Re: Phone suggestion.
Gareth Nelson said: Is it theoretically possible to boot an OpenBSD kernel on an average android device? TLDR: this requires a lot of work and provides much less then expected in exchange. That would require a lot of drivers which we don't have. Even aftermarket Android firmware uses binary blobs from vendors for hardware support (which is actually a major roadblock for aftermarket firmware development for cheaper Android devices, like those based on Rockchip's SoCs). So in practice it is very difficult to get OpenBSD running on an Android phone, even ignoring the fact that we lack software for making phone calls, etc. Interaction between OpenBSD as user-facing OS and RTOS that manages cellular hardware would probably be the another big issue issue. Again, there's little to no documentation on topic, so OpenBSD on phone port does not look overly feasible. Lastly, running OpenBSD as user-facing OS is not particularly useful, as RTOS that runs cellular operations normally has direct write access to RAM of user-facing OS. That means that whatever firmware user installs, he is basically defendless against cellular operators and whatever bodies that can gain data from those. That also means that exploiting vulnerability in RTOS would allow an attacker direct privileged access to RAM, which effectively discards most security measures of user-facing OS. Provided that RTOS is actually in between user-facing OS and internet connection, that creates a huge attack vector which can't be dealt with by installing OpenBSD-based firmware. -- Dmitrij D. Czarkoff
Re: Phone suggestion.
On Mon, May 25, 2015 at 11:40:05PM +0530, Jay Patel wrote: Thanks John for in dept detail... BB seems good. be cause i travel lot and mail usually using mobile only. keyboard seems better idea. Nobody cares about your personal stuff, so back to OpenBSD or STFU. Thx. j.
Re: Random PID implementation and security
Le 2015-05-26 00:10, Miod Vallat a écrit : It is not the responsibility of the operating system to protect its users against software which assumes using the pid as a random source is a bright and wise idea. Isn't this the whole goal of random PIDs, to put a defense at OS level protecting software against themselves when they make wrong assumption regarding the PID and use it for wrong purposes?
Re: Phone suggestion.
2015-05-25 22:37 GMT+02:00 Gareth Nelson gar...@garethnelson.com: Is it theoretically possible to boot an OpenBSD kernel on an average android device? Most android device run on ARM, with a few running on intel. ARM processor up to Cortex A17 use the ARMv7 instruction set, the same as the OpenBSD ARM Port. So in theory, it is possible. In practive, people seems more interested in running OpenBSD on computer. -- Cordialement, Coues Ludovic +336 148 743 42
Re: Thinkpad X1 Carbon Suspend issue
On Mon, May 25, 2015 at 08:21:19PM +0100, Bojan Nastic wrote: Anyone having much luck with 5.7 or -current on Thinkpad X1 Carbon 2nd gen (Haswell chip)? It works pretty well (including wireless), although on my machine the lack of a specific video driver means that things in X can be painfully slow (forget about watching a video!). Everything seems to be working fine, except for waking from suspend. Suspend works fine, either via 'zzz' or closing the lid, but waking it up doesn't work -- hardware seems unresponsive, the sleep light stays on regardless of what I do to it (pressing buttons, opening the lid...) When I do this, the OS is still working, but the screen doesn't wake back up (whether this is related to X running in the background or not, I don't know -- I never run without X). I can see this happening as follows. Log in as root on console 1. Suspend with zzz (I don't use suspend-with-lid). Resume by pressing the power button. [At this point the screen is blank.] Type reboot. Wait a little while and the machine will reboot. I appreciate that's not hugely useful, but it does mean that, if I want to test suspend/resume support ever so often, I don't have to fsck afterwards... Laurie -- Personal http://tratt.net/laurie/ Software Development Teamhttp://soft-dev.org/ https://github.com/ltratt http://twitter.com/laurencetratt
Re: Random PID implementation and security
Op Tue, 26 May 2015 11:07:06 +0200 schreef Simon openbsd.li...@whitewinterwolf.com: Le 2015-05-26 00:10, Miod Vallat a écrit : It is not the responsibility of the operating system to protect its users against software which assumes using the pid as a random source is a bright and wise idea. Isn't this the whole goal of random PIDs, to put a defense at OS level protecting software against themselves when they make wrong assumption regarding the PID and use it for wrong purposes? One can protect against programmers assuming sequential allocation and one can protect against programmers assuming random allocation, but not both. -- (Remove the obvious prefix to reply privately.) Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Power button on ThinkPad T440
Hello Marko, marko.cu...@mimar.rs (Marko Cupa?), 2015.05.24 (Sun) 10:17 (CEST): I am running recent snapshot on my laptop ThinkPad T440. Power button does not initiate shutdown. I have apmd_flags=-A in rc.conf.local. I thought the same about the power button of my X200s until I accidentally pressed it for about 1-2 seconds. Release it shortly before your internal timer hits the I'm powering the machine down now feeling ;-) Bye, Marcus How can I troubleshoot it? Thank you in advance, -- Marko Cupa? https://www.mimar.rs/ !DSPAM:5561893638071555249218!
Re: Phone suggestion.
