Re: Thunderbird stability/usability?
Hello, I'm using Mozilla Suite 1.7.12 on OpenBSD 3.8-GENERIC. Yes, indeed, from time to time it just closes. It happens with both the browser and the mail reader. Indeed, no core, no crash, it's the same problem. I've heard a lot of people having this problem with different versions of Mozilla Thunderbird and Mozilla Firefox on several versions of OpenBSD. I had the same problem with Mozilla Suite 1.7.x (I prefer using Mozilla Suite instead of using Firefox Thunderbird) on OpenBSD 3.8-GENERIC too. The same problem with Mozilla Suite 1.7.12 on OpenBSD 3.8 patched (upgraded with patches 001 to 009). If you examine my messages from this list you can notice that several months ago I raised a similar problem regarding Mozilla products . The answer was that the browser experiences heavy problems when running JavaScripts (try staying longer on sites like Yahoo! and see what happens) and when examining sites with a lot of pictures. What the members of the OpenBSD community were saying then holds now also. It is said that Mozilla is quite inconsistent and that there are some old patches (written years ago) that would solve the problem if applied, but they were not inserted in the mainstream Mozilla product line. What's more confusing is the fact that such problems are exhibited by Mozilla only on some systems (I think that mainly on BSD systems). So there is a problem with Mozilla (not with the OS) and no one there wants to see it fixed (that's what I've heard). Answer: your X is configured properly and there's no problem with X11 or with the OS. Yours in BSDness, Gabriel George POPA Xavier Mertens wrote: hi *, A few days ago, my notebook disk died... Good opportunity to reinstall a fresh 3.9-GENERIC. My X environment is running fine (xfce4) but Thunderbird gives me some headaches... (mozilla-thunderbird-1.5.0.4.tgz) From time to time, when reading RSS feeds or HTML mails (Grrr), it just closes! (no crash, no core produced, no error). Another annoying behaviour: the GUI! Some windows are opened with a small size or without content!? (like password windows) Is that a problem related to my X environment? To Thunderbird? Regards, Xavier -- Secret hacker rule #11: hackers read manuals.
Re: Clamav run from desktop PC
Roger,
First of all, I will send you my /etc/clamd.conf file (commented
lines were deleted):
LogFile /var/log/clamd.log
LogFileMaxSize 1024M
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clam/clamd.socket
FixStaleSocket
MaxConnectionQueueLength 1024
SelfCheck 300
User _clamav
ScanPE
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 500M
ArchiveMaxRecursion 23
ArchiveMaxFiles 5
ArchiveMaxCompressionRatio 0
NOW, /etc/freshclam.conf:
DatabaseDirectory /var/db/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose
LogSyslog
PidFile /var/run/freshclam.pid
DatabaseOwner _clamav
DatabaseMirror db.ro.clamav.net # I am in Romania, you could change this
DatabaseMirror database.clamav.net
NotifyClamd
Debug
As you can easily see, I'm crazy about debug/verbose message and my
system is always logging ALL
it can.
Now, how to completely integrate clamd in your system:
1) Add the following lines to /etc/rc.conf.local:
clamd=YES
clamd_flags=
freshclam=YES
freshclam_flags=--user root --daemon
2) Add the following lines to /etc/rc:
(!reference_line!)if [ X${lpd_flags} != XNO ]; then
(!reference_line!)echo -n ' printer'; lpd ${lpd_flags}
(!reference_line!)fi
# Start the ClamAV Daemon Server
if [ X${clamd} != XNO ]; then
echo -n ' clamd';
# The /var/run directory was emptied at shutdown. Restore the
location:
/bin/mkdir /var/run/clam
/sbin/chown _clamav:_clamav /var/run/clam
/bin/chmod 0750 /var/run/clam
/usr/local/sbin/clamd ${clamd_flags}
fi
# Start the ClamAV automatic virus database download application:
if [ X${freshclam} != XNO ]; then
echo -n ' freshclam';
/usr/local/bin/freshclam ${freshclam_flags}
fi
3) Permissions:
/var/run/clam (directory): rwxr-x--- _clamav _clamav
/var/run/freshclam.pid (file): -rw-rw--- root wheel
-rw-r- _clamav _clamav /var/log/clamd.log (file)
-rw-r- _clamav wheel/var/log/freshclam.log (file)
rwx-- _clamav _clamav /var/clamav (directory)
rwx-- _clamav _clamav /var/clamav/quarantine/ (directory)
Now, after doing all this stuff, reboot your PC and tell me what
happens. If there are any problems you can
count on me. Don't hesitate to contact me personally.
As you can see, this is my particular setup, but I think it should
work for you without any problem. If you intend
to integrate clamav with a mail server contact me, I might be of some help.
Please e-mail me and tell me if it works. I hope the information I
provided you was useful.
Yours in BSDness,
Gabriel George POPA
Roger Neth Jr wrote:
Hello List,
I installed ClamAV from ports on 4.0-beta on a desktop machine. I am
able to manually update freshclam and run manually clamscan. But when
I run clamdscan I get this message.
$ clamdscan
ERROR: Can't parse the configuration file.
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.001 sec (0 m 0 s)
$
From my Googling my guess is that the clamd only works with mail
servers. I
am only running Thunderbird with pop.
I cannot get it to run as a daemon, also freshclam does not check
updates when I reboot the computer.
I tried uncommenting listening on LocalSocket and then tried TCPSocket
without any success.
Also read the man (5) clamd.conf without any success figuring this out.
Any assistance is appreciated.
Thank you,
rogern
John 3:16
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
# LogFile /var/log/clamd.log
# By default the log file is locked for writing - the lock protects
against
# running clamd multiple times (if you want to run another clamd
instance,
# please # copy the configuration file, change the LogFile variable,
and run
# the daemon with the --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock
# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the
size
# in bytes just don't use modifiers.
# Default: 1M
# LogFileMaxSize 2M
# Log time with each message.
# Default: disabled
#LogTime
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean
# Use system logger (can work together with LogFile).
# Default: disabled
Re: Clamav run from desktop PC
I forgot to tell you: my system is set up in such a way that it
downloads automatically new
virus definitions (see manual pages for freshclam). But I think you
could figure this out anyway
by looking closely to the small portions of script I sent you.
Yours in BSDness,
Gabriel George POPA
Gabriel George POPA wrote:
Roger,
First of all, I will send you my /etc/clamd.conf file (commented
lines were deleted):
LogFile /var/log/clamd.log
LogFileMaxSize 1024M
LogTime
LogSyslog
LogVerbose
PidFile /var/run/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clam/clamd.socket
FixStaleSocket
MaxConnectionQueueLength 1024
SelfCheck 300
User _clamav
ScanPE
ScanOLE2
ScanMail
ScanHTML
ScanArchive
ArchiveMaxFileSize 500M
ArchiveMaxRecursion 23
ArchiveMaxFiles 5
ArchiveMaxCompressionRatio 0
NOW, /etc/freshclam.conf:
DatabaseDirectory /var/db/clamav
UpdateLogFile /var/log/freshclam.log
LogVerbose
LogSyslog
PidFile /var/run/freshclam.pid
DatabaseOwner _clamav
DatabaseMirror db.ro.clamav.net # I am in Romania, you could change
this
DatabaseMirror database.clamav.net
NotifyClamd
Debug
As you can easily see, I'm crazy about debug/verbose message and my
system is always logging ALL
it can.
