Re: spamd greylisting: false positives

/var/log/spamd spamd[11000]: queueing deletion of x.x.x.x mx1.example.com f...@example.com da...@elven.com.au spamd[11000]: queueing deletion of y.y.y.y mx2.example.com f...@example.com da...@elven.com.au Both of these emails I wished to receive, as I corresponded with them yesterday. :( I am

Re: spamd greylisting: false positives

Can messages get dropped if mail servers fail to resend within time interval, after receiving the initial temporary failure message?

Re: spamd greylisting: false positives

Here are the logs for my failed attempts at joining the misc mailing list. All with default spamd settings. Like I said, it did not succeed until I added lists.openbsd.org to the /etc/mail/nospamd and reloaded the pf rule. May 15 23:48:58 mx spamd[6698]: new entry 192.43.244.163 from

Re: spamd greylisting: false positives

On 25.05.2012 01:09, David Diggles wrote: Can messages get dropped if mail servers fail to resend within time interval, after receiving the initial temporary failure message? A qualified yes. The message isn't dropped if the sending server fails to resend before greyexp hours, it is dropped

Re: spamd greylisting: false positives

On 25.05.2012 01:09, David Diggles wrote: Can messages get dropped if mail servers fail to resend within time interval, after receiving the initial temporary failure message? It's dropped when it's first received, and it will continue to get dropped until passtime minutes have passed. If it

Re: spamd greylisting: false positives

On Thu, May 24, 2012 at 11:09 PM, David Diggles da...@elven.com.au wrote: Can messages get dropped if mail servers fail to resend within time interval, after receiving the initial temporary failure message? Yes, but that is entirely up to the sending mailserver. If you do not receive a

Re: spamd greylisting: false positives

Like I said, it was in default mode when this behavior started. Now I am messin with the timings trying to overcome this dropping of messages. Are you saying I should be increasing this from 25 minutes? On Fri, May 25, 2012 at 02:03:03AM -0500, Matthew Weigel wrote: On 25.05.2012 01:09, David

Re: spamd greylisting: false positives

Oh, so if I am relying on remote mailservers being configured to resend after a temporary failure, how do I second guess the time intervals they are configured with? If they even resend at all? Eg: lists.openbsd.org failed with default grey settings in spamd. I guess I don't have the skills to

Recent BIND ports

Hello, from all relevant discussions I have seen it seems that BIND in base will not be updated to a newer version and unbound has a good chance to be the replacement. The thing is, we need a newer version of BIND for resolving (at least 9.7, preferably 9.8 or in the future 9.9). The question

Re: spamd greylisting: false positives

I am now trying it with -G120:6:864 Although I can't think how to reproduce the problem in a controlled way, other than wait and see what emails I don't get :/ On Fri, May 25, 2012 at 02:07:33AM -0500, Matthew Weigel wrote: On 25.05.2012 01:09, David Diggles wrote: Can messages get dropped if

Re: Strange MASTER/BACKUP behavior with carp

* Johan Ryberg jo...@securit.se [2012-05-24 20:38]: Fishy... All documentation is pointing at the direction to default advskew on the primary host and 100 on the secondary. http://www.openbsd.org/faq/pf/carp.html fw1: default fw2: advskew 128

Re: Recent BIND ports

* Kostas Zorbadelos kzo...@otenet.gr [2012-05-25 10:06]: from all relevant discussions I have seen it seems that BIND in base will not be updated to a newer version and unbound has a good chance to be the replacement. The thing is, we need a newer version of BIND for resolving (at least 9.7,

Re: spamd greylisting: false positives

* David Diggles da...@elven.com.au [2012-05-25 09:18]: Like I said, it was in default mode when this behavior started. Now I am messin with the timings trying to overcome this dropping of messages. Are you saying I should be increasing this from 25 minutes? the defaults are fine, afaict

Re: spamd greylisting: false positives

On Fri, 25 May 2012 17:22:04 +1000 David Diggles wrote: Eg: lists.openbsd.org failed with default grey settings in spamd. I find it hard to believe lists.openbsd.org isn't RFC compliant. I guess you have another problem. If you send me an address privately. I'll send a mail from Yahoo. I know

Re: Recent BIND ports

Henning Brauer lists-open...@bsws.de writes: * Kostas Zorbadelos kzo...@otenet.gr [2012-05-25 10:06]: from all relevant discussions I have seen it seems that BIND in base will not be updated to a newer version and unbound has a good chance to be the replacement. The thing is, we need a newer

Re: spamd greylisting: false positives

-Ursprungligt meddelande- Fren: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Fvr David Diggles Skickat: den 25 maj 2012 11:14 Till: misc@openbsd.org Dmne: Re: spamd greylisting: false positives I am now trying it with -G120:6:864 Although I can't think how to reproduce the

