Re: OpenSMTPd error after upgrading to -current
On Sun, Feb 03, 2013 at 10:19:02PM +0100, Frank Brodbeck wrote: > Hi, > > I upgraded yesterday to the latest snapshot and have a problem with my > smtpd.conf which I can't resolve: > > /etc/mail/smtpd.conf:12: error: invalid url: smtps+auth://mail.split-brain.de > > The corresponding line is: > > # grep smtps+auth /etc/mail/smtpd.conf > accept for any relay via smtps+auth://mail.split-brain.de auth as > f...@split-brain.de > > smtpd.conf(5) didn't help me either. I guess I am missing something very > obvious here... > > Kind regards, > Frank. > The syntax has changed slightly to allow for multiple credentials to be used on the same MX, amongst other things. I just committed a fix to the example in the man page, your line should read as: smtps+auth://la...@mail.split-brain.de where "label" is the key used to find credentials in the secrets table -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: UNIX A to Z List RFC
On Sat, 2 Feb 2013, Chris Hettrick wrote: This is the list: ... date Baby-with-nail-gun version: dd -- Monty Brandenberg
Re: UNIX A to Z List RFC
> more I like it. I might replace more with man (documentation!) or mail (communicating with the outside world!). Elijah
Re: OpenSMTPd error after upgrading to -current
On Sun, Feb 03, 2013 at 10:55:55PM +0100, Rogier Krieger wrote: > On Sun, Feb 3, 2013 at 10:19 PM, Frank Brodbeck wrote: > > /etc/mail/smtpd.conf:12: error: invalid url: > > smtps+auth://mail.split-brain.de > > The description of the relay parameter in smtpd.conf(5) is accurate. > It seems the examples section in smtpd.conf(5) is slightly outdated, > however. Damn. I knew it, I was overlooking the label@ part in smtpd.conf(5). Thanks for the pointer, that resolved the issue. Thanks, Frank. -- Frank Brodbeck
Re: OpenSMTPd error after upgrading to -current
On Sun, Feb 03, 2013 at 10:19:02PM +0100, Frank Brodbeck wrote: > Hi, > > I upgraded yesterday to the latest snapshot and have a problem with my > smtpd.conf which I can't resolve: > > /etc/mail/smtpd.conf:12: error: invalid url: smtps+auth://mail.split-brain.de > > The corresponding line is: > > # grep smtps+auth /etc/mail/smtpd.conf > > > accept for any relay via smtps+auth://mail.split-brain.de auth as > f...@split-brain.de > > smtpd.conf(5) didn't help me either. I guess I am missing something very > obvious here... I had the same issue today after installing the snapshot from Feb 1. Looks like a "label" in the url is now required and used as lookup key in the secrets map. # /etc/mail/smtpd.conf: listen on lo0 table aliases db:/etc/mail/aliases.db table secrets file:/etc/mail/secrets accept for local alias deliver to mbox accept for any relay via smtps+auth://b...@typhoon.relo.ch auth \ # /etc/mail/secrets blue user:pass I would prefere if just the host or a combination of user and host would be used for password lookup and not a label. Remi
Re: OpenSMTPd error after upgrading to -current
On Sun, Feb 3, 2013 at 10:19 PM, Frank Brodbeck wrote: > /etc/mail/smtpd.conf:12: error: invalid url: smtps+auth://mail.split-brain.de The description of the relay parameter in smtpd.conf(5) is accurate. It seems the examples section in smtpd.conf(5) is slightly outdated, however. The format for the relay URL changed to include a label for looking up the credentials. This allows you to select different credentials for the same host should you need that. This is one of the recent goodies [1] mentioned in another thread. Instead of using a hostname in the secrets file, use a label and list that label in the relay URL. After running makemap, smtpd liked my configuration again. I've added a sanitised version as an example. # cat /etc/mail/smtpd.conf listen on lo0 table aliases db:/etc/mail/aliases.db table secrets db:/etc/mail/secrets.db accept for local alias deliver to mbox accept for any relay via ssl+auth://[label]@[host] auth # cat /etc/mail/secrets [label] [user]:[password] Hope that helps, Rogier References: 1. Undeadly - "OpenSMTPD: more features, more cleanup, more more" http://undeadly.org/cgi?action=article&sid=20130130081741 -- If you don't know where you're going, any road will get you there.
