Re: OpenBSD -current on T495
Could you please provide a dmesg output? The info you gave is not very helpful without it. -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z > On 9. Nov 2019, at 12:08, Thomas de Grivel wrote: > > Everything works except wifi, suspend/resume and screen backlight, and > mute speakers button. > > -- > Thomas de Grivel > kmx.io >
Re: Question regarding wi-fi card support
keep in mind that iwm(4) doesn’t have 802.11ac functionality from the manpage: The iwm driver does not support any of the 802.11ac capabilities offered by the adapters. Support for 802.11n 40MHz channels and Tx aggregation is not yet implemented. Additional work is required in ieee80211(9) before those features can be supported. just so you know I stumbled upon this when I installed OpenBSD on a few thinkpads with those chips built-in and was wondering why I couldn’t connect to my 2nd home network -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z > On 9. Aug 2019, at 15:32, Timothy Brown wrote: > > On Thu, Aug 08, 2019 at 09:30:20PM +, flauenroth wrote: >> I am in the need for a proper wi-fi solution for my Lenovo E485. > > I've replaced the original one in my work Dell XPS13 with: > > iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 8260" rev 0x3a, msi > iwm0: hw rev 0x200, fw ver 16.242414.0, > > It's M.2 card, works well. > > Tim >
Re: Apache 2.4 not running php OpenBSD 6.4
IT is not about going to sites like stackoverflow or asking for solutions on mailing lists especially THIS topic doesn’t have anything to do with openbsd. You should learn the basics and your “issue” is very basic. I bet the logs you’ll get from either application tell you what the problem is but you don’t seem to even know that this would be the first start to solving problems.. -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z > On 11. Jul 2019, at 08:40, mansoor wrote: > > Hi, > I hope you guys are doing great. > > I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6. > I have disabled default httpd of OpenBSD, now apache2 is showing plain php > code in browser it doesn't process php at all. > > I couldn't find solution to this problem on stackOverflow (or any other site > on internet). > Please help me if anyone know about this problem. > Thanks. > > > > > -- > Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html >
Re: Substitute mandoc for tlb command
> On 8. Feb 2019, at 16:22, Артур Истомин wrote: > > I need t command to accomplish example from "The AWK Programming Language" > book. > Is it possible somehow substitute it with mandoc? > > Thanks! > you are funny -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z signature.asc Description: Message signed with OpenPGP
Re: daily cron not starting
On 11/13/2018 06:58 AM, Tom Smyth wrote: > what does crontab -l say ? SHELL=/bin/sh PATH=/bin:/sbin:/usr/bin:/usr/sbin HOME=/var/log # #minute hourmdaymonth wdaycommand # # rotate log files every hour, if necessary 0 * * * * /usr/bin/newsyslog # send log file notifications, if necessary #1-59 * * * * /usr/bin/newsyslog -m # # do daily/weekly/monthly maintenance 30 1 * * * /bin/sh /etc/daily 30 3 * * 6 /bin/sh /etc/weekly 30 5 1 * * /bin/sh /etc/monthly #0 * * * * sleep $((RANDOM \% 2048)) && /usr/libexec/spamd-setup # list available patches 30 9 * * * syspatch -c # expire non confirmed publication requests 30 11 * * * doas -u vmail env -i HOME=/var/vmail /usr/local/bin/gpg-wks-server --cron # update the root trust anchor for DNSSEC validation 20 2 1,14* * unbound-anchor && rcctl restart unbound # get list of authoritative nameservers 20 4 1 May,Nov * ftp -o /var/unbound/etc/root.hints https://FTP.INTERNIC.NET/domain/named.cache && rcctl restart unbound @reboot echo "Reboot $(date)" On 11/13/2018 07:07 AM, Bruno Flueckiger wrote: > Is the cron(8) daemon running? yes > On Tue, 13 Nov 2018 at 05:49, Tony Boston wrote: >> >> Hi misc@, >> >> the daily cron is not running anymore although I can execute '/bin/sh >> /etc/daily' by hand just fine. I don't see anything in the logs and I >> don't have any clue what else to check. >> Do you guys have any idea? >> >> -- >> Tony >> >> GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F >> Threema: DN8PJX4Z >> > >
daily cron not starting
