Re: Subadressing sieve
Dear Pascal, On Fri, Mar 12, 2021 at 10:52:15PM +0100, Pascal Huisman wrote: > I have sieve filtering setup threw lmtp to dovecot. Dovecot does the > filtering. It works. But for the subaddressing it doesn't. I think you might need to set 'rcpt-to' in smtpd.conf on the lmtpd line, otherwise the 'envelope' RCPT TO is your unix username, instead of the mail's envelope recipient. That said, you'll likely run into problems with extensions: many services reject + in the username part of a mail address. Petr -- id' Ash = Ash; id' Dust = Dust; id' _ = undefined
Re: Additional Chunks on RAID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 9 Mar 2021 16:37:00 -0700 Duncan Patton a Campbell wrote: > Howdy all? > > Does anyone know how to rebuild a raid1 with additional chunks? > ... that is without losing the "degraded" volume? > > Thanks, > > Dhu > So as it turns (inorout) the easiest way to accomplish this is to stick an additional disk into the system (no need for raids) and dump/restore. Which gives me the impression that the "metadata" for raids is not readily modifiable once created... All of this has been in an attempt to integrate softraid1 into my backup/recovery (like the man page sez not to do). The idea is to have a multi-disk raid1+1 (+1 on the shelf) as a regular backup... Dhu - -- Je suis Canadien. Ce n'est pas Francais ou Anglaise. C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-) -BEGIN PGP SIGNATURE- iQIcBAEBAgAGBQJgS/kfAAoJEI6Vun3D6YUPASsP/jxEotvzAQ3Zc6NqcTZUHqNw 2WN+J+D1aIM5KB7eJxgdARH6RFfwJxW3vczpje+TUs5H9BwTSlAm0gtywwkaw8KQ 5vsf0W5I2D8xr6uVjmEt4hemlANOS3VCXovgsKLjVoBbXDp5YsPDwqxEW3B+Yz0x GzJENRAQZ7ln7RW2IR43mPn2DxKBZhyEAQ2C4O84LovwMp+FAZrFdLDuHx7joDZE SNNdWJvOJocp+Rt14g5uJy/ubTm+KWdwmUlRfXUuymTWOWHvWRSTkUkp7P7M1Vqe 3faUMceE5GxJcLKZLlK5bwwX76JHBpNtchqKv9BqRUlHCB9v6Gi8+MOXTDf+p+Tf 9LaQ1oxA3Ur1XwnXDnkbE9yM+5tA/9ukUy67CtJlckEk0CQUuM1mY/YYw4azo2bX 4UWlILAdjo8Ns/lToAx1h+gpDnIVdwR3RmUDQhi3CGMUysCyi0TRsAt/bH77/4iG afQfyxN8SDY3i+767htzoFOykY5Ztjjap/tcFE+YWuv8+SslwqTlTmg4JE3KMMf2 VSOsjL6XF/ThU5Jq2MEMO8WI267N6j5lIjVB2dudBZq0TayUX7kj7H0njgzEcXHi hQDKkZhFXLkd/pdskjnp7v4wx8goImY3/zzTW1ri+Qo1xLaJzUCwAfr92npBIgdL AqUxgeTHrRdeRQsgXNv6 =69k5 -END PGP SIGNATURE-
Subadressing sieve
Dear list,
I have sieve filtering setup threw lmtp to dovecot. Dovecot does the
filtering. It works. But for the subaddressing it doesn't.
According to rfc5233 I have to: require "subaddress", which I have
done.
I have to use (explicit example):
# File mailing list messages (subscribed as "ken+mta-filters").
if envelope :detail "to" "mta-filters" {
fileinto "inbox.ietf-mta-filters";
}
I have:
# Catch the encrypted sent BCC message
if envelope :detail "to" "sent" {
# filter "gpgit.pl" "pascal";
fileinto "Sent";
stop;
}
I test by sending myself an email with the localpart pascal+sent.
What am I missing?
--
Met vriendelijke groet,
Pascal Huisman
Murphy's Law of Research:
Enough research will tend to support your theory.