Re: OpenSMTPd error after upgrading to -current
On Sun, Feb 03, 2013 at 10:19:02PM +0100, Frank Brodbeck wrote: > Hi, > > I upgraded yesterday to the latest snapshot and have a problem with my > smtpd.conf which I can't resolve: > > /etc/mail/smtpd.conf:12: error: invalid url: smtps+auth://mail.split-brain.de > > The corresponding line is: > > # grep smtps+auth /etc/mail/smtpd.conf > > > accept for any relay via smtps+auth://mail.split-brain.de auth as > f...@split-brain.de > > smtpd.conf(5) didn't help me either. I guess I am missing something very > obvious here... > > Kind regards, > Frank. On a relay I use this syntax: accept for any relay via "tls+auth://outbound.mailhop.org:2525" \ certificate jggimi.homeip.net auth secrets
OpenSMTPd error after upgrading to -current
Hi, I upgraded yesterday to the latest snapshot and have a problem with my smtpd.conf which I can't resolve: /etc/mail/smtpd.conf:12: error: invalid url: smtps+auth://mail.split-brain.de The corresponding line is: # grep smtps+auth /etc/mail/smtpd.conf accept for any relay via smtps+auth://mail.split-brain.de auth as f...@split-brain.de smtpd.conf(5) didn't help me either. I guess I am missing something very obvious here... Kind regards, Frank.
Re: dhcp and dns
On 02/02/2013 08:56 PM, bofh wrote: I'm running 5.2. And starting to have more and more things that need IP addresses pop in and out of the house. Rather than hardcoding everything into dhcpd.conf, I thought I'd check with you guys to see what you use to have new devices register into DNS? I'm using unbound, but will go back to bind if need be. I use dnsmasq from ports at a one site. It provides DNS and DHCP services in a single daemon. At another, I recently downloaded the latest version and built it from scratch. Administration is very simple compared to any other solution I could find, especially the DHCP from ISC and named combo. I NEVER would use it for anything facing the wild woolly Internet. For a home network, I think it perfect.
Re: dhcp and dns
I just finished setting this up myself for DDNS updates On 2/3/2013 6:19 AM, Loïc BLOT wrote: I confirm dynamic dns updates works with OpenBSD named, but you must replace OpenBSD dhcpd with isc-dhcpd from packages, failover and dynamic dns updates works with it -- Jason Barbier
Re: dhcp and dns
I'm agree with Loic. 2013/2/3 Loïc BLOT > I confirm dynamic dns updates works with OpenBSD named, but you must > replace OpenBSD dhcpd with isc-dhcpd from packages, failover and dynamic > dns updates works with it > -- > Best regards, > Loïc BLOT, UNIX systems, security and network expert > http://www.unix-experience.fr > > > > Le dimanche 03 février 2013 à 12:42 +0100, Bruno Flückiger a écrit : > > > On 02/03/13 05:56, bofh wrote: > > > I'm running 5.2. And starting to have more and more things that need > > > IP addresses pop in and out of the house. Rather than hardcoding > > > everything into dhcpd.conf, I thought I'd check with you guys to see > > > what you use to have new devices register into DNS? I'm using > > > unbound, but will go back to bind if need be. > > > > > > Thanks! > > > > > > > Dynamic DNS works fine here. I use BIND from the base system toghether > > with ISC DHCPD 4.2.4 from the packages on OpenBSD 5.2. There are plenty > > of docus about how to setup dynamic DNS using BIND and ISC DHCPD. > > > > Regards, > > Bruno > > -- Cordialement Olivier Calzi
Re: Advice for handling softraid reporting i/o error
On Mon, Feb 04, 2013 at 01:03:07AM +1100, Joel Sing wrote: > On Mon, 4 Feb 2013, Erling Westenvik wrote: > > On Sun, Feb 03, 2013 at 11:11:17AM +0530, Girish Venkatachalam wrote: > > > I hate to say it but I am sure your hard disk is dying. Replace it > > > ASAP > > > > No no, that's all right. Death is an inevitable part of life. I know > > the disk is dying and I'm going to replace it (or just throw away > > the machine which is a piece of junk anyway) but I'd love to get out > > of it the amendments to it's last will before it passes out > > completely. > > > > When a NON-ENCRYPTED disk has damaged areas one may still be able to > > access the undamaged areas upon a reboot - possibly by mounting it > > as a secondary disk on a working system and using various recovery > > tools, etc. > > > > However: the last time I had an ENCRYPTED disk with damaged areas, > > the whole disk got rendered useless. It wouldn't respond to > > keydisk/passphrase and hence there was no way to access "undamaged" > > data. > > > > The machine is still powered on. It still return ping but not ssh. > > When typing on the keyboard, characters get echo'ed on the screen. > > Do I have any options besides rebooting and praying? > > None. Well, aside from a custom kernel. > > One of the current "features" with softraid (regardless of discipline) > is that if a drive reports an I/O error, we mark the given chunk as > being offline. In the case of disciplines that have redundant data, > this is exactly what we want, since it should force failover to an > online chunk. However, in the case of disciplines that do not have > dedundancy, the single chunk failure results in the entire volume > going offline. > > I suspect this is what has happened. You have not mentioned how the > crypto volume is used, however I'm going to guess that you either have > your entire system on it, or at least some critical parts of your > system. Since it has gone offline things have stopped working and > there is no way to recover from this without rebooting. > > I plan on changing softraid so that disciplines without redundant data > simply pass the failure from the underlying chunk up to userland, but > leave the volume state alone - after all, you can attempt to recover > data from a online volume, which is much more useful than losing the > lot in one hit. Ok, I'm getting it. Thanks. I always seem to forget to mention something important. Sorry for that. The setup is based on an article on undeadly.org by Stephan Sperling: http://undeadly.org/cgi?action=article&sid=20110530221728 That's a fdisk partition spanning the whole of one physical disk (wd0) and three disklabel partitions a, b and d on that with partition d being the crypto volume and keying material stored on an USB key disk. On a couple of other encrypted machines I have, I've startet to use the new boot code (which workes great but which I so far haven't been able to make work with a key disk). Hopefully some of your comments above - especially the last paragraph about volumes going offline - will make it into the relevant documentation. I suspect problems like mine are likely to arise more frequently as more and more people will start to use softraid.
Re: dhcp and dns
I confirm dynamic dns updates works with OpenBSD named, but you must replace OpenBSD dhcpd with isc-dhcpd from packages, failover and dynamic dns updates works with it -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le dimanche 03 février 2013 à 12:42 +0100, Bruno Flückiger a écrit : > On 02/03/13 05:56, bofh wrote: > > I'm running 5.2. And starting to have more and more things that need > > IP addresses pop in and out of the house. Rather than hardcoding > > everything into dhcpd.conf, I thought I'd check with you guys to see > > what you use to have new devices register into DNS? I'm using > > unbound, but will go back to bind if need be. > > > > Thanks! > > > > Dynamic DNS works fine here. I use BIND from the base system toghether > with ISC DHCPD 4.2.4 from the packages on OpenBSD 5.2. There are plenty > of docus about how to setup dynamic DNS using BIND and ISC DHCPD. > > Regards, > Bruno
Re: Advice for handling softraid reporting i/o error
On Mon, 4 Feb 2013, Erling Westenvik wrote: > On Sun, Feb 03, 2013 at 11:11:17AM +0530, Girish Venkatachalam wrote: > > I hate to say it but I am sure your hard disk is dying. Replace it ASAP > > No no, that's all right. Death is an inevitable part of life. I know the > disk is dying and I'm going to replace it (or just throw away the > machine which is a piece of junk anyway) but I'd love to get out of it > the amendments to it's last will before it passes out completely. > > When a NON-ENCRYPTED disk has damaged areas one may still be able to > access the undamaged areas upon a reboot - possibly by mounting it as a > secondary disk on a working system and using various recovery tools, > etc. > > However: the last time I had an ENCRYPTED disk with damaged areas, the > whole disk got rendered useless. It wouldn't respond to > keydisk/passphrase