Ljetovanje na Bolu - Brač

Dragi oboavatelji Bola i Braha, PROVEDITE 7 DANA NA BOLU U APARTMANU ZA SAMO 1.321 kn Od 1.5. do 23.6. Od 26.8. do 31.10. Broj aranmana je ogranihen. Ukoliko vas je vie od dvoje u apartmanu, sljedefe dvije osobe plafaju cijenu za jednu. Otkrijte Bol - uivajte na najljepoj plai

Re: spamd greylisting: false positives

-Ursprungligt meddelande- Fren: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Fvr David Diggles Skickat: den 25 maj 2012 11:14 Till: misc@openbsd.org Dmne: Re: spamd greylisting: false positives I am now trying it with -G120:6:864 Although I can't think how to reproduce the

IBM x3850/x3950 OpenBSD dmesg

Hi, we will be deactivating some old servers. I will try to boot OpenBSD and provide dmesg. |Product NameIBM x3850-[88634SG]- |Product NameIBM 3850 M2 / x3950 M2 -[71414RG]- Anybody

Re: German Government claims to be able to break PGP and SSH

car + eimer? ay carambas?!! On Thu, May 24, 2012 at 10:13 PM, Stuart VanZee stua...@datalinesys.com wrote: What do you guys think about the reliability of the news (unfortunatelly in German only) on www.golem.de My German's rusty but the follow-up article quoting Symantec mentions

Re: Recent BIND ports

Le 12-05-25 06:24, Kostas Zorbadelos a icrit : Henning Brauerlists-open...@bsws.de writes: * Kostas Zorbadeloskzo...@otenet.gr [2012-05-25 10:06]: from all relevant discussions I have seen it seems that BIND in base will not be updated to a newer version and unbound has a good chance to be

Re: spamd greylisting: false positives

The spamd pf.conf rules I have are: table spamd-white persist table nospamd persist file /etc/mail/nospamd pass in on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in log on egress proto tcp from

Re: IBM x3850/x3950 OpenBSD dmesg

On Fri, May 25, 2012 at 07:27:48AM -0400, Jiri B wrote: Hi, we will be deactivating some old servers. I will try to boot OpenBSD and provide dmesg. |Product NameIBM x3850-[88634SG]- |Product

Re: German Government claims to be able to break PGP and SSH

car + eimer? ay carambas?!! Autoeimer, with unlimited strcat() known to overflow students' brains. Yes the Bundestrojaner. I pictured a fat politician's soggy condom on the back of his doggy-style mistress: one for the country! Mild stuff considering German pr0n culture. -- p On Thu, May 24,

Re: spamd greylisting: false positives

David Diggles wrote: I am now trying it with -G120:6:864 Although I can't think how to reproduce the problem in a controlled way, other than wait and see what emails I don't get :/ Stop playing with those settings, you are freaking out about log entries that don't mean what you think they

Re: HW upgrade options, opinions please?

The way you use that === in your graphic, even with the explanatory comment, is hella confusing. I think I got what you mean: That's where it goes, but it goes there via the carp geodes, not via any direct connection. But even if I did now understand that correctly (which I'm not entirely sure

Re: spamd greylisting: false positives

I wasn't receiving email, from lists.openbsd.org and also from my work email address, until I added the respective smtp servers to the whitelist table in pf. I could see them in the greylist when I typed spamdb. Yes. I did misunderstand the spamd log entry about deletion. Though I would not

Re: HW upgrade options, opinions please?

Oh it just means the standalone geode redirects all inbound connections from the internet, to the Pentium 4. The other pair of carp geodes protect the office subnet, and the Pentium 4 does not have ip forwarding, but acts as a squid cache etc. Any suggestions for improvement? Is there a

Re: spamd greylisting: false positives

On 25.05.2012 10:50, David Diggles wrote: I wasn't receiving email, from lists.openbsd.org and also from my work email address, until I added the respective smtp servers to the whitelist table in pf. I could see them in the greylist when I typed spamdb. In the greylist, or in the whitelist

Re: spamd greylisting: false positives

On Sat, May 26, 2012 at 01:50:40AM +1000, David Diggles wrote: I will go ahead and flush the spamdb database, and the pf tables and start over with default everything, no whitelist pf entries. spamd acts up for me occasionally. In such cases I just /etc/rc.d/spamd stop rm /var/db/spamd

Re: Unbound

On 05/22/2012 08:50 AM, Stuart Henderson wrote: On 2012-05-21, Geoff Steckelg...@oat.com wrote: On 05/20/2012 10:49 PM, Nick Holland wrote: On 05/20/12 17:49, David Diggles wrote: Ok, I am interested in opinions on why one should migrate from BIND to unbound? 1) It is unlikely there will be

Re: Unbound

Geoff Steckel(g...@oat.com) on 2012.05.25 14:37:29 -0400: Thanks very much! I think using NSD for the outward facing authoritative service makes sense. Retaining BIND is probably best for the internal service since I see no way to add the local domains, etc. to unbound/nsd while retaining