Now, how to completely integrate clamd in your system:
1) Add the following lines to /etc/rc.conf.local:
clamd=YES
clamd_flags=
freshclam=YES
freshclam_flags=--user root --daemon
2) Add the following lines to /etc/rc:
(!reference_line!)if [ X${lpd_flags} != XNO ]; then
(!reference_line!)echo -n ' printer'; lpd
${lpd_flags}
(!reference_line!)fi
# Start the ClamAV Daemon Server
if [ X${clamd} != XNO ]; then
echo -n ' clamd';
# The /var/run directory was emptied at shutdown. Restore the
location:
/bin/mkdir /var/run/clam
/sbin/chown _clamav:_clamav /var/run/clam
/bin/chmod 0750 /var/run/clam
/usr/local/sbin/clamd ${clamd_flags}
fi
# Start the ClamAV automatic virus database download application:
if [ X${freshclam} != XNO ]; then
echo -n ' freshclam';
/usr/local/bin/freshclam ${freshclam_flags}
fi
3) Permissions:
/var/run/clam (directory): rwxr-x--- _clamav _clamav
/var/run/freshclam.pid (file): -rw-rw--- root wheel
-rw-r- _clamav _clamav /var/log/clamd.log (file)
-rw-r- _clamav wheel/var/log/freshclam.log (file)
rwx-- _clamav _clamav /var/clamav (directory)
rwx-- _clamav _clamav /var/clamav/quarantine/ (directory)
Now, after doing all this stuff, reboot your PC and tell me what
happens. If there are any problems you can
count on me. Don't hesitate to contact me personally.
As you can see, this is my particular setup, but I think it should
work for you without any problem. If you intend
to integrate clamav with a mail server contact me, I might be of some
help.
Please e-mail me and tell me if it works. I hope the information I
provided you was useful.
Yours in BSDness,
Gabriel George POPA
Roger Neth Jr wrote:
Hello List,
I installed ClamAV from ports on 4.0-beta on a desktop machine. I am
able to manually update freshclam and run manually clamscan. But when
I run clamdscan I get this message.
$ clamdscan
ERROR: Can't parse the configuration file.
--- SCAN SUMMARY ---
Infected files: 0
Time: 0.001 sec (0 m 0 s)
$
From my Googling my guess is that the clamd only works with mail
servers. I
am only running Thunderbird with pop.
I cannot get it to run as a daemon, also freshclam does not check
updates when I reboot the computer.
I tried uncommenting listening on LocalSocket and then tried
TCPSocket without any success.
Also read the man (5) clamd.conf without any success figuring this out.
Any assistance is appreciated.
Thank you,
rogern
John 3:16
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##
# Comment or remove the line below.
# Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
# LogFile /var/log/clamd.log
# By default the log file is locked for writing - the lock protects
against
# running clamd multiple times (if you want to run another clamd
instance,
# please # copy the configuration file, change the LogFile variable,
and run
# the daemon with the --config-file option).
# This option disables log file locking.
# Default
Re: XOrg upgrade problem (SOLVED)
[Big sigh] =-O The problem was much more simpler. For security reasons, on the root account I was using umask 0027. I was used to the problems posed by this particular fact. For example, when I was installing a package, or when installing a port from source, I was being warned about this umask. So I did umask 0022, then install, then umask 0027. Every time the things went well. Now, when installing patches 001 to 009, I used umask 0027; I saw that the installation process used the install command and fixed the permissions EVERY time. So (I said to myself), there's no problem with this umask 0027; let it be! All patches installed cleanly (except 007, of course). I was outraged by the fact that 007 didn't work well, because I saw numerous times during installation install -m 444 etc. So, after: 1) umask 0027 2) patch XOrg 3) make build I ended up with the problem I presented you. Of course, I used Google, I tried all the conventional solutions etc. Being so tired, I forgot about umask 0027. Today I remembered and I did 1) umask 0022 2) cd /usr/src/XF4 3) make install VOILA. It's OK now! Sorry, I bothered you with this problem which had such a simple solution! Thanks anyway! Yours in BSDness, Gabriel George POPA Alexander Farber wrote: Do you have that path? /usr/X11R6/lib/X11/fonts/misc/ On 8/7/06, Gabriel George POPA [EMAIL PROTECTED] wrote: Hello all, I have a problem concerning an OpenBSD 3.8 machine. I decided today to apply all patches (001 to 009) and to recompile thus parts of the operating system. All patches have been compiled and installed cleanly. Even those for the kernel (although it's the first time I ever compiled a kernel on OpenBSD - I've done this of course numerous times on FreeBSD). BUT, now I have a problem with XOrg (it won't start). Probably it's because of patch number 007. When I do a startx I obtain the following at the end of the /var/log/Xorg.0.log file: (...) (**) Keyboard0: CustomKeycodes disabled (II) XINPUT: Adding extended input device Keyboard0 (type: KEYBOARD) (II) XINPUT: Adding extended input device Mouse0 (type: MOUSE) Could not init font path element /usr/X11R6/lib/X11/fonts/misc/, removing from l ist! Could not init font path element /usr/X11R6/lib/X11/fonts/TTF/, removing from li st! Could not init font path element /usr/X11R6/lib/X11/fonts/Type1/, removing from list! Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from li st! Could not init font path element /usr/X11R6/lib/X11/fonts/75dpi/, removing from list! Could not init font path element /usr/X11R6/lib/X11/fonts/100dpi/, removing from list! Fatal server error: could not open default font 'fixed' Please consult the The X.Org Foundation support at http://wiki.X.Org for help. Please also check the log file at /var/log/Xorg.0.log for additional informati on. What can I do now? Where should I start solving the problem? I installed the 007 patch by doing: cd /usr/src/XF4 patch -p0 007_xorg.patch then by issuing: make build Yours in BSDness, Gabriel George POPA
DMESG question
I have two small questions: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? More precisely, take a look at my `dmesg`: # dmesg arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 ... (and a lot of other similar messages, similar if not even identical) Most questions on this mail list require me to provide a valid output of dmesg. But if old messages are erased, how am I supposed to do this? I am not allowed to reboot the machine! The machine is supposed to be running 24/7, NO reboot allowed. 2) What do these lines mean (the lines I copied above from the output of `dmesg`)? NOTE: I'm using OpenBSD 3.8 on i386 (P4). Yours in BSDness, Gabriel George POPA
Re: DMESG question
All right, even better. Thank you all. Yours in BSDness, George Landry wrote: On 8/7/06, Gabriel George POPA [EMAIL PROTECTED] wrote: I have two small questions: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? There is always a copy of the original dmesg in /var/run/dmesg.boot Landry
Re: DMESG question
Thank you, that's what I was looking for :) Stuart Henderson wrote: On 2006/08/07 16:15, Gabriel George POPA wrote: 1) When the OS generates too much messages, old messages are lost (oldest lines present in `dmesg` are lost). What can I do to see ALL messages ever recorded for dmesg printing? More precisely, take a look at my `dmesg`: /var/log/messages if they're not rotated too far away (change newsyslog.conf if you want to keep them for longer). # dmesg arp info overwritten for 193.231.39.129 by 00:90:bf:10:88:40 on vr0 arp info overwritten for 193.231.39.129 by 00:10:dc:4c:6f:6c on vr0 arp info overwritten for 193.231.39.36 by 00:15:f2:16:f8:b4 on vr0 arp info overwritten for 193.231.39.54 by 00:e0:29:9b:bc:6c on vr0 this is IP addresses moving between machines.
XOrg upgrade problem
Hello all, I have a problem concerning an OpenBSD 3.8 machine. I decided today to apply all patches (001 to 009) and to recompile thus parts of the operating system. All patches have been compiled and installed cleanly. Even those for the kernel (although it's the first time I ever compiled a kernel on OpenBSD - I've done this of course numerous times on FreeBSD). BUT, now I have a problem with XOrg (it won't start). Probably it's because of patch number 007. When I do a startx I obtain the following at the end of the /var/log/Xorg.0.log file: (...) (**) Keyboard0: CustomKeycodes disabled (II) XINPUT: Adding extended input device Keyboard0 (type: KEYBOARD) (II) XINPUT: Adding extended input device Mouse0 (type: MOUSE) Could not init font path element /usr/X11R6/lib/X11/fonts/misc/, removing from l ist! Could not init font path element /usr/X11R6/lib/X11/fonts/TTF/, removing from li st! Could not init font path element /usr/X11R6/lib/X11/fonts/Type1/, removing from list! Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from li st! Could not init font path element /usr/X11R6/lib/X11/fonts/75dpi/, removing from list! Could not init font path element /usr/X11R6/lib/X11/fonts/100dpi/, removing from list! Fatal server error: could not open default font 'fixed' Please consult the The X.Org Foundation support at http://wiki.X.Org for help. Please also check the log file at /var/log/Xorg.0.log for additional informati on. What can I do now? Where should I start solving the problem? I installed the 007 patch by doing: cd /usr/src/XF4 patch -p0 007_xorg.patch then by issuing: make build Yours in BSDness, Gabriel George POPA
Re: Ports and BSD.MP question
Neah, Mozilla crashed again. What's the problem: - the port? - the libraries? - ME? Did this happened to other people too? On what OpenBSD versions? How did they solve this?