On Mon, May 25, 2015 at 7:12 AM, Dmitrij D. Czarkoff czark...@gmail.com wrote: M Wheeler said: Android is the most targeted platform by malware by a massive degree. Whatever you do, don't get an android. This is not supported by evidence. Actually, only vendors of antivirus software for android really claim any meaningful amount of malware, and even then they fail to point at anything in particular. I was at a recent security conf where the security researchers basically said it's so easy to target Android that they prefer to work on the iPhone, more challenging (and of course, present 4 exploits, 3 of which they presented, and fixed in the current iOS 8.1.3, 4th is unreleased as of now).
Random PID implementation and security
Le 2015-05-26 12:58, Boudewijn Dijkstra a écrit : Op Tue, 26 May 2015 11:07:06 +0200 schreef Simon openbsd.li...@whitewinterwolf.com: Le 2015-05-26 00:10, Miod Vallat a écrit : It is not the responsibility of the operating system to protect its users against software which assumes using the pid as a random source is a bright and wise idea. Isn't this the whole goal of random PIDs, to put a defense at OS level protecting software against themselves when they make wrong assumption regarding the PID and use it for wrong purposes? One can protect against programmers assuming sequential allocation and one can protect against programmers assuming random allocation, but not both. Unless specific cases, I do not think that programmers assume that PID are especially sequential or not, but merely rely on the hypothesis that: - PID are unguessable, - PID will not be reused quickly. And yes, it seems possible to fulfill these two properties by providing unguessable and not quickly reusable PID instead of pure random PID. Moreover, would I have to choose between random PID adding a protection against potential local exploits but opening potential remote exploits, and sequential PID opening potential local exploits but at least not causing remotely exploitable weaknesses, I would tend to consider sequential PID more secure than pure random PID (as long as one considers that remotely exploitable vulnerabilities have higher severity than local ones). Unguessable and not quickly reusable PID would be the third and most secure option, providing protection both against local and remote exploits (and keeping ports people hair (reference to Theo de Raadt answer in the current thread) in a more reliable way than the 100 items array which is effectless in loaded environments).
IBM ThinkPad X60s 1704-5LG flashed with coreboot SeaBIOS
System boots just fine - (previously it would hang on probing CPU, 4 months ago) Sleep /Wake works X11 works OpenBSD 5.7-current (GENERIC.MP) #894: Mon May 25 17:48:34 MDT 2015 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU 1400 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,PERF real mem = 2137198592 (2038MB) avail mem = 2089984000 (1993MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 06/23/99, BIOS32 rev. 0 @ 0xfd4e7, SMBIOS rev. 2.7 @ 0x7f6b7020 (8 entries) bios0: vendor coreboot version CBET4000 7BETD8WW (2.19 ) date 05/25/2015 bios0: LENOVO 17045LG acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT MCFG APIC HPET acpi0: wakeup devices HDEF(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EHC1(S4) SLT1(S4) SLT2(S4) SLT3(S4) SLT6(S4) LANC(S3) LANR(S3) MODM(S4) SLPB(S3) LID_(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU 1400 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,PERF ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEGP) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus 2 (RP02) acpiprt4 at acpi0: bus 3 (RP03) acpiprt5 at acpi0: bus 4 (RP04) acpiprt6 at acpi0: bus -1 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpiprt8 at acpi0: bus 5 (PCIB) acpiec0 at acpi0 acpicpu0 at acpi0: C2, C2, C1, PSS acpicpu1 at acpi0: C2, C2, C1, PSS acpitz0 at acpi0: critical temperature is 127 degC acpitz1 at acpi0: critical temperature is 99 degC acpithinkpad0 at acpi0 acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model 92P1163 serial 1044 type LION oem SANYO acpibat1 at acpi0: BAT1 not present acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: LID_ acpiac1 at acpi0: AC unit offline acpidock0 at acpi0: DOCK docked (1) bios0: ROM list: 0xc/0xea00! 0xee800/0x1800! cpu0: Enhanced SpeedStep 1663 MHz: speeds: 1666, 1333, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03 intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1024x768 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog Devices AD1981HD audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 2 int 20 pci1 at ppb0 bus 1 em0 at pci1 dev 0 function 0 Intel 82573L rev 0x00: msi, address 00:16:d3: ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02 pci2 at ppb1 bus 2 ral0 at pci2 dev 0 function 0 Ralink RT3090 rev 0x00: apic 2 int 17, address 6c:62:6d: ral0: MAC/BBP RT3090 (rev 0x3213), RF RT3020 (MIMO 1T1R) ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02 pci4 at ppb3 bus 4 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 2 int 16 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 2 int 17 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 2 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 2 int 19 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 2 int 19 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci5 at ppb4 bus 5 cbb0 at pci5 dev 0 function 0 Ricoh 5C476 CardBus rev 0xb4: apic 2 int 16 Ricoh 5C552 Firewire rev 0x09 at pci5 dev 0 function 1 not configured sdhc0 at pci5 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x18: apic 2 int 18 sdmmc0 at sdhc0 Ricoh 5C843 MMC rev 0x00 at pci5 dev 0 function 3 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 6 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1
Re: Random PID implementation and security
Don't use PID for seeding ever, in fact don't use seeding. If you want a random integer use arc4random(), if you want a random buffer use arc4random_buf(). There is more even to arc4random(3) which is up to you to read in the manpage system. Sincerely, -peter
Re: Phone suggestion.
On Tue, May 26, 2015 at 07:19:19AM -0400, bofh wrote: Unless you are in India, or Pakistan, or any of the other countries where Blackberry basically gave them the backdoor. Which also means the US, essentially. This is to do with the encryption used for BBM services and not BlackBerry devices.
