Re: avoiding icmp redirect storm
Hi, > What's the source of these? Are you sure they aren't being generated by > your firewall? Some are. But I think that the firewall is generating redirects only when it sees other icmp redirects from other sources. Anyway, I would like to stop that. But how? I tried to block using PF and also tried sysctl. > Do you have multiple aliases representing logically > different subnets on the same interface? Yes. we do have this. The icmp redirects are coming in and going out through the sk0 iface. > How about the output of netstat -nr -finet and also ifconfig -a? See below. Thanks for any help. Regards, Jose. -- re0: flags=8843 mtu 1500 lladdr 00:27:0e:19:6a:4f description: Rede Wireless priority: 0 media: Ethernet autoselect (none) status: no carrier inet 172.16.255.1 netmask 0xff00 broadcast 172.16.255.255 inet6 fe80::227:eff:fe19:6a4f%re0 prefixlen 64 scopeid 0x1 em0: flags=8843 mtu 1500 lladdr 00:22:64:89:67:6a description: Synchronization interface priority: 0 media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause) status: active inet 10.1.1.1 netmask 0xfffc broadcast 10.1.1.3 inet6 fe80::222:64ff:fe89:676a%em0 prefixlen 64 scopeid 0x2 sk1: flags=8943 mtu 1500 lladdr 00:22:b0:5d:5e:a4 priority: 0 media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::222:b0ff:fe5d:5ea4%sk1 prefixlen 64 scopeid 0x4 pfsync0: flags=41 mtu 1500 priority: 0 pfsync: syncdev: em0 maxupd: 128 defer: off groups: carp pfsync pflog0: flags=141 mtu 33200 priority: 0 groups: pflog carp1: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:01 priority: 0 carp: MASTER carpdev sk1 vhid 1 advbase 1 advskew 0 groups: carp egressi status: master inet6 fe80::200:5eff:fe00:101%carp1 prefixlen 64 scopeid 0x8 inet 152.84.200.3 netmask 0xff00 broadcast 152.84.200.255 sk0: flags=8943 mtu 1500 lladdr 00:22:b0:5d:5e:cc description: RedeI DHCPD priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 152.84.3.10 netmask 0xff00 broadcast 152.84.3.255 inet6 fe80::222:b0ff:fe5d:5ecc%sk0 prefixlen 64 scopeid 0x3 inet 152.84.9.9 netmask 0xff00 broadcast 152.84.9.255 carp0: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:02 priority: 0 carp: MASTER carpdev sk0 vhid 2 advbase 1 advskew 0 groups: carp status: master inet6 fe80::200:5eff:fe00:102%carp0 prefixlen 64 scopeid 0x7 inet 152.84.3.1 netmask 0xff00 broadcast 152.84.3.255 inet 152.84.3.100 netmask 0x broadcast 152.84.3.100 inet 152.84.8.254 netmask 0xff00 broadcast 152.84.8.255 inet 152.84.9.1 netmask 0xff00 broadcast 152.84.9.255 Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 152.84.200.22 UGS 402 54435229 - 8 carp1 10.1.1.0/30 link#2 UC 1 0 - 4 em0 10.1.1.2 link#2 UHLc 1 445 - 4 em0 59.164.132.44 152.84.200.22 UGHD 0 54376662 - L 56 carp1 127/8 127.0.0.1 UGRS 0 0 33200 8 lo0 127.0.0.1 127.0.0.1 UH 6 55499 33200 4 lo0 152.84.3/24 link#3 UC 21 0 - 4 sk0 152.84.3.1 152.84.3.1 UH 0 4 - 4 carp0 152.84.3.2 00:22:4d:55:e6:df UHLc 0 3981459 - 4 sk0 152.84.3.4 00:24:8c:ff:2c:7b UHLc 0 9641 - 4 sk0 152.84.3.6 00:d0:b8:1e:36:7c UHLc 0 981 - 4 sk0 152.84.3.20 link#3 UHLc 1 100 - 4 sk0 152.84.3.21 6c:f0:49:f4:a8:ab UHLc 0 12584 - 4 sk0 152.84.3.34 70:71:bc:77:87:59 UHLc 0 32933 - 4 sk0 152.84.3.35 00:e0:4c:05:31:f8 UHLc 0 5 - 4 sk0 152.84.3.62 c8:9c:dc:44:44:c4 UHLc 0 11264 - 4 sk0 152.84.3.86 00:19:d1:8d:29:58 UHLc 0 25051 - 4 sk0 152.84.3.91 00:0d:b9:18:6e:28 UHLc 0 1458943 - 4 sk0 152.84.3.97 68:b5:99:ab:81:31 UHLc 0 35000 - 4 sk0 152.84.3.98 00:21:5a:f8:d1:86 UHLc 0 141931 - 4 sk0 152.84.3.100 127.0.0.1 UGHS 0 0 33200 8 lo0 152.84.3.100/32 152.84.3.100 U 0 0 - 4 carp0 152.84.3.157 00:00:21:cc:8f:01 UHLc 0 1331140 - 4 sk0 152.84.3.160 00:00:aa:98:43:00 UHLc 0 282 - 4 sk0 152.84.3.161 00:00:aa:a8:93:15 UHLc 0 28197
avoiding icmp redirect storm
Hi, I have a pair of firewalls running Obsd 4.9 and carp (in active-passive mode). I see a lot of icmp redirect packets in the network using tcpdump. I tried to block them with PF (both incomming and outgoing). block drop out log quick on $int_if inet proto icmp icmp-type redir block drop in log on $int_if inet proto icmp pass in on $int_if inet proto icmp icmp-type echoreq I tried net.inet.ip.redirect=0 net.inet.icmp.rediraccept=0 But still some icmp redirect packets go out through the interface where PF should be blocking. The source MAC of the icmp redirect packets is that of the $int_if interface. So, in short, is there a simple way to block all incomming and outgoing icmp redirect packets in a obsd firewall? Thanks in advance. Regards, Jose
Re: dhcpd sync and carp
Hi again, Since I am now seeing some IP address conflicts, I am understanding that dhcpd lease synchronization is not working properly. The funny thing is that I see dhcpd sync packets being sent through the sync interface and being received at the other side. I still can't see at the log files messages like: DHCP_SYNC_LEASE from Is there a way to debug this problem? Thanks in advance. Kind regards, Jose
Re: dhcpd sync and carp
Hi again, The strange thing is that spamd is getting the sync messages from the master firewall and updating the spamd tables and log files. But, although the dhcpd sync messages seem to go through the em0 iface, the dhcpd in the backup firewall is not displaying sync updates in the log files. I had a quick look at the dhcpd source code and understood that sync_recv should log messages of the type: note("DHCP_SYNC_LEASE from %s for hw %s -> ip %s, " "start %d, end %d", when it received a DHCP_SYNC_LEASE. Is that correct? Both firewalls share the same dhcpd.key file. Kind regards, Jose.
Re: dhcpd sync and carp
Hi, Thanks a lot for your hint. Now, I can see (what I guess should be) the sync packets going through the em0 iface: 07:54:32.877138 00:22:64:89:64:79 01:00:5e:00:01:f0 0800 142: 10.1.1.2.8067 > 224.0.1.240.8067: udp 100 [ttl 1] (id 20862, len 128) 07:54:32.877187 00:22:64:89:67:6a 01:00:5e:00:01:f0 0800 142: 10.1.1.1.8067 > 224.0.1.240.8067: udp 100 [ttl 1] (id 51033, len 128) However, I am still not seeing the "DHCP_SYNC_LEASE from" messages in the logs, which makes me think sync is still not working properly. Is there a way to make sure the sync is working? Thanks. Kind regards, Jose.
Re: dhcpd sync and carp
Hi again, Is it possible that the dhcp sync messages are not being sent/received through the sync iface (em0) because the Ip address associated with this iface is not in the same subnet of the IP addresses of the dhcpd servers? Should I be able to view the sync packets on the lo0 iface? kind regards, Jose.