Re: Ports and BSD.MP question
I use Mozilla 1.7.12. Help-About-About Plug-ins sais I have no plugins installed. And yes, indeed. It crashes especially on www.yahoo.com (when running javascripts) and when there are a lot of pictures. I really don't know what to do... Once I lost my bookmarks. There was a moment when I lost some e-mails, stuff like this. Neah, Mozilla crashed again. What's the problem: - the port? - the libraries? - ME? Did this happened to other people too? On what OpenBSD versions? How did they solve this? I must say yes. :) Sometimes firefox crashs. What pages are related? Are there javascripts on the websites? Or so many pictures? Have you installed extensions or plugins? If yes, list of them.
BSD.MP question
Hello, I have an Intel P4 processor (with HyperThreading) and I am using a bsd.mp kernel. Should I use the bare bsd kernel? I've noticed that a lot of desktop applications are crashing (Mozilla, for example). Could this be the cause (MP instead of bare?)? Servers don't crash. They act normally. But Gtk applications really generate a lot of problems. I used ports compiled by me (you know, no pkg_add, but make install in the ports collection tree). But I replaced all libraries with versions offered by ftp sites. I'm using standard configuration for OpenBSD 3.8. What could be the cause? Why so many desktop applications (in KDE, GNOME, Gtk apps etc.) crash? Yours in BSDness, Gabriel George POPA
Disk performance/benchmarking
Hello all, Could someone tell me which is the most used disk-benchmarking solution for OpenBSD 3.8? I'm running a small production server and I don't want to disrupt (too much) its activity. I would like of course to perform non-destructive tests. I think there's somethink wrong with my disk/os performance but I don't know where to start. I think a benchmark utility will be good (SMART neveals nothing). He he he. I think all people are concerned about OpenBSD performance these days... Yours in BSDness, Gabriel George POPA
Re: Disk performance/benchmarking
I was mainly wanting to see a rough estimation of disk throughput (MB/sec). And now I am interested to see if packets get lost over my wide LAN here (I think a switch is deffective, but I don't know what). What should I do? Sean Cody wrote: If it is doing anything but the benchmark the results will be useless but you probably already know that. Assuming the machine is completely idle with no services currently running (other than the one used to log in) then just try a bunch of test cases for the usage pattern you expect to see (or want to use) and interpret the numbers accordingly. Reducing the variables that interact with what you are metering is the first step. If you want a 'generic' (ie. not real usage) benchmark then try the iogen port. But with any benchmarks don't put a lot of trust in the numbers especially if you only run one test set. Run a bunch and pull out that old Stats 1 text and take the results with a big huge grain of salt and realize you are not benchmarking OpenBSD you are benching your hardware and configuration. http://www.openbsd.org/cgi-bin/cvsweb/ports/sysutils/iogen/pkg/DESCR? rev=1.2content-type=text/x-cvsweb-markup iogen is an i/o generator. It forks child processes that each run a mix of reads and writes. The idea is to generate heavily fragmented files to make the hardware suffer as much as possible. This tool has been used to test filesystems, drivers, firmware and hardware devices. It is by no means meant as a performance measuring tool since it tries to recreate the worst case scenario i/o. You may already have considered all of the above but included in case others on the list have not. On 27-Jun-06, at 7:57 AM, Gabriel George POPA wrote: Could someone tell me which is the most used disk-benchmarking solution for OpenBSD 3.8? I'm running a small production server and I don't want to disrupt (too much) its activity. I would like of course to perform non-destructive tests. I think there's somethink wrong with my disk/os performance but I don't know where to start. I think a benchmark utility will be good (SMART neveals nothing). He he he. I think all people are concerned about OpenBSD performance these days...
Re: Disk performance/benchmarking
Thank you very much. That's what I was looking for. Unfortunately at this time I have no phisical access to some switches here (they are locked in two offices and I don't have the key)... Sean Cody wrote: dd(1) and iogen should give you said rough estimation. As for transmission issues. First take a look on either side for network 'errors'.. $ netstat -I hme0 NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls hme01500 Link 08:00:20:c2:5f:f0 1498294 0 74211510 99837 Ierrs and Oerrs should be really low. Colls are collissions. If files get corrupted over the wire make a test file and hash [md5 (1)] it before transfer on test machine and after it has been transfered hash it on the target machine. That will determine if the file corruption happened during transit. For packet loss... ping the target machine then generate a lot of traffic to it (tcpblast, dd+netcat, etc.). Then stop ping and the stats at the end will give you the relative packet loss (to ping). Change target machine's switch port and try again. Change testing machine's switch port and try again. Try a different switch. On 27-Jun-06, at 8:53 AM, Gabriel George POPA wrote: I was mainly wanting to see a rough estimation of disk throughput (MB/sec). And now I am interested to see if packets get lost over my wide LAN here (I think a switch is deffective, but I don't know what). What should I do?
Re: Problem mounting/unmounting a CD
Ok, I will send you the dmesg when it will happen again. For the moment I have no problems. I forgot to mention that I have tried with umount -f /dev/cd0a and unfortunately this didn't help either. Yours, Gabriel George POPA Otto Moerbeek wrote: On Thu, 8 Jun 2006, Gabriel George POPA wrote: Hello BSD users, /dev/cd0a 93.9M 93.9M 0B 100%/mnt/dvdrw0 # umount /dev/cd0a umount: /mnt/dvdrw0: Input/output error # eject /dev/rcd0c # # (the tray doesn't move, it's shut) # eject -t /dev/rcd0c # eject /dev/rcd0c # # (the tray still shut remains) # # (not CD is in the drive) # # (my question is what happens, I cannot mount anymore any CD): # # (take a look:) # mount /dev/cd0a mount: realpath /mnt/dvdrw0: Input/output error # mount /dev/cd0a mount: realpath /mnt/dvdrw0: Input/output error # mount /dev/cd0a mount: realpath /mnt/dvdrw0: Input/output error # mount /dev/cd0a mount: realpath /mnt/dvdrw0: Input/output error # (the tray can be ejected and closed but only manually, by pressing the buonly manually, by pressing the button) Before you try anything else, you must unmount the device. Try umount -f /dev/cd0a Yes, the CD I inserted is good. No, a dmesg for you won't be useful. And, yes, Home come you know a dmesg isn't useful? A dmesg is almost always useful. -Otto I know you would ask, here is my fstab: /dev/wd0a / ffs rw 1 1 /dev/wd0d /home ffs rw,nodev,nosuid 1 2 /dev/wd0f /tmp ffs rw,nodev,nosuid 1 2 /dev/wd0e /usr ffs rw,nodev 1 2 /dev/wd0g /var ffs rw,nodev,nosuid 1 2 /dev/fd0a /mnt/floppy0 msdos rw,nodev,nosuid,noauto,noexec 0 0 /dev/cd0a /mnt/dvdrw0 cd9660 ro,nodev,nosuid,noauto,noexec 0 0 /dev/cd1a /mnt/cdrw1 cd9660 ro,nodev,nosuid,noauto,noexec 0 0 The optical unit is a DVD+/-RW DL, ASUS (DRW-1608P2, Rev 1.17). Processor Intel P4, 3GHz etc. You can imagine the rest... I run the standard OpenBSD 3.8 system. I don't think you would ask, but if I restart the system it's all OK. It happened to me several times; I'm not stupid, I can assure you, but every time I was tired and I cannot reproduce the situation; My question is: what's going on here? All commands were of course executed from the root account. Thanks in advance Yours in BSDness, Gabriel George POPA
Mouse problem
It was a hardware problem with the PS/2 mouse input of my server. I use for the moment a serial mouse. Thanks anyway to all those that wanted to help me. Yours in BSDness, Gabriel George POPA
Re: Mouse problem
The dmesg is the same as before. Vladas Urbonas wrote: give the dmesg at least. for example two dmesg's with different mouses pluged in. otherwise your question if very abstract. On 04/05/06, *Gabriel George POPA* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello all, I have the following problem: I installed OpenBSD 3.8 a long time ago and I have used it since november as a production system. Everything worked OK. I like very much OpenBSD because I managed to configure a lot of things quickly (faster than on FreeBSD for example, but this is another story). I configured very well the mouse too (since installation). It worked OK in console and in X11R6. Unfortunately, one day when I came to work the mouse pointer started to behave in a chaotic manner on the screen when I moved the mouse. Both in console and in X. Very nasty. I know it is a stupid problem and a stupid question, but that's it. I changed the mouse, the same thing. I tried this mouse on another computer and it worked fine. So now I have two options: I have a SW problem and a HW problem (the HW is new, bought in november...). My question would be: having given the fact that I modified nothing in the system configuration and that no one else used this computer for other purposes while I was missing, it is possible to have a HW problem or a misconfigured SW? Have you encountered this before? Any suggestions? Yours in BSDness, Gabriel George POPA
Re: Mouse problem
No, the faq#12 on this matter solves nothing. I'm not using such kind of switching.