Re: Intel wifi ipw showing up but not working
Hi,
Stefan Sperling wrote:
tecra$ netstat -W ipw0
ieee80211 on ipw0:
10 input management packets discarded
This one looks bad. I think it means the net80211 stack ends up ignoring
the AP's assoc response frame. I believe your situation is that the
firmware is in associated state, the driver itself sets media status to
'active' in response to the firmware signalling successful association,
but the net80211 stack has not participated in the association sequence so
no WPA handshake can happen. The incoming data packets indicate that the
AP is trying to initiate the WPA handshake but net80211 doesn't expect
such packets and doesn't respond.
At a high-level I understand, a mismatch between the driver status and
what net80211 expects.
The way the association sequence works in this driver is pretty weird...
Can you try this patch? Does it change anything?
diff dfcb0a350e790649cafe6bd5f9f4cf2319ce75fd /usr/src
blob - 20a9b617e6d7ae0e179370512376ce8142c96986
file + sys/dev/pci/if_ipw.c
--- sys/dev/pci/if_ipw.c
+++ sys/dev/pci/if_ipw.c
@@ -1781,6 +1781,12 @@ ipw_auth_and_assoc(void *arg1)
if (error != 0)
goto fail;
+ /*
+* net80211 won't see the AP's AUTH response. Move to ASSOC state
+* in order to make net80211 accept the AP's assoc response.
+*/
+ ic->ic_newstate(ic, IEEE80211_S_ASSOC, -1);
+
return;
fail:
printf("%s: association failed (error=%d)\n", sc->sc_dev.dv_xname,
I just tried your patch against 6.8 release sources, compiled... and
yay! ipw0 connects to WPA WiFi just fine! Thanks, I hope it will make it
in 6.9 :)
It took quite some time.. after one hour compiling with the fan
incredibly quiet. I remebered/discovered APM set my CPU frequency to
whopping 748 MHz.. "apm -A" fixed it quickly.
ipw0: flags=808843 mtu
1500
lladdr 00:0c:f1:1f:b2:a0
index 1 priority 4 llprio 3
groups: wlan egress
media: IEEE802.11 autoselect (DS11 mode 11b)
status: active
ieee80211: nwid westernesse-hl chan 5 bssid 78:b2:13:69:9e:91
-58dBm wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
inet 192.168.1.150 netmask 0xff00 broadcast 192.168.1.255
fxp0: flags=808843 mtu
1500
lladdr 00:a0:d1:d7:e5:66
index 2 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<>
ieee80211 on ipw0:
0 input packets with bad version
0 input packets too short
0 input packets from wrong bssid
0 input packet duplicates discarded
0 input packets with wrong direction
0 input multicast echo packets discarded
0 input packets from unassociated station discarded
0 input encrypted packets without wep/wpa config discarded
0 input unencrypted packets with wep/wpa config discarded
0 input wep/wpa packets processing failed
0 input packet decapsulations failed
0 input management packets discarded
0 input control packets discarded
0 input packets with truncated rate set
0 input packets with missing elements
0 input packets with elements too big
0 input packets with elements too small
0 input packets with invalid channel
0 input packets with mismatched channel
0 node allocations failed
0 input packets with mismatched ssid
0 input packets with unsupported auth algorithm
0 input authentications failed
0 input associations from wrong bssid
0 input associations without authentication
0 input associations with mismatched capabilities
0 input associations without matching rates
0 input associations with bad rsn ie
0 input deauthentication packets
0 input disassociation packets
0 input packets with unknown subtype
0 input packets failed for lack of mbufs
0 input decryptions failed on crc
0 input ahdemo management packets discarded
0 input packets with bad auth request
4 input eapol-key packets
0 input eapol-key packets with bad mic
0 input eapol-key packets replayed
0 input packets with bad tkip mic
0 input tkip mic failure notifications
0 input packets on unauthenticated port
0 output packets failed for lack of mbufs
0 output packets failed for no nodes
0 output packets of unknown management type
0 output packets on unauthenticated port
5 active scans started
0 passive scans started
0 nodes timed out
0 failures with no memory for crypto ctx
0 ccmp decryption errors
0 ccmp replayed frames
0 cmac icv errors
0 cmac replayed frames
0 tkip icv errors
0 tkip replays
0 pbac errors
0 HT negotiation failures because peer does not support MCS 0-7
0 HT negotiation
Re: Intel wifi ipw showing up but not working
On Fri, Mar 12, 2021 at 07:01:10PM +0100, Stefan Sperling wrote: > On Fri, Mar 12, 2021 at 06:37:30PM +0100, Riccardo Mottola wrote: > > Happy and bold, I tried WEP too... but it does not connect. > > It says interface is up (key is correct) but "nothing", dhclient doesn't get > > a link. > > > > Fearing WEP is broken, I got my other laptop, a ThinkPad with 6.8, where I > > have since long a small script. Launched it and works. Good. I copied over > > the script... so I am sure I do the things the same way, but it does not > > work. > > What is very strange is that if I first connect to the WPA network, then > > bring the interface down, kill dhclient, then run the WEP script, it works > > and really connects to WEP and gets a lease. > > That means there is another bug. I will try to find it. Could you show what 'netstat -W ipw0' looks like after an unsuccesful attempt of connecting to a WEP access point?
