as possible to move the RAM (this would be
a plus also for the disks) physically. Physical security _is needed_
anyways.
Soekris boxes also have soldered RAM.
--knitti
to the idea, you have to show her that it is worth
the hassle. But you don't even know what you're talking about.
If *I* were a developer, I would be offended by the notion that
AnotherSolution is *that* *much* *better* (as you imply) _without_
showing any evidence.
--knitti
the include statement outside the Directory
--knitti
anything else in this file.
m4 ../m4/cf.m4 mydomain.mc mydomain.cf
m4: mydomain.mc at line 11: include(../domain/mydomain.com.m4): No
such file or directory
Any help would be much appreciated. Thanks.
please read about the DOMAIN macro. I don't think I does what you
think it does.
--knitti
On 1/29/08, knitti [EMAIL PROTECTED] wrote:
On 1/29/08, Chris [EMAIL PROTECTED] wrote:
vi mydomain.mc
divert(0)dnl
VERSIONID(`@(#)mydomain.mc $Revision: 1.11 $')dnl
OSTYPE(openbsd)dnl
DOMAIN(mydomain.com)dnl
FEATURE(`virtusertable', `dbm /etc/mail/virtusertable')dnl
MAILER(local
(NAVARONE-4.2) #0: Wed Jan 16 23:18:21 PST
2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/NAVARONE-4.2
http://openbsd.org/faq/faq5.html#Why
--knitti
) since 3.5
which are perfectly fine with GENERIC
2) Under what circumstances (generally) would one encounter a situation
where it would strongly desirable to have a custom kernel?
RAID?
development: break stuff, fix stuff ?
--knitti
, but the providers don't
even know what exactly they have to log and they are not exactly keen
on implementing it).
--knitti
it to amanda, because (at least as I had to find a suitable
solution 1.5 years ago) it was the only one which could do
multi-volume-backups. It also works flawless with disk-based
backups, simple tape drive and larger tape libraries.
--knitti
like a duck an f... - wait a minute. Ouch.
I have never seen anyone on this list fuck a duck with a tape. Ever.
WARNING. Do not look at the duck with the remaining eye.
--knitti
On 1/4/08, Nick Guenther [EMAIL PROTECTED] wrote:
On 1/3/08, knitti [EMAIL PROTECTED] wrote:
this is becoming OT, but I can't recommend storing HDDs as real
backup solution either. HDDs _do_ have bitrot, and one should at least,
say, once a year, verify that the *whole* disk is readable
On 1/7/08, Targus Neoprene [EMAIL PROTECTED] wrote:
is there a way to surpass the mac filter and get an ip?
most likely yes and yes. man ifconfig
--knitti
cases with the
real possibility of data loss.
--knitti
for every file in the Attic throughout the tree. I
didn't try _every_ file, but quite some on very different places in the tree.
--knitti
simply get it exchanged
with a new one). It is kaputt.
--knitti
intentions are worthless, if key people don't
like it.
--knitti
Gilbert, Douglas,
swap encryption on OpenBSD is done different than what you
advise. just use a sysctl for vm.swapencrypt.enable. Much less
maintenance headaches.
an yes, don't complain about being reminded that this is not a
netbsd / linux support list.
--knitti
== wooosh ===(your humour)
O(my head)
--knitti
: the server didn't close its socket for some
reason or non-reason.
For that to find out I'll have to read some code, which may or may not
turn up something (interesting for me).
--knitti
another connection as a side effect). BUT since the whole
code doesn't run threaded, I can't come up with something which would
actually suggest that.
I would appreciate if someone told me whether my interpretation is rather
wrong or rather right ;)
--knitti
?
That is correct.
Now, this will prevent me from upgrading to 4.2.
It isn't so that any pre-4.2-stable will be updated, so you lose nothing
by upgrading. very often you can backport from -current ports without
any change.
--knitti
any updates to -stable for the
foreseeable future. Although some updates might happen, -stable should
be considered unmaintained.
--knitti
are contradictory.
in theory, they are simply not related, because on different protocol layers.
Practically there seems to be a correlation by implementation.
--knitti
for long open half-closed
TCP connections.
My point with PF here was that it would reduce the possible numbers of
close_wait state you could possibly see in the first place, witch is one
of the original goal of the question.