Mouse problem
Hello all, I have the following problem: I installed OpenBSD 3.8 a long time ago and I have used it since november as a production system. Everything worked OK. I like very much OpenBSD because I managed to configure a lot of things quickly (faster than on FreeBSD for example, but this is another story). I configured very well the mouse too (since installation). It worked OK in console and in X11R6. Unfortunately, one day when I came to work the mouse pointer started to behave in a chaotic manner on the screen when I moved the mouse. Both in console and in X. Very nasty. I know it is a stupid problem and a stupid question, but that's it. I changed the mouse, the same thing. I tried this mouse on another computer and it worked fine. So now I have two options: I have a SW problem and a HW problem (the HW is new, bought in november...). My question would be: having given the fact that I modified nothing in the system configuration and that no one else used this computer for other purposes while I was missing, it is possible to have a HW problem or a misconfigured SW? Have you encountered this before? Any suggestions? Yours in BSDness, Gabriel George POPA
Re: SpamAssassin autolearn problem
Vielen dank. I now made a configuration based on your own. I thought that bayes_path is a directory (obviously it should not be this way). I started spamd with -u and -d; I realized that -r is useful for sending SIGHUP (otherwise spamd will shut down). George POPA Andreas Vvgele wrote: Gabriel George POPA wrote: Some e-mails I receive have autolearn=no and others have autolearn=failed. I use the classic combination of spamd/spamc and the OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD recommends. I tried to follow the instructions at spamassassin.apache.org (to use for example /var/spamassassin (0777 mode) in order to store learnt data, bayes_path and bayes_file_mode, restarted spamd etc., nothing worked). What should I do next? I must create all those files by hand (the files in /var/spamassassin). I must mention that when I was using spamassassin alone (not spamc/spamd) for my account autolearn worked correctly. I've created a spamassassin user and group. The user's home directory is /var/spamassassin. Amongst other settings the following paths are set in /etc/mail/spamassassin/local.cf: bayes_path /var/spamassassin/bayes bayes_file_mode 0770 auto_whitelist_path /var/spamassassin/auto-whitelist auto_whitelist_file_mode 0770 spamd is started with the following command line arguments: /usr/local/bin/spamd -d -u spamassassin -H /var/spamassassin -r /var/spamassassin/spamd.pid How do you start spamd?
Re: SpamAssassin autolearn problem
Per-Olov Sjvholm wrote:
On Thursday 06 April 2006 16.15, Gabriel George POPA wrote:
Some e-mails I receive have autolearn=no and others have
autolearn=failed. I use the classic combination of spamd/spamc and the
OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD
recommends. I tried to follow the instructions at
spamassassin.apache.org (to use for example /var/spamassassin (0777
mode) in order to store learnt data, bayes_path and bayes_file_mode,
restarted spamd etc., nothing worked). What should I do next? I must
create all those files by hand (the files in /var/spamassassin). I must
mention that when I was using spamassassin alone (not spamc/spamd) for
my account autolearn worked correctly.
Respectfully yours,
Gabriel George POPA
This is what I have got (On 3.8 stable with spamassassin 3.0.4)
[EMAIL PROTECTED]:/tmp#ls -al /var/spamassassin
total 20
drwxr-x--- 5 _spamass _spamass 512 Jan 31 15:42 .
drwxr-xr-x 32 root wheel 1024 Feb 26 18:45 ..
drwxr-x--- 2 _spamass _spamass 512 Apr 5 16:42 .razor
drwx-- 2 _spamass _spamass 512 Apr 6 23:49 .spamassassin
The files and directories in /var/spamassassin will be automatically created
Note that the _spamass users home directory is /var/spamassassin
In /etc/rc.local I have...
if [ X${spamassassin_spamd} == XYES -a -x /usr/local/bin/spamd \
-a -e /etc/mail/spamassassin/local.cf ]; then
echo -n ' Spamassassin spamd'; /usr/local/bin/spamd -d -p 3312
-u _spamass --max-children=5 --max-conn-per-child=2000 -x
fi
It's called from sendmail through the smtp-vilter connector and it just works.
smtp-vilter talks to spamd.
The only thing you need in /etc/mail/spamassassin/local.cf is... nothing. Well
you should probably to some tuning. You should probably have:
--snip--
required_score 5.0
report_safe 1
use_bayes 1
skip_rbl_checks 0
--snip--
No path statement is needed in local.cf if you have the correct path for the
Bayesian db as stated above.
Hope it could be of any use.
Regards
/Per-Olov
Very interesting indeed. Anyway, I don't want to use vilter for the
moment. The problem was the following: I thought bayes_path represents a
DIRECTORY (not true, obviously). I was too tired to read well the man
Mail:SpamAssassin::Conf. I understood wrong the indications there. Sorry.
