0 dev 9 function 0 NVIDIA nForce4 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) nfe0 at pci0 dev 10 function 0 NVIDIA CK804 LAN rev 0xa3: irq 3, address 00:e0:81:5e:15:f0 eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 2 ppb1 at pci0 dev 11 function 0 NVIDIA nForce4 PCIE rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 NVIDIA nForce4 PCIE rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 NVIDIA nForce4 PCIE rev 0xa3 pci4 at ppb3 bus 4 bge0 at pci4 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 5, address 00:e0:81:5e:15:f1 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 14 function 0 NVIDIA nForce4 PCIE rev 0xa3 pci5 at ppb4 bus 5 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console usb1 at ohci0: USB revision 1.0 uhub1 at usb1 NVIDIA OHCI root hub rev 1.00/1.00 addr 1 biomask ffc5 netmask ffed ttymask ffef pctr: user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches
Re: removing sendmail
On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: Bernstein puts qmail in public domain
Hi! On Fri, Nov 30, 2007 at 11:16:37AM +0100, Pieter Verberne wrote: On Fri, Nov 30, 2007 at 09:15:34AM +, Stuart Henderson wrote: On 2007/11/30 10:41, Lars Noodin wrote: qmail never had a license - now it's in the public domain it's allowed to distribute it, but I don't like to imagine what misc@ would look like after the following release if it was to be switched in base... Just before it was in public domain: Did someone asked the author if it was accepted to put a BSD-like license on it? He allowed us to share and modify the software but had no official document about is (a license). I think he just might accept us to licence it. IIRC, on qmail, there was at least something resembling a license, but that was so restrictive that it wasn't even really good for making a *port* of qmail. Well, I'm don't know very much about licensing etc.. However, it is in public domain now. Wich I find another strange thing, while there is no 'legal way' to put something in public domain. There *is* in some jurisdictions, just not in all. Pieter Verberne Kind regards, Hannah.
Re: Replace sendmail with qmail?
Frans Haarman wrote: Did he change his djbdns license as well !? From the Google Video (http://video.google.com/videosearch?q=Bernstein+releases+code+public+domain)... After talking about shortcomings of BSD/GNU licensing... ... as a result of seeing this mess for some decades and thinking about the sources of the mess I have decided to put my future and (going through the things I've done i the past) past software into the public domain. ... and some guy next to him, raises his hands, and quietly exclaims, Yes!, before the small crowd of SAGE attendees breaks into applause. If it isn't already changed, it may be soon. -ez
Re: Bernstein puts qmail in public domain
Hi! On Fri, Nov 30, 2007 at 11:26:47AM +0100, Henning Brauer wrote: sendmail is the only one of them beeing BSD-licensed. Sendmail *used* to be BSD-licensed. There *is* a reason it got moved to .../gnu/... in the source tree even if its current license isn't exactly gpl. But its current license has some gpl-like strings attached, IIRC. Kind regards, Hannah.
Re: Bernstein puts qmail in public domain
On Fri, Nov 30, 2007 at 09:15:34AM +, Stuart Henderson wrote: On 2007/11/30 10:41, Lars Noodin wrote: qmail never had a license - now it's in the public domain it's allowed to distribute it, but I don't like to imagine what misc@ would look like after the following release if it was to be switched in base... Just before it was in public domain: Did someone asked the author if it was accepted to put a BSD-like license on it? He allowed us to share and modify the software but had no official document about is (a license). I think he just might accept us to licence it. Well, I'm don't know very much about licensing etc.. However, it is in public domain now. Wich I find another strange thing, while there is no 'legal way' to put something in public domain. Pieter Verberne
Re: Configuring sendmail openbsd 4.2
Ok definetly working now. It would be good to tweak the config a little more but it's accepting incoming and dealing with outgoing mail properly so I'm happy. thanks for all the help to everyone to replied. On 29 Nov 2007, at 23:50, Hugo Villeneuve wrote: On Thu, Nov 29, 2007 at 09:20:34AM +, Khalid Schofield wrote: ok it's still not working. I'm posting my configs here. It's not accepting incoming mail. Sendmail is set to use /etc/mail/sendmail.cf in rc.conf Incoming mail from the network? That's because of all the 127.0.0.1 and ::1 in you DAEMON_OPTION lines. You might use sendmail.cf, but you started your new .mc file by using /usr/share/sendmail/cf/openbsd-localhost.mc instead of openbsd- proto.mc. Here is the .mc script I built the config from in /usr/share/ sendmail/ cf/ ... define(`SMART_HOST','oxmail.ox.ac.uk')dnl ... # Smart relay host (may be null) DS'oxmail.ox.ac.uk' You did not quote correclty. m4 is weird like that. Quoted text for m4 start with a backward single quote ` and ends with a forward single quote '. Either quote correctly, or remove those you put around oxmail.ox.ac.uk. I think it's the ' on the .cf DS line that cause the smart host feature to fail. Also, just to say, the default OpenBSD supports smart host via the mailertable when using sendmail.cf (running sendmail without -C/etc/mail/localhost.cf flag). This in mailertable (+recompile of the hash db): . relay:[oxmail.ox.ac.uk.] Works the same as SMART_HOST. -- Hugo Villeneuve [EMAIL PROTECTED] http://EINTR.net/