Hi misc@, the daily cron is not running anymore although I can execute '/bin/sh /etc/daily' by hand just fine. I don't see anything in the logs and I don't have any clue what else to check. Do you guys have any idea? -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z
Re: httpd rewiterules like apache
You should definitely try the relayd(8) route here. > On 1. Nov 2018, at 11:32, Markus Rosjat wrote: > > Hi all, > > I was wondering if it is possible to do like a proxy rewrite like with Apache > rewrite mod? > > RewriteRule ^(.*) http://some.tld/$1 [L,P] > > So here the P Flag should preserver the original domain in the url and just > proxy the request to the other location (not on the same machine!) > > Since there is redirection I can do this but then the url gets of course > replaced in a block directive > > block return 301 "http://dome.tld$REQUEST_URI; > > I read that there is rewrite support but as far as I figured it's just for > location on the filesystem ? > > regards > > -- > Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de > > G+H Webservice GbR Gorzolla, Herrmann > Königsbrücker Str. 70, 01099 Dresden > > http://www.ghweb.de > fon: +49 351 8107220 fax: +49 351 8107227 > > Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you > print it, think about your responsibility and commitment to the ENVIRONMENT > -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z signature.asc Description: Message signed with OpenPGP
35C3 - Chaos Communication Congress 2018
Hello all, I'd like to ask if somebody is going to the congress this year. I attended last year too but I had to leave at the first day after 3 hours because I somehow got lost and didn't find a place "to be". Are there any plans for an assembly or similar or at least an openbsd-meetup where I could take part? Any information or direct contact via email would be really appreciated. -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z
sympa and opensmtpd/httpd
Hi, has anyone running sympa with opensmtpd and httpd? I can not figure out how to configure slowcgi correctly in /etc/httpd.conf and if anybody is using this already, I'd really appreciate any hint or config-insight :) thanks Tony -- GPG-KEY: 0x5C5C239D81121B35 GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F
Re: Monitoring system
I am using Icinga2 on all our machines - you'll find it in packages and the newest version you'll get with OpenBSD 6.4 On 10/05/18 05:09, Tom Smyth wrote: > Both of of the ones I emailed to you are in ports > > also there is pmmact by the Legend paulo Lucende > that can aggregate and convert multiple logs to different formats > worth having a look at that also ... > On Fri, 5 Oct 2018 at 04:08, Tom Smyth wrote: >> >> >> Librenms would be worth a look i believe it has email alerting >> and snmp support needs php and mysql >> Zabbix ...havent used this one but it has monitoring functionality ... >> If you are monitoring alot of systems, make sure your storage can >> cope with alot of I/O or you will see annoying gaps in your graphs >> so use SSDs and make sure that when formatting the system >> that you align with 1MB offset ... 2048 sectors (instead the default >> 64 bytes) >> >> Peace >> Tom Smyth >> >> >> On Thu, 4 Oct 2018 at 23:57, flipchan wrote: >>> >>> Greetings all, >>> >>> I need to install a monitoring system with email notifications, I have used >>> mmonit which is great but it's a little too pricey for personal use. >>> >>> Can anyone recommend a open source monitoring system that support email >>> notifications and monitoring of multiple hosts running openbsd. >>> >>> >>> Something more modern then nagios would be great, I just need it to work so >>> as long as it supports email notifications and monitoring of more then one >>> host it's good >>> >>> >>> Thanks in advance >>> >>> >>> >>> -- >>> Take Care Sincerely flipchan layerprox dev >> >> >> >> -- >> Kindest regards, >> Tom Smyth >> >> Mobile: +353 87 6193172 >> The information contained in this E-mail is intended only for the >> confidential use of the named recipient. If the reader of this message >> is not the intended recipient or the person responsible for >> delivering it to the recipient, you are hereby notified that you have >> received this communication in error and that any review, >> dissemination or copying of this communication is strictly prohibited. >> If you have received this in error, please notify the sender >> immediately by telephone at the number above and erase the message >> You are requested to carry out your own virus check before >> opening any attachment. > > > -- GPG-KEY: 0x5C5C239D81121B35 GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z