and hence there was no way to access "undamaged" > data. > > The machine is still powered on. It still return ping but not ssh. When > typing on the keyboard, characters get echo'ed on the screen. Do I have > any options besides rebooting and praying? None. Well, aside from a custom kernel. One of the current "features" with softraid (regardless of discipline) is that if a drive reports an I/O error, we mark the given chunk as being offline. In the case of disciplines that have redundant data, this is exactly what we want, since it should force failover to an online chunk. However, in the case of disciplines that do not have dedundancy, the single chunk failure results in the entire volume going offline. I suspect this is what has happened. You have not mentioned how the crypto volume is used, however I'm going to guess that you either have your entire system on it, or at least some critical parts of your system. Since it has gone offline things have stopped working and there is no way to recover from this without rebooting. I plan on changing softraid so that disciplines without redundant data simply pass the failure from the underlying chunk up to userland, but leave the volume state alone - after all, you can attempt to recover data from a online volume, which is much more useful than losing the lot in one hit. > > On Sun, Feb 3, 2013 at 5:43 AM, Erling Westenvik > > > > wrote: > > > I have an old laptop configured with softraid encryption using a USB > > > keydisk. The machine was never intended to be used for anything more > > > than just testing. However, I started putting a few cvs repositories > > > on it and slowly the machine became somewhat important. > > > > > > Today, when doing a cvs import of a little programming project on my > > > web server, the ssh connection died in the middle of the transfer. I > > > have not tried to restart it. This is whats on the screen right now. > > > > > > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > > > 3187832; cn 820 tn 230 sn 42), retrying > > > wd0: transfer error, downgrading to Ultra-DMA mode 4 > > > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 > > > wd0d: uncorrectable data error reading fsbn 6890352 of 6890352-6890479 > > > (wd0 bn 1 3187832; cn 820 tn 230 sn 42), retrying > > > wd0d: uncorrectable data error reading fsbn 6890391 of 6890352-6890479 > > > (wd0 bn 1 3187871; cn 820 tn 231 sn 18), retrying > > > wd0d: uncorrectable data error reading fsbn 6890391 of 6890352-6890479 > > > (wd0 bn 1 3187871; cn 820 tn 231 sn 18), retrying > > > softraid0: i/o error on block 6890352 > > > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > > > > > > Kind of self explaining: old machine with faulty disk! I do have > > > backups but would like to have a copy of some recent commits. > > > > > > Switching console gives me a login prompt but after entering a user > > > name and pressing enter the machine just hangs. The machine will answer > > > to ping but not ssh. > > > > > > My question is: > > > > > > Do I have any options other than trying to reboot? Optionally into > > > single user mode? > > > > > > Cheers, > > > > > > Erling -- "Reason is not automatic. Those who deny it cannot be conquered by it. Do not count on them. Leave them alone." -- Ayn Rand
Re: Advice for handling softraid reporting i/o error
On Sun, Feb 03, 2013 at 11:11:17AM +0530, Girish Venkatachalam wrote: > I hate to say it but I am sure your hard disk is dying. Replace it ASAP No no, that's all right. Death is an inevitable part of life. I know the disk is dying and I'm going to replace it (or just throw away the machine which is a piece of junk anyway) but I'd love to get out of it the amendments to it's last will before it passes out completely. When a NON-ENCRYPTED disk has damaged areas one may still be able to access the undamaged areas upon a reboot - possibly by mounting it as a secondary disk on a working system and using various recovery tools, etc. However: the last time I had an ENCRYPTED disk with damaged areas, the whole disk got rendered useless. It wouldn't respond to keydisk/passphrase and hence there was no way to access "undamaged" data. The machine is still powered on. It still return ping but not ssh. When typing