Re: FreeBSD 5.x forgetting passwords.
Bill Moran wrote: Christian Tischler [EMAIL PROTECTED] wrote: Jerry McAllister wrote: Eugene M. Minkovskii wrote: On Mon, May 30, 2005 at 03:53:29PM +0200, Christian Tischler wrote: Eugene M. Minkovskii wrote: On Sun, May 29, 2005 at 10:55:41PM +0200, Christian Tischler wrote: Hi, I am running a FreeBSD 5.1 system and some time ago it startet to forget some user passwords. As the system is now running for over 2 years I cannot imagine any reason why this shound be. Any ideas. root# su user user$ passwd newpasswd newpasswd user$ exit Thanks in advance Christian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] And how do I do it from remote via ssh? you$ sudo su user or, if you in group wheel, perhaps possible following you$ su user if you are not sudoer and you have not other way to take a root privilegies, you can't be other user. And this is right. In other case anybody can be anybody. thx Christian PS: that was not quite an answer to my question I think, was it? Sorry for the confusion. But the problem is that the server forgets the password of the user (in wheel) I want to log in with from remote. The question was not how to become root or any other user to change the password. The question was why the box forgets the passwords in the first place, and how to stop this. You may have to give more information. I have never seen a system forget a password unless someone or something intervened and specifically changed them.Or, is it possible that you put an expiration on the passwords?By default, I believe FreeBSD sets that at infinite, but you or someone might have changed that while tinkering around. jerry thx for the answer. I gave you all the info there is. The system is now running since the release of 5.1 (2 years?) and this password forgetting thing startet about one month or so ago. I am quite sure that I did not tinker around with the config. But I will take a look at the expiration time just to check. If you're _sure_ that nobody authorized has changed the password, then there are two very scare things possible: 1) Someone has cracked your system and is trying to keep you out by changing your password. 2) Your disk is failing and has corrupted your password file. Considering how old 5.1 is, and how many security issues have been discovered since 5.1, I would place a high probability on #1. No guarantees, though. But I would definately consider and investigate those two possibilities if I were you. 1) that is what I thought first, too. But the root password and the password for another account never changed. 2) this consideration also came to me. that is the reason why the system is going to be upgraded to raid 5 and a new 5.x. But as my time is very limited I first tried to fix that problem to keep the machine up and running until I have more time. The fact that 5.1 is old does not matter so much in terms of security, as only ssh and some high ports for a crypted vpn are open to the net, and the box is behind a firewall/nat/router thing. thx for your reply christian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
System Panics and Core Dump help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just trying to get a heads up if I'm going about this in the right way, if I've understood what I've read and applied, outlined below. I read an article at Onlamp on how to prepare for system panics and core dumps. Article here: http://www.onlamp.com/pub/a/bsd/2002/03/21/Big_Scary_Daemons.html?page=2 After rebuilding my kernel with the options KDB options DDB makeoptions DEBUG=-g I copied kernel.debug to /var/crash/kernel.debug.date for future use. I added the following below to /etc/rc.conf, leaving the dump directory at its default /var/crash in /etc/defaults/rc.conf: dumpdev=/dev/amrd0s1b (this is my swap partition) savecore_flags=-z (added flag for compression) Now, in /var/log/messages, I get: savecore: unable to open bounds file, using 0 savecore: no dumps found Am I right in assuming that the system's doing exactly what it's supposed to do? That is, checking for a dump when booting, not finding any, reporting as much, and proceeding booting as usual? I assumed that, even though the message is a bit misleading to a relative newbie like myself, after reading the following at another web site: - PROBLEMS AND REMEDIES No Dump Was Saved Cause: The system may have shut down successfully. Remedy: No dump is expected. Core dumps are only created for abnormal shutdowns. - --- Thanks for any help, advice and clarification. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCnWMRy0Ty5RZE55oRAoIdAKDLBzHivK8U0f+sagqNMcmPG3YF4wCdETzG noqTYEnxXHRrfcNtRzA4oYA= =VBh0 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HP DL360-P4 slow network writes
Hi Kent, I think it's the Broadcom-switch connection. You said you changed switches - but I'm betting you just swapped in another Foundry. We have had trouble with the Broadcom gig E adapters under WinXP and certain switches. Try swapping in a 3com or some such. And certainly also try the system on a 100BaseT port as well. My guess is it's in how the Foundry is setting up the ethernet connection. My other guess is that the system timing/BIOS setups are different. I haven't yet seen the BIOS for a 360-G3 or G4 so I don't know that the settings I'm thinking of are even adjustable. But, look for something to do with the PCI bus timing I don't know what HP would name it. Also, check the BIOS version on your older decent 360's and the newer ones and see if you can try flashing an old one to the same BIOS rev as a new one, then see if the old one gets slow. Ted -Original Message- From: Kent Ketell [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 31, 2005 11:17 PM To: Ted Mittelstaedt Cc: freebsd-questions@freebsd.org Subject: Re: HP DL360-P4 slow network writes On Tue, May 31, 2005 at 10:35:00PM -0700, Ted Mittelstaedt wrote: Hey Kent, You need to remove Windows and install FreeBSD on those! Oh, your already running FreeBSD? I didn't see a version or dmesg output. I have tried 4.10-RELEASE-p5 and 4.11-STABLE as of last week. The app I'm testing with is cvs, since that's what is impacting the guys the most. Traceroute also shows rediculous times: traceroute to ? (172.17.56.15), 64 hops max, 44 byte packets 1 ? (172.17.56.15) 7.025 ms 0.122 ms 0.212 ms That traceroute is out a gig port directly to a NetAPP across a Foundry Gig switch. 7.025 ms is not right. The following is from the 4.11-STABLE system Here is the dmesg.boot info: Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.11-STABLE #0: Fri May 27 09:18:57 PDT 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/bbuild31 Timecounter i8254 frequency 1193182 Hz CPU: Intel(R) Xeon(TM) CPU 3.60GHz (3600.15-MHz 686-class CPU) Origin = GenuineIntel Id = 0xf41 Stepping = 1 Features=0xbfebfbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP, MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE ,SSE2,SS,HTT,TM,PBE Hyperthreading: 2 logical CPUs real memory = 2147430400 (2097100K bytes) avail memory = 2087751680 (2038820K bytes) Changing APIC ID for IO APIC #1 from 0 to 9 on chip Programming 24 pins in IOAPIC #0 IOAPIC #0 intpin 2 - irq 0 Programming 24 pins in IOAPIC #1 Programming 24 pins in IOAPIC #2 Programming 24 pins in IOAPIC #3 FreeBSD/SMP: Multiprocessor motherboard: 4 CPUs cpu0 (BSP): apic id: 0, version: 0x00050014, at 0xfee0 cpu1 (AP): apic id: 1, version: 0x00050014, at 0xfee0 cpu2 (AP): apic id: 6, version: 0x00050014, at 0xfee0 cpu3 (AP): apic id: 7, version: 0x00050014, at 0xfee0 io0 (APIC): apic id: 8, version: 0x00178020, at 0xfec0 io1 (APIC): apic id: 9, version: 0x00178020, at 0xfec1 io2 (APIC): apic id: 10, version: 0x00178020, at 0xfec82000 io3 (APIC): apic id: 11, version: 0x00178020, at 0xfec82400 Preloaded elf kernel kernel at 0xc03b7000. Warning: Pentium 4 CPU: PSE disabled Pentium Pro MTRR support enabled md0: Malloc disk npx0: math processor on motherboard npx0: INT 16 interface pcib0: Host to PCI bridge on motherboard IOAPIC #0 intpin 16 - irq 2 IOAPIC #0 intpin 18 - irq 16 pci0: PCI bus on pcib0 pcib1: PCI to PCI bridge (vendor=8086 device=3595) irq 2 at device 2.0 on pci0 pci13: PCI bus on pcib1 pcib2: PCI to PCI bridge (vendor=8086 device=3597) irq 2 at device 4.0 on pci0 pci6: PCI bus on pcib2 pcib3: PCI to PCI bridge (vendor=8086 device=0329) at device 0.0 on pci6 pci7: PCI bus on pcib3 pcib4: PCI to PCI bridge (vendor=8086 device=032a) at device 0.2 on pci6 pci10: PCI bus on pcib4 pcib5: PCI to PCI bridge (vendor=8086 device=3599) irq 2 at device 6.0 on pci0 pci3: PCI bus on pcib5 pcib6: PCI to PCI bridge (vendor=8086 device=25ae) at device 28.0 on pci0 IOAPIC #1 intpin 0 - irq 17 IOAPIC #1 intpin 1 - irq 18 IOAPIC #1 intpin 2 - irq 19 pci2: PCI bus on pcib6 ciss0: HP Smart Array 6i port 0x4000-0x40ff mem 0xfdf8-0xfdfb,0xfdff-0xfdff1fff irq 17 at device 1.0 on pci2 bge0: Broadcom BCM5704C Dual Gigabit Ethernet, ASIC rev. 0x2100 mem 0xfdf7-0xfdf7 irq 18 at device 2.0 on pci2 bge0: Ethernet address: 00:12:79:8f:1d:10 miibus0: MII bus on bge0 brgphy0: BCM5704 10/100/1000baseTX PHY on miibus0 brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseTX, 1000baseTX-FDX, auto bge1: Broadcom BCM5704C Dual Gigabit Ethernet, ASIC rev. 0x2100 mem 0xfdf6-0xfdf6 irq 19 at device 2.1 on pci2 bge1: Ethernet address: 00:12:79:8f:1d:0f miibus1: MII bus on bge1 brgphy1: BCM5704 10/100/1000baseTX PHY on miibus1 brgphy1: 10baseT,
hints file version mismatch
After incidentally restart when I work on my machine in KDE, on boot process i see problem message: hints file version mismatch 1885434471 I have searched on Google, and find that solution: cp /usr/src/sys/i386/conf/GENERIC.hints /boot/device.hints but it can't help for me... Any suggestions? -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: System Panics and Core Dump help
On Wednesday, 1 June 2005 at 2:25:56 -0500, Denny White wrote: Just trying to get a heads up if I'm going about this in the right way, if I've understood what I've read and applied, outlined below. I read an article at Onlamp on how to prepare for system panics and core dumps. Article here: ... Now, in /var/log/messages, I get: savecore: unable to open bounds file, using 0 savecore: no dumps found Did you get a dump? Otherwise the second message is normal. The first one is harmless, and should only occur on the first real dump. Am I right in assuming that the system's doing exactly what it's supposed to do? That is, checking for a dump when booting, not finding any, reporting as much, and proceeding booting as usual? Assuming that you didn't write a dump, yes. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html The virus contained in this message was not detected. Finger [EMAIL PROTECTED] for PGP public key. See complete headers for address and phone numbers. pgpeFVFj2K56D.pgp Description: PGP signature
