Re: Testing changes in current using a liveCD
After realizing that FuguIta runs stable and not current like I thought (sorry for the noise) I decided to download a snapshot from an openbsd mirror and to install it in my Thinkpad T410. I indeed noticed an improvement in the CPU temperature issue: With 5.7 release after booting: hw.sensors.fan0=3283 RPM hw.sensors.temp0=43.00 degC hw.sensors.itherm0.power0=5.00 W With 5.8 Jun 18th snapshot idem: hw.sensors.fan0=1981 RPM hw.sensors.temp0=37.00 degC hw.sensors.itherm0.power0=4.00 W Even so there is no improvement in battery life. Two hours maximum. *** OFF TOPIC I had to change my email address to be able to post this message; the original address I'd subscribed to this mailing list was blacklisted without apparent reason. I asked for help sending a message to owner-majord...@openbsd.org as pointed at in the majordomo web interface (using this new address since the other is banned); no response. So I'll repeat here my suggestion to warn others about the issue: new users of openbsd mailing lists should be aware about the long delays they'll experience because of the spamd greylist settings, and, honestly, the postmaster should consider if spam is really more annoying than suffering this greylisting measure. Walter
Re: Testing changes in current using a liveCD
On Sun, Jun 21, 2015 at 05:24:35PM -0400, Peter Pauly wrote: A twenty percent power reduction is no improvement? You have high expectations. I know that my English is horrible :-) but what do you read below? On Sun, Jun 21, 2015 at 5:13 PM, Walter Alejandro Iglesias roque...@gmail.com wrote: I indeed noticed an improvement in the CPU temperature issue: I ignore why (I'm not an engineer) the battery life didn't reflected that improvement. That's what I meant. Walter -- PLEASE, LET'S PRESERVE GOOD EMAIL PRACTICES - Use plain text (no HTML please). - Separate paragraphs with empty lines. - Use hard wrapped lines at no more than 72 columns. - Avoid top-posting. - You'll find the above easy to accomplish by using a decent email client (i.e. Thunderbird, Claws mail, Mutt).
Testing changes in current using a liveCD
Hello, I'd appreciate someone tell me if I'm doing something wrong. I want to test the latest ACPI changes in two Thinkpad I own (T410 and x201). I assume: 1. To test current I can just use the latest snapshot. 2. FuguIta LiveCD is regularly updated to the latest snapshot. In case I'm not wrong about some of those two assumptions. I tested my T410 and x201 with 5.7 release and June 17th 2015 snapshot without noticing any differences. I took in care the values showed by hw.sensors and apm, for example with both (release and snapshot) in x201 the values are arround: hw.sensors.fan0=3283 RPM hw.sensors.temp0=43.00 degC hw.sensors.itherm0.power0=5.00 W Please tell me if I'm wrong in any step. Walter -- PLEASE, LET'S PRESERVE GOOD EMAIL PRACTICES - Use plain text (no HTML please). - Separate paragraphs with empty lines. - Use hard wrapped lines at no more than 72 columns. - Avoid top-posting. - You'll find the above easy to accomplish by using a decent email client (i.e. Thunderbird, Claws mail, Mutt).
Testing USB webcam with mplayer
I've noticed a mplayer's issue on OpenBSD. With different desktop machines and usb webcams I've successfully tested the webcam with the command: $ mplayer tv:// But in all cases, when you press 'q' mplayer hangs for some seconds before quitting. Any idea of why this happens? Walter -- PLEASE, LET'S PRESERVE GOOD EMAIL PRACTICES - Use plain text (no HTML please). - Separate paragraphs with empty lines. - Use hard wrapped lines at no more than 72 columns. - Avoid top-posting. - You'll find the above easy to accomplish by using a decent email client (i.e. Thunderbird, Claws mail, Mutt).
comsat-biff issue
Hello, After running: # cp /etc/example/inetd.conf /etc/ # /etc/rc.d/inetd -f start $ biff y $ echo Hello | mail -s 'testing biff' `whoami` Biff should print its message and beep in login shells. But nothing happens. Now I have installed: OpenBSD 5.8-beta (GENERIC.MP) #1116: Wed Jul 1 12:50:20 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP With 5.7 amd64 release and older amd64 snapshots it didn't work either. However it works ok in FuguIta (i386). Walter -- PLEASE, LET'S PRESERVE GOOD EMAIL PRACTICES - Use plain text (no HTML please). - Separate paragraphs with empty lines. - Use hard wrapped lines at no more than 72 columns. - Avoid top-posting. - You'll find the above easy to accomplish by using a decent email client (i.e. Thunderbird, Claws mail, Mutt).
Re: CPU power consumption on thinkpad x201
On Wed, May 20, 2015 at 08:56:57PM -0600, Shaun Reiger wrote: Hello I'm trying to find out if the power consumption relating to the intel_powerclamp driver (Package Level C-state Idle Injection for Intel CPUs) was ever fixed. I'm current running 5.7 stable and I find my cpu is still consuming 6W of power in any state. It was mentioned in the emails from last year that a Linux driver fixed this issue. Any updates on this issue would be great. I had running OpenBSD in my Thinkpad T410 for some months suffering this issue. In the while I made tests with a Linux liveCD with 3.8 kernel. With intensive CPU usage, i.e. running mplayer without interruption, the battery life (9 cell) was the same in both OSs, exactly two hours. But with light CPU usage (i.e. editing files with vi) OpenBSD still died after two hours but with Linux I got around three and a half. The 3.8 kernel hadn't the intel_powerclamp module. Unfortunately I had to reinstall Linux. Now running 3.10.17 with intel_powerclamp module I get an average of three and a half hours of battery life. So it seems that it isn't the intel_powerclamp module what make the difference, at least in T410 model. Walter -- PLEASE, LET'S PRESERVE GOOD EMAIL PRACTICES - Use plain text (no HTML please). - Separate paragraphs with empty lines. - Use hard wrapped lines at no more than 72 columns. - Avoid top-posting. - You'll find the above easy to accomplish by using a decent email client (i.e. Thunderbird, Claws mail, Mutt).
Re: comsat-biff issue
Hello Todd, On Mon, Jul 06, 2015 at 06:37:24AM -0600, Todd C. Miller wrote: Is your mail being delivered to /var/mail/yourname or do you have a .forward file? The comsat daemon is notified by mail.local which delivers mail to the local mail spool. If you have a .forward file, mail.local is not used and you won't get a biff notification. Till you mentioned about it I've ignored the existence of /usr/libexec/mail.local. :-) I'm a new to OpenBSD. Is it some kind of procmail's alike functionality? My configuration is almost the after-install defaults. There's just a /root/.forward created at install time pointing to my user. I thought about it, I tried removing that .forward file and removing aliases I'd added later and logged in *only* root user I sent email from root to root to find out if some variable set in my ~/.kshrc or ~/.profile could be interfering. I tried modifying the comsat line in inetd.conf, using just udp4, removing the ip limit prefix, etc. I've tried installing procmail (telling smtpd to use it). I did some tests stopping /etc/rc.d/inetd and running inetd -d form the command line. With the default inetd.conf, after sending a mail to myself: # inetd -d ADD: 127.0.0.1:comsat proto=udp, wait.max=1.256 user:group=root:wheel builtin=0 server=/usr/libexec/comsat ADD: ::1:comsat proto=udp6, wait.max=1.256 user:group=root:wheel builtin=0 server=/usr/libexec/comsat ADD: daytime proto=tcp, wait.max=0.256 user:group=root:wheel builtin=1959e0e08630 server=internal ADD: daytime proto=tcp6, wait.max=0.256 user:group=root:wheel builtin=1959e0e08630 server=internal someone wants comsat 14937 execv /usr/libexec/comsat The last two lines appeared right after sending the email. I understand (in my ignorance) that means inetd *receives* the notification (from mail.local?). And the following is what netstat shows: # netstat -a -p udp Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp 0 0 localhost.biff *.* udp 0 0 *.syslog *.* Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp6 0 0 localhost.biff *.* udp6 0 0 *.syslog *.* And that's all that came to my mind (I've tried also opening and closing my living room's window several times :-)). I know biff isn't a big concern but I insisted because I thought it could be a symptom of some other more important issue. - todd Walter -- PLEASE, LET'S PRESERVE GOOD EMAIL PRACTICES - Use plain text (no HTML please). - Separate paragraphs with empty lines. - Use hard wrapped lines at no more than 72 columns. - Avoid top-posting. - You'll find the above easy to accomplish by using a decent email client (i.e. Thunderbird, Claws mail, Mutt).
Thinkpad Batteries
About Thinkpad's batteries. A bit off-topic being a hardware specific question but taking in care several people here say to use Thinkpads (and the cost of their batteries) I think it'll be useful for everyone to share our experience. My experience with these laptops is short, I bought a refurbished x201 in Jan 2014 and a T420, second hand too, in Sep 2014. The first came with a *new* 9-cell lenovo original battery that lasts almost 6 hours long as who sold me had promised me. I received the T420 with a used 6-cell lenovo original battery that gave me barely 2 hours. I presumed it'd give me 6 like the x201 with a 9-cell one, so I bought through ebay a *supposed* lenovo original new 9-cell battery that suddenly *died* after 15 days of use :-). The vendor refunded me the money so the second time I bought some of those *trade-less* 9-cell ones you find in ebay. That's the one I have in use since Dec 2014. Initially it lasted ~4.5 hours, but now, after 7 months of use, it lasts no longer than 2 hours. As I told you my experience with these laptops (and laptops in general) is short so I don't know if I wasn't lucky or those in forums that assure these batteries can give *15 hours* did the test in suspended to RAM state :-). Did some of you get 15 hours from some of these batteries? If that's true, what tech specs should I take in care at time to buy a new one? Walter -- PLEASE, LET'S PRESERVE GOOD EMAIL PRACTICES - Use plain text (no HTML please). - Separate paragraphs with empty lines. - Use hard wrapped lines at no more than 72 columns. - Avoid top-posting. - You'll find the above easy to accomplish by using a decent email client (i.e. Thunderbird, Claws mail, Mutt).
Re: Thinkpad Batteries
On Mon, Jul 13, 2015 at 04:56:33PM +0200, Walter Alejandro Iglesias wrote: I bought a refurbished x201 in Jan 2014 and a T420... Sorry, I'm getting old and idiot. The laptop isn't a T420, it's a T410. Walter
Re: Thinkpad Batteries
This doesn't directly apply to OpenBSD, but it gives you an idea of the complexity: https://wiki.freebsd.org/TuningPowerConsumption Good info. Thanks, Walter
Re: comsat-biff issue
Upgraded to latest snapshot and Biff is alive and barking again ;-). Thanks Todd. Walter
Re: Low brightness in text console
Another option (using current): Section "Module" Load"dri2" Load"glamoregl" EndSection Section "Device" Identifier "Card0" Driver "intel" BusID "PCI:0:2:0" Option "AccelMethod" "glamor" EndSection There are some Linux forums where people complain about experiencing screen brightness issues using intel SNA acceleration. Some of them got them fixed by setting the "Backlight" option to the correct value as explained in the intel(4) man page: Option "Backlight" "string" Override the probed backlight control interface. Sometimes the automatically selected backlight interface may not correspond to the correct, or simply most useful, interface available on the system. This allows you to override that choice by specifying the entry under /sys/class/backlight to use. You won't find /sys/class/backlight in OpenBSD. And setting the value to "intel_backlight" as explained in some Linux wikis won't work since in openbsd the interface seems to be wscons: $ grep backlight /var/log/Xorg.0.log [ 34783.393] (--) intel(0): found backlight control interface wscons If after exiting X you run: $ wsconsctl display.brightness It'll return a value that doesn't correspond with the actual (very low) brightness. The wscons stored brightness value isn't reset but right after you press the Fn+brightness keys. I deduce SNA driver doesn't pass wscons the brightness control properly. Let's hope some expert here tell us why. :-) Walter
Re: Can't change screen brightness Acer Aspire ES1-411
Does this workaround work for you? http://marc.info/?l=openbsd-misc=146520183827302=2 http://marc.info/?l=openbsd-misc=146523968007324=2 If it does then it's related to this bug: http://marc.info/?l=openbsd-bugs=146451346724515 (I'm just an user, not a developer)
mailx umask
Some security concern Wouldn't be better mailx to use umask 077 to save mbox files by default as Mutt does (or to provide ~/.mailrc variable)?
