Spam (solutions) and some other practical issues
I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). I also have a small bug report. What is the best method of submitting it? Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. Yours, Gabriel George POPA
Re: Spam (solutions) and some other practical issues
On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote: I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? Yes, produce a more precise question - I'm afraid we can't do much without a more detailed report. FWIW, I have SpamAssassin running from amavisd, in conjunction with Postfix, and that works fine. 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? spamd(8) uses greylisting, mostly. As to blacklists, they need to be updated pretty often; search for DNSRBL and similar. This is far superior to static blacklisting. Do note that spamd(8) needs some help from pf(4) to do any good. 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). To the best of my knowledge, no. 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). The most reliable solution is to build your own release, on another machine, and update using that. Aside from rebooting to load the new kernel, this works flawlessly on (almost - as in, there are probably race conditions but I've never seen them) every try. See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release) for building your own release. It's really quite easy. I also have a small bug report. What is the best method of submitting it? sendbug(1), usually. Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. That could be quite helpful, too, if done properly. Or so I believe... Joachim
Re: Spam (solutions) and some other practical issues
Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. I have procmail installed (I'll try to use amavisd). I use Sendmail (the idea is to get used to the most terrifying mail server and then switch to a newer one). I will work on the source code with great care when the time comes... Regarding that sysctl: shouldn't we add it? Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. The bug report is about a small condition: I was adding a user when the root partition filled (I was transferring some data by NFS). The processes failed, /etc/passwd and /etc/master.passwd got out of sync and I couldn't use userdel or useradd (from what I remember) anymore. The solution was to delete the line that represented the user in /etc/master.passwd (that line was not present in /etc/passwd). (I don't remember very well what happened there, but I'm not planning to reproduce this). Maybe the program/script for adding users should have a lock or something like that (the 2 files should be modified at the same time) - anyway, it's hard to imagine such a situation in real conditions. Yours in BSDness, Gabriel George POPA Joachim Schipper wrote: On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote: I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? Yes, produce a more precise question - I'm afraid we can't do much without a more detailed report. FWIW, I have SpamAssassin running from amavisd, in conjunction with Postfix, and that works fine. 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? spamd(8) uses greylisting, mostly. As to blacklists, they need to be updated pretty often; search for DNSRBL and similar. This is far superior to static blacklisting. Do note that spamd(8) needs some help from pf(4) to do any good. 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). To the best of my knowledge, no. 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). The most reliable solution is to build your own release, on another machine, and update using that. Aside from rebooting to load the new kernel, this works flawlessly on (almost - as in, there are probably race conditions but I've never seen them) every try. See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release) for building your own release. It's really quite easy. I also have a small bug report. What is the best method of submitting it? sendbug(1), usually. Unfortunately, my income (I work for an University) does not allow me to make a donation (and I cannot convince the people here to make one), but I hope in the near future I will be able to help the OpenBSD project with works to the ports collection or for the base system. That could be quite helpful, too, if done properly. Or so I believe... Joachim
Re: Spam (solutions) and some other practical issues
Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. I have procmail installed (I'll try to use amavisd). I use Sendmail (the idea is to get used to the most terrifying I am using sendmail, procmail, and SpamAssassin, so I know it works (and it works well). Is your sendmail configured to use procmail for local delivery? -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Spam (solutions) and some other practical issues
Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. You have to tell sendmail to pass the message to procmail. See the part about sendmail.cf in procmail's manpage. Regarding that sysctl: shouldn't we add it? Thats not how it works here. Either you write a patch or stop complaining about the lack of features. Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. OpenBSD doesn't supply binary patches, and this isn't going to change. See the archives for more information. Good luck, Hans
Re: Spam (solutions) and some other practical issues
Hi, On 2006-03-16T18:38, Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. are you sure that you start /usr/local/bin/spamd and not spamd(8)? hth, Marcus.
