Re: Bernstein puts qmail in public domain

[Matthew Dempsky]

(Ugh, I wish I had noticed this message a few minutes earlier.)

On 11/29/07, Tobias Weisserth [EMAIL PROTECTED] wrote:
 I just wanted to point out that D.J. Bernstein has put qmail in public
 domain. I'm not implying anything but wouldn't it be a perfect opportunity
 to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in
 OpenBSD? qmail's security record is better and many OpenBSD users prefer it
 to sendmail.

I'm interested seeing this happen and am willing to contribute patches
if they stand a chance of being accepted. :-)

Replace sendmail with qmail?

[Matthew Dempsky]

Dan Bernstein has placed qmail 1.03 into the public domain (see
http://cr.yp.to/qmail/dist.html).  Is there any interest in replacing
sendmail with it to remove another component from the src/gnu/
hierarchy?

Re: Bernstein puts qmail in public domain

[Stuart Henderson]

On 2007/11/30 10:41, Lars Noodin wrote:
 Postfix,

the license isn't good for base

 Exim

the license isn't good for base

 qmail

never had a license - now it's in the public domain it's allowed
to distribute it, but I don't like to imagine what misc@ would look
like after the following release if it was to be switched in base...

Re: Bernstein puts qmail in public domain

[Han Boetes]

The most logical step to me seems to be readding qmail and other
DJB tools to ports.



# Han

Re: ilo (ipmi) and serial console redirection

[Markus Hennecke]

On Fri, 30 Nov 2007, holger glaess wrote:


of cause , i try to setup com2 but the system says at bootpromt com port is
not aviable , but if the kernel
already loaded the com port is aviable.

there is no setting options at the bios to change the com port from the ipmi
board.


Doesn't the bootloader number the com ports from zero on? AFAIR I could 
set the bootloader on a DL 385 to use the ILO com port via setting up com1 
in boot.conf. This is a few month since I did that and I have no physical 
access to that machine now, so I can't look at it further.


Best Regards,
   Markus

sendmail question

[Toni Mueller]

Hi,

On Fri, 30.11.2007 at 15:27:15 +0100, Pete Vickers [EMAIL PROTECTED] wrote:
 In case it's needed (which I doubt), I'll voice my VERY strongly  
 preference for sendmail instead of all these other pretenders.

I take your plug for sendmail as an invitation to ask a sendmail
question:

I have a box that serves as a VPN gateway:

N1 --- box in question -- Internet --- other gateway --- N2

N1 = 192.168.2.0/24
N2 = 192.168.1.0/24

Of course, on the Internet side of it, it has an official IP address.

Now, I'd like to send mail, eg. the usual daily reports, via the tunnel
to a mail server in N2. There is also no other way to reach that mail
server except via the tunnel, and of course, I want the information
transferred be protected from prying eyes. In the various sendmail
configuration files, I've placed statements similar to

O ClientPortOptions=Family=inet, Address=192.168.2.5

and

DS [192.168.1.10]


Unfortunately, sending mail that way fails because Sendmail insists in
using the IP address of the interface going out to the Internet.

What gives?


TIA!


Best,
--Toni++

Re: Replace sendmail with qmail?

[Marco Peereboom]

Does qmail have the ability to block all email concerning replacing
sednmail in base?

On Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky wrote:
 Dan Bernstein has placed qmail 1.03 into the public domain (see
 http://cr.yp.to/qmail/dist.html).  Is there any interest in replacing
 sendmail with it to remove another component from the src/gnu/
 hierarchy?

Re: cbb0: controller is missing in dmesg

[Rob Lytle]

 I cvsup'd today and saw that /usr/src/sys/dev/pci/pccbb.c had been
 changed.  I turned on all the bugging code I could, and I get in the
 dmesg cbb0: controller is missing.

 Yet right above it in the dmesg is says cbb0 at pci6 dev 4 function 0
 TIPCIXX12 Cardbus

 I was wondering if there is something special about my laptop so that
 OpenBSD can't support cardbus and pcmcia?
 PCMCIA cards work fine in FreeBSD and Vista.

This is a new paranoia check which appears to be too sensitive with TI
cardbus chips.

I have commited a workaround which skips this check for TI devices.
Please update to pccbb.c r1.54 and pccbbvar.h r1.13 and it should work
again.

Miod

Hi Miod,

Thanks for your help but I am back to where I was in the beginning.
No power gets
to the PCMCIA cards.  Here is the DMESG with debug options turned on.

Sincerely,   Rob.

--
OpenBSD 4.2-current (ROBKERN2) #1: Fri Nov 30 02:03:02 PST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/ROBKERN2
cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz (GenuineIntel 686-class) 2.01 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
real mem  = 2145415168 (2046MB)
avail mem = 2067042304 (1971MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/12/07, BIOS32 rev. 0 @
0xfdbd0, SMBIOS rev. 2.4 @ 0xdc010 (19 entries)
bios0: vendor Phoenix Technologies LTD version R0112N0 date 04/12/2007
bios0: Sony Corporation VGN-SZ460N
pcibios0 at bios0: rev 2.1 @ 0xfdbd0/0x430
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/352 (20 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #10 is the last bus
bios0: ROM list: 0xc/0xf000 0xdc000/0x4000! 0xe/0x1c00!
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP APIC HPET MCFG TCPA SLIC APIC BOOT SSDT SSDT
SSDT SSDT SSDT
acpi0: wakeup devices PWRB(S4) S1F0(S4) S1F1(S4) S1F2(S4) S1F3(S4)
S1F4(S4) S1F5(S4) S1F6(S4) S1F7(S4) TLAN(S3) DLAN(S3) USB1(S3)
USB2(S3) USB3(S3) USB4(S3) USB7(S3) SLT0(S4) EC0_(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEGP)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus 6 (RP02)
acpiprt4 at acpi0: bus 7 (RP03)
acpiprt5 at acpi0: bus 8 (RP04)
acpiprt6 at acpi0: bus 9 (PCIB)
acpiec0 at acpi0
acpicpu0 at acpi0: C2
acpitz0 at acpi0: critical temperature 99 degC
acpitz1 at acpi0: critical temperature 100 degC
acpitz2 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibat0 at acpi0: BAT1 type LION oem Sony Corp.
acpiac0 at acpi0: AC unit online
acpidock at acpi0 not configured
cpu0 at mainbus0
cpu0: unknown Enhanced SpeedStep CPU, msr 0x060b0c2206000c22
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 2000 MHz (1244 mV): speeds: 2000, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03
agp at pchb0 not configured
ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03: irq 5
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor NVIDIA, unknown product 0x01d8 rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 10
azalia0: codec[s]: Sigmatel 83847661, Conexant/0x2bfa, using Sigmatel 83847661
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: irq 5
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: irq 10
pci3 at ppb2 bus 6
wpi0 at pci3 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02:
irq 10, MoW1, address 00:19:d2:31:93:15
ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: irq 10
pci4 at ppb3 bus 7
mskc0 at pci4 dev 0 function 0 Marvell Yukon 88E8036 rev 0x16,
Yukon-2 FE (0x1): irq 10
msk0 at mskc0 port A: address 00:13:a9:90:7c:69
eephy0 at msk0 phy 0: Marvell 88E3082 10/100 PHY, rev. 3
ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: irq 10
pci5 at ppb4 bus 8
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: irq 10
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: irq 10
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: irq 10
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: irq 10
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
pci6 at ppb5 bus 9
cbb0 at pci6 dev 4 function 0 TI PCIXX12 CardBus rev 0x00 (chipflags
2)cbb0: socket base address 0x7ff0
: intrpin A, intrtag 255
: irq 10
TI PCIXX12 FireWire rev 0x00 at pci6 dev 4 function 1 not configured
TI 

Re: Replace sendmail with qmail?

[Andrew Hart]

Wouldn't such reasoning about a gift apply equally to a BSD-license on 
free-as-in-beer software?


Andrew Ruscica wrote:
...

Why the Public Domain Isn't a License (Linux Journal)
http://www.linuxjournal.com/article/6225

From the article:

...

Unfortunately, such gifts are illusory. Under basic contract law, a gift
cannot be enforced. The donor can retract his gift at any time, for any
reason - scant security for someone intending to make long-term use of
a piece of software.

Re: Postfix(chroot) and Postgresql

[Bengt Frost]

Thanks,

Not sure if this mail is showing in correct thread - lost your mail att 
google server.


On Fri, Nov 30, 2007 at 10:15:29PM +, Craig Skinner wrote:
 On Fri, Nov 30, 2007 at 10:33:04PM +0100, Bengt Frost wrote:
 
  Someone out there have any suggestions how use Postfix (and Dovecot)
  with PostgreSQL?

 Pull the user data from PostgreSQL and generate the files:
 /etc/sasldb2.db (copy to /var/spool/postfix/etc  postfix reload)
 /etc/cram-md5.pwd

 e.g: have a cron driven perl script check for changes to the user tables
 in the last 15 mins  if so, then generate new files. Stops PostgreSQL
 becoming a bottleneck when under high load (a spam attack).

Ok. Not quite sure I'm following you. You mean pull user data from 
PostgreSQL
and generate flat(db) user file for smtp-auth using 
p5-Authen-SASL-2.10p0 ...


 As your site grows, you can punt the flat files out across your mail
 farm from your central db/admin box, use rdist or something similar.

Then pull out 'other'  Postfix data maps via (f.ex) Perl script across 
my 'mail farm'.

Not sure yet how to do it - but I figure it out.

How about - using OpenLDAP? 


Thanks

--bfrost

Re: pflog filling up /var mount every 2-3 days!

[Daniel Ouellet]

Jake Conk wrote:

I have to keep coming here each couple of days to check if that is
full and delete them. My question is, is this normal and I just
created my /var mount too small? I think the fact that my pflog is
that big is the actual problem, does anyone know of a way to fix this?


Well, may be I read that wrong, but if you are going there only every 
few days to look if the file is filling your drive, then I guess you are 
not looking at the logs, so stop logging then and your problem will be 
gone. (;


Or just log what you really need.

And yes, your var was obviously to small if you fill it up every few 
days. So log else where on a bigger partition.


Plenty of solution, but the most obvious one based on your comment is to 
stop logging as doesn't look like you look at the content of it.

Re: pflog filling up /var mount every 2-3 days!

[NetOne - Doichin Dokov]

Jake Conk P=P0P?P8Q
P0:

Hello,

I have my /var partitioned out to be 150mb which I thought was a
enough but every 2-3 days it gets full because I end up with a pflog
file that is ridiculously large! Right now I have one that is 53.6mb
and I have gotten them larger like 100mb +!! Because of this my /var
partition fills up and other programs have problems witting logs and
stuff... Here is an example:

$ ls -lah /var/log/ | grep pflog
-rw---   1 root  wheel  98.0K Nov 30 18:02 pflog
-rw---   1 root  wheel  53.6M Nov 30 02:00 pflog.0
-rw---   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
-rw---   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
-rw---   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
-rw---   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
-rw---   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931

I have to keep coming here each couple of days to check if that is
full and delete them. My question is, is this normal and I just
created my /var mount too small? I think the fact that my pflog is
that big is the actual problem, does anyone know of a way to fix this?

Thanks,
- Jake
Perhaps you want to see what's inside it? Look at your pf.conf, see what 
you're logging and if you do need it to be logged. Remove anything 
unnecessary, setup newsyslogd to rotate it - there are plenty of options 
to solve your problem. It's all in the FAQ / man pages.

Update RAIDFrame-Enabled ISO for 4.2

[Brian A. Seklecki]

Updated diff, ISO image, build instructions.

http://people.collaborativefusion.com/~seklecki/obsd_wRAIDFrame.html

Note:  There's a small problem with my regex in install.sub that prevents 
scanning of RAIDFrame boot lines in dmesg.boot.


The work-around from the bsd.rd shell is to:

$ export MDDKDEVS=/^raid[0-9]/p
$ ./upgrade

Its ugly but it works.  Also, don't forget to:

$ cd /dev
$ sh MAKEDEV raid0
$ sh MAKEDEV raid1

...beforehand.  Tested a 4.0-stable to 4.2-stable upgrade (2x)

~BAS

Listing of family practice doctors and 34 more specialties

[baptismal Lawrence]

Here is the package deal we're running for this week

Board Certified Doctors in the USA 

788,035 in total * 17,693 emails

Featuring coverage for more than 30 specialties like Internal Medicine, Family 
Practice, Opthalmology, Anesthesiologists, Cardiologists and more

16 different sortable fields


Pharmaceutical Companies in the US
Personal email addresses (47,000 in total) and names for top level executives

American Hospitals
complete contact information for CEO's, CFO's, Directors and more - over 23,000 
listings in total for more than 7,000 hospitals in the USA

Database of American Dentists
More than half a million listings [worth $499 alone!]