Some shell scripts I've wrote
Hello, Not what you asked for, but taking in care some people here complain about not having a "desktop wireless connection app" as they got used by the popular OSs, I'll share (shamelessly) what I improvised to solve my specific needs with the aim to encourage others to write their own solutions. In my case, since I prefer to use ethernet cables and static IP addresses for all machines in my home LAN, I wrote the following shell scripts to connect my laptop in those occasions I'm out, in a bar or a restaurant. They are also intended to be useful individually; if at some place I have an ethernet cable available, I directly run the second one (dhcp-connect.sh) to establish a provisional dhcp connection, then (optionally) when I shutdown the machine before living the place, the third one (reset-LAN.sh) restores the LAN version of /etc/hosts and /etc/resolv.conf so I don't need to bother about reseting them manually when I'm back home. I'm new to openbsd, it surely offers simpler ways to accomplish the same tasks that I still ignore (advices welcome). = #!/bin/sh # ~/bin/wifi.sh - occasional wireless connection in OpenBSD [ "`whoami`" != "root" ] && { echo "You must be root"; exit 1; } # PUT YOUR NORMAL USER HERE user=morlock # IMPORTANT: if you don't use dhcp in your home LAN save a copy of your # LAN version of /etc/resolv.conf and /etc/hosts to this directory. backdir=/home/$user/.wifi [ ! -d $backdir ] && mkdir $backdir rec=$backdir/stored [ ! -e $rec ] && { touch $rec chmod 600 $rec chown $user:$user $rec } tmp=/tmp/wifi-`date +%H%M%S` # FUNCTIONS cancel() { ifconfig $int -inet -inet6 -nwid -bssid -wpakey -nwkey ifconfig $int down [ -f $tmp ] && rm $tmp [ -f $stored_tmp ] && rm $stored_tmp exit 1 } get_password() { if grep -i $bssid $rec; then echo -n "Use the above \"$nwid\" stored password? [Y/n] " read answer if [ "$answer" != "n" ]; then password=`grep -i $bssid $rec | awk '{ print $2 }'` else printf "$nwid $enc $message: " read password fi else printf "$nwid $enc $message: " read password fi } # SELECT WIRELESS INTERFACE interfaces="`ifconfig wlan | awk -F: '/^[^\t]/ { print $1 }' | xargs`" if [ ! "$interfaces" ]; then echo "No wireless interfaces found." 1>&2 exit 1 elif [ `echo "$interfaces" | wc -w | xargs` -gt 1 ]; then echo $interfaces int=none until echo $interfaces | grep -q $int; do echo -n "Interface? " read int done else int=$interfaces fi trap cancel INT ifconfig $int up ifconfig $int -inet -inet6 -nwid -bssid -wpakey -nwkey # SCAN AND CHOOSE AN ACCESS POINT echo 'Scanning on '$int'...' ifconfig $int scan | awk -F'\t' '/\tnwid/ { print $3 }' | nl -s') ' > $tmp if [ `awk 'END { print NR }' $tmp` -eq 0 ]; then echo "No access points found." cancel elif [ `awk 'END { print NR }' $tmp` -gt 1 ]; then sed 's/\(.*\) nwid \(.*\) chan .*/\1 \2/' $tmp ap=0 until egrep -q "^ *$ap\) nwid" $tmp ; do echo -n "number? " read ap done else ap=`awk -F\) '{ print $1 }' $tmp | sed 's/ *//'` fi # GET AP DATA bssid=`egrep '^ +'$ap')' $tmp | egrep -o '(..:){5}..' | tr "[a-f]" "[A-F]"` nwid=`grep -i $bssid $tmp | sed 's/.* nwid \(.*\) chan .*/\1/' | sed 's/"//g'` enc=`grep -i $bssid $tmp | awk -F, '{ print $NF }'` case $enc in wep) key=nwkey message="key (for HEX prefix 0x)" get_password ;; wpa*) key=wpakey message="passphrase" get_password ;; *) key='-wpakey -nwkey' password='' ;; esac # SET UP INTERFACE ifconfig $int nwid "$nwid" $key $password || cancel # CONNECTION ATTEMPT /home/$user/bin/dhcp-connect.sh $int || cancel # STORE PASSWORD [ "$password" != "" ] && { sed -i "/$bssid/d" $rec echo -e "$bssid\t$password" > > $rec } # End of wifi.sh === #!/bin/sh # ~/bin/dhcp-connect.sh # Connect using dhcp and set hostname (OpenBSD version) [ "`whoami`" != "root" ] && { echo "You must be root"; exit 1; } # PUT YOUR NORMAL USER HERE user=morlock # IMPORTANT: if you don't use dhcp in your home LAN save a copy of your # LAN version of /etc/resolv.conf and /etc/hosts to this directory. backdir=/home/$user/.wifi int=$1 [ "$int" ] || { echo "Usage: `basename $0` " exit 1 } clean_start() { for i in `ps xw | grep dhclient | grep $int | \ awk '{ print $1 }'` do [ $i ] && kill $i done } cancel() { clean_start [ -f $backdir/hosts ]
Re: Some shell scripts I've wrote
Sorry! I have an entry in vimrc for my mail that replaces '>>' for '> >'. That screwed the code, it was a bad idea. Here the corrected code: = #!/bin/sh # ~/bin/wifi.sh - occasional wireless connection in OpenBSD [ "`whoami`" != "root" ] && { echo "You must be root"; exit 1; } # PUT YOUR NORMAL USER HERE user=morlock # IMPORTANT: if you don't use dhcp in your home LAN save a copy of your # LAN version of /etc/resolv.conf and /etc/hosts to this directory. backdir=/home/$user/.wifi [ ! -d $backdir ] && mkdir $backdir rec=$backdir/stored [ ! -e $rec ] && { touch $rec chmod 600 $rec chown $user:$user $rec } tmp=/tmp/wifi-`date +%H%M%S` # FUNCTIONS cancel() { ifconfig $int -inet -inet6 -nwid -bssid -wpakey -nwkey ifconfig $int down [ -f $tmp ] && rm $tmp [ -f $stored_tmp ] && rm $stored_tmp exit 1 } get_password() { if grep -i $bssid $rec; then echo -n "Use the above \"$nwid\" stored password? [Y/n] " read answer if [ "$answer" != "n" ]; then password=`grep -i $bssid $rec | awk '{ print $2 }'` else printf "$nwid $enc $message: " read password fi else printf "$nwid $enc $message: " read password fi } # SELECT WIRELESS INTERFACE interfaces="`ifconfig wlan | awk -F: '/^[^\t]/ { print $1 }' | xargs`" if [ ! "$interfaces" ]; then echo "No wireless interfaces found." 1>&2 exit 1 elif [ `echo "$interfaces" | wc -w | xargs` -gt 1 ]; then echo $interfaces int=none until echo $interfaces | grep -q $int; do echo -n "Interface? " read int done else int=$interfaces fi trap cancel INT ifconfig $int up ifconfig $int -inet -inet6 -nwid -bssid -wpakey -nwkey # SCAN AND CHOOSE AN ACCESS POINT echo 'Scanning on '$int'...' ifconfig $int scan | awk -F'\t' '/\tnwid/ { print $3 }' | nl -s') ' > $tmp if [ `awk 'END { print NR }' $tmp` -eq 0 ]; then echo "No access points found." cancel elif [ `awk 'END { print NR }' $tmp` -gt 1 ]; then sed 's/\(.*\) nwid \(.*\) chan .*/\1 \2/' $tmp ap=0 until egrep -q "^ *$ap\) nwid" $tmp ; do echo -n "number? " read ap done else ap=`awk -F\) '{ print $1 }' $tmp | sed 's/ *//'` fi # GET AP DATA bssid=`egrep '^ +'$ap')' $tmp | egrep -o '(..:){5}..' | tr "[a-f]" "[A-F]"` nwid=`grep -i $bssid $tmp | sed 's/.* nwid \(.*\) chan .*/\1/' | sed 's/"//g'` enc=`grep -i $bssid $tmp | awk -F, '{ print $NF }'` case $enc in wep) key=nwkey message="key (for HEX prefix 0x)" get_password ;; wpa*) key=wpakey message="passphrase" get_password ;; *) key='-wpakey -nwkey' password='' ;; esac # SET UP INTERFACE ifconfig $int nwid "$nwid" $key $password || cancel # CONNECTION ATTEMPT /home/$user/bin/dhcp-connect.sh $int || cancel # STORE PASSWORD [ "$password" != "" ] && { sed -i "/$bssid/d" $rec echo -e "$bssid\t$password" >> $rec } # End of wifi.sh === #!/bin/sh # ~/bin/dhcp-connect.sh # Connect using dhcp and set hostname (OpenBSD version) [ "`whoami`" != "root" ] && { echo "You must be root"; exit 1; } # PUT YOUR NORMAL USER HERE user=morlock # IMPORTANT: if you don't use dhcp in your home LAN save a copy of your # LAN version of /etc/resolv.conf and /etc/hosts to this directory. backdir=/home/$user/.wifi int=$1 [ "$int" ] || { echo "Usage: `basename $0` " exit 1 } clean_start() { for i in `ps xw | grep dhclient | grep $int | \ awk '{ print $1 }'` do [ $i ] && kill $i done } cancel() { clean_start [ -f $backdir/hosts ] && /home/$user/bin/reset-LAN.sh exit 1 } reset_LAN_at_shutdown() { [ ! -e /etc/rc.shutdown ] && { echo "# /etc/rc.shutdown" > /etc/rc.shutdown chmod 600 /etc/rc.shutdown } grep -q "# Reset LAN" /etc/rc.shutdown 2>/dev/null || { echo >>/etc/rc.shutdown echo '# Reset LAN' >>/etc/rc.shutdown echo -n "[ -x /home/$user/bin/reset-LAN.sh ] && " \ >>/etc/rc.shutdown echo "/home/$user/bin/reset-LAN.sh" >>/etc/rc.shutdown } } dhclientConf() { grep -q "send host-name \"`hostname`\"" \ /etc/dhclient.conf 2>/dev/null || echo "send host-name \"`hostname`\";" \ >>/etc/dhclient.conf } clean_start trap cancel INT # Comment this if you think you don't need it dhclientConf # Attempt a connection
Re: X "si" keyboard layout changes in recent snapshots
Just guessing. I've noticed this bug: http://marc.info/?l=openbsd-bugs=146505858532099=2 disappeared after Aug 7 xkbcomp update. Probably what you're experiencing is a side effect of that changes.
Re: splassert: yield message on 5 Feb snapshot (amd64)
Stefan Wollny wrote: > at least with > > $ dmesg | grep Open > OpenBSD 6.0-current (GENERIC.MP) #166: Wed Feb 8 19:15:03 MST 2017 > > the issue still persists. The patch that solve the issue (at least in my machine) was committed today: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_table.c.diff?r1=1.123=1.124
fmt replaces utf8 spaces for ascii ones
Hello, Probably Ingo will know about this. fmt, when using utf8 locale, replaces utf8 spaces for ascii ones (I use utf8 spaces in html to get web browsers render doble space at the end of a sentence). This doesn't happen with LC_CTYPE=C. Is this feature or a bug?
http 408 messages in httpd logs
Starting from Feb 11 my httpd logs are filled with 408 messages: roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET / HTTP/1.1" 200 2535 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/styles.css HTTP/1.1" 200 282 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/img/home-novelas.png HTTP/1.1" 200 1812 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/img/home-comic.png HTTP/1.1" 200 2779 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/img/at.png HTTP/1.1" 200 324 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/img/home-devel.png HTTP/1.1" 200 4111 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/img/home-articles.png HTTP/1.1" 200 5835 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/img/home-about.jpg HTTP/1.1" 200 22211 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET /en/img/home-social.png HTTP/1.1" 200 2782 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:49:32 +0100] " " 408 0 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:49:32 +0100] " " 408 0 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:49:32 +0100] " " 408 0 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:49:32 +0100] " " 408 0 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:49:32 +0100] " " 408 0 roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:49:32 +0100] " " 408 0 This affects my main site only (I have other several virtual sites hosted in that machine), the only one using ssl on 443 port. As the example shows, some of them come right before a same source IP successful connection. In fact, the hidden ip above is me browsing my web site from another location. Besides, I didn't notice any delay, the pages are loaded as fast as before the messages started to appear. Increasing the request time out (in /etc/httpd.conf): connection request timeout 120 seems (not sure) to reduce a bit the number of messages. What intrigues me (and the reason I'm mentioning this here) is before Feb 11th, the date the first appeared, there is none, passed that date *all* requests generate that message. I follow -current and upgrade snapshots regularly. Could be some change in the system the cause?
Re: http 408 messages in httpd logs
On Tue, Feb 14, 2017 at 11:34:02AM -0800, Reyk Floeter wrote: > Yes, this is possible. Could you send me some more > details including config? I just sent another message with the whole logs that didn't reach misc@, too heavy :-). Here you go a simplified version: OpenBSD 6.0-current (GENERIC.MP) #169: Mon Feb 13 17:44:12 MST 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP # /etc/pf.conf table { 0.0.0.0/8 10.0.0.0/8 127.0.0.1/8 169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 192.88.99.0/24 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 } table persist file "/etc/port22" table persist file "/etc/port25" set block-policy drop set skip on lo0 match in all scrub (no-df random-id max-mss 1440) antispoof log quick for egress pass out quick all pass in quick from { 192.168.1.1 192.168.1.102 192.168.1.103 } allow-opts block quick inet proto udp from any to port \ { bootps bootpc netbios-ns netbios-dgm } block in log quick inet proto tcp from to port ssh block in log quick inet proto tcp from to port smtp block in log quick from { urpf-failed no-route } pass in quick proto tcp to port { http https smtp smtps pop3s ssh } pass in quick inet proto icmp all icmp-type 8 code 0 block in log all # /etc/httpd.conf ext_addr="em0" r_timeout="300" types { include "/usr/share/misc/mime.types" } server "roquesor.com" { listen on $ext_addr port 80 connection request timeout $r_timeout alias "www.roquesor.com" alias "es.roquesor.com" block return 301 "https://$SERVER_NAME$REQUEST_URI; location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } log { access "roquesor.com-access.log" error "roquesor.com-error.log" } root "/htdocs/roquesor.com" } server "en.roquesor.com" { listen on $ext_addr port 80 connection request timeout $r_timeout block return 301 "https://$SERVER_NAME$REQUEST_URI; location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } log { access "roquesor.com-access.log" error "roquesor.com-error.log" } root "/htdocs/roquesor.com/en" } server "roquesor.com" { listen on $ext_addr tls port 443 connection request timeout $r_timeout alias "www.roquesor.com" alias "es.roquesor.com" tls certificate "/etc/ssl/server.crt" tls key "/etc/ssl/private/server.key" location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } log { access "roquesor.com-SSL-access.log" error "roquesor.com-SSL-error.log" } root "/htdocs/roquesor.com" } server "en.roquesor.com" { listen on $ext_addr tls port 443 connection request timeout $r_timeout tls certificate "/etc/ssl/server.crt" tls key "/etc/ssl/private/server.key" location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } log { access "roquesor.com-SSL-access.log" error "roquesor.com-SSL-error.log" } root "/htdocs/roquesor.com/en" } $ cat /var/www/logs/roquesor.com-access.log | sed -E 's/([^ ] )([0-9]{1,3})\.(.*)/\1xxx.\3/' Feb 12 00:00:01 server newsyslog[54883]: logfile turned over roquesor.com xxx.249.75.40 - - [12/Feb/2017:00:03:02 +0100] " " 408 0 roquesor.com xxx.249.75.136 - - [12/Feb/2017:00:06:51 +0100] " " 408 0 roquesor.com xxx.249.75.58 - - [12/Feb/2017:00:10:18 +0100] " " 408 0 roquesor.com xxx.249.69.221 - - [12/Feb/2017:00:12:57 +0100] " " 408 0 roquesor.com xxx.249.75.47 - - [12/Feb/2017:00:13:01 +0100] " " 408 0 roquesor.com xxx.249.75.40 - - [12/Feb/2017:00:13:14 +0100] " " 408 0 roquesor.com xxx.249.69.233 - - [12/Feb/2017:00:15:23 +0100] " " 408 0 roquesor.com xxx.249.75.47 - - [12/Feb/2017:00:16:41 +0100] " " 408 0 www.roquesor.com xxx.180.228.163 - - [12/Feb/2017:00:18:04 +0100] "GET /robots.txt HTTP/1.1" 200 36 www.roquesor.com xxx.180.228.163 - - [12/Feb/2017:00:18:05 +0100] "GET /novelas.html HTTP/1.1" 200 1542 roquesor.com xxx.180.228.163 - - [12/Feb/2017:00:19:06 +0100] " " 408 0 roquesor.com xxx.249.75.47 - - [12/Feb/2017:00:19:53 +0100] " " 408 0 roquesor.com xxx.249.75.56 - - [12/Feb/2017:00:22:44 +0100] " " 408 0 roquesor.com xxx.249.69.183 - - [12/Feb/2017:00:23:08 +0100] " " 408 0 roquesor.com xxx.125.88.204 - - [12/Feb/2017:00:25:27 +0100] " " 408 0 roquesor.com xxx.249.75.43 - - [12/Feb/2017:00:25:56 +0100] " " 408 0 roquesor.com xxx.249.75.148 - - [12/Feb/2017:00:28:18 +0100] " " 408 0 roquesor.com xxx.249.69.183 - - [12/Feb/2017:00:28:21 +0100] " " 408 0
Re: http 408 messages in httpd logs
On Tue, Feb 14, 2017 at 02:34:24PM -0500, trondd wrote: > On Tue, February 14, 2017 2:27 pm, trondd wrote: > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/server.c.diff?r1=1.106=1.107=h > > > > Unfortunately the commit message is not helpful here. > > > > Ah hah. I knew it'd be somewhere: > http://marc.info/?l=openbsd-cvs=148647072802851=2 > > I'd guess that the web browser was previously closing these connection > long before the server was timing out. > Trondd, big champ! :-)
Re: fmt replaces utf8 spaces for ascii ones
After investigating a bit I realized that what I called utf8 space is a 'nobreakspace' so it's ok fmt to replace them for ascii ones. I made a stupid question. Sorry!