Re: Bernstein puts qmail in public domain
On Nov 30, 2007 9:38 AM, Matthew Dempsky [EMAIL PROTECTED] wrote: (Ugh, I wish I had noticed this message a few minutes earlier.) On 11/29/07, Tobias Weisserth [EMAIL PROTECTED] wrote: I just wanted to point out that D.J. Bernstein has put qmail in public domain. I'm not implying anything but wouldn't it be a perfect opportunity to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in OpenBSD? qmail's security record is better and many OpenBSD users prefer it to sendmail. I'm interested seeing this happen and am willing to contribute patches if they stand a chance of being accepted. :-) I'd like to see puffy on www.openqmaild.org ;)
Re: Strange em(4) issues
On 2007/11/30 09:57, Girish Venkatachalam wrote: On 20:47:57 Nov 29, Stuart Henderson wrote: Been there, done that. If you use plaintext protocols (ftp or so) over the interface, you'll see random corruption visible in the data (e.g. directory listings). At 133MHz there's some corruption between motherboard and card. Disappears at 66MHz. Normally this would be masked by TCP checksums (you'd get packet loss, but it would mostly be corrected rather than pass corrupt packets up the stack), but the em(4) does offload TCP checksum processing to the card, so the checksum no longer covers the transfer over the PCI bus, hence the wierd protocol errors. TCP checksums or for that matter any checksum cannot catch *all* errors. Agreed, hence the mostly. Since there is a MAC computation for every packet, this will easily help you identify the problem. With this happening, you're lucky to get an ftp banner through without corruption, I don't think I ever had an SSH session setup. I already have two workarounds, one is to use the old quad em(4) with the IBM(Tundra) bridge (which work ok at 64x133 but the RJ45 sockets are the wrong way up to latch correctly in some of Supermicro's 1U cases), the other is to use the newer cards (Pericom bridge) at 66MHz. I haven't heard of this happen on other systems (and other 64x133 cards work), I suspect it's a hardware problem between H8SSL and the Pericom bridge chip.
Re: removing sendmail
On Nov 30, 2007 8:30 AM, Juan Miscaro [EMAIL PROTECTED] wrote: Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? I see that some people remove the binary and turn it off in rc.conf. Am I making any sense? Should I do anything special to sendmail when I install postfix? And what of the postfix-enable command? Is this good enough? [...] Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. Hence, if you are on a production machine, I'd suggest you to use sendmail, and not postfix. Postfix used to be my favorite too, but since the day I know how to configure and use sendmail, I feel it is the best MTA I've ever used. YMMV. -Amarendra
Re: restore hanging on an unusual file name
On 29/11/2007, at 9:21 PM, Richard Toohey wrote: On 21/11/2007, at 10:48 PM, Otto Moerbeek wrote: I think dump should 'vis' the filenames it prints. -Otto [cut] (Just done some more testing before posting and realized that I have only looked at verbose mode ls, so still got more work to do - but it only seems to be verbose mode that causes the xterm hang, and I'd like feedback anyway.) [cut] So I look at interactive.c some more to see why non-verbose mode works, and I would very much appreciate some advice on this ... /usr/src/sbin/restore/interactive.c c. line 509 (4.2 RELEASE) is print_list() - invoked when an 'ls' command is used. c. line 526 it calls mkentry() - c. line 592 mkentry() definition ... and it looks at filenames c. line 600: 600 for (cp = fp-fname; *cp; cp++) 601 if (!vflag (*cp ' ' || *cp = 0177)) 602 *cp = '?'; 603 fp-len = cp - fp-fname; Why does it only replace the characters (less than spc or = del) in NON-verbose mode? What would the reasoning behind that be? A simpler (but less correct?) non-vis fix would be to drop the vflag test. I tried that and it worked. I could drop the test and change mkentry to store the vis()d filenames (but potentially 4x space required for each name - guess could vis and copy back again - more thinking required.) Thanks. The patch: # diff -uw /usr/src/sbin/restore/interactive.c interactive.c [cut] And the patch is not a patch because of spaces replacing tabs (still working on how to fix that in my mail client) - thanks for the feedback.