Symantec firewalls
Hello, I've heard a lot about those Symantec firewall machines (that cost something around 15000$-3$). In fact I don't know many details, just that customers are pleased to give the money and say that they're safe behing that Symantec machine. Of course, I encountered people that were very happy with these systems, but I think they never had a major attack or something. Just out of curiosity, can OpenBSD do what Symantec does? Is Symantec's encryption better than that included in OpenBSD (I must mention that I live in Europe, maybe US export laws apply)? Does Symantec worth all this money? On the other hand, I was thinking that maybe, just maybe, Symantec uses a modified version of OpenSSL on these machines. Is this possible? Thanks a lot, George POPA
SpamAssassin autolearn problem
Some e-mails I receive have autolearn=no and others have autolearn=failed. I use the classic combination of spamd/spamc and the OpenBSD 3.8 provided p5-SpamAssassin package, installed as OpenBSD recommends. I tried to follow the instructions at spamassassin.apache.org (to use for example /var/spamassassin (0777 mode) in order to store learnt data, bayes_path and bayes_file_mode, restarted spamd etc., nothing worked). What should I do next? I must create all those files by hand (the files in /var/spamassassin). I must mention that when I was using spamassassin alone (not spamc/spamd) for my account autolearn worked correctly. Respectfully yours, Gabriel George POPA
Problems with ports and discussion about multimedia keyboard
Hello misc,
I have the following problem with my ports: I'm running the standard
OpenBSD 3.8 system configured as mail server and etc. When configuring
the server I realised that I will actually work 4 hours/day on this
machine and I said to me that I should make my life easier. So I
installed Kde, GNOME, WindowMaker, GIMP, Mozilla etc. They had a lot of
depencies... What to do, what to do... They should be downloaded and
installed manually (and I had no time). So I downloaded the ports
collection and unpacked it. Then I made a small script where I some
make install for Kde, GNOME etc. knowing that this will also install
from source all the depencies. Anyway, the process worked very well for
3 days. Then, surprise! GNOME and KDE kept crashing from 5 to 5 minutes
and programs were also crashing all the time. I realised that this was a
bad move and that OpenBSD does not recommed this approach. I switched to
WindowMaker. Apparently all works well, but... Mozilla 1.7.8 kept
crashing (very rarely, but once I lost all my bookmarks). I deleted it
and downloaded the Mozilla 1.7.12-gtk2. It was great, it worked well. I
also installed XMMS+plugins and GAIM+plugins from packages (they were
previously installed from ports and were quite messy). Gd! Then they
started crashing AGAIN! An idea crossed my mind: GTK was compiled from
ports, maybe this is the cause! But tell me, how can I uninstall GTK
when a lot of packages depend on it and pkg_delete doesn't let me do
that? I don't want to delete, then reinstall all the programs that
depend on GTK. Oh, and from time to time X11 crashes too (this is
strange, because X11 is shipped by OpenBSD). I don't know that happens.
A few weeks ago someone raised a discussion about that quality of
ports. They seem quite good to me. I do a comparison to the ports on
FreeBSD 4.{9,10,11} and FreeBSD 5.1 (5.3 solved some issues). I had A
LOT of problems with ports (in fact packages) on FreeBSD. Some of them
were unusable. By comparison, the packages from OpenBSD are much, much
stable. There will be also some problems with these ports in BSDs, but
they will get better and better, that's the truth.
And another thing: I have a multimedia keyboard and I want to use it
with XMMS. I have a plugin: XF86Audio Keys Control nut is says I must
use `xmodmap` to configure the multimedia keys and I don't know how.
Could someone tell me? I googled this matter, but obtained no result
after following some instructions destined for GNU/Linux.
Yours in BSDness,
Gabriel POPA
Re: strange vipw message !!!!
The problem is the following: - read the pw_lock(3) man page (do: man 3 pw_lock); - read it entirely; - understand that manual page; - (the most important step) check if the /etc/ptmp file is in the filesystem and remove it. You'll see that things are now all right. Maybe you'll need to re-add those 2 users. Yours in BSDness, Gabriel George POPA Edi Mitrea wrote: hi there, las night i tried to install a mail server, i mean postfix. i tried to add 2 users, with useradd or adduser commands but i called off. later when i tried to change some stuff in my passwd file, whitch i tried to edit with vipw it keep giving me this message all the time : bash-3.00# vipw vipw: the passwd file is busy or you cannot lock. i try to add some user in normal mode with ordinary commands and i got this message: bash-3.00# useradd someuser useradd: can't obtain pw_lock: File exists I mention the fact that i've already restarted my box, i took a lock at KERN.SECURELEVEL whitch is 1. Would someone be kind to explain to me what's happen? thx in advance edi
Re: strange vipw message !!!!
Solved?
Re: Site indexing application
Frank Denis wrote: Le Tue, Mar 21, 2006 at 02:18:10PM +0200, Gabriel George POPA ecrivait : Frank Denis wrote: Yes, very interesting. But I was looking for a very secure, highly proven solution, prepackaged for OpenBSD with Apache chrooted. Well, Hyper Estraier is far from being a beta project. It's an evolution of Estraier, itself based upon Snatcher, whoose work began 6 years ago. The code is very clean, it works and it's fast. The code of Mnogosearch (and DPsearch since it's based upon it) is messy and designed in a totally insecure and unreliable way. I had a hard time last year with it in order to add various hacks to have it work with our blog web site (skyblog.com). There were many ways to get it die with segmentation faults. And the indexer wasn't always able to resume its activity after a crash. Plus Mnogosearch doesn't scale as well as advertised. OTOH, Hyper Estraier scales really well. It just needs an OpenBSD port. I installed Hyper Estraier but now, because it is in chroot, it cannot find the libraries it depends on. I had this problem quite a few times with different programs. I did not have the time to solve it (with other programs too). What do I do: ldconfig? This is the standard method? ldconfig with what params? Or maybe it's better to set the LD_LIBRARY_PATH? George
Re: Site indexing application
Gabriel George POPA wrote: Frank Denis wrote: Le Tue, Mar 21, 2006 at 02:18:10PM +0200, Gabriel George POPA ecrivait : Frank Denis wrote: Yes, very interesting. But I was looking for a very secure, highly proven solution, prepackaged for OpenBSD with Apache chrooted. Well, Hyper Estraier is far from being a beta project. It's an evolution of Estraier, itself based upon Snatcher, whoose work began 6 years ago. The code is very clean, it works and it's fast. The code of Mnogosearch (and DPsearch since it's based upon it) is messy and designed in a totally insecure and unreliable way. I had a hard time last year with it in order to add various hacks to have it work with our blog web site (skyblog.com). There were many ways to get it die with segmentation faults. And the indexer wasn't always able to resume its activity after a crash. Plus Mnogosearch doesn't scale as well as advertised. OTOH, Hyper Estraier scales really well. It just needs an OpenBSD port. I installed Hyper Estraier but now, because it is in chroot, it cannot find the libraries it depends on. I had this problem quite a few times with different programs. I did not have the time to solve it (with other programs too). What do I do: ldconfig? This is the standard method? ldconfig with what params? Or maybe it's better to set the LD_LIBRARY_PATH? George Oh, well, I discovered how to solve this problem: # ldconfig -r // (we notice that libraries that are used by Hyper Estrayer are not here) # ldconfig /usr/lib /usr/local/lib /usr/X11R6/lib # mkdir -p /var/www/var/run # chown -R 0755 /var/www/var # cp -Rp /var/run/ld.so.hints /var/www/var/run That's all. Then in a browser: http://site-name/cgi-bin/estseek.cgi Finally, I leart how to deal with this chrooted Apache. Yours in BSDness, George
Re: copying software from the official iso
Bernd Schoeller wrote: On Fri, Mar 24, 2006 at 12:43:59PM +0100, Gilles LAMIRAL wrote: Hello, Can I do a dd if=/dev/cdrom of=obsd.iso and redistribute it ? (the audio track is away) http://www.openbsd.org/faq/faq3.html#ISO *sigh* Bernd It seems to me quite a dangerous discussion. Why not security updates for money? SuSE has made a lot of money... I know you already discussed this, but this feature will make OpenBSD VERY popular. And please don't send me your opinion with offending words. If you don't agree, just ignore me. But I warn you: the outcome will be the same: binary updates on-the-fly for money. There's no other solution. The solution with ISO images, FTP etc. already discussed will restrict the users and they will not be encouraged to step fw to OpenBSD. I will step back to FreeBSD (or GNU/Linux) if this happens. If I will be in a commercial environment I would recommend SuSE, RedHat or Debian. I LOVE OpenBSD, but if such restrictions referring to FTP appear... Now, let's solve this once and for all! George
Site indexing application
Hello misc, I must install a search facility for my site. Do you know what is the most appropriate (Harvest, ht://Dig, Nutch?). I've used Nutch (from Apache.org) before on my old Slackware 10.1 machine and I didn't like it very much (a lot of things to be done by hand). I'm asking that because I know the chroot(2) facility that Apache has on OpenBSD can cause a lot of trouble. George Popa
Re: binpatch, was: Spam (solutions) and [...]