dhcpd sync and carp
Hi, I have two obsd machines running OpenBSD 4.9 STABLE and CARP for failover. Each machine has 3 interfaces: sk1(external) sk0(internal) em0(sync) em0 has a direct cable connecting the two machines. Both machines use exactly the same dhcpd.conf file to serv IP addresses on sk0. I have set skip on em0 set skip on lo0 on both sides. I use dhcpd_flags="-y em0 -Y em0 sk0" For some reason, I think dhcpd is not synchronizing the leases. Although I see this kind of messages in the logs of both firewalls, I cannot see the packets being sent or received. dhcpd[13353]: sending DHCP_SYNC_LEASE for hw 00:26:e8:78:49:db -> ip a.b.c.d, start 1332327048, end 1332334248 But I see pfsync messages going through the em0 iface, like the one below: 07:53:55.380578 00:22:64:89:67:6a 01:00:5e:00:00:f0 0800 1486: 10.1.1.1 > 224.0.0.240: PFSYNCv6 len 1452 B B act UPD ST COMP count 17 B B ... (DF) [tos 0x10] (ttl 255, id 8912, len 1472) When I run route -n get 224.0.1.240, I get: route to: 224.0.1.240 destination: 224.0.0.0 mask: 240.0.0.0 interface: lo0 if address: 127.0.0.1 priority: 8 (static) flags: use B B B mtu B B expire 4249 B B 33200 B B B B 0 My questions are: 1) Why I cannot see the dhcpd sync packets using tcpdump -nevvi em0? 2) Is there a way to verify that they are in sync? Thanks for any help. Kind regards, Jose
poor tcp performance
Hi, I am running openbsd 4.2 on a box and I would like help trying to identify networking bottlenecks. While trying to download a file from another obsd box at the network using wget, I get very low rate. # wget http://192.168.1.254/bsd1 --18:03:29-- http://192.168.1.254/bsd1 => `bsd1.1' Connecting to 192.168.1.254:80... connected. HTTP request sent, awaiting response... 200 OK Length: 61,758,702 (59M) [text/plain] 100%[>] 61,758,702 2.30M/s 18:03:55 (2.32 MB/s) - `bsd1.1' saved [61758702/61758702] But when I use iperf, I get quite high transfer rates: # iperf -i 10 -w 256K -c 192.168.1.254 -t 3002 Client connecting to 192.168.1.254, TCP port 5001 TCP window size: 256 KByte [ 3] local 192.168.1.148 port 44687 connected with 192.168.1.254 port 5001 [ 3] 0.0-10.0 sec111 MBytes 93.4 Mbits/sec [ 3] 10.0-20.0 sec111 MBytes 93.5 Mbits/sec [ 3] 20.0-30.0 sec111 MBytes 93.5 Mbits/sec [ 3] 30.0-40.0 sec111 MBytes 93.5 Mbits/sec My question is what could be causing the tcp poor performance? Thanks for any suggestion. Regards, Jose - # ifconfig sk0 sk0: flags=8943 mtu 1500 lladdr 00:22:b0:5d:5d:08 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::222:b0ff:fe5d:5d08%sk0 prefixlen 64 scopeid 0x2 inet 192.168.1.148 netmask 0xff00 broadcast 192.168.1.255 # sysctl net.inet.ip net.inet.ip.forwarding=0 net.inet.ip.redirect=1 net.inet.ip.ttl=64 net.inet.ip.sourceroute=0 net.inet.ip.directed-broadcast=0 net.inet.ip.portfirst=1024 net.inet.ip.portlast=49151 net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 net.inet.ip.maxqueue=300 net.inet.ip.encdebug=0 net.inet.ip.ipsec-expire-acquire=30 net.inet.ip.ipsec-invalid-life=60 net.inet.ip.ipsec-pfs=1 net.inet.ip.ipsec-soft-allocs=0 net.inet.ip.ipsec-allocs=0 net.inet.ip.ipsec-soft-bytes=0 net.inet.ip.ipsec-bytes=0 net.inet.ip.ipsec-timeout=86400 net.inet.ip.ipsec-soft-timeout=8 net.inet.ip.ipsec-soft-firstuse=3600 net.inet.ip.ipsec-firstuse=7200 net.inet.ip.ipsec-enc-alg=aes net.inet.ip.ipsec-auth-alg=hmac-sha1 net.inet.ip.mtudisc=1 net.inet.ip.mtudisctimeout=600 net.inet.ip.ipsec-comp-alg=deflate net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=550 net.inet.ip.ifq.drops=0 net.inet.ip.mforwarding=0 net.inet.ip.multipath=0 # sysctl net.inet.tcp net.inet.tcp.rfc1323=1 net.inet.tcp.keepinittime=150 net.inet.tcp.keepidle=14400 net.inet.tcp.keepintvl=150 net.inet.tcp.slowhz=2 net.inet.tcp.baddynamic=587,749,750,751,871 net.inet.tcp.recvspace=16384 net.inet.tcp.sendspace=16384 net.inet.tcp.sack=1 net.inet.tcp.mssdflt=512 net.inet.tcp.rstppslimit=100 net.inet.tcp.ackonpush=0 net.inet.tcp.ecn=0 net.inet.tcp.syncachelimit=10255 net.inet.tcp.synbucketlimit=105 net.inet.tcp.rfc3390=1 net.inet.tcp.reasslimit=3072 net.inet.tcp.sackholelimit=32768 # pfctl -si Status: Disabled for 0 days 00:21:26 Debug: Urgent OpenBSD 4.2-stable (GENERIC) #0: Fri Mar 7 15:40:50 BRT 2008 r...@spamd.my.domain:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA C7-M Processor 6300MHz ("CentaurHauls" 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT, CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR real mem = 1004826624 (958MB) avail mem = 963846144 (919MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/27/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfcfc0 (47 entries) bios0: vendor American Megatrends Inc. version "080014 " date 27/04/2009 bios0: Phitronics PC3000E+ apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5d40/256 (14 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3372 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #128 is the last bus bios0: ROM list: 0xc/0xd400 cpu0 at mainbus0 cpu0: Enhanced SpeedStep disabled by BIOS pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "VIA P4M900 Host" rev 0x00 pchb1 at pci0 dev 0 function 1 "VIA P4M900 Host" rev 0x00 pchb2 at pci0 dev 0 function 2 "VIA P4M900 Host" rev 0x00 pchb3 at pci0 dev 0 function 3 "VIA P4M900 Host" rev 0x00 pchb4 at pci0 dev 0 function 4 "VIA P4M900 Host" rev 0x00 "VIA P4M900 IOAPIC" rev 0x00 at pci0 dev 0 function 5 not configured pchb5 at pci0 dev 0 function 6 "VIA P4M900 Security" rev 0x00 pchb6 at pci0 dev 0 function 7 "VIA P4M900 Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor "VIA", unknown product 0x3371 rev 0x01: aperture at 0xf800, size 0x100
Re: automating 'fsck -y' after a power failure
Hi, > If that was a wisething to do, we would have already done so. In other > words, it is not wise. It's foolish. > > -Otto I totally agree with you. This should not be in the release. However, I have a few obsd boxes working at places where I can not reach with ease. What I want to avoid is telling a client (who does not know anything about unix or Xbsd), by phone, to run 'fsck -y', when the system does not boot, as a last resource, before I have to go there myself. Sometimes, not even a console is available. Thanks for your insight. Regards, Jose -- An Excellent Credit Score is 750 See Yours in Just 2 Easy Steps!
automating 'fsck -y' after a power failure
Hi, Is it possible to automate the process of running fsck -y after a power or other type of failure, in cases the automatic file system check fails? Thanks in advance. Regards, Jose -- An Excellent Credit Score is 750 See Yours in Just 2 Easy Steps!
simple pipe question
Hi, I know this is not the right place to ask. Sorry in advance. I would like to delete some addresses from the spamd db using a pipe-like structure. Suppose that I want to remove all white IP addressses that start with 189.25. I could use spamdb | grep "^WHITE|189\.25\." | awk -F \| '{print $2}' Then I would run 'spamdb -d' for every address that is displayed, manually. Could I somehow pipe the output of above command directly to spamdb? Thanks in advance. Regards, Jose -- How Strong is Your Score? Click here to see yours for $0! By FreeCreditReport.com
spamd blacklists size limit and performance
Hi, I am running spamd/obsd 4.5 on a bridge using the i386 kernel. Is there a limit to the size a spamd blacklist may reach? Can one estimate the impact on performance if any of adding a new blacklist of say 100 IP addresses? Thanks in advance. Regards, Jose. -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
dealing with incoming mail your own domain
Hi, I wrote a quick and dirty diff to Bob Beck's greyscanner that traps hosts using a badfrom/BADFROM similar to the existing badrcpt/BADRCPT procedure. I started using this script to trap hosts that try to send mail using my own destination domain in the 'from:' field. It is catching many hosts, but I am afraid the principle might be wrong. Bsically, if my network has de MX servers for domain @example.com, and a host tries to send a mail saying 'mail from:', I will trap him. So I would like to hear opinions from the more experienced users about the pros and cons of this idea. Thanks ahead. Regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
Re: spamd nixspam.gz not found
Hi, Actually, it is still there. But the format has changed and spamd is not being able to handle it because the IP address is now in the second column, like in: 2009-06-24T12:28+0200 117.199.144.132 So, for the time being, the best thing to do is to use wrapper script. Regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
antispam common practice for dealing with removed users
Hi, I guess most domain admins have come across this problem, and have an opinion about how to best deal with it. The user account is open. The user starts to opt-in some mailing lists. He is added to some others with opt-out policy. Sometime later, the user is removed before he opts-out of the list he (was) subscribed. Some may decide to add the removed email address to a spamtrap list. Some may prefer to wait a while. But the point is: the mailserver sending messages to the old email address is not generating spam. Yet it may end up being blacklisted over and over and over again. I do not know if it is only the mailing list administrator's task and responsability to keep the list update, or even if this task can be done. I would like to hear from members of the list how they are dealing with this sort of situation. Thanks in advance Regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
correct HELO behaviour in SMTP connections
Hi, If a host is responsible for sending outgoing messages from multiple domains, should it always use the same HELO command (ie. the same hostname) or could it use a different HELO command when sending mail from different domains? Thanks for your help. Regards, Jose. -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
spamd uatraps blacklist size
Hi, This list has gone quite small in size recently. The size changed from above 10 IP addresses to only 1 now. Could it be because University of Alberta is not being targeted so often anymore? Or is it because they have become more selective in trapping addresses? Thanks for any comments. Regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
Re: whitelisting X DSL (dynamic IP)s
Hi, Thanks for the tip on using submission, SSL or TLS ports. That solves many of my problems. But I still think that dynmically allocated IPs should be treated somehow differently by SPAMD greylisting process. My point is that if a remote SMTP server goes through the greylisting process and ends up getting its IP address whitelisted, that should not be inherited by the next owner of that IP address. I know it may be difficult (if not impossible) to identify whether an IP address is part of an address poll of some DSL or cable provider (maybe there is a list kept somewhere in the world of such ranges). I know for sure one these ranges here in Brazil. And I see a hell of a lot of spam passing through SPAMD, just because some of these IP addresses got whitelisted by an earlier well-behaved temporary owner. So I would like to know if someone has come up with an interesting idea on dealing this issue. Best regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
whitelisting X DSL (dynamic IP)s
Hi, I am planning to setup a network with a OpenBSD/SPAMD firewall, and an internal POSTFIX server with SASL SMTP AUTH. While think about it, I realized that I have a problem here. Whenever a mobile user wants to send mail (relaying) through the POSTFIX server, he will have to go through the greylist process. I can tell my users to try at least 3 times ( in a period of 30 minutes) to send email messages every time they change IP address. But then, I will end up with a bunch of whitelisted dynamically allocated IPs by various ISPs. So my question is: what is the best way to deal with this kind of situation. Should I reduce the value of whiteexp ? Has anybody thought of way of cleaning such road-warrior addresses on a daily basis ? To be fare, these address should not stay in the whitelist for long, since they change hands quite often!! Any comments, suggestion, links would be appreciated. Best regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
Re: odd greyscanner behaviour
Hi, > How would it know that dns is down? Ask again and hope it works? > There's no difference between the answers you get for "this domain > doesn't exist" and "the network is broken". I can understand that. It makes a lot of sense now. One thing I could do is to increase the timeout value of the script and hope the false positives decrease or even deactive DNS checks alltogether. # DNS sucks moose rocks. So we have to do a bazillion queries in # parallel to get any kind of speed. Sigh... Whip through the list of # addresses being sent, and validate them by checking for an A or # MX record. We don't use Email::Validate because it can't do background # queries. instead we use Net::DNS directly and call select.. my $timeout = 15; my $sel = IO::Select->new; Could there be any unwanted side-effects from this change? Regards, Jose -- Nothing says Labor Day like 500hp of American muscle Visit OnCars.com today.