Re: Vultr hosting of OpenBSD
On 08.09.18 02:55, Ken M wrote: > This is related to my mail server thread, but in googling about openbsd on > vultr > I have seen some comments here and there about issues with the default image > on > vultr and to use a custom image or iso instead of what they have. Some of > these > seem dated and related to older versions of openbsd. My questions are: > > 1. Is it still current information that it would be better to use my own > image/install/iso for openbsd on Vultr? > > 2. Is vultr a good place to host an openbsd box? If not interested in hearing > alternatives. > > Also a side note question, is it possible to use VMD/VMM in an openbsd guest > on > vultr. I was thinking probably not. I just ask as sometinmes I appreciate > using > docker to test things, yeah I know. But the point is my dev workflow on my > openbsd current laptop involves sometimes using alpine linux on vmm an using > docker on that to spin up different things I want to check out. > > Ken > I am running a few instances at vultr - no problems at all with the images they have. -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 Threema: DN8PJX4Z
Re: Python flask socket with httpd problems
On 12.08.18 03:25, flipchan wrote: > Hello all, > > im trying to run a python flask application with httpd > as a reverse proxy and im not getting it to work. > > According to the python flask's online documentation, > i should be able to just create a fast-cgi socket that > should work with httpd, however i am only getting 500 > errors when i do this. > Link: https://uwsgi-docs.readthedocs.io/en/latest/OpenBSDhttpd.html > > > > curl output: > * About to connect() to mywebsite.com port 8086 (#0) > * Trying myip... > * connected > * Connected to mywebsite.com (myip) port 8086 (#0) > > GET /test HTTP/1.1 > > User-Agent: curl/7.26.0 > > Host: mywebsite.com:8086 > > Accept: */* > > > * additional stuff not fine transfer.c:1037: 0 0 > * HTTP 1.0, assume close after body > < HTTP/1.0 500 Internal Server Error > < Date: Tue, 15 May 2018 15:40:40 GMT > < Server: OpenBSD httpd > < Connection: close > < Content-Type: text/html > < Content-Length: 451 > < > > > > > 500 Internal Server Error > > > > 500 Internal Server Error > > OpenBSD httpd > > > * Closing connection #0 > > # cat /etc/httpd.conf > # $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $ > > # A minimal default server > server "default" { > listen on 0.0.0.0 port 8086 > > fastcgi socket "/var/www/run/pfweb.sock" > } > > > > > i also tried to have the python script manually create a > fast-cgi socket with the python library flup > ("https://pypi.python.org/pypi/flup/1.0.2;) > > > > Have anyone gotten a python flask application to work with httpd > as a reverse proxy with a fast-cgi socket? cuz im really not > getting it to work. > > > > Thanks in advanced > -flipchan > > -- > Take Care Sincerely flipchan layerprox dev Since you're getting Error 500 - you should look at your webserver logs - I don't see any in your email -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 Threema: DN8PJX4Z signature.asc Description: PGP signature
Re: stuck on spamd
Am Mittwoch, den 13.06.2018, 22:05 +0200 schrieb Hasse Hansson: > Hello and thank you for your answer. > I've adjusted my settings according to your advice, but now it looks > like > it just directly whitelist every connection without greylisting. > > smtp$ sudo spamdb | sort > WHITE|104.47.1.210|||1528919648|1528919648|1532030048|1|0 > WHITE|104.47.6.201|||1528919611|1528919611|1532030011|1|0 > WHITE|185.234.216.189|||1528917936|1528917936|1532029991|1|3 > WHITE|185.234.216.204|||1528919598|1528919598|1532029998|1|0 > WHITE|209.85.213.46|||1528918933|1528918933|1532029333|1|0 > WHITE|209.85.213.53|||1528918873|1528918873|1532029273|1|0 > WHITE|40.92.67.106|||1528918696|1528918696|1532029096|1|0 > WHITE|40.92.68.98|||1528918725|1528918725|1532029125|1|0 > WHITE|59.70.207.21|||1528918455|1528918455|1532028855|1|0 > WHITE|91.121.119.198|||1528919326|1528919326|1532029726|1|0 > WHITE|91.136.10.81|||1528919583|1528919583|1532029983|1|0 > > This is how my files look like now. spamd.conf is the original one. > > smtp$ sudo cat /etc/rc.conf.local > httpd_flags= > pkg_scripts=postfix dovecot saslauthd dbus_daemon avahi_daemon > messagebus mysqld php70_fpm > smtpd_flags=NO > unbound_flags= > spamd_flags="-v -G 2:4:864" > spamd_grey=YES > spamlogd_flags="-I" > - > smtp$ sudo cat /etc/pf.conf > ext_if = "em0" > int_if = "fxp0" > localnet = $int_if:network > tcp_services = "{ domain, ntp, imap, imaps, pop3, pop3s }" > mail_services = "{ smtp, smtps, submission }" > udp_services = "{ domain, ntp }" > icmp_types = "echoreq" > > table { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 > 169.254.0.0/16 \ >172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 > 224.0.0.0/3 \ >192.168.0.0/16 198.18.0.0/15 > 198.51.100.0/24\ >203.0.113.0/24 } > > table persist > table persist file "/etc/abusers" > table persist > table persist file "/etc/mail/nospamd" > > set block-policy drop > set loginterface egress > set skip on lo0 > > match in all scrub (no-df random-id max-mss 1440) > match out on egress inet from !(egress:network) to any nat-to > (egress:0) > > antispoof quick for { egress $ext_if int_if } > > block in quick on egress from to any > block return out quick on egress from any to > > block in quick log on egress from to any label "abusers" > > block all > pass out quick inet > > pass in on egress inet proto tcp from any to any port smtp \ > divert-to 127.0.0.1 port spamd > pass in on egress proto tcp from to any port smtp > pass in log on egress proto tcp from to any port smtp > pass out log on egress proto tcp to any port smtp > > pass in on { $ext_if } inet > > pass log quick proto tcp from any to (egress) port ssh flags S/SA > keep state \ > (max-src-conn 15, max-src-conn-rate 5/3, overload > flush global) > > pass log quick proto tcp from any to (egress) port $tcp_services > flags S/SA keep state \ > (max-src-conn 50, max-src-conn-rate 15/5, overload > flush global) > > pass log quick proto tcp from any to (egress) port $mail_services > flags S/SA keep state \ > (max-src-conn 50, max-src-conn-rate 25/5, overload > flush global) > > pass in on egress inet proto tcp from any to (egress) port { 80 443 } > > pass inet proto tcp from { self, $localnet } > > pass quick inet proto tcp to port $tcp_services keep state > pass quick inet proto tcp to port $mail_services keep state > > pass quick inet proto udp to port $udp_services keep state > pass out on $ext_if inet proto udp to port 33433 >< 33626 > pass inet proto icmp all icmp-type $icmp_types > As far as my knowledge goes, since you say 'pass out quick inet' early on in the ruleset, the other 'pass out rules' don't get a chance to be triggered. Also, quick only makes sense if you put them at first, not somewhere at the end of your ruleset. -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 Threema: DN8PJX4Z XMPP: tb@bsd.services
Re: Can SSH report successful connections to pf?
On 05/05/18 00:16, Luke Small wrote: > Can SSH and possibly other programs more easily able to report successful > connections so pf can make stricter bruteforce connection rejecting even > better? > Hi, could be just me but I didn't get what you want to achieve really. Could you be more specific here? -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 signature.asc Description: OpenPGP digital signature
Re: mail sign/encrypt
On 05/03/18 10:30, Rudolf Sykora wrote: > Hello misc, > > I'd like to be able to optionally > - sign my email, > - encrypt the email. > > I have a certificate in the .p12 form, > containing my private key and two certificates, > one of them mine. > > I want to prepare mail locally, i.e. to use > some simple locally installed MUA. > > Is there a way with the default "mail" program, > or do I have to install some more powerful MUA? > > Thanks > Ruda > I'd suggest Thunderbird + Enigmail for that but that really depends on what machine you're running on or if you want to go for CLI only just my 2 cents -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 signature.asc Description: OpenPGP digital signature
Re: pkg using "6.3" instead of "snapshots"
> It's the point in time where -current is in release mode (after being > -beta for a while) to prepare for the next release. Ahh there we go, I guess I just missed that timeframe last time. Thanks for explaining -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 signature.asc Description: OpenPGP digital signature
