Re: OpenSMTPD + rspamd to sign mail.

2021-08-12 Thread Chris Eidem

On 8/12/21 5:09 AM, latin...@vcn.bc.ca wrote:

Hello

After:
# pkg_add redis rspamd opensmtpd-filter-rspamd successfully

i got:
# rcctl start rspamd
rspamd(failed)

then I did:
# rspamd -d
2021-08-12 09:23:41 #0(main) ; main; detect_priv: cannot run
rspamd workers as root user, please add -u and -g options to select a
proper unprivilleged user or specify --insecure flag

How to interpret it please?

I did # chown R spamd:_rspamd /etc/mail/dkim but it fails, then i did
  # chown -R root:_spamd /etc/mail/dkim and it worked; anyway i suppose i
should do  rspamd:_rspamd to change -u and -g

thanks for your attention.

What is the contents of your /etc/rc.d/rspamd file? It should include 
lines like:


   daemon="/usr/local/bin/rspamd"
   daemon_flags="-u _rspamd -g _rspamd"

Also, did you remember to enable the service with "rcctl enable rspamd"



Fwd: dig(1) and nslookup(1) broken in -current

2019-12-18 Thread Chris Eidem



Sent from my iPad

Begin forwarded message:

> From: Dieter Rauschenberger 
> Date: December 18, 2019 at 11:09:34 AM CST
> To: misc@openbsd.org
> Subject: dig(1) and nslookup(1) broken in -current
> 
> Hi misc,
> 
> $ dig openbsd.org
> Abort trap (core dumped)
> 
> $ tail -f /var/www/messages
> Dec 18 17:57:07 ws /bsd: dig[96895]: pledge "dns", syscall 28
> 
> $ nslookup  openbsd.org
> Abort trap (core dumped)
> 
> $ tail -f /var/www/messages
> Dec 18 17:57:22 ws /bsd: nslookup[10037]: pledge "dns", syscall 28
> 
> host(1) ist working fine. This happens on todays snapshot and via cvs
> checkout and compile.
> 
> Regards
> -Dieter
> 

I can confirm dig fails for me also, though tail appears to be working as 
expected.


Re: dig(1) and nslookup(1) broken in -current

2019-12-18 Thread Chris Eidem
I can confirm dig fails, though tail -f works for me.  Using tail, when 
I try to use dig, I see the following in /var/log/messages:


Dec 18 14:28:03 fw /bsd: dig[33014]: pledge "dns", syscall 28


On 12/18/19 11:06 AM, Dieter Rauschenberger wrote:

Hi misc,

$ dig openbsd.org
Abort trap (core dumped)

$ tail -f /var/www/messages
Dec 18 17:57:07 ws /bsd: dig[96895]: pledge "dns", syscall 28

$ nslookup  openbsd.org
Abort trap (core dumped)

$ tail -f /var/www/messages
Dec 18 17:57:22 ws /bsd: nslookup[10037]: pledge "dns", syscall 28

host(1) ist working fine. This happens on todays snapshot and via cvs
checkout and compile.

Regards
-Dieter





Re: Pkg_add

2018-09-13 Thread Chris Eidem

man installurl


On 09/13/2018 12:08 AM, Michael Ayres wrote:

New to OpenBSD, which I am newly running as a Parallels VM on my Apple MacBook 
Pro. Shell and basic commands working, and have set path variable PKG_PATH =

On calling PGK_ADD, with -v switch,  I get screen display of

“Update candidates: quits-2.414 -> quirks-2.414
quirks-2.414 signed on 2018-03-29T09:01:59Z"

but then nothing.

Recalling Unix’s reticent personality, I wait, but nothing ever seems to 
happen. With a new install, downloaded 6, do I have 29 tons of updates, has BSD 
become to bored with me to even acknowledge I exit, or I have I misspoken to it?