on the keyboard, characters get echo'ed on the screen. Do I have any options besides rebooting and praying? > On Sun, Feb 3, 2013 at 5:43 AM, Erling Westenvik > wrote: > > I have an old laptop configured with softraid encryption using a USB > > keydisk. The machine was never intended to be used for anything more > > than just testing. However, I started putting a few cvs repositories > > on it and slowly the machine became somewhat important. > > > > Today, when doing a cvs import of a little programming project on my > > web server, the ssh connection died in the middle of the transfer. I > > have not tried to restart it. This is whats on the screen right now. > > > > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > > 3187832; cn 820 tn 230 sn 42), retrying > > wd0: transfer error, downgrading to Ultra-DMA mode 4 > > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 > > wd0d: uncorrectable data error reading fsbn 6890352 of 6890352-6890479 > > (wd0 bn 1 3187832; cn 820 tn 230 sn 42), retrying > > wd0d: uncorrectable data error reading fsbn 6890391 of 6890352-6890479 > > (wd0 bn 1 3187871; cn 820 tn 231 sn 18), retrying > > wd0d: uncorrectable data error reading fsbn 6890391 of 6890352-6890479 > > (wd0 bn 1 3187871; cn 820 tn 231 sn 18), retrying > > softraid0: i/o error on block 6890352 > > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > > > > Kind of self explaining: old machine with faulty disk! I do have backups > > but would like to have a copy of some recent commits. > > > > Switching console gives me a login prompt but after entering a user name > > and pressing enter the machine just hangs. The machine will answer to > > ping but not ssh. > > > > My question is: > > > > Do I have any options other than trying to reboot? Optionally into > > single user mode? > > > > Cheers, > > > > Erling
Re: dhcp and dns
On 02/03/13 05:56, bofh wrote: > I'm running 5.2. And starting to have more and more things that need > IP addresses pop in and out of the house. Rather than hardcoding > everything into dhcpd.conf, I thought I'd check with you guys to see > what you use to have new devices register into DNS? I'm using > unbound, but will go back to bind if need be. > > Thanks! > Dynamic DNS works fine here. I use BIND from the base system toghether with ISC DHCPD 4.2.4 from the packages on OpenBSD 5.2. There are plenty of docus about how to setup dynamic DNS using BIND and ISC DHCPD. Regards, Bruno
Re: using snapshots to stay current - 5.3 snapshot question
--> Brad Smith [2013-02-03 07:14:14 -0500]: > - Original message - > > Hi > > > > For the last few months i've been following -current using snapshots. > > I see on the ftp mirrors that 5.3 is now there. This is probably a > > stupid question but is it the same process for upgrading to the 5.3 > > snapshot as it has been with the 5.2 snapshots? Is there anything > > extra/special that I need to read before I go ahead and do the > > upgrade? > > There is no change in the process you're already using. Cheers Brad, that's all I needed to know. Thanks. -- Primary Key: 4096R/1D31DC38 2011-12-03 Key Fingerprint: A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38
Re: using snapshots to stay current - 5.3 snapshot question
- Original message - > Hi > > For the last few months i've been following -current using snapshots. > I see on the ftp mirrors that 5.3 is now there. This is probably a > stupid question but is it the same process for upgrading to the 5.3 > snapshot as it has been with the 5.2 snapshots? Is there anything > extra/special that I need to read before I go ahead and do the > upgrade? There is no change in the process you're already using. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
using snapshots to stay current - 5.3 snapshot question
Hi For the last few months i've been following -current using snapshots. I see on the ftp mirrors that 5.3 is now there. This is probably a stupid question but is it the same process for upgrading to the 5.3 snapshot as it has been with the 5.2 snapshots? Is there anything extra/special that I need to read before I go ahead and do the upgrade? Thanks, Jamie. -- Primary Key: 4096R/1D31DC38 2011-12-03 Key Fingerprint: A4B9 E875 A18C 6E11 F46D B788 BEE6 1251 1D31 DC38