Re: odd greyscanner behaviour
Meanwhile, The reason for the original problem from which this thread was generated is yet to be discussed. Any comments on that would be appreciated. Regards, Jose -- Nothing says Labor Day like 500hp of American muscle Visit OnCars.com today.
Re: odd greyscanner behaviour
Hi, Thank you for your reply. > You must be aware that google and other such popular mail services like > yahoo!, hotmail etc. blatantly flout RFC2821 and retry mails from a bank > of mail servers. Notice that it is not a matter of spamd trapping the google host. The greyscanner script is trapping the host. And for one reason: it could not get a A or MX record out of a DNS query. Maybe this query timeout and the greyscanner assumed a negative response. So I think that the script should be able to understand this and not trap the host in these cases. Otherwise, it is not recommended to run the greyscanner in environments where the Inernet connection may suffer temporarily. Regards, Jose -- Nothing says Labor Day like 500hp of American muscle Visit OnCars.com today.
odd greyscanner behaviour
Hi, I am running OpenBSD 4.4, spamd and greyscanner41 in a box. Looking at the log entries from the greyscanner, I found this entry and others which I find a bit strange: Aug 28 12:55:44 wall greytrapper[25604]: Trapped 209.85.132.241: Mailed from sender gmail.com with no MX or A Now, this IP address has an A record and it is from google. So my guess is that due to some temporary network instability, the reverse lookup is failing. But should the greyscanner script not be able to identify this and disregard instead of trapping the IP address? Thanks in advance. Regards, Jose -- Nothing says Labor Day like 500hp of American muscle Visit OnCars.com today.
Re: question about Bob Beck's greyscanner
Hi, This is my configurations of the greyscanner: $SCAN_INTERVAL = 600; $DNS_SOCK_MAX=50; $SUSPECT_TUPLES = 6; $MAX_DOMAINS = 8; $MAX_SENDERS_RATIO = 0.85; My idea was to be a bit more conservative than the default configuration. Is there any inconsistency in the above set of parameters? Regards, Jose > - Original Message - > From: "Raimo Niskanen" <[EMAIL PROTECTED]> > To: "Jose Fragoso" <[EMAIL PROTECTED]>, misc@openbsd.org > Subject: Re: question about Bob Beck's greyscanner > Date: Wed, 27 Aug 2008 11:44:20 +0200 > > > On Tue, Aug 26, 2008 at 06:04:22PM -0300, Jose Fragoso wrote: > > Hi, > > > > I am running spamd on a OpenBSD 4.1 box with the greyscanner.41 running every > > 10 minutes. > > > > Recently I noticed the following log entry: > > > > Aug 26 15:47:58 gwint greytrapper[11467]: Trapped 91.82.157.211: > > Senders/Tuples ration is 9/8 senders/tuples (> 0.85) > > > > Now my question is how is it possible for the number of senders to be > > greater than the number of tuples? Or should the script display > > > > 8/9 senders/tuples (> 0.85) > > The script appears to do it right: > > my @senders = split("\t", $FROM{$grey}); > : > my $count = @senders; > : > my %S = undef; > : > foreach $s(@senders) { > $S{"$s"}++; > : > } > : > my $scount = keys %S; > : > } elsif ($scount/$count > $MAX_SENDERS_RATIO) { > $reason = "Senders/Tuples ration is $scount/$count" > . " senders/tuples (> $MAX_SENDERS_RATIO)"; > > $count is number of tuples for a host and $scount is > number of unique From: addresses among these tuples. > > Senders/Tuples of 9/8 should not be possible. > It is a strange bug... > > > > > > Thanks in advance for any explanation. > > > > Regards, > > > > Jose > > > > > > -- > > Be Yourself @ mail.com! > > Choose From 200+ Email Addresses > > Get a Free Account at www.mail.com > > -- > > / Raimo Niskanen, Erlang/OTP, Ericsson AB > -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
question about Bob Beck's greyscanner
Hi, I am running spamd on a OpenBSD 4.1 box with the greyscanner.41 running every 10 minutes. Recently I noticed the following log entry: Aug 26 15:47:58 gwint greytrapper[11467]: Trapped 91.82.157.211: Senders/Tuples ration is 9/8 senders/tuples (> 0.85) Now my question is how is it possible for the number of senders to be greater than the number of tuples? Or should the script display 8/9 senders/tuples (> 0.85) Thanks in advance for any explanation. Regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
Re: trouble with running spamd on 4.4 BETA [SOLVED]
Hi again, It seems that I needed: set skip on lo0 Funny thing is that the same ruleset works on 4.3 without the need for this statement. Was there some change in the route-to logic from 4.3 to 4.4? This may be of interest for someone running spamd in a bridge setup. Kind regards, Jose. -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
trouble with running spamd on 4.4 BETA
Hi, I am having some problems while trying to run spamd in greylisting mode in a bridge. For some reason, spamd is not greylisting, and the all the connections (even the initial ones) seem to timeout. I see no added GREY entry with spamdb. If I try to connect (say, using telnet ipaddr smtp) to the smtp server from outside, I only see the first '220 hostname ESMTP spamd ...' message. After that, everything hangs. If I type helo myhostname, I get no answer. From what I understand, I should get something like "250 Hello, spam sender. Pleased to be wasting your time." Everything else is working, except for spamd. Below are my config files. This pf ruleset is being used in another network where the bridge runs 4.3-STABLE. I have no problem there. Thanks in advance for any help or suggestion. Regards, Jose -- PF.CONF #external has IP address - bottom interface filter_if="bge0" # internal is IP less - top interface pass_if="bge2" # some settings set limit states 25 set loginterface $filter_if # tables table persist mta="my-IP-mta" rdr on $filter_if inet proto tcp from ! to any \ port smtp -> 127.0.0.1 port spamd pass in on $filter_if route-to lo0 proto tcp from any to 127.0.0.1 \ port spamd pass in log on $filter_if inet proto tcp from to $mta \ port smtp keep state pass out log on $filter_if inet proto tcp from $mta to any \ port smtp keep state pass in log on $filter_if inet proto tcp from any to any port ssh \ flags S/SA keep state \ (max-src-conn 6, max-src-conn-rate 5/3, \ overload flush global) SPAMD processes # ps -ax | grep spam 19141 ?? I 0:00.38 spamd: [priv] (greylist) (spamd) 7198 ?? Is 0:00.01 spamd: (pf update) (spamd) 26340 ?? I 0:00.00 spamd: (/var/db/spamd update) (spamd) 23668 ?? Ss 0:00.01 /usr/libexec/spamlogd # tail /var/log/spamd Jul 8 20:02:12 wall spamd[13675]: 65.55.116.88: connected (15/0) Jul 8 20:02:23 wall spamd[13675]: 190.232.82.86: connected (16/0) Jul 8 20:02:39 wall spamd[13675]: 146.164.38.80: connected (17/0) Jul 8 20:02:41 wall spamd[13675]: 190.232.82.86: connected (18/0) Jul 8 20:03:30 wall spamd[13675]: 208.97.187.133: connected (19/0) Jul 8 20:03:55 wall spamd[13675]: 200.181.15.42: connected (20/0) Jul 8 20:05:01 wall spamd[13675]: 190.232.82.86: connected (21/0) Jul 8 20:05:11 wall spamd[13675]: 200.181.15.42: connected (22/0) Jul 8 20:05:39 wall spamd[13675]: 72.14.246.250: connected (23/0) Jul 8 20:05:39 wall spamd[13675]: 150.161.200.3: disconnected after 416 seconds . Jul 8 20:06:28 wall spamd[13675]: 143.107.45.8: disconnected after 422 seconds. Jul 8 20:06:28 wall last message repeated 12 times Jul 8 20:07:16 wall spamd[13675]: 190.232.82.86: connected (10/0) Jul 8 20:08:24 wall spamd[13675]: 204.92.87.157: connected (11/0) Jul 8 20:08:46 wall spamd[13675]: 190.232.82.86: connected (12/0) Jul 8 20:09:23 wall spamd[13675]: 150.161.200.3: connected (13/0) Jul 8 20:09:23 wall spamd[13675]: 65.55.116.88: disconnected after 431 seconds. Jul 8 20:09:23 wall spamd[13675]: 190.232.82.86: disconnected after 420 seconds . Jul 8 20:09:30 wall spamd[13675]: 146.164.38.80: disconnected after 411 seconds Jul 8 20:10:04 wall spamd[13675]: 65.55.116.88: connected (10/0) Jul 8 20:10:05 wall spamd[13675]: 190.246.48.220: connected (11/0) Jul 8 20:10:28 wall spamd[13675]: 208.97.187.133: disconnected after 418 second s. Jul 8 20:11:28 wall spamd[13675]: 200.181.15.42: disconnected after 453 seconds . Jul 8 20:11:38 wall spamd[13675]: 70.84.142.148: connected (10/0) Jul 8 20:12:12 wall spamd[13675]: 200.221.4.193: connected (11/0) Jul 8 20:12:12 wall spamd[13675]: 190.232.82.86: disconnected after 431 seconds . Jul 8 20:12:12 wall spamd[13675]: 200.181.15.42: disconnected after 421 seconds . Jul 8 20:13:28 wall spamd[13675]: 72.14.246.250: disconnected after 469 seconds . Jul 8 20:13:48 wall spamd[13675]: 200.221.4.194: connected (9/0) Jul 8 20:14:28 wall spamd[13675]: 190.232.82.86: disconnected after 432 seconds . Jul 8 20:14:30 wall spamd[13675]: 208.97.187.133: connected (9/0) Jul 8 20:14:34 wall spamd[13675]: 64.57.243.75: connected (10/0) Jul 8 20:15:10 wall spamd[13675]: 189.54.251.235: connected (11/0) DMESG -- -- OpenBSD 4.4-beta (GENERIC) #0: Tue Jul 8 15:04:19 BRT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR real mem = 1073094656 (1023MB) avail mem = 1029439488 (981MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/17/05, BIOS32 rev. 0 @ 0xfd721, SMBIOS rev. 2.3 @ 0xf602c (50 entries) bios0: vendor IBM version "-[APE121AUS-1.06]-" date 01/17/2005 bios0: IBM eserver xSeries 336 -[883721U]- acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC MCFG acpi0: wakeup devices PCI0(
pf.conf comment lines
Hi, I am running OpenBSD 4.3 STABLE in an i386 machine. The man page for pf.conf says at some point: "Any lines beginning with a # are treated as comments and ignored." Now, if a comment line ends with "\", should the next line be also treated as comment? I noticed this behaviour and I do not know whether or not it should work like that. Many times, when we are trying to test a different setup, we duplicate a line, change something, and comment out the original line. Thanks in advance. Regards, Jose -- See Exclusive Videos: 10th Annual Young Hollywood Awards http://www.hollywoodlife.net/younghollywoodawards2008/