American Chiropractors Listing
Complete data for all chiropractors in America (a $250 value)


Price for new customers -  
$394 for all 5 datasets

Email us at:  [EMAIL PROTECTED]

  

valid thru Nov 30

Re: Replace sendmail with qmail?

[Bryan Irvine]

No, I think you missed the point of the article.  It's trying to say
that you retain copyright like a sticky booger.  Merely saying 'this
stuff is in public domain now' is not enough to make it so.

Strangely, it appears that you have no right put something in the
public domain, it just happens 70 years after you die.  (Copyright
lawyers feel free to chime in here)

Unfortunately for fans of djb, I think this means the license issue is
still hanging tough.

-B

On Nov 30, 2007 3:19 PM, Andrew Hart [EMAIL PROTECTED] wrote:
 Wouldn't such reasoning about a gift apply equally to a BSD-license on
 free-as-in-beer software?

 Andrew Ruscica wrote:
 ...
  Why the Public Domain Isn't a License (Linux Journal)
  http://www.linuxjournal.com/article/6225
 
  From the article:
 ...

  Unfortunately, such gifts are illusory. Under basic contract law, a gift
  cannot be enforced. The donor can retract his gift at any time, for any
  reason - scant security for someone intending to make long-term use of
  a piece of software.

Re: VPN Concentrator

[Brian A. Seklecki]

On Fri, 30 Nov 2007, Khalid Schofield wrote:


Hi,
I'd like to make a VPN Concentrator using openbsd. I want users to be
able to authenticate using usernames and passwords and to either nat
the users or give them an ip from our main dhcp server via a bridge.


That's a tall order.  In Cisco-land a VPNC3000k will run you $5k plus 
SMARTNet.  You'll need isakmpd(8) policies.  You'll need dhclient-server 
relay support.  You'll need XAuth authentication (Possibly via PAM). 
You'll need IPSEC NAT-T.  Maybe tie it all together with LDAP and PKI.

pflog filling up /var mount every 2-3 days!

[Jake Conk]

Hello,

I have my /var partitioned out to be 150mb which I thought was a
enough but every 2-3 days it gets full because I end up with a pflog
file that is ridiculously large! Right now I have one that is 53.6mb
and I have gotten them larger like 100mb +!! Because of this my /var
partition fills up and other programs have problems witting logs and
stuff... Here is an example:

$ ls -lah /var/log/ | grep pflog
-rw---   1 root  wheel  98.0K Nov 30 18:02 pflog
-rw---   1 root  wheel  53.6M Nov 30 02:00 pflog.0
-rw---   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
-rw---   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
-rw---   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
-rw---   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
-rw---   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931

I have to keep coming here each couple of days to check if that is
full and delete them. My question is, is this normal and I just
created my /var mount too small? I think the fact that my pflog is
that big is the actual problem, does anyone know of a way to fix this?

Thanks,
- Jake

Re: Postfix(chroot) and Postgresql

[Bengt Frost]

Ok,

Efficiency can sometimes be important. Had no idea about this solution - 
have to figure out how to do

it. Thanks!

Is OpenLDAP something to consider.

--bfrost

Genadijus Paleckis wrote:
Instead of that I would recommend you to use DB files generated at 
regular intervals instead of 'online' access to postgresql. It is less 
CPU expensive and much faster.
But if you wish to use SQL maps I guess you may want to use 127.0.0.1 
instead of local socket and of course you need to configure postgresql 
to accept network access.   *Addition* to above: In pg_hba.conf 
(PosgreSQL):

Re: pflog filling up /var mount every 2-3 days!

[Brian A. Seklecki]

On Fri, 30 Nov 2007, Jake Conk wrote:


Hello,

I have my /var partitioned out to be 150mb which I thought was a


You're probably getting a lot of log hits on a default block log all at 
the end of your rules.  You can prevent a lot of crud by doing block 
quicks w/o log statements for the following:


-) Multicast crud (Apple users)
-) Windows NetBIOS/CIFS Broadcast crap
-) IPv6

Good examples can be found.

~BAS

Re: Postfix(chroot) and Postgresql

[Craig Skinner]

On Fri, Nov 30, 2007 at 10:33:04PM +0100, Bengt Frost wrote:
 
 Someone out there have any suggestions how use Postfix (and Dovecot) 
 with PostgreSQL?

Pull the user data from PostgreSQL and generate the files:
/etc/sasldb2.db (copy to /var/spool/postfix/etc  postfix reload)
/etc/cram-md5.pwd

e.g: have a cron driven perl script check for changes to the user tables
in the last 15 mins  if so, then generate new files. Stops PostgreSQL
becoming a bottleneck when under high load (a spam attack).

As your site grows, you can punt the flat files out across your mail
farm from your central db/admin box, use rdist or something similar.

DB down? DB backing up? No probs as mail still goes through until you
are finished.

Probably not the answers you are looking for
-- 
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]

Re: Postfix(chroot) and Postgresql

[Bengt Frost]

*Addition* to above: In pg_hba.conf (PosgreSQL):
vmail(user)  access to datab with md5 password
local(and host)

--bfrost

Bengt Frost wrote:

Hi,

I am trying to use PostgreSQL as a backend for my Postfix virtual mail 
system and dovecot(psql) for smtp-auth.
'Postfix' is chrooted - most of it - and with MySQL socket there is no 
problem to auth users and use Postfix
transport_maps and virtual_*_maps. I have problem with postgresql 
socket(.s.PGSQL.5432). Neither
dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have 
tried to google, read OpenBSD misc and
ports maillinglists with no success. Here is some files with related 
'stuff':


### rc - system
/etc/rc.local:
# Postfix - PostgreSQL
if [ -x /usr/local/bin/pg_ctl ]; then
   echo -n ' postgresql'
   su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \
   -D /var/postgresql/data -l /var/postgresql/logfile \
   -o '-D /var/postgresql/data' /dev/null
   su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp
   su -l _postgresql -c ln -s 
/var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp

fi

/etc/rc.shutdown:
# Posfix - PostgreSQL
if [ -f /var/postgresql/data/postmaster.pid ]; then
su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \
   -D /var/postgresql/data
   rm -f /var/postgresql/data/postmaster.pid \
 /var/spool/postfix/tmp/.s.PGSQL.5432 \
 /var/spool/postfix/tmp/.s.PGSQL.5432.lock \
 /tmp/.s.PGSQL.5432 \
 /tmp/.s.PGSQL.5432.lock
fi

### Dovecot:
/etc/dovecot.conf:
 passdb sql {
   args = /etc/dovecot-pgsql.conf
 }
...
userdb sql {
   args = /etc/dovecot-pgsql.conf
... socket listen {
   client {
   path = /var/spool/postfix/private/auth
   mode = 0660
   user = _postfix
   group = _postfix
   }
/etc/dovecot-pgsql:
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, 
and CRYPT.

default_pass_scheme = CRYPT  # also above schemes

# Database options
# UNIX socket - see host
connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x

### Postfix - referensed from main.conf(pgsql: - no proxymap used):
/etc/postfix/pgsql_transport:
# UNIX socket - PostgreSQL - relative path(chroot)
hosts = unix:/tmp/.s.PGSQL.5432
# inet: for TCP connections (default)
#hosts = localhost
##hosts = 127.0.0.1

### PostgreSQL
/var/postgresql/postgresql.conf:
unix_socket_directory = '/var/spool/postfix/tmp'
# tmp directory in Postfix root : rwxrwxr-t permission and 'owned' 
by   _postfix  _postgresql


Someone out there have any suggestions how use Postfix (and Dovecot) 
with PostgreSQL?

Thanks!

--bfrost

Is the tree borked, or am I?

[STeve Andre']

   The last time I built -current was Nov 22.  Now I can't build
the kernel.   Yes, I've made the change to config ala  the upgrade
FAQ.  I've gotten a new /usr/src/sys thinking that CVS messed
up somehow, but that didn't change anything.  I'm doing the
standard  make clean ; make depend ; make  

   What happens during the compile is normal 'till the kernel 
is linked

ld -Ttext 0xD0200120 -e start -N --warn-common -S -x -o bsd ${SYSTEM_OBJ} 
vers.o
vga.o(.text+0x30a): In function `vga_selectfont':
: undefined reference to `strncmp'
vga.o(.text+0x33b): In function `vga_selectfont':
: undefined reference to `strncmp'
vga.o(.text+0xee9): In function `vga_load_font':
: undefined reference to `strlcpy'
wdc.o(.text+0x15a): In function `wdc_log':
: undefined reference to `memset'
bha.o(.text+0x82a): In function `bha_create_ccbs':
: undefined reference to `memset'
bha.o(.text+0x1733): In function `bha_inquire_setup_information':
: undefined reference to `strlcpy'
gdt_common.o(.text+0x13b8): In function `gdt_internal_cache_cmd':
: undefined reference to `strlcpy'
gdt_common.o(.text+0x13e3): In function `gdt_internal_cache_cmd':
: undefined reference to `strlcpy'
gdt_common.o(.text+0x1854): In function `gdt_internal_cmd':
: undefined reference to `memset'
gdt_common.o(.text+0x1d8d): In function `gdt_ioctl_inq':
: undefined reference to `strlcpy'

There are complaints of about 750 functions total.

Have I forgotten something new?  I've not had a problem like this
in years.

Thanks, STeve Andre'

Re: OpenBSD version / build question

[Ingo Schwarze]

Hi Patrick,

Patrick Smith wrote on Fri, Nov 30, 2007 at 10:50:48AM -0800:

 I'm upgrading a server from OpenBSD 4.1 to 4.2 and there are a number of
 servers that have been done already. 'uname -a' tells me that they are:
 
 OpenBSD hostname 4.2 GENERIC#375 i386
 OpenBSD hostname 4.2 GENERIC#410 i386
 OpenBSD hostname 4.2 GENERIC#468 i386
 
 375, 410, 468:
 Are these build numbers?

Yes.
But they are build numbers specific to the particular machine
on which these kernels happen to have been built.
So having two kernels with the same number doesn't tell you
these kernels are identical, and a kernel with a larger number
can be older than a kernel with a smaller number - they might
have been built on different machines.  And a kernel built
today might still be crap if the sources were too old.

 Or do they mean something else?
 Would they signify security fixes that are important?

No way to know given the information you supply.
If i knew a list of official snapshot build numbers by heart,
i could start guessing - but that would be just that, guesswork.

 Should I be concerned that they are not the same across our different
 servers if our goal is to keep a consistent setup?

Yes!

In particular, you should reconsider your procedures.
If you want to keep your servers up to date, you definitely
want to know who is responsible for installing what to which
server and under which circumstances.  And where it ought to
be written down when it has been done.

So if you go to some machine and the kernel it is running
comes as a surprise - put bluntly, it appears you do not know
what you are doing.

By the way, the following command is more useful for your purpose:

[EMAIL PROTECTED] $ sysctl kern.version
kern.version=OpenBSD 4.2-current (GENERIC) #69: Sun Nov 18 22:43:19 CET 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

Here you see whether you are running -release, -stable or -current,
and here the build number also tells you something:
Here you see who (root) built the kernel when (Nov 18),
on which host (athene.usta.de) and in which source tree.

But don't overestimate the importance of having the right kernel
installed: Unless you have documented procedures being actually
followed, finding the correct kernel doesn't tell you whether
userland and packages are also up to date.  In fact, finding out
whether userland is up to date is usually more difficult than
finding out whether the kernel is OK.  But no less important...

You now have quite a bit of work to do:
Talk to your colleagues, find out what happened,
decide whether you want -stable or -current,
decide who will do this kind of maintenance in the future,
and then upgrade *all* machines using the official upgrade process.
In case you want -stable but some already have -current (which
i suspect), those need to be reinstalled from scratch.