Michael Ayres

Michael Ayres, MS, CISSP, CSEP, CSM, PMI-ACP, PMP | www.mace-associates.com 

San Francisco, CA. | 415.999.2049   
https://www.linkedin.com/in/michaelmaceayres 

michael.ay...@yahoo.com 







Re: NextCloud: failed integrity checks

2018-07-22 Thread Chris Eidem
I believe that the differences are from installing the software from an 
OpenBSD package as opposed to installing from source.  The differences 
are from modifications the package maintainer made. At least that was 
the case when I installed NextCloud from packages.



On 07/22/2018 02:39 PM, Nicolas Schmidt wrote:

After installation on OpenBSD 6.3 with pkg_add, NextCloud complains about files 
failing the integrity checks. More specifically:

- occ
  * expected hash: 
7e3fce0d7b5c20a7775ed1b548cb2e29bed078d3ca77b01a83d438f671b3d473147d4e8217d2084e17b6fe23a18ba258b11ba60106e23381f1e2889ce14971c4
  * current hash:  
7693eb89c0bc218712d68ec58599efa46e5c3729814e2aad16bf2c0079be7ae1909f072ead7889883c0a89b6c51570800d9e8a71f35866cb4e0c47aeaa5a4b2b

- version.php
  * expected hash: 
4e9046aca4fd8e942ba7bd505374e22ddd500a99b3a46d57d629b99c3132a66206883053f22801894929e51fca307c740062b497d55639bcc9a3154ada3504ff
  * current hash:  
30cd43589fc8ab273fa25e1a477c8cbadb13bac5541daa6d3fa0490a0c2054c2c29a274fd50eec66934a9d9adc541dec8701e7463922d36174478ae3e9a64981

- apps/updatenotification/appinfo/info.xml
  * expected hash: 
bf7983ffe422ba215c04a0069081fab0c78ba81fa40a90cbdd3595182e011fb7f3e0bd1cd14cdea742cafb89f1da001582fe8d560749d98ea540b4ee76dd9898
  * current hash:  
d2984fa816b4cea71e7c09f36a4132e7cb88d357f22e1c795778deccdb4066beaef2876b95d849e6eeae37b879c0f63500b0958a6a61bab1c933736bf135c440


Anybody able to reproduce?

--Nicolas





Re: OpenBSD is just an OS, not a firewall...

2012-06-08 Thread Chris Eidem
Wow.  Just, wow.



Nice pineapple, dude...



-Original Message-

From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Chris 
Smith

Sent: Friday, June 08, 2012 12:56 PM

To: OpenBSD-Misc

Subject: OpenBSD is just an OS, not a firewall...



... if you really want a firewall you need pfSense.



Also if you  walk into any security experts convention and claim that

raw OpenBSD is a firewall, you will get laughed out of the room for

lack of clue.



Guess I've been wrong all these years: see the comments to

https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe




Re: OpenBSD is just an OS, not a firewall...

2012-06-08 Thread Chris Eidem
From the g+ spew:



I grew up and got a life!



You boys need a good beating with the clue stick:

Hacking configuration files directly does not give you better security.

Hacking configuration files directly does not make you better at security.



And the converse is true:

Using a GUI to make firewall changes does not give you worse security

Using a GUI to make firewall changes does not make you worse at security.



You still need to know what you are doing!



Any view contrary to this is borne of pure ignorance, prejudice and 
incompetence.





So, if there were some distro with a GUI front end for this security 
professional with OpenBSD in the background, with some other name and 
distributed as a bootable DVD -- call it DoucheWall -- OpenBSD would all of a 
sudden become a firewall?



-Original Message-

From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Chris 
Smith

Sent: Friday, June 08, 2012 12:56 PM

To: OpenBSD-Misc

Subject: OpenBSD is just an OS, not a firewall...



... if you really want a firewall you need pfSense.



Also if you  walk into any security experts convention and claim that

raw OpenBSD is a firewall, you will get laughed out of the room for

lack of clue.



Guess I've been wrong all these years: see the comments to

https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe




Anyone installed sguil lately?

2012-03-30 Thread Chris Eidem
Just wondering if it's possible and how much pain one must go through.