Re: Intel wifi ipw showing up but not working
On Fri, Mar 12, 2021 at 06:37:30PM +0100, Riccardo Mottola wrote:
> > diff dfcb0a350e790649cafe6bd5f9f4cf2319ce75fd /usr/src
> > blob - 20a9b617e6d7ae0e179370512376ce8142c96986
> > file + sys/dev/pci/if_ipw.c
> > --- sys/dev/pci/if_ipw.c
> > +++ sys/dev/pci/if_ipw.c
> > @@ -1781,6 +1781,12 @@ ipw_auth_and_assoc(void *arg1)
> > if (error != 0)
> > goto fail;
> > + /*
> > +* net80211 won't see the AP's AUTH response. Move to ASSOC state
> > +* in order to make net80211 accept the AP's assoc response.
> > +*/
> > + ic->ic_newstate(ic, IEEE80211_S_ASSOC, -1);
> > +
> > return;
> > fail:
> > printf("%s: association failed (error=%d)\n", sc->sc_dev.dv_xname,
> >
>
> I just tried your patch against 6.8 release sources, compiled... and yay!
> ipw0 connects to WPA WiFi just fine! Thanks, I hope it will make it in 6.9
> :)
Yes, thanks for testing! I have committed the patch.
> I did a test of sending 187MB over scp I getabout 500K/s, A little slow,
> even for 11b, I think. I'd expect more like 700, but anyway.
I don't think there is much that can be done about this.
I'd be glad that an 11b device is even usable. The presence of this device
will slow down any networks using the same channel so you might not make
a lot of friends while using this device on public wifi networks ;)
Some APs won't allow 11b clients for this reason.
> Happy and bold, I tried WEP too... but it does not connect.
> It says interface is up (key is correct) but "nothing", dhclient doesn't get
> a link.
>
> Fearing WEP is broken, I got my other laptop, a ThinkPad with 6.8, where I
> have since long a small script. Launched it and works. Good. I copied over
> the script... so I am sure I do the things the same way, but it does not
> work.
> What is very strange is that if I first connect to the WPA network, then
> bring the interface down, kill dhclient, then run the WEP script, it works
> and really connects to WEP and gets a lease.
That means there is another bug. I will try to find it.
Cheers,
Stefan
Re: Cannot get httpd block directives to work
Well, indeed shame on me
Putting more specifc rules just after first
"server" statements is a gamechanger.
Good lesson of proper and coscious
reading manuals and being more patient
rather than googling stuff and bothering people.
And yet another proof that if something
is not working in OpenBSD it is me and my typos.
Thank you
Tomasz
pt., 12 mar 2021 o 13:38 Shane Lazarus napisał(a):
>
> Heya
>
> A quick read of the man page shows that the rule is first match for
> location stanzas.
>
> So if you want the sub-dirs to not be read, place them above the root
> location in the conf file.
>
>
> Tested on 6.8:
> I get 403's for block stanza placed above root location stanza.
> I get files served when block stanza placed below root location stanza.
>
>
> Shane
>
> On Sat, Mar 13, 2021 at 12:49 AM T K wrote:
> >
> > Hi there,
> >
> > I am trying to block direct access to given subfolder of
> > simple php website hosted on OpenBSD 6.8 amd64.
> > Inside webroot folder there are some subfolders
> > containing html files I'd like to restrict for direct requests,
> > as they are intended for including to php scripts, not
> > direct viewing.
> >
> > What I want to achieve is to get 403 error while
> > requesting "http://10.0.1.222/FOLDER/file.html;.
> > This is say "development" server, accessible
> > through local lan, listening on IP given below.