Re: spamd sync question
Hi, I apologize to replying to myself. I am just trying to provide more info about my question so that maybe someone will be able to give an answer. 1) I wanted to run the new version of spamd (with the up to date sync protocol) without having to upgrade to CURRENT. I guess I can not or should not do it. 2) In my setup the two bridges that should be in sync are in front of MTAs with different IP addresses (different MX or different destionation domain address). So I wonder if it makes sense to sync both the greylists and whitelists, or only the whitelists. Thanks for any help. Regards, Jose. -- See Exclusive Videos: 10th Annual Young Hollywood Awards http://www.hollywoodlife.net/younghollywoodawards2008/
Re: spamd sync question
I forgot to mention that both bridges will run i386 kernel. If anyone with experience in this kind of setup would like to comment, I would appreciate. Regards, Jose -- See Exclusive Videos: 10th Annual Young Hollywood Awards http://www.hollywoodlife.net/younghollywoodawards2008/
spamd sync question
Hi, I am working to setup a spamd environment where we will have two OpenBSD/spamd bridges running in synchronization mode, one at each Internet link we have. One of these bridges is already running and has already its white and grey lists populated. I now plan to active the second bridge, and I would like to import the white and grey lists from the first bridge. I suppose I could simply stop spamd and spamlogd in the first bridge, copy /var/db/spamd to /var/db in the second bridge, and then startup spamd and spamlogd in both bridges with the with -y and -Y options. However I have two points the are still not quite clear to me. 1. The first bridge runs 4.2 STABLE whereas the second one will run 4.3 STABLE. Will that be a problem? Could I bring spamd and spamlogd versions only runnning on both bridges to use the new sync protocol without having to upgrade them both to CURRENT? 2. The MTA and outgoing SMTP server on each side differ. Apart from changing the PF rules (to log SMTP connections), would there be anything else I should worry about? Thanks in advance. Regards, Jose. -- Mail.com Autos- Powered by Oncars.com: Drive By Today! http://www.oncars.com
knowing spamd blacklist size
Hi, In OpenBSD 4.3, is there a way to find out via script the current size of the spamd blacklist? Thanks in advance. Regards, Jose -- Mail.com Autos- Powered by Oncars.com: Drive By Today! http://www.oncars.com
intermediate email host setup help
Hi, I would like some help to setup an environment which could be used in most xDSL clients. These clients normally host their real DNS and email at some place like dreamhost. I would like to bring via pop3 these emails (for each user) and then do some filtering (spam, virus, etc.) and host them locally. A user in the client's network would then point to my host to retrieve his email messages. Has anyone worked on a setup like this before? Is it at all doable? What tools would be suited for this task? Thanks for any help. Regards, Jose -- See Exclusive Video: 10th Annual Young Hollywood Awards http://www.hollywoodlife.net/younghollywoodawards2008/
Re: spamd -M behaviour when real MX is down
Hi Stuart, > If you run spamd -M then you must have more than one IP address > that is handled by spamd. > e.g. > MX 0 mailhost > MX 10 spamd > MX 20 spamd (-M address) Sorry. I forgot to explain. My spamd box is running as a bridge. So it is not an MX. The correct setup is: MX 0 mailhost MX 10 spamd (-M address) Now what happens when the mailhost is down? Will spamd politely drop the SMTP connection to its fake IP address? Will it delay the first 10 secs (-s)? Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
script to process spamd and generate html
Hi, Anyone written scripts that analyse SPAMD logs and generate html reports, and could share them with us? Thanks in advance. Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: spamd -M behaviour when real MX is down
Hi, Martin! Thanks for your reply. > The real MTA is not involved here. What's important is that "spamd with the > low priority MX address active must see all the greylist changes for a > higher priority MX host for the same domains, either by being synchro- > nised with it, or by receiving the connections itself". (from the man page). Yes. But the man page does not say how SPAMD would behave if the real MTA (high priority MX) is down. In such a situation, a remote host trying to deliver a message to a given domain, will try the real MTA first (and SPAMD will see this pass through). Since it is down, the host will next try to make an SMTP connection to the low-pri MX address, which is controlled by SPAMD, right? This is what my question is about. How will SPAMD react to this connection? Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
spamd -M behaviour when real MX is down
Hi, Since I am not able to test this now in the real world, I would like to know how would spamd behave when it received SMTP connections to a fake low priority MX address and the real MTA was unavailable at the time. I mean, would the connection be rejected with error 450? Would there be any initial stuttering (like in -S)? Thanks in advance. Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
understanding PF src-limit counter
Hi, I searched the FAQ and the man pages (for pf, pf.conf and pfctl.conf), but I did not find a definition for the src-limit counter which is showed by the command pfctl -si. With pfctl -sa I saw this: LIMITS: stateshard limit 20 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 20 So I am guessing that src-limit has something to do with src-nodes. Is it a limit of different source concurrent IP address for connections? I am seeing this counter increase in one of the machines I control. If someone could point out where to find more information about this counter, I would appreciate. Thanks in advance. Regards, Jose. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: another spamd log question
Hi, I forgot to say that I am runnning OpenBSD 4.2 and spamd in greylisting mode and all default parameters (-G). My understanding is that if an IP address, after 4 hours of the initial greylist entry, has not been whitelisted yet, then it was a spammer who gave up because of the greylisting process. But I am not quite sure if there other (signifcant) situations which may occur in a similar way that I should not account for. Thanks for any comments. Regards, Jose. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
another spamd log question
Hi, Let us say I run a script which analyses the spamd log file saved more than 4 hours ago. Can I assume that the messages of the type: ...: ipaddress1: disconnected after X seconds. that do not specify a list and for which ipaddress1 is not whitelisted at the momentare spams caught by the greylist process? or are there some exceptions? Thanks for your comments. Regards, Jose. -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
kernel trap in 4.3
Hi, Following a suggestion from a misc member after I complained about slow IO on a IBM xSeries 336 (see 'write cache on scsi'), I tried to install a snapshot. Except for the very slow filesystems creation, the install process went through ok. But when I tried to boot the newly installed machine, I got a kernel trap and was sent to ddb> bios: IBM eServer xSeries 336 -[883721U]- acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC MCFG acpi0: wakeup device PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24bits acpiprt0 at acpi0uvm_fault(0xd07ca0c0, 0xd1977000, 0, 3) -> 3 kernel: paga fault trap code=0 Stopped at bcopy+0x1a: repe movsl(%esi),%es:(%edi) bcopy(d1972684,73,d1973910,ac) at bcopy+0x1a aml_parseop(d1972684,d1973910,74) at aml_parseop+0xe6 aml_parseterm(d1972684,d092c8d0,390,d07a41d0,d1972684) at aml_parseterm+0x2c aml_callmethod(d1972684,d092c8d0,d198295f,d1965984,d077fb42) at aml_callmethod+0x26 aml_evalmethod(0,d1965984,0,0,d092c8d0) at aml_evalmethod+0x41 aml_evalnode(d1960e00,d1965984,0,0,d092c8d0,d092c8d0,d092c8e8,d0673662) at aml_evalnode+0xc7 acpiprit_getpcipus(d19726c0,d1965604,d092c958,d0673662,d1965384) at acpiprt_getpcibus+0x30 acpiprit_getpcipus(d19726c0,d1965484,64,d1955ef0,d092ca6c) at acpiprt_getpcibus+0xcf acpiprit_getpcipus(d19726c0,d1971d04,d092ca58,d1955f00,0) at acpiprt_getpcibus+0xcf acpiprit_attach(d1960e00,d19726c0,d092cae0,d1960e00,d1960e00) at acpiprt_attach+0x22 I did try to save theses messages in the dmesg and copy and paste them afterwords but I did not manage, I this was all written down and then typed in here. The output of ps looks like this: ddb> ps PID PPID PGRP UIDS FLAGS WAITCOMMAND * 0 -1 0 0 7 0x80200 swappper The output of trace looks like this: ddb> trace bcopy(d1972684,73,d1973910,ac) at bcopy+0x1a aml_parseop(d1972684,d1973910,74) at aml_parseop+0xe6 aml_parseterm(d1972684,d092c8d0,390,d07a41d0,d1972684) at aml_parseterm+0x2c aml_callmethod(d1972684,d092c8d0,d198295f,d1965984,d077fb42) at aml_callmethod+0x26 aml_evalmethod(0,d1965984,0,0,d092c8d0) at aml_evalmethod+0x41 aml_evalnode(d1960e00,d1965984,0,0,d092c8d0,d092c8d0,d092c8e8,d0673662) at aml_evalnode+0xc7 acpiprit_getpcipus(d19726c0,d1965604,d092c958,d0673662,d1965384) at acpiprt_getpcibus+0x30 acpiprit_getpcipus(d19726c0,d1965484,64,d1955ef0,d092ca6c) at acpiprt_getpcibus+0xcf acpiprit_getpcipus(d19726c0,d1971d04,d092ca58,d1955f00,0) at acpiprt_getpcibus+0xcf acpiprit_attach(d1960e00,d19726c0,d092cae0,d1960e00,d1960e00) at acpiprt_attach+0x22 