Re: fmt replaces utf8 spaces for ascii ones
On Sun, Feb 12, 2017 at 10:21:11PM -0800, Eric Pruitt wrote: > Unfortunately I do not have access to an OpenBSD machine to verify > whether or not its fmt does the correct thing. By the way, if you try your example in openbsd take in care obsd printf won't recognize \u00a0. Use '\xc2\xa0' instead. I was trying your example in a linux machine obtaining your same results. But I did it mostly because I was curious about the other difference: the GNU version inserts the new line 'in' the number assigned by -w, giving you in this case a 19 wide line as result. The obsd version breaks the line in the following character giving you a 20 chars wide line. Back to the original topic. What made me hesitate if 'feature' or 'bug' was the man page. The following two paragraphs made me think converting all spaces to ascii could be desired as a practical solution: fmt is meant to format mail messages prior to sending, but may also be useful for other simple tasks... The program was designed to be simple and fast – for more complex operations, the standard text processors are likely to be more appropriate.
Re: fmt replaces utf8 spaces for ascii ones
On Sun, Feb 12, 2017 at 10:21:11PM -0800, Eric Pruitt wrote: > On Sun, Feb 12, 2017 at 09:21:37PM +0100, Walter Alejandro Iglesias wrote: > > After investigating a bit I realized that what I called utf8 space is a > > 'nobreakspace' so it's ok fmt to replace them for ascii ones. I made a > > stupid question. Sorry! > > If that's the behavior you see, I think _that_ is a bug: the reason > non-breaking spaces exist is so programs do not separate words at that > character (https://en.wikipedia.org/wiki/Non-breaking_space). GNU fmt > respects non-breaking spaces and handles them accordingly: > > ~$ fmt --version | head -n1 > fmt (GNU coreutils) 8.25 > ~$ printf " XXX\u00a0XXX XXX" | fmt -w 20 > > XXX XXX > XXX > ~$ printf " XXX XXX XXX" | fmt -w 20 > > XXX > XXX XXX > > Unfortunately I do not have access to an OpenBSD machine to verify > whether or not its fmt does the correct thing. > > Eric OpenBSD 6.0-current (GENERIC.MP) #0: Sat Feb 11 09:48:19 CET 2017 morl...@server.roquesor.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP $ printf " XXX\u00a0XXX XXX" | LC_CTYPE=en_US.UTF-8 fmt -w 20 XXX XXX XXX $ printf " XXX XXX XXX" | LC_CTYPE=en_US.UTF-8 fmt -w 20 XXX XXX XXX $ printf " XXX\u00a0XXX XXX" | LC_CTYPE=C fmt -w 20 XXX XXX XXX $ printf " XXX XXX XXX" | LC_CTYPE=C fmt -w 20 XXX XXX XXX Thanks Eric.
groff issue
I'm posting this here instead of asking directly to groff mailing list because (I hate to say it) I can't reproduce this issue in Linux using the same groff version (1.22.3). I use groff every so often but, if I remember well, I experienced the same with groff in openbsd years ago. I mean, it isn't new. On ps output, text isn't filled (justified) as groff should do by default. Even including the .fi option in macros has no effect. Perhaps someone familiarized with groff can give me a clue (Ingo?). Some library used by groff in openbsd? Some compile option?
Re: groff issue (SOLVED)
On Fri, Sep 02, 2016 at 05:25:18PM +0200, Ingo Schwarze wrote: > Hi Walter, > > Walter Alejandro Iglesias wrote on Fri, Sep 02, 2016 at 05:11:57PM +0200: > > > I'm posting this here instead of asking directly to groff mailing list > > Correct choice. > > > because (I hate to say it) I can't reproduce this issue in Linux using > > the same groff version (1.22.3). I use groff every so often but, if I > > remember well, I experienced the same with groff in openbsd years ago. > > I mean, it isn't new. > > > > On ps output, text isn't filled (justified) as groff should do by > > default. Even including the .fi option in macros has no effect. > > Filling (.fi) is indeed on by default, but .ad isn't. According to what I'd read in the groff info page I'd tried adding '.ad n' to my macros, but it didn't override the system wide settings. > > > Perhaps someone familiarized with groff can give me a clue (Ingo?). > > Some library used by groff in openbsd? Some compile option? > > No. Pure run-time configuration. Read > > /usr/local/share/doc/pkg-readmes/groff-1.22.3p2 Well, I'll explain what I did in case others need to know how to do it. I copied the file /usr/local/share/groff/1.22.3/tmac/troffrc to my $GROFF_TMAC_PATH and deleted these lines: .ad l .de ad And problem solved. > > Yours, > Ingo Thanks!
Opinion about pflog
I know complaining is useless. Forgive me this time. I'm about to run my own web server using OpenBSD. I'm giving my first steps with pf. I was very enthusiastic till I got to this point: https://www.openbsd.org/faq/pf/logging.html It says: The log file written by pflogd is in binary format and cannot be read using a text editor. So, *binary* logs. Sounds familiar to me. And then: In many situations it is desirable to have the firewall logs available in ASCII format And this "uncommon" practice among unix system administrators (sarcasm), needs a "workaround". You end with a file with a curious termination: Create the file /var/log/pflog.txt ... I must confess I'm one among those "run to the hills" paranoids. I'm not an expert, perhaps I'm judging pflog wrong but, anyway, I still prefer the traditional way, using cat, grep and tail.
Re: Opinion about pflog
On Wed, Sep 28, 2016 at 02:36:10PM -0600, Theo de Raadt wrote: > > So, *binary* logs. Sounds familiar to me. And then: > > Your type of person seems familiar to be me. Undeducated *check* > opinioned *check* Contrasting authoritatively without any education > to back it up *check* > > pflog generates pcap files. that is the DEFACTO INDUSTRY format > for packet logs, since they can be generated at extremely high speed > without decomposition, and then can be analysed later, offline, using > the pcap library with a sophisticated grammer and bpf executation > engine. > > So now get lost, grow up, go learn something, Too late, I'm 49 years old and spent most of my life being a professional musician (+20 years playing violoncello). Being a musician I had to work a lot for free like FOSS developers, so I think I understand your bad temper, except I didn't become famous enough to start being so concerned about the "uneducated opinion" of people about my work. I spent only the last six years of my life learning how to administer unix-like systems. Obviously not enough to feel myself entitled to give an opinion here, so you're right. It won't happen again. I'll take this opportunity to express my opinion about this project but from a point of view I think I'm entitled: the human aspect. Even being myself, as you rightly said, an ignorant in the matter, I felt treated by OpenBSD developers as an equal. When I reported a bug they answered me, and politely, even to personal messages. Thanks to all of them for making the difference. *** Just for fun: > There is no way to forgive people who intentionally step in the shit. Breaking news, God isn't Argentinian, is Canadian!
Re: Opinion about pflog
To the other people who answer me here, sorry for the delay, I took some time to calm down and not degrade myself to the level of discussion some person here proposed me. Martin Brandenburg, I know what pcap files are, I used them. But, as I said, I'm not an expert, I didn't take in care that converting them to ASCII could mean losing information (if I understand you well). Thanks for the clarification. *** R0me0 (private) and John Jansen, I'd read the documentation before posting here. Thanks anyway. *** Frederick W. Soucy You got the "idea behind" my message (by the way, I was aware about utmp). Taking in care I'm not in a Linux mailing list I avoided to mention the abomination by its name :-). That's why I'm a bit paranoid and some times I'm sarcastic. Sorry for that. The point is, I ask myself the same a lot of unix users probably are asking themselves, should I invest more time in educating myself in practices that in two days could be declared obsolete? Or should I install MSWindows in my desktop and RedHat in my server and simply use the casual WYSIWYG interface to read logs (it exists a port called winpcap)? Surely there are a lot of system administrators out there that do this and win the same money than if dealing with pf or iptables directly. In theory FOSS projects should be against promoting this tendency among users (very few understand why) but in practice happens exactly the opposite, at all levels. *** Peter Hansteen, Thanks for your explanation. As I told you in a private email there aren't the technical details but some human attitudes what discourages me. But I won't give up just because one bad experience. I'll probably buy your book about pf. ;-) Thanks to all. Walter
A detail about pf.conf
I post this here because I don't know if considering it bug. To use a macro in the "file" table option I had to enclose double on single quotes: blockIP='"/path/to/file"' table persist file $blockIP Any of these syntax examples return errors: blockIP="/path/to/file" blockIP=/path/to/file table persist file "$blockIP"
Is /etc/acme-client.conf used by acme-client?
Does acme-client take in care /etc/acme-client.conf in any way? Entries as the documented in acme-client.conf man page: domain example.com { alternative names { secure.example.com } domain key /etc/ssl/private/example.com.key domain certificate /etc/ssl/example.com.crt sign with letsencrypt } seem to be ignored when you run acme-client. And acme-client man page doesn't explain how to call it or even mention a configuration file.
dkimproxy_out doesn't sign my outgoing messages
Hi everyone, First of all, is dkimproxy a work in progress? If it's not, then the long one. I've tried something similar to the example in smtpd.conf(5). Outgoing messages don't get signed. # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy /etc/dkimproxy_out.conf --- listen127.0.0.1:10027 relay 127.0.0.1:10028 domainmydomain.com signature dkim(c=relaxed) signature domainkeys(c=nofws) keyfile /var/dkimproxy/default.private selector default /etc/mail/smptd.conf --- egress_int="em0" server="server.mydomain.com" ca $server certificate "/etc/ssl/acme/chain.pem" table aliases file:/etc/mail/aliases table valiases file:/etc/mail/valiases table vdomains file:/etc/mail/vdomains table addresses file:/etc/mail/addresses table users file:/etc/mail/users pki $server certificate "/etc/ssl/acme/cert.pem" pki $server key "/etc/ssl/acme/private/privkey.pem" listen on lo0 listen on lo0 port 10028 tag DKIM listen on $egress_int port 25 tls pki $server listen on $egress_int port 465 smtps pki $server auth senders masquerade accept from any for domain virtual deliver to mbox accept for local alias deliver to mbox accept tagged DKIM for any relay accept from local sender for any relay via smtp://127.0.0.1:10027 Do I need to do something else? (running current) Walter
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, Nov 09, 2016 at 09:27:58AM -0500, trondd wrote: > On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote: > > Hi everyone, > > > > First of all, is dkimproxy a work in progress? > > > > If it's not, then the long one. I've tried something similar to > > the example in smtpd.conf(5). Outgoing messages don't get signed. > > > > > > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy > > > > /etc/dkimproxy_out.conf > > --- > > listen127.0.0.1:10027 > > relay 127.0.0.1:10028 > > domainmydomain.com > > signature dkim(c=relaxed) > > signature domainkeys(c=nofws) > > keyfile /var/dkimproxy/default.private > > selector default > > > > > > /etc/mail/smptd.conf > > --- > > egress_int="em0" > > server="server.mydomain.com" > > ca $server certificate "/etc/ssl/acme/chain.pem" > > > > table aliases file:/etc/mail/aliases > > table valiases file:/etc/mail/valiases > > table vdomains file:/etc/mail/vdomains > > table addresses file:/etc/mail/addresses > > table users file:/etc/mail/users > > > > pki $server certificate "/etc/ssl/acme/cert.pem" > > pki $server key "/etc/ssl/acme/private/privkey.pem" > > > > listen on lo0 > > listen on lo0 port 10028 tag DKIM > > listen on $egress_int port 25 tls pki $server > > listen on $egress_int port 465 smtps pki $server auth senders > > masquerade > > > > accept from any for domain virtual deliver to mbox > > accept for local alias deliver to mbox > > accept tagged DKIM for any relay > > accept from local sender for any relay via > > smtp://127.0.0.1:10027 > > > > > > Do I need to do something else? (running current) > > > > > > Walter > > > > Did you add the public key part to DNS for your domain? What's going on > in maillog? I forgot to mention that, yes, I added the DNS record and checked its validity using this site: http://dkimcore.org/tools/keycheck.html That tells me it's ok. Then I been sending to this testing address: check-a...@verifier.port25.com where I'm told (in a replay to my same address) the message isn't signed. /var/log/maillog just shows the message as correctly delivered: Nov 9 14:16:39 server smtpd[68603]: 44fc40aeb913cba0 mta event=delivery evpid=1da22dbaa5825b53 from=<.*@mydomain.com> to=<check-a...@verifier.port25.com> rcpt=<-> source="192.168.1.101" relay="??.??.??.??" (verifier.port25.com)" delay=2s result="Ok" stat="250 2.6.0 message received" > Are the mails being forwarded to dkimproxy_out and back into > smtpd as expected? > How can I check this?
Re: dkimproxy_out doesn't sign my outgoing messages
trondd, Your response was also useful to me in another more important way. I took a look to the headers of your message and I observe gmail says your dkim is correct: Authentication-Results: mx.google.com; dkim=pass header.i=@kagu-tsuchi.com; However, I had to rescue your message from my gmail SPAM folder! So, I wonder if all these efforts are in vain. :-) (I'm starting to think spammers are sponsored by them)
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, Nov 09, 2016 at 11:57:18AM -0500, trondd wrote: > Should also be in the maillog. Hey, I think I found the problem: Nov 9 10:37:12 server dkimproxy.out[38514]: signing error: Error: cannot read /var/dkimproxy/default.private: Permission denied The permissions are: # ls -l /var/dkimproxy/ total 8 -rw--- 1 root wheel 887 Nov 9 10:50 default.private -rw--- 1 root wheel 313 Nov 9 10:50 default.txt Taking in care /etc/rc.d/dkimproxy_out flags: daemon_flags="--conf_file=/etc/dkimproxy_out.conf --user=_dkimproxy --group=_dkimproxy" These files should be owned by _dkimproxy user and group.
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, Nov 09, 2016 at 06:13:47PM +0100, Walter Alejandro Iglesias wrote: > Taking in care /etc/rc.d/dkimproxy_out flags: > > daemon_flags="--conf_file=/etc/dkimproxy_out.conf --user=_dkimproxy > --group=_dkimproxy" > > These files should be owned by _dkimproxy user and group. > It worked! Big thanks trondd! (Next time I promise to read the logs more carefully)
Re: mailx as root ignores set keep
Hello trondd, On Fri, Nov 25, 2016 at 11:03:49AM -0500, trondd wrote: > On Fri, November 25, 2016 4:17 am, Walter Alejandro Iglesias wrote: > > Is this on purpose? > > > > I've tried adding 'set keep' to /etc/mail.rc and /root/.mailrc > > but mail(1) still removes empty mailbox files before quiting. > > > > Worked here. How exactly are you reading mail? > Have you tried running mail as root as I said in the subject? For example, copy some mbox file to /tmp, then su to root and open the file: # mail -f /tmp/mbox Delete all messages and quit.