Good luck with your random kernels,-)
  Ingo

Postfix(chroot) and Postgresql

[Bengt Frost]

Hi,

I am trying to use PostgreSQL as a backend for my Postfix virtual mail 
system and dovecot(psql) for smtp-auth.
'Postfix' is chrooted - most of it - and with MySQL socket there is no 
problem to auth users and use Postfix
transport_maps and virtual_*_maps. I have problem with postgresql 
socket(.s.PGSQL.5432). Neither
dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have 
tried to google, read OpenBSD misc and
ports maillinglists with no success. Here is some files with related 
'stuff':


### rc - system
/etc/rc.local:
# Postfix - PostgreSQL
if [ -x /usr/local/bin/pg_ctl ]; then
   echo -n ' postgresql'
   su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \
   -D /var/postgresql/data -l /var/postgresql/logfile \
   -o '-D /var/postgresql/data' /dev/null
   su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp
   su -l _postgresql -c ln -s 
/var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp

fi

/etc/rc.shutdown:
# Posfix - PostgreSQL
if [ -f /var/postgresql/data/postmaster.pid ]; then
su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \
   -D /var/postgresql/data
   rm -f /var/postgresql/data/postmaster.pid \
 /var/spool/postfix/tmp/.s.PGSQL.5432 \
 /var/spool/postfix/tmp/.s.PGSQL.5432.lock \
 /tmp/.s.PGSQL.5432 \
 /tmp/.s.PGSQL.5432.lock
fi

### Dovecot:
/etc/dovecot.conf:
 passdb sql {
   args = /etc/dovecot-pgsql.conf
 }
...
userdb sql {
   args = /etc/dovecot-pgsql.conf
... 
socket listen {

   client {
   path = /var/spool/postfix/private/auth
   mode = 0660
   user = _postfix
   group = _postfix
   }
/etc/dovecot-pgsql:
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and 
CRYPT.

default_pass_scheme = CRYPT  # also above schemes

# Database options
# UNIX socket - see host
connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x

### Postfix - referensed from main.conf(pgsql: - no proxymap used):
/etc/postfix/pgsql_transport:
# UNIX socket - PostgreSQL - relative path(chroot)
hosts = unix:/tmp/.s.PGSQL.5432
# inet: for TCP connections (default)
#hosts = localhost
##hosts = 127.0.0.1

### PostgreSQL
/var/postgresql/postgresql.conf:
unix_socket_directory = '/var/spool/postfix/tmp'
# tmp directory in Postfix root : rwxrwxr-t permission and 'owned' by   
_postfix  _postgresql


Someone out there have any suggestions how use Postfix (and Dovecot) 
with PostgreSQL?

Thanks!

--bfrost

Re: Narrow down the stability of amd64.mp on Sun X4100 to mpi.c

[Daniel Ouellet]

Marco Peereboom wrote:

I will dig my x4100 out of storage any day now.  Last time I used it it
was stable on i386 and amd64.


Only amd64.mp is not stable ( and only in writing to the disk) , amd64 
is stable as well as either i386 kernel are stable. And in case it does 
make a difference, it's the M2 version. Thanks for checking if you have 
some time. It would be very appreciated.


I am still poking at it never the less. Many hours a day and all night 
long still. I think I reach the point where it would be a personal 
satisfaction way more then getting it to work. Victory over the beast I 
guess. So far that beast is looking down on me from it's stand still 
however. (;


I even got myself a 12 packs for when I fell the rush of victory in the 
hope I might find it and it is calling me.

Re: Replace sendmail with qmail?

[Pieter Verberne]

On Fri, Nov 30, 2007 at 01:45:02PM -0500, Andrew Ruscica wrote:
 On Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky wrote:
  Dan Bernstein has placed qmail 1.03 into the public domain (see
  http://cr.yp.to/qmail/dist.html).
 
 Might be worthwhile reading this (from a US legal perspective at least):
 
 Why the Public Domain Isn't a License (Linux Journal)
 http://www.linuxjournal.com/article/6225
 
 From the article:
 ...there is nothing that permits the dumping of copyrighted works into
 the public domain, except as happens in due course when any applicable
 copyrights expire. Until those copyrights expire, no mechanism is in
 the law by which an owner of software can simply elect to place it in
 the public domain.

This is exactly what I mean in my mail.

Re: removing sendmail

[Daniel Ouellet]

Please note that postfix does not undergo the rigorous code scrub
that sendmail goes through.

[...]

Will you please cut the crap?  Thank you.

Unlike Sendmail, Postfix was written from scratch with security
in mind.  It had only one published security flaw since its first
public release in 1998.  The author, Wietse Venema, is also the
author of SATAN and tcpwrappers.  He knew one or two things about
writing secure code long before OpenBSD came into existence.  The
objections people occasionally have against Postfix are related to
its license, not the code quality.


Just to bad that this didn't happen in OpenBSD 2.9 when QMail was 
removed as at the time, it may had a chance to be in the default install 
with the numerous issues sendmail had back then. QMail is good and I 
sure used it for years, but now I do prefer Postfix much more and it is 
more with it's time now then QMail is.


Now if Postfix had a BSD license, I don't know if it might not be more 
seriously consider, but my guess is it might not. Sendmail got much 
better in the last 7 years. Still bulky and yes I still don't use it, 
but it is not a bad mailer these days. I just prefer the configuration 
simplicity of Qmail, Postfix and sendmail in the order with QMail the 
easiest by far when you know none of them to start with. Plus for an 
MTA, it is surprisingly small foot print.


Now if djbdns was under BSD license, I wonder if that didn't have a 
bigger chance to make it into the base and replace bind...


But what I think is not relevant or important here, there is just a few 
person that may decide that for sure and at large, we are none of them.


Seeing the GNU directory in the base getting smaller and have more and 
more BSD in OpenBSD is nice to see however. Lets give pcc time to may be 
make it in first and replace gcc for good over time.


Interesting time.

Re: Narrow down the stability of amd64.mp on Sun X4100 to mpi.c

[Marco Peereboom]

I will dig my x4100 out of storage any day now.  Last time I used it it
was stable on i386 and amd64.

On Wed, Nov 28, 2007 at 10:51:00PM +1000, David Gwynne wrote:
 this diff cannot affect the behavior of your system. the code below deals 
 with domain validation on SPI mpi variants while the x4100 uses SAS mpi. 
 the code you patched isnt run on your machine.

 do you have these crashes on all x4100s running amd64 mp, or only on this 
 one machine?

 dlg

 On 28/11/2007, at 6:17 PM, Daniel Ouellet wrote:

 Hi,

 I need some help here to narrow this down more or may be someone might 
 find the answer quickly.

 I have pinpoint the crash/reboot for the Sun X4100 to the usage of the 
 Ultra160: enable dual xfers, even if I think it is U360, but I could be 
 wrong. Couldn't find the specs just yet. In any case, this is not the way 
 to fix it and I agree that it may be very stupid, but to do my best to 
 isolate this so far, I dig as much as I could would the documentations and 
 specs to find a way for now in making the box rock solid.

 This is not a patch as I don't know how to fix it yet anyway, but here is 
 what I did as a test to bypass the problem for now and make it rock solid 
 and no more crash.

 Obviously this is wrong and what I did is simply force it to work in U80 
 mode instead of what it look like the mpi drive detect it and try to use 
 the U160 mode and after some overflow or something like that when I send 
 the data to fast, it crash.

 But with this below, it doesn't anymore.

 Again, this is not right and not very brilliant either, but I simply force 
 it to use U80 and all bugs and crashes are now gone.

 This is showing up ONLY when you use the amd64.MP kernel, not when you use 
 the single processor one, or when you use the i386 single, or mp kernel.

 Anyone could help me more please.

 I am reaching pretty soon the maximum of where I can go in this kernel 
 part here.

 Best,

 Daniel

 Index: mpi.c
 ===
 RCS file: /cvs/src/sys/dev/ic/mpi.c,v
 retrieving revision 1.89
 diff -u -p -r1.89 mpi.c
 --- mpi.c   12 Sep 2007 13:42:49 -  1.89
 +++ mpi.c   28 Nov 2007 08:07:57 -
 @@ -458,10 +458,10 @@ mpi_ppr(struct mpi_softc *sc, struct scs

switch (try) {
case 0: /* U320 */
 -   break;
 +   /* break; */
case 1: /* U160 */
 -   pg1.req_period = 0x09;
 -   break;
 +   /* pg1.req_period = 0x09; */
 +   /* break; */
case 2: /* U80 */
pg1.req_period = 0x0a;
break;

Re: removing sendmail

[Liviu Daia]

On 30 November 2007, Geoff Steckel [EMAIL PROTECTED] wrote:
 Liviu Daia wrote:
  On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED]
  wrote:
  Please note that postfix does not undergo the rigorous code scrub
  that sendmail goes through.
  [...]
 
  Will you please cut the crap?  Thank you.
 
  Unlike Sendmail, Postfix was written from scratch with security
  in mind.  It had only one published security flaw since its first
  public release in 1998.  The author, Wietse Venema, is also the
  author of SATAN and tcpwrappers.  He knew one or two things about
  writing secure code long before OpenBSD came into existence.  The
  objections people occasionally have against Postfix are related to
  its license, not the code quality.

 I have seen several installations of Postfix go catatonic due to
 spam overload, large messages, mailing list expansions, and other
 undiagnosed problems. These were run by Postfix lovers, so I have
 always assumed that the installation was correct. In the one case I
 saw tested replacing Postfix with Sendmail resulted in no further
 problems.

 Given this anecdotal history I would suggest not running Postfix in a
 large production environment.

Well, the point I was trying to make was about Postfix code being
audited.  But since I'm never the man to turn down a pissing contest,
here we go:

I have seen several installations of Sendmail go catatonic due
to spam overload, large messages, mailing list expansions, and other
undiagnosed problems. These were run by Sendmail lovers, so I have
always assumed that the installation was correct. In the many cases
I saw tested replacing Sendmail with Postfix resulted in no further
problems.

Given this anecdotal history I would suggest not running Sendmail in
a large production environment.

A story just as valid as yours. :)

Regards,

Liviu Daia

-- 
Dr. Liviu Daia  http://www.imar.ro/~daia

Re: Replace sendmail with qmail?

[Andrew Ruscica]

On Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky wrote:
 Dan Bernstein has placed qmail 1.03 into the public domain (see
 http://cr.yp.to/qmail/dist.html).

Might be worthwhile reading this (from a US legal perspective at least):

Why the Public Domain Isn't a License (Linux Journal)
http://www.linuxjournal.com/article/6225

From the article:
...there is nothing that permits the dumping of copyrighted works into
the public domain, except as happens in due course when any applicable
copyrights expire. Until those copyrights expire, no mechanism is in
the law by which an owner of software can simply elect to place it in
the public domain.

and

Unfortunately, such gifts are illusory. Under basic contract law, a gift
cannot be enforced. The donor can retract his gift at any time, for any
reason - scant security for someone intending to make long-term use of
a piece of software.

OpenBSD version / build question

[patrimith]

Hi List!

I'm upgrading a server from OpenBSD 4.1 to 4.2 and there are a number of
servers that have been done already. 'uname -a' tells me that they are:

OpenBSD hostname 4.2 GENERIC#375 i386
OpenBSD hostname 4.2 GENERIC#410 i386
OpenBSD hostname 4.2 GENERIC#468 i386

375, 410, 468:
Are these build numbers?
Or do they mean something else?
Would they signify security fixes that are important?

Should I be concerned that they are not the same across our different
servers if our goal is to keep a consistent setup?

Thanks,

Patrick Smith

-- 
View this message in context: 
http://www.nabble.com/OpenBSD-version---build-question-tf4923181.html#a14088909
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: removing sendmail

[Geoff Steckel]

Liviu Daia wrote:

On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED]
wrote:

Please note that postfix does not undergo the rigorous code scrub that
sendmail goes through.

[...]

Will you please cut the crap?  Thank you.

Unlike Sendmail, Postfix was written from scratch with security in
mind.  It had only one published security flaw since its first public
release in 1998.  The author, Wietse Venema, is also the author of
SATAN and tcpwrappers.  He knew one or two things about writing secure
code long before OpenBSD came into existence.  The objections people
occasionally have against Postfix are related to its license, not the
code quality.


I have seen several installations of Postfix go catatonic due to spam 
overload, large messages, mailing list expansions, and other undiagnosed 
problems. These were run by Postfix lovers, so I have always assumed 
that the installation was correct. In the one case I saw tested 
replacing Postfix with Sendmail resulted in no further problems.


Given this anecdotal history I would suggest not running Postfix in a 
large production environment.


  geoff steckel

Re: removing sendmail

[Nico Meijer]

Hi Antti,

 Except that when doing package upgrade with pkg_add the sendmail 
 configuration (in mailer.conf) will be restored and it won't be
 re-enabled until manually doing postfix-enable.

You have a point there. To me, however, this falls under the 'no magic'
clause. I try to use as many standard operations as possible, to reduce
the numbers of errors I could make. Hence the 'postfix-enable' command
after any postfix install/upgrade is standard ('no magic') to me.

 At least it used to be like that, correct me if the pkgtools has the
 needed features nowadays to prevent that.

Hmm... What Steve said, I guess. I didn't check, I just run
'postfix-enable'. :-)

Be well... Nico

Re: Replace sendmail with qmail?

[STeve Andre']

On Friday 30 November 2007 10:50:09 Gregory Edigarov wrote:
 Pete Vickers wrote:
  In case it's needed (which I doubt), I'll voice my VERY strongly
  preference for sendmail instead of all these other pretenders.

 I agree. Please do not remove sendmail. it is the most advanced
 opensourced mailer,
 I do strongly prefer it.