Why?
--knitti
On 12/12/07, Daniel Ouellet [EMAIL PROTECTED] wrote:
knitti wrote:
The problem would be to forget calling ap_bclose() after ending a
connection, either because all data has been sent or the connection has
been aborted. What I can read with some confidence, is that keeping a
socket open
.informatik.uni-erlangen.de/Projects/JX/Projects/TCP/tcpstate.html
--knitti
.
BUT perhaps I didn't get it at all and this makles no sense ;)
--knitti
stuff like generating random IDs.
on OpenBSD it doesn't. There was a mail from Theo regarding exactly this
error message, stating that on OpenBSD BIND doesn't use (or need) this.
You could search the archives...
--knitti
stack waits for
the application (httpd) to close the connection after receiving
the client's FIN.
oh sorry, then I was wrong. So when client's FIN is already in, then
(depending on how long it takes), is it normal behaviour of httpd
or could it be considered a bug?
--knitti
think it applies to
OpenBSDs httpd. I won't sent any further mail to this thread
you tell me to shut up.
--knitti
On 12/12/07, Daniel Ouellet [EMAIL PROTECTED] wrote:
knitti wrote:
HTTP keep alives have nothing to do with it. If the socket is in
CLOSE_WAIT, the TCP connection can't be reused, the server
has sent its FIN and the client its FIN/ACK, but the server doesn't
have yet sent its final ACK
last.
- Why would you accept mail to unresolvable domains?
- consider adding a define(`confPRIVACY_FLAGS', . )
--knitti
day something goes wrong,
and *you* will have to troubleshoot it. And in this very (possible trivial)
moment it pays having read the docs at least *once* before, just to
roughly know where you can find which information.
--knitti
:
just use named in caching mode (should work out of the box) and forget
your isp's name servers. it costs next to nothing performance-wise and
works relly well. a soekris 4501 firewall (100MHz/ 64 MB RAM) does handle
a DSL-type connection (4 MBit) including dhcpd, named and ntpd very
well.
--knitti
Instead of e.g. /dev/sd0a try /dev/rsd0a. I didn't try with svnd, but
when copying partitions with dd I use this.
--knitti
On 11/14/07, Clint Pachl [EMAIL PROTECTED] wrote:
knitti wrote:
Instead of e.g. /dev/sd0a try /dev/rsd0a. I didn't try with svnd, but
when copying partitions with dd I use this.
I tried that, but like I said fdisk complained when the svnd device is
associated with the raw direct access
. Seeing the specs of
the 4801 and knowing the 4501, I wouldn't use them for more than about
40-50 Mbit/sec. There are people on this list, who have more experience
with the 4801. BUT you have to test for yourself if it fits your needs, and
your performance depends a lot on your setting.
--knitti
side. this should also
create a new sparse file. of course, you lose the rsyncabilty and you have to
identify your sparse file in advance. But 16GB of nothing should compress
very well ;)
--knitti
maintainability to the list. I end up having less to do for OpenBSD
Servers to keep them happy running than for some Debian boxes, and
Debian _is_ damn well maintainable.
--knitti
to also say that?
no, I *think* I made some wrong assumptions about your network
(obviously didn't read your first mail carefully enough) and I can't figure
out now why I suggested that. Sorry about that.
--knitti
at the manpages
pf.conf(5)
ftp-proxy(8)
--knitti
servers
look at your pf.conf, you have commented out the line. you should change
it to about this:
rdr pass on $int_if proto tcp from any to !$ftp_server port ftp -
127.0.0.1 port 8022
of course i didn#t test this, but you get the idea
--knitti
On 11/8/07, 23e7 [EMAIL PROTECTED] wrote:
I missing some option?
did you read the FAQ?
do you know what you are doing?
why do you need a custom kernel?
--knitti
On 11/8/07, 23e7 [EMAIL PROTECTED] wrote:
yes, I know.
On 11/8/07, knitti [EMAIL PROTECTED] wrote:
On 11/8/07, 23 $B9f (B [EMAIL PROTECTED] wrote:
I missing some option?
did you read the FAQ?
do you know what you are doing?
why do you need a custom kernel?
the error message
and look
whether you can read everything fine.