Bridging and IPFW
Hey guys, hope I posted this to the right list! I recently installed version 5.4 on a computer that acts as a gateway/firewall/bridge for a LAN. There are 30 or so computers sitting behind interface rl1 which has no IP address assigned. rl1 is bridged to rl0 which is the external interface and which has all the proper IP's assigned. The bridge is functioning perfectly but the problem comes when I try to filter - using ipfw - by MAC address. Here are the relevant sysctl variables ( hope I set them all! ) net.link.ether.bridge.enable: 1 net.link.ether.bridge.config: rl0:0,rl1:0 net.link.ether.bridge_ipfw: 1 net.link.ether.ipfw: 1 According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any The problem is that I am getting hits on only ONE of these rules and that's the first one. Nothing hits the second one! In total I have 3 rules - these two and the last one which is allow ip from any to any So it looks like this: 00010142169205532194 allow ip from any to any MAC any 00:0e:a6:02:4d:a4 00010 00 allow ip from any to any MAC 00:0e:a6:02:4d:a4 any 65535 194369376 164135836653 allow ip from any to any I have tried adding various other options, like in via rl1, out via rl1, bridged, etc to no avail. Second rule isn't hit by anything! Theoretically, it should be - if I add rule #20 that says deny ip from any to any, my computer can no longer pass through the gateway although my MAC is listed in rule #10. I really am at a loss of ideas as to what might be causing this, especially since I already did this one and it worked fine on 4.10. Any input would be appreciated. Thanks! George ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging and IPFW
On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: ... According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bridging and IPFW
Yes and no. In any case, I have tried assigning them different rule numbers but it doesn't change anything. Second one still doesn't get looked at. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dmitry Mityugov Sent: Wednesday, June 01, 2005 11:43 AM To: George Breahna Cc: freebsd-questions@freebsd.org Subject: Re: Bridging and IPFW On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: ... According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Dmitry We live less by imagination than despite it - Rockwell Kent, N by E ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: HP DL360-P4 slow network writes
--On 01 June 2005 00:37 -0700 Ted Mittelstaedt [EMAIL PROTECTED] wrote: Hi Kent, I think it's the Broadcom-switch connection. You said you changed switches - but I'm betting you just swapped in another Foundry. We have had trouble with the Broadcom gig E adapters under WinXP and certain switches. Try swapping in a 3com or some such. And certainly also try the system on a 100BaseT port as well. FWIW - we've got a bunch of the DL360 G4's and found a very nasty problem with the way the onboard Broadcom reacted to our HP switches - by default we forced the NIC's to 100Mbit/FDX. This resulted in a system that could send 'small' packets fine (e.g. dns) - but bogged down on anything large [it'd work, but not fun getting about 6k/sec for some transfers). After fiddling with the switch ports, putting the NIC's back to 'auto-select' fixed it - which is ironic, as we have a bunch of Intel Pro1000's that need exactly the opposite to work properly [i.e. we _have_ to lock them at 100/FDX to work with the switches]. I love 'standards' :) -Karl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RT ipfw monitoring
Dear list, I'd like to know if there is a tool like apachetop for apache to monitor ipfw ? TIA zheyu -- Geschenkt: 3 Monate GMX ProMail gratis + 3 Ausgaben stern gratis ++ Jetzt anmelden testen ++ http://www.gmx.net/de/go/promail ++ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: FreeBSD 5.x forgetting passwords.
Christian Tischler [EMAIL PROTECTED] wrote: The fact that 5.1 is old does not matter so much in terms of security, as only ssh and some high ports for a crypted vpn are open to the net, and the box is behind a firewall/nat/router thing. Really? You build perfect firewalls? That's an unwise attitude to have if you value security at all. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD on AlphaServer DS25
Hello we are trying to install FreeBSD 5.4 (Alpha Version) on a AlphaServer DS25. It fails when we start to boot from the CD. This machine doesn't have any floppy so we cannot try the floppy install. We have similar problem installing Debian so we think this model has problem booting with normal iso-images for Alpha. Does anybody of you has any hint about FreeBSD's supported Alpha Servers? Thanks a lot Valerio Daelli ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Bridging and IPFW
On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: .. According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Not entirely sure, but will setting the sysctl net.inet.ip.fw.one_pass to 0 help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Bridging and IPFW
Tried that one myself, but I tried it again. No impact whatsoever! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin House Sent: Wednesday, June 01, 2005 3:27 PM To: George Breahna Cc: freebsd-questions@freebsd.org Subject: Re: Bridging and IPFW On 6/1/05, George Breahna [EMAIL PROTECTED] wrote: .. According to what I have read, using ipfw2 I should now be able to properly filter by MAC address..so I wrote up some rules! $IPFW 10 add allow ip from any to any MAC any 00:0E:A6:02:4D:A4 $IPFW 10 add allow ip from any to any MAC 00:0E:A6:02:4D:A4 any Is it intentional that both rules have the same number, 10? -- Not entirely sure, but will setting the sysctl net.inet.ip.fw.one_pass to 0 help? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
sSMTP and system messages?
Hello, Is there a way to configure sSMTP so that it will _not_ send system messages over the internet? Thanks, Frits ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: sSMTP and system messages?
Frits Westra [EMAIL PROTECTED] wrote: Hello, Is there a way to configure sSMTP so that it will _not_ send system messages over the internet? No. That's what sSMTP is for. Depending on exactly what you want to accomplish, you'll have to use another system, such as setting up sendmail for local-only delivery. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how can I make xterm just like the console ? (colors, etc.)
Hi! *VT100*foreground: gray90 *VT100*background: black Beware that these might be changed next time you update Xorg. So as an alternative, you can create a file ~/.Xresources, and put these two lines in it. Probably you mean ~/.Xdefaults -- wall ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how can I make xterm just like the console ? (colors, etc.)
On 2005-06-01 17:18, Walery Kokarev [EMAIL PROTECTED] wrote: *VT100*foreground: gray90 *VT100*background: black Beware that these might be changed next time you update Xorg. So as an alternative, you can create a file ~/.Xresources, and put these two lines in it. Probably you mean ~/.Xdefaults The default xinitrc file distributed with X.org uses .Xresources AFAIK: % cat -n /usr/X11R6/lib/X11/xinit/xinitrc 1 #!/bin/sh 2 # $Xorg: xinitrc.cpp,v 1.3 2000/08/17 19:54:30 cpqbld Exp $ 3 4 userresources=$HOME/.Xresources 5 usermodmap=$HOME/.Xmodmap [...] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
postgrey question
I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I am still googling for info, but as I understand it the policy will inject the message to another queue for postgrey to evaluate? If this is true, what happens if I install it while still running the postfix/amavis solution, which is also a double-queue system for evaluation of messages? Will doing a make install for postgrey damage the installation we currently have in place and working? Anyone else running postgrey with amavis on postfix, on FreeBSD? I'd appreciate any feedback/experiences people have to offer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
Bart Silverstrim [EMAIL PROTECTED] wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I am still googling for info, but as I understand it the policy will inject the message to another queue for postgrey to evaluate? If this is true, what happens if I install it while still running the postfix/amavis solution, which is also a double-queue system for evaluation of messages? Will doing a make install for postgrey damage the installation we currently have in place and working? Anyone else running postgrey with amavis on postfix, on FreeBSD? I'd appreciate any feedback/experiences people have to offer. Yes, I'm running Postgrey with Amavis on FreeBSD. Works great. The short answer is that Postgrey plays nice with Amavis. The medium-length answer is that Postgrey simply becomes another check that is run. Postfix has a policy service hook that allows Postfix to consult with an outside program prior to accepting mail. This is a different process than the multi-queue system that Amavis uses, and the two co-exist nicely. Postgrey works more like the rbl checks than the multi-queue system that Amavis uses. The long answer is contained in the technical details of Postfix, and the Postfix source code, and I won't attempt to duplicate that here ;) -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: XFS on FreeBSD
Craig Rodrigues [EMAIL PROTECTED] wrote: On Tue, May 31, 2005 at 06:50:38PM -0400, Bill Moran wrote: I'm interested in the project to port XFS to FreeBSD. However, every link I've traced down leads to a dead end. An announcement of FreeBSD for XFS was made on March 22 on the freebsd-current mailing list: http://lists.freebsd.org/pipermail/freebsd-current/2005-March/047744.html Does anyone have links to where this project is currently housed, or any information about its status? All the current information about this project is located on a new project web page: http://people.freebsd.org/~rodrigc/xfs/ Thanks to everyone who answered. I'm not sure why I had so much trouble finding this before. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
what is the init entrance for pci bus scan in FREEbsd?