Re: Replace sendmail with qmail?
On Nov 30, 2007 9:27 AM, Matthew Dempsky [EMAIL PROTECTED] wrote: Dan Bernstein has placed qmail 1.03 into the public domain (see http://cr.yp.to/qmail/dist.html). Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy? This would be very cool. I am totally in love with qmail, it hasnt failed me yet. Did he change his djbdns license as well !?
Re: cbb0: controller is missing in dmesg
I cvsup'd today and saw that /usr/src/sys/dev/pci/pccbb.c had been changed. I turned on all the bugging code I could, and I get in the dmesg cbb0: controller is missing. Yet right above it in the dmesg is says cbb0 at pci6 dev 4 function 0 TIPCIXX12 Cardbus I was wondering if there is something special about my laptop so that OpenBSD can't support cardbus and pcmcia? PCMCIA cards work fine in FreeBSD and Vista. This is a new paranoia check which appears to be too sensitive with TI cardbus chips. I have commited a workaround which skips this check for TI devices. Please update to pccbb.c r1.54 and pccbbvar.h r1.13 and it should work again. Miod
Re: [plz. help] constant attack from: 201.244.17.162, 222.231.60.88, 82.207.116.209....
On Mon, Nov 26, 2007 at 06:56:51PM -0800, badeguruji wrote: I just discovered by chance that, someone is constantly trying to break into my openbsd box from: My box is behind router-NAT which is allowing ssh. Try something like this, drops ssh connections from IPs that try more than 5 times per minute: table ssh_scanners persist set block-policy drop block all block return in log on $lan_if block return out log on $lan_if block return out log on $ext_if pass in log on $ext_if inet proto tcp from any port 1023 \ to $ext_if port ssh modulate state \ (max-src-conn-rate 5/60, overload ssh_scanners) block in log on $ext_if inet proto tcp from ssh_scanners to $ext_if port ssh -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: ilo (ipmi) and serial console redirection
hi of cause , i try to setup com2 but the system says at bootpromt com port is not aviable , but if the kernel already loaded the com port is aviable. there is no setting options at the bios to change the com port from the ipmi board. holger -Urspr|ngliche Nachricht- Von: Stijn [EMAIL PROTECTED] Gesendet: 29.11.07 22:40:22 An: holger glaess [EMAIL PROTECTED] Betreff: Re: ilo (ipmi) and serial console redirection Hi, At the boot prompt can you enter set tty com2? Does it redirect correctly now? If so add the command to /etc/boot.conf. You have to take care on how to setup the ilo in bios. I don't have a system around here, but I remember openbsd and ilo fighting over a com port. Setting the correct bios settings allowed me to redirect console to a specific com port. HTH, Stijn holger glaess wrote: hi i try to setup the last days the console redirection on al HP DL 145 G2 with ipmi board ( ilo standard ) the most works i see the post bios output and the first lines of der boot console of openbsd but there is a first error message that the com0 is not aviable and this ist true. the ipmi / ilo hardware together with the hp box redirect everything to com2 and it is not possible to chnage the com port by hardware. is there an existing solution to change the existing limit of openbsd that h is able to use other com ports than com0 . ( at the openbsd faq is written that on amd64 / i386 systems only possible to use the com0 port ) any suggest for me ? holger
Re: VPN Concentrator
On Dec 1, 2007, at 12:37 AM, visc wrote: On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. If I have say a mac user at home wanting to connect into my network using the built in mac os client how should I set up the vpn server? Will it auth using usernames and passwords or is certificates only simple way to authenticate to the vpn server? How would I know which is better to use for this application out of PPTP or IPsec? Any and all input welcome. Khalid I'm embarking down the same path for what it's worth, but I'm actually doing it to eventually get rid of my Cisco 3005. My main structure though is ipsec between static fixed devices/locations and I don't need to worry about supporting PPTP or L2TP over IPSEC, or supplying addresses- yet. I think Brian A. Seklecki's response: `That's a tall order. In Cisco-land a VPNC3000k will run you $5k plus SMARTNet. You'll need isakmpd(8) policies. You'll need dhclient-server relay