Re: mailx as root ignores set keep
On Fri, Nov 25, 2016 at 01:13:17PM -0500, trondd wrote: > On Fri, November 25, 2016 12:36 pm, Walter Alejandro Iglesias wrote: > > Hello trondd, > > > > On Fri, Nov 25, 2016 at 11:03:49AM -0500, trondd wrote: > >> On Fri, November 25, 2016 4:17 am, Walter Alejandro Iglesias wrote: > >> > Is this on purpose? > >> > > >> > I've tried adding 'set keep' to /etc/mail.rc and /root/.mailrc > >> > but mail(1) still removes empty mailbox files before quiting. > >> > > >> > >> Worked here. How exactly are you reading mail? > >> > > > > Have you tried running mail as root as I said in the subject? > > > > For example, copy some mbox file to /tmp, then su to root and open the > > file: > > > > # mail -f /tmp/mbox > > > > This makes a difference. That's not a system mailbox. 'Keep' seems to > only apply to a system mailbox and not to a "file". I was running mailx as root for avoiding to login as other users each time I wanted to check the content of spam. And I couldn't reproduce the issue as a normal user because in this case I was reading the user's system mailbox (the one owned by the user) as you rightly noticed. > Though, it seems like it should. I think it could be useful having the option. I owe you two beers :-)
Re: How to detect this kind of attacks
On Sat, Nov 26, 2016 at 12:18:23PM +0100, Gilles Chehade wrote: > There's not much you can do besides adding the offending addresses in a > pf blacklist. Yeah, that's what I thought (at least using opensmtpd, I guess what Claus quoted is from actual sendmail man page). Thanks to all for answering.
How to detect this kind of attacks
Hello everyone, Is there a way to detect on the fly spam attacks like the pasted below (maillog)? It seems pf max-src-conn-rate takes in care only the "connected" event. I obscured the recipients. Basically sorted addresses of the same target Chinese host. Nov 26 05:59:42 server smtpd[55880]: 3bcc430eee258cd7 smtp event=connected address=119.141.24.19 host=119.141.24.19 Nov 26 05:59:46 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 05:59:49 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 05:59:50 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 05:59:51 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 05:59:52 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 05:59:53 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 05:59:53 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 05:59:54 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" [...] *a hundred of more one second frequency entries here* Nov 26 06:06:55 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 06:06:56 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 06:06:56 server smtpd[55880]: 3bcc430eee258cd7 smtp event=failed-command address=119.141.24.19 host=119.141.24.19 command="RCPT TO:" result="550 Invalid recipient" Nov 26 06:06:57 server smtpd[55880]: 3bcc430eee258cd7 smtp event=closed address=119.141.24.19 host=119.141.24.19 reason=disconnect
mailx as root ignores set keep
Is this on purpose? I've tried adding 'set keep' to /etc/mail.rc and /root/.mailrc but mail(1) still removes empty mailbox files before quiting.
Is using dkim really worth?
I mentioned this in other thread, now I'll ask this question directly. I was running my own mail server for a while but not enough to make a conclusion. I'd appreciate the opinion of the experienced. I'm noticing messages with no spf or dkim records reach my gmail inbox. At the same time, messages with spf and dkim 'pass' state go to gmail spam (among them messages sent to me from people in this list). So, in general and based on your experience, do you think using dkim (that implies daemon, port redirections, etc.) is really worth?
Re: Is using dkim really worth?
On Sat, Dec 10, 2016 at 01:11:30PM +0100, Gilles Chehade wrote: > On Sat, Dec 10, 2016 at 11:51:34AM +0100, Walter Alejandro Iglesias wrote: > > I mentioned this in other thread, now I'll ask this question directly. > > > > I was running my own mail server for a while but not enough to make a > > conclusion. I'd appreciate the opinion of the experienced. > > > > I'm noticing messages with no spf or dkim records reach my gmail inbox. > > At the same time, messages with spf and dkim 'pass' state go to gmail > > spam (among them messages sent to me from people in this list). > > > > So, in general and based on your experience, do you think using dkim > > (that implies daemon, port redirections, etc.) is really worth? > > > > Depends on your volume and who you intend to send to. > > To be honest, setting up both SPF and DKIM takes a couple minutes and it > will probably avoid some delivery issues which will waste much more than > that to fix when they happen. I installed dkim because I've read on internet is, among other things, what gmail, hotmail, etc. (what most people use) take in care. Not exactly what I observe happens in practice as I explained above (I told you I rescued a message of yours from gmail spam, remember?). > > I can understand why someone would be reluctant to setup dmarc, but dkim > and spf are really a no brainer. You say this because you surely are quite familiarized with all this stuff! :-) Anyway It wasn't my point how difficult is to setting it up (I have it working since months) but if it's worth adding complexity. > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg Thanks for answering me!
Re: Too small default root partition
On Mon, Dec 12, 2016 at 11:32:07AM +0100, Stefan Sperling wrote: > On Mon, Dec 12, 2016 at 11:26:31AM +0100, Walter Alejandro Iglesias wrote: > > # du -cs /bin /sbin /dev /bsd* > > 20800 /bsd > > 15552 /bsd.rd > > 20704 /bsd.sp > > 1932484 /dev > > There is something in your /dev that does not belong there. > > On my system: > $ du -cs /dev > 68 /dev > 68 total > Right. Yesterday I was trying to dd a usb stick memory, perhaps some mistake I did in the command line created this file in /dev: # ls -lh /dev/sd1 -rw-r--r-- 1 root wheel 943M Dec 11 17:19 /dev/sd1 Big thanks Stefan!
makefs and mkhybrid
Question: Is the lately included makefs intended to be a replacement for mkhybrid? Is it already reliable or a work in progress? Issue: I noticed two issues in mkhybrid (not present in J. Schilling's mkisofs) I don't know if considering them bugs. It ignores the '-quiet' option. It lets residual ".rr_moved" directories (this happens in makefs too).
Too small default root partition
It seems the size picked by the partitioner at install time for / isn't large enough (I choose the defaults except I enlarged /var to run a web server). OpenBSD 6.0-current (GENERIC.MP) #25: Fri Dec 9 16:53:25 MST 2016 # dmesg | grep sd0 | grep MB | uniq sd0: 476940MB, 512 bytes/sector, 976773168 sector # df / Filesystem 512-blocks Used Avail Capacity Mounted on /dev/sd0a 2057756 2056792 -101920 105%/ # du -cs /bin /sbin /dev /bsd* 20800 /bsd 15552 /bsd.rd 20704 /bsd.sp 1932484 /dev 30100 /sbin 10308 /bin 2029948 total Note I listed with 'du' only indispensable files and directories. The larger is /dev. What's the more convenient solution in this case?
Re: spamd and outlook.com
Stuart Henderson wrote: > On 2017-04-21, Craig Skinnerwrote: > > Email is not instant messaging. > > > > Customers need educated to that fact. > > How do you educate them to that when they send to their gmail account > and it shows up on their phone within seconds? We, at school, used the pen as blowgun.
Re: smtpd log: certificate verification failed
On Thu, Apr 20, 2017 at 03:08:30PM +0200, Gilles Chehade wrote: > On Thu, Apr 20, 2017 at 02:59:10PM +0200, Walter Alejandro Iglesias wrote: > > Hello everyone, > > > > Just to be sure, when I get this message: > > > > maillog:Apr 20 13:53:03 server smtpd[99586]: smtp-out: Server certificate > > verification failed on session 81c5fc1509d4c884 > > > > Is it about my server cert or the remote one? > > > > remote one, it means that when trying to verify the certificate that was > presented by the remote server, the verification failed OK. Thank you! > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg
smtpd log: certificate verification failed
Hello everyone, Just to be sure, when I get this message: maillog:Apr 20 13:53:03 server smtpd[99586]: smtp-out: Server certificate verification failed on session 81c5fc1509d4c884 Is it about my server cert or the remote one?
Re: Helping out
Hello Bryan and Radoslav, In article <20170802015654.ga64...@c.brycv.com> you wrote: > On Tue, Aug 01, 2017 at 08:19:23PM -0400, Radoslav_Mirza wrote: > > Dear Group, Are there any places to start helping out for a beginner? > > Any junior jobs or todo lists? > > > > I have a new Ryzen 1700 running OpenBSD so maybe I could help with > > some benchmark tests etc. > > > > Any pointers of where to go would be great! > > There was a recent discussion about ProtonMail not sending plain text > email which this list expects. I would suggest sending with another > address and sending in plain text. Check the archives for more info > about it but base64 encoded emails (like from ProtonMail) will likely be > ignored. Hopefully ProtonMail will correct this problem but they have > "started" on it for more than a year. The first time I looked at the base64 encoded text pasted by Mihai Popescu's (the first noticing this issue): https://marc.info/?l=openbsd-misc=149984510728808=2 I saw the message was written in English, what made me think protonmail was doing something wrong, but more late I realized I'd overlooked the first line, the quoted text reference author's name contained *one* non-ascii character. :-) To see it yourself: $ cat file-containing-only-base64-part | openssl enc -base64 -d This means what proton mail did in this case isn't incorrect. As far as I understand, the purpose of this encoding (as the whole MIME standard) is to send all messages through the net in plain ascii, to assure compatibility among all servers. For example if I typed here any non ascii character (what could happen even by accident when you use a non English keyboard), Mutt, the MUA I use, would send the body of this message quoted-printable encoded (the one used for low utf8 density languages as Spanish; base64 is used i.e. for Russian). The same would happen if some non-ascii character is in some sender's name in the quoted text references; your MUA would detect that character and automatically would send the body of your message encoded. Despite base64, quoted-printable would still be readable. Where is the problem. I guess developers here, when they don't have any MUA from packages installed, are forced to use the one in base, mailx(1), which doesn't support MIME. If this is the case, they'd have troubles reading non ascii characters sent as is anyway. So, the best workaround, whatever MUA you use, is to avoid using non-ascii characters when you post to these lists (even in your name). Said that I still find annoying top-posting and not hard wrapped lines. But protonmail isn't the only one doing this. ;-) (I'd add more common practices you can't blame MUAs as not using double spaces after sentences, writing all in lowercase; the time they save writing is charged to the reader.) > > Bryan > >
Re: Mastering opensmtpd rules
On Tue, Aug 15, 2017 at 05:10:00PM +0200, Gilles Chehade wrote: > On Tue, Aug 15, 2017 at 01:29:16PM +0200, Walter Alejandro Iglesias wrote: > > > > > > accept from any for any virtual [...] > > > > > > > Besides, after modifying that rule in the file I also had to change the > > order. Since rules below the "catch-all" one never get evaluated, it > > has forcibly to be the last one: > > > >[...] > >accept from local for local alias deliver to mbox > >accept from local sender for any relay > >accept from any for any virtual deliver to mbox > ># End of file > > > > Not a truth written in stone but, usually, having the "from any for any" > rule in a config file is a sign that user failed to write ruleset and is > using this as a fallback. The word "mastering" I used in the subject may lead to confusion. I should've written "starting with" instead. :-) My smtpd.conf is not a finished work. Step by step. > The earliest the rules match the envelope, the > better, as it indicates that the rule was written to match precisely. > My intention was to find the way to support the "postmaster" address, that RFC requires to be supported even *with no domain specification.* I wasn't able to figure out how to solve this while the "domain" table was included in the rule. Without that table now I can add to the "valiases" file this: postmaster myuser s...@site1.com ... s...@site2.com ... To make available any of this addresses: postmaster@[IP_ADDRESS] postmas...@site1.com postmas...@site2.com > Most rulesets should finish with a relay (via?) rule from local for any. That's the way I had it, but I couldn't send mail when preceded by "from any to any" rule. I know my current solution is sloppy, I'll try to study a bit more and improve my configuration. Thank you for your help. > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg
Mastering opensmtpd rules
Hello everyone, I'd appreciate experienced opensmtpd users tell me if I'm understanding well the mechanism in the following rule. Currently, in my smtpd.conf I have this line: accept from any for domain virtual deliver to mbox But since all keys in my "valiases" table are full email addresses, in the form: u...@example.org user I'm thinking the use of "vdomains" table is redundant. I could safely simplify the rule to: accept from any for any virtual deliver to mbox Am I wrong in this assumption?
Re: Mastering opensmtpd rules
Hi Gilles, On Tue, Aug 15, 2017 at 11:15:32AM +0200, Gilles Chehade wrote: > On Tue, Aug 15, 2017 at 09:22:41AM +0200, Walter Alejandro Iglesias wrote: > > Hello everyone, > > > > I'd appreciate experienced opensmtpd users tell me if I'm understanding > > well the mechanism in the following rule. > > > > Currently, in my smtpd.conf I have this line: > > > > accept from any for domain virtual deliver to mbox > > > > But since all keys in my "valiases" table are full email addresses, in > > the form: > > > > u...@example.org user > > > > I'm thinking the use of "vdomains" table is redundant. I could safely > > simplify the rule to: > > > > accept from any for any virtual deliver to mbox > > > > > > Am I wrong in this assumption? > > > > kind of, smtpd.conf being a first match ruleset it is impossible to make > this kind of analysis without having your other rules too. Sorry, I should've added it's the only "from any" rule I have: # /etc/mail/smptd.conf egress_int="em0" server="server.roquesor.com" table aliases file:/etc/mail/aliases table valiases file:/etc/mail/valiases table vdomains file:/etc/mail/vdomains table addresses file:/etc/mail/addresses table users file:/etc/mail/users pki $server certificate "/etc/ssl/server.crt" pki $server key "/etc/ssl/private/server.key" listen on lo0 listen on $egress_int port 25 tls pki $server listen on $egress_int port 465 smtps pki $server auth \ senders masquerade accept from local for local alias deliver to mbox accept from any for domain virtual deliver to mbox accept from local sender for any relay # End of file > > in this case, this may or may not give the desired behavior depending on > rules following it because envelope matching happens _before_ virtual is > even evaluated. > > with: > > accept from any for domain [...] > > you will only match envelopes for the domains in , it allows a > different rule to match other domains: > > accept from any for domain [...] > accept from any for domain foobar.org [...] > > with: > > accept from any for any [...] > > you will match all envelopes so you're essentially creating a catch-all. > > > virtual happens AFTER a rule has been matched so if you recipient is not > found the RCPT will be rejected, smtpd will not search for another rule. If I'm understanding you well then it's what I want. My question was if the "virtual" entry in the rule is enough to reject not matching recipients. For example, having this rule: accept from any for any virtual [...] and a "valiases" file containing only this line: l...@foobar.org user will messages sent to i.e. l...@foobar2.org or l...@foobar3.org be rejected? > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg
Re: Mastering opensmtpd rules
> > accept from any for any virtual [...] > Besides, after modifying that rule in the file I also had to change the order. Since rules below the "catch-all" one never get evaluated, it has forcibly to be the last one: [...] accept from local for local alias deliver to mbox accept from local sender for any relay accept from any for any virtual deliver to mbox # End of file
New question, do I really need a AAAA record?
