Re: tcp connection
At 12:24 AM 6/17/00 -0500, Kain wrote: >What I think you're thinking of is just IP. You probably haven't been seeing Definately not IP, IP just gets your packets there and back. >Now, if you actually mean "what octets mean and do", those are actually defined higher than TCP, and are laid out in the specs for those respective protocols. What I meant by that was what "octets mean and do" in terms of establishing and maintaining the connection. Like, what octets are exchanged that tell each machine, "yes the connection is established". That protocol has a name. >Telnet Protocol: RFC 854/855 >FTP: RFC 959 >TFTP: RFC 1350 >POP3: RFC 1939 >HTTP/1.1: RFC 2068 Right, those are the high level protocols. But they all establish the same type of connection. Maybe if I explained how this came about. I was explaining to a friend how you can telnet to any network service and use that service. Like, you can telnet to a web server on port 80, manually type the get commands and get the document. I said that this was because they all use the same connection type. But I don't know what the name of that connection type is. Maybe it's just a "TCP connection", does what I'm talking about have an RFC? There's no way I'm reading through all 2500 RFC's. :) >At 11:14 AM 6/18/00 +1200, [EMAIL PROTECTED] wrote: >>LCP? Link control protocol I think that has to do with PPP. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: tcp connection
At 12:24 AM 6/17/00 -0500, Kain wrote: >What I think you're thinking of is just IP. You probably haven't been seeing Definately not IP, IP just gets your packets there and back. >Now, if you actually mean "what octets mean and do", those are actually defined higher than TCP, and are laid out in the specs for those respective protocols. What I meant by that was what "octets mean and do" in terms of establishing and maintaining the connection. Like, what octets are exchanged that tell each machine, "yes the connection is established". That protocol has a name. >Telnet Protocol: RFC 854/855 >FTP: RFC 959 >TFTP: RFC 1350 >POP3: RFC 1939 >HTTP/1.1: RFC 2068 Right, those are the high level protocols. But they all establish the same type of connection. Maybe if I explained how this came about. I was explaining to a friend how you can telnet to any network service and use that service. Like, you can telnet to a web server on port 80, manually type the get commands and get the document. I said that this was because they all use the same connection type. But I don't know what the name of that connection type is. Maybe it's just a "TCP connection", does what I'm talking about have an RFC? There's no way I'm reading through all 2500 RFC's. :) >At 11:14 AM 6/18/00 +1200, [EMAIL PROTECTED] wrote: >>LCP? Link control protocol I think that has to do with PPP. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
access.db and sendmail 8.9
Is there anyone expert in sendmail who can help me sort something out? sendmail -bv /map access [EMAIL PROTECTED] shows me that he's marked REJECT but sendmail accepts mail from him. I can run sendmail -bt and show people all or parts of sendmail.cf sendmail.mc and access if someone would help me work out why I can't get this right! All I can offer in return is eternal gratitude! TIA, Chris Chris Evans <[EMAIL PROTECTED] or [EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions ***
access.db and sendmail 8.9
Is there anyone expert in sendmail who can help me sort something out? sendmail -bv /map access [EMAIL PROTECTED] shows me that he's marked REJECT but sendmail accepts mail from him. I can run sendmail -bt and show people all or parts of sendmail.cf sendmail.mc and access if someone would help me work out why I can't get this right! All I can offer in return is eternal gratitude! TIA, Chris Chris Evans <[EMAIL PROTECTED] or [EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: controlling user resources
On Sat, Jun 17, 2000 at 02:23:22PM -0200, Kasparavicius Andrius wrote: > On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > well, I hope this will solve my problem..by the way..maybe is way to > control users ability to open a port? Do you mean binding to a local TCP/IP port? As long as the stock kernel goes, I guess that the only limitation is that: euid = 0 -> all ports euid != 0 -> just ports > 1024 I don't know about any capabilities or ACL model which influences TCP/IP ports. Regards -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy
Re: controlling user resources
On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > Right now there is a thread going on on linux-kernel about a project > by SGI which adds "job management" (which is not the same as job > control, mind you) to the linux kernel. Right now, the first goal is > the ability to account for group of "unrelated" processes, but the > second step, according to its authors, is to implement resource > limiting. Maybe this could be interesting for your problem. well, I hope this will solve my problem..by the way..maybe is way to control users ability to open a port? - Kasparavicius Andrius http://www.andrius.org ICQ:17701001 tel.: +370 87 25630 nick: Casper AK2858-RIPE
Re: 2nd plea!