I don't think anyone needs to worry about sendmail leaving.

--STeve Andre'

Re: Performance problem with CF card on AMD CS5536 IDE

[Don Jackson]

Here are some results using the Lexar Professional UDMA 300x CF drives.
My favorite CF-IDE and CF-SATA converters are from Addonics
http://www.addonics.com/products/flash_memory_reader/adidecf.asp

Here are some typical boot messages from one of my servers with the
Lexar/Addonics combo:

wd0 at pciide1 channel 1 drive 0: LEXAR ATA FLASH CARD
wd0: 1-sector PIO, LBA, 7631MB, 15630048 sectors
wd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2

I ran the same commands that others in this thread tried, here are my
results:

# dd if=/dev/zero of=nulls bs=65536 count=1600
1600+0 records in
1600+0 records out
104857600 bytes transferred in 65.142 secs (1609668 bytes/sec)

# dd if=nulls of=/dev/null bs=65536
1600+0 records in
1600+0 records out
104857600 bytes transferred in 21.049 secs (4981460 bytes/sec)

# dd if=nulls of=/dev/null bs=65536
1600+0 records in
1600+0 records out
104857600 bytes transferred in 0.051 secs (2036109439 bytes/sec)

# dd if=nulls of=/dev/null bs=65536
1600+0 records in
1600+0 records out
104857600 bytes transferred in 0.051 secs (2044286745 bytes/sec)

# uname -a
OpenBSD svn01.clark-communications.com 4.2 GENERIC#0 amd64
# sysctl hw
hw.machine=amd64
hw.model=Dual Core AMD Opteron(tm) Processor 275 HE
hw.ncpu=1
hw.byteorder=1234
hw.physmem=4226789376
hw.usermem=4226785280
hw.pagesize=4096
hw.disknames=cd0,wd0,sd0
hw.diskcount=3
hw.sensors.admcts0.temp0=37.00 degC (Internal)
hw.sensors.admcts0.temp1=46.00 degC (External)
hw.sensors.admcts0.temp2=-90.00 degC (External)
hw.sensors.admcts0.fan2=2647 RPM
hw.sensors.admcts0.volt0=3.30 VDC (Vbat)
hw.sensors.admcts0.volt1=3.32 VDC (3.3 V standby)
hw.sensors.admcts0.volt2=3.30 VDC (3.3 V main)
hw.sensors.admcts0.volt3=5.41 VDC (5 V)
hw.sensors.admcts0.volt4=1.17 VDC (Vccp)
hw.sensors.admcts0.volt5=12.06 VDC (12 V)
hw.sensors.admcts0.volt6=-0.60 VDC (-12 V)
hw.sensors.arc0.drive0=online (sd0), OK
hw.cpuspeed=2205
hw.vendor=RIOWORKS
hw.product=HDAMA
hw.serialno=0123456789

How can I get alarms about my arc/Areca raid controller?

[Don Jackson]

Hello,
I have an Opteron machine running OpenBSD 4.2/amd64

I have an Areca ARC-1110 RAID controller in this machine.

I'd like to be able to query or get notified of alarms on the raid
controller, how can I do that?

I can do:

# bioctl -v -q  sd0
sd0: Areca, ARC-1110-VOL#00, R001, serial 000591171972

# bioctl -a get  arc0
alarm is currently enabled

But if I try

# bioctl -v -a silence  arc0
bioctl: BIOCALARM: Input/output error

What do I need to do to obtain the alarm state, and reset it if necessary?

Thanks

Here is my dmesg:

# dmesg
OpenBSD 4.2-stable (GENERIC) #0: Wed Oct 24 12:44:40 PDT 2007
[EMAIL PROTECTED]
:/home/4.2/src/sys/arch/amd64/compile/GENERIC
real mem = 4226789376 (4030MB)
avail mem = 4093644800 (3904MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.34 @ 0xfbf7c000 (33 entries)
bios0: vendor Phoenix Technologies Ltd. version V1.11 date 05/10/2006
bios0: RIOWORKS HDAMA
acpi at mainbus0 not configured
cpu0 at mainbus0: (uniprocessor)
cpu0: Dual Core AMD Opteron(tm) Processor 275 HE, 2205.29 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD erratum 89 present, BIOS upgrade may be required
pci0 at mainbus0 bus 0: configuration mode 1
ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07
pci1 at ppb0 bus 1
ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: irq 11, version 1.0,
legacy support
ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: irq 11, version 1.0,
legacy support
vga1 at pci1 dev 6 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pciide0 at pci1 dev 7 function 0 CMD Technology SiI3114 SATA rev 0x02: DMA
pciide0: using irq 5 for native-PCI interrupt
usb0 at ohci0: USB revision 1.0
uhub0 at usb0: AMD OHCI root hub, rev 1.00/1.00, addr 1
usb1 at ohci1: USB revision 1.0
uhub1 at usb1: AMD OHCI root hub, rev 1.00/1.00, addr 1
pcib0 at pci0 dev 7 function 0 AMD 8111 LPC rev 0x05
pciide1 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E-N, 1.AA SCSI0 5/cdrom
removable
cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2
wd0 at pciide1 channel 1 drive 0: LEXAR ATA FLASH CARD
wd0: 1-sector PIO, LBA, 7631MB, 15630048 sectors
wd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2
amdiic0 at pci0 dev 7 function 2 AMD 8111 SMBus rev 0x02: SCI
iic0 at amdiic0
amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active
iic1 at amdpm0
admcts0 at iic1 addr 0x2c
ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x13
pci2 at ppb1 bus 2
bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0
(0x2100): irq 11, address 00:50:45:5f:13:ce
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0
(0x2100): irq 5, address 00:50:45:5f:13:cf
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 10 function 1 not configured
ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x13
pci3 at ppb2 bus 3
ppb3 at pci3 dev 1 function 0 Intel IOP331 PCIX-PCIX rev 0x0a
pci4 at ppb3 bus 4
arc0 at pci4 dev 14 function 0 Areca ARC-1110 rev 0x00: irq 11
arc0: 4 SATA Ports, 256MB SDRAM, FW Version: V1.43 2007-4-17
scsibus1 at arc0: 16 targets
sd0 at scsibus1 targ 0 lun 0: Areca, ARC-1110-VOL#00, R001 SCSI3 0/direct
fixed
sd0: 476837MB, 56514 cyl, 36 head, 480 sec, 512 bytes/sec, 976562176 sec
total
AMD 8131 PCIX IOAPIC rev 0x01 at pci0 dev 11 function 1 not configured
pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: sd0 matches BIOS drive 0x81
root on wd0a swap on wd0b dump on wd0b

Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]

[Pau Amaro-Seoane]

Hi,

I am having the same issue. Have you succeed at waking up the video?

Pau

2007/11/7, Mark Thomas [EMAIL PROTECTED]:
 On Nov 6, 2007 5:34 AM, Mark Thomas [EMAIL PROTECTED] wrote:
  If I close the lid on this laptop ( Thinkpad T41 ) the machine goes
  into a deep sleep but will not recover with OpenBSD 4.2. With 4.1 this
  worked flawlessly. xorg is not running during these tests.

 Well apparently it's just video related. The machine still responds to
 typed commands I just cannot see what I'm typing. :)

 --
 ()  ascii ribbon campaign - against html e-mail
 /\  www.asciiribbon.org   - against proprietary attachments

Re: Replace sendmail with qmail?

[Ralph Gessner]

Matthew Dempsky schrieb:

Is there any interest in replacing
sendmail with it to remove another component from the src/gnu/
hierarchy?


No.

In ports yes, in base no.

I don't see any advantage switching from sendmail to qmail.

...and yes, i know qmail. It was the first mailserver i get in touch 
with and used it for several years. But after qmail and (later) postfix, 
i'm nowadays using sendmail as prefered server.


--
Ralph

Great posters !

[Gabriel Linder]

Nope, this is not a spam ;)

We ordered posters some time ago and they just appeared in a wall near
me, I now have a Puffy watching my code and roaring if I use strcpy ;)

Posters are great and high quality, thank you OpenBSD !

Re: removing sendmail

[Steve Shockley]

Antti Harri wrote:
Except that when doing package upgrade with pkg_add the sendmail 
configuration (in mailer.conf) will be restored and it won't be
re-enabled until manually doing postfix-enable. At least it used to be 
like that, correct me if the pkgtools has the needed features nowadays 
to prevent that.


It looks like that went away with the death of DEINSTALL.  I don't use 
it though so I didn't test it.

Re: Trouble with LSI Megaraid 8204/8208XLP in 4.2

[Marco Peereboom]

LSI decided to make non raid cards use the same marketing name as actual
raid cards.  Very nasty of them.  We currently do not support fake raid
(driver assisted) cards.

On a positive note we are debating on how to possibly support some of
these in the future.  If anyone is familiar with metadata formats that
vendors are using drop me an email.

On Wed, Nov 28, 2007 at 02:50:30PM -0800, Preston Norvell wrote:
 Recently we were building a couple new amd64 machines and purchased a couple
 LSI 8204XLP's on the speculation that they would be supported in 4.2 (though
 only their bigger brother the 8208XLP was listed explicitly).
 
 Only slightly to our surprise did we discover that the 8204XLP's would not
 work.  The device would be found, but instead of the RAID1 logical disk, it
 would report the two physical disks (RAID firmware configuration was
 checked/rechecked/checkedsomemore).  We tried installing the OS on the low
 order disk just to see what would happen.  The OS would install, but on
 subsequent boot would fail at the root device: stage.
 
 Feeling a certain amount of shame in defying the HCL, we purchased 8208XLPs
 as a replacement.  These failed in exactly the same way.  It turns out that
 they really are brothers in the sense that the 8204 is an 8208 card with a
 blank spot where the second connector would be.
 
 Then we decided to try 4.2 release (we were using -current), and the
 drive(s) are not seen at all by the OS installer for 4.2.  We then switched
 to a newer -current (from Nov. 1) and ran into the same problem as the
 previous attempts with -current.
 
 In some looking though, we see that the card appears to be identified with
 the mpi driver instead of the mfi driver as it should, at least according to
 mfi(4).
 
 We now have two of each card here that aren't useful to us in the near term,
 so we would be happy to send one of each of them along to the driver dev if
 it would help future development.
 
 The rest of this message is the dmesg from booting off the Nov 1 -current.
 
 OpenBSD 4.2-current (RAMDISK_CD) #1295: Thu Nov  1 19:18:55 MDT 2007
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
 real mem = 2146996224 (2047MB)
 avail mem = 2075045888 (1978MB)
 mainbus0 at root
 acpi at mainbus0 not configured
 cpu0 at mainbus0: (uniprocessor)
 cpu0: Dual-Core AMD Opteron(tm) Processor 2212, 2010.58 MHz
 cpu0: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLU
 SH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line
 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
 pci0 at mainbus0 bus 0: configuration mode 1
 NVIDIA MCP55 Memory rev 0xa2 at pci0 dev 0 function 0 not configured
 NVIDIA MCP55 ISA rev 0xa3 at pci0 dev 1 function 0 not configured
 NVIDIA MCP55 SMBus rev 0xa3 at pci0 dev 1 function 1 not configured
 ohci0 at pci0 dev 2 function 0 NVIDIA MCP55 USB rev 0xa1: irq 7, version
 1.0, legacy support
 ehci0 at pci0 dev 2 function 1 NVIDIA MCP55 USB rev 0xa2: irq 10
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1
 pciide0 at pci0 dev 4 function 0 NVIDIA MCP55 IDE rev 0xa1: DMA, channel 0
 configured to compatibility, channel 1 configured to compatibility
 atapiscsi0 at pciide0 channel 0 drive 1
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: TEAC, DW-224E-V, 1.CA SCSI0 5/cdrom
 removable
 cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
 pciide0: channel 1 ignored (disabled)
 pciide1 at pci0 dev 5 function 0 NVIDIA MCP55 SATA rev 0xa3: DMA
 pciide1: using irq 11 for native-PCI interrupt
 pciide2 at pci0 dev 5 function 1 NVIDIA MCP55 SATA rev 0xa3: DMA
 pciide2: using irq 5 for native-PCI interrupt
 pciide3 at pci0 dev 5 function 2 NVIDIA MCP55 SATA rev 0xa3: DMA
 pciide3: using irq 10 for native-PCI interrupt
 ppb0 at pci0 dev 6 function 0 NVIDIA MCP55 PCI-PCI rev 0xa2
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 6 function 0 ATI ES1000 rev 0x02
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 nfe0 at pci0 dev 8 function 0 NVIDIA MCP55 LAN rev 0xa3: irq 10, address
 00:30:48:7c:97:22
 eephy0 at nfe0 phy 2: Marvell 88E1149 Gigabit PHY, rev. 1
 nfe1 at pci0 dev 9 function 0 NVIDIA MCP55 LAN rev 0xa3: irq 11, address
 00:30:48:7c:97:23
 eephy1 at nfe1 phy 3: Marvell 88E1149 Gigabit PHY, rev. 1
 ppb1 at pci0 dev 10 function 0 NVIDIA MCP55 PCIE rev 0xa3
 pci2 at ppb1 bus 2
 ppb2 at pci2 dev 0 function 0 NEC PCIE-PCIX rev 0x07
 pci3 at ppb2 bus 3
 ppb3 at pci2 dev 0 function 1 NEC PCIE-PCIX rev 0x07
 pci4 at ppb3 bus 4
 mpi0 at pci4 dev 6 function 0 Symbios Logic SAS1068 rev 0x02: irq 5
 scsibus1 at mpi0: 173 targets
 sd0 at scsibus1 targ 0 lun 0: ATA, WDC WD1600YS-01S, 6C06 SCSI3 0/direct
 fixed
 sd0: 157066MB, 157067 cyl, 16 head, 127 sec, 512 bytes/sec, 321672960 

Re: ilo (ipmi) and serial console redirection

[Steve Shockley]

Markus Hennecke wrote:
Doesn't the bootloader number the com ports from zero on? AFAIR I could 
set the bootloader on a DL 385 to use the ILO com port via setting up 
com1 in boot.conf. This is a few month since I did that and I have no 
physical access to that machine now, so I can't look at it further.