> >
> > My very simple config looks like this:
> >
> > server "10.0.1.222" {
> > listen on 10.0.1.222 port 80
> > log style combined
> >
> > location "/*php*"{
> > root "/FOLDER"
> > fastcgi socket "/run/php-fpm.sock"
> > }
> >
> > directory {
> > index "index.php"
> > }
> >
> > location "/*" {
> > root "/FOLDER"
> > }
> >
> > location "/SUBFOLDER/*" {block}
> > }
> >
> > Above does not work as I'd expect.
> > Requesting "/SUBFOLDER" itself returns
> > 403 code but hitting proper html filename
> > gets suceeded with 200 code.
> > I tried many versions of shell globes
> > for "/SUBFOLDER/file" path but nothing changes
> > described behaviour. I do not know if tere is
> > problem in globe itself or in server config.
> > No idea what to do, so any help appreciated.
> >
> > Tomasz(equi)Krol
> >
gold linker on OpenBSD
Hello, is the gold linker available for OpenBSD i386? maybe as a package and I am not finding it? I have issues linking with the standard and bfd linkers, a suggestion was to use gold, which helps on e.g. FreeBSD. Riccardo
[www] typo year for OpenSSH 8.5 release
Hello, The date of OpenSSH 8.5 release on https://www.openssh.com/openbsd.html page is wrong. 2020 => 2021 Cheers, Alex
Re: gold linker on OpenBSD
On 2021-03-12, Riccardo Mottola wrote: > is the gold linker available for OpenBSD i386? No.
Re: Cannot get httpd block directives to work
Heya
A quick read of the man page shows that the rule is first match for
location stanzas.
So if you want the sub-dirs to not be read, place them above the root
location in the conf file.
Tested on 6.8:
I get 403's for block stanza placed above root location stanza.
I get files served when block stanza placed below root location stanza.
Shane
On Sat, Mar 13, 2021 at 12:49 AM T K wrote:
>
> Hi there,
>
> I am trying to block direct access to given subfolder of
> simple php website hosted on OpenBSD 6.8 amd64.
> Inside webroot folder there are some subfolders
> containing html files I'd like to restrict for direct requests,
> as they are intended for including to php scripts, not
> direct viewing.
>
> What I want to achieve is to get 403 error while
> requesting "http://10.0.1.222/FOLDER/file.html;.
> This is say "development" server, accessible
> through local lan, listening on IP given below.
>
> My very simple config looks like this:
>
> server "10.0.1.222" {
> listen on 10.0.1.222 port 80
> log style combined
>
> location "/*php*"{
> root "/FOLDER"
> fastcgi socket "/run/php-fpm.sock"
> }
>
> directory {
> index "index.php"
> }
>
> location "/*" {
> root "/FOLDER"
> }
>
> location "/SUBFOLDER/*" {block}
> }
>
> Above does not work as I'd expect.
> Requesting "/SUBFOLDER" itself returns
> 403 code but hitting proper html filename
> gets suceeded with 200 code.
> I tried many versions of shell globes
> for "/SUBFOLDER/file" path but nothing changes
> described behaviour. I do not know if tere is
> problem in globe itself or in server config.
> No idea what to do, so any help appreciated.
>
> Tomasz(equi)Krol
>
Cannot get httpd block directives to work
Hi there,
I am trying to block direct access to given subfolder of
simple php website hosted on OpenBSD 6.8 amd64.
Inside webroot folder there are some subfolders
containing html files I'd like to restrict for direct requests,
as they are intended for including to php scripts, not
direct viewing.
What I want to achieve is to get 403 error while
requesting "http://10.0.1.222/FOLDER/file.html;.
This is say "development" server, accessible
through local lan, listening on IP given below.
My very simple config looks like this:
server "10.0.1.222" {
listen on 10.0.1.222 port 80
log style combined
location "/*php*"{
root "/FOLDER"
fastcgi socket "/run/php-fpm.sock"
}
directory {
index "index.php"
}
location "/*" {
root "/FOLDER"
}
location "/SUBFOLDER/*" {block}
}
Above does not work as I'd expect.
Requesting "/SUBFOLDER" itself returns
403 code but hitting proper html filename
gets suceeded with 200 code.
I tried many versions of shell globes
for "/SUBFOLDER/file" path but nothing changes
described behaviour. I do not know if tere is
problem in globe itself or in server config.
No idea what to do, so any help appreciated.
Tomasz(equi)Krol