support. You'll need XAuth authentication (Possibly via PAM). You'll need IPSEC NAT-T. Maybe tie it all together with LDAP and PKI. Kind of hit the nail on the head of my worries as well. I'm busy enough now making a secure network between offices using an OpenBSD box as the hub, but when I need to start adapting for Road Warriors things may get tricky. For example, your Mac user at home, assuming Tiger's built in client (I'm not clear on Leopard's new VPN protocols), can only use PPTP or L2TP over IPSEC. I don't know if it's even possible to support all protocols easily on an OpenBSD concentrator, so I plan to push my Road Warriors into using clients such as VPN Tracker or The Greenbow client, though open source alternatives would be preferable. In my perfect world it would be isakmp/ipsec only for me and to hell with clients. Too bad that can't always happpen... I haven't been following this thread, but I saw your post and thought I'd add some bits for you to consider. First, you mention that Mac OS X only supports PPTP or L2TP over IPSec. This is not true. I've used OpenVPN (via tunnelblick) and the Cisco VPN client. OpenBSD has solutions that will support both of those clients. Would it be nice to have XAUTH support? Sure, but don't hold your breath. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Is the tree borked, or am I?
On Friday 30 November 2007 15:15:52 STeve Andre' wrote: The last time I built -current was Nov 22. Now I can't build the kernel. Yes, I've made the change to config ala the upgrade FAQ. I've gotten a new /usr/src/sys thinking that CVS messed [snip] Never mind -- I am. Another machine seems to compile perfectly. --STeve
Re: ral-rt2860 wireless mini-pci
On 11/30/07, Bret [EMAIL PROTECTED] wrote: I am trying to use the SparkLan WMIR-215GN in a Soekris 5501. The mini-pci is not seen as a rt2860 chipset. The dmesg follows: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 I believe initial work for the rt2860 chipset is only in -current at this time--you might want to give the latest snapshot a spin.
Questions about bioctl and arc/Areca
Hello, I am have an Opteron machine running OpenBSD 4.2/amd64. This machine has an Areca AC-1110 raid controller. Among other things, I would like to either query or ideally be notified if the controller goes into alarm. How can I do that? I can do: # bioctl -v -q sd0 sd0: Areca, ARC-1110-VOL#00, R001, serial 000591171972 and # bioctl -a get arc0 alarm is currently enabled
Re: Bernstein puts qmail in public domain
On 2007/11/30 01:56, Tobias Weisserth wrote: sendmail (GNU GPL) Despite being in /usr/src/gnu, Sendmail is not GPL. qmail's security record is better and many OpenBSD users prefer it to sendmail. And many don't. Maybe it's time to put it back into ports, though.
Bernstein puts qmail in public domain
Hi everybody, I just wanted to point out that D.J. Bernstein has put qmail in public domain. I'm not implying anything but wouldn't it be a perfect opportunity to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in OpenBSD? qmail's security record is better and many OpenBSD users prefer it to sendmail. http://cr.yp.to/qmail/dist.html I hereby place the qmail package (in particular, qmail-1.03.tar.gz, with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public domain. You are free to modify the package, distribute modified versions, etc. regards, Tobias W.
Re: Bernstein puts qmail in public domain
* Lars Noodin [EMAIL PROTECTED] [2007-11-30 10:07]: Tobias Weisserth wrote: ... I just wanted to point out that D.J. Bernstein has put qmail in public domain. ... I'm curious about why sendmail was chosen to be in the default setup over Postfix, Exim or qmail. These all have improved a lot and it may be time for a re-evaluation. exim is an insecure piece of shit that makes old sendmail look good. besides, it is not free. postfix is not free. qmail used to be not free. and it is weird. sendmail is the only one of them beeing BSD-licensed. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Bernstein puts qmail in public domain
Tobias Weisserth wrote: ... I just wanted to point out that D.J. Bernstein has put qmail in public domain. ... I'm curious about why sendmail was chosen to be in the default setup over Postfix, Exim or qmail. These all have improved a lot and it may be time for a re-evaluation. -Lars
Re: Replace sendmail with qmail?