--knitti
-current ;-) - you have to expect to deal with the
unforeseen.
--knitti
problems arise not from hardware or system
failure, but from admin failure. Do backups.
--knitti
IBM deathstar series than from
all other vendors combined, and they are usually hotter than from other
vendors )
--knitti
JetDirect over WAN connections.
look with tcpdump, whether the packets of the printserver look like you expect.
perhaps it only has a ttl of 1 or 2 ;-)
--knitti
.
--knitti
On 10/14/07, Greg Oster [EMAIL PROTECTED] wrote:
knitti writes:
raidlookup on device: /dev/wd3d failed !
^
I suspect you have an extra space after wd3d in the config file...
And, unfortunately, that annoying little non-feature is enough to
stop RAIDframe
activated
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a swap on wd0b dump on wd0b
--knitti
in
RAM usage or massive forks? I saw once a system run out of mem,
with no swap space exhibiting the same beviour. I could imagine
(disclaimer: _didn't_ see that one) a system behave similiar after
not being aber to fork anymore.
--knitti
(about 19MB/s without ping -f)
i386/MP: 52-56 MB/s
i386/UP: 8- 9 MB/s
--knitti
in time of -currrent. 4.2 and
current diverged in august. What you have to do is in the FAQ.
--knitti
On 10/11/07, knitti [EMAIL PROTECTED] wrote:
Hi,
after some sleep and coffee I am embarrassed to realize I made two mistakes:
- I didn't provide a GENERIC(.MP) dmesg
- I booted off the non-acpi-enabled kernel
Sorry for that. Below you can see two GENERIC.MP dmesgs (i386/amd64)
which clearly
: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a swap on wd0b dump on wd0b
greetings,
knitti
hub, rev 1.00/1.00, addr 1
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a swap on wd0b dump on wd0b
greeting,
knitti
,
knitti
at the underlaying smtp
and imap servers and actually fix things, much more transparent than
exchange (of which i also have some instances to look after)
greetings,
knitti
on x86/AMD64
and are OK with a DOS bootdisk, search for MHDD. This is a really nice
tool.
Or just burn yourself an ultimate boot cd (ultimatebootcd.com), which also
includes MHDD and a ton of other diagnosis and repair tools.
greetings,
knitti
the OpenBSD developer community can use them,
I would ship them anywhere in the EU, preferrably in Germany.
greetings,
knitti
it is for your purposes).
--knitti
sense for code maintenance and d)
really good stuff spaghetti style
--knitti
On 10/25/06, knitti [EMAIL PROTECTED] wrote:
[OT comment]
sorry for this, it was off topic and slightly offensive
--knitti
that are not deticated to networking as OpenBsd) CAN? OR NOT?
your question is pointless, as openbsd does this already
--knitti
can't see why you can
whine that much about a status quo, yet not making any effort to use the
better part of your hardware. otoh if your company can spend that much
on hardware idling for years without it being a problem, why don't just
fund one or two of the developers to do the task?
--knitti
OpenBSD is just too slow and doesn't support
enough hardware.
sez who? a troll
--knitti
traffic.
finding whether a box was compromised ist not trivial, especially if you
don't find any evidence. if you can afford to do it, better reinstall from
scratch and look where you can tighten up the security.
--knitti
On 9/26/06, Carlos A. Garcia G. [EMAIL PROTECTED] wrote:
can someone external to the network get a copy of all the mail that are
getting to a mail server???
??
short answer: no
long answer: yes
please clarify your question. also, why sould this be related to openbsd?
--knitti
[I reordered the text, so your answer is below my question, I think this
is more readable]
On 9/26/06, Carlos A. Garcia G. [EMAIL PROTECTED] wrote:
knitti escribis:
On 9/26/06, Carlos A. Garcia G. [EMAIL PROTECTED] wrote:
can someone external to the network get a copy of all the mail
MUAs or MTAs.
--knitti
packets
or with jumbo frames (huge difference)
and, in any case, search the archives about tuning openbsd.
--knitti
directly between the boxes.
while I would do it with rsync (I know, depends on what you want to do),
I don't see any reason why ccd'ing two large nfs-exposed files shouldn't
work. But I think this would be more ugly and complicated than rsyncing
every x minutes...