On Sat, Jun 17, 2000 at 12:18:09PM +0100, Chris Evans wrote: > I posted a request for help with bouncing or blackholing an idiot's > Email at SMTP or TCP/IP level on a Hamm/Sendmail 8.9 box. > (Idiot has set up a dire holiday autoresponder.) No response from > you wonderful people. You can block him using ipchains/ipfw at the TCP level, but, if you have external MX hosts, you'll get his mail anyway. You should install on of the spam blocking packages. spamdb is one of them, I believe. You should be able to add your choice of hosts/domains to the list. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED]/[EMAIL PROTECTED] >< (631) 476-3031 << ><
Re: controlling user resources
On Sat, Jun 17, 2000 at 10:44:02AM -0200, Kasparavicius Andrius wrote: > On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > > > Could you please elaborate on that? What exactly do you mean by > > "global"? I guess that putting ulimit in the global startup script > > would do the job, but I'm not sure I understood what you mean here. > > I mean, than user can be opened more shells than one. Some packages do > control, but only for one connection...you can open another which > doesn't counts limits with first..and so on.. Right now there is a thread going on on linux-kernel about a project by SGI which adds "job management" (which is not the same as job control, mind you) to the linux kernel. Right now, the first goal is the ability to account for group of "unrelated" processes, but the second step, according to its authors, is to implement resource limiting. Maybe this could be interesting for your problem. Regards, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy
Re: blocking a bouncer
> I'm not a computer professional but I run some Email lists using > Listar on a debian hamm machine (I've never had time or felt the > need to upgrade) and things have run fine for some years but now > I've got a bouncer. I've blocked him with listar but I'm still getting a > bounce to me as admin. every two minutes and I'd like to block > that too. I'm running sendmail 8.9. The bounce is coming with > headers: I am using procmail for that purpose (along with the obvious use of pre-sorting mail -- procmail along with IMAP is s cool). procmail also has a good manpage and sample data, so installing it should work pretty easily. Benedikt BRAIN, n. An apparatus with which we think what we think. That which distinguishes the man who is content to _be_ something from the man who wishes to _do_ something. [...] In our civilization, and under our republican form of government, brain is so highly honored that it is rewarded by exemption from the cares of office.
2nd plea!
I posted a request for help with bouncing or blackholing an idiot's Email at SMTP or TCP/IP level on a Hamm/Sendmail 8.9 box. (Idiot has set up a dire holiday autoresponder.) No response from you wonderful people. I'm off to a conference for a week from Tuesday a.m. and would dearly like to have cracked this before I go. Can anyone spare a bit of time for a few Emails to help me? I would be eternally grateful! TIA, Chris Chris Evans <[EMAIL PROTECTED] or [EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions ***
Re: controlling user resources
On Sat, Jun 17, 2000 at 02:23:22PM -0200, Kasparavicius Andrius wrote: > On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > well, I hope this will solve my problem..by the way..maybe is way to > control users ability to open a port? Do you mean binding to a local TCP/IP port? As long as the stock kernel goes, I guess that the only limitation is that: euid = 0 -> all ports euid != 0 -> just ports > 1024 I don't know about any capabilities or ACL model which influences TCP/IP ports. Regards -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: controlling user resources
On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > Right now there is a thread going on on linux-kernel about a project > by SGI which adds "job management" (which is not the same as job > control, mind you) to the linux kernel. Right now, the first goal is > the ability to account for group of "unrelated" processes, but the > second step, according to its authors, is to implement resource > limiting. Maybe this could be interesting for your problem. well, I hope this will solve my problem..by the way..maybe is way to control users ability to open a port? - Kasparavicius Andrius http://www.andrius.org ICQ:17701001 tel.: +370 87 25630 nick: Casper AK2858-RIPE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: 2nd plea!