Re: pkg using "6.3" instead of "snapshots"
I have to add that I know I would use -Dsnap as a flag. It's just that I didn't need to in the past. That's why I was wondering if something has changed here On 03/24/18 08:21, Tony Boston wrote: > Hello list, > > am using -current on my x230 for a while now which was working okay > since today. When I downloaded the new bsd.rd and did an upgrade, it > said that it would download from /pub/OpenBSD/6.3/amd64 which I had to > change to s/6.3/snaptshots here. The problem is, pkg now always uses > "6.3" when I try to update packages or install new ones. Is there a > switch I have to set? I didn't need to do anything like that before. > > Cheers > -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 signature.asc Description: OpenPGP digital signature
pkg using "6.3" instead of "snapshots"
Hello list, am using -current on my x230 for a while now which was working okay since today. When I downloaded the new bsd.rd and did an upgrade, it said that it would download from /pub/OpenBSD/6.3/amd64 which I had to change to s/6.3/snaptshots here. The problem is, pkg now always uses "6.3" when I try to update packages or install new ones. Is there a switch I have to set? I didn't need to do anything like that before. Cheers -- Tony GPG-FP: 913BBD25 8DA503C7 BAE0C0B6 8995E906 4FBAD580 signature.asc Description: OpenPGP digital signature
Re: sendsyslog error 55
Am 26. September 2017 09:37:54 MESZ schrieb Daniel Hartmeier: >If you are running either milter-spamd or -regex, you can try the >latest >versions (from the source tarballs), which suppress noisy LOG_DEBUG >messages by default now. Previously, you'd get one syslog message per >mail body line, and I saw the "error 55" messages when large mails >arrived. After only this change, I don't see them anymore. Sorry it >took >so long to trace. > >Daniel Hey there Daniel, thanks for your response. Really appreciated. I'll check that with my boxes -- Tony
Re: sendsyslog error 55
> > Are you using the standard syslogd? > yup -- Tony signature.asc Description: OpenPGP digital signature
Re: sendsyslog error 55
Am 12.08.2017 um 08:37 schrieb Mike Burns: > On 2017-08-12 07.58.01 +0200, Tony Boston wrote: >> Aug 12 07:49:03 srv01 sendsyslog: dropped 2 messages, error 55 >> >> 1. how can I figure out what is generating all those messages and fix it >> (thats what logs are for) > > Good question. I did some digging and came up with this: > > [ENOBUFS] The system was unable to allocate an internal > buffer. The operation may succeed when buffers become available. > > That's from the sendsyslog(2) man page. If you look in sys/sys/errno.h > you can see the ENOBUFS is 55. > > That specific message comes from sys/kern/subr_log.c [2] > > Within there it's hard to guess, but sosend(9) might be the culprit[3]. > > Anyway, low memory? > > [1] https://github.com/openbsd/src/blob/master/sys/sys/errno.h#L112 > [2] https://github.com/openbsd/src/blob/master/sys/kern/subr_log.c#L388-L391 > [3] https://github.com/openbsd/src/blob/master/sys/kern/uipc_socket.c#L384 > Hey Mike, thanks for digging in. Yeah I know what the error messages says. AFAIK can't be low memory: real virtual free Active 634752634752 6461648 All 1364904 1364904 14790512 Maybe a login.conf thing? -- Tony signature.asc Description: OpenPGP digital signature
sendsyslog error 55
Hello @misc, I have an issue with syslog here. Aug 12 07:49:03 srv01 last message repeated 2 times Aug 12 07:49:03 srv01 sendsyslog: dropped 2 messages, error 55 Aug 12 07:49:03 srv01 sendsyslog: dropped 2 messages, error 55 Aug 12 07:49:03 srv01 sendsyslog: dropped 1 message, error 55 Aug 12 07:49:03 srv01 sendsyslog: dropped 2 messages, error 55 Aug 12 07:49:03 srv01 sendsyslog: dropped 1 message, error 55 I was searching the web for any help on that one but I all I could find was other users having the same problem but not clue how to fix it. I have two questions here. 1. how can I figure out what is generating all those messages and fix it (thats what logs are for) 2. Is there a built in function to somehow get warned about those errors right away or would one just check syslog on a regular basis Thanks -- Tony signature.asc Description: OpenPGP digital signature