No, I'm very familiar with BSDs and make some more other things... I was
just looking for someone to share his/hers experience about
binpatch with me. I was just afraid not to do some harm to my system
(which at this time has almost 90GB of stuff - ports, settings, packages,
sources, backups etc.) in fact to my setting files (I don't currently
have a backup server - I'm working on one right now, tested NIS with it and
planning to test also Kerberos and BIND).
Ingo Schwarze wrote:
Hi,
Gabriel George POPA wrote on Thu, Mar 16, 2006 at 05:26:01PM +0200:
4) I've heard about binpatch and I've tried to use it once
(I must apply some security/reliability patches here).
For me it's impractical to recompile the entire system
You need not recompile the entire system in order to apply patches
to a -release system. You only need to recompile those parts of
the system actually affected by the respective patches.
Each patch contains instructions which parts of the system
you need to recompile in order to apply it properly.
These instructions cite the cd, patch and make commands
you need to type.
(I have the power to do that, I did it a million times on FreeBSD,
but now I'm running a production system and I'm afraid that I should
spoil some settings).
You need not be afraid. Compiling (official) patches on a production
system will not spoil settings. Of course, if you would edit random
files in /usr/src before applying the patches, you might well spoil
things. So just refrain from doing that...
[ concerning binpatch ]
I saw that you must edit a Makefile (it seems rather complicated).
I don't know how to edit this
Usually, you need not edit the whole Makefile, but just the patch
targets at the bottom. If translating the instructions in the
patches into targets in the Makefile looks complicated to you,
you should probably not be using binpatch.
By the way, as far as i see,
http://openbsdbinpatch.sourceforge.net/Makefile.sample
appears to be currently up-to-date. But don't rely on that.
In any case, you ought to be able to verify the correctness of the
Makefile before using binpatch.
(how can I learn to modify it
Er, well, the Makefile is supposed to be self-documented.
For details about the implementation of the shortcuts,
e.g. ${_build}, read the file bsd.binpatch.mk.
Note that usually, you are *much* safer applying patches
on each individual machine using the official procedure
supported by the OpenBSD project - in particular in case
you don't feel at ease with make(1).
I know only two good reasons why you might want to use binpatch:
- You have a server where you cannot compile patches due to
lack of resources. If that is the cause for you, migrating
to more powerful hardware might be a safer option - note
that even an old PI or PII box is usually sufficient for
compiling patches.
- You have so many servers that compiling on all of them
will take too much of your time. Clearly, anybody running
a large number of servers should not feel scared by using
basic tools like make(1) - or will be in for trouble sooner
or later, anyway.
Yours,
Ingo
Proposal for a new sysctl and a small question about network speed
A wrote an e-mail yesterday saying something about a sysctl that I used on FreeBSD and is missing in OpenBSD. One of the members of this list showed himself very angry (do things, don't jut talk about them). He's partly right. But his opinion didn't help me... I requested some documentation to read in order to write myself that. Someone told me this is just a security feature. Yes, it is, but might be very important in some situations. Let me give you an example that showed how important is not to show your processes to all other users: I used wget to download some files by using HTTP (I needed a password and a user name - I was not careful and I gave the --http-user=... and --http-password=... options). Now, it's obvious that someone could read my password and user name for site authentification. Sure, it's the user's problem. But OpenBSD is the most secure (it really is) and this thing should not miss. Of course, OpenBSD is the best when dealing with routing etc., but user security is also important. I am decided to do something about this - I will write the code (probably there are under 100 lines to be written). But where should I start? Where is the doumentation? Should I read similar sources from FreeBSD? Should I read code written by other people for OpenBSD? Please tell me where to start. We do a lot of things with OpenBSD. It's really good. But I don't know why we eventually touch the speed problem (I am convinced OpenBSD is fast, but the users are doing some stupid things sometimes and slow it down without knowing that). I have two problems related to speed: 1) My hard drive is slow (Maxtor 120GB on a VIA controller - really noisy piece of hw - how can I determine if it is in DMA or not and if DMA is functioning properly?); 2) THE MOST IMPORTANT: I have a lot of users with DHCP client on my network (Windows machines). The DHCP server is on my OpenBSD machine. Clients have speed up to 800kbps/download thread and I have (on the server!!!) 70kbps/download thread. How is that possible? I find this a nightmare. My OpenBSD server is also DHCP server and router (of course, like any router it has only one network interface, connected to the same switch as the clients and it's gateway (a CISCO router) HA!). The network card is a embedded into the motherboard (VIA Rhine II). Where should I look for a solution of this problem? I mention that I have this speed even with all clients OFF (!). Yours in BSDness, Gabriel George POPA
Spam (solutions) and some other practical issues
I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). I also have a small bug report. What is the best method of submitting it? Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. Yours, Gabriel George POPA
Re: Spam (solutions) and some other practical issues
Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. I have procmail installed (I'll try to use amavisd). I use Sendmail (the idea is to get used to the most terrifying mail server and then switch to a newer one). I will work on the source code with great care when the time comes... Regarding that sysctl: shouldn't we add it? Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. The bug report is about a small condition: I was adding a user when the root partition filled (I was transferring some data by NFS). The processes failed, /etc/passwd and /etc/master.passwd got out of sync and I couldn't use userdel or useradd (from what I remember) anymore. The solution was to delete the line that represented the user in /etc/master.passwd (that line was not present in /etc/passwd). (I don't remember very well what happened there, but I'm not planning to reproduce this). Maybe the program/script for adding users should have a lock or something like that (the 2 files should be modified at the same time) - anyway, it's hard to imagine such a situation in real conditions. Yours in BSDness, Gabriel George POPA Joachim Schipper wrote: On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote: I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? Yes, produce a more precise question - I'm afraid we can't do much without a more detailed report. FWIW, I have SpamAssassin running from amavisd, in conjunction with Postfix, and that works fine. 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? spamd(8) uses greylisting, mostly. As to blacklists, they need to be updated pretty often; search for DNSRBL and similar. This is far superior to static blacklisting. Do note that spamd(8) needs some help from pf(4) to do any good. 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). To the best of my knowledge, no. 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). The most reliable solution is to build your own release, on another machine, and update using that. Aside from rebooting to load the new kernel, this works flawlessly on (almost - as in, there are probably race conditions but I've never seen them) every try. See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release) for building your own release. It's really quite easy. I also have a small bug report. What is the best method of submitting it? sendbug(1), usually. Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. That could be quite helpful, too, if done properly. Or so I believe... Joachim
Re: Spam (solutions) and some other practical issues
I found valuable suggestions in your messages. I am sure at least one of them will work (you mentioned things I never thought of). On the other hand, you don't need to get upset. I was not complaining. I will write this sysctl (if only I knew how...). If you point me to some documentation on this topic I will write it. My idea was that maybe it would be better if a person with experience would write this. There's no problem, I will write it (again: point me some documentation). I will repeat: I was not complaining; I know that a lot of smart people are complaining here, but I'm not one of them. Just a suggestion: maybe The OpenBSD project would make some money if they provide binary patches (just like SuSE) - for source patches you don't have to pay, while a sort of affiliation is needed for binary patches (some money required). I think there are a lot of people that will pay for a real FAST update... Respectfully yours, Gabriel George POPA Hans van Leeuwen wrote: Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. You have to tell sendmail to pass the message to procmail. See the part about sendmail.cf in procmail's manpage. Regarding that sysctl: shouldn't we add it? Thats not how it works here. Either you write a patch or stop complaining about the lack of features. Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. OpenBSD doesn't supply binary patches, and this isn't going to change. See the archives for more information. Good luck, Hans
Problem with squirrelmail
I have a small problem with squirrelmail. The problem is that users cannot read their mail messages if they are too large (though not very large). I use SquirrelMail 1.4.5, OpenBSD 3.8, PHP 4.4.1, and IMAP (from PINE package, from ports). The problem is that users cannot read their mail (even if they contain only text) if they reach a certain limit (SquirrelMail stalls while reading). Does anyone have any idea what is going on? Settings from /etc/inetd.conf: # IMAP server from PINE imap2streamtcpnowaitroot/usr/sbin/imapd imapd imap2streamtcp6nowaitroot/usr/sbin/imapd imapd I think there is a problem between UW imapd and SquirrelMail Respectfully yours , Gabriel George POPA
Re: Problem with squirrelmail
Janusz Gumkowski wrote: The problem is that users cannot read their mail (even if they contain only text) if they reach a certain limit (SquirrelMail stalls while reading). Perhaps it is still reading data from imapd (or waiting for it). Is imapd process (of the user being logged in) running while squirrelmail stalls ? Yes, exactly. The fact is that I have a small server and that there's no much load on this server.