config_attach(d1960e00,d07852c8,d092cae0,d06713c4) at config_attach+0xf0 aci_foundprt(d1971d04,d1960e00,d0670bc8,d1960e00,0) at acpi_foundprt+0x95 aml_find_node(d1965384,d077e3b7,d0670bc8,d1960e00) at aml_find_node+0x6e aml_find_node(d1965504,d077e3b7,d0670bc8,d1960e00) at aml_find_node+0x5f aml_find_node(d195f5c4,d077e3b7,d0670bc8,d1960e00) at aml_find_node+0x5f aml_find_node(d195fc84,d077e3b7,d0670bc8,d1960e00) at aml_find_node+0x5f aml_find_node(d1965384,d077e3b7,d0670bc8,d1960e00,d195fec4,d077e3b2,d0670b40, d1960e00) at aml_find_node+0x5f acpi_attach(d195ff80,d1960e00,d092cd50,d195ff80,0) at acpi_attach+0x431 config_attach(d195ff80,d0785184,d092cd50,d0603378) at config_attach+0xfd biosattach(d195ffc0,d195ff80,d092ce80,d195ffc0,d0202251) at biosattach+0x353 config_attach(d195ffc0,d07843e0,d092ce80,d04a4d80,d06d26f8) at config_attach+0xfd mainbus_attach(0,d195ffc0,0,de701000,d092b334) at mainbus_attach+0x3d config_attach(0,d0781d34,0,0,0) at config_attach+0xfd config_rootfound(d06d0f6b,0,d092cf38,d0478826) at config_rootfound+0x27 cpu_configure(d0898ca0,1,3,0,2) at cpu_configure+0x29 main(0,0,0,0,0) at main+0x38a The only way I managed to boot the machine was to disable acpi at the ukc> prompt. But then again, I did not solve my original problem. A simple command like 'mv src.tar.gz ..' takes more than 10 seconds to execute. Here is the output of top | cat while the mv is going on. load averages: 0.35, 0.18, 0.1215:06:28 22 processes: 21 idle, 1 on processor CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Memory: Real: 8416K/144M act/tot Free: 856M Swap: 0K/1024M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 8033 root -50 436K 148K sleepgetblk0:00 0.05% mv 18074 root 20 1056K 1848K sleepselect0:01 0.00% sendmail 12787 root 20 692K 840K idle select0:00 0.00% cron 20289 ell20 3372K 1900K sleepselect0:00 0.00% sshd 16301 _syslogd 20 620K 776K sleeppoll 0:00 0.00% syslogd 4170 root 20 3336K 2428K idle netio 0:00 0.00% sshd 10977 root 20 3368K 2372K idle netio 0:00 0.00% sshd 12611 root 30 664K 512K idle ttyin 0:00 0.00% ksh 25086 root 180 528K 512K sleeppause 0:00 0.00% ksh 21668 ell20 3304K 1932K sleepselect0:00 0.0
WHITE and GREY spamdb entries from the same host
Hi, Is it normal to have white and grey entries from the same IP address showing up in the output of spamdb? Should the GREY entries not be deleted once the IP address is whitelisted? GREY|217.130.91.233|qanr.comunitel.net||| 1205058895|1205060468|1205073295|6|0 WHITE|217.130.91.233|||1205058895|1205060468|1208171170|6|1 Thanks for the explanation. Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: spamd logging question
Hi, I am assuming the lack of replies is due to the fact that I was not clear enough in my questioning. So I will try to rephrase my question. I run opbsd 4.2 on a i386 machine. I am trying to analyse the spamd log file (I changed syslog.conf so that it will send logging information only to /var/log/spamd). I use the option "-v" in rc.conf.local for spamd_flags. During the analysis (which I am trying to do using a perl script), I was faced with messages like last message repeated X times. In order to be acurate in my log analysis, I need to understand exacly what these messages mean. Specially when they show just after a message like: disconnected after Y seconds. lists: Z These messages carry basically (with respect to my analysis) four bits of information: date and time; IP address; duration of the connection; blacklists. What I want to know is what exacly was repeated from the last message. All of last three bits of information (not including date and time)? Or is there some kind of generalization going on here? Secondly, I would like to know if there some way of disabling this kind of summarization by syslogd. I would appreciate some comments or suggestions about dealing with this situation. Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
pfctl -t -T test output
Hi, The output of pfctl -t ... -T show goes to stdout by default. But the output of pfctl -t ... -T test goes to stderr. Is there a particular reason for this? I am trying to write a perl script that in some moment tests if an IP address is already whitelisted and I have not many skills for doing this kind of redirection. If anyone can help, I will be thankful. Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
spamd logging question
Hi, If I see messages like "last message repeated n times" showing up in my spamd log file, and the last message is of type "disconnected after ... seconds. lists: ", is it correct to assume that n spam attempts were caught from the same remote host, by the same blacklist(s), wasting the same amount of time in the remote host, at the same time? Is there an easy way of disabling this kind of log simplification? Thanks for any help. Regards, Jose -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: write cache on scsi
Hi, $ cat top load averages: 0.12, 0.12, 0.0814:30:38 21 processes: 20 idle, 1 on processor CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.1% interrupt, 99.8% idle Memory: Real: 8216K/145M act/tot Free: 856M Swap: 0K/1024M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 30086 ell20 3192K 2044K sleepselect0:00 0.00% sshd 4222 root 20 1092K 1528K sleepselect0:00 0.00% sendmail 20181 ell20 3328K 2056K sleepselect0:00 0.00% sshd 25280 root 20 3216K 2380K idle netio 0:00 0.00% sshd 4557 root 20 3320K 2360K idle netio 0:00 0.00% sshd 21292 _syslogd 20 536K 716K sleeppoll 0:00 0.00% syslogd 1770 root 20 544K 856K idle select0:00 0.00% cron 4810 root -50 380K 156K sleepgetblk0:00 0.00% mv 30965 root 180 524K 516K sleeppause 0:00 0.00% ksh 8845 ell 180 432K 492K sleeppause 0:00 0.00% ksh 26076 ell 180 540K 492K idle pause 0:00 0.00% ksh 1 root 100 440K 348K idle wait 0:00 0.00% init 19039 root 30 384K 764K idle ttyin 0:00 0.00% getty 16262 root 20 612K 1196K idle select0:00 0.00% sshd 32307 root 20 340K 684K idle select0:00 0.00% inetd 30381 root 30 252K 772K idle ttyin 0:00 0.00% getty 1613 root 30 452K 756K idle ttyin 0:00 0.00% getty 22750 root 30 396K 756K idle ttyin 0:00 0.00% getty Thanks again. Regards, Josi -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: write cache on scsi
Hi, Stuart! Thanks for the hint. # scsi -f /dev/rsd0c -m 8 IC: 0 ABPF: 0 CAP: 0 DISC: 1 SIZE: 0 WCE: 0 MF: 0 RCD: 0 Demand Retention Priority: 0 Write Retention Priority: 0 Disable Pre-fetch Transfer Length: 65535 Minimum Pre-fetch: 0 Maximum Pre-fetch: 65535 Maximum Pre-fetch Ceiling: 65535 WCE being 0, means it is not enabled? If so, how can one enable it? From top, I see mv goes to sleep state. On the WAIT, it showsgetblk. CPU usage is 0.05%. Thanks in advance for any help. Regards, Josi -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
write cache on scsi
Hi all, Is there a straight-forward way to know if write cache is enabled on a SCSI disk? I installed 4.2 (both i386 and amd64) on a ibm x-series 336, and a simple mv of src.tar.gz from a dir to another in the same filesystem takes more than 10 seconds. 0m10.49s real 0m0.00s user 0m0.10s system Thanks a lot. Best regards, Josi ps. below is a dmesg -- OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H, DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR real mem = 1073094656 (1023MB) avail mem = 1029996544 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/17/05, BIOS32 rev. 0 @ 0xfd721, SMBIOS rev. 2.3 @ 0xf602c (50 entries) bios0: vendor IBM version "-[APE121AUS-1.06]-" date 01/17/2005 bios0: IBM eserver xSeries 336 -[883721U]- pcibios0 at bios0: rev 2.1 @ 0xf/0x pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 9 10 11 15 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x4000 0xcf000/0x1800 acpi at mainbus0 not configured ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7520 MCH" rev 0x0a "Intel E7520 MCH ERR" rev 0x0a at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 2 function 0 "Intel MCH PCIE" rev 0x0a pci1 at ppb0 bus 2 ppb1 at pci0 dev 4 function 0 "Intel MCH PCIE" rev 0x0a pci2 at ppb1 bus 3 ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 4 mpi0 at pci3 dev 1 function 0 "Symbios Logic 53c1030" rev 0x08: irq 11 scsibus0 at mpi0: 16 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 286102MB, 78753 cyl, 8 head, 930 sec, 512 bytes/sec, 585937500 sec total safte0 at scsibus0 targ 8 lun 0: SCSI2 3/processor fixed mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1 ppb3 at pci2 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci4 at ppb3 bus 5 bge0 at pci4 dev 1 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): irq 11, address 00:10:18:24:5f:02 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci4 dev 1 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): irq 11, address 00:10:18:24:5f:03 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 6 function 0 "Intel MCH PCIE" rev 0x0a pci5 at ppb4 bus 6 bge2 at pci5 dev 0 function 0 "Broadcom BCM5721" rev 0x01, BCM5750 A1 (0x4001): irq 11, address 00:0d:60:99:a3:b2 brgphy2 at bge2 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 7 function 0 "Intel MCH PCIE" rev 0x0a pci6 at ppb5 bus 7 bge3 at pci6 dev 0 function 0 "Broadcom BCM5721" rev 0x01, BCM5750 A1 (0x4001): irq 11, address 00:0d:60:99:a3:b3 brgphy3 at bge3 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 "Intel E7525 MCH Configuration" rev 0x0a at pci0 dev 8 function 0 not configured uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 3 ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb6 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2 pci7 at ppb6 bus 1 vga1 at pci7 dev 1 function 0 "ATI Radeon VE QY" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: irq 11 iic0 at ichiic0: disabled to avoid ipmi0 interactions usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo biomask efed netmask efed ttymask ffef pctr: u