Now i am coding a fake pcihotplug module in Freebsd 5.3 release, it contains two parts ,the userplace using a ioctl way to communicate with an cdev in /dev, and the kernel module which mainly operates on the Devclasses ,devlist and driverlist but still in the enable function,i have to rescan the pci bus. BUT, i can not find the pci bus scan code in the freebsd,i guess it was just an entry of the startup table which is made by compiler, still some one told me to follow the pci_init() way in LINUX ,but , i find it too hard in the OO structure bus arch of Freebsd .so WHERE can i get some code to follow in order to finish my pci rescan function? -- we who r about to die,salute u! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
On Jun 1, 2005, at 10:22 AM, Bill Moran wrote: Bart Silverstrim [EMAIL PROTECTED] wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I am still googling for info, but as I understand it the policy will inject the message to another queue for postgrey to evaluate? If this is true, what happens if I install it while still running the postfix/amavis solution, which is also a double-queue system for evaluation of messages? Will doing a make install for postgrey damage the installation we currently have in place and working? Anyone else running postgrey with amavis on postfix, on FreeBSD? I'd appreciate any feedback/experiences people have to offer. Yes, I'm running Postgrey with Amavis on FreeBSD. Works great. The short answer is that Postgrey plays nice with Amavis. The medium-length answer is that Postgrey simply becomes another check that is run. Postfix has a policy service hook that allows Postfix to consult with an outside program prior to accepting mail. This is a different process than the multi-queue system that Amavis uses, and the two co-exist nicely. Postgrey works more like the rbl checks than the multi-queue system that Amavis uses. The long answer is contained in the technical details of Postfix, and the Postfix source code, and I won't attempt to duplicate that here ;) Are there instructions you know of for the installation to get postgrey to integrate with postfix from ports on FreeBSD? (Huh?) Um...let's rephrase. Is there a reference of what needs to be done after running make install in the postgrey port directory to get postfix to see it and use it, preferably without killing the working amavisd? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
kernel panic with unmount: dangling vnode on boot
Hi all, I just updated my 5.3 system to 5.4p1 from source and ran into a serious problem. During boot, when the filesystems are being mounted, the system goes into a kernel panic and reports panic unmount: dangling vnode it then reboots. I have found PR 79665 which appears to be related. I have also found that booting to single user mode and manually mounting the filesystems will bypass this problem but it is not a good workaround since I don't have battery backup and the power here is less than ideal (short outages 3 or 4 times a year). The system this is being tested on is using gvinum for a number of filesystems: /tmp is stripped, /home is mirrored, / /var /usr are ordinary filesystems. The system is a dual PIII so I'm using an SMP kernel. I've stripped unused device drivers and added a few things so I will re-try with generic and generic+smp when I get a chance. Once I get the system back up (after the most recent reboot) I will build a generic kernel and see if that has the same problem. Does anyone else have similar problems and, if so, are there any workarounds so that I can boot cleanly. I really don't want to lose gvinum but I will if I have to. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New ports in -RELEASE
Ron, I have run into a strange problem with ports and cvsup that you may be running into. For some unknown reason I can run a cvsup and it appears that everything has run fine however I show that nothing needs to be updated. Now here is the kicker; If I delete the ports directory (or move it out of the way) and run the cvsup again, all of a sudden there are ten or more ports that need updating. This has happened more than once. I wish someone could explain that problem to me, especially since I never remember that happening on the 4.11 release. Tim Glenn Dawson wrote: At 09:39 PM 5/31/2005, Vizion wrote: Or can someone point me to some very clear instructions for cvsup, that doesn't make a assumptions about me already being a FreeBSD guru? Does cvsups fix my problem? Installing a -RELEASE version and then wanting the latest ports seems like a common desire, but it is not addressed very clearly. Thanks for any help. I also have 5.3 and my ports tree, which is kept up to date with cvsup, has version 1.2 of subversion in the ports tree. One other thing to note is that ports has no branches like src does, so if you cvsup your ports tree you're getting the latest ports as of that moment. For ports I put the following in /usr/ports/sup and then do cvsup /usr/ports/sup *default host=cvsup.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=. *default delete use-rel-suffix *default compress ports-all Similarly I use this for src: *default host=cvsup.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=RELENG_5 *default delete use-rel-suffix *default compress src-all make sure to change the tag= to match whatever branch you're interested in getting. -Glenn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: postgrey question
On Wednesday 01 June 2005 09:07, Bart Silverstrim wrote: Anyone else running postgrey with amavis on postfix, on FreeBSD? I'd appreciate any feedback/experiences people have to offer. I had an article published on exactly that. See if this helps you: http://www.freesoftwaremagazine.com/free_issues/issue_02/focus_spam_postfix -- Kirk Strauser pgp6NW3nqOGMj.pgp Description: PGP signature
Using multiple outside IPs on ADSL (PPPoE) connection
Hi, until now we had one outside IP address and used FreeBSD machine to do NAT and run some mail and webserver for our needs. Few days ago we got a /30 subnet (netmask 255.255.255.252) and now, when I connect to ISP, I get only first IP of the subnet. Of course, while it's available, I would like to have some services listening on other IP addresses as well. I have searched a lot and I have found a guy, asking just the same as I am (http://groups.google.com/groups?hl=sllr=threadm=6261e7aa.0409030400.107b2db2%40posting.google.comrnum=15prev=/groups%3Fq%3D%2522freebsd%2522%2B%252B%2B%2522subnet%2522%2B%252B%2B%2522pppoe%2522%26start%3D10%26hl%3Dsl%26lr%3D%26selm%3D6261e7aa.0409030400.107b2db2%2540posting.google.com%26rnum%3D15), but got no appropriate answer. Configuration file for ppp (/etc/ppp/ppp.conf) is at follows: default: enable lqr set lqrperiod 15 disable ipv6cp connection: set device PPPoE:rl0 set authname username set authkey pass nat enable yes nat same_ports yes nat use_sockets yes set dial set login set ifaddr first_ip_of_subnet 10.0.0.2/0 255.255.255.252 add default HISADDR Now, as also in that post from google, tun0 has only that IP address... I also tried to define second_ip_of_subnet with subnet mask 255.255.255.255 to rl0, but still that second IP isn't pingable from outside world. Thanks everyone for help:) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: System Panics and Core Dump help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Okay, didn't get a dump. Everything's fine on the system. I was just trying to follow how to be prepared for a panic, crash, etc., to be able to do a backtrace and have info to give someone trying to help debug the kernel. First time I rebooted after adding the new settings, I got: unable to open bounds file, using 0 no dumps found And to the best of my knowledge, there was no bounds file in /var/crash. Now there is, size is 2k has an internal value of 5. Also, now when I boot, I get: Checking for core dump on /dev/amrd0s1b no dumps found And, after rebooting again, I see that the internal value of /var/crash/bounds has been incremented by 1, so now it's at 6. I read where it does that each time it checks it. Only reason I bugged anyone on the mailing list about this was I'm still a relative newbie didn't want to trash all the work I'd done with my experimenting before getting it where it could be fixed if I did. :) So, as best as I can see it, it's doing just what it's supposed to do. Thanks for helping me clear that up, Greg. On Wed, 1 Jun 2005, Greg 'groggy' Lehey wrote: On Wednesday, 1 June 2005 at 2:25:56 -0500, Denny White wrote: Just trying to get a heads up if I'm going about this in the right way, if I've understood what I've read and applied, outlined below. I read an article at Onlamp on how to prepare for system panics and core dumps. Article here: ... Now, in /var/log/messages, I get: savecore: unable to open bounds file, using 0 savecore: no dumps found Did you get a dump? Otherwise the second message is normal. The first one is harmless, and should only occur on the first real dump. Am I right in assuming that the system's doing exactly what it's supposed to do? That is, checking for a dump when booting, not finding any, reporting as much, and proceeding booting as usual? Assuming that you didn't write a dump, yes. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply or reply to the original recipients. For more information, see http://www.lemis.com/questions.html The virus contained in this message was not detected. Finger [EMAIL PROTECTED] for PGP public key. See complete headers for address and phone numbers. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCnd8Cy0Ty5RZE55oRAsYeAKCncUDXMAlnnT45hWHtn7TLK9/QdACeOVgQ rSSLP5BqgFAxeY5ICufJcrw= =QJke -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Trisel Rodriguez/Charlotte/Hewitt Associates is out of the office.