Re: Problem with squirrelmail (SOLVED)
Hello all, Although I cannot believe my eyes, but I SOLVED THE PROBLEM. The problem was NOT UW IMAPD. The imapd waited a lng time, while the SquirrelMail page was stalled. But I couldn't notice two other facts: 1) httpd was eating the CPU; 2) the first message could be read without stalling, but the read of others was stalled. The solution was to set up as true server side sorting in ./configure, in the directory where SquirrelMail is installed (in the General Options tab). Now it doesn't matter how many users I have, PHP, Apache, SquirrelMail, me are happy. Anyway, thank you very much. You are all great people! I think something should create a small DOC project for OpenBSD regarding documentation for important ports and programs. E.G.: I used a lot FreeBSD and I love their handbook. Maybe we should do something similar here. The idea seems quite fuzzy for me right now, because I am so tired... Yours in BSDness, Gabriel George POPA
Problem with freshclam (maybe a port problem): Problem solved
It's my fault. I was very tired. freshclam -u root solved all (probably I had some problems with the permissions, because now a simple freshclam works very well). Yours in BSDness, Gabriel George POPA
Re: Problem with freshclam (maybe a port problem)
No, I am not. But freshclam runs as user _clamav (I think this should be
no problem).
Maybe I have a problem with my DNS? Or with file/directory permissons?
It's the first time this happens and I really don't know what
to do... (I really need this antivirus filter).
I've set the debug flag and the verbose output of freshclam is (I must
mention that the following output is obtained when logged as root
on the system console - well, after su to root (i.e. su -), because only
normal users can login directly on the console and I login as a normal
user - in the wheel group - and then su -):
Current working dir is /var/db/clamav
Max retries == 3
ClamAV update process started at Sat Feb 25 11:32:39 2006
Querying current.cvd.clamav.net
TTL: 256
Software version from DNS: 0.88
LibClamAV debug: Can't open CVD file main.cvd
ERROR: Can't get information about db.ro.clamav.net: Host not found
Connection with db.ro.clamav.net (IP: ???) failed.
Trying again in 5 secs...
ClamAV update process started at Sat Feb 25 11:32:44 2006
Querying current.cvd.clamav.net
TTL: 251
Software version from DNS: 0.88
LibClamAV debug: Can't open CVD file main.cvd
ERROR: Can't get information about db.ro.clamav.net: Host not found
Connection with db.ro.clamav.net (IP: ???) failed.
Trying again in 5 secs...
ClamAV update process started at Sat Feb 25 11:32:49 2006
Querying current.cvd.clamav.net
TTL: 246
ETC, ETC...
and then (at the end, some output skipped):
TTL: 236
Software version from DNS: 0.88
LibClamAV debug: Can't open CVD file main.cvd
ERROR: Can't get information about database.clamav.net: Host not found
Connection with database.clamav.net (IP: ???) failed.
Giving up on database.clamav.net...
ERROR: Update failed. Your network may be down or none of the mirrors
listed in freshclam.conf is working.
Freeing option list...done
Now, an even stranger problem! I open X11 (I'm running Windowmaker
0.80.1), then I start an xterm (of course, I run X as an usual user),
then I do a su - and I switch to the root account. As a result to the
freshclam command I receive (commands included):
# echo ${USER}
root
# freshclam --version
LibClamAV debug: Can't open CVD file /var/db/clamav/daily.cvd
ClamAV 0.88
#
Is there someone who had this problem or who can tell me where should I
look in order to solve the problem? I started to think that there is
a problem with the port of clamav (although, other people would have
signalled the problem as well...). The packages that I have installed (and
that might have something to do with my problem:
curl-7.15.1
clamav-0.88
clamsmtp-1.4.1
Maybe there's only a depency/version mismatch.
Respectfully yours,
Gabriel George POPA
Peter wrote:
--- Gabriel George POPA [EMAIL PROTECTED] wrote:
Hello all,
I have the following problem when running freshclam:
# freshclam
ClamAV update process started at Fri Feb 24 17:58:29 2006
ERROR: Can't get information about db.ro.clamav.net: Host not found
Connection with db.ro.clamav.net (IP: ???) failed.
Trying again in 5 secs...
ClamAV update process started at Fri Feb 24 17:58:34 2006
ERROR: Can't get information about db.ro.clamav.net: Host not found
Connection with db.ro.clamav.net (IP: ???) failed.
Trying again in 5 secs...
Or even better:
# freshclam
ClamAV update process started at Fri Feb 24 17:59:02 2006
ERROR: Can't get information about database.clamav.net: Host not found
Connection with database.clamav.net (IP: ???) failed.
Trying again in 5 secs...
BUT:
# ping database.clamav.net
PING db.northeu.clamav.net (83.148.101.196): 56 data bytes
64 bytes from 83.148.101.196: icmp_seq=0 ttl=47 time=115.432 ms
--- db.northeu.clamav.net ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 115.432/115.432/115.432/0.000 ms
AND:
# ping db.ro.clamav.net
PING db.ro.clamav.net (192.129.4.120): 56 data bytes
64 bytes from 192.129.4.120: icmp_seq=0 ttl=60 time=81.649 ms
--- db.ro.clamav.net ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 81.649/81.649/81.649/0.000 ms
(I am from Romania, obviously)
I really don't know what's wrong. Could someone tell me? Oh, and it
would be very nice to find out from you if there is a
tutorial treating clamav, freshclam, clamd and clamsmtpd with Sendmail
on a usual mail server (with POP3 and IMAP enabled).
Are you running freshclam in a chroot jail?
Problem with freshclam
Hello all, I have the following problem when running freshclam: # freshclam ClamAV update process started at Fri Feb 24 17:58:29 2006 ERROR: Can't get information about db.ro.clamav.net: Host not found Connection with db.ro.clamav.net (IP: ???) failed. Trying again in 5 secs... ClamAV update process started at Fri Feb 24 17:58:34 2006 ERROR: Can't get information about db.ro.clamav.net: Host not found Connection with db.ro.clamav.net (IP: ???) failed. Trying again in 5 secs... Or even better: # freshclam ClamAV update process started at Fri Feb 24 17:59:02 2006 ERROR: Can't get information about database.clamav.net: Host not found Connection with database.clamav.net (IP: ???) failed. Trying again in 5 secs... BUT: # ping database.clamav.net PING db.northeu.clamav.net (83.148.101.196): 56 data bytes 64 bytes from 83.148.101.196: icmp_seq=0 ttl=47 time=115.432 ms --- db.northeu.clamav.net ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 115.432/115.432/115.432/0.000 ms AND: # ping db.ro.clamav.net PING db.ro.clamav.net (192.129.4.120): 56 data bytes 64 bytes from 192.129.4.120: icmp_seq=0 ttl=60 time=81.649 ms --- db.ro.clamav.net ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 81.649/81.649/81.649/0.000 ms (I am from Romania, obviously) I really don't know what's wrong. Could someone tell me? Oh, and it would be very nice to find out from you if there is a tutorial treating clamav, freshclam, clamd and clamsmtpd with Sendmail on a usual mail server (with POP3 and IMAP enabled). Respectfully yours, Gabriel George POPA
Re: how to hunt for suspected memory leaks?