Hi Stuart, In articleyou wrote: > On 2017-08-10, Rui Ribeiro wrote: > > An email server in a residential setting will fail PTR unless you are > > working with a medium sized/an ISP that cares about their customers. > > > > see answer here > > https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config > > You can't expect to reliably deliver email unless you have a PTR record and > an A/ record (at least within the same domain, though in some cases > the full hostname needs to match). > At this point things got a bit confusing. First of all I don't run my own DNS server, I use the free dns service from the registrar company where I bought my domain names. There I configured the records I need for the web and mail servers I run at home. Then, asking my ISP to add a PTR record on *their* DNS was the first thing I did when I contracted the service, and was the first thing I checked again last weekend after the problem I explain in this thread happened. Despite the negative results the website someone recommended me shows (dnsinspect.com) I think my PTR is working well, you can use host(1), dig(1) or nslookup(1) to check my IP (185.37.212.61) against yours or any public DNS to corroborate it. Or simply put the IP in your browser URL bar, press ENTER and see if it resolves to my web site. :-) Stated the above, now the new question. By A/ records I understand you mean the records on *my* side (not my ISP's), don't you? Well, since I'm not using ipv6 I didn't added any record. Do you recommend me to add it, anyways?
Re: New question, do I really need a AAAA record?
In articleyou wrote: > Hi Stuart, > > In article you wrote: > > On 2017-08-10, Rui Ribeiro wrote: > > > An email server in a residential setting will fail PTR unless you are > > > working with a medium sized/an ISP that cares about their customers. > > > > > > see answer here > > > https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config > > > > You can't expect to reliably deliver email unless you have a PTR record and > > an A/ record (at least within the same domain, though in some cases > > the full hostname needs to match). > > > > At this point things got a bit confusing. First of all I don't run my > own DNS server, I use the free dns service from the registrar company > where I bought my domain names. There I configured the records I need > for the web and mail servers I run at home. Then, asking my ISP to add > a PTR record on *their* DNS was the first thing I did when I contracted > the service, and was the first thing I checked again last weekend after > the problem I explain in this thread happened. Despite the negative > results the website someone recommended me shows (dnsinspect.com) I > think my PTR is working well, you can use host(1), dig(1) or nslookup(1) > to check my IP (185.37.212.61) against yours or any public DNS to > corroborate it. Or simply put the IP in your browser URL bar, press > ENTER and see if it resolves to my web site. :-) > > Stated the above, now the new question. By A/ records I understand > you mean the records on *my* side (not my ISP's), don't you? Well, > since I'm not using ipv6 I didn't added any record. Do you > recommend me to add it, anyways? > > Sorry, I think I didn't formulate the question well. What I meant was, do I need also a static ipv6 to be considered by big smtp servers as a legal sender?
Re: New question, do I really need a AAAA record?
On Thu, Aug 10, 2017 at 07:26:16PM +0100, Stuart Henderson wrote: > Rephrasing: if you make an outgoing SMTP connection, a reverse DNS PTR > record should exist for the source address you're connecting from (whether > that's v4 or v6), and an A (for v4) or (for v6) lookup for the name > in that PTR should give back the same address. > > For your example: > > 185.37.212.61 -> server.roquesor.com > server.roquesor.com -> 185.37.212.61 > > That looks good. > > If you are making outgoing SMTP connections from a v6 address, then you > should have matching PTR+ as well. OK. Huff!, it's just I got dizzy. After all the advises I got in this thread I started to doubt even about my existence. :-) Thank you Stuart!
SSH: lost connection after restarting pf.
Yesterday while copying a big file from one machine to another in my LAN I noticed that restarting pf: # pfctl -d && pfctl -e -f /etc/pf.conf scp stops and quits showing this message: - stalled - Conection reset by 192.168.1.* Lost connection Is this expected or is a bug?
Re: SSH: lost connection after restarting pf.
On Sat, Aug 12, 2017 at 11:08:23AM +0200, Walter Alejandro Iglesias wrote: > Yesterday while copying a big file from one machine to another in my LAN > I noticed that restarting pf: > > # pfctl -d && pfctl -e -f /etc/pf.conf I assume it's not necessary to say I'm doing this without changing any rule on pf.conf. :-) > > scp stops and quits showing this message: > > - stalled - Conection reset by 192.168.1.* Lost connection > > > Is this expected or is a bug? > >
Re: SSH: lost connection after restarting pf.
In article <5127ac707aa6f...@server.roquesor.com> you wrote: > Hi Stuart, > > In article <slrnootn18.31bc@naiad.spacehopper.org> you wrote: > > On 2017-08-12, Walter Alejandro Iglesias <w...@roquesor.com> wrote: > > > Yesterday while copying a big file from one machine to another in my LAN > > > I noticed that restarting pf: > > > > > > # pfctl -d && pfctl -e -f /etc/pf.conf > > > > > > scp stops and quits showing this message: > > > > > > - stalled - Conection reset by 192.168.1.* Lost connection > > > > > > > > > Is this expected or is a bug? > > > > > > > > > > > > > Expected. > > > > PF is a state-inspecting firewall and verifies things like TCP sequence > > numbers; it needs to see the initial connection handshake to pick up the > > wscale value. > > > > I would recommend just reloading the ruleset rather than disabling and > > re-enabling PF first. > > > > > > I have this rule: > > block in log quick inet proto tcp from to port ssh > > That reads IPs from a the "port22" file which is updated from a script > in a cronjob. I ignore which command to use to re-read that file > without causing the interrupt. > > > You mean doing only this? # pfctl -f /etc/pf.conf
Re: SSH: lost connection after restarting pf.
Hi Stuart, In article <slrnootn18.31bc@naiad.spacehopper.org> you wrote: > On 2017-08-12, Walter Alejandro Iglesias <w...@roquesor.com> wrote: > > Yesterday while copying a big file from one machine to another in my LAN > > I noticed that restarting pf: > > > > # pfctl -d && pfctl -e -f /etc/pf.conf > > > > scp stops and quits showing this message: > > > > - stalled - Conection reset by 192.168.1.* Lost connection > > > > > > Is this expected or is a bug? > > > > > > > > Expected. > > PF is a state-inspecting firewall and verifies things like TCP sequence > numbers; it needs to see the initial connection handshake to pick up the > wscale value. > > I would recommend just reloading the ruleset rather than disabling and > re-enabling PF first. > > I have this rule: block in log quick inet proto tcp from to port ssh That reads IPs from a the "port22" file which is updated from a script in a cronjob. I ignore which command to use to re-read that file without causing the interrupt.
Re: SSH: lost connection after restarting pf. [SOLVED]
In article <20170812123632.p7zgt2l4kz43y...@symphytum.spacehopper.org> you wrote: > On 2017/08/12 14:33, Walter Alejandro Iglesias wrote: > > In article <5127ac707aa6f...@server.roquesor.com> you wrote: > > > Hi Stuart, > > > > > > In article <slrnootn18.31bc@naiad.spacehopper.org> you wrote: > > > > On 2017-08-12, Walter Alejandro Iglesias <w...@roquesor.com> wrote: > > > > > Yesterday while copying a big file from one machine to another in my > > > > > LAN > > > > > I noticed that restarting pf: > > > > > > > > > > # pfctl -d && pfctl -e -f /etc/pf.conf > > > > > > > > > > scp stops and quits showing this message: > > > > > > > > > > - stalled - Conection reset by 192.168.1.* Lost connection > > > > > > > > > > > > > > > Is this expected or is a bug? > > > > > > > > > > > > > > > > > > > > > > > Expected. > > > > > > > > PF is a state-inspecting firewall and verifies things like TCP sequence > > > > numbers; it needs to see the initial connection handshake to pick up the > > > > wscale value. > > > > > > > > I would recommend just reloading the ruleset rather than disabling and > > > > re-enabling PF first. > > > > > > > > > > > > > > I have this rule: > > > > > > block in log quick inet proto tcp from to port ssh > > > > > > That reads IPs from a the "port22" file which is updated from a script > > > in a cronjob. I ignore which command to use to re-read that file > > > without causing the interrupt. > > > > > > > > > > > > > You mean doing only this? > > > > # pfctl -f /etc/pf.conf > > Yes. > > I just tried it and works OK. Thank you very much.
How about to let this die?
Guys, The issue was solved after the fist answer (Martijn van Duren's). Everyone's opinions have been very useful. But since this is not OpenBSD related I propose to let it die.
Re: gmail and hotmail blocking mail sent from my IP
Hello Rupert, In article
Re: gmail and hotmail blocking mail sent from my IP
In article <20170808121343.46a8ddb9@fir.internal> you wrote: > Hi Walter: > > On Sun, 6 Aug 2017 19:45:22 +0200 Walter Alejandro Iglesias wrote: > > What determines those "ranges", who regulates that? > > Some ISPs submit IP blocks to various blacklists. e.g: > https://www.Spamhaus.Org/faq/section/Spamhaus%20PBL#242 > http://www.Sorbs.Net/faq/dul.shtml > > Asking your ISP to exclude your addresses might help. I sent an email to my ISP, they don't even know about this lists. :-) Besides, I sent an email to spamhaus.org suggesting them not to include static IPs in their PBL list by default as they do. I'll take this chance to share my thinking with everyone here. I understand that given everyone uses gmail, hotmail or mail provided by some multinational hosting service they assume mail coming from residential connections cannot be other thing but spam sent from hacked machines. But someone paying for a static IP in a residential connection is the opposite case. When you have to deal with thousands of users you resort to any trick you find on the Internet and start to blindly blacklist all; this is a big servers problem. And the more users you have to deal with the worse. On the contrary, from my part, I have just a pair of personal addresses, so it's not a big deal for me to audit my server and use more sane, less harmful and, overall, more effective measures to filter spam and to prevent spam be sent from my machine. And I think this is the direction everyone should point to instead of resting day after day more and more on big companies for everything. In general, everyone should tend to decentralize instead of monopolize. The real problem is the passive attitude most people assume in the use of the Internet (and life in general but I don't want to bore you with cheap philosophy. :-)) > > Regards, Thank you for your advice.
gmail and hotmail blocking mail sent from my IP
Hello everyone, I was using smtpd(8) (static IP and FQDN resolving direct and reverse) for a year without problems. Today sending from my server (from the same address I'm using now) to gmail and hotmail they answered the following (MAILER-DAEMON answer). Sending to gmail addresses: *@gmail.com: 550-5.7.1 [185.37.212.61] The IP you're using to send mail is not authorized to send email directly to our servers. Please use the SMTP relay at your service provider instead. Learn more at https://support.google.com/mail/?p=NotAuthorizedError e1si6736354wra.236 - gsmtp Sending to hotmail: *@hotmail.com: 550 DY-001 (SNT004-MC3F42) Unfortunately, messages from 185.37.212.61 weren't sent. Please contact your Internet service provider. You can tell them that Hotmail does not relay dynamically-assigned IP ranges. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. On the hotmail link above the explanaition for code DY-001 is: Mail rejected by Outlook.com for policy reasons. We generally do not accept email from dynamic IP's as they are not typically used to deliver unauthenticated SMTP email to an Internet mail server. If you are not an email/network admin please contact your Email/Internet Service Provider for help. http://www.spamhaus.org maintains lists of dynamic and residential IP addresses. It doesn't happen with yahoo. I visited spamhaus.org site and found out my IP is included in a list called PBL that, as they explain is not a spammers list, it just includes dynamic and "non mail server IP ranges". Does someone here know what is "non mail server IP ranges" about? Or, how could my static IP could be taken as dynamic (some DNS faliure at my ISP end?).
Re: gmail and hotmail blocking mail sent from my IP
Hi Martijn, On Sun, Aug 06, 2017 at 05:09:10PM +0200, Martijn van Duren wrote: > Not an authority on this, so take my reply for what you want. > > As far as I know this list is used to keep track of ip-addresses by ISPs > for home-addresses, which are not intended to be used for outgoing mail. > > You can whitelist your ip-address on this list yourself and all should > be back to normal. I just did it from spamhause site. > > I faced the same issues and adding my ip did solve the 550s. > > Do note that my ip gets removed every year and thus should be re-added > ever year. I'll take this in care. Thank you! > > Sincerely, > > martijn@ >
Re: gmail and hotmail blocking mail sent from my IP
On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote: > Like Martijn pointed out, you're sending mail from a IP which is not > intended for mail-servers. This was my main question. What is an "IP intended for mail-servers"?
Re: gmail and hotmail blocking mail sent from my IP
Hi Gareth, On Sun, Aug 06, 2017 at 04:12:45PM +0100, Gareth Nelson wrote: > I'm assuming that you have your SPF records setup correctly. > I did that at first, and all the tricks (dkim, etc) they ask to make you appear as a legal sender, but after confirming my mail still went to SPAM in both (gmail, hotmail) I remove all that trickery.
Re: gmail and hotmail blocking mail sent from my IP
Hi Niels, On Sun, Aug 06, 2017 at 07:19:04PM +0200, Niels Kobschätzki wrote: > > > On 6. Aug 2017, at 18:40, Walter Alejandro Iglesias <w...@roquesor.com> > > wrote: > > > >> On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote: > >> Like Martijn pointed out, you're sending mail from a IP which is not > >> intended for mail-servers. > > > > This was my main question. What is an "IP intended for mail-servers"? > > The question should be "what are IPs **not** intended for mail-servers?" > > The ranges of ISPs for home-users and the dsl-, cable-, whatever-connection > are well-known and pretty much on all of the blacklists since the only thing > you can usually expect from them is spam from botnets. Legitimate mails are > rather rare from those ranges, thus they get blocked. I cannot tell what happens in pratice, I've never run a big mail server. But the reasons that come to my mind someone wants to run their own server (at home or at a small enterprise) are opposed to what you state. Why would you want to send spam from the fixed IP you're paying for (in my case 5 euros mouth)? The question is still unanswered. What determines those "ranges", who regulates that? > To not get blocked by google and hotmail you need an IP from some > hosting-provider, university or something like this; Which is the procedure followed by those entities to get an IP in what you called the "authorized range"? Authorized by who? > a PTR-record for your server I already have this. > and at least an SPF-, even better a DKIM-record. I had these at first and removed them after seeing they don't help. > And if you > ever send out mail, you maybe want a secondary IP for temporary > failover-cases if you land temporarily on a black list. I have just two personal addresses. I don't need that complication. :-) > > Niels
Re: gmail and hotmail blocking mail sent from my IP
In article <slrnooes63.31bc@naiad.spacehopper.org> you wrote: > On 2017-08-06, Walter Alejandro Iglesias <w...@roquesor.com> wrote: > > I visited spamhaus.org site and found out my IP is included in a list > > called PBL that, as they explain is not a spammers list, it just > > includes dynamic and "non mail server IP ranges". > > > > Does someone here know what is "non mail server IP ranges" about? Or, > > how could my static IP could be taken as dynamic (some DNS faliure at my > > ISP end?). > > You should add ypur IP to dnswl.org. I can't guarantes it will help > everywhere, but it will help some places and won't hurt others. > > I'll take a look to dnswl.org. Thanks. It seems that after removing my IP from spamhaus pbl the issue is fixed.