On Sat, Jun 17, 2000 at 12:18:09PM +0100, Chris Evans wrote: > I posted a request for help with bouncing or blackholing an idiot's > Email at SMTP or TCP/IP level on a Hamm/Sendmail 8.9 box. > (Idiot has set up a dire holiday autoresponder.) No response from > you wonderful people. You can block him using ipchains/ipfw at the TCP level, but, if you have external MX hosts, you'll get his mail anyway. You should install on of the spam blocking packages. spamdb is one of them, I believe. You should be able to add your choice of hosts/domains to the list. Tim -- >< >> Tim Sailer (at home) >< Coastal Internet, Inc. << >> Network and Systems Operations >< PO Box 671 << >> http://www.buoy.com >< Ridge, NY 11961 << >> [EMAIL PROTECTED][EMAIL PROTECTED] >< (631) 476-3031 << >< -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: controlling user resources
On Sat, Jun 17, 2000 at 10:44:02AM -0200, Kasparavicius Andrius wrote: > On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > > > Could you please elaborate on that? What exactly do you mean by > > "global"? I guess that putting ulimit in the global startup script > > would do the job, but I'm not sure I understood what you mean here. > > I mean, than user can be opened more shells than one. Some packages do > control, but only for one connection...you can open another which > doesn't counts limits with first..and so on.. Right now there is a thread going on on linux-kernel about a project by SGI which adds "job management" (which is not the same as job control, mind you) to the linux kernel. Right now, the first goal is the ability to account for group of "unrelated" processes, but the second step, according to its authors, is to implement resource limiting. Maybe this could be interesting for your problem. Regards, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: blocking a bouncer
> I'm not a computer professional but I run some Email lists using > Listar on a debian hamm machine (I've never had time or felt the > need to upgrade) and things have run fine for some years but now > I've got a bouncer. I've blocked him with listar but I'm still getting a > bounce to me as admin. every two minutes and I'd like to block > that too. I'm running sendmail 8.9. The bounce is coming with > headers: I am using procmail for that purpose (along with the obvious use of pre-sorting mail -- procmail along with IMAP is s cool). procmail also has a good manpage and sample data, so installing it should work pretty easily. Benedikt BRAIN, n. An apparatus with which we think what we think. That which distinguishes the man who is content to _be_ something from the man who wishes to _do_ something. [...] In our civilization, and under our republican form of government, brain is so highly honored that it is rewarded by exemption from the cares of office. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
2nd plea!