Re: Phone suggestion.
On Tue, May 26, 2015 at 7:31 AM, M Wheeler b9dcbd36df10828fdb237104a05fd...@refn.eu wrote: On Tue, May 26, 2015 at 07:19:19AM -0400, bofh wrote: Unless you are in India, or Pakistan, or any of the other countries where Blackberry basically gave them the backdoor. Which also means the US, essentially. This is to do with the encryption used for BBM services and not BlackBerry devices. If there's a backdoor in one place, what makes you think there isn't another backdoor somewhere else? Also, surely you don't think the NSA program only sprang into place after iPhones and Androids came about? Who did you think the NSA was targeting, or really, cooperating with previously?
Re: Phone suggestion.
On Tue, May 26, 2015 at 08:01:47AM -0400, bofh wrote: On Tue, May 26, 2015 at 7:31 AM, M Wheeler b9dcbd36df10828fdb237104a05fd...@refn.eu wrote: On Tue, May 26, 2015 at 07:19:19AM -0400, bofh wrote: Unless you are in India, or Pakistan, or any of the other countries where Blackberry basically gave them the backdoor. Which also means the US, essentially. This is to do with the encryption used for BBM services and not BlackBerry devices. If there's a backdoor in one place, what makes you think there isn't another backdoor somewhere else? Also, surely you don't think the NSA program only sprang into place after iPhones and Androids came about? Who did you think the NSA was targeting, or really, cooperating with previously? Stop it. As said earlier, this has nothing to do with OpenBSD. -Otto
Re: Phone suggestion.
On Mon, May 25, 2015 at 5:46 AM, John Long codeb...@inbox.lv wrote: On Sun, May 24, 2015 at 12:51:39PM +0530, Jay Patel wrote: Blackberry for security? or something else. BlackBerry has notably fewer exploits than other platforms, especially Unless you are in India, or Pakistan, or any of the other countries where Blackberry basically gave them the backdoor. Which also means the US, essentially.
i217-LM not accepting dhcp offers
Just installed the 5-25-15 snapshot on a Supermicro server with an X10SLL-F board. The board has two Ethernet ports, one i210-AT and one i217-LM. The i217-LM does not accept the offers from the DHCP server. I also was not prompted to set the up the i217-LM (em0) when installing the OS. The DHCP server (an OpenBSD -current box) logs a series of: DHCPDISCOVER from 00:25:90:47:9e:75 via em0 DHCPOFFER on 172.27.12.243 to 00:25:90:47:9e:75 via em0 Upgraded to a -current kernel, same issue (building userland now). dmesg: OpenBSD 5.7-current (GENERIC.MP) #0: Tue May 26 13:43:19 EDT 2015 r...@medusa.grizzly.bear:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17121247232 (16328MB) avail mem = 16598519808 (15829MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec170 (80 entries) bios0: vendor American Megatrends Inc. version 3.0 date 04/24/2015 bios0: Supermicro X10SLL-F acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT SSDT SSDT MCFG HPET SSDT SSDT SPMI acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP05(S4) GLAN(S4) EHC1(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz, 3600.52 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM ,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES, XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz, 3600.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM ,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES, XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 1 (RP01) acpiprt5 at acpi0: bus 3 (RP02) acpiprt6 at acpi0: bus -1 (RP03) acpiprt7 at acpi0: bus -1 (RP05) acpiec0 at acpi0: not present acpicpu0 at acpi0: C1, PSS acpicpu1 at acpi0: C1, PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: FN00, resource for FAN0 acpipwrres4 at acpi0: FN01, resource for FAN1 acpipwrres5 at acpi0: FN02, resource for FAN2 acpipwrres6 at acpi0: FN03, resource for FAN3 acpipwrres7 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 105 degC acpitz1 at acpi0: critical temperature is 105 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: PWRB acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD1F ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 3600 MHz: speeds: 3600, 3400, 3200, 3000, 2900, 2700, 2500, 2300, 2100, 1900, 1700, 1500, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core 4G Host rev 0x06 xhci0 at pci0 dev 20 function 0 Intel 8 Series xHCI rev 0x05: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 Intel xHCI root hub rev 3.00/1.00 addr 1 em0 at pci0 dev 25 function 0 Intel I217-LM rev 0x05: msi, address 00:25:90:47:9e:75 ehci0 at pci0 dev 26 function 0 Intel 8 Series USB rev 0x05: apic 8 int 16 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 8 Series PCIE rev 0xd5: msi pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 ASPEED Technology AST1150 PCI rev 0x03 pci2 at ppb1 bus 2 vga1 at pci2 dev 0 function 0 ASPEED Technology AST2000 rev 0x30 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb2 at pci0 dev 28 function 1 Intel 8 Series PCIE rev 0xd5: msi pci3 at ppb2 bus 3 em1 at pci3 dev 0 function 0 Intel I210