Regarding your message: Important I will be out of the office starting 30-May-2005 and will not return until 06-Jun-2005. Any retirement related issue should be directed to [EMAIL PROTECTED] or 704-632-0992. Any MCR related issus should be directed to [EMAIL PROTECTED] The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Mailscanner PC requirements
Hi all, First OFF NEWBIE here - so please bear with me-- I have installed FreeBSD 5.4 on a box that I plan to use Mailscanner to filter the mail prior to hitting my Mail server. Its on a PII 450 with 256mb ram and a 12 gig drive. I would like to know 1) How can I check to make sure the system is running OK ( I'm from the windows world) where we have event logs and performance monitor to make sure the install was done correctly, give you page fault data mem ,cpu usage etc... Any tools or commands in FreeBSD that can give me this type of info? 2) given the above specs, is that ok to handle mail for roughly 40 users? Thanks in advance Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mailscanner PC requirements
Jean-Paul Natola [EMAIL PROTECTED] wrote: Hi all, First OFF NEWBIE here - so please bear with me-- I have installed FreeBSD 5.4 on a box that I plan to use Mailscanner to filter the mail prior to hitting my Mail server. Its on a PII 450 with 256mb ram and a 12 gig drive. I would like to know 1) How can I check to make sure the system is running OK ( I'm from the windows world) where we have event logs and performance monitor to make sure the install was done correctly, give you page fault data mem ,cpu usage etc... Any tools or commands in FreeBSD that can give me this type of info? Look at top(1), systat(1), as well as the various logs in /var/log 2) given the above specs, is that ok to handle mail for roughly 40 users? Hard to say without more details on what the volume is for those 40 users, but I expect it should be OK ... unless your usage patterns are very unusual. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mailscanner PC requirements
Well our mail store ( is at about 8 gigs) it should never go higher than than that. Should I try to get a # of messages per day tally , would that help? -Original Message- From: Bill Moran [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 01, 2005 12:53 PM To: Jean-Paul Natola Cc: freebsd-questions@freebsd.org Subject: Re: Mailscanner PC requirements Jean-Paul Natola [EMAIL PROTECTED] wrote: Hi all, First OFF NEWBIE here - so please bear with me-- I have installed FreeBSD 5.4 on a box that I plan to use Mailscanner to filter the mail prior to hitting my Mail server. Its on a PII 450 with 256mb ram and a 12 gig drive. I would like to know 1) How can I check to make sure the system is running OK ( I'm from the windows world) where we have event logs and performance monitor to make sure the install was done correctly, give you page fault data mem ,cpu usage etc... Any tools or commands in FreeBSD that can give me this type of info? Look at top(1), systat(1), as well as the various logs in /var/log 2) given the above specs, is that ok to handle mail for roughly 40 users? Hard to say without more details on what the volume is for those 40 users, but I expect it should be OK ... unless your usage patterns are very unusual. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
Bart Silverstrim [EMAIL PROTECTED] wrote: On Jun 1, 2005, at 10:22 AM, Bill Moran wrote: Bart Silverstrim [EMAIL PROTECTED] wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I am still googling for info, but as I understand it the policy will inject the message to another queue for postgrey to evaluate? If this is true, what happens if I install it while still running the postfix/amavis solution, which is also a double-queue system for evaluation of messages? Will doing a make install for postgrey damage the installation we currently have in place and working? Anyone else running postgrey with amavis on postfix, on FreeBSD? I'd appreciate any feedback/experiences people have to offer. Yes, I'm running Postgrey with Amavis on FreeBSD. Works great. The short answer is that Postgrey plays nice with Amavis. The medium-length answer is that Postgrey simply becomes another check that is run. Postfix has a policy service hook that allows Postfix to consult with an outside program prior to accepting mail. This is a different process than the multi-queue system that Amavis uses, and the two co-exist nicely. Postgrey works more like the rbl checks than the multi-queue system that Amavis uses. The long answer is contained in the technical details of Postfix, and the Postfix source code, and I won't attempt to duplicate that here ;) Are there instructions you know of for the installation to get postgrey to integrate with postfix from ports on FreeBSD? (Huh?) Um...let's rephrase. Is there a reference of what needs to be done after running make install in the postgrey port directory to get postfix to see it and use it, preferably without killing the working amavisd? You'll need to put the following in /etc/rc.conf: postgrey_enable=YES as specified by the port, and enter a line like: check_policy_service 172.0.0.1:10023 in /usr/local/etc/postfix/main.cf (please check the Postgrey docs, I'm pulling this from memory and I'm not 100% sure it's exactly right). -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Mailscanner PC requirements
Oh the Ironies of life, I actually redid my install because someone on the list told me that there was no reason (point) to even install KDE since I was going to use it only for Mailscanner.. Should I go ahead and reinstall it? -Original Message- From: Rhys Campbell [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 01, 2005 12:47 PM To: Jean-Paul Natola Subject: RE: Mailscanner PC requirements If you're running KDE the KDE System Guard (system section of the K Menu) is similar to the Windows Task Manager. Gnome has something similar I have used but I forget the name. The console command 'ps' will show you running processes. Check this web link for info http://unixhelp.ed.ac.uk/CGI/man-cgi?ps Or do man ps or info ps Rhys -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jean-Paul Natola Sent: 01 June 2005 17:34 To: freebsd-questions@freebsd.org Subject: Mailscanner PC requirements Hi all, First OFF NEWBIE here - so please bear with me-- I have installed FreeBSD 5.4 on a box that I plan to use Mailscanner to filter the mail prior to hitting my Mail server. Its on a PII 450 with 256mb ram and a 12 gig drive. I would like to know 1) How can I check to make sure the system is running OK ( I'm from the windows world) where we have event logs and performance monitor to make sure the install was done correctly, give you page fault data mem ,cpu usage etc... Any tools or commands in FreeBSD that can give me this type of info? 2) given the above specs, is that ok to handle mail for roughly 40 users? Thanks in advance Jean-Paul Natola Network Administrator Information Technology Family Care International 588 Broadway Suite 503 New York, NY 10012 Phone:212-941-5300 xt 36 Fax: 212-941-5563 Mailto: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: iPod mini + ASUS P3B-F motherboard + FreeBSD 5.4-STABLE
I wrote: Is anyone successfully using this mix of old and new technology? I'm trying to, but I'm not succeeding. The on-board USB ports on this machine are USB1.1, which, while not officially supported by Apple, should work with iPod according to many reports on the Net. I do understand that it would be very slow, though. The very first time I took the iPod out of the package and connected it to my PC, it was recognized successfully: May 30 20:08:32 premium kernel: umass0: Apple iPod mini, rev 2.00/0.01, addr 2 May 30 20:12:52 premium kernel: da0 at umass-sim0 bus 0 target 0 lun 0 May 30 20:12:52 premium kernel: da0: Apple iPod 1.62 Removable Direct Access SCSI-0 device Note, however, that there's a 4 minute time gap between umass0 and da0 lines. Since my machine doesn't have any support for reading the HFS (or is it HFS+?) file system which is what the iPod has out of the box, I couldn't however mount any slices from da0. I tried disconnecting and re-connecting the iPod a few times and now the umass0 line appears but the da0 line doesn't appear at all, even after waiting for 40 minutes. I went to a Windows PC with USB2 ports and connected the iPod to that. It was recognized immediately and re-formatted as FAT32. Back to my FreeBSD PC and there's no change - when plugging in the iPod, the umass0 line appears in dmesg, but the da0 line doesn't. What would be the best course of action to get the iPod talking to my FreeBSD box? - install an add-on USB 2.0 card ? - update the PC-s BIOS to latest version (there is a newer version than the one I'm running now)? - update to latest -STABLE (current checkout is from May 10)? - wipe FreeBSD and install Windows? (just kidding!!!) - something else? I have now tried all the suggestions above, except installing Windows or doing something else, and I still haven't gotten any further. The most irritating thing is that if I boot my PC with Knoppix 3.7 CD, I can successfully mount the iPod as /dev/sda2. Some more googling has revealed that similar problems have been reported with OpenBSD and NetBSD, but no solution seems to exist: http://www.monkey.org/openbsd/archive2/misc/200501/msg00149.html http://mail-index.netbsd.org/tech-kern/2004/09/14/.html One last resort I can think of is FireWire. But for that I would need to get a FireWire adapter (any recommendations?) and iPod dock connector to FireWire cable. Both ca 20 EUR. And I'm still not sure it would work. I'm planning to file a PR on this. The kernel with USB_DEBUG is being built as I type. But for now it looks like FreeBSD users would do well to steer clear of the 2nd generation iPod mini. --- ... Work is for people who don't know how to fish. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
On Jun 1, 2005, at 1:33 PM, Bill Moran wrote: Bart Silverstrim [EMAIL PROTECTED] wrote: Are there instructions you know of for the installation to get postgrey to integrate with postfix from ports on FreeBSD? (Huh?) Um...let's rephrase. Is there a reference of what needs to be done after running make install in the postgrey port directory to get postfix to see it and use it, preferably without killing the working amavisd? You'll need to put the following in /etc/rc.conf: postgrey_enable=YES as specified by the port, and enter a line like: check_policy_service 172.0.0.1:10023 in /usr/local/etc/postfix/main.cf (please check the Postgrey docs, I'm pulling this from memory and I'm not 100% sure it's exactly right). That's where I was a little confused (kirk? Insight, clarification?) because I thought that line would have it pass the message to another queue on port 10023 of the localhost, like the way Amavis runs. I didn't know if that meant it would be running three postfix queues now or if it is just a misunderstanding on my part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
Bart Silverstrim [EMAIL PROTECTED] wrote: On Jun 1, 2005, at 1:33 PM, Bill Moran wrote: Bart Silverstrim [EMAIL PROTECTED] wrote: Are there instructions you know of for the installation to get postgrey to integrate with postfix from ports on FreeBSD? (Huh?) Um...let's rephrase. Is there a reference of what needs to be done after running make install in the postgrey port directory to get postfix to see it and use it, preferably without killing the working amavisd? You'll need to put the following in /etc/rc.conf: postgrey_enable=YES as specified by the port, and enter a line like: check_policy_service 172.0.0.1:10023 in /usr/local/etc/postfix/main.cf (please check the Postgrey docs, I'm pulling this from memory and I'm not 100% sure it's exactly right). That's where I was a little confused (kirk? Insight, clarification?) because I thought that line would have it pass the message to another queue on port 10023 of the localhost, like the way Amavis runs. I didn't know if that meant it would be running three postfix queues now or if it is just a misunderstanding on my part. It's a misunderstanding on your part. For more details, read the Postfix docs on the policy service hook. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
can't figure out ssh, read lots of docs...