problem with openldap port
Hi, I am running OpenBSD 4.0 stable. I updated the ports tree and tried cd /usr/ports/databases/openldap env FLAVOUR=bdb make install Although I think the script is building both client and server, it only adds the client package. autoconf-2.13p0 automatically configure source code on many Un*x platforms autoconf-2.59p1 automatically configure source code on many Un*x platforms cvsup-16.1h-no_x11 network file distribution system cyrus-sasl-2.1.21p2 RFC SASL (Simple Authentication and Security Layer) db-4.2.52p8 Berkeley DB package, revision 4 expat-2.0.0 XML 1.0 parser written in C gettext-0.14.5p1GNU gettext help2man-1.29 GNU help2man libiconv-1.9.2p3character set conversion library libltdl-1.5.22p1GNU libtool system independent dlopen wrapper libtool-1.5.22p0generic shared library support script metaauto-0.5wrapper for gnu auto* openldap-client-2.3.24 Open source LDAP software (client) tcl-8.4.7p1 Tool Command Language tcsh-6.14.00p0 extended C-shell with many useful features wget-1.10.2p0 retrieve files from the web via HTTP, HTTPS and FTP Do I need to tell more to the Makefile in order to get the server installed as well? Thanks a lot. Regards, Jose =
Re: slow io operations on xSeries 336
>> can i see a dmesg as well? if you're running the machine as an >> amd64, can you try it again as an i386? I am running as an i386 $ arch OpenBSD.i386 The dmesg follows. Thanks in advance. Regards, Jose OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16 real mem = 1073094656 (1047944K) avail mem = 970813440 (948060K) using 4256 buffers containing 53755904 bytes (52496K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/17/05, BIOS32 rev. 0 @ 0xfd721, SMB IOS rev. 2.3 @ 0xf602c (50 entries) bios0: IBM eserver xSeries 336 -[883721U]- pcibios0 at bios0: rev 2.1 @ 0xf/0x pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 9 10 11 15 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x4000 ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 mainbus0: Intel MP Specification (Version 1.4) (IBM ENSW X336 SMP) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 200 MHz mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type PCI mainbus0: bus 7 is type PCI mainbus0: bus 8 is type ISA ioapic0 at mainbus0: apid 14 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 13 pa 0xfec82000, version 20, 24 pins ioapic2 at mainbus0: apid 12 pa 0xfec82400, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7520 MCH" rev 0x0a "Intel E7520 MCH ERR" rev 0x0a at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 2 function 0 "Intel MCH PCIE" rev 0x0a pci1 at ppb0 bus 2 ppb1 at pci0 dev 4 function 0 "Intel MCH PCIE" rev 0x0a pci2 at ppb1 bus 3 ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 4 mpi0 at pci3 dev 1 function 0 "Symbios Logic 53c1030" rev 0x08: apic 13 int 4 (i rq 11) scsibus0 at mpi0: 16 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixe d sd0: 286102MB, 78753 cyl, 8 head, 930 sec, 512 bytes/sec, 585937500 sec total safte0 at scsibus0 targ 8 lun 0: SCSI2 3/processor fixe d mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1 ppb3 at pci2 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci4 at ppb3 bus 5 ppb4 at pci0 dev 6 function 0 "Intel MCH PCIE" rev 0x0a pci5 at ppb4 bus 6 bge0 at pci5 dev 0 function 0 "Broadcom BCM5721" rev 0x01, BCM5750 A1 (0x4001): apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b2 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 7 function 0 "Intel MCH PCIE" rev 0x0a pci6 at ppb5 bus 7 bge1 at pci6 dev 0 function 0 "Broadcom BCM5721" rev 0x01, BCM5750 A1 (0x4001): apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b3 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 "Intel E7525 MCH Configuration" rev 0x0a at pci0 dev 8 function 0 not configured uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 14 int 16 (irq 11) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 14 int 19 (irq 3) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 14 int 23 (irq 5) usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb6 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2 pci7 at ppb6 bus 1 vga1 at pci7 dev 1 function 0 "ATI Radeon VE QY" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02 pciide0 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: SCSI0 5/cdrom r emovable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: apic 14 int 17 (irq 3) iic0 at ichiic0: disabled to avoid ipmi0 interactions isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux sl
Re: slow io operations on xSeries 336
>> thats very... vague... Sorry. I agree. >> where are you creating this 50G partitiong? in the installer, or in >> the installed operating system? what command did you use? In the installer. >> how long did it actually take? "a really long time" could be 5 >> seconds if you're expectations are too high. More than 2 minutes, for sure!. Perhaps, more. >> that does seem excessive. can you watch the interrupt rates in the >> top right of "systat vm 1" and let me know what numbers you're >> seeing? I did run the same command again. Only this time I used tar xzf ports.tar.gz Look at the times: # date;tar xzf ports.tar.gz;date Wed Feb 14 10:59:34 BRT 2007 Wed Feb 14 11:11:04 BRT 2007 The total number of interrupts ranged from 270 to 850, most of it being mpi0 (170 out of 271 and 747 out of 850). It always showed 100 for clock. If you feel it is important, I can send you the print screen of the moment these values were shown (off the list if you prefer). Thanks a lot in advance. Regards, Jose = Nantucket Summer Vacation Rentals Award-winning island homes in charming Nantucket village. Beautifully furnished. Roses, shell path, white picket fence. Tennis, pool. Contact us for reservations and more information. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=51054f4dd849962e7cce9ae18 5bfd186
slow io operations on xSeries 336
Hi, I just installed OpenBSD 4.0 on an IBM xSeries 336. I have noticed that, for some reason, I/O operations are not carried out as fast as one would expect for a machine with SCSI disks. For instance, the creation of a 50GB partion took a really long time. The command 4tar xzvf ports.tar.gz4 took more than 14 minutes to finish. Something must be wrong, but I have no idea nor the knowledge to discover. I took a suggestion from a old message in the list and tried to run the .MP kernel, but it did not make any difference. I also noticed that, at boot time, the process stops for quite a while at the line: ipmi0 at mainbus0: I would be very thankful if someone could help me to isolate and solve this problem. Thanks in advance. Regards, Jose ps. below is the output of dmesg. OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H, DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16 real mem = 1073094656 (1047944K) avail mem = 970813440 (948060K) using 4256 buffers containing 53755904 bytes (52496K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/17/05, BIOS32 rev. 0 @ 0xfd721, SMBIOS rev. 2.3 @ 0xf602c (50 entries) bios0: IBM eserver xSeries 336 -[883721U]- pcibios0 at bios0: rev 2.1 @ 0xf/0x pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 9 10 11 15 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x4000 ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 mainbus0: Intel MP Specification (Version 1.4) (IBM ENSW X336 SMP) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 200 MHz mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type PCI mainbus0: bus 6 is type PCI mainbus0: bus 7 is type PCI mainbus0: bus 8 is type ISA ioapic0 at mainbus0: apid 14 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 13 pa 0xfec82000, version 20, 24 pins ioapic2 at mainbus0: apid 12 pa 0xfec82400, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7520 MCH" rev 0x0a "Intel E7520 MCH ERR" rev 0x0a at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 2 function 0 "Intel MCH PCIE" rev 0x0a pci1 at ppb0 bus 2 ppb1 at pci0 dev 4 function 0 "Intel MCH PCIE" rev 0x0a pci2 at ppb1 bus 3 ppb2 at pci2 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 4 mpi0 at pci3 dev 1 function 0 "Symbios Logic 53c1030" rev 0x08: apic 13 int 4 (irq 11) scsibus0 at mpi0: 16 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 286102MB, 78753 cyl, 8 head, 930 sec, 512 bytes/sec, 585937500 sec total safte0 at scsibus0 targ 8 lun 0: SCSI2 3/processor fixed mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1 ppb3 at pci2 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci4 at ppb3 bus 5 ppb4 at pci0 dev 6 function 0 "Intel MCH PCIE" rev 0x0a pci5 at ppb4 bus 6 bge0 at pci5 dev 0 function 0 "Broadcom BCM5721" rev 0x01, BCM5750 A1 (0x4001): apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b2 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 7 function 0 "Intel MCH PCIE" rev 0x0a pci6 at ppb5 bus 7 bge1 at pci6 dev 0 function 0 "Broadcom BCM5721" rev 0x01, BCM5750 A1 (0x4001): apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b3 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 "Intel E7525 MCH Configuration" rev 0x0a at pci0 dev 8 function 0 not configured uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 14 int 16 (irq 11) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 14 int 19 (irq 3) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 14 int 23 (irq 5) usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb6 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2 pci7 at ppb6 bus 1 vga1 at pci7 dev 1 function 0 "ATI Radeon VE QY" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02 pciide0 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 configured to compat
Re: bad SK NICs ??