boot stops - 86duino educake
Hi, im still trying to run openbsd on my (quite special) 86duino educake. i am making some progress, but right now i could need some directions. the device boots to some piont, then it does nothing. but plugging in a usb stick in it produces output. i can not get a login. i've tested 5.4-5.6, same behavior. 5.7 causes uvm panic. how can i find out why boot is not getting further ? jan OpenBSD/i386 BOOT 3.21 ^Mboot p^H ^Hmachine diskinfo ^MDiskBIOS# TypeCylsHeads SecsFlags Checksum ^Mfd0 0x0 *none* 236 2 32 0x4 0x0 ^Mhd0 0x80label 1023255 63 0x2 0xd7659677 ^Mboot help ^Mcommands: # boot echo env help ls machine reboot set stty time ^Mmachine: boot comaddr diskinfo memory ^Mboot machine memory ^MRegion 0: type 1 at 0x0 for 639KB ^MRegion 1: type 2 at 0x9fc00 for 1KB ^MRegion 2: type 2 at 0xf for 64KB ^MRegion 3: type 1 at 0x10 for 129596KB ^MRegion 4: type 2 at 0x7f8f000 for 4KB ^MRegion 5: type 1 at 0x7f9 for 320KB ^MLow ram: 639KB High ram: 129916KB ^MTotal free memory: 130555KB ^Mboot boot^M[ using 800644 bytes of bsd ELF symbol table ] ^MCopyright (c) 1982, 1986, 1989, 1991, 1993 ^M The Regents of the University of California. All rights reserved. ^MCopyright (c) 1995-2013 OpenBSD. All rights reserved. http://www.OpenBSD.org ^M ^MOpenBSD 5.4 (GENERIC) #37: Tue Jul 30 12:05:01 MDT 2013 ^Mdera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC ^MRTC BIOS diagnostic error bfixed_disk ^Mcpu0: Vortex86 SoC (686-class) 301 MHz ^Mcpu0: FPU,TSC,CX8,SEP,CMOV,MMX,PERF ^Mreal mem = 133292032 (127MB) ^Mavail mem = 119693312 (114MB) ^Mmainbus0 at root ^Mbios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xff046, SMBIOS rev. 2.7 @ 0x7fe1420 (6 entries) ^Mbios0: vendor coreboot version 4.0-4750-g745041e-dirty date 03/12/2015 ^Mbios0: DMP Vortex86EX ^Macpi at bios0 function 0x0 not configured ^Mpcibios0 at bios0: rev 2.1 @ 0xf/0x1 ^Mpcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4ce0/224 (12 entries) ^Mpcibios0: no compatible PCI ICU found: ICU vendor 0x17f3 product 0x6011 ^Mpcibios0: Warning, unable to fix up PCI interrupt routing ^Mpcibios0: PCI bus #1 is the last bus ^Mbios0: ROM list: 0xef000/0x1000! ^Mcpu0 at mainbus0: (uniprocessor) ^Mpci0 at mainbus0 bus 0: configuration mode 1 (bios) ^Mpchb0 at pci0 dev 0 function 0 vendor RDC, unknown product 0x6025 rev 0x01 ^Mppb0 at pci0 dev 1 function 0 vendor RDC, unknown product 0x1031 rev 0x02: irq 15 ^Mpci1 at ppb0 bus 1 ^Mpcib0 at pci0 dev 7 function 0 vendor RDC, unknown product 0x6011 rev 0x01 ^Mpcib1 at pci0 dev 7 function 1 vendor RDC, unknown product 0x6011 rev 0x01 ^Mvte0 at pci0 dev 8 function 0 RDC R6040 Ethernet rev 0x00: irq 9, address 00:1b:eb:64:ae:d4 ^Mukphy0 at vte0 phy 1: Generic IEEE 802.3u media interface, rev. 0: OUI 0x000bb4, model 0x0005^Mohci0 at pci0 dev 10 function 0 RDC R6060 USB rev 0x13: irq 14, version 1.0, legacy support ^Mehci0 at pci0 dev 10 function 1 RDC R6061 USB rev 0x07: irq 10 ^Musb0 at ehci0: USB revision 2.0 ^Muhub0 at usb0 RDC EHCI root hub rev 2.00/1.00 addr 1 ^Mpciide0 at pci0 dev 12 function 0 vendor RDC, unknown product 0x1012 rev 0x03: DMA (unsupported), channel 0 configured to native- PCI, channel 1 configured to native-PCI ^Mpciide0: using irq 11 for native-PCI interrupt ^Mwd0 at pciide0 channel 0 drive 0: D0 RDC SD-IDE HOST CONTROLLER ^Mwd0: 1-sector PIO, LBA, 14719MB, 30144512 sectors ^Mpciide0: channel 1 ignored (not responding; disabled or no drives?) ^Mazalia0 at pci0 dev 14 function 0 vendor RDC, unknown product 0x3010 rev 0x02: irq 7 ^Mazalia0: No codecs found ^Mvendor RDC, unknown product 0x1060 (class serial bus subclass USB, rev 0x03) at pci0 dev 15 function 0 not configured ^Mvendor RDC, unknown product 0x1331 (class undefined unknown subclass 0xff, rev 0x00) at pci0 dev 16 function 0 not configured ^Mvendor RDC, unknown product 0x1710 (class undefined unknown subclass 0xff, rev 0x01) at pci0 dev 16 function 1 not configured ^Mvendor RDC, unknown product 0x1070 (class serial bus subclass CANbus, rev 0x00) at pci0 dev 17 function 0 not configured ^Misa0 at pcib0 ^Misadma0 at isa0 ^Mcom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo ^Mcom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo ^Mcom2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo ^Mpckbc0 at isa0 port 0x60/5 ^Mpckbd0 at pckbc0 (kbd slot) ^Mpckbc0: using irq 1 for kbd slot ^Mwskbd0 at pckbd0: console keyboard ^Mpcppi0 at isa0 port 0x61 ^Mspkr0 at pcppi0 ^Mnpx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 ^Mpcic: does not support memory and I/O cards, ignored (ident=3) ^Mpcic: does not support memory and I/O cards, ignored (ident=3) ^Mpcic: does not support memory and I/O cards, ignored (ident=3) ^Mpcic: does not support memory and I/O cards, ignored (ident=3)^Misa at pcib1 not configured ^Musb1 at ohci0: USB revision 1.0 ^Muhub1 at usb1 RDC OHCI root hub rev 1.00/1.00 addr 1 ^Mnvram: invalid
Re: Phone suggestion.