On 11/30/07, Peter Hessler [EMAIL PROTECTED] wrote: That being said, its really easy to install qmail yourself and have it replace the in-tree sendmail (see mailer.conf). Right, and maybe for a future OpenBSD release you could swap the placement of sendmail and qmail in that sentence. :-) To be clear, I suggested replacing sendmail with qmail because 1) it would further OpenBSD's efforts of eliminating unacceptably licensed code and 2) I'm familiar with qmail, so I can actually contribute patches. If there's a more suitable MTA, I'd be even happier to see it go in (as long as I can keep using qmail ;-).
Re: Replace sendmail with qmail?
qmail has a seperate set of problems beyond its license. That being said, its really easy to install qmail yourself and have it replace the in-tree sendmail (see mailer.conf). On 2007 Nov 30 (Fri) at 00:27:32 -0800 (-0800), Matthew Dempsky wrote: :Dan Bernstein has placed qmail 1.03 into the public domain (see :http://cr.yp.to/qmail/dist.html). Is there any interest in replacing :sendmail with it to remove another component from the src/gnu/ :hierarchy? : -- You must realize that the computer has it in for you. The irrefutable proof of this is that the computer always does what you tell it to do.
Re: removing sendmail
Hi Juan, Am I making any sense? Not to me. But it depends on your situation. Should I do anything special to sendmail when I install postfix? No. Just follow the instructions after installing postfix. And what of the postfix-enable command? Is this good enough? Almost. Apply the changes to rc.conf.local and root's crontab and you're good to go. Any upgrade can then be like any other regular upgrade; nothing to worry about. No magic. HTH... Nico
PCI ID rules to be included in pcidevs
Quick question on the rules of this if I may. What's the rules, kind of used to determine when new PCI ID can be put in the pcidevs in the tree? If I find new ID's, do they need to be verify by users first, etc? In looking at my SAS problem, I find that Symbios Logic may have 0x0066 Symbios Logic Inc. / NCR|MegaRAID SCSI 320-2XRWS And that ID is not in the tree yet. So, to be included there, do you need the data sheet or something from the company, or you put them as possible one and finalize them when the hardware is tested, or what's the process for that? What do you required if I come across others like that to be useful? Best, Daniel
VPN Concentrator
Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. If I have say a mac user at home wanting to connect into my network using the built in mac os client how should I set up the vpn server? Will it auth using usernames and passwords or is certificates only simple way to authenticate to the vpn server? How would I know which is better to use for this application out of PPTP or IPsec? Any and all input welcome. Khalid
Re: VPN Concentrator
Khalid Schofield wrote: ... How would I know which is better to use ... Definitely not PPTP: http://www.vpnc.org/vpn-standards.html IPsec or SSL seems
Re: Bernstein puts qmail in public domain
On Nov 30, 2007 6:16 PM, Pieter Verberne [EMAIL PROTECTED] wrote: Just before it was in public domain: Did someone asked the author if it was accepted to put a BSD-like license on it? He allowed us to share and modify the software but had no official document about is (a license). I think he just might accept us to licence it. Yes, the discussion is in the archives and no he didnt. qmail had a weird license. --- Lars Hansson
Re: removing sendmail
On Fri, 30 Nov 2007, Nico Meijer wrote: And what of the postfix-enable command? Is this good enough? Almost. Apply the changes to rc.conf.local and root's crontab and you're good to go. Any upgrade can then be like any other regular upgrade; nothing to worry about. No magic. Except that when doing package upgrade with pkg_add the sendmail configuration (in mailer.conf) will be restored and it won't be re-enabled until manually doing postfix-enable. At least it used to be like that, correct me if the pkgtools has the needed features nowadays to prevent that. -- Antti Harri
Re: OpenBSD 4.2 not booting on alix2c2
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: The alix board is straight out of the box - with whichever bios PC Engines had on it when it was shipped out a week ago. try a different bios, there have been 6 new versions so far this month. Thanks for your help. The problem was that I had the CF plugged into my secondary hard drive slot when installing the OS (wd1), then trying to run it on wd0. For the sake of personal comfort I did a re-install in the primary slot after which every thing ran beautifully. John
Re: Replace sendmail with qmail?