--knitti
is
supposed to be on the server, and then how to look at it.
read and understand in this order:
man afterboot
/usr/share/sendmail/README
documentation on sendmail.org
this _will_ serve you far better than any step-through-howto
--knitti
have a couple
of net4501 running with some slightly older OpenBSDs (3.4, 3.5, 3.7)
which Just Work (TM). Is the net4801 that different?
--knitti
in an entry to /etc/hosts pointing
int-firewall.sbisolutions.com.au.com.au to 127.0.0.1
This didn't work as I guess sendmail doesn't use /etc/hosts.
I _think_ this depends on your resolv.conf
--knitti
, and the
more memory is consumed by the fsck
--knitti
On 7/6/06, knitti [EMAIL PROTECTED] wrote:
I'd suspect some different issues than just blaming the implementation
of the daemon
sorry, this is of course not about the daemon, but the rest still applies
--knitti
ISPs sell you some gigantic *theoretical maximum* adsl,
which doesn't work of because of poor line quality etc. also, I think an
up/down ratio of about 1:22 does sound like you'll only max out your
downstream on some special applications, e.g. udp-streams (video)
--knitti
case, the more fragmented the
FAT was, the less is the chance of reviving something
meaningful.
--knitti
no point in looking into
the performance of ppp_d_
--knitti
to 0xffc (pio 4) does fix it.
this doesn't neccessarily mean the controller or disk is buggy, it could
just be a bad cable, which works, if not used at top speed (or, more correctly,
frequency). I have seen this multiple times with almost any os (that supports
udma)
--knitti
into a shell, a chroot
would help al lot ;)
--knitti
On 6/19/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Monday 19 June 2006 19:09, knitti wrote:
protocol attacks on the application which talks to mysql?
Uhm, and using a domain socket is different how?
ouch, snafu. sorry, I misunderstood. I don't think there's
any practical security
documented, so you can test any output except that of the RNG against a
'known good' implementation
--knitti
, reiser4)
(...rest of rant deleted, it's already off topic...)
oh, and don't tell me i shall participate.
--knitti
On 6/8/06, Peter [EMAIL PROTECTED] wrote:
--- knitti [EMAIL PROTECTED] wrote:
the soekris are not very good at time keeping, in my experience.
whether this is a problem is something you have to decide, do
you need more precision? if yes, change the hardware, else
don't worry
What is your
.
for users of micosoft vpn or similiar, we have them
authenticate first against authpf, so the port is not available
to anon users. and using authpf can be as simple a one
click on a link using putty (or similiar) with the right ssh key.
--knitti
On 6/5/06, knitti [EMAIL PROTECTED] wrote:
- 2nd partition ffs
sorry, thats slightly wrong, this partition held openbsd, which had
a single disk slice with a ffs. But I didn't see any limitation that there
could be more than one.
knitti
the gui,
but the configuration is a text file, so it should be possible to achieve this
(as in vmware created volumes are compatible with vmware player)
hth, knitti
, but you
just have to make sure, the bootloader hits the right pbr. no magic.
--knitti
CVS and easily switch later to OpenCVS.
--knitti
for maybe
an hour or two, if you're not familiar with it. if this is in place, you don't
have to worry, and you also don't have to log connections to your ssh
port.
--knitti
not have the opportunity to boot in single user when it may be
necessary.
Are there ways to circumvent the latter?
what problem are you trying to solve?
--knitti
and it wouldn't help.
--knitti
should handle it easily. the only thing
I can imagine is running into the default state limit. see man pf.conf
the part about set limit.
--knitti
On 2/21/06, Bob Beck [EMAIL PROTECTED] wrote:
Is spamd running on this system?
sorry for not trying this earlier: I just killed restarted spamd,
and spamd-setup now behaves as expected. (It just didn't
occur to me...)
--knitti
On 2/21/06, Marcus Barczak [EMAIL PROTECTED] wrote:
--- dmesg ---
OpenBSD 3.8 (NERF) #0: Fri Jan 20 13:35:16 EST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/NERF
uh oh. http://openbsd.org/faq/faq5.html#Why
--knitti
.:\
:method=file:\
:file=/etc/spamdblack.txt:
thanks for reading,
knitti
1 - 100 of 152 matches
Mail list logo