On Tue, May 26, 2015 at 7:31 AM, M Wheeler b9dcbd36df10828fdb237104a05fd...@refn.eu wrote: On Tue, May 26, 2015 at 07:19:19AM -0400, bofh wrote: Unless you are in India, or Pakistan, or any of the other countries where Blackberry basically gave them the backdoor. Which also means the US, essentially. This is to do with the encryption used for BBM services and not BlackBerry devices. If there's a backdoor in one place, what makes you think there isn't another backdoor somewhere else? Also, surely you don't think the NSA program only sprang into place after iPhones and Androids came about? Who did you think the NSA was targeting, or really, cooperating with previously? Stop it. As said earlier, this has nothing to do with OpenBSD. But much to do with the motives for OpenBSD. You know that is bullshit right? OpenBSD is just people trying to write some good code. Nothing more. Please stop subscribing us to your motivations.
Re: Router performance amd64 vs i386
On Tue, May 26, 2015 at 11:15 AM, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Tue, May 26, 2015 at 04:27:23PM +0200, Janne Johansson wrote: ..or, if it really is important for you, why not set up a test and benchmark it? I have no idea if or when amd64 would have surpassed i386 in performance, and if it is better how much better. But if this was an important topic worthy of the science, then by all means do test it on your particular hardware and present the results. I do tend to agree with the comments already posted so I won't repeat them, but if +/-5% is seriously interesting enough for people to keep remembering and asking for, then it surely would be worth making a small effort too, no? 2015-05-26 0:42 GMT+02:00 Bill Buhler b...@buhlerfamily.org: I'm preparing a new flash image for an Intel Atom dual core based router with 2gb of ram. I'm curious if there are current comments on the current performance of the two platforms? I know in the past the i386 was actually faster at things like PF, but that was several years ago. Also ask yourself if a few % more speed is worth to have no proper W^X support. At least unless you run -current and even then amd64 has probably the most restrictive W^X policy for userland and kernel. Also more people are running amd64 and so has better testing in general. -- :wq Claudio I'll throw out an unsubstantiated guess, the change to 64 bit time makes amd64 perform better than i386 at packet filtering. Disclaimer, no idea how often time is interesting in a standard pure packet filtering environment.
Re: Router performance amd64 vs i386
On Tue, May 26, 2015 at 04:27:23PM +0200, Janne Johansson wrote: ..or, if it really is important for you, why not set up a test and benchmark it? I have no idea if or when amd64 would have surpassed i386 in performance, and if it is better how much better. But if this was an important topic worthy of the science, then by all means do test it on your particular hardware and present the results. I do tend to agree with the comments already posted so I won't repeat them, but if +/-5% is seriously interesting enough for people to keep remembering and asking for, then it surely would be worth making a small effort too, no? 2015-05-26 0:42 GMT+02:00 Bill Buhler b...@buhlerfamily.org: I'm preparing a new flash image for an Intel Atom dual core based router with 2gb of ram. I'm curious if there are current comments on the current performance of the two platforms? I know in the past the i386 was actually faster at things like PF, but that was several years ago. Also ask yourself if a few % more speed is worth to have no proper W^X support. At least unless you run -current and even then amd64 has probably the most restrictive W^X policy for userland and kernel. Also more people are running amd64 and so has better testing in general. -- :wq Claudio
Re: Openbsd 5.7 and sendmail
On Tue, May 26, 2015 at 04:11:24PM +, Peter Fraser wrote: I put OpenBSD 5.7 up, but because we make use of the SpamHaus I didn't want to move to smtpd. It was easy enough to put sendmail in but I found I could not rebuild my /etc/mail/access.db makemap did not like the To: prefix in the /etc/mail/access file. being somewhat slow to took me a couple of days to realize that there are now 2 makemap's /usr/libexec/smtpd/makemap and /usr/local/libexec/sendmail/makemap using the right one for sendmail fixed my problem. Yes, the pkg-readme already documents this (/usr/local/share/doc/pkg-readmes/sendmail-*): snip Tweaking /etc/mailer.conf - Two scripts are provided along with this package. Run sendmail-enable to adjust your mailer.conf(5), and sendmail-disable to revert your changes. -- Antoine