hmm, on Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky said that Dan Bernstein has placed qmail 1.03 into the public domain (see http://cr.yp.to/qmail/dist.html). Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy? everyone seems to think about s/sendmail/qmail/g but there is another quite obvious possibility: simply adding it besides sendmail... that would of course be almost totally the same as having it in the ports. but interesting times, interesting times definitely, qmail becoming PD. 2 roadblocks are gone: qmail's code quality is on par with openbsd's, the license is now sweet, so only the third remains: it's weirdness. people who like the unix way of life will note that DNB likes to ignore hier(7) and some other peculiarities. but now that the source is PD, those are not a real problems anymore... if i had to guess, i'd say it won't get in (use it from the ports) and somehow i just can't imagine a /. article called qmail now openbsd's default mta :] -f ps. a) i am a postfix person b) i am not a fan of openbsd's built-in programs. i think sendmail should be in ports too, just as IE should not be part of windows. -f -- everyone has a photographic memory, some don't have film.
Where/how can I set the flags for savecore during boot?
I'm running OpenBSD 4.2/amd64 on an Opteron machine. I boot off of wd0, which is a flash disk. I also have sd0, which I use for more frequently writable partitons (swap, var, tmp, etc) (sdo is really a set of raid disks managed by an areca disk controller) Here is my /etc/fstab: # more /etc/fstab /dev/wd0a / ffs rw 1 1 /dev/wd0g /home ffs rw,nodev,nosuid 1 2 /dev/sd0f /home2 ffs rw,nodev,nosuid 1 2 /dev/sd0d /tmp ffs rw,nodev,nosuid 1 2 /dev/wd0e /usr ffs rw,nodev 1 2 /dev/sd0e /var ffs rw,nodev,nosuid 1 2 /dev/sd0b none swap sw 0 0 Note wd0b is not specified, and sd0b is. When I boot the machine, I see: root on wd0a swap on wd0b dump on wd0b I guess the kernel devaults to wd0b for swap and dump? Anyway, the next log line is: swapctl: adding /dev/sd0b as swap device at priority 0 So that seems good, it is picking up the real swap space out of /etc/fstab (after the machine boots, I run: # swapctl -l Device 512-blocks UsedAvail Capacity Priority /dev/sd0b 84019320 8401932 0%0 so that seems consistent that the kernel is using sd0b for swap) But later in the boot messages I see: savecore: /dev/wd0b: Device not configured Presumably this is because rc.conf has: savecore_flags= # -z to compress and /etc/rc has: if [ -d /var/crash ]; then savecore ${savecore_flags} /var/crash fi So, how can fix it so savecore executes successfully in the rc script? After the machine booted, I tried running # savecore /dev/sd0b savecore: /dev/wd0b: Device not configured thinking that if I just specified the actual swap partition it would work, but clearly it didn't. How can I configure savecore to use the real swap partition on this system? Don
Re: OpenBSD version / build question
I believe #375 is RELEASE from Aug 28 2007, that's what's in /pub/OpenBSD/4.2/i386. Don't know where you're getting the others from, snapshots? It'd be nice if you mentioned your upgrade steps. On Nov 30, 2007 10:50 AM, patrimith [EMAIL PROTECTED] wrote: Hi List! I'm upgrading a server from OpenBSD 4.1 to 4.2 and there are a number of servers that have been done already. 'uname -a' tells me that they are: OpenBSD hostname 4.2 GENERIC#375 i386 OpenBSD hostname 4.2 GENERIC#410 i386 OpenBSD hostname 4.2 GENERIC#468 i386 375, 410, 468: Are these build numbers? Or do they mean something else? Would they signify security fixes that are important? Should I be concerned that they are not the same across our different servers if our goal is to keep a consistent setup? Thanks, Patrick Smith -- View this message in context: http://www.nabble.com/OpenBSD-version---build-question-tf4923181.html#a14088909 Sent from the openbsd user - misc mailing list archive at Nabble.com. -- Ticketmaster and Ticketweb suck, but everyone knows that: http://ticketmastersucks.org http://lodesertprotosites.org Dethink to survive - Mclusky
Re: Postfix(chroot) and Postgresql