I posted a request for help with bouncing or blackholing an idiot's Email at SMTP or TCP/IP level on a Hamm/Sendmail 8.9 box. (Idiot has set up a dire holiday autoresponder.) No response from you wonderful people. I'm off to a conference for a week from Tuesday a.m. and would dearly like to have cracked this before I go. Can anyone spare a bit of time for a few Emails to help me? I would be eternally grateful! TIA, Chris Chris Evans <[EMAIL PROTECTED] or [EMAIL PROTECTED]> Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate R&D Director, Tavistock & Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: controlling user resources
On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > Could you please elaborate on that? What exactly do you mean by > "global"? I guess that putting ulimit in the global startup script > would do the job, but I'm not sure I understood what you mean here. I mean, than user can be opened more shells than one. Some packages do control, but only for one connection...you can open another which doesn't counts limits with first..and so on.. - Kasparavicius Andrius http://www.andrius.org ICQ:17701001 tel.: +370 87 25630 nick: Casper AK2858-RIPE
Re: controlling user resources
On Fri, Jun 16, 2000 at 07:16:26PM -0200, Kasparavicius Andrius wrote: > > > hello, maybe someone knows a good solutions for global(not for one > sesion) controling users resources..limiting cpu, ram, proc and/or smth... > > - > Kasparavicius Andrius Could you please elaborate on that? What exactly do you mean by "global"? I guess that putting ulimit in the global startup script would do the job, but I'm not sure I understood what you mean here. Regards, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy
Re: controlling user resources
On Sat, 17 Jun 2000 [EMAIL PROTECTED] wrote: > Could you please elaborate on that? What exactly do you mean by > "global"? I guess that putting ulimit in the global startup script > would do the job, but I'm not sure I understood what you mean here. I mean, than user can be opened more shells than one. Some packages do control, but only for one connection...you can open another which doesn't counts limits with first..and so on.. - Kasparavicius Andrius http://www.andrius.org ICQ:17701001 tel.: +370 87 25630 nick: Casper AK2858-RIPE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: controlling user resources
On Fri, Jun 16, 2000 at 07:16:26PM -0200, Kasparavicius Andrius wrote: > > > hello, maybe someone knows a good solutions for global(not for one > sesion) controling users resources..limiting cpu, ram, proc and/or smth... > > - > Kasparavicius Andrius Could you please elaborate on that? What exactly do you mean by "global"? I guess that putting ulimit in the global startup script would do the job, but I'm not sure I understood what you mean here. Regards, -- Andrea Glorioso sama(at)aglorioso(dot)com Padua, Italy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tcp connection
On Sat, 17 Jun 2000, Chris Wagner wrote: > At 10:48 PM 6/16/00 -0500, Sanjeev Gupta wrote: > >Sockets? Butyou would definitely have seen this more than a couple of > >times. > > No, not sockets, sockets are way down on the stack. This is the protocol > that says what the octets mean and do. It's the common thread among all the > high level protocols and is directly below them in the stack. But I can't > think of the darn name. XDR? I think that is the Sun (or Xerox) standard for endian-ness in network octet encoding. This thread should make interesting reading in the archives. Regards
Re: tcp connection
On Sat, Jun 17, 2000 at 12:43:45AM -0400, Chris Wagner wrote: > At 10:48 PM 6/16/00 -0500, Sanjeev Gupta wrote: > >Sockets? Butyou would definitely have seen this more than a couple of > >times. > > No, not sockets, sockets are way down on the stack. This is the protocol > that says what the octets mean and do. It's the common thread among all the > high level protocols and is directly below them in the stack. But I can't > think of the darn name. What I think you're thinking of is just IP. You probably haven't been seeing it, because there is no concept of connection in TCP/IP stacks until you hit TCP, but here's how your connection kinda works (at least on 2 *nix boxen): peer<-->socket filehandle<-->transport<-->socket filehandle<-->peer "transport" here can be one of many things, such as: socket fd<-->unix domain socket<-->socket fd or socket fd<-->TCP<-->IP<-->ip transport(LAN/PPP/X.25/SmokeSignals)<- ->IP<-->TCP<-->socket fd Now, if you actually mean "what octets mean and do", those are actually defined higher than TCP, and are laid out in the specs for those respective protocols. i.e.: Telnet Protocol: RFC 854/855 FTP:RFC 959 TFTP: RFC 1350 POP3: RFC 1939 HTTP/1.1: RFC 2068 Hope that helps. -- Love is like a friendship caught on fire. In the beginning a flame, very pretty, often hot and fierce, but still only light and flickering. As love grows older, our hearts mature and our love becomes as coals, deep-burning and unquenchable. -- Bruce Lee ** Penguin Sympathizer Bryon Roche, Kain <[EMAIL PROTECTED]> pgpGsUHT5B6qS.pgp Description: PGP signature