Hi Reyk, Thank you so much for your help and interest. The machine in question is working as a anti-spam bridge. It was passing traffic normally until the problem occur. After that the conectivity was lost between the internal LAN and the external world. It went operational last friday at 21:12 (GMT-3). The problem occured this monday at 7:09am (GMT-3), as shown in the log entries below. So, it took about 2 days and half. May 26 21:12:55 wall savecore: no core dump ... May 29 07:09:08 wall /bsd: sk0: watchdog timeout I have had similar problems with other machines running OpenBSD 3.6, 3.7 and 3.8. I do not know if it helps, but what is common in all these cases is Intel/Pentium IV and D-LINK DGE-530T. I only used brand new NICs and machines. On the 3.7 machine, it did happen so often that I decided not to use the NIC and switched to a on-board fxp NIC. The problem simply disappeard. This is just a small extract from the log files. Sep 5 18:45:31 euler /bsd: sk0: watchdog timeout Sep 6 13:00:45 euler /bsd: sk0: watchdog timeout Sep 7 02:23:34 euler /bsd: sk0: watchdog timeout Sep 7 03:10:10 euler /bsd: sk0: watchdog timeout Sep 7 15:42:48 euler /bsd: sk0: watchdog timeout Sep 7 15:43:46 euler /bsd: sk0: watchdog timeout Sep 7 20:01:27 euler /bsd: sk0: watchdog timeout Sep 9 01:43:26 euler /bsd: sk0: watchdog timeout Sep 11 19:10:22 euler /bsd: sk0: watchdog timeout Sep 12 11:28:39 euler /bsd: sk0: watchdog timeout Sep 12 15:38:22 euler /bsd: sk0: watchdog timeout Sep 12 16:13:17 euler /bsd: sk0: watchdog timeout Sep 14 09:24:31 euler /bsd: sk0: watchdog timeout Sep 14 10:57:58 euler /bsd: sk0: watchdog timeout Sep 15 01:17:10 euler /bsd: sk0: watchdog timeout Sep 15 02:45:10 euler /bsd: sk0: watchdog timeout Sep 15 11:21:36 euler /bsd: sk0: watchdog timeout Sep 15 18:42:28 euler /bsd: sk0: watchdog timeout Sep 16 00:35:03 euler /bsd: sk0: watchdog timeout Sep 16 08:52:16 euler /bsd: sk0: watchdog timeout Sep 17 15:35:08 euler /bsd: sk0: watchdog timeout Sep 17 17:36:36 euler /bsd: sk0: watchdog timeout Sep 17 19:02:43 euler /bsd: sk0: watchdog timeout Sep 18 17:45:01 euler /bsd: sk0: watchdog timeout Sep 18 23:35:27 euler /bsd: sk0: watchdog timeout Sep 19 15:26:31 euler /bsd: sk0: watchdog timeout Sep 19 19:01:58 euler /bsd: sk0: watchdog timeout On the 3.8 machine, it did happen less often. But the machine in question is not traffic intensive at all. So, I can not tell much: Dec 7 16:13:13 dantzig /bsd: sk0: watchdog timeout Feb 3 16:23:56 dantzig /bsd: sk0: watchdog timeout Mar 28 19:59:01 dantzig /bsd: sk0: watchdog timeout In fact, the machine where this problem is less often is the one running 3.6: May 6 12:54:31 wall /bsd: sk0: watchdog timeout Jul 26 16:35:51 wall /bsd: sk1: watchdog timeout Aug 5 00:58:44 wall /bsd: sk1: watchdog timeout Aug 22 09:57:02 wall /bsd: sk0: watchdog timeout Nov 24 12:38:17 wall /bsd: sk0: watchdog timeout Feb 5 00:08:07 wall /bsd: sk0: watchdog timeout May 29 15:48:10 wall /bsd: sk0: watchdog timeout Please, let me know if you need any additional information. Best regards, Josi - Original Message - From: "Reyk Floeter" To: "Jose Fragoso" Subject: Re: bad SK NICs ?? Date: Mon, 29 May 2006 23:28:54 +0200 hi, On Mon, May 29, 2006 at 09:58:44AM -0500, Jose Fragoso wrote: > A while ago, a message was posted in this list stating the sk > based NICs were supposed to be good in performance and stability. > Now, I have already had quite a few problems with D-LINK DGE-530T > when used on Intel motherboards. On several ocasions, these NICs > ended up causing WATCHDOG TIMEOUT. So, I would like to know if > there is any known bad revision of one of this cards, or if there > is any kind of test a can perform to see if there is a real > problem with the NIC. Apparently, it is not a problem with the > NIC itself, since I have used the same NIC that behaved badly on > one board, and it behaved all right on another. The NICs show as could you try this with openbsd 3.8? (there have been some changes in the sk driver for the 3.9 release) how long did the sk work before you got the watchdog timeouts? could you pass any traffic? reyk -- ___ Play 100s of games for FREE! http://games.mail.com/
bad SK NICs ??