I'm trying to use scp and I get prompted for a password or passphrase for each invocation. I figure I need to figure out how to get ssh to connect without prompting, but I just can't get it. I've read all the man pages and my head is swirling. I went to the OpenSSH web site and got no further. I've been in the business for 28 years and can usually figure things out from man pages, but ssh doesn't seem to be clear enough. I've been unemployed for over a year and can't afford the OReilly book right now (which I'm offering as my defense for asking here). I've got two free chapters from the OReilly book, but they don't help. I've used ssh-keygen and I'm trying to login to the localhost (using it's hostname). Anybody know of a short tutorial that just works? -- i386 FreeBSD 4.11-STABLE There are 10 types of people in this world. Ones that understand binary and then, the others. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 4.11-RELEASE install error
On 30 May Ted Mittelstaedt wrote: On 29 May Ted Mittelstaedt wrote: What is supplied with 4.11-release is old and a number of utilities - like firefox - will not build on it anymore. I run two 4.11-stable machines here and both compile firefox from ports very fine still. I did not come across packages (yet) that did not compile on 4.11 I *know* they exist but they're not the 'popular' ones. He is talking 4.11-release, from the ISO, not 4.11-stable. 4.11-release most definitely will not compile Firefox unless you use the original firefox 1.0 code, which has a security hole in it. If you cvsup the ports tree, it will update the firefox port to a later version of firefox that will definitely not link in with the X libraries installed off the 4.11-release ISO. Not sure I follow you. Will building firefox from ports on a 4.11R system really not build if you give a portupgrade -rR firefox ? Will this not automatically install any newer (needed) X libs? -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.11 ++ FreeBSD 5.3 + Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Mailscanner PC requirements
On Wed, Jun 01, 2005 at 01:38:04PM -0400, Jean-Paul Natola wrote: Oh the Ironies of life, I actually redid my install because someone on the list told me that there was no reason (point) to even install KDE since I was going to use it only for Mailscanner.. Should I go ahead and reinstall it? Installing X on a server is overkill, unless you plan on staring at the monitor all day. OTOH, FreeBSD also makes for a nice desktop system. Better activate sshd (Secure Shell daemon) and log into the machine from your desktop, e.g. with 'putty'. That way you can run commands like 'systat -vmstat' remotely. You can also view the logfiles by logging in remotely. If you are logged in you can also modify syslog.conf to have the system write you a message whenever certain types of error occur. You could even have the system e-mail you the error messages (unless the e-mail isn't working :-) Roland -- R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt pgpA7NneNo2y2.pgp Description: PGP signature
Re: can't figure out ssh, read lots of docs...
You should be able to find everything you need here. http://www-106.ibm.com/developerworks/library/l-keyc.html I set it up in the lab (on 4.7) and it worked great. Good luck, Rick PS. sorry you got it twice Steven, I forgot to click reply all. On 6/1/05, Steven Friedrich [EMAIL PROTECTED] wrote: I'm trying to use scp and I get prompted for a password or passphrase for each invocation. I figure I need to figure out how to get ssh to connect without prompting, but I just can't get it. I've read all the man pages and my head is swirling. I went to the OpenSSH web site and got no further. I've been in the business for 28 years and can usually figure things out from man pages, but ssh doesn't seem to be clear enough. I've been unemployed for over a year and can't afford the OReilly book right now (which I'm offering as my defense for asking here). I've got two free chapters from the OReilly book, but they don't help. I've used ssh-keygen and I'm trying to login to the localhost (using it's hostname). Anybody know of a short tutorial that just works? -- i386 FreeBSD 4.11-STABLE There are 10 types of people in this world. Ones that understand binary and then, the others. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
Steven Friedrich wrote: I'm trying to use scp and I get prompted for a password or passphrase for each invocation. I figure I need to figure out how to get ssh to connect without prompting, but I just can't get it. I've read all the man pages and my head is swirling. I went to the OpenSSH web site and got no further. I've been in the business for 28 years and can usually figure things out from man pages, but ssh doesn't seem to be clear enough. I've been unemployed for over a year and can't afford the OReilly book right now (which I'm offering as my defense for asking here). I've got two free chapters from the OReilly book, but they don't help. I've used ssh-keygen and I'm trying to login to the localhost (using it's hostname). Anybody know of a short tutorial that just works? I too had to read a lot of pages before getting the requisite aha! moment for this feature, but what you need is here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssh.html Section 14.11.6 is awfully short, but it does summarize the relevant information. Basically, you take the public key generated for username on one machine (the ssh client) and append it to the authorized_keys file for the same username on the other machine (the sshd server). Since what you say you want is real transparency (no prompts), don't assign a passphrase when generating the keys. If you've already gotten that far, using ssh -v[vv] can help you isolate where things are going wrong. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) gregb at scls.lib.wi.us, (608) 266-6348 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
On Wed, Jun 01, 2005 at 02:49:45PM -0400, Steven Friedrich wrote: I'm trying to use scp and I get prompted for a password or passphrase for each invocation. I figure I need to figure out how to get ssh to connect without prompting, but I just can't get it. I've read all the man pages and my head is swirling. I went to the OpenSSH web site and got no further. I've been in the business for 28 years and can usually figure things out from man pages, but ssh doesn't seem to be clear enough. Try invoking ssh with the -v option, to see what goes wrong. I've used ssh-keygen and I'm trying to login to the localhost (using it's hostname). Have you copied $HOME/.ssh/identity.pub to $HOME/.ssh/authorized_keys on the target machine? Anybody know of a short tutorial that just works? I'm using the ssh1 protocol. I've set the following in ~/.ssh/config: PasswordAuthentication = no RhostsAuthentication = no RhostsRSAAuthentication = no RSAAuthentication = yes That works for me. Roland -- R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt pgpW3BSfn7DxT.pgp Description: PGP signature
Re: can't figure out ssh, read lots of docs...