Re: Spam (solutions) and some other practical issues
I found valuable suggestions in your messages. I am sure at least one of them will work (you mentioned things I never thought of). On the other hand, you don't need to get upset. I was not complaining. I will write this sysctl (if only I knew how...). If you point me to some documentation on this topic I will write it. My idea was that maybe it would be better if a person with experience would write this. There's no problem, I will write it (again: point me some documentation). I will repeat: I was not complaining; I know that a lot of smart people are complaining here, but I'm not one of them. Just a suggestion: maybe The OpenBSD project would make some money if they provide binary patches (just like SuSE) - for source patches you don't have to pay, while a sort of affiliation is needed for binary patches (some money required). I think there are a lot of people that will pay for a real FAST update... Respectfully yours, Gabriel George POPA Hans van Leeuwen wrote: Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. You have to tell sendmail to pass the message to procmail. See the part about sendmail.cf in procmail's manpage. Regarding that sysctl: shouldn't we add it? Thats not how it works here. Either you write a patch or stop complaining about the lack of features. Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. OpenBSD doesn't supply binary patches, and this isn't going to change. See the archives for more information. Good luck, Hans
Re: Spam (solutions) and some other practical issues
On 3/16/06, Gabriel George POPA [EMAIL PROTECTED] wrote: Just a suggestion: maybe The OpenBSD project would make some money if they provide binary patches (just like SuSE) - for source patches you don't have to pay, while a sort of affiliation is needed for binary patches (some money required). I think there are a lot of people that will pay for a real FAST update... You're not the first one to think of this and you won't be the last. You've already been told once that it's not going to happen so just drop it. Nothing annoys people more than being told what they should be doing when they've already said that they won't be doing it. Greg
Re: Spam (solutions) and some other practical issues
On Thu, Mar 16, 2006 at 06:38:46PM +0200, Gabriel George POPA wrote: Thank you Joachim. Now, regarding spamd(8), I knew that I need help from pf. Okay. For clarity, as Marcus pointed out, spamd(8) is part of OpenBSD, and SpamAssassin and all parts will be referred to as 'SpamAssassin'. Regarding SpamAssassin: I did pkg_add, I followed the instructions on modifying /etc/procmailrc I started spamd (spamc should have been called for every message). Nothing happened. No mail message was scanned. I have procmail installed (I'll try to use amavisd). I use Sendmail (the idea is to get used to the most terrifying mail server and then switch to a newer one). I will work on the source code with great care when the time comes... This should work, really, provided that procmail is set up properly. Regarding that sysctl: shouldn't we add it? It might be nice to have, but it's more of a security feature than a real security enhancement. Regarding the upgrade: I will build the distribution using this machine (3GHz P4, 1GB RAM) - my server is not under heavy load in this period of the week. I just hoped binpatch could be a better solution. ISTR binary patches being available by certain workarounds - searching misc@ might turn up more. The bug report is about a small condition: I was adding a user when the root partition filled (I was transferring some data by NFS). The processes failed, /etc/passwd and /etc/master.passwd got out of sync and I couldn't use userdel or useradd (from what I remember) anymore. The solution was to delete the line that represented the user in /etc/master.passwd (that line was not present in /etc/passwd). (I don't remember very well what happened there, but I'm not planning to reproduce this). Maybe the program/script for adding users should have a lock or something like that (the 2 files should be modified at the same time) - anyway, it's hard to imagine such a situation in real conditions. This is quite possible, but pwd_mkdb(8) could be used to fix the problem once enough space was available. Of course, in the meanwhile, bad things happen - but that's almost always the case if / gets full. Joachim Joachim Schipper wrote: On Thu, Mar 16, 2006 at 05:26:01PM +0200, Gabriel George POPA wrote: I have four basic questions: 1) I have upgraded my server (both hw and sw). I switched from Slackware GNU/Linux 10.1 to OpenBSD 3.8. Now I have problems (re)installing SpamAssassin (I followed the instructions in the micro-HOWTO, but it didn't help). Does anyone have some suggestions? Yes, produce a more precise question - I'm afraid we can't do much without a more detailed report. FWIW, I have SpamAssassin running from amavisd, in conjunction with Postfix, and that works fine. 2) How can I make my SPAMD act efficiently (at this moment it seems to me that is rather formal, running there - I receive a lot of spam). I use the configuration shipped with OpenBSD 3.8. How can I find some free, usable and efficient lists to be used by SPAMD? spamd(8) uses greylisting, mostly. As to blacklists, they need to be updated pretty often; search for DNSRBL and similar. This is far superior to static blacklisting. Do note that spamd(8) needs some help from pf(4) to do any good. 3) I used FreeBSD a lot. I know they had a setting called see_other_uids - or something like that - a sysctl, maybe the name is not accurate. The effect of setting this sysctl was that a user could not see the processes of any other user (do we have such a thing in OpenBSD 3.8?). To the best of my knowledge, no. 4) I've heard about binpatch and I've tried to use it once (I must apply some security/reliability patches here). For me it's impractical to recompile the entire system (I have the power to do that, I did it a million times on FreeBSD, but now I'm running a production system and I'm afraid that I should spoil some settings). I saw that you must edit a Makefile (it seems rather complicated). I don't know how to edit this (how can I learn to modify it or where can I find an already edited Makefile?). Don't we have a service for automatic binary patch distribution (like SuSE for example)? Maybe we should; OpenBSD rivals most UNIX systems (documentation is excellent and the overall impression is that of an OS for which you have paid a lot of money - without the usual hassle from the producer (indoctrination and others)). The most reliable solution is to build your own release, on another machine, and update using that. Aside from rebooting to load the new kernel, this works flawlessly on (almost - as in, there are probably race conditions but I've never seen them) every try. See the FAQ (section 5.4, http://www.openbsd.org/faq/faq5.html#Release) for building your own release. It's really quite easy. I also have a small bug