Instead of that I would recommend you to use DB files generated at regular intervals instead of 'online' access to postgresql. It is less CPU expensive and much faster. But if you wish to use SQL maps I guess you may want to use 127.0.0.1 instead of local socket and of course you need to configure postgresql to accept network access. Bengt Frost wrote: *Addition* to above: In pg_hba.conf (PosgreSQL): vmail(user) access to datab with md5 password local(and host) --bfrost Bengt Frost wrote: Hi, I am trying to use PostgreSQL as a backend for my Postfix virtual mail system and dovecot(psql) for smtp-auth. 'Postfix' is chrooted - most of it - and with MySQL socket there is no problem to auth users and use Postfix transport_maps and virtual_*_maps. I have problem with postgresql socket(.s.PGSQL.5432). Neither dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have tried to google, read OpenBSD misc and ports maillinglists with no success. Here is some files with related 'stuff': ### rc - system /etc/rc.local: # Postfix - PostgreSQL if [ -x /usr/local/bin/pg_ctl ]; then echo -n ' postgresql' su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \ -D /var/postgresql/data -l /var/postgresql/logfile \ -o '-D /var/postgresql/data' /dev/null su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp fi /etc/rc.shutdown: # Posfix - PostgreSQL if [ -f /var/postgresql/data/postmaster.pid ]; then su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \ -D /var/postgresql/data rm -f /var/postgresql/data/postmaster.pid \ /var/spool/postfix/tmp/.s.PGSQL.5432 \ /var/spool/postfix/tmp/.s.PGSQL.5432.lock \ /tmp/.s.PGSQL.5432 \ /tmp/.s.PGSQL.5432.lock fi ### Dovecot: /etc/dovecot.conf: passdb sql { args = /etc/dovecot-pgsql.conf } ... userdb sql { args = /etc/dovecot-pgsql.conf ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = _postfix group = _postfix } /etc/dovecot-pgsql: # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = CRYPT # also above schemes # Database options # UNIX socket - see host connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x ### Postfix - referensed from main.conf(pgsql: - no proxymap used): /etc/postfix/pgsql_transport: # UNIX socket - PostgreSQL - relative path(chroot) hosts = unix:/tmp/.s.PGSQL.5432 # inet: for TCP connections (default) #hosts = localhost ##hosts = 127.0.0.1 ### PostgreSQL /var/postgresql/postgresql.conf: unix_socket_directory = '/var/spool/postfix/tmp' # tmp directory in Postfix root : rwxrwxr-t permission and 'owned' by _postfix _postgresql Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Thanks! --bfrost
Re: pflog filling up /var mount every 2-3 days!
On Nov 30, 2007 7:47 PM, NetOne - Doichin Dokov [EMAIL PROTECTED] wrote: Jake Conk P=P0P?P8Q P0: Hello, I have my /var partitioned out to be 150mb which I thought was a enough but every 2-3 days it gets full because I end up with a pflog file that is ridiculously large! Right now I have one that is 53.6mb and I have gotten them larger like 100mb +!! Because of this my /var partition fills up and other programs have problems witting logs and stuff... Here is an example: $ ls -lah /var/log/ | grep pflog -rw--- 1 root wheel 98.0K Nov 30 18:02 pflog -rw--- 1 root wheel 53.6M Nov 30 02:00 pflog.0 -rw--- 1 root wheel 1.3M Nov 30 02:00 pflog.0.gz -rw--- 1 root wheel 2.2M Nov 30 01:00 pflog.1.gz -rw--- 1 root wheel 1.7M Nov 30 00:00 pflog.2.gz -rw--- 1 root wheel 1.7M Nov 29 23:00 pflog.3.gz -rw--- 1 root wheel 7.0M Nov 29 20:25 pflog.bad.630d9931 I have to keep coming here each couple of days to check if that is full and delete them. My question is, is this normal and I just created my /var mount too small? I think the fact that my pflog is that big is the actual problem, does anyone know of a way to fix this? Thanks, - Jake Perhaps you want to see what's inside it? Look at your pf.conf, see what you're logging and if you do need it to be logged. Remove anything unnecessary, setup newsyslogd to rotate it - there are plenty of options to solve your problem. It's all in the FAQ / man pages. Thanks guys for your replies... I'll try to cut down on the all the useless logging I'm doing but when I opened the log files up to see what was inside them I only saw all this binary stuff. I assume thats not what's supposed to be in the pflogs right? Any ideas why I'm getting binary stuff in the logs? Thanks, - Jake
Re: pflog filling up /var mount every 2-3 days!
On 1/12/2007, at 7:23 PM, Jake Conk wrote: Thanks guys for your replies... I'll try to cut down on the all the useless logging I'm doing but when I opened the log files up to see what was inside them I only saw all this binary stuff. I assume thats not what's supposed to be in the pflogs right? Any ideas why I'm getting binary stuff in the logs? Thanks, - Jake http://www.openbsd.org/faq/pf/index.html http://www.openbsd.org/faq/pf/logging.html http://www.openbsd.org/faq/pf/logging.html#logfile See tcpdump.