On Wed, Jun 01, 2005 at 02:24:07PM -0500, Greg Barniskis wrote: Steven Friedrich wrote: I'm trying to use scp and I get prompted for a password or passphrase for each invocation. I figure I need to figure out how to get ssh to connect without prompting, but I just can't get it. I've read all the man pages and my head is swirling. I went to the OpenSSH web site and got no further. I've been in the business for 28 years and can usually figure things out from man pages, but ssh doesn't seem to be clear enough. I've been unemployed for over a year and can't afford the OReilly book right now (which I'm offering as my defense for asking here). snip (the sshd server). Since what you say you want is real transparency (no prompts), don't assign a passphrase when generating the keys. snkp Greg Barniskis, Computer Systems Integrator The poster is correct in that what you probably what to do is setup public-key authentication using ssh, however, I would highly recommend that you NOT use a blank passphrase for your private key. ssh-agent, a utility that I think comes standard with the openssh package will store your passphrase for a given login session and automatically supply it for you so that you don't have to type the passphrase each time. Check the manpage for ssh-agent(1). To make it even more convenient there is nice little shell script program called keychain that will manage your passphrases for all login sessions at once. With keychain you will only have to supply your passphrase(s) once when you first login or boot your system and that's it. I don't think leaving a private key around on your system without a passphrase is a good idea, and especially if you are using it to automatically authenticate to a remote machine. Keychain is in the ports collection. http://www.gentoo.org/proj/en/keychain/ Nathan pgpMdhcrnvbN5.pgp Description: PGP signature
Re: New ports in -RELEASE
At 08:33 AM 6/1/2005, Tim Hogan wrote: Ron, I have run into a strange problem with ports and cvsup that you may be running into. For some unknown reason I can run a cvsup and it appears that everything has run fine however I show that nothing needs to be updated. Now here is the kicker; If I delete the ports directory (or move it out of the way) and run the cvsup again, all of a sudden there are ten or more ports that need updating. This has happened more than once. I wish someone could explain that problem to me, especially since I never remember that happening on the 4.11 release. Tim Hi Tim, can you supply a copy of your sup file/ -Glenn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
On Jun 1, 2005, at 8:07 AM, Bart Silverstrim wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I don't run postifx and the thing I am about to mention I have not tried yet, but you may want to explore modifying your greylisting to be based on spamassassin results. I use exim as the mta and there is a thing called sa-exim that lets you run spamassassin at SMTP time so that you can reject mail if you want before you actually are finished receiving it. The author of sa- exim has modified it to do greylisting based on spamassassing scores generated at smtp time, so that you only greylist mail that is thought to be spam and do not inconvenience your regular users. Can you do spamassassin at smtp time with postfix? Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
Chad Leigh -- Shire.Net LLC wrote: On Jun 1, 2005, at 8:07 AM, Bart Silverstrim wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I don't run postifx and the thing I am about to mention I have not tried yet, but you may want to explore modifying your greylisting to be based on spamassassin results. I use exim as the mta and there is a thing called sa-exim that lets you run spamassassin at SMTP time so that you can reject mail if you want before you actually are finished receiving it. The author of sa- exim has modified it to do greylisting based on spamassassing scores generated at smtp time, so that you only greylist mail that is thought to be spam and do not inconvenience your regular users. Can you do spamassassin at smtp time with postfix? That's far too complicated. Postgrey does an excellent job. I have installed postgrey yesterday, and it works really well. I didn't read all the emails regarding this subject, so my apologies if I only tell you things you've already heared. Basically it works like this: You're recieving an e-mail on your mailserver. Postgrey checks if it's an e-mail address it has seen before (which it stores in a database). If he has, he passed it to amavis where it can be processed further. If it isn't a known e-mail address, it automatically blacklists the e-mail address for an x amount of seconds while sending the sending server a message that it's busy and that it should try again in x amount of seconds. Normal mailservers wait patiently for those x amount of seconds and try sending it again (except for hotmail, who tries to send it every 30 seconds even if your server tells it to wait 90 seconds). Since Postgrey has it stored in the database, the email will be passed trough nicely. The main advantage of this is that spammers and viruses have massive amount of email lists and just try to send it to as many people as possible. They are not going to wait and try to send the e-mail again, thus you effectively block many amount of spam and virus e-mail before it's even being processed by amavis / clamav / spamassasin, saving up system resources. Configuration of this is really easy. Compile it from the ports, change flags in the rc.d script (See man page for more info) and put this in your main.cf. Note the space between sevice and inet. smtpd_recipient_restrictions = check_policy_service inet:192.168.1.100:10023,reject_unauth_destination,permit Start postgrey from the rc.d script and you're ready to go. Cheers, Jorn Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
On Jun 1, 2005, at 3:16 PM, Jorn Argelo wrote: Chad Leigh -- Shire.Net LLC wrote: On Jun 1, 2005, at 8:07 AM, Bart Silverstrim wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I don't run postifx and the thing I am about to mention I have not tried yet, but you may want to explore modifying your greylisting to be based on spamassassin results. I use exim as the mta and there is a thing called sa-exim that lets you run spamassassin at SMTP time so that you can reject mail if you want before you actually are finished receiving it. The author of sa- exim has modified it to do greylisting based on spamassassing scores generated at smtp time, so that you only greylist mail that is thought to be spam and do not inconvenience your regular users. Can you do spamassassin at smtp time with postfix? That's far too complicated. Postgrey does an excellent job. Yes, normal greylisting works for some people, but in general, it is not seconds, but minutes (I don't believe that your server tells it how long to wait, but rather in general greylisting it returns a 4xx temporary failure error and the sending mail server will automatically retry within its own retry rules) and lots of people do not like to have their good mail greylisted at all as it can delay good mail for minutes or longer, so the one I described above is a modification on greylisting that allows it to only greylist possible spam and not all mail. Chad I have installed postgrey yesterday, and it works really well. I didn't read all the emails regarding this subject, so my apologies if I only tell you things you've already heared. Basically it works like this: You're recieving an e-mail on your mailserver. Postgrey checks if it's an e-mail address it has seen before (which it stores in a database). If he has, he passed it to amavis where it can be processed further. If it isn't a known e-mail address, it automatically blacklists the e-mail address for an x amount of seconds while sending the sending server a message that it's busy and that it should try again in x amount of seconds. Normal mailservers wait patiently for those x amount of seconds and try sending it again (except for hotmail, who tries to send it every 30 seconds even if your server tells it to wait 90 seconds). Since Postgrey has it stored in the database, the email will be passed trough nicely. The main advantage of this is that spammers and viruses have massive amount of email lists and just try to send it to as many people as possible. They are not going to wait and try to send the e-mail again, thus you effectively block many amount of spam and virus e-mail before it's even being processed by amavis / clamav / spamassasin, saving up system resources. Configuration of this is really easy. Compile it from the ports, change flags in the rc.d script (See man page for more info) and put this in your main.cf. Note the space between sevice and inet. smtpd_recipient_restrictions = check_policy_service inet: 192.168.1.100:10023,reject_unauth_destination,permit Start postgrey from the rc.d script and you're ready to go. Cheers, Jorn Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
[description of postgrey snipped] The main advantage of this is that spammers and viruses have massive amount of email lists and just try to send it to as many people as possible. They are not going to wait and try to send the e-mail again, thus you effectively block many amount of spam and virus e-mail before it's even being processed by amavis / clamav / spamassasin, saving up system resources. This is also the problem with greylisting... some services only attempt to send the email once and if it fails, give up completely. I don't remember if postgrey comes with a whitelist of IP addresses or not, but I do remember seeing a list that included things such as Southwest Airlines ticket confirmations and some amazon stuff. Anyway, that's something to watch out for if it's relevant for you... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
Thanks to Nathan Kinkade, Roland Smith, Greg Barniskis, and Rick Preston for the replies. Each gave me quite a bit of info and I'm still digesting it. I've been successful using ssh-agent, though I have to enter the passphrase each time I run my script. That's really only an annoyance now because I'm developing the script and have to enter it often. That goes away when the script is stable. I've been using ssh to login to my local machines for quite some time and never realized I didn't have it set up quite right, because it was asking for a passwd, which means all other means failed. What I did notice though, is that I can't login as root using ssh. I haven't found this mentioned in the man pages. Anybody know where it's documented, whether it can be changed, and would that be a colossal mistake? I mean, hey, it's a secure shell, why can't I login as root? The reason I want to use root is because I'm trying to scp /etc/master.passwd from each of my four machines so I can write them to a CD for backup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
Philip Hallstrom said: [description of postgrey snipped] The main advantage of this is that spammers and viruses have massive amount of email lists and just try to send it to as many people as possible. They are not going to wait and try to send the e-mail again, thus you effectively block many amount of spam and virus e-mail before it's even being processed by amavis / clamav / spamassasin, saving up system resources. This is also the problem with greylisting... some services only attempt to send the email once and if it fails, give up completely. I don't remember if postgrey comes with a whitelist of IP addresses or not, but I do remember seeing a list that included things such as Southwest Airlines ticket confirmations and some amazon stuff. Anyway, that's something to watch out for if it's relevant for you... Postgrey ships with a whitelist of legit servers that cause problems with greylisting. The list is extremely short. Keep in mind that servers that do not work well with greylisting are in violation of the Internet mail standards. They will never send mail reliably. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