Hi, A while ago, a message was posted in this list stating the sk based NICs were supposed to be good in performance and stability. Now, I have already had quite a few problems with D-LINK DGE-530T when used on Intel motherboards. On several ocasions, these NICs ended up causing WATCHDOG TIMEOUT. So, I would like to know if there is any known bad revision of one of this cards, or if there is any kind of test a can perform to see if there is a real problem with the NIC. Apparently, it is not a problem with the NIC itself, since I have used the same NIC that behaved badly on one board, and it behaved all right on another. The NICs show as skc0 at pci2 dev 2 function 0 "D-Link Systems DGE-530T" rev 0x11, Marvell Yukon (0x1): irq 3 sk0 at skc0 port A, address 00:13:46:72:00:24 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3 in the dmesg (which is attached below). I am asking because I read another message with complaints about this sk driver. Only it was: skc0 at pci0 dev 14 function 0 "Schneider & Koch SK-9821 v2.0" rev 0x12: irq 10 skc0: Marvell Yukon Lite Gigabit Ethernet rev. A3 (0x7) sk0 at skc0 port A: address 00:0c:46:46:50:ec eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 Any help will be appreciated. Thanks in advance. Regards, Josi OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SB F,CNXT-ID real mem = 1072410624 (1047276K) avail mem = 971837440 (949060K) using 4278 buffers containing 53723136 bytes (52464K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 04/02/04, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d30/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82865G/PE/P CPU-I/0-1" rev 0x02 ppb0 at pci0 dev 1 function 0 "Intel 82865G/PE/P CPU-AGP" rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor "SiS", unknown product 0x0325 rev 0x00: aperture at 0xe000, size 0x40 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: irq 11 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 9 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2 pci2 at ppb1 bus 2 skc0 at pci2 dev 2 function 0 "D-Link Systems DGE-530T" rev 0x11, Marvell Yukon (0x1): irq 3 sk0 at skc0 port A, address 00:13:46:72:00:24 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3 skc1 at pci2 dev 3 function 0 "D-Link Systems DGE-530T" rev 0x11, Marvell Yukon (0x1): irq 5 sk1 at skc1 port A, address 00:13:46:71:f8:0e eephy1 at sk1 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3 skc2 at pci2 dev 4 function 0 "D-Link Systems DGE-530T" rev 0x11, Marvell Yukon (0x1): irq 10 sk2 at skc2 port A, address 00:13:46:71:f7:cf eephy2 at sk2 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3 ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02 pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76351MB, 156368016 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 31 function 2 "
FreeBSD NIS client X OpenBSD NIS server: yppasswd
Hi, I have set up a NIS server using OpenBSD and a NIS client using FreeBSD. I can authenticate without problems. But when I try to change a user password with yppasswd on the FreeBSD client, after retyping the new password, after a somewhat long period, I get an error like: yppasswd: pam_chauthtok(): error in service module and the change fails. Now if I instead use the following command: yppasswd -h `ypwhich` It works immediatelly. With an OpenBSD client, it always work. So I guess the FreeBSD box is trying to talk to the rpc.ypasswdd from another server. I would be thankful to anyone who can help to find what is going on. Best regards, Josi -- ___ Play 100s of games for FREE! http://games.mail.com/
NIS/NFS server and MFS
Hi, I was given the task to setup an OpenBSD NFS server. The machine allocated for the task is fairly well served with RAM memory (2G). I though of using MFS for the /tmp filesystem, but I don't know: 1. How much space would I need in /tmp for this task. Is NFS/NIS hungry of /tmp space? 2. If I would have any significant gain in performance by doing this or leave the memory allocation for the operating system. I thank in advance any comments, suggestions and criticisms. Best regards, Josi -- ___ Play 100s of games for FREE! http://games.mail.com/
beginner question about faq 10.2
Hi, FAQ 10.2 explains how to duplicate a filesystem. I would like to put that one-liner in a shell script to be run periodically through crontab. I mean, I would like: cd /SRC; dump 0f - . | (cd /DST; restore -rf - ) in a shell script. Whenever this script is run, I see an error message like: restore: cannot open /dev/tty: Device not configured My question is: Is there any way to do this dump/restore in a shell script without the use of a temporary filesystem? Thanks in advance Best regards, Josi -- ___ Play 100s of games for FREE! http://games.mail.com/
Re: 3.7 panic: pool_get
Hi, Greg! >Are you doing bridging with this box? If so, do you have any > "scrub" rules in your pf.conf? The reason that I ask is that a Yes, this machine is running spamd in greylisting mode. But, I have no scrub rules in my pf.conf. This is my ruleset: ext_if="xl0" int_if="xl1" table persist table persist rdr on $ext_if inet proto tcp from to any port smtp tag spam -> \ 127.0.0.1 port spamd rdr on $ext_if proto tcp from ! to port smtp -> \ 127.0.0.1 port spamd pass in quick log on $ext_if route-to lo0 \ inet proto tcp from to any port spamd tagged spam keep state pass in log on $ext_if route-to lo0 \ inet proto tcp from ! to any port spamd keep state Thanks for your help. Regards, Jose -- ___ Play 100s of games for FREE! http://games.mail.com/
Re: 3.7 panic: pool_get
Some more info might be of help. This machine is configured as a bridge with spamd. This error has occurred for the second time in less than a week. It never occurred before, since installation, in June this year. Regards, Jose -- ___ Play 100s of games for FREE! http://games.mail.com/
3.7 panic: pool_get
Hi, there! Since understanding this problem is way beyond my current level, I would like some help to find out what might be reason of this problem. Thanks very much in advance, and happy new year to all list members. Regards, Jose Dec 28 11:24:19 wall /bsd: panic: pool_get(mclpl): free list modified: magic=deafaaa a; page 0xd7c85000; item addr 0xd7c85000 Dec 28 11:24:19 wall /bsd: Stopped at Debugger+0x4: leave Dec 28 11:24:19 wall /bsd: RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REP ORTING THIS PANIC! Dec 28 11:24:19 wall /bsd: DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! Dec 28 11:24:19 wall /bsd: ddb>PID PPID PGRPUID S FLAGS WAIT COMMAND Dec 28 11:24:19 wall /bsd: 32118 1 32118 0 3 0x4086 ttyin ge tty Dec 28 11:24:19 wall /bsd: 24559 1 24559 0 3 0x4086 ttyin ge tty Dec 28 11:24:19 wall /bsd: 13670 1 13670 0 3 0x4086 ttyin ge tty Dec 28 11:24:19 wall /bsd: 28006 1 28006 0 3 0x4086 ttyin ge tty Dec 28 11:24:19 wall /bsd: 3144 1 3144 0 3 0x4086 ttyin ge tty Dec 28 11:24:19 wall /bsd: 11734 1 11734 0 30x84 select cr on Dec 28 11:24:19 wall /bsd: 9306 17197 25942 76 3 0x184 bpf tc pdump Dec 28 11:24:19 wall /bsd: 17197 25942 25942 0 3 0x4084 netio tc pdump Dec 28 11:24:19 wall /bsd: 25942 1 25942 0 30x84 piperd sp amlogd Dec 28 11:24:20 wall /bsd: 24885 1 24885 0 3 0x40184 select se ndmail Dec 28 11:24:20 wall /bsd: 24239 27731 27731 62 3 0x184 piperd sp amd Dec 28 11:24:20 wall /bsd: 28950 27731 27731 62 3 0x184 select sp amd Dec 28 11:24:20 wall /bsd: 27731 1 27731 62 3 0x184 nanosleep sp amd Dec 28 11:24:20 wall /bsd: 2144 1 2144 0 30x84 select ss hd Dec 28 11:24:20 wall /bsd: 16394 16142 16142 74 3 0x184 bpf pf logd Dec 28 11:24:20 wall /bsd: 16142 1 16142 0 30x84 netio pf logd Dec 28 11:24:20 wall /bsd: 19299 29623 29623 73 3 0x184 poll sy slogd Dec 28 11:24:20 wall /bsd: 29623 1 29623 0 30x84 netio sy slogd Dec 28 11:24:20 wall /bsd: 15 0 0 0 30x100204 crypto_wa cr ypto Dec 28 11:24:20 wall /bsd: 14 0 0 0 30x100204 aiodoned ai odoned Dec 28 11:24:20 wall /bsd: 13 0 0 0 30x100204 syncer up date Dec 28 11:24:20 wall /bsd: 12 0 0 0 30x100204 cleaner cl eaner Dec 28 11:24:20 wall /bsd: 11 0 0 0 30x100204 reaper re aper Dec 28 11:24:20 wall /bsd: 10 0 0 0 30x100204 pgdaemon pa gedaemon Dec 28 11:24:20 wall /bsd: 9 0 0 0 30x100204 usbevt us b4 Dec 28 11:24:20 wall /bsd: 8 0 0 0 30x100204 usbevt us b3 Dec 28 11:24:20 wall /bsd: 7 0 0 0 30x100204 usbevt us b2 Dec 28 11:24:20 wall /bsd: 6 0 0 0 30x100204 usbevt us b1 Dec 28 11:24:20 wall /bsd: 5 0 0 0 30x100204 usbtsk us btask Dec 28 11:24:20 wall /bsd: 4 0 0 0 30x100204 usbevt us b0 Dec 28 11:24:20 wall /bsd: 3 0 0 0 30x100204 apmev ap m0 Dec 28 11:24:20 wall /bsd: 2 0 0 0 30x100204 kmalloc km thread Dec 28 11:24:20 wall /bsd: 1 0 1 0 3 0x4084 wait in it Dec 28 11:24:20 wall /bsd: 0 -1 0 0 3 0x80204 scheduler sw apper Dec 28 11:24:20 wall /bsd: ddb> Debugger(d06d3cd4,d0336235,d05cf940,d7c85000,d05b7c8 0) at Debugger+0x4 Dec 28 11:24:20 wall /bsd: panic(d04de340,d04e02a9,deaf,d7c85000,d7c85000) at pa nic+0x63 Dec 28 11:24:20 wall /bsd: pool_get(d05b7c80,0,d1777000,d7c65900,0) at pool_get+0x31 5 Dec 28 11:24:20 wall /bsd: m_copym0(d7c92100,0,3b9aca00,1,1) at m_copym0+0x241 Dec 28 11:24:20 wall /bsd: m_copym2(d7c92100,0,3b9aca00,1,d0570440) at m_copym2+0x19 Dec 28 11:24:20 wall /bsd: bridge_input(d177104c,d7c7f002,d7c92100,d17b010b) at brid ge_input+0xdb Dec 28 11:24:20 wall /bsd: ether_input(d177104c,d7c7f002,d7c92100,a0008056,a0008056) at ether_input+0x4ac Dec 28 11:24:20 wall /bsd: ether_input_mbuf(d177104c,d7c92100,d06d3e2c,d042c261,d06d 3e54) at ether_input_mbuf+0x23 Dec 28 11:24:20 wall /bsd: xl_rxeof(d1771000,0,6fdb,386fc0,1) at xl_rxeof+0x205 Dec 28 11:24:20 wall /bsd: xl_intr(d1771000) at xl_intr+0x12b Dec 28 11:24:20 wall /bsd: Xrecurse_legacy3() at Xrecurse_legacy3+0x86 Dec 28 11:24:20 wall /bsd: --- interrupt --- Dec 28 11:24:20 wall /bsd: idle_loop(d0650058,6d0010,0,0,8000) at idle_loop+0x21 Dec 28 11:24:20 wall /bsd: bpendtsleep(d05b2260,4,d04f5931,0,0,