Re: Phone suggestion.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, 26 May 2015 14:06:57 +0200 Otto Moerbeek o...@drijf.net wrote: On Tue, May 26, 2015 at 08:01:47AM -0400, bofh wrote: On Tue, May 26, 2015 at 7:31 AM, M Wheeler b9dcbd36df10828fdb237104a05fd...@refn.eu wrote: On Tue, May 26, 2015 at 07:19:19AM -0400, bofh wrote: Unless you are in India, or Pakistan, or any of the other countries where Blackberry basically gave them the backdoor. Which also means the US, essentially. This is to do with the encryption used for BBM services and not BlackBerry devices. If there's a backdoor in one place, what makes you think there isn't another backdoor somewhere else? Also, surely you don't think the NSA program only sprang into place after iPhones and Androids came about? Who did you think the NSA was targeting, or really, cooperating with previously? Stop it. As said earlier, this has nothing to do with OpenBSD. But much to do with the motives for OpenBSD. -Otto - -- https://babayaga.neotext.ca/PublicKeys/Duncan_Patton_a_Campbell_pubkey.txt Ne obliviscaris, vix ea nostra voco. iF4EAREIAAYFAlVkk0wACgkQiY6AzzR1lzzaBgEAqg7hq3q5PFGTTYelHKYcEyiZ GkBdeIluBh2nKpGo4rsA/1CqGDb8aOj8pCXD9JC8185skxlIl7LbjvNNH1ATKSFN =KSec -END PGP SIGNATURE-
Re: WWAN Qualcomm Gobi 2000
I have it in my X220. Recognised properly according to dmesg, but never got around to look up the setup for my mobile provider, so take that with a grain of salt. On Tuesday, 26 May 2015, Alex Shupikov a.shupi...@gmail.com wrote: Hi all Somebody uses Qualcomm Gobi 2000 OpenBSD? It works? -- /ssh
Re: Thinkpad X1 Carbon Suspend issue
On 26 May 2015 at 10:44, Laurence Tratt lau...@tratt.net wrote: On Mon, May 25, 2015 at 08:21:19PM +0100, Bojan Nastic wrote: Anyone having much luck with 5.7 or -current on Thinkpad X1 Carbon 2nd gen (Haswell chip)? It works pretty well (including wireless), although on my machine the lack of a specific video driver means that things in X can be painfully slow (forget about watching a video!). Everything seems to be working fine, except for waking from suspend. Suspend works fine, either via 'zzz' or closing the lid, but waking it up doesn't work -- hardware seems unresponsive, the sleep light stays on regardless of what I do to it (pressing buttons, opening the lid...) When I do this, the OS is still working, but the screen doesn't wake back up (whether this is related to X running in the background or not, I don't know -- I never run without X). I can see this happening as follows. Log in as root on console 1. Suspend with zzz (I don't use suspend-with-lid). Resume by pressing the power button. [At this point the screen is blank.] Type reboot. Wait a little while and the machine will reboot. I appreciate that's not hugely useful, but it does mean that, if I want to test suspend/resume support ever so often, I don't have to fsck afterwards... Thanks for the tip, but unfortunatelly, it doesn't work in this case. The whole machine goes to sleep, so even the LED strip at the top, with F keys, is switched off, no way to switch to console. Apparently, this all works fine for people with Haswell and HD4000 GPU, but mine is an i7 Haswell with HD5000. (Fwiw, it does throw video driver errors when switching from X to console). --Bojan
groups new
0 C Egypt P Masr EL-Gdida T Cairo F irregular O Egypt OpenBSD Group I Hossam EL-Mansy M noobsia...@yahoo.com U N OpenBSD
WWAN Qualcomm Gobi 2000
Hi all Somebody uses Qualcomm Gobi 2000 OpenBSD? It works? -- /ssh
Re: Dual-NSD setup management
On 2015-05-26 Tue 11:39 AM |, Felipe Scarel wrote: after reading some documentation on the NSD manpage and online, it seems there's no support for views as offered with BIND. It can sort of be done via an unbound stub (proxy) to a different NSD served zone for internal hosts 5.5: http://marc.info/?l=openbsd-miscm=141113669300630 http://marc.info/?l=openbsd-miscm=141146791726116 Cheers. -- Q: What is the worst story Helen Keller ever read? A: A cheese grater.