Re: SSH: lost connection after restarting pf. [SOLVED]
On Fri, Aug 18, 2017 at 07:31:05PM +0200, Otto Moerbeek wrote: > On Sat, Aug 12, 2017 at 02:40:41PM +0200, Walter Alejandro Iglesias wrote: > > > In article <20170812123632.p7zgt2l4kz43y...@symphytum.spacehopper.org> you > > wrote: > > > On 2017/08/12 14:33, Walter Alejandro Iglesias wrote: > > > > In article <5127ac707aa6f...@server.roquesor.com> you wrote: > > > > > Hi Stuart, > > > > > > > > > > In article <slrnootn18.31bc@naiad.spacehopper.org> you wrote: > > > > > > On 2017-08-12, Walter Alejandro Iglesias <w...@roquesor.com> wrote: > > > > > > > Yesterday while copying a big file from one machine to another in > > > > > > > my LAN > > > > > > > I noticed that restarting pf: > > > > > > > > > > > > > > # pfctl -d && pfctl -e -f /etc/pf.conf > > > > > > > > > > > > > > scp stops and quits showing this message: > > > > > > > > > > > > > > - stalled - Conection reset by 192.168.1.* Lost connection > > > > > > > > > > > > > > > > > > > > > Is this expected or is a bug? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Expected. > > > > > > > > > > > > PF is a state-inspecting firewall and verifies things like TCP > > > > > > sequence > > > > > > numbers; it needs to see the initial connection handshake to pick > > > > > > up the > > > > > > wscale value. > > > > > > > > > > > > I would recommend just reloading the ruleset rather than disabling > > > > > > and > > > > > > re-enabling PF first. > > > > > > > > > > > > > > > > > > > > > > I have this rule: > > > > > > > > > > block in log quick inet proto tcp from to port ssh > > > > > > > > > > That reads IPs from a the "port22" file which is updated from a script > > > > > in a cronjob. I ignore which command to use to re-read that file > > > > > without causing the interrupt. > > > > > > > > > > > > > > > > > > > > > > > You mean doing only this? > > > > > > > > # pfctl -f /etc/pf.conf > > > > > > Yes. > > > > > > > > > > I just tried it and works OK. Thank you very much. > > > > A bit reply late due to vacation... > > I would like to stress that disable and then a reload is a > dangerous practise. Apart from the fact that it looses state it also > will leave pf disabled if you made a syntax error in your ruleset. Yes, I was worried about that. > > Please just do a reload: it is much more safer: it will first > validate the new ruleset and then *atomically* replace the old with > the new ruleset, leaving intact any relevant state information. I don't remember exactly what made me think that in the specific case of tables reading IP lists from files a reload wasn't enough. Something wrong I did while testing lead me to wrong conclusions. :-) Thank you! > > -Otto Walter
mime headers quoted-printable
Hello everyone, With mailx(1) in mind and resurrecting the few I know about C I wrote the code pasted below. It encodes mail headers in MIME quoted-printable format. Unless I'm missing something it complies with all stated here: https://www.ietf.org/rfc/rfc2047.txt You can pipe to it a line or the whole meassage, it only processes headers leaving the body untouched. The problem is, so far, it assumes all 8bit chars are utf8. Even when openbsd now only supports utf8 locale you can still enter iso-latin characters while your LC_CTYPE is set to C, what means if eventually you judge it could be adapted to patch mailx some non valid utf8 characters check would be mandatory. So at this point I'm not sure it'll be a good deal since, as far as I know, to make it able to check for non valid UTF-8 characters would take more lines of code than the program itself. I wrote also an encoder to the body, a base64 version and some decoders but for now I'll show you only this one to not clutter the message. I'd appreciate your opinion and advice about what can I do from now (don't hesitate in being frank if you think it's useless). /* * MIME encode mail headers quoted-printable. * * BUG: it assumes all non ascii characters are UTF-8. */ #include #define ASCII 0x7f #define IN 1 #define OUT 0 int main() { int c, i, n, nl, eightbit, encode, body; unsigned char s[256]; i = n = nl = 0; encode = eightbit = body = OUT; while ((c = getchar()) != EOF) { if (body == IN) putchar(c); else if (c == '\n' || c == ' ') { s[i] = '\0'; if (eightbit == IN) { if (encode == IN) printf("=20?= "); printf("=?UTF-8?Q?"); while (n < i) { if (s[n] > ASCII || s[n] == '=' || s[n] == '?' || s[n] == '\t') { printf("=%02X", s[n]); } else printf("%c", s[n]); ++n; } n = 0; encode = IN; if (c == '\n') { printf("?="); putchar(c); encode = OUT; } eightbit = OUT; } else { if (encode == IN) printf("?= "); printf("%s", s); putchar(c); encode = OUT; } i = 0; if (c == '\n') ++nl; else nl = 0; if (nl > 1) body = IN; } else { if (c > ASCII) eightbit = IN; s[i] = c; ++i; } } return 0; }
Re: mime headers quoted-printable
I was pointed out words (no spaces) longer than 256 characters produce a buffer overflow with my previous version. I scanned my saved (since ~ 2005) mbox for header lines without spaces longer than 256 and found several. Most of them are non wrapped base64 encoded text, a few are "References:" separated with commas instead of spaces. So I think I can just ignore those lines. Besides that, the new version below has a limit. No more buffer overflow. By the way, I can make it wrap lines bigger than 76 columns as the standards ask, but looking at mailx code I observed it already takes care of that. /* * MIME encode mail header quoted-printable. (VERSION 2) * * BUG: it assumes all non ascii characters are UTF-8. */ #include #define ASCII 0x7f #define IN 1 #define OUT 0 #define MAX 256 int main() { int c, i, n, nl, eightbit, encode, body; unsigned char s[MAX]; i = n = nl = 0; encode = eightbit = body = OUT; while ((c = getchar()) != EOF) { if (body == IN) putchar(c); else if (c == '\n' || c == ' ') { s[i] = '\0'; if (eightbit == IN) { if (encode == IN) printf("=20?= "); printf("=?UTF-8?Q?"); while (n < i) { if (s[n] > ASCII || s[n] == '=' || s[n] == '?' || s[n] == '\t') { printf("=%02X", s[n]); } else printf("%c", s[n]); ++n; } n = 0; encode = IN; if (c == '\n') { printf("?="); putchar(c); encode = OUT; } eightbit = OUT; } else { if (encode == IN) printf("?= "); printf("%s", s); putchar(c); encode = OUT; } i = 0; if (c == '\n') ++nl; else nl = 0; if (nl > 1) body = IN; } else { if (c > ASCII) eightbit = IN; if (i >= MAX) { s[i] = '\0'; printf("%s", s); i = 0; } s[i] = c; ++i; } } return 0; }
Re: OpenBSD 6.1: httpd.conf macro usage and string concatenation
In article <39c822f4-07f1-3544-0a8e-b75446f94...@4ss.de> you wrote: > Hi! > > I thought I could copy the same static server definition block and only > change a unique macro definition at the top of each server. But this is > not working: > > ## > # from httpd.conf > ## > # [...] > > # macro definition > certroot="/etc/ssl/httpd" > docroot="/htdocs" > > domain="domain.tld" > server $domain{ > listen on * tls port 443 > tls certificate $certroot/$domain/$domain.pem > tls key $certroot/$domain/$domain.key > root $docroot/$domain > } > > domain="anotherdomain.tld" > server $domain{ > listen on * tls port 443 > tls certificate $certroot/$domain/$domain.pem > tls key $certroot/$domain/$domain.key > root $docroot/$domain > } > > # [...] > ## > > The idea was if you have a lot of server definitions you could keep > static the parts that are the same and just change the macro for each > server the line above the server block. > > Because httpd.conf man page says "Macros are not expanded inside > quotes." I cannot use 'root "$docroot/$domain"'. But 'root > $docroot/$domain' isn't accepted either. Does that mean I cannot use > Macros for parts of the config file that reference to files or folders, > because Macros are not expanded inside quotes but keywords with file or > folder options require enclosing quotes? If that's the case I don't > understand what Macros are good for. > > Thanks in advance! > > T. > > There is another problem I mentioned here time ago. Macros have problems with slashes. The same happens in pf.conf (and perhaps with smtpd.conf too). Unless it was already fixed, when you want to add a path to a macro you must enclose it within double and single quotes: certroot='"/etc/ssl/httpd"' Then $certroot is expanded to "/etc/ssl/httpd" including the doble quotes.
Re: mime headers quoted-printable
An overlook I can't figure out why didn't core dumped. --- encode-qprint-header.c Wed May 24 22:04:24 2017 +++ encode-qprint-header.c Wed May 24 22:03:49 2017 @@ -66,13 +66,12 @@ main() } else { if (c > ASCII) eightbit = IN; - if (i >= MAX) { + if (i >= MAX - 1) { s[i] = '\0'; printf("%s", s); i = 0; } s[i] = c; - ++i; } }
Re: mime headers quoted-printable
Inspired in the new utf8 man page (thanks tedu@) I think I found a solution to the charset issue. New version: /* * MIME encode mail header quoted-printable. * */ #include #define ASCII 0x7f #define IN 1 #define OUT 0 #define MAX 1024 int main() { int c, i, n, nl, count, isutf8, eightbit, encode, body; unsigned char s[MAX]; i = n = nl = count = 0; encode = eightbit = body = isutf8 = OUT; while ((c = getchar()) != EOF) { if (body == IN) putchar(c); else if (c == '\n' || c == ' ') { s[i] = '\0'; if (eightbit == IN) { if (encode == IN) printf("=20?= "); if (isutf8 == OUT) printf("=?ISO-8859-1?Q?"); else printf("=?UTF-8?Q?"); while (n < i) { if (s[n] > ASCII || s[n] == '=' || s[n] == '?' || s[n] == '\t') printf("=%02X", s[n++]); else printf("%c", s[n++]); } n = 0; encode = IN; if (c == '\n') { printf("?="); putchar(c); encode = OUT; } eightbit = OUT; } else { if (encode == IN) printf("?= "); printf("%s", s); putchar(c); encode = OUT; } i = 0; if (c == '\n') ++nl; else nl = 0; if (nl > 1) body = IN; } else { if (c > ASCII) { eightbit = IN; ++count; if (count == 1) { if (c != 0xc2 && c != 0xc3 && c != 0xe2) isutf8 = OUT; else isutf8 = IN; } } else count = 0; if (i >= MAX - 1) { s[i] = '\0'; printf("%s", s); i = 0; } s[i++] = c; } } return 0; }
Re: Do I need slaacd(8) up and running?
On Sat, Nov 11, 2017 at 05:58:59AM -0700, Theo de Raadt wrote: > >A question to the experts here. > > > >My home router (a crappy one provided by my ISP) has ipv6 disabled, at > >least it's what its guied configuration tells me. :-) And I have ipv6 > >disabled in all my LAN machines. The laptop I use with OpenBSD has > >slaacd(8) up and running by default, even when I didn't configure any > >interface to use ipv6 at install time. > > > >Under the above conditions, do I still need slaacd running? > > Yes, absolutely. > > Otherwise one day you will configure up v6 on an interface and > come whining about how your custom configuration isn't do inet6 > boohoohoo. OK. You assume I'm an asshole. > > You need it. And don't go writing some balony blog saying you don't > need it. I don't need blogs. :-) Look, I'm very happy with OpenBSD (*honestly*) in the technical as well as in the human aspect. The *only one* negative point I found till now in this project is your attitude. The next time you want to insult me do it in private, in that way you won't harm the project (taking in care the other people working hard on it).
Do I need slaacd(8) up and running?
A question to the experts here. My home router (a crappy one provided by my ISP) has ipv6 disabled, at least it's what its guied configuration tells me. :-) And I have ipv6 disabled in all my LAN machines. The laptop I use with OpenBSD has slaacd(8) up and running by default, even when I didn't configure any interface to use ipv6 at install time. Under the above conditions, do I still need slaacd running?
Re: Do I need slaacd(8) up and running?
On Sat, Nov 11, 2017 at 04:57:14PM -0700, Theo de Raadt wrote: > >On Sat, Nov 11, 2017 at 05:58:59AM -0700, Theo de Raadt wrote: > >> >A question to the experts here. > >> > > >> >My home router (a crappy one provided by my ISP) has ipv6 disabled, at > >> >least it's what its guied configuration tells me. :-) And I have ipv6 > >> >disabled in all my LAN machines. The laptop I use with OpenBSD has > >> >slaacd(8) up and running by default, even when I didn't configure any > >> >interface to use ipv6 at install time. > >> > > >> >Under the above conditions, do I still need slaacd running? > >> > >> Yes, absolutely. > >> > >> Otherwise one day you will configure up v6 on an interface and > >> come whining about how your custom configuration isn't do inet6 > >> boohoohoo. > > > >OK. You assume I'm an asshole. > > > >> > >> You need it. And don't go writing some balony blog saying you don't > >> need it. > > > >I don't need blogs. :-) > > > > > >Look, I'm very happy with OpenBSD (*honestly*) in the technical as well > >as in the human aspect. The *only one* negative point I found till now > >in this project is your attitude. The next time you want to insult me > >do it in private, in that way you won't harm the project (taking in care > >the other people working hard on it). > > Terribly sad you are such a sensitive soul. Uh, your sarcasms hurt my delicate soul. :-) I don't usually come here to whine. I've always kept my systems as default as possible. I've never written any article about OpenBSD. Obviously it's not about me and *that's the bad news*. Whether or not you're right about users in general, there are more than one OS out there with long tradition and experience in developing with the assumption users are a bunch of irresponsible idiots. And they count with a stronger infrastructure than yours. It's not clever to compete with those monsters using their same strategy.