The DL1xx has a very different ILO than the other HP servers.  I don't 
have any of those, so I can't comment on the problem.

Re: VPN Concentrator

[visc]

On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote:


Hi,
I'd like to make a VPN Concentrator using openbsd. I want users to be
able to authenticate using usernames and passwords and to either nat
the users or give them an ip from our main dhcp server via a bridge.

If I have say a mac user at home wanting to connect into my network
using the built in mac os client how should I set up the vpn server?
Will it auth using usernames and passwords or is certificates only
simple way to authenticate to the vpn server?

How would I know which is better to use for this application out of
PPTP or IPsec?

Any and all input welcome.

Khalid


I'm embarking down the same path for what it's worth, but I'm actually  
doing it to eventually get rid of my Cisco 3005. My main structure  
though is ipsec between static fixed devices/locations and I don't  
need to worry about supporting  PPTP or L2TP over IPSEC, or supplying  
addresses- yet.


I think Brian A. Seklecki's response:
`That's a tall order.  In Cisco-land a VPNC3000k will run you $5k  
plus SMARTNet.  You'll need isakmpd(8) policies.  You'll need  
dhclient-server relay support.  You'll need XAuth authentication  
(Possibly via PAM). You'll need IPSEC NAT-T.  Maybe tie it all  
together with LDAP and PKI.


Kind of hit the nail on the head of my worries as well. I'm busy  
enough now making a secure network between offices using an OpenBSD  
box as the hub, but when I need to start adapting for Road Warriors  
things may get tricky.
For example, your Mac user at home, assuming Tiger's built in client  
(I'm not clear on Leopard's new VPN protocols), can only use PPTP or  
L2TP over IPSEC. I don't know if it's even possible to support all  
protocols easily on an OpenBSD concentrator, so I plan to push my Road  
Warriors into using clients such as VPN Tracker or The Greenbow  
client, though open source alternatives would be preferable. In my  
perfect world it would be isakmp/ipsec only for me and to hell with  
clients. Too bad that can't always happpen...


So, anyway, lots of ramble for little benefit, but at least I know  
somebody else is doing it...

Re: Where/how can I set the flags for savecore during boot?

[Jason McIntyre]

On Fri, Nov 30, 2007 at 09:19:37AM -0800, Don Jackson wrote:
 
 When I boot the machine, I see:
 
 root on wd0a swap on wd0b dump on wd0b
 
 I guess the kernel devaults to wd0b for swap and dump?
 

it defaults to root disk, partition b (wd0b for you).

 
 But later in the boot messages I see:
 
 savecore: /dev/wd0b: Device not configured
 

you do not actually have a /dev/wd0b, right? i think that is causing the
problem.

 
 How can I configure savecore to use the real swap partition on this system?
 

i don;t think the error message comes from savecore.
the problem is there is no wd0b (i'm guessing).

i think you have two solutions:

- create a minimal /dev/wd0b
- build a kernel telling it to use sd0b as swap. look at the
  config bsd root on dev [swap on dev] ... line in config(8).

jmc

Re: cbb0: controller is missing in dmesg

[Rob Lytle]

 I cvsup'd today and saw that /usr/src/sys/dev/pci/pccbb.c had been
 changed.  I turned on all the bugging code I could, and I get in the
 dmesg cbb0: controller is missing.

 Yet right above it in the dmesg is says cbb0 at pci6 dev 4 function 0
 TIPCIXX12 Cardbus

 I was wondering if there is something special about my laptop so that
 OpenBSD can't support cardbus and pcmcia?
 PCMCIA cards work fine in FreeBSD and Vista.

This is a new paranoia check which appears to be too sensitive with TI
cardbus chips.

I have commited a workaround which skips this check for TI devices.
Please update to pccbb.c r1.54 and pccbbvar.h r1.13 and it should work
again.

Miod

Hi Miod,

I just cvsup'd and the version of pccbb.c is still at 1.53.  It must
take quite a bit of time for the
change to propagate.  I will keep watch for the new version.

Sincerely,  Rob.

-- 
Emancipate yourself from mental slavery, none but ourselves can free
our minds  Bob Marley, Redemption Song

Re: Replace sendmail with qmail?

[Pete Vickers]

In case it's needed (which I doubt), I'll voice my VERY strongly  
preference for sendmail instead of all these other pretenders.


/Pete


On 30 Nov 2007, at 10:25 AM, Matthew Dempsky wrote:


On 11/30/07, Peter Hessler [EMAIL PROTECTED] wrote:
That being said, its really easy to install qmail yourself and  
have it

replace the in-tree sendmail (see mailer.conf).


Right, and maybe for a future OpenBSD release you could swap the
placement of sendmail and qmail in that sentence. :-)

To be clear, I suggested replacing sendmail with qmail because 1) it
would further OpenBSD's efforts of eliminating unacceptably licensed
code and 2) I'm familiar with qmail, so I can actually contribute
patches.  If there's a more suitable MTA, I'd be even happier to see
it go in (as long as I can keep using qmail ;-).

Re: Replace sendmail with qmail?

[Gregory Edigarov]

Pete Vickers wrote:
In case it's needed (which I doubt), I'll voice my VERY strongly 
preference for sendmail instead of all these other pretenders.
I agree. Please do not remove sendmail. it is the most advanced 
opensourced mailer,

I do strongly prefer it.

--
With best regards,
   Gregory Edigarov

ral-rt2860 wireless mini-pci

[Bret]

Greetings
I am trying to use the SparkLan WMIR-215GN in a Soekris 5501. The 
mini-pci is not seen as a rt2860 chipset.


The dmesg follows:

OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 
586-class) 500 MHz

cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 536440832 (511MB)
avail mem = 511070208 (487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/71/05, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x30
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, 
address 00:00:24:c9:29:4c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x004063, model 0x0034
vr1 at pci0 dev 7 function 0 VIA VT6105M RhineIII rev 0x96: irq 5, 
address 00:00:24:c9:29:4d
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x004063, model 0x0034
vr2 at pci0 dev 8 function 0 VIA VT6105M RhineIII rev 0x96: irq 9, 
address 00:00:24:c9:29:4e
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x004063, model 0x0034
vr3 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, 
address 00:00:24:c9:29:4f
ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x004063, model 0x0034
ral0 at pci0 dev 14 function 0 Ralink RT2561S rev 0x00: irq 10, 
address 00:08:a1:b1:99:f3

ral0: MAC/BBP RT2561C, RF RT2527
vendor Ralink, unknown product 0x0601 (class network subclass 
miscellaneous, rev 0x00) at pci0 dev 17 function 0 not configured

thia is the mini-pci ^
pcib0 at pci0 dev 20 function 0 AMD CS5536 ISA rev 0x03
pciide0 at pci0 dev 20 function 2 AMD CS5536 IDE rev 0x01: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: SanDisk SDCFH2-4096
wd0: 4-sector PIO, LBA, 3919MB, 8027712 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 21 function 0 AMD CS5536 USB rev 0x02: irq 7, 
version 1.0, legacy support

ehci0 at pci0 dev 21 function 1 AMD CS5536 USB rev 0x02: irq 7
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: AMD EHCI root hub, rev 2.00/1.00, addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio0 at nsclpcsio0: 29 pins
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
usb1 at ohci0: USB revision 1.0
uhub1 at usb1: AMD OHCI root hub, rev 1.00/1.00, addr 1
biomask e1c5 netmask ffe5 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: K6-family MTRR support (2 registers)
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on wd0b

Any help
Bret

X2100, no mgmt card, no sensors

[Stuart Henderson]

Can anyone think of a better fix than disable ipmi to make
sensors start showing up again on a (non-M2) X2100 without the
management card? Unfortunately I don't have a spare X2100 and
I'm a bit limited with what I can try on these ones.

Two dmesg follow (one from October, and one from another box
that still has a kernel from May where the sensors were still
used).

OpenBSD 4.2-current (GENERIC) #1: Mon Oct 22 22:39:43 CEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Opteron(tm) Processor 148 (AuthenticAMD 686-class, 1024KB L2 cache) 
1.01 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD erratum 89 present, BIOS upgrade may be required
real mem  = 1072103424 (1022MB)
avail mem = 1028878336 (981MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/06/06, BIOS32 rev. 0 @ 0xfa780, SMBIOS 
rev. 2.3 @ 0xf (41 entries)
bios0: vendor Sun Microsystems version 1.1.3 date 11/06/2006
bios0: Sun Microsystems Sun Fire(TM) X2100
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xcc44
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfcb20/288 (16 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 16 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 3 5 7 10 11
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x1600 0xce000/0x1800
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1
cpu0 at mainbus0
cpu0: Cool'n'Quiet K8 1006 MHz: speeds: 2200 2000 1800 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3
nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2
iic0 at nviic0
iic0: skipping sensors to avoid ipmi0 interactions
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM ECC PC3200CL3.0
spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM ECC PC3200CL3.0
iic1 at nviic0
iic1: skipping sensors to avoid ipmi0 interactions
spdmem2 at iic1 addr 0x50: 512MB DDR SDRAM ECC PC3200CL3.0
spdmem3 at iic1 addr 0x51: 512MB DDR SDRAM ECC PC3200CL3.0
ohci0 at pci0 dev 2 function 0 NVIDIA nForce4 USB rev 0xa2: irq 10, version 
1.0, legacy support
ehci0 at pci0 dev 2 function 1 NVIDIA nForce4 USB rev 0xa3: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1
pciide0 at pci0 dev 6 function 0 NVIDIA nForce4 IDE rev 0xf2: DMA, channel 0 
configured to compatibility, channel 1 configured to comp
atibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 7 function 0 NVIDIA nForce4 SATA rev 0xf3: DMA
pciide1: using irq 11 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: HITACHI HDS7280SASUN80G 0644MT91LM
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 8 function 0 NVIDIA nForce4 SATA rev 0xf3: DMA
pciide2: using irq 10 for native-PCI interrupt
ppb0 at pci0 dev 9 function 0 NVIDIA nForce4 PCI-PCI rev 0xa2
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
nfe0 at pci0 dev 10 function 0 NVIDIA CK804 LAN rev 0xa3: irq 3, address 
00:e0:81:5e:15:f0
eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 2
ppb1 at pci0 dev 11 function 0 NVIDIA nForce4 PCIE rev 0xa3
pci2 at ppb1 bus 2
ppb2 at pci0 dev 12 function 0 NVIDIA nForce4 PCIE rev 0xa3
pci3 at ppb2 bus 3
ppb3 at pci0 dev 13 function 0 NVIDIA nForce4 PCIE rev 0xa3
pci4 at ppb3 bus 4
bge0 at pci4 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): 
irq 5, address 00:e0:81:5e:15:f1
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb4 at pci0 dev 14 function 0 NVIDIA nForce4 PCIE rev 0xa3
pci5 at ppb4 bus 5
pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 NVIDIA OHCI root hub rev 1.00/1.00 addr 1
biomask ffc5 netmask ffed ttymask ffef
pctr: user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches 

Re: removing sendmail

[Liviu Daia]

On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED]
wrote:
 Please note that postfix does not undergo the rigorous code scrub that
 sendmail goes through.
[...]

Will you please cut the crap?  Thank you.

Unlike Sendmail, Postfix was written from scratch with security in
mind.  It had only one published security flaw since its first public
release in 1998.  The author, Wietse Venema, is also the author of
SATAN and tcpwrappers.  He knew one or two things about writing secure
code long before OpenBSD came into existence.  The objections people
occasionally have against Postfix are related to its license, not the
code quality.