Re: i217-LM not accepting dhcp offers
Does not work with static address either - although it answers it's own ping but does not communicate with other systems on the net, nor answer an arping. Booted up a live Fedora to test hardware and it works fine. On Tue, May 26, 2015 at 2:30 PM, Sonic sonicsm...@gmail.com wrote: Just installed the 5-25-15 snapshot on a Supermicro server with an X10SLL-F board. The board has two Ethernet ports, one i210-AT and one i217-LM. The i217-LM does not accept the offers from the DHCP server. I also was not prompted to set the up the i217-LM (em0) when installing the OS. The DHCP server (an OpenBSD -current box) logs a series of: DHCPDISCOVER from 00:25:90:47:9e:75 via em0 DHCPOFFER on 172.27.12.243 to 00:25:90:47:9e:75 via em0 Upgraded to a -current kernel, same issue (building userland now). dmesg: OpenBSD 5.7-current (GENERIC.MP) #0: Tue May 26 13:43:19 EDT 2015 r...@medusa.grizzly.bear:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17121247232 (16328MB) avail mem = 16598519808 (15829MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec170 (80 entries) bios0: vendor American Megatrends Inc. version 3.0 date 04/24/2015 bios0: Supermicro X10SLL-F acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT SSDT SSDT MCFG HPET SSDT SSDT SPMI acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP05(S4) GLAN(S4) EHC1(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz, 3600.52 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM ,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES, XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i3-4160 CPU @ 3.60GHz, 3600.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM ,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES, XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 1 (RP01) acpiprt5 at acpi0: bus 3 (RP02) acpiprt6 at acpi0: bus -1 (RP03) acpiprt7 at acpi0: bus -1 (RP05) acpiec0 at acpi0: not present acpicpu0 at acpi0: C1, PSS acpicpu1 at acpi0: C1, PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: FN00, resource for FAN0 acpipwrres4 at acpi0: FN01, resource for FAN1 acpipwrres5 at acpi0: FN02, resource for FAN2 acpipwrres6 at acpi0: FN03, resource for FAN3 acpipwrres7 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 105 degC acpitz1 at acpi0: critical temperature is 105 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: PWRB acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD1F ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 3600 MHz: speeds: 3600, 3400, 3200, 3000, 2900, 2700, 2500, 2300, 2100, 1900, 1700, 1500, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core 4G Host rev 0x06 xhci0 at pci0 dev 20 function 0 Intel 8 Series xHCI rev 0x05: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 Intel xHCI root hub rev 3.00/1.00 addr 1 em0 at pci0 dev 25 function 0 Intel I217-LM rev 0x05: msi, address 00:25:90:47:9e:75 ehci0 at pci0 dev 26 function 0 Intel 8 Series USB rev 0x05: apic 8 int 16 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 8 Series PCIE rev 0xd5: msi pci1 at ppb0 bus 1 ppb1
Re: simple maiserver fail (postfix dovecot)
thanks for skinner.
owing to you , i manage to send mail at remote PC ,
1) dynamic dns' mx problem
i set mx following http://www.mhserv.info/co5/mydns.php .
(sorry , real name is not a.mydns.jp , but a?.mydns.jp .)
so
# dig a.mydns.jp MX +short
10 a.mydns.jp.
# dig a.mydns.jp MX
---
; DiG 9.4.2-P2 a.mydns.jp MX
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 49333
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;a.mydns.jp. IN MX
;; ANSWER SECTION:
a.mydns.jp. 285 IN MX 10 a.mydns.jp.
;; Query time: 104 msec
;; SERVER: 192.168.100.254#53(192.168.100.254)
;; WHEN: Wed May 27 02:39:36 2015
;; MSG SIZE rcvd: 50
# host a.mydns.jp
---
a.mydns.jp has address 114.22.25.247
a.mydns.jp mail is handled by 10 a.mydns.jp.
2)
/etc/dnsmasq.conf
-
listen-address=192.168.11.1# Example IP
interface=bge0
dhcp-range=192.168.11.10,192.168.11.12,12h
bind-interfaces3)
Outbound port 25 Blocking problem
how to solve it
3-1)
/etc/pf.conf
-
ext_if=run0
int_if=bge0
tcp_services={ 22, 80, 143, 587 } #-
icmp_types=echoreq
set block-policy return
set loginterface $ext_if
set skip on lo
match out on $ext_if inet from ($int_if:network) to any nat-to ($ext_if:0)
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ( $ext_if:0 ) port
$tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
3-2)
follow http://vine.1-max.net/postfix-OP25B.html
namely
/etc/postfix/main.cf
myhostname = a.mydns.jp
mydomain = mydns.jp
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname localhost.$mydomain
home_mailbox = Maildir/
mynetworks = 192.168.100.0/24, 127.0.0.0/8
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/postfix
mail_owner = _postfix
inet_protocols = all
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/sbin/newaliases
mailq_path = /usr/local/sbin/mailq
setgid_group = _postdrop
html_directory = /usr/local/share/doc/postfix/html
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = /usr/local/share/doc/postfix/readme
# ---
relayhost = [smtp.gmobb.jp]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/isp_auth
smtp_sasl_security_options = noanonymous
#---
/etc/postfix/isp_auth
-
[smtp.gmobb.jp]:587 t?@ki.gmobb.jp:S
/etc/postfix/master.cf
--
smtp inet n - - - - smtpd
submission inet n - - - - smtpd #-
pickupunix n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr unix n - - 300 1 qmgr
tlsmgrunix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounceunix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verifyunix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scacheunix - - - - 1 scache
thanks again for OpenBSD fellow's support.
regards
tuyosi takesima
Re: Random PID implementation and security
Le 2015-05-26 00:10, Miod Vallat a écrit : It is not the responsibility of the operating system to protect its users against software which assumes using the pid as a random source is a bright and wise idea. Isn't this the whole goal of random PIDs, to put a defense at OS level protecting software against themselves when they make wrong assumption regarding the PID and use it for wrong purposes? A 16 bit PID is suppsed to provide true safety? Please. The problem is people who believe that shoving a 16 bit value into a deterministic function gets them somewhere.
Dual-NSD setup management
Hello all,
after reading some documentation on the NSD manpage and online, it
seems there's no support for views as offered with BIND. I've gathered
that the general suggestion is to run two separate instances (running
on 127.0.0.1, for example), and divert traffic from pf depending on
the connecting source-address.