Re: mandoc output paper size
In article <20171026083919.ga38...@www.stare.cz> Jan Starywrote: > I am not sure whether man -Tpdf and man -Tps honour the paper size. I think it does. I don't have a printer at hand to verify it but if in the gv(1) menu I select alternativelly A4 (or Letter) and Default I can see how the page get resized (or not) depending on the 'ouput paper' man.conf setting. Walter
Re: mandoc output paper size
In articleMike Williams wrote: > Hiya > > On 10/27/17 14:31, Ingo Schwarze wrote: > > [ sending this particular one back to the list > > because it contains something useful for everyone and nothing private ] > > Replying to list to archive comments even if not acted on. > > > Hi Jan, > > > > Jan Stary wrote on Fri, Oct 27, 2017 at 12:46:00PM +0200: > > > >> I produced a PS output with "man -Tps rm > rm.ps", > >> with output paper set to a3, a4, and a5 in man.conf. > >> This results, respectively, in > >> > >> %%DocumentMedia: Default 841 1190 0 () () > >> %%DocumentMedia: Default 595 841 0 () () > >> %%DocumentMedia: Default 419 595 0 () () > >> > >> which apparently are the right dimensions. However, > >> the Minolta will print all of them on A4 paper, > >> although it does have a stash of A3 and A5 too. > >> > >> That's where I thought it might take a hint from the DSC comment, > >> if I changed the "Default" to "A3" or "A4" or "A5", or if mandoc(1) > >> itself put that in the DSC comments. I rewrote it manually before > >> each printing, but the Minolta still prints them all on an A4: > > > > That's interesting, but anecdotal. It is neither surprising that > > a specific printer selects paper as configured (in whichever way), > > as opposed to inspecting fikes it is sent; nor would it be surprising > > if other printers, or even the same one, or printer drivers on the > > print server, could be configured to inspect the contents of > > PostScript files to select paper. > > > > The trouble is, i just don't know what firmwares and softwares do, > > what they should do according to standards, and where to look for > > standards in this respect. > > > > Does anybody else know? > > The DSC comments are not part of the PS specification (the reference > manual quoted earlier) and a PS interpreter would not normally take > notice of the them. The comments are aimed at document printing systems > which can just look for the comments and manage the printing of the file > amongst other files and a range of available printers - such as queuing > for a printer which supports/has the media listed by the DSC comment. > > Some PS interpreters may look for and act on the comments, but this > would not be "standard" behaviour. For the %%DocumentMedia: comment the > name used is for human consumption, it is the numeric values that are > used for any media handling decisions. The %%DocumentMedia: comment > lists all media sizes used by the document but does not say which page > uses which size of media so could not be used to select media for any > particular page. If the media size is important for a page then there > should be a PS setpagedevice call like the following: > > <>setpagedevice In my other message I was about to mention that in the document generated by groff I inspected, besides the comment, I found this other line: %%BeginFeature: *PageSize Default << /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice It's in the place I put an image. I tried modifying the values here too to see if this line was taken in care by gv too, but it seems it's not. > > The PS interpreter will perform media selection based on the values - > use matching media, next largest, scale/rotate content, ask operator, > etc. - see section 6.2.1 of the PS reference manual for way more detail. > > This is what is needed for the Minolta printer to use the other media > sizes it has available. A quick edit of the PS file to add the above > line with the appropriate media sizes for A3 or A5 should prove that. > > Basically don't rely on DSC comments to do media selection. > > I don't know gv but it will be working as a virtual printer with some > standard media sizes to use when rendering a file. It sounds like it > adds the list of media from any %%DocumentMedia: comments to provide > additional media sizes it may not have by default. Ah, in the State > menu there is the option "Respect document structure". If I unselect > this the page size used by gv changes from the letter used in the -Tps > output to the default A4 used by gv. > > It may be useful to use a media name such as man-A4, man-letter, etc. > (to indicate the source of the file and media size used) for any systems > that do process the DCS comments. That will avoid duplicates appearing > in generated media lists. > > As for PDF, no there is no way to name the media size being used. There > is no equivalent of the DSC comments for PDF. Media selection is always > done based the dimensions in the /MediaBox array, the same way as the > /PageSize array in PS, and it is up to the processor to decide how to > handle the media size request. > > Finally, the -Tpdf output is not a valid PDF. It is missing the endobj > keyword from several of the object definitions. This will cause > warnings or errors when processing. I
Re: Viewport for man.openbsd.org -- readability on phones
In article <20180518004729.gl68...@athene.usta.de> Ingo Schwarzewrote: > Hi Aner, > > Aner Perez wrote on Thu, May 17, 2018 at 06:32:44PM -0400: > > On 05/17/2018 05:22 PM, x...@dr.com wrote: > >> "Ingo Schwarze" wrote: > > >>> Absolutely not. > >>> Mandoc output is not optimized for any device. > >>> > >>> Which elements or rules in the current HTML or CSS code > >>> make you think it is optimized or it discriminates against > >>> any device? > > >> I don't know which element or rule is the problem, however > >> if I delete mandoc.css the text does fill the screen. > >> > >> I understand that what I am trying to do is not supported, > >> so I'll do something else instead. > > > First non-comment line of mandoc.css says: > > > > html {max-width: 100ex; } > > > > Removing this line allows the use of the full browser width. > > That is a very useful bit of information. > Thanks for investigating and reporting it. > > For testing purposes, i removed that line from > https://man.openbsd.org/mandoc.css > > xcv@, could you check with your phone whether this solves > your original issue? > > > I'm sure that it was put there for a reason > > (maybe to approximate the width of a terminal?). > > Correct. The original reason was that for -T ascii and -T utf8 > output, the default is -O width=78. The reason for that is that > it's conventional wisom in typography that readability of text > suffers with excessive column width - even though some recent > research raises doubts whether that is really true. Either way, > people tend to feel strongly about it. If text is too wide, each time your sight jumps from the end to the beginning of the other line it loses track of in which one it was. When it's too narrow (as used in news papers) your sight has to jump continuously. That's why in books you generally see lines not narrower than 60 columns and not wider than 78, that's the comfortable range. Perhaps I'm wrong assuming this happens to other people. I'd like to know if that recent research you mention took in care nowadays most people read no more than one line at a time. :-) Web sites are designed to look pretty, text is there just for SEO. I mean the oppinion of most people about what is comfortable while reading doesn't tell the truth. > > I must say i never particularly liked that line in the CSS file. > It always felt like fiddling with details that it might be better > not to touch, given that display devices running browsers differ > more than terminal emulators. And here we are with a suspicion > that it actually causes accessibility issues, even if the suspicion > is still unconfirmed... It's not a mandoc problem. That line is a workaround, so even when I prefer that behavior I'm not against removing it. > > Depending on the feedback i get here with respect to how > https://man.openbsd.org/ > now looks, i shall consider deleting the offending line for good. > > In general, i like the idea of making things better by *removing* > harmful tweaks rather than adding new goo... Have you added apple-touch-icon.png in all required sizes? No? Why do you resist to innovation, to "new technologies"? Here you have a guide: https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html :-) > > Yours, > Ingo > > Walter
Checking my new smtpd.conf syntax
Could someone tell me if my changes below are OK. :-) The part I'm not clear is I read in current.html remote authenticated users need a explicit rule. Do I need to add some "match auth" rule? # /etc/mail/smptd.conf egress_int="em0" server="server.roquesor.com" table aliases file:/etc/mail/aliases table valiases file:/etc/mail/valiases table vdomains file:/etc/mail/vdomains table addresses file:/etc/mail/addresses table users file:/etc/mail/users pki $server certificate "/etc/ssl/server.crt" pki $server key "/etc/ssl/private/server.key" listen on lo0 listen on $egress_int port 25 tls pki $server listen on $egress_int port 465 smtps pki $server auth \ senders masquerade # Old #accept from local for local alias deliver to mbox #accept from any for domain virtual deliver to mbox #accept from local sender for any relay # New action local_users mbox alias action remote_users relay match from local for local apply local_users match from any for domain virtual apply local_users match from local sender for any apply remote_users # End of file
Re: Checking my new smtpd.conf syntax
On Fri, May 25, 2018 at 03:58:59PM +0300, Consus wrote: > On 14:31 Fri 25 May, Gilles Chehade wrote: > > On Fri, May 25, 2018 at 02:20:50PM +0200, Walter Alejandro Iglesias wrote: > > > Could someone tell me if my changes below are OK. :-) > > > > > > The part I'm not clear is I read in current.html remote authenticated > > > users need a explicit rule. Do I need to add some "match auth" rule? > > > > > > > yes. > > > > before, "from local" would match authenticated users as if they had sent > > mail from the local machine but this led to being unable to express some > > setups where depending on the source you want to relay to different hubs > > even though users are authenticated. > > > > > > With this: > > > > > match from local for local apply local_users > > > match from any for domain virtual apply local_users > > > match from local sender for any apply remote_users > > > > you need an additonal rule such as: > > > > match auth from any sender for any apply remote_users > > > > > > because: > > > > > #accept from local sender for any relay > > > > no longer matches authenticated users > > Ain't it "action local_users" instead of "apply local_users"? The man > page states "action". I took the "apply" from here: https://undeadly.org/cgi?action=article;sid=20180430122930 Now reading this: https://poolp.org/posts/2018-05-21/switching-to-opensmtpd-new-config/ I see I also have to change the "certificate" keyword to "cert" here: pki $server cert "/etc/ssl/server.crt" Gilles, I also saw the "ca" directive. I've been using the acme certificates in pki directives, can I use them in the "ca" directive too? (any advantage in doing this?) Walter
Re: Checking my new smtpd.conf syntax
On Sat, May 26, 2018 at 08:15:18AM +0200, Gilles Chehade wrote: > > Gilles, I also saw the "ca" directive. I've been using the acme > > certificates in pki directives, can I use them in the "ca" directive > > too? (any advantage in doing this?) > > > > don't touch a knob if you don't KNOW that you absolutely need it. > > I know why some people would like to use a custom CA certificate instead > of the one shipped with the system, I don't know why YOU should do it so > if you are asking I can only guess you are going to break your setup. First of all, each one is responsible of what they do with their system, it's the nature of free software, isn't it? Don't be afraid, if I break my setup I won't sue you. :-) In the past I used the defunct StartSSL(TM) certificates with Apache and Sendmail during years. In the case of a mail server I thought that, by logic, to present something that certificates your identity (what a CA is for, isn't it?) should be one among the more acceptable ways to avoid your messages be considered SPAM. What I'm not clear about is what Let's Encrypt does (differently). And, logically, I'm not clear about what your software does in this case. And over all I'm not clear about (and probably nobody is at this stage) what mail servers do and why with their SPAM filters. That was the aim of my question. By the way, your messages got to my server but not to misc@ (at least I can't not read them through gmane), I guess they got trapped in spamd daemon. > > > -- > Gilles Chehade > > https://www.poolp.org @poolpOrg Walter
Re: Checking my new smtpd.conf syntax
On Sat, May 26, 2018 at 12:35:57PM +0200, Walter Alejandro Iglesias wrote: > On Sat, May 26, 2018 at 08:15:18AM +0200, Gilles Chehade wrote: > > > Gilles, I also saw the "ca" directive. I've been using the acme > > > certificates in pki directives, can I use them in the "ca" directive > > > too? (any advantage in doing this?) > > > > > > > don't touch a knob if you don't KNOW that you absolutely need it. > > > > I know why some people would like to use a custom CA certificate instead > > of the one shipped with the system, I don't know why YOU should do it so > > if you are asking I can only guess you are going to break your setup. > > First of all, each one is responsible of what they do with their system, > it's the nature of free software, isn't it? Don't be afraid, if I break > my setup I won't sue you. :-) > > In the past I used the defunct StartSSL(TM) certificates with Apache and > Sendmail during years. In the case of a mail server I thought that, by > logic, to present something that certificates your identity (what a CA > is for, isn't it?) should be one among the more acceptable ways to avoid > your messages be considered SPAM. > > What I'm not clear about is what Let's Encrypt does (differently). And, > logically, I'm not clear about what your software does in this case. > And over all I'm not clear about (and probably nobody is at this stage) > what mail servers do and why with their SPAM filters. That was the aim > of my question. > > By the way, your messages got to my server but not to misc@ (at least I > can't not read them through gmane), I guess they got trapped in spamd > daemon. Let me add something more about what I know. Each software (i.e. apache, ngnix, uw-imap, sendmail, etc) requires a different setup to get the certificates working. In some cases you need to put chain and cert in one file, in others (uw-imap) you need to include the key in a same one file. I just expected you could tell me (or point me where this is documented) what to do in opensmptd case. The explanaintion in starttls(8) isn't enough. For example, what does the smptd.conf "ca" directive expect?, a root certificates bundle? Intermediate certificates? What does the software use in case you don't set this option?, the system provided /etc/ssl/cert.pem? I'll tell you what I been doing so far. When time ago I started using opensmtpd with the certs downloaded with acme-client, *after some trial and error* I got it working with this set up: Here I use the "full chain" certificate: pki $server cert "/etc/ssl/server.crt" Here the key: pki $server key "/etc/ssl/private/server.key"
I got smtpd.conf working thanks to the man page
Just in case it could be useful to others. After upgrading the snaptshot requiring the new version of smtpd.conf it happend that the new rules I'd written (included the last one Gilles passed me) were all wrong. I could get it working thanks to the man page. The result: # OLD accept from local for local alias deliver to mbox accept from any for domain virtual deliver to mbox accept from local sender for any relay # FIST ATTEMPT (smtpd -n told me the three last lines were wrong) action local_users mbox alias action remote_users relay match from local for local apply local_users match from any for domain virtual apply local_users match from local sender for any apply remote_users match auth from any sender for any apply remote_users # NOW WORKING action "local" mbox alias action "virtual" mbox virtual action "relay" relay match from local for local action "local" match from any for domain action "virtual" match mail-from for any action "relay" match auth mail-from for any action "relay" My advice to others is not to pay attention to anything but the man page, checking one by one each option you used in the old configuration, if it still exists, if it was replaced and finally *where* to pass it, if to match or to action. Doing it in that order you'll probably go faster. :-) As you see above I had to replace "sender" for "mail-from" and to create a third action to pass the virtual aliases table that in the first attempt I'd wrongly included it in the match.