Regards,

Liviu Daia

-- 
Dr. Liviu Daia  http://www.imar.ro/~daia

Re: Bernstein puts qmail in public domain

[Hannah Schroeter]

Hi!

On Fri, Nov 30, 2007 at 11:16:37AM +0100, Pieter Verberne wrote:
On Fri, Nov 30, 2007 at 09:15:34AM +, Stuart Henderson wrote:
 On 2007/11/30 10:41, Lars Noodin wrote:
  qmail

 never had a license - now it's in the public domain it's allowed
 to distribute it, but I don't like to imagine what misc@ would look
 like after the following release if it was to be switched in base...

Just before it was in public domain:
Did someone asked the author if it was accepted to put a BSD-like
license on it? He allowed us to share and modify the software but had no
official document about is (a license). I think he just might accept us
to licence it.

IIRC, on qmail, there was at least something resembling a license, but
that was so restrictive that it wasn't even really good for making a
*port* of qmail.

Well, I'm don't know very much about licensing etc.. However, it is in
public domain now. Wich I find another strange thing, while there is no
'legal way' to put something in public domain.

There *is* in some jurisdictions, just not in all.

Pieter Verberne

Kind regards,

Hannah.

Re: Replace sendmail with qmail?

[Eric Ziegast]

Frans Haarman wrote:

Did he change his djbdns license as well !?
From the Google Video 
(http://video.google.com/videosearch?q=Bernstein+releases+code+public+domain)...


After talking about shortcomings of BSD/GNU licensing...

...  as a result of seeing this mess for some decades and thinking 
about the sources of the mess I have decided to put my future and (going 
through the things I've done i the past) past software into the public 
domain.


... and some guy next to him, raises his hands, and quietly exclaims, 
Yes!, before the small crowd of SAGE attendees breaks into applause.


If it isn't already changed, it may be soon.

-ez

Re: Bernstein puts qmail in public domain

[Hannah Schroeter]

Hi!

On Fri, Nov 30, 2007 at 11:26:47AM +0100, Henning Brauer wrote:
sendmail is the only one of them beeing BSD-licensed.

Sendmail *used* to be BSD-licensed. There *is* a reason it got moved to
.../gnu/... in the source tree even if its current license isn't exactly
gpl. But its current license has some gpl-like strings attached, IIRC.

Kind regards,

Hannah.

Re: Bernstein puts qmail in public domain

[Pieter Verberne]

On Fri, Nov 30, 2007 at 09:15:34AM +, Stuart Henderson wrote:
 On 2007/11/30 10:41, Lars Noodin wrote:
  qmail
 
 never had a license - now it's in the public domain it's allowed
 to distribute it, but I don't like to imagine what misc@ would look
 like after the following release if it was to be switched in base...

Just before it was in public domain:
Did someone asked the author if it was accepted to put a BSD-like
license on it? He allowed us to share and modify the software but had no
official document about is (a license). I think he just might accept us
to licence it.

Well, I'm don't know very much about licensing etc.. However, it is in
public domain now. Wich I find another strange thing, while there is no
'legal way' to put something in public domain.

Pieter Verberne

Re: Configuring sendmail openbsd 4.2

[Khalid Schofield]

Ok definetly working now. It would be good to tweak the config a  
little more but it's accepting incoming and dealing with outgoing  
mail properly so I'm happy.


thanks for all the help to everyone to replied.




On 29 Nov 2007, at 23:50, Hugo Villeneuve wrote:


On Thu, Nov 29, 2007 at 09:20:34AM +, Khalid Schofield wrote:

ok it's still not working. I'm posting my configs here. It's not
accepting incoming mail. Sendmail is set to use /etc/mail/sendmail.cf
in rc.conf


Incoming mail from the network? That's because of all the 127.0.0.1
and ::1 in you DAEMON_OPTION lines. You might use sendmail.cf, but
you started your new .mc file by using
/usr/share/sendmail/cf/openbsd-localhost.mc instead of openbsd- 
proto.mc.




Here is the .mc script I built the config from in /usr/share/ 
sendmail/

cf/

...

define(`SMART_HOST','oxmail.ox.ac.uk')dnl

...

# Smart relay host (may be null)
DS'oxmail.ox.ac.uk'



You did not quote correclty. m4 is weird like that. Quoted text for
m4 start with a backward single quote ` and ends with a forward
single quote '.

Either quote correctly, or remove those you put around  
oxmail.ox.ac.uk.


I think it's the ' on the .cf DS line that cause the smart host
feature to fail.


Also, just to say, the default OpenBSD supports smart host via the
mailertable when using sendmail.cf (running sendmail without
-C/etc/mail/localhost.cf flag).

This in mailertable (+recompile of the hash db):
.   relay:[oxmail.ox.ac.uk.]

Works the same as SMART_HOST.

--
Hugo Villeneuve [EMAIL PROTECTED]
http://EINTR.net/

Re: Bernstein puts qmail in public domain

[Frans Haarman]

On Nov 30, 2007 9:38 AM, Matthew Dempsky [EMAIL PROTECTED] wrote:
 (Ugh, I wish I had noticed this message a few minutes earlier.)

 On 11/29/07, Tobias Weisserth [EMAIL PROTECTED] wrote:
  I just wanted to point out that D.J. Bernstein has put qmail in public
  domain. I'm not implying anything but wouldn't it be a perfect opportunity
  to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in
  OpenBSD? qmail's security record is better and many OpenBSD users prefer it
  to sendmail.

 I'm interested seeing this happen and am willing to contribute patches
 if they stand a chance of being accepted. :-)


I'd like to see puffy on www.openqmaild.org ;)

Re: Strange em(4) issues

[Stuart Henderson]

On 2007/11/30 09:57, Girish Venkatachalam wrote:
 On 20:47:57 Nov 29, Stuart Henderson wrote:
  
  Been there, done that. If you use plaintext protocols (ftp or so)
  over the interface, you'll see random corruption visible in the
  data (e.g. directory listings).
  
  At 133MHz there's some corruption between motherboard and card.
  Disappears at 66MHz.
  
  Normally this would be masked by TCP checksums (you'd get packet
  loss, but it would mostly be corrected rather than pass corrupt
  packets up the stack), but the em(4) does offload TCP checksum
  processing to the card, so the checksum no longer covers the
  transfer over the PCI bus, hence the wierd protocol errors.
 
 TCP checksums or for that matter any checksum cannot catch *all* errors.

Agreed, hence the mostly.

 Since there is a MAC computation for every packet, this will easily help
 you identify the problem.

With this happening, you're lucky to get an ftp banner through without
corruption, I don't think I ever had an SSH session setup.

I already have two workarounds, one is to use the old quad em(4) with
the IBM(Tundra) bridge (which work ok at 64x133 but the RJ45 sockets
are the wrong way up to latch correctly in some of Supermicro's 1U cases),
the other is to use the newer cards (Pericom bridge) at 66MHz.

I haven't heard of this happen on other systems (and other 64x133 cards
work), I suspect it's a hardware problem between H8SSL and the Pericom
bridge chip.

Re: removing sendmail

[Amarendra Godbole]

On Nov 30, 2007 8:30 AM, Juan Miscaro [EMAIL PROTECTED] wrote:
 Hi, I would like to do away with sendmail as much as possible.  I
 prefer postfix.  Now I know that the sendmail binary is entwined with
 the system's internals but is there any way to completely get rid of
 it?  I see that some people remove the binary and turn it off in
 rc.conf.  Am I making any sense?  Should I do anything special to
 sendmail when I install postfix?  And what of the postfix-enable
 command?  Is this good enough?
[...]

Please note that postfix does not undergo the rigorous code scrub that
sendmail goes through. Hence, if you are on a production machine, I'd
suggest you to use sendmail, and not postfix.

Postfix used to be my favorite too, but since the day I know how to
configure and use sendmail, I feel it is the best MTA I've ever used.
YMMV.

-Amarendra

Re: restore hanging on an unusual file name

[Richard Toohey]

On 29/11/2007, at 9:21 PM, Richard Toohey wrote:


On 21/11/2007, at 10:48 PM, Otto Moerbeek wrote:

I think dump should 'vis' the filenames it prints.

-Otto






[cut]
(Just done some more testing before posting and realized that I  
have only looked at verbose mode ls, so still got more work to do -  
but it only seems to be verbose mode that causes the xterm hang,  
and I'd like feedback anyway.)



[cut]

So I look at interactive.c some more to see why non-verbose mode  
works, and I would very much appreciate some advice on this ...


/usr/src/sbin/restore/interactive.c

c. line 509 (4.2 RELEASE) is print_list() - invoked when an 'ls'  
command is used.
c. line 526 it calls mkentry() - c. line 592 mkentry() definition ...  
and it looks at filenames c. line 600:


600 for (cp = fp-fname; *cp; cp++)
601 if (!vflag  (*cp  ' ' || *cp = 0177))
602 *cp = '?';
603 fp-len = cp - fp-fname;

Why does it only replace the characters (less than spc or = del) in  
NON-verbose mode?  What would the reasoning behind that be?


A simpler (but less correct?) non-vis fix would be to drop the vflag  
test.  I tried that and it worked.


I could drop the test and change mkentry to store the vis()d  
filenames (but potentially 4x space required for each name - guess  
could vis and copy back again - more thinking required.)


Thanks.


The patch:

# diff -uw /usr/src/sbin/restore/interactive.c interactive.c



[cut]

And the patch is not a patch because of spaces replacing tabs (still  
working on how to fix that in my mail client) - thanks for the feedback.

Re: Replace sendmail with qmail?

[Frans Haarman]

On Nov 30, 2007 9:27 AM, Matthew Dempsky [EMAIL PROTECTED] wrote:
 Dan Bernstein has placed qmail 1.03 into the public domain (see
 http://cr.yp.to/qmail/dist.html).  Is there any interest in replacing
 sendmail with it to remove another component from the src/gnu/
 hierarchy?

This would be very cool. I am totally in love with qmail, it hasnt
failed me yet.
Did he change his djbdns license as well !?

Re: cbb0: controller is missing in dmesg

[Miod Vallat]

 I cvsup'd today and saw that /usr/src/sys/dev/pci/pccbb.c had been
 changed.  I turned on all the bugging code I could, and I get in the
 dmesg cbb0: controller is missing.
 
 Yet right above it in the dmesg is says cbb0 at pci6 dev 4 function 0
 TIPCIXX12 Cardbus
 
 I was wondering if there is something special about my laptop so that
 OpenBSD can't support cardbus and pcmcia?
 PCMCIA cards work fine in FreeBSD and Vista.

This is a new paranoia check which appears to be too sensitive with TI
cardbus chips.

I have commited a workaround which skips this check for TI devices.
Please update to pccbb.c r1.54 and pccbbvar.h r1.13 and it should work
again.

Miod

Re: [plz. help] constant attack from: 201.244.17.162, 222.231.60.88, 82.207.116.209....

[Craig Skinner]

On Mon, Nov 26, 2007 at 06:56:51PM -0800, badeguruji wrote:
 I just discovered by chance that, someone is
 constantly trying to break into my openbsd box from:
 
 My box is behind router-NAT which is allowing ssh.

Try something like this, drops ssh connections from IPs that try more
than 5 times per minute:

table ssh_scanners persist

set block-policy drop

block all
block return in log on $lan_if
block return out log on $lan_if
block return out log on $ext_if

pass in log on $ext_if inet proto tcp from any port  1023 \
to $ext_if port ssh modulate state \
(max-src-conn-rate 5/60, overload ssh_scanners)

block in log on $ext_if inet proto tcp from ssh_scanners to $ext_if port ssh




-- 
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]

Re: ilo (ipmi) and serial console redirection

[holger glaess]

hi

of cause , i try to setup com2 but the system says at bootpromt com port is
not aviable , but if the kernel
already loaded the com port is aviable.

there is no setting options at the bios to change the com port from the ipmi
board.

holger

-Urspr|ngliche Nachricht-
Von: Stijn [EMAIL PROTECTED]
Gesendet: 29.11.07 22:40:22
An: holger glaess [EMAIL PROTECTED]
Betreff: Re: ilo (ipmi) and serial console redirection


Hi,

At the boot prompt can you enter set tty com2? Does it redirect
correctly now? If so add the command to /etc/boot.conf.

You have to take care on how to setup the ilo in bios. I don't have a
system around here, but I remember openbsd and ilo fighting over a com
port. Setting the correct bios settings allowed me to redirect console
to a specific com port.