Re: pflog filling up /var mount every 2-3 days!
Jake Conk wrote: Thanks guys for your replies... I'll try to cut down on the all the useless logging I'm doing but when I opened the log files up to see what was inside them I only saw all this binary stuff. I assume thats not what's supposed to be in the pflogs right? Any ideas why I'm getting binary stuff in the logs? I guess this show you just don't need to log things here as you never read them. man(8) pflogd Display binary logs: # tcpdump -n -e -ttt -r /var/log/pflog And go read the faq on openbsd.org. They are a very big source of informations. It's all there, so help yourself. http://openbsd.org/faq/pf/logging.html Hope this help you some. Best, Daniel
Re: VPN Concentrator
On 30-Nov-07, at 9:57 PM, Jason Dixon wrote: On Dec 1, 2007, at 12:37 AM, visc wrote: On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. If I have say a mac user at home wanting to connect into my network using the built in mac os client how should I set up the vpn server? Will it auth using usernames and passwords or is certificates only simple way to authenticate to the vpn server? How would I know which is better to use for this application out of PPTP or IPsec? Any and all input welcome. Khalid I'm embarking down the same path for what it's worth, but I'm actually doing it to eventually get rid of my Cisco 3005. My main structure though is ipsec between static fixed devices/locations and I don't need to worry about supporting PPTP or L2TP over IPSEC, or supplying addresses- yet. I think Brian A. Seklecki's response: `That's a tall order. In Cisco-land a VPNC3000k will run you $5k plus SMARTNet. You'll need isakmpd(8) policies. You'll need dhclient-server relay support. You'll need XAuth authentication (Possibly via PAM). You'll need IPSEC NAT-T. Maybe tie it all together with LDAP and PKI. Kind of hit the nail on the head of my worries as well. I'm busy enough now making a secure network between offices using an OpenBSD box as the hub, but when I need to start adapting for Road Warriors things may get tricky. For example, your Mac user at home, assuming Tiger's built in client (I'm not clear on Leopard's new VPN protocols), can only use PPTP or L2TP over IPSEC. I don't know if it's even possible to support all protocols easily on an OpenBSD concentrator, so I plan to push my Road Warriors into using clients such as VPN Tracker or The Greenbow client, though open source alternatives would be preferable. In my perfect world it would be isakmp/ipsec only for me and to hell with clients. Too bad that can't always happpen... I haven't been following this thread, but I saw your post and thought I'd add some bits for you to consider. First, you mention that Mac OS X only supports PPTP or L2TP over IPSec. This is not true. I've used OpenVPN (via tunnelblick) and the Cisco VPN client. OpenBSD has solutions that will support both of those clients. Would it be nice to have XAUTH support? Sure, but don't hold your breath. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net Thanks, it's good to know not to get too excited about XAUTH. This is all new territory for me. I was only referring to the built-in osx client via Internet Connect.app. Though the Cisco VPN client is actually what is driving my desire to move away from Cisco. My support contracts have run out with Cisco, and I'm too much of a paranoid soul to use Cisco clients I find via other means. Yet incompatibility has once again struck me. And Khalid - sorry to hijack your thread. Most of my road warriors are going to be on macs and too cheap to purchase VPN Tracker. Any successes I gave I'll certainly share. Cheers
Re: pflog filling up /var mount every 2-3 days!
Brian A. Seklecki ?: On Fri, 30 Nov 2007, Jake Conk wrote: Hello, I have my /var partitioned out to be 150mb which I thought was a You're probably getting a lot of log hits on a default block log all at the end of your rules. You can prevent a lot of crud by doing block quicks w/o log statements for the following: -) Multicast crud (Apple users) -) Windows NetBIOS/CIFS Broadcast crap -) IPv6 Good examples can be found. ~BAS Hi, Jake, You are absolutly correct - 150 mb is too small for /var partition and only configuring of PF logging will not be enought. But I am sure that it is good idea to keep all the the information of pflog files. So, you have several ways to solve this problem: 1) Make a directory on some bigger partition and setup newsyslog by editing /etc/newsyslog.conf to store archieved logs in that folder. 2) Move log folder to some bigger partition and create symbolic link to that place in /var partition. PS: And never stop logging, truth is in the logs. Regards, Ivan Hudiakov