Chad Leigh -- Shire.Net LLC said: On Jun 1, 2005, at 8:07 AM, Bart Silverstrim wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I don't run postifx and the thing I am about to mention I have not tried yet, but you may want to explore modifying your greylisting to be based on spamassassin results. I use exim as the mta and there is a thing called sa-exim that lets you run spamassassin at SMTP time so that you can reject mail if you want before you actually are finished receiving it. The author of sa- exim has modified it to do greylisting based on spamassassing scores generated at smtp time, so that you only greylist mail that is thought to be spam and do not inconvenience your regular users. Can you do spamassassin at smtp time with postfix? Yes you can. I recommend this. The postfix docs explain how to do it: http://www.postfix.org/SMTPD_PROXY_README.html I've used this technique and find it very helpful, as it makes bounce messages (caused by spam and viruses) nonexistent. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: postgrey question
On Jun 1, 2005, at 4:01 PM, Bill Moran wrote: Chad Leigh -- Shire.Net LLC said: On Jun 1, 2005, at 8:07 AM, Bart Silverstrim wrote: I've been looking into ways of improving our spam filtering. Currently I'm running postfix with amavisd-new (spamassassin and clamav), and saw an article on greylisting using postgrey. Turns out there's a port for it already in FreeBSD. I don't run postifx and the thing I am about to mention I have not tried yet, but you may want to explore modifying your greylisting to be based on spamassassin results. I use exim as the mta and there is a thing called sa-exim that lets you run spamassassin at SMTP time so that you can reject mail if you want before you actually are finished receiving it. The author of sa- exim has modified it to do greylisting based on spamassassing scores generated at smtp time, so that you only greylist mail that is thought to be spam and do not inconvenience your regular users. Can you do spamassassin at smtp time with postfix? Yes you can. I recommend this. The postfix docs explain how to do it: http://www.postfix.org/SMTPD_PROXY_README.html I've used this technique and find it very helpful, as it makes bounce messages (caused by spam and viruses) nonexistent. So, can you conditionally call the post_grey stuff based on this smtp- time spamassassin results? That would allow you to do what I described above, which allows you to minimize the downside of greylisting. Thanks bill! Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
--On Wednesday, June 01, 2005 17:57:56 -0400 Steven Friedrich [EMAIL PROTECTED] wrote: I've been successful using ssh-agent, though I have to enter the passphrase each time I run my script. That's really only an annoyance now because I'm developing the script and have to enter it often. That goes away when the script is stable. First you run ssh-agent screen. Then you run ssh-add, and, when prompted, type in your passphrase. What I did notice though, is that I can't login as root using ssh. I haven't found this mentioned in the man pages. You should *never* allow remote logins for root. You don't need it. Login using your own account and then use sudo or su - to perform functions that only root can perform. Anybody know where it's documented, whether it can be changed, and would that be a colossal mistake? You change it in the ssh config file, but don't. I mean, hey, it's a secure shell, why can't I login as root? The reason I want to use root is because I'm trying to scp /etc/master.passwd from each of my four machines so I can write them to a CD for backup. ___ scp the file to your home directory, then move it whereever you want to by using sudo or su -. Don't allow remote root logins. It's unwise. Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
Steven Friedrich [EMAIL PROTECTED] writes: What I did notice though, is that I can't login as root using ssh. I haven't found this mentioned in the man pages. Anybody know where it's documented, whether it can be changed, and would that be a colossal mistake? Try the sshd_config(5) manual. I mean, hey, it's a secure shell, why can't I login as root? Accountability. The reason I want to use root is because I'm trying to scp /etc/master.passwd from each of my four machines so I can write them to a CD for backup. You can do that without allowing root to get a shell from a remote system. Again, see the manual for the options available. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
I just want to add a little about allowing root login over ssh and using common user names as login names if I may. I just left an admin job where we were running a live server and I used to read the log files everyday. The number of brute force attempts to login in to sshd was staggering sometimes over 700 attempts in a day from many different locations.(usually script kiddies) I had the only user account so it wasn't my users making mistakes. 90%+ of the attempts were for the root account. The other 10% were for common names like steven, rick, and paul the list goes on. So I would recommend that you keep root login disabled and don't use common names for login names. Most people where setting up scripts to block the offending attacker. Not to mention every security document or site I have ever read has said Don't allow remote root login Thanks for letting me spew, Rick On 6/1/05, Steven Friedrich [EMAIL PROTECTED] wrote: Thanks to Nathan Kinkade, Roland Smith, Greg Barniskis, and Rick Preston for the replies. Each gave me quite a bit of info and I'm still digesting it. I've been successful using ssh-agent, though I have to enter the passphrase each time I run my script. That's really only an annoyance now because I'm developing the script and have to enter it often. That goes away when the script is stable. I've been using ssh to login to my local machines for quite some time and never realized I didn't have it set up quite right, because it was asking for a passwd, which means all other means failed. What I did notice though, is that I can't login as root using ssh. I haven't found this mentioned in the man pages. Anybody know where it's documented, whether it can be changed, and would that be a colossal mistake? I mean, hey, it's a secure shell, why can't I login as root? The reason I want to use root is because I'm trying to scp /etc/master.passwd from each of my four machines so I can write them to a CD for backup. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
On 2005-06-01 14:38, Nathan Kinkade [EMAIL PROTECTED] wrote: The poster is correct in that what you probably what to do is setup public-key authentication using ssh, however, I would highly recommend that you NOT use a blank passphrase for your private key. ssh-agent, a utility that I think comes standard with the openssh package [...] My strong agreement about *NOT* using empty passphrases. Indeed, ssh-agent comes with OpenSSH and it is a _MUCH_ better way of using SSH keys with non-empty passphrases. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: can't figure out ssh, read lots of docs...
On 2005-06-01 17:57, Steven Friedrich [EMAIL PROTECTED] wrote: Thanks to Nathan Kinkade, Roland Smith, Greg Barniskis, and Rick Preston for the replies. Each gave me quite a bit of info and I'm still digesting it. I've been successful using ssh-agent, though I have to enter the passphrase each time I run my script. That's really only an annoyance now because I'm developing the script and have to enter it often. That goes away when the script is stable. Save the output of ssh-agent's invocation somewhere, say in ~/.ssh/rc.agent: $ ssh-agent .ssh/rc.agent $ . .ssh/rc.agent Then, use ssh-add to load the keys to the background agent: $ ssh-add .ssh/id_dsa Other shells, even ones that are started from different sessions, much later, can source the ~/.ssh/rc.agent script and use the already loaded keys. Make sure you don't leave an ssh-agent running and leave for vacations or something though, because that defeats the entire non-empty password thing :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Gap of years = loss of memory!!
Hi This is the sort of thing I used to do regularly but not having done this task for a few years I feel the need to check up on the best way to deal with the circumstances described below. I have a freebsd system with the following hard drive configuration: $ df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad6s1a2536784480418858019%/ devfs 11 0 100%/dev /dev/ad6s1e25367815732217652 7%/tmp /dev/ad6s1f 148665266 18848290 11792375614%/usr /dev/ad6s1d253678 10702212636246%/var The full output from dmesg.boot is included as a postscript (all comments welcome). Its last two lines are: Opened disk da1 - 6 Mounting root from ufs:/dev/ad6s1a The motherboard is an Abit VA-20 with two SATA slots on the motherboard- SATA1 SATA2 /dev/ad6 is a 160G SATA hard drive currently connected to the SATA2 slot (dont know why!) (a) /dev/ad6s1d [ /var ] is far too small for my needs (b) With the development project I am embarking on /usr will also be small to hold the development files as well as other stuff. (c) I have therefore bought a new 200G SATA drive to add to the system. (d) I wish to allocate 40G to /var and (e) 160G to /dev (f) rename /var to /var.old (g) move /var.old to /var (h) have /var.old mounted as /logs (i) At the same time I also propose increasing memory from 1G to 2G which will hopefully speed up my compiling a little. OK so far .. now If I put the new drive onto SATA 1 with the exiting drive remaining on SATA2 the bios expects to boot from CD. Currently the bios is set to boot from HDD0 but if I change the bios to HDD1 it makes no difference. The system does not boot at all. Unless I have missed something it seems the bios cannot be set to allow boot from SATA2 if a drive is present on SATA1. If I put the existing drive onto SATA 1 with the new drive onto SATA2 then the root mount fails. The existing drive appears to be recognized as ad4 so if my recollection is correct the first step would be to alter /etc/fstab to read: /dev/ad4s1b noneswapsw 0 0 /dev/ad4s1a / ufs rw 1 1 /dev/ad4s1e /tmpufs rw 2 2 /dev/ad4s1f /usrufs rw 2 2 /dev/ad4s1d /varufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 and the system should mount OK??? IS that correct? I want to get this right first time (if possible!!) Then presumably I can (a) use sysinstall to add the new drive which should presumably mount as ad6? (b) Create partition ad6s1a (+/-40g) (c) Create partition ad6s1b (+- 160G) (d) I am inclined to use sysinstall to mount the first partition ad6s1a as /logs and (e) the second partition ad6s1b as /dev (f) reboot - resumably sysinstall will automatically add the entries to /etc/fstab and then I can (g) copy the contents of /var to /logs (h) switch the fstab entries for /var and /logs And I should boot up OK Is this a sound plan In light of the added memory should I modify the plan to allow for additional swap space on the new drive? Thanks in advance for any input David PS Here is dmesg.boot from the existing setup. Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Timecounter i8254 frequency 1193182 Hz quality 0 CPU: AMD Athlon(tm) (1593.54-MHz 686-class CPU) Origin = AuthenticAMD Id = 0x6a0 Stepping = 0 Features=0x383fbffFPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE AMD Features=0xc048MP,AMIE,DSP,3DNow! real memory = 1006567424 (959 MB) avail memory = 975376384 (930 MB) ACPI APIC Table: KM400A AWRDACPI ioapic0 Version 0.3 irqs 0-23 on motherboard npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface acpi0: KM400A AWRDACPI on motherboard acpi0: Power Button (fixed) Timecounter ACPI-fast frequency 3579545 Hz quality 1000 acpi_timer0: 24-bit timer at 3.579545MHz port 0x4008-0x400b on acpi0 cpu0: ACPI CPU (3 Cx states) on acpi0 acpi_tz0: Thermal Zone on acpi0 acpi_button0: Power Button on acpi0 pcib0: ACPI Host-PCI bridge port 0xcf8-0xcff on acpi0 pci0: ACPI PCI bus on pcib0 agp0: VIA Generic host to PCI bridge mem 0xd000-0xd7ff at device 0.0 on pci0 pcib1: PCI-PCI bridge at device 1.0 on pci0 pci1: PCI bus on pcib1 pci1: display, VGA at device 0.0 (no driver attached) pci0: network, ethernet at device 9.0 (no driver attached) fwohci0: Texas Instruments TSB43AB23 mem