HTH,
Stijn

holger glaess wrote:
 hi

 i try to setup the last days the console redirection on al HP DL 145 G2
with ipmi board ( ilo standard )

 the most works i see the post bios output and the first lines of der boot
console of openbsd but there is a first error message
 that the com0 is not aviable and this ist true.

 the ipmi / ilo hardware together with the hp box redirect everything to com2
and it is not possible to chnage the com port by hardware.

 is there an existing solution to change the existing limit of openbsd that h
is able to use other com ports than com0 .
 ( at the openbsd faq is written that on amd64 / i386 systems only possible
to use the com0 port )

 any suggest for me ?

 holger

Re: VPN Concentrator

[Jason Dixon]

On Dec 1, 2007, at 12:37 AM, visc wrote:


On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote:


Hi,
I'd like to make a VPN Concentrator using openbsd. I want users to be
able to authenticate using usernames and passwords and to either nat
the users or give them an ip from our main dhcp server via a bridge.

If I have say a mac user at home wanting to connect into my network
using the built in mac os client how should I set up the vpn server?
Will it auth using usernames and passwords or is certificates only
simple way to authenticate to the vpn server?

How would I know which is better to use for this application out of
PPTP or IPsec?

Any and all input welcome.

Khalid

I'm embarking down the same path for what it's worth, but I'm  
actually doing it to eventually get rid of my Cisco 3005. My main  
structure though is ipsec between static fixed devices/locations and  
I don't need to worry about supporting  PPTP or L2TP over IPSEC, or  
supplying addresses- yet.


I think Brian A. Seklecki's response:
`That's a tall order.  In Cisco-land a VPNC3000k will run you $5k  
plus SMARTNet.  You'll need isakmpd(8) policies.  You'll need  
dhclient-server relay support.  You'll need XAuth authentication  
(Possibly via PAM). You'll need IPSEC NAT-T.  Maybe tie it all  
together with LDAP and PKI.


Kind of hit the nail on the head of my worries as well. I'm busy  
enough now making a secure network between offices using an OpenBSD  
box as the hub, but when I need to start adapting for Road  
Warriors things may get tricky.
For example, your Mac user at home, assuming Tiger's built in client  
(I'm not clear on Leopard's new VPN protocols), can only use PPTP or  
L2TP over IPSEC. I don't know if it's even possible to support all  
protocols easily on an OpenBSD concentrator, so I plan to push my  
Road Warriors into using clients such as VPN Tracker or The Greenbow  
client, though open source alternatives would be preferable. In my  
perfect world it would be isakmp/ipsec only for me and to hell with  
clients. Too bad that can't always happpen...



I haven't been following this thread, but I saw your post and thought  
I'd add some bits for you to consider.  First, you mention that Mac OS  
X only supports PPTP or L2TP over IPSec.  This is not true.  I've used  
OpenVPN (via tunnelblick) and the Cisco VPN client.  OpenBSD has  
solutions that will support both of those clients.  Would it be nice  
to have XAUTH support?  Sure, but don't hold your breath.


---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: Is the tree borked, or am I?

[STeve Andre']

On Friday 30 November 2007 15:15:52 STeve Andre' wrote:
The last time I built -current was Nov 22.  Now I can't build
 the kernel.   Yes, I've made the change to config ala  the upgrade
 FAQ.  I've gotten a new /usr/src/sys thinking that CVS messed

[snip]  Never mind -- I am.  Another machine seems to compile
perfectly.  --STeve

Re: ral-rt2860 wireless mini-pci

[Daniel Melameth]

On 11/30/07, Bret [EMAIL PROTECTED] wrote:
 I am trying to use the SparkLan WMIR-215GN in a Soekris 5501. The
 mini-pci is not seen as a rt2860 chipset.

 The dmesg follows:

 OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007

I believe initial work for the rt2860 chipset is only in -current at
this time--you might want to give the latest snapshot a spin.

Questions about bioctl and arc/Areca

[Don Jackson]

Hello,
I am have an Opteron machine running OpenBSD 4.2/amd64.

This machine has an Areca AC-1110 raid controller.

Among other things, I would like to either query or ideally be notified if
the controller goes into alarm.

How can I do that?

I can do:

 # bioctl -v -q  sd0
 sd0: Areca, ARC-1110-VOL#00, R001, serial 000591171972

and

# bioctl -a get  arc0
alarm is currently enabled

Re: Bernstein puts qmail in public domain

[Stuart Henderson]

On 2007/11/30 01:56, Tobias Weisserth wrote:
 sendmail (GNU GPL) 

Despite being in /usr/src/gnu, Sendmail is not GPL.

 qmail's security record is better and many OpenBSD users prefer it
 to sendmail.

And many don't. Maybe it's time to put it back into ports, though.

Bernstein puts qmail in public domain

[Tobias Weisserth]

Hi everybody,

I just wanted to point out that D.J. Bernstein has put qmail in public
domain. I'm not implying anything but wouldn't it be a perfect opportunity
to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in
OpenBSD? qmail's security record is better and many OpenBSD users prefer it
to sendmail.

http://cr.yp.to/qmail/dist.html

I hereby place the qmail package (in particular, qmail-1.03.tar.gz, with
MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public domain. You
are free to modify the package, distribute modified versions, etc.

regards,

Tobias W.

Re: Bernstein puts qmail in public domain

[Henning Brauer]

* Lars Noodin [EMAIL PROTECTED] [2007-11-30 10:07]:
 Tobias Weisserth wrote:
  
  ... I just wanted to point out that D.J. Bernstein has 
  put qmail in public domain. ...
 
 I'm curious about why sendmail was chosen to be in the default setup
 over Postfix, Exim or qmail.  These all have improved a lot and it may
 be time for a re-evaluation.

exim is an insecure piece of shit that makes old sendmail look good. 
besides, it is not free.
postfix is not free.
qmail used to be not free. and it is weird.
sendmail is the only one of them beeing BSD-licensed.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Bernstein puts qmail in public domain

[Lars Noodén]

Tobias Weisserth wrote:
 
 ... I just wanted to point out that D.J. Bernstein has 
 put qmail in public domain. ...

I'm curious about why sendmail was chosen to be in the default setup
over Postfix, Exim or qmail.  These all have improved a lot and it may
be time for a re-evaluation.

-Lars

Re: Replace sendmail with qmail?

[Matthew Dempsky]

On 11/30/07, Peter Hessler [EMAIL PROTECTED] wrote:
 That being said, its really easy to install qmail yourself and have it
 replace the in-tree sendmail (see mailer.conf).

Right, and maybe for a future OpenBSD release you could swap the
placement of sendmail and qmail in that sentence. :-)

To be clear, I suggested replacing sendmail with qmail because 1) it
would further OpenBSD's efforts of eliminating unacceptably licensed
code and 2) I'm familiar with qmail, so I can actually contribute
patches.  If there's a more suitable MTA, I'd be even happier to see
it go in (as long as I can keep using qmail ;-).

Re: Replace sendmail with qmail?

[Peter Hessler]

qmail has a seperate set of problems beyond its license.

That being said, its really easy to install qmail yourself and have it 
replace the in-tree sendmail (see mailer.conf).


On 2007 Nov 30 (Fri) at 00:27:32 -0800 (-0800), Matthew Dempsky wrote:
:Dan Bernstein has placed qmail 1.03 into the public domain (see
:http://cr.yp.to/qmail/dist.html).  Is there any interest in replacing
:sendmail with it to remove another component from the src/gnu/
:hierarchy?
:

-- 
You must realize that the computer has it in for you.  The irrefutable
proof of this is that the computer always does what you tell it to do.

Re: removing sendmail

[Nico Meijer]

Hi Juan,

 Am I making any sense? 

Not to me. But it depends on your situation.

 Should I do anything special to sendmail when I install postfix? 

No. Just follow the instructions after installing postfix.

 And what of the postfix-enable command?  Is this good enough?

Almost. Apply the changes to rc.conf.local and root's crontab and you're
good to go.

Any upgrade can then be like any other regular upgrade; nothing to worry
about. No magic.

HTH... Nico

PCI ID rules to be included in pcidevs

[Daniel Ouellet]

Quick question on the rules of this if I may.

What's the rules, kind of used to determine when new PCI ID can be put 
in the pcidevs in the tree?


If I find new ID's, do they need to be verify by users first, etc?

In looking at my SAS problem, I find that Symbios Logic may have

0x0066 Symbios Logic Inc. / NCR|MegaRAID SCSI 320-2XRWS

And that ID is not in the tree yet. So, to be included there, do you 
need the data sheet or something from the company, or you put them as 
possible one and finalize them when the hardware is tested, or what's 
the process for that?


What do you required if I come across others like that to be useful?

Best,

Daniel

VPN Concentrator

[Khalid Schofield]

Hi,
I'd like to make a VPN Concentrator using openbsd. I want users to be  
able to authenticate using usernames and passwords and to either nat  
the users or give them an ip from our main dhcp server via a bridge.

If I have say a mac user at home wanting to connect into my network  
using the built in mac os client how should I set up the vpn server?  
Will it auth using usernames and passwords or is certificates only  
simple way to authenticate to the vpn server?

How would I know which is better to use for this application out of   
PPTP or IPsec?

Any and all input welcome.

Khalid

Re: VPN Concentrator

[Lars Noodén]

Khalid Schofield wrote:
 ...
 How would I know which is better to use ...

Definitely not PPTP:
http://www.vpnc.org/vpn-standards.html

IPsec or SSL seems

Re: Bernstein puts qmail in public domain

[Lars Hansson]

On Nov 30, 2007 6:16 PM, Pieter Verberne [EMAIL PROTECTED] wrote:
 Just before it was in public domain:
 Did someone asked the author if it was accepted to put a BSD-like
 license on it? He allowed us to share and modify the software but had no
 official document about is (a license). I think he just might accept us
 to licence it.

Yes, the discussion is in the archives and no he didnt. qmail had a
weird license.

---
Lars Hansson

Re: removing sendmail

[Antti Harri]

On Fri, 30 Nov 2007, Nico Meijer wrote:


And what of the postfix-enable command?  Is this good enough?


Almost. Apply the changes to rc.conf.local and root's crontab and you're
good to go.

Any upgrade can then be like any other regular upgrade; nothing to worry
about. No magic.


Except that when doing package upgrade with pkg_add the sendmail 
configuration (in mailer.conf) will be restored and it won't be
re-enabled until manually doing postfix-enable. At least it used to be 
like that, correct me if the pkgtools has the needed features nowadays to 
prevent that.


--
Antti Harri

Re: OpenBSD 4.2 not booting on alix2c2

[baldoni]

 [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 The alix board is straight out of the box -
  with whichever bios PC Engines had on it when it was shipped out a
 week
  ago.

 try a different bios, there have been 6 new versions so far this month.



Thanks for your help.

The problem was that I had the CF plugged into my secondary hard drive
slot when installing the OS (wd1), then trying to run it on wd0. For the
sake of personal comfort I did a re-install in the primary slot after
which every thing ran beautifully.


John

Re: Replace sendmail with qmail?

[frantisek holop]

hmm, on Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky said that
 Dan Bernstein has placed qmail 1.03 into the public domain (see
 http://cr.yp.to/qmail/dist.html).  Is there any interest in replacing
 sendmail with it to remove another component from the src/gnu/
 hierarchy?


everyone seems to think about s/sendmail/qmail/g
but there is another quite obvious possibility:
simply adding it besides sendmail...

that would of course be almost totally the same
as having it in the ports.

but interesting times, interesting times definitely,
qmail becoming PD.  2 roadblocks are gone:
qmail's code quality is on par with openbsd's,
the license is now sweet, so only the third remains:
it's weirdness.  people who like the unix way of life
will note that DNB likes to ignore hier(7) and some
other peculiarities.

but now that the source is PD,
those are not a real problems anymore...

if i had to guess, i'd say it won't get in
(use it from the ports)
and somehow i just can't imagine a /. article called
qmail now openbsd's default mta :]

-f
ps. 
a) i am a postfix person
b) i am not a fan of openbsd's built-in programs.
   i think sendmail should be in ports too,
   just as IE should not be part of windows.

-f
-- 
everyone has a photographic memory, some don't have film.

Where/how can I set the flags for savecore during boot?

[Don Jackson]

I'm running OpenBSD 4.2/amd64 on an Opteron machine.
I boot off of wd0, which is a flash disk.

I also have sd0, which I use for more frequently writable partitons (swap,
var, tmp, etc)  (sdo is really a set of raid disks managed by an areca disk
controller)

Here is my /etc/fstab:

# more /etc/fstab
/dev/wd0a / ffs rw 1 1
/dev/wd0g /home ffs rw,nodev,nosuid 1 2
/dev/sd0f /home2 ffs rw,nodev,nosuid 1 2
/dev/sd0d /tmp ffs rw,nodev,nosuid 1 2
/dev/wd0e /usr ffs rw,nodev 1 2
/dev/sd0e /var ffs rw,nodev,nosuid 1 2
/dev/sd0b none swap sw 0 0

Note wd0b is not specified, and sd0b is.