I understand your problem. In fact a closer analysis will show that there is no problem. Probably the memory you are reporting as filled is used for caching/memory. At work I have an OpenBSD 3.8 system (with 1GB RAM, P4 3GHz) and I haven't noticed such a thing. Nevertheless, I don't look too often on these statistics. The problem you are reporting is very obvious on GNU/Linux systems (I have at home a GNU/Linux built be me from scratch and I ask myself this question each day. If you have KDE installed then you can use a program for system monitoring (I don't remember its name - but it's surely included in the stock KDE package) and you will see more detailed memory statistics if you request them. Yours in BSDness, Gabriel George POPA Toni Mueller wrote: Hi, I have a PC running 3.8 which is currently idle (ie, it is powered on, but nobody uses it except me for minor maintenance). The box showed the following behaviour over the last few weeks: w/o much processes running and almost no activity, the amount of free memory shown in 'top' decreases from some 871 megs to some 261 megs. I killed off all processes which are not really neccessary, but the amount of free memory only increased as much as I killed off processes. Eg. there were daemontools running, with eg. supervise consuming some 300KB. Killing them all (cleanly) resulted in some 300KB more free memory per process killed, so after killing everything which I could afford, there were 262 megs free, not 871 again. Also, the amount of total memory is shown to have decreased from some 1gig (which is physically implanted) to 746M right now. Is it a real problem, or is this only misleading top output (despite the machine feeling quite sluggish)? How do I generally go about hunting for such a problem? TIA! Best, --Toni++
Simple question about appletalk
I need to put a laptop running Mac OS X (10.3 I think) in my OpenBSD powered network - OpenBSD router/firewall. The problem is that I don't know if I need Appletalk or not installed (I have an urgent problem that must be solved with this laptop, but it's not mine and I haven't worked too much with Apple computers). At this moment I don't have the laptop, but I need it up and running in the second when it appears so I need to know in advance if I need to enable Appletalk in the network (this laptop needs only www access). And another problem: in /etc/pf.conf I have scrub in all reassembe tcp - is this a problem with Mac OS X (I have some problems with some Mandriva Linux machines here and I think this is the problem). Thank you very much in advance. Respectfully yours, Gabriel George POPA
About a USB CD-RW (USB 2.0) drive. Firefox/Mozilla security problems
Hello all, I saw that with a stock OpenBSD 3.8 system a CD-RW like this : PLEXTOR PX-W4012TU Hi-Speed USB 2.0 CD-RW Drive 40x CD-Write 12x CD-ReWrite 40x CD-Read works very well (with cdrtools and xcdroast). Should I report things like these (is this important or not?)? Is there a common thing that CD-RW units on USB 2.0 work on OpenBSD? I saw on Secunia Advisories that very heavy security problems have occured in Mozilla Firefox and Thunderbird. Usually WHO is patching these programs (the porters?)? Should I wait for a new binary port? Should I patch myself Thunderbird and Firefox? Patches come from porters or from Mozilla Foundation? Respectfully yours, Gabriel George POPA
Help: Java plugin for mozilla firefox
I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? Yours, George POPA
Re: Help: Java plugin for mozilla firefox
I don't know how to create those symlinks. That's the problem. Jasper Lievisse Adriaanse wrote: On Thu, 02 Feb 2006 16:37:05 +0200 Gabriel George POPA [EMAIL PROTECTED] wrote: I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? http://www.openbsd.org/faq/faq13.html#javaflash Yours, George POPA
Re: Help: Java plugin for mozilla firefox
It works! Thank you! It's wolderful this OpenBSD community. Now, honestly, I could do this, but I was too tired and I couldn't figure out a way to do this. Thank you! Wade, Daniel wrote: pkg_info -D packagename Will show you the install messages -Original Message- From: Gabriel George POPA [mailto:[EMAIL PROTECTED] Sent: Thursday, February 02, 2006 9:37 AM To: misc@openbsd.org Subject: Help: Java plugin for mozilla firefox I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? Yours, George POPA
Re: Help: Java plugin for mozilla firefox
I know HOW to create them, ln -s x y. I didn't know what x and y to put for mozilla. (So I needed directory names). Jonas Lindskog wrote: Symbolic links are created with ln -s where_to_link_to link_name /Jonas I don't know how to create those symlinks. That's the problem. Jasper Lievisse Adriaanse wrote: On Thu, 02 Feb 2006 16:37:05 +0200 Gabriel George POPA [EMAIL PROTECTED] wrote: I don't know how to install java plugin on Mozilla Firefox (I missed the messages @ install and I cannot reproduce them). Can someone tell me how to do this? http://www.openbsd.org/faq/faq13.html#javaflash Yours, George POPA
Clustering using OpenBSD
Hello all, I'm planning to deploy a small cluster behind my firewall (for test purposes). What would be the recommender program to use for clustering and wht can it do? Where should I start? I have 5 workstations (1GHz Intel Celeron)+server 3GHz Intel P4. I know several ways of clustering, but I ask you because you might know what is the best method to use with OpenBSD. Oh, and what's with that picture on www.openbsd.org (lower-right corner)? Respectfully yours, Gabriel George POPA
Regarding a SPARCSTATION 1+
Hello all, I'm wondering if OpenBSD 3.8 will work on a SPARCSTATION 1+ computer. Does anyone have a toy like this running OpenBSD? And another problem: it seems to have AUI ethernet. What kind of adapter (if any) can I find in order to use it's interface (AUI) with a common 100BaseT switch? Thank you. Best regards, Gabriel George POPA
Re: Regarding a SPARCSTATION 1+
Thank you very much for your advice. That's what I has looking for. Thank you again! Brett Lymn wrote: On Sun, Jan 29, 2006 at 02:14:38PM +0200, Gabriel George POPA wrote: And another problem: it seems to have AUI ethernet. What kind of adapter (if any) can I find in order to use it's interface (AUI) The thing you are looking for is called a medium access unit (MAU), it converts the AUI into either 10base-2 or 10base-T depending on the unit you get. They may be rare beasties now as most were probably thrown out as old junk years ago. with a common 100BaseT switch? The network interface in a 1+ is 10Mbit/s only. Make sure your switch can handle that.
Possible implication of a Sendmail on OpenBSD 3.8 in a spam attack
Sorry to bother you, but I would like to show you some aspects about how a Sendmail running on an OpenBSD 3.8 system can be involved in a spam attack. I'm not quite sure that OpenBSD 3.8 or Sendmail are exploitable, but I would like some help to clarify this problem. More precisely, one day I've noticed that /var/spool/mqueue was full with 3 messages (in fact return messages, showing that some servers including Yahoo! do not accept some mails from me). I've noticed that the mailstats command reports 13 (!!!) messages sent (!) outside. My computer is a small server running OpenBSD 3.8, MySQL+PHP+Apache for the website; it's a FRESH install so that I don't think it's a problem in the system. I have around 30 users that use POP3+Outlook Express to send and receive their mail messages. The problem is that I have antispoofing on, scrub in all; some suspect (probably Windows machines from the neighbouring departament which are supposed to have some viruses are bloked through the PF). I also have NAT for my local network (192.128.x.x) and ip forwarding for the global addresses. Relaying is stopped so this could not be a problem (Yahoo! asks me if I am am open-relay!). My machine seems quite secure, but I cannot say why my machine sends so much mail messages (day night). Maybe some accounts are compromised, but I have no way of determining this. How can I see how many mail messages a user sends? I don't think this is an ordinary problem. I have some experience on FreeBSD (2 years) and on OpenBSD; moreover, I have 2.5 years of experience with GNU/Linux systems. Maybe this is a simple problem, but I can't solve it all by myself and thus I now requested help from our great OpenBSD community. My OpenBSD 3.8 system was not patched and the kernel was not recompiled. Thank you very much for your attention and I hope someone can help me with this (could it be problem with Sendmail on OpenBSD 3.8? - I really don't think this could happen). Respectfully yours, George Popa