Re: kernel panic while reproducing video with mpv
Hi Visa, On Sun, Jun 24, 2018 at 05:54:15PM +, Visa Hankala wrote: > On Sun, Jun 24, 2018 at 12:37:45PM +0200, Walter Alejandro Iglesias wrote: > > panic: mtx 0x81c86470: locking against myself > > Stopped at db_enter+0x12: popq%r11 > > TIDPIDUID PRFLAGS PFLAGS CPU COMMAND > > 104021 96401 1000 0x3 0x4002 mpv > > *402610 50624 10000x32 00K Xorg > > > > db_enter() at db_enter+0x12 > > panic() at panic+0x138 > > __mtx_enter_try(53b9235709d40154) at __mtx_enter_try+0xb5 > > _mtx_enter(81cf3e60,81a5d6a2,0) at _mtx_enter+0x5a > > printf(c9ef1007dec621e0) at printf+0x70 > > witness_checkorder(2e4447d1b3cbb9af,81c2ac7c,32a,0,81da6d00) > > at > > witness_checkorder+0x943 > > ___mp_lock(8000330cd760,d,7) at ___mp_lock+0x70 > > selwakeup(e80faaebded7c1a2) at selwakeup+0x9c > > ptsstart(8ce5939828d5e23) at ptsstart+0x79 > > tputchar(174549bf676e909c,80afa400) at tputchar+0x85 > > kputchar(75d50501b895e9e4,0,81a5d6a2) at kputchar+0x91 > > kprintf() at kprintf+0xe8 > > printf(c9ef1007dec621e0) at printf+0x85 > > witness_checkorder(2e4447d1b3cba2fe,81af9df1,298,81c8a678,ff > > ff81c8a688) at witness_checkorder+0x943 > > end trace frame: 0x80003302e978, count: 0 > > If the panic happens again, please run the following commands in ddb(4) > and post the output: > > show locks > show all locks The true is it happend twice. On the first one fsck(8) couldn't recover my root file system. After rebooting I couldn't even log in (as user or root) and I had to reinstall. That's way I'm not confident about "voluntary" reproducing the bug. :-) But if it happens again take for sure I'll send you the output of those commands (and per cpu traces). > > It is not clear from the stack trace why the system begins to report > a lock order problem in the first place (the first witness_checkorder > and the printf at the end of the stack trace). > > The panic itself is related to the problem of using other kernel > subsystems from WITNESS. I will try to make a fix that should prevent > the panic in most cases. Thanks! Walter
Re: mandoc output paper size
In article <20171026193138.ga41...@www.stare.cz> Jan Starywrote: > > > > In the ps file generated by mandoc you should have this line: > > > > > > > > %%DocumentMedia: Default 595 841 0 () () > > > > > > > > Where 595 841 correspond to A4. If you set output paper to "letter" > > > > that line will say: > > > > > > > > %%DocumentMedia: Default 612 790 0 () () > > Yes. It seems that these are just _comments_ to the PS interpreter > and the "Default" is just an arbitrary given name, right? > (Sorry, I don't know the language.) So GV just shows that, > but it does not _determine_ the actual media size, right? > Looking at term_ps.c, mandoc writes "Default ... " for every paper size. > First of all, I'm just a user like you trying to figure out how things work. So, don't expect from me some deep analysis, for that Ingo is the right person. I answered you - based in what I intuitively observed - that mandoc honors the paper size, and explained you why I think so. I know about postcript language as much as you, as well as what gv takes in care to print the document on the screen, so first I grep in the ps file for 'a4|letter' strings and got nothing, then searching on the Internet I found the dots equivalence and repeated the search this time using '595 841|612 790'. I did the same with documents generated by GNU roff. I found the "comment" I mentioned in the other message, so I opened the ps file with vi(1), changed those numbers, and then I opened the modified file with gv. That's how I found out gv takes in care that "comment" to figure out physical page dimensions. As far as I understand postscript draws page contents using coordinates and using the postscript dot as unit (as Ingo explained). What gv does is just trying to figure out the best way to print the document on screen; when you select A4|Letter in the menu it only modifies the page, the rest of dimensions stay the same. Ingo will correct me if I'm wrong about this, we're talking specifically about how gv shows you the document in screen, it shouldn't affect how the document is printed on paper (what I *guess* gv does in this case is to send the postscript file "as is" to lpr or cups.) Finally, "default" means "default". :-) Perhaps (guessing again), since page size use is related to region settings, who designed postscript (hence gv) thought convenient to honor some wide system setting (based on locale?). > Jan > > Walter
Re: mandoc output paper size
In article <20171027104221.gd9...@www.stare.cz> Jan Starywrote: > On Oct 27 12:12:21, w...@roquesor.com wrote: > > In article <20171026193138.ga41...@www.stare.cz> Jan Stary > > wrote: > > > > > > In the ps file generated by mandoc you should have this line: > > > > > > > > > > > > %%DocumentMedia: Default 595 841 0 () () > > > > > > > > > > > > Where 595 841 correspond to A4. If you set output paper to "letter" > > > > > > that line will say: > > > > > > > > > > > > %%DocumentMedia: Default 612 790 0 () () > > > > > > Yes. It seems that these are just _comments_ to the PS interpreter > > > and the "Default" is just an arbitrary given name, right? > > > (Sorry, I don't know the language.) So GV just shows that, > > > but it does not _determine_ the actual media size, right? > > > Looking at term_ps.c, mandoc writes "Default ... " for every paper size. > > > > > > > First of all, I'm just a user like you trying to figure out how things > > work. So, don't expect from me some deep analysis, for that Ingo is the > > right person. > > > > I answered you - based in what I intuitively observed - that mandoc > > honors the paper size, and explained you why I think so. > > > > I know about postcript language as much as you, as well as what gv takes > > in care to print the document on the screen, so first I grep in the > > ps file for 'a4|letter' strings and got nothing, then searching on the > > Internet I found the dots equivalence and repeated the search this time > > using '595 841|612 790'. I did the same with documents generated by GNU > > roff. I found the "comment" I mentioned in the other message, so > > I opened the ps file with vi(1), changed those numbers, and then > > I opened the modified file with gv. That's how I found out gv takes in > > care that "comment" to figure out physical page dimensions. > > Apparently, it does not: the dimensions are given explicitly in e.g. > "%%DocumentMedia: Default 595 841 0 () ()", and the "Default" > could just as well be "Foobar", as Ingo explained. > That's the "comment" we're talking about since the beginning of the thread, aren't we? As I told you what I modified to do the test was the numbers. > > Finally, "default" means "default". :-) Perhaps (guessing again), since > > page size use is related to region settings, who designed postscript > > (hence gv) thought convenient to honor some wide system setting (based > > on locale?). > > With output paper set to A3, A4, A5 in man.conf, "man -Tps rm > rm.ps" > will produce a PostScript file with the correct dimensions, > calling all the formats "Default". A printer (such us my Minolta) > will print them all on A4, although it does have A3 and A5 paper too. > Changing the "%%DocumentMedia: Default ..." line manualy to "A3" or "A5" > does not change that. > > I am not saying mandoc should write A3 or A4 or A5 instead of Default > (it's the actual dimensions that matter), but perhaps such a DSC comment > might help some appications. Apparently not GV, which just repeats the name, > and not my Minolta, which prints on A4 anyway. You know, too much people developing software without caring about what others did before. Who developed your Minolta software is not an exception. ;-) > > Jan > > Walter
Re: mandoc output paper size
In article <20171026122507.ga13...@www.stare.cz> Jan Starywrote: > On Oct 26 11:36:45, w...@roquesor.com wrote: > > In article <20171026083919.ga38...@www.stare.cz> Jan Stary > > wrote: > > > I am not sure whether man -Tpdf and man -Tps honour the paper size. > > > > I think it does. > > > > I don't have a printer at hand to verify it but if in the gv(1) menu > > I select alternativelly A4 (or Letter) and Default > > You can "select alternatively" whatever you want in the gv(1) window, > but that don't make it so. My point is that files which really are A4 > just already say so in the gv(1) box, without "selecting it alternatively". In the ps file generated by mandoc you should have this line: %%DocumentMedia: Default 595 841 0 () () Where 595 841 correspond to A4. If you set output paper to "letter" that line will say: %%DocumentMedia: Default 612 790 0 () () As a side note. You made me realize of something I didn't notice when I migrated to openbsd; I have files generated with GNU roff that defaults to letter size. This doesn't happen on Linux, I ignore why. > > > I can see how the page get resized (or not) > > depending on the 'ouput paper' man.conf setting. > > Yes it does. But why does it say e.g. "y841x595" instead of A4? > (Maybe "A4" is just a shorthand for that, I don't know). > > Jan > >
Sent here by mistake (instead to bugs@) Sorry!
In article <a67500574d104...@server.roquesor.com> Walter Alejandro Iglesias <w...@roquesor.com> wrote: > Hi Ruben, > > In article > <caenp9cg+b-5b+8r3w9eaebodaxeybrdhg7jhfgq2ascrbfg...@mail.gmail.com> Ruben > Miller <rubenmil...@gmail.com> wrote: > > In article > > <CAEnp9CEpPEJxkWkxLu1qmP8qTA4Ti4+6hCFrGqYy1+WZ0dBy=a...@gmail.com> > > Ruben Miller <rubenmil...@gmail.com> wrote: > > >The speed is not a problem, since the bug is triggered because cwm raise > > > two windows in every cycle. > > > Just start the cycle with seamonkey selected, so it's always the previous > > > window. > > > > Just in case, the idea is cycling without releasing ALT, so the client with > > WM_TAKE_FOCUS is always behind the new one. > > First of all, I'm not a developer but since I made that diff I'm trying > to help. > > No idea in which way it's related but I could easily reproduce the issue > you describe after setting back SNA acceleration in my xorg.conf (since > my graphic card has some issue with the default acceleration I have to > use UXA.) > > Wait to Okan Demirmen (cwm maintainer) to get a good answer. :-) > > I sent this here by mistake. Sorry!
Re: cwm 6.2: Windows losing focus while cycling (ALT-TAB)
Hi Ruben, In articleRuben Miller wrote: > In article > Ruben Miller wrote: > >The speed is not a problem, since the bug is triggered because cwm raise > > two windows in every cycle. > > Just start the cycle with seamonkey selected, so it's always the previous > > window. > > Just in case, the idea is cycling without releasing ALT, so the client with > WM_TAKE_FOCUS is always behind the new one. First of all, I'm not a developer but since I made that diff I'm trying to help. No idea in which way it's related but I could easily reproduce the issue you describe after setting back SNA acceleration in my xorg.conf (since my graphic card has some issue with the default acceleration I have to use UXA.) Wait to Okan Demirmen (cwm maintainer) to get a good answer. :-)
Re: mandoc output paper size
On Thu, Oct 26, 2017 at 07:24:43PM +0200, Ingo Schwarze wrote: > Hi Walter, > > Walter Alejandro Iglesias wrote on Thu, Oct 26, 2017 at 05:44:16PM +0200: > > > I have files generated with GNU roff that defaults to letter size. > > That's the upstream (GNU troff) default when you compile GNU troff > from the git repository with automake and autoconf. If i understand > correctly, it is the GNU troff default because it is also the default > used by GNU autoconf in general. > > > This doesn't happen on Linux, I ignore why. > > I doubt this has anything to do with Linux (neither the kernel nor > whatever C library or userland applications are used). But it may > depend on whatever operating system distribution you are using. It > is well-known that many Lnux distributions engage in tweaking > upstream defaults, even those settings that are more or less a > matter of personal preference. By "linux" I meant distributions. > > > This is set in DESC config files. > > > > $ grep -ER 'papersize (letter|a4)' /usr/local/share/groff/* > > /usr/local/share/groff/1.22.3/font/devdvi/DESC:papersize letter > > /usr/local/share/groff/1.22.3/font/devlj4/DESC:papersize letter > > /usr/local/share/groff/1.22.3/font/devps/DESC:papersize letter > > /usr/local/share/groff/1.22.3/font/devlbp/DESC:papersize letter > > /usr/local/share/groff/1.22.3/font/devpdf/DESC:papersize letter > > That is automatically generated at GNU troff build time, controlled > by files generated by autoconf, controlled by files generated by > automake, controlled by files autogenerated by whatever (insert > your favourite rabbit hole here). > > In any case, the fact that groff defaults to "papersize letter" is > the reason why mandoc(1) does the same. Unless there are strong > reasons to diverge, mandoc aims for compatibility with groff. Yes, I figured out it was an option selected at compile time (curiously in Slackware, being american, groff is compiled to use a4). What moved me to test this on Linux is I remember using the /etc/papersize file there. But it seems groff and gv ignore that file (I mean on linux). > > Yours, > Ingo Thank you Ingo.
Re: mandoc output paper size
Answering myself. In article <a675001fecbb3...@server.roquesor.com> Walter Alejandro Iglesias <w...@roquesor.com> wrote: > As a side note. You made me realize of something I didn't notice when > I migrated to openbsd; I have files generated with GNU roff that > defaults to letter size. This doesn't happen on Linux, I ignore why. This is set in DESC config files. $ grep -ER 'papersize (letter|a4)' /usr/local/share/groff/* /usr/local/share/groff/1.22.3/font/devdvi/DESC:papersize letter /usr/local/share/groff/1.22.3/font/devlj4/DESC:papersize letter /usr/local/share/groff/1.22.3/font/devps/DESC:papersize letter /usr/local/share/groff/1.22.3/font/devlbp/DESC:papersize letter /usr/local/share/groff/1.22.3/font/devpdf/DESC:papersize letter
Re: mandoc output paper size
In article <20171026104155982590.bfb59...@talsever.com> Amelia A Lewis <amyz...@talsever.com> wrote: > On Thu, 26 Oct 2017 16:14:36 +0200 (CEST), Walter Alejandro Iglesias > wrote: > > In the ps file generated by mandoc you should have this line: > > > > %%DocumentMedia: Default 595 841 0 () () > > > > Where 595 841 correspond to A4. If you set output paper to "letter" > > that line will say: > > > > %%DocumentMedia: Default 612 790 0 () () > > So these measures are in points? I took it from here: https://www.gnu.org/software/gv/manual/gv.html#Paper-Keywords-and-paper-size-in-points > > https://en.wikipedia.org/wiki/Point_(typography) >
kernel panic while reproducing video with mpv
Hello, I had a kernel panic while reproducing a video with mpv. It's my first kernel panic with OpenBSD, so I didn't know how to use ddb(4). Since I'm running my http and smtp server in this machine I cannot entertain myself too much reproducing the panic to get more info. That's why I don't include the per cpu trace and other additonal info as explained in ddb.html, sorry! But, if you need it let me knonw and I'll try my best. Message automatically dumped: === panic: mtx 0x81c86470: locking against myself Stopped at db_enter+0x12: popq%r11 TIDPIDUID PRFLAGS PFLAGS CPU COMMAND 104021 96401 1000 0x3 0x4002 mpv *402610 50624 10000x32 00K Xorg db_enter() at db_enter+0x12 panic() at panic+0x138 __mtx_enter_try(53b9235709d40154) at __mtx_enter_try+0xb5 _mtx_enter(81cf3e60,81a5d6a2,0) at _mtx_enter+0x5a printf(c9ef1007dec621e0) at printf+0x70 witness_checkorder(2e4447d1b3cbb9af,81c2ac7c,32a,0,81da6d00) at witness_checkorder+0x943 ___mp_lock(8000330cd760,d,7) at ___mp_lock+0x70 selwakeup(e80faaebded7c1a2) at selwakeup+0x9c ptsstart(8ce5939828d5e23) at ptsstart+0x79 tputchar(174549bf676e909c,80afa400) at tputchar+0x85 kputchar(75d50501b895e9e4,0,81a5d6a2) at kputchar+0x91 kprintf() at kprintf+0xe8 printf(c9ef1007dec621e0) at printf+0x85 witness_checkorder(2e4447d1b3cba2fe,81af9df1,298,81c8a678,ff ff81c8a688) at witness_checkorder+0x943 end trace frame: 0x80003302e978, count: 0 dmesg: === OpenBSD 6.3-current (GENERIC.MP) #48: Fri Jun 22 14:11:27 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 6210174976 (5922MB) avail mem = 5960577024 (5684MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version "6IET85WW (1.45 )" date 02/14/2013 bios0: LENOVO 2537EY8 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT TCPA SSDT S SDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4 (S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.56 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF, PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 132MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF, PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF, PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF, PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins , remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpiprt5 at acpi0: bus 5 (EXP4) acpiprt6 at acpi0: bus 13 (EXP5) acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), C1(1000@3 mwait.1), PSS acpicpu1 at
Re: what would a POP3s daemon best look like?
Hi Todd, Not an expert here and just to be sure, :-) In article <21bf906b4c6c6...@sudo.ws> Todd C. Miller wrote: > I don't think there is much interest in having a pop3 daemon in > base due to the use of plain-text passwords I've been assuming that running pop3d(8) from ports, listening in 995 only and with 110 port firewalled my passwords aren't traveling in plain text. Am I assuming right? Walter