When I boot the machine, I see:

root on wd0a swap on wd0b dump on wd0b

I guess the kernel devaults to wd0b for swap and dump?

Anyway, the next log line is:

swapctl: adding /dev/sd0b as swap device at priority 0

So that seems good, it is picking up the real swap space out of /etc/fstab

(after the machine boots, I run:
# swapctl -l
Device  512-blocks UsedAvail Capacity  Priority
/dev/sd0b  84019320  8401932 0%0
so that seems consistent that the kernel is using sd0b for swap)

But later in the boot messages I see:

savecore: /dev/wd0b: Device not configured

Presumably this is because

rc.conf has:

savecore_flags= # -z to compress

and /etc/rc has:
if [ -d /var/crash ]; then
savecore ${savecore_flags} /var/crash
fi

So, how can fix it so savecore executes successfully in the rc script?

After the machine booted, I tried running

# savecore /dev/sd0b
savecore: /dev/wd0b: Device not configured

thinking that if I just specified the actual swap partition it would work,
but clearly it didn't.

How can I configure savecore to use the real swap partition on this system?

Don

Re: OpenBSD version / build question

[Greg Thomas]

I believe #375 is RELEASE from Aug 28 2007, that's what's in
/pub/OpenBSD/4.2/i386. Don't know where you're getting the others
from, snapshots?  It'd be nice if you mentioned your upgrade steps.

On Nov 30, 2007 10:50 AM, patrimith [EMAIL PROTECTED] wrote:
 Hi List!

 I'm upgrading a server from OpenBSD 4.1 to 4.2 and there are a number of
 servers that have been done already. 'uname -a' tells me that they are:

 OpenBSD hostname 4.2 GENERIC#375 i386
 OpenBSD hostname 4.2 GENERIC#410 i386
 OpenBSD hostname 4.2 GENERIC#468 i386

 375, 410, 468:
 Are these build numbers?
 Or do they mean something else?
 Would they signify security fixes that are important?

 Should I be concerned that they are not the same across our different
 servers if our goal is to keep a consistent setup?

 Thanks,

 Patrick Smith

 --
 View this message in context: 
 http://www.nabble.com/OpenBSD-version---build-question-tf4923181.html#a14088909
 Sent from the openbsd user - misc mailing list archive at Nabble.com.





-- 
Ticketmaster and Ticketweb suck, but everyone knows that:
http://ticketmastersucks.org
http://lodesertprotosites.org
Dethink to survive - Mclusky

Re: Postfix(chroot) and Postgresql

[Genadijus Paleckis]

Instead of that I would recommend you to use DB files generated at 
regular intervals instead of 'online' access to postgresql. It is less 
CPU expensive and much faster.
But if you wish to use SQL maps I guess you may want to use 127.0.0.1 
instead of local socket and of course you need to configure postgresql 
to accept network access.



Bengt Frost wrote:

*Addition* to above: In pg_hba.conf (PosgreSQL):
vmail(user)  access to datab with md5 password
local(and host)

--bfrost

Bengt Frost wrote:

Hi,

I am trying to use PostgreSQL as a backend for my Postfix virtual mail 
system and dovecot(psql) for smtp-auth.
'Postfix' is chrooted - most of it - and with MySQL socket there is no 
problem to auth users and use Postfix
transport_maps and virtual_*_maps. I have problem with postgresql 
socket(.s.PGSQL.5432). Neither
dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have 
tried to google, read OpenBSD misc and
ports maillinglists with no success. Here is some files with related 
'stuff':


### rc - system
/etc/rc.local:
# Postfix - PostgreSQL
if [ -x /usr/local/bin/pg_ctl ]; then
   echo -n ' postgresql'
   su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \
   -D /var/postgresql/data -l /var/postgresql/logfile \
   -o '-D /var/postgresql/data' /dev/null
   su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp
   su -l _postgresql -c ln -s 
/var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp

fi

/etc/rc.shutdown:
# Posfix - PostgreSQL
if [ -f /var/postgresql/data/postmaster.pid ]; then
su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \
   -D /var/postgresql/data
   rm -f /var/postgresql/data/postmaster.pid \
 /var/spool/postfix/tmp/.s.PGSQL.5432 \
 /var/spool/postfix/tmp/.s.PGSQL.5432.lock \
 /tmp/.s.PGSQL.5432 \
 /tmp/.s.PGSQL.5432.lock
fi

### Dovecot:
/etc/dovecot.conf:
 passdb sql {
   args = /etc/dovecot-pgsql.conf
 }
...
userdb sql {
   args = /etc/dovecot-pgsql.conf
... socket listen {
   client {
   path = /var/spool/postfix/private/auth
   mode = 0660
   user = _postfix
   group = _postfix
   }
/etc/dovecot-pgsql:
# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, 
and CRYPT.

default_pass_scheme = CRYPT  # also above schemes

# Database options
# UNIX socket - see host
connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x

### Postfix - referensed from main.conf(pgsql: - no proxymap used):
/etc/postfix/pgsql_transport:
# UNIX socket - PostgreSQL - relative path(chroot)
hosts = unix:/tmp/.s.PGSQL.5432
# inet: for TCP connections (default)
#hosts = localhost
##hosts = 127.0.0.1

### PostgreSQL
/var/postgresql/postgresql.conf:
unix_socket_directory = '/var/spool/postfix/tmp'
# tmp directory in Postfix root : rwxrwxr-t permission and 'owned' 
by   _postfix  _postgresql


Someone out there have any suggestions how use Postfix (and Dovecot) 
with PostgreSQL?

Thanks!

--bfrost

Re: pflog filling up /var mount every 2-3 days!

[Jake Conk]

On Nov 30, 2007 7:47 PM, NetOne - Doichin Dokov [EMAIL PROTECTED] wrote:
 Jake Conk P=P0P?P8Q P0:

  Hello,
 
  I have my /var partitioned out to be 150mb which I thought was a
  enough but every 2-3 days it gets full because I end up with a pflog
  file that is ridiculously large! Right now I have one that is 53.6mb
  and I have gotten them larger like 100mb +!! Because of this my /var
  partition fills up and other programs have problems witting logs and
  stuff... Here is an example:
 
  $ ls -lah /var/log/ | grep pflog
  -rw---   1 root  wheel  98.0K Nov 30 18:02 pflog
  -rw---   1 root  wheel  53.6M Nov 30 02:00 pflog.0
  -rw---   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
  -rw---   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
  -rw---   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
  -rw---   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
  -rw---   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931
 
  I have to keep coming here each couple of days to check if that is
  full and delete them. My question is, is this normal and I just
  created my /var mount too small? I think the fact that my pflog is
  that big is the actual problem, does anyone know of a way to fix this?
 
  Thanks,
  - Jake
 Perhaps you want to see what's inside it? Look at your pf.conf, see what
 you're logging and if you do need it to be logged. Remove anything
 unnecessary, setup newsyslogd to rotate it - there are plenty of options
 to solve your problem. It's all in the FAQ / man pages.



Thanks guys for your replies... I'll try to cut down on the all the
useless logging I'm doing but when I opened the log files up to see
what was inside them I only saw all this binary stuff. I assume thats
not what's supposed to be in the pflogs right? Any ideas why I'm
getting binary stuff in the logs?

Thanks,
- Jake

Re: pflog filling up /var mount every 2-3 days!

[Richard Toohey]

On 1/12/2007, at 7:23 PM, Jake Conk wrote:


Thanks guys for your replies... I'll try to cut down on the all the
useless logging I'm doing but when I opened the log files up to see
what was inside them I only saw all this binary stuff. I assume thats
not what's supposed to be in the pflogs right? Any ideas why I'm
getting binary stuff in the logs?

Thanks,
- Jake


http://www.openbsd.org/faq/pf/index.html
http://www.openbsd.org/faq/pf/logging.html
http://www.openbsd.org/faq/pf/logging.html#logfile

See tcpdump.

Re: pflog filling up /var mount every 2-3 days!

[Daniel Ouellet]

Jake Conk wrote:

Thanks guys for your replies... I'll try to cut down on the all the
useless logging I'm doing but when I opened the log files up to see
what was inside them I only saw all this binary stuff. I assume thats
not what's supposed to be in the pflogs right? Any ideas why I'm
getting binary stuff in the logs?


I guess this show you just don't need to log things here as you never 
read them.


man(8) pflogd

Display binary logs:

   # tcpdump -n -e -ttt -r /var/log/pflog


And go read the faq on openbsd.org. They are a very big source of 
informations. It's all there, so help yourself.


http://openbsd.org/faq/pf/logging.html

Hope this help you some.

Best,

Daniel

Re: VPN Concentrator

[Scott Learmonth]

On 30-Nov-07, at 9:57 PM, Jason Dixon wrote:


On Dec 1, 2007, at 12:37 AM, visc wrote:


On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote:


Hi,
I'd like to make a VPN Concentrator using openbsd. I want users to  
be

able to authenticate using usernames and passwords and to either nat
the users or give them an ip from our main dhcp server via a bridge.

If I have say a mac user at home wanting to connect into my network
using the built in mac os client how should I set up the vpn server?
Will it auth using usernames and passwords or is certificates only
simple way to authenticate to the vpn server?

How would I know which is better to use for this application out of
PPTP or IPsec?

Any and all input welcome.

Khalid

I'm embarking down the same path for what it's worth, but I'm  
actually doing it to eventually get rid of my Cisco 3005. My main  
structure though is ipsec between static fixed devices/locations  
and I don't need to worry about supporting  PPTP or L2TP over  
IPSEC, or supplying addresses- yet.


I think Brian A. Seklecki's response:
`That's a tall order.  In Cisco-land a VPNC3000k will run you $5k  
plus SMARTNet.  You'll need isakmpd(8) policies.  You'll need  
dhclient-server relay support.  You'll need XAuth authentication  
(Possibly via PAM). You'll need IPSEC NAT-T.  Maybe tie it all  
together with LDAP and PKI.


Kind of hit the nail on the head of my worries as well. I'm busy  
enough now making a secure network between offices using an OpenBSD  
box as the hub, but when I need to start adapting for Road  
Warriors things may get tricky.
For example, your Mac user at home, assuming Tiger's built in  
client (I'm not clear on Leopard's new VPN protocols), can only use  
PPTP or L2TP over IPSEC. I don't know if it's even possible to  
support all protocols easily on an OpenBSD concentrator, so I plan  
to push my Road Warriors into using clients such as VPN Tracker or  
The Greenbow client, though open source alternatives would be  
preferable. In my perfect world it would be isakmp/ipsec only for  
me and to hell with clients. Too bad that can't always happpen...



I haven't been following this thread, but I saw your post and  
thought I'd add some bits for you to consider.  First, you mention  
that Mac OS X only supports PPTP or L2TP over IPSec.  This is not  
true.  I've used OpenVPN (via tunnelblick) and the Cisco VPN  
client.  OpenBSD has solutions that will support both of those  
clients.  Would it be nice to have XAUTH support?  Sure, but don't  
hold your breath.


---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net


Thanks, it's good to know not to get too excited about XAUTH. This is  
all new territory for me.


I was only referring to the built-in osx client via Internet  
Connect.app. Though the Cisco VPN client is actually what is driving  
my desire to move away from Cisco. My support contracts have run out  
with Cisco, and I'm too much of a paranoid soul to use Cisco clients I  
find via other means. Yet incompatibility has once again struck me.


And Khalid - sorry to hijack your thread. Most of my road warriors are  
going to be on macs and too cheap to purchase VPN Tracker. Any  
successes I gave I'll certainly share.


Cheers

Re: pflog filling up /var mount every 2-3 days!

[Ivan Hudiakov]

Brian A. Seklecki ?:

On Fri, 30 Nov 2007, Jake Conk wrote:


Hello,

I have my /var partitioned out to be 150mb which I thought was a


You're probably getting a lot of log hits on a default block log all 
at the end of your rules. You can prevent a lot of crud by doing 
block quicks w/o log statements for the following:


-) Multicast crud (Apple users)
-) Windows NetBIOS/CIFS Broadcast crap
-) IPv6

Good examples can be found.

~BAS



Hi, Jake,

You are absolutly correct - 150 mb is too small for /var partition and 
only configuring of PF logging will not be enought. But I am sure that 
it is good idea to keep all the the information of pflog files. So, you 
have several ways to solve this problem:


1) Make a directory on some bigger partition and setup newsyslog by 
editing /etc/newsyslog.conf to store archieved logs in that folder.


2) Move log folder to some bigger partition and create symbolic link to 
that place in /var partition.


PS: And never stop logging, truth is in the logs.

Regards,
Ivan Hudiakov