I've successfully configured such a setup using two NSD servers,
listening on ports 53 and 8053, and using pf rdr-to and nat-to rules
to divert traffic. I tried to use divert-to instead, but for the life
of me I couldn't figure out why it wasn't working. This is what I'm
using right now:
pass in quick inet proto { tcp, udp } from { internal_networks } \
to any port domain rdr-to localhost port 53
pass out quick inet proto { tcp, udp } from { internal_networks } \
to any port domain nat-to self
pass in quick inet proto { tcp, udp } from any \
to any port domain rdr-to localhost port 8053
pass out quick inet proto { tcp, udp } from any \
to any port domain nat-to self
Management of this setup during boot is not so great, though. The
/etc/rc.d/nsd script more or less expects the configuration to reside
on /var/nsd/etc, so my best solution was to use nsd-control directly
from /etc/rc.local, which somewhat solves the problem (albeit not very
elegantly).
Perhaps someone has additional experiences to share on this kind of
setup. Is it possible to use divert-to on pf? What would be the
preferred method to manage two NSD daemons during boot?
Re: simple maiserver fail (postfix dovecot)
On 2015-05-24 Sun 22:19 PM |, Edgar Pettijohn III wrote: On May 24, 2015, at 9:36 PM, Tuyosi Takesima wrote: it is very sorry that in the previou setting , from outside(namely not intra-net) sylpheed can recieve mail but can not send mail to u...@a.mydns.jp . and more gmail can not send mail to u...@a.mydns.jp . The problem most likely is that there is no mx record for a.mydns.jp $ dig a.mydns.jp MX +short $ [nothing] $ host a.mydns.jp a.mydns.jp has address 210.197.74.203 a.mydns.jp has address 199.180.255.198 a.mydns.jp has address 107.191.111.61 a.mydns.jp has address 46.19.34.8 a.mydns.jp has address 103.11.143.116 a.mydns.jp has IPv6 address 2a02:2770::21a:4aff:fed5:6421 a.mydns.jp has IPv6 address 2001:df0:24f:21d::116 a.mydns.jp has IPv6 address 2604:180:2::d9db:60d a.mydns.jp has IPv6 address 2605:8900:3000:1001:a:0:4b:2 a.mydns.jp has IPv6 address 2001:278:1033:4::74:203 A record hosts not accepting SMTP access either (fall back when no MX record): $ fgrep mydns.jp /var/log/maillog May 26 14:13:57 teak postfix/smtp[24515]: connect to a.mydns.jp[103.11.143.116]:25: Operation timed out May 26 14:14:27 teak postfix/smtp[24515]: connect to a.mydns.jp[46.19.34.8]:25: Operation timed out May 26 14:14:57 teak postfix/smtp[24515]: connect to a.mydns.jp[107.191.111.61]:25: Operation timed out May 26 14:15:27 teak postfix/smtp[24515]: connect to a.mydns.jp[199.180.255.198]:25: Operation timed out May 26 14:15:57 teak postfix/smtp[24515]: connect to a.mydns.jp[210.197.74.203]:25: Operation timed out May 26 14:15:57 teak postfix/smtp[24515]: 3lwwhl29t3zNr: to=u...@a.mydns.jp, relay=none, delay=150, delays=0.23/0.07/150/0, dsn=4.4.1, status=deferred (connect to a.mydns.jp[210.197.74.203]:25: Operation timed out) See: http://www.mydns.jp/?MENU=030 This is very important procedure. Don't forget! RECORDS You have to set DOMAIN INFO. MX ... Mail Exchange, and prio. A ... hostname to IPv4 address.
Re: Router performance amd64 vs i386
..or, if it really is important for you, why not set up a test and benchmark it? I have no idea if or when amd64 would have surpassed i386 in performance, and if it is better how much better. But if this was an important topic worthy of the science, then by all means do test it on your particular hardware and present the results. I do tend to agree with the comments already posted so I won't repeat them, but if +/-5% is seriously interesting enough for people to keep remembering and asking for, then it surely would be worth making a small effort too, no? 2015-05-26 0:42 GMT+02:00 Bill Buhler b...@buhlerfamily.org: I'm preparing a new flash image for an Intel Atom dual core based router with 2gb of ram. I'm curious if there are current comments on the current performance of the two platforms? I know in the past the i386 was actually faster at things like PF, but that was several years ago. Thanks, Bill Buhler -- May the most significant bit of your life be positive.
Openbsd 5.7 and sendmail
I put OpenBSD 5.7 up, but because we make use of the SpamHaus I didn't want to move to smtpd. It was easy enough to put sendmail in but I found I could not rebuild my /etc/mail/access.db makemap did not like the To: prefix in the /etc/mail/access file. being somewhat slow to took me a couple of days to realize that there are now 2 makemap's /usr/libexec/smtpd/makemap and /usr/local/libexec/sendmail/makemap using the right one for sendmail fixed my problem.
Re: Openbsd 5.7 and sendmail
On Tue, 26 May 2015, Peter Fraser wrote: I put OpenBSD 5.7 up, but because we make use of the SpamHaus I didn't want to move to smtpd. It was easy enough to put sendmail in but I found I could not rebuild my /etc/mail/access.db makemap did not like the To: prefix in the /etc/mail/access file. being somewhat slow to took me a couple of days to realize that there are now 2 makemap's /usr/libexec/smtpd/makemap and /usr/local/libexec/sendmail/makemap using the right one for sendmail fixed my problem. You may need to edit your /etc/mailer.conf file. See the mailer.conf(5) man page and /usr/local/share/doc/pkg-readmes/sendmail-* -- John Merriam
