spamd: greyreader failed (Error 2) (was: Re: CVS: cvs.openbsd.org: src)

2013-09-30 Thread Constantine A. Murenin
Hello, On OpenBSD 5.2 amd64, my spamd (which is used very selectively through pf(4)) seems to have died 20 days ago, after continuously running for many months, with the following final words in the logs: Sep 10 09:49:25 Cns spamd[5220]: 87.225.1.10: connected (1/1), lists: spamd-greytrap Sep

Re: spamd: greyreader failed (Error 2) (was: Re: CVS: cvs.openbsd.org: src)

2013-10-01 Thread Constantine A. Murenin
On 2013-W40-2 16:56 -0600, Todd C. Miller wrote: On Mon, 30 Sep 2013 19:26:20 -0700, Constantine A. Murenin wrote: Whereas it remains to be seen what kind of bug I'm facing here (Google reveals I'm not alone), it would appear that changes introduced in 5.4-current would no longer cause

spamlogd whitelists every logged rdr-to connection

2013-03-06 Thread Constantine A. Murenin
Hi, I've started using spamlogd, and since then, every single connection attempt results in the host being whitelisted. I log some `rdr-to 127.0.0.1 port spamd` connection attempts into pflog, and it would seem like spamlogd filter (for port 25) is picking up the original dport, not the

Re: spamlogd whitelists every logged rdr-to connection

2013-03-06 Thread Constantine A. Murenin
connections *stay* whitelisted. On Wed, Mar 6, 2013 at 1:08 PM, Constantine A. Murenin c...@cns.su wrote: Hi, I've started using spamlogd, and since then, every single connection attempt results in the host being whitelisted. I log some `rdr-to 127.0.0.1 port spamd` connection attempts

Re: spamlogd whitelists every logged rdr-to connection

2013-03-06 Thread Constantine A. Murenin
-3 14:56 -0700, Bob Beck wrote: No constatine - that is not the best approach. if you are whitelisting grelisted connections or blacklisted connections that are blocked you have your pf.conf or spamlogd setup wrong. On Wed, Mar 6, 2013 at 2:54 PM, Constantine A. Murenin c...@cns.su wrote: Bob, I

Re: spamlogd whitelists every logged rdr-to connection

2013-03-07 Thread Constantine A. Murenin
On 2013-W10-3 15:46 -0700, Bob Beck wrote: Yes, one could log stuff into different pflog interfaces, but I don't understand why pf.conf `pass in ... log ... port smtp ...` is effectively redefined to mean `add spamd-white` when spamlogd is running,

Re: spamlogd whitelists every logged rdr-to connection

2013-03-07 Thread Constantine A. Murenin
on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp On Thu, Mar 07, 2013 at 12:04:22PM -0800, Constantine A. Murenin wrote: On 2013-W10-3 15:46 -0700, Bob Beck wrote: Yes, one could log stuff into different pflog interfaces, but I don't

Re: spamlogd whitelists every logged rdr-to connection

2013-03-07 Thread Constantine A. Murenin
On 2013-W10-4 19:20 -0700, Bob Beck wrote: I think this should not only be addressed in the documentation (for pcap-filter, spamd -M / spamlogd, pf.conf log/rdr-to / pflogd, tcpdump), but in the actual spamlogd code changes, too -- it should be smart enough to not automatically whitelist

hptd(4): HP 3D DriveGuard accelerometer support / lisa(4) through ACPI

2009-08-29 Thread Constantine A. Murenin
Constantine A. Murenin cnst+open...@bugmail.mojo.ru + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED

Re: libtls documentation

2015-02-20 Thread Constantine A. Murenin
On 20 February 2015 at 10:36, Greg Martin g...@softsprocket.com wrote: Hi, I just build libressl on Linux 3.13.0-44-generic. I haven't installed it yet but it was a clean build. I'm interested in trying libssl but the only documentation I've found is a single manpage (tls_int). Are there

Re: regarding OpenSSL License change

2017-03-24 Thread Constantine A. Murenin
> Date: Wed, 22 Mar 2017 16:48:10 -0400 > From: lice...@openssl.org > To: dera...@cvs.openbsd.org > Subject: OpenSSL License change [...] > We are asking for your permission to change the licence for your > contribution. Please visit this link to respond; you will have a chance [...] > If we

Re: sensors hiding with pledge

2019-01-21 Thread Constantine A. Murenin
Wouldn't this break sensorsd? (It's already been converted to use pledge.) C. On Mon, 21 Jan 2019 at 20:19, Ted Unangst wrote: > > We recently had a thread about adding more sensors, but then the browser will > use them to spy on us, and everybody was sad. We allow hw.sensors even for > pledge

Re: Removing PF

2019-04-02 Thread Constantine A. Murenin
On 2019-W14-1 19:12 -0700, Jordan Geoghegan wrote: > Realistically, we need to move to the one true firewall-- iptables! > Ideally, OpenBSD needs a firewall thats 'web scale' that can be > administered from a PHP web based frontend that uses JSON message > passing for clustering and failover.

Re: Fan Management Framework

2020-11-28 Thread Constantine A. Murenin
Hi Marcus, Sounds interesting! I don't know if you've seen it, but I did a similar patchset back in the day, alas for the common PC desktops with the lm(4) sensors; http://sensors.cnst.su/fanctl/ . However, there hasn't been as much interest in fan control on OpenBSD as I had initially expected

Re: ipmi(4): ipmi_poll_thread(): tsleep(9) -> tsleep_nsec(9)

2020-12-02 Thread Constantine A. Murenin
Not sure if you've seen it, but ipmi(4) has been disabled for over 12 years, because it's broken on some machines, so, this code is not necessarily guaranteed to be correct as-is. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/conf/GENERIC#rev1.632

Re: Oct 15 OpenBSD errata and LibreSSL releases

2015-10-27 Thread Constantine Aleksandrovich Murenin
As reported elsewhere (http://seclists.org/oss-sec/2015/q4/87 via http://www.opennet.ru/43146), both of these errors were introduced as part of the refactoring. Quick glance through http://bxr.su/o/lib/libssl/src/crypto/objects/obj_dat.c#OBJ_obj2txt indicates that the memory leak issue was