Thanks in advance,

- chris



Re: Running OpenBSD installer in a live system

2011-06-28 Thread Chris Eidem
http://www.openbsd.org/faq/upgrade49.html#upgrade

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of Anand Buddhdev
Sent: Tuesday, June 28, 2011 11:30 AM
To: misc@openbsd.org
Subject: Running OpenBSD installer in a live system

Hello OpenBSD gurus,

I have a question related to my earlier post, about installing/upgrading
OpenBSD on a existing system.

Is the OpenBSD installer only available in a boot image? Or can I run
the
OpenBSD installer in a running system and do an installation of a newer
version of OpenBSD to another partition/disk? Essentially, what I'm
asking
for is something like FreeBSD's /stand/sysinstall, which can be run in a
live system to configure or upgrade the system.

Regards,

Anand



Re: Router components

2010-10-05 Thread Chris Eidem
Hear, hear.  I just built out one of these for my home firewall and the
installation is bog simple.

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of Sean Kamath
Sent: Monday, October 04, 2010 1:28 AM
To: David Higgs
Cc: misc@openbsd.org
Subject: Re: Router components

On Oct 3, 2010, at 11:15 PM, David Higgs wrote:
 NONE OF IT WILL MATTER TO YOU.
 
 I'll google up some smaller systems (Soekris, ALIX, etc?)
 and see how they strike me.  Pointers here are even more welcome, as I
 am not as familiar with this end of the spectrum and want to avoid the
 aforementioned crappy super-low-power systems.

 Thanks for the input.

I just bought a Alix 2d13 board.  Then ended up buying about 7 of them
for
work for OOB back-channel machines.

Insanely straightforward, and they Just Work(tm).

Sean



Re: OpenBSD in VirtualBox 3.1.x on non-SMP machine

2010-01-11 Thread Chris Eidem
 According to http://www.virtualbox.org/wiki/Guest_OSes:

 Requires VT-x or AMD-V hardware virtualization support.

 It would appear they've therefore made VT-x and friends non-
 configurable. You can file a bug report and see where that goes.

 Am 20 Dec 2009 um 10:18 schrieb Tomas Bodzar:

 Hi all,

 someone have running OpenBSD release/stable/current on new line of
 VirtualBox (3.1.x) on non-SMP machine? Older version 3.0.x was ok.
Now
 it sets VT-x/AMD-V as default and you can't change it. Even when I
 disable it directly in .xml config file for guest it still try this
 feature. With release I can't continue even with boot. With current I
 can start installation, but too much segfaults and then Illegal
 instruction. On host capable of VT-x/AMD-V no problems. So it looks
 like they changed again something in their horrible way :-(

 --
 http://www.openbsd.org/lyrics.html

Find your virtual machine's XML configuration file and modify this line
to read like this:
HardwareVirtEx enabled=false exclusive=false/



Re: FW: Real men don't attack straw men

2008-01-04 Thread Chris Eidem
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Sent: Thursday, January 03, 2008 3:21 PM
To: misc@openbsd.org
Subject: Re: FW: Real men don't attack straw men

Daniel Ouellet wrote:

Rui Miguel Silva Seabra wrote:
 On Thu, Jan 03, 2008 at 12:33:26PM -0700, Theo de Raadt wrote:
 Rui Miguel Silva is continually making you guys remove [EMAIL PROTECTED]
 from the cc's of your messages.

 FYI, I continually remove people from the CC on mailing-list posts.

 I consider it rude to receive duplicate email.

Except in his case, He is not subscribe to the list and if you don't cc

him, he will simply not get it.


It appears that even if you _do_ cc him, he doesn't get it...



ACX on Thinkpad A31

2007-12-10 Thread Chris Eidem
Before I submit a bug report, I want to make sure that I'm doing this right
and that it really is the card/laptop/OS combination and not just me.

I'm attempting to start a DWL-650+ on a Thinkpad A31 with the following
command:
ifconfig acx0 -bssid -chan media autoselect -nwid -nwkey up

and the system panics and drops me into ddb.  I have the trace, ps and dmseg
ready, but I want to make sure that I've done this correctly.  This card works
with other hardware and OS's, but I haven't tried this combination (A31 +
DWL-650+) other than with OBSD 4.2.