Re: Unbound

On 05/25/2012 09:00 PM, Sebastian Benoit wrote: 1. run nsd on 127.0.0.1 (or some other ip != your unbound ip) 2. tell unbound where to ask for your local domain example.com: stub-zone: name: example.com stub-addr: 127.0.0.1 If you run nsd on localhost, remember to set

Re: Recent BIND ports

Simon Perreault simon.perrea...@viagenie.ca writes: Le 12-05-25 06:24, Kostas Zorbadelos a icrit : Henning Brauerlists-open...@bsws.de writes: * Kostas Zorbadeloskzo...@otenet.gr [2012-05-25 10:06]: from all relevant discussions I have seen it seems that BIND in base will not be updated

Re: Recent BIND ports

On 2012-05-25 15:14, Kostas Zorbadelos wrote: filter--on-v4 (9.7+) (needed now) purely out of curiosity: why? Crude workaround for increased levels of IPv6 brokeness in our networks (aka CPE with broken firmware). Needed until the proper solution is given. Interesting, thanks. In any

Recordatorio para el curso de Mercadotecnia Moderna de las 4 P a las 4 C Ultimo día

!Muy Importante! Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a su Bandeja de Entrada Apreciable Ejecutivo: TIEM de Mixico Empresa Lmder en Capacitacisn y Actualizacisn de Capital Humano Le Recuerda que el excelente curso denominado: Mercadotecnia Moderna de las

Re: Recent BIND ports

Simon Perreault simon.perrea...@viagenie.ca writes: Unbound is replacing BIND in OpenBSD for increased betterness. Stay tuned... Yes, I have understood that. The question remains: what do you think of ports for recent BIND versions? I am trying to make a case for OpenBSD in a demanding

Re: Recent BIND ports

On 2012-05-25 15:33, Kostas Zorbadelos wrote: Yes, I have understood that. The question remains: what do you think of ports for recent BIND versions? I am running a hand-compiled BIND 9.9 right now for the DNS64 feature. I'd like to have an up to date port. I don't one to contribute, so I

Re: Documentation for Apache-SSL key creation

On Wed, May 16, 2012 at 03:14:54PM -0500, Nicolai wrote: Hi all, While making a self-signed key for use with Apache I noticed that the FAQ recommends deprecated crypto (RSA-1024 and SHA1). I chose instead RSA-4096 and sha256. A couple patches for the website and manual page are below.

Re: Unbound

On Fri, May 25, 2012 at 2:37 PM, Geoff Steckel g...@oat.com wrote: Thanks very much! I think using NSD for the outward facing authoritative service makes sense. Retaining BIND is probably best for the internal service since I see no way to add the local domains, etc. to unbound/nsd while

Re: Documentation for Apache-SSL key creation

Jason McIntyre j...@kerhand.co.uk wrote: While making a self-signed key for use with Apache I noticed that the FAQ recommends deprecated crypto (RSA-1024 and SHA1). I chose instead RSA-4096 and sha256. A couple patches for the website and manual page are below. changes committed,

Re: Documentation for Apache-SSL key creation

On Fri, May 25, 2012 at 09:25:29PM +, Christian Weisgerber wrote: Jason McIntyre j...@kerhand.co.uk wrote: While making a self-signed key for use with Apache I noticed that the FAQ recommends deprecated crypto (RSA-1024 and SHA1). I chose instead RSA-4096 and sha256. A couple

Re: Documentation for Apache-SSL key creation

On Fri, May 25, 2012 at 10:49:26PM +0100, Jason McIntyre wrote: On Fri, May 25, 2012 at 09:25:29PM +, Christian Weisgerber wrote: RSA-4096 is really excessive. RSA-2048 is the general recommendation and what we use by default for SSH and IKE host keys. i wish you'd commented earlier

Re: German Government claims to be able to break PGP and SSH

Peter Laufenberg open...@laufenberg.ch wrote: My German's rusty but the follow-up article quoting Symantec mentions spyware/keylogging, which has been the traditional technique used in in the past. But that's for targeted surveillance. The original article refers to a bulk grep of 16,400

Re: spamd greylisting: false positives

Thanks for also replying directly. Since I cleared nospamd override table in pf, I am no longer receiving emails from misc. I wasn't receiving email, from lists.openbsd.org and also from my work email address, until I added the respective smtp servers to the whitelist table in pf. I could

Re: spamd greylisting: false positives

Ok I am still not getting emails from lists.openbsd.org (so please if you reply, cc to me). I restarted spamd at this time after deleting /var/db/spamd and clearing the bypass tables in pf at this time: 2012-05-26 02:13:12 # /usr/libexec/spamd Here is the last message to make it to

openups

Have anyone seen this? I just saw it, and even though there's only windows app available right now, I'm hoping this can tickle some developer's fancy :) http://www.mini-box.com/OpenUPS -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to