Thanks in advance
 - chris



Trouble creating serial console CD

2007-11-03 Thread Chris Eidem
I'm attempting to make a serial console install disk using the 
no-emulation boot sector provided.  Following 
http://www.openbsd.org/cgi-bin/cvsweb/src/distrib/i386/cdfs/Makefile?rev=1.7content-type=text/x-cvsweb-markup, 
I can see that you do a standard dirctory setup as shown below (I've 
essentially just copied my 4.2 CD disk1 in this case) and I've modified 
boot.conf to include the necessary set tty com0 line:


[EMAIL PROTECTED] /home/ceidem$ ls 
bsd42/   


4.2 etc

[EMAIL PROTECTED] /home/ceidem$ ls 
bsd42/etc/   


boot.conf

[EMAIL PROTECTED] /home/ceidem$ cat 
bsd42/etc/boot.conf 


set image /4.2/i386/bsd.rd
set tty com0

[EMAIL PROTECTED] /home/ceidem$ ls 
bsd42/4.2/   


i386 packages

[EMAIL PROTECTED] /home/ceidem$ ls 
bsd42/4.2/i386/  

INSTALL.i386  base42.tgzbsd.rdcomp42.tgzfloppyC42.fs  
misc42.tgzxfont42.tgz
INSTALL.linux boot.catalog  cd42.iso  etc42.tgz game42.tgz
pxeboot   xserv42.tgz
MD5   bsd   cdbootfloppy42.fs   index.txt 
xbase42.tgz   xshare42.tgz
TRANS.TBL bsd.mpcdbr  floppyB42.fs  man42.tgz 
xetc42.tgz


I then create an ISO image using the following command:

[EMAIL PROTECTED] /home/ceidem$ mkhybrid -a -R -T -L -d -D -N -o bsd42ser.iso 
-v -v -b 4.2/i386/cdbr -c 4.2/i386/boot.catalog ./bsd42/


or I'll use

mkhybrid -R -T -o bsd42ser.iso -no-emul-boot -v -v -b 4.2/i386/cdbr -c 
4.2/i386/boot.catalog ./bsd42/


on my Linux box.  Either case provides a functional, bootable disk but 
without the serial console.  What am I misunderstanding and/or missing? 


Thanks in advance,
- chris



Re: OpenBSD is loosing cd and tshirt sales

2007-10-10 Thread Chris Eidem
I'm right with you with that.  I just saw that the USPS site light up with my
order too.

India, Oz, NZ, England, all before us.

Puffy, you're such a tease...

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Gerald Thornberry
Sent: Wednesday, October 10, 2007 10:29 AM
To: L. V. Lammert
Cc: Marcos Laufer; OpenBSD Orders; [EMAIL PROTECTED];
misc@openbsd.org
Subject: Re: OpenBSD is loosing cd and tshirt sales


Not entirely true.  I've been checking the USPS Track  Confirm
website each day since October 2 when I got my tracking confirmation
via email.  Until today the USPS had no record of my shipment.
Finally I have a response:

Your item was accepted at 4:31 PM on October 9, 2007 in SWEET GRASS,
MT 59484. Information, if available, is updated every evening. Please
check again later.

So, even though locales as far away as New Zealand (probably farther
than Argentina from Calgary) are already applying their new stickers
to their servers I'm still waiting here in Kentucky, USA (1660 miles
from Calgary).  I pre-ordered on 09/11/2007.  :-)



On 10/10/07, L. V. Lammert [EMAIL PROTECTED] wrote:
 On Wed, 10 Oct 2007, Marcos Laufer wrote:

  The OpenBSD project is loosing sales. I am trying to buy some
  tshirts and the 4.2 prerelease but nobody answers my emails at the
  Calgary shop.
 
 If you had placed an order instead of complaining about it, you would have
 your gear already, like the rest of us. Our 4.2 was actually received the
 same day as the order confirmation - talk about efficiency!

 Lee