Re: postgrey question
On Wednesday 01 June 2005 12:44 pm, Bart Silverstrim wrote: That's where I was a little confused (kirk? Insight, clarification?) because I thought that line would have it pass the message to another queue on port 10023 of the localhost, like the way Amavis runs. That's correct. I didn't know if that meant it would be running three postfix queues now or if it is just a misunderstanding on my part. Sort of, in a way, except that in theory any MTA (or other process) could use the amavis or postgrey ports, so they're not exactly Postfix-specific. -- Kirk Strauser pgpNV4tf3R1Et.pgp Description: PGP signature
portupgrade make options
Hello all, After issuing many make options to mplayer when installing, I noticed today that it can be updated. If I were to do a portupgrade -arR, would it remember the various options? I am sure this is a common question, but I could not find a resolute solution after reading the handbook and doing some searching online. I found that the primary answer is that portupgrade cannot deal with this. What I have found is that one can configure the MAKE_ARGS in pkgtools.conf somehow. I have also found that there is some other tool (penv) that is used to help out with this as well. What way is recommended? I know some ports save this configuration information in /var/db/ports/ (I am pretty sure that's the directory)... how can one force a port to save such information? Or, is mimicking those files one other way of doing what it is I wish? Any and all information on this would be greatly appreciated. I checked the man page with pkgtools.conf and did not see anything helpful. Thank you all for your assistance with this. -Anthony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
about 'mutt' attachment filename encoding
hi, firends: it's seen 'mutt' use the encoding specified in RFC2231 while send mail include attachment like this: filename*=gb2312''%D6%D0%CE%C4%2Etxt but 'outlook' and any other email programs use the encoding specified in RFC2047 like this: filename==?iso-8859-1?Q?file=5F=E4=5F991116=2Ezip?= 'outlook' decoding email attachment name is incorrect send by mutt, how to solve this problem? (how to send mail include attachment use mutt to make 'outlook' could decoding it correct?) (mutt version 1.5.8i) thanks for your help, have a good day! -- Give a man a fish, and you feed him for a day. Teach a man to fish, and you get rid of him on the weekends. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Lilypond and LaTeX
I haven't used Lilypond since last fall. Running the current port (lilypond-2.2.2) today, I get the following error message: * lilypond: error: LaTeX failed on the output file. lilypond: error: The error log is as follows: ! Undefined control sequence. argument \kern 098.0248\outputscale \embeddedps {000.0650 000.0650 -00.187... l.164 } % The control sequence LATEX output to `chorosClaves.latex'... TEX output to `chorosClaves.tex'... *** The ly file is one that I've run Lilypond on before, without problem. None of this means anything to me. I searched the archives but didn't see a bug report or any discussion of this problem. Is this a bug in the port? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Lilypond and LaTeX
On Wednesday 01 June 2005 20:02, the author Bob Hall contributed to the dialogue on- Lilypond and LaTeX: I haven't used Lilypond since last fall. Running the current port (lilypond-2.2.2) today, I get the following error message: * lilypond: error: LaTeX failed on the output file. lilypond: error: The error log is as follows: ! Undefined control sequence. argument \kern 098.0248\outputscale \embeddedps {000.0650 000.0650 -00.187... l.164 } % The control sequence LATEX output to `chorosClaves.latex'... TEX output to `chorosClaves.tex'... *** Its difficult to comment without having the file -- if you want to put the file on an ftp site I will run iot on my system and see what I get Freebsd 5.3 David -- 40 yrs navigating and computing in blue waters. English Owner Captain of British Registered 60' bluewater Ketch S/V Taurus. Currently in San Diego, CA. Sailing May/June bound for Europe via Panama Canal. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: New ports in -RELEASE
For ports I put the following in /usr/ports/sup and then do cvsup /usr/ports/sup *default host=cvsup.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=. *default delete use-rel-suffix *default compress ports-all Thank you, this worked perfectly. I guess this is one of those things that makes perfect sense once you understand it. All the books/website I was reading just make things to complex. The book I had lumped the source updating with port updating and had the horribly complex sups files. Thanks again ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: linux-realplayer-10.0.4/ XFree86-Libs Problems
From my post on Mon May 23... My problem is I want to fix linux-realplayer-10.0.4, when I try to run it I get the following error: /usr/local/lib/RealPlayer/realplay.bin: error while loading shared libraries: libatk-1.0.so.0: cannot open shared object file: No such file or directory On my system: huff@ dir /var/db/pkg | grep atk drwxr-xr-x2 root wheel 512 May 23 10:29 atk-1.9.1 drwxr-xr-x2 root wheel 512 May 23 10:28 linux-atk-1.2.0_2 Looks like you're missing a port Robert Huff Many thanks for the advice reinstalling linux-atk solved the problem. .However I now have the folwing problem, realplayer loads but the icons do not, I have pasted the console messages at the end of this email. I have seen simular posts about this but none with a solution that seems to work. (to recap I have now) Upgrated from linux_base-7 to linux_base-rh-9. (with portupgrade -o emulators/linux_base-rh-9 /var/db/pkg/linux_base-*) Ran the following command /usr/compat/linux/sbin/ldconfig /usr/compat/linux/lib /usr/compat/linux/usr/X11R6/lib usr/compat/linux/var /usr/compat/linux/usr/X11R6/lib/X11/locale/lib Installed /usr/ports/graphics/linux-gdk-pixbuf/ reinstalled linux-XFree86-libs I have tried the following (suggested in response to a previous question) /usr/compat/linux/usr/bin/gdk-pixbuf-query-loaders /usr/compat/linux/etc/gtk-2.0/gdk-pixbuf.loaders This gives Cannot load loader /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-jpeg.so Cannot load loader /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-png.so Cannot load loader /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-tiff.so I would be grateful for any advice, missing out on my BBC Radio. Please ask if more specific information is required. Many thanks Chris Dunne The console message is: Failed to load pixbuf file: /usr/local/lib/RealPlayer/share/realplay/icon.png: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/realplay/icon.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/pause.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/volume_mute.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/volume_off.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/volume_low.png' ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
re: linux-realplayer-10.0.4/ XFree86-Libs Problems
From my post on Mon May 23... My problem is I want to fix linux-realplayer-10.0.4, when I try to run it I get the following error: /usr/local/lib/RealPlayer/realplay.bin: error while loading shared libraries: libatk-1.0.so.0: cannot open shared object file: No such file or directory On my system: huff@ dir /var/db/pkg | grep atk drwxr-xr-x2 root wheel 512 May 23 10:29 atk-1.9.1 drwxr-xr-x2 root wheel 512 May 23 10:28 linux-atk-1.2.0_2 Looks like you're missing a port Robert Huff Many thanks for the advice reinstalling linux-atk solved the problem. .However I now have the folwing problem, realplayer loads but the icons do not, I have pasted the console messages at the end of this email. I have seen simular posts about this but none with a solution that seems to work. (to recap I have now) Upgrated from linux_base-7 to linux_base-rh-9. (with portupgrade -o emulators/linux_base-rh-9 /var/db/pkg/linux_base-*) Ran the following command /usr/compat/linux/sbin/ldconfig /usr/compat/linux/lib /usr/compat/linux/usr/X11R6/lib usr/compat/linux/var /usr/compat/linux/usr/X11R6/lib/X11/locale/lib Installed /usr/ports/graphics/linux-gdk-pixbuf/ reinstalled linux-XFree86-libs I have tried the following (suggested in response to a previous question) /usr/compat/linux/usr/bin/gdk-pixbuf-query-loaders /usr/compat/linux/etc/gtk-2.0/gdk-pixbuf.loaders This gives Cannot load loader /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-jpeg.so Cannot load loader /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-png.so Cannot load loader /usr/lib/gtk-2.0/2.2.0/loaders/libpixbufloader-tiff.so I would be grateful for any advice, missing out on my BBC Radio. Please ask if more specific information is required. Many thanks Chris Dunne The console message is: Failed to load pixbuf file: /usr/local/lib/RealPlayer/share/realplay/icon.png: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/realplay/icon.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/pause.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/volume_mute.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/volume_off.png' (realplay.bin:61030): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory. This indicates a bug in someone's code. You must ensure an error is NULL before it's set. The overwriting error message was: Couldn't recognize the image file format for file '/usr/local/lib/RealPlayer/share/default/volume_low.png' ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Are those services in inetd.conf(telnetd, ftpd) kerberized already??
Hi, I'm trying to configure a kerberos realm, and I have already installed heimdal on one FreeBSD5.4 machine and was able to run KDC daemon. I can already acquire a TGT and was about to test it using telnet. First, after acquiring a ticket granting ticket, I launched telnet on another machine with inetd running and telnetd enabled already in its inetd.conf.. However, my telnet client said the following: Trying KERBEROS5 (host/[EMAIL PROTECTED])... ] [ Kerberos V5 refuses authentication because krb5_sock_to_principal failed ].. Some of kerberos clients are already installed by default right? Ex., even without installing heimdal, I can still run kinit. How about those server daemons like telnetd?? Are they already built to accept a kerberos authentication? Why am I getting the above messages even if I use the telnet client inside /usr/local/heimdal/bin against the telnetd found inside /usr/local/heimdal/libexec -a user of the remote machine I am connecting to. And even if I use the default /usr/bin/telnet against /usr/libexec/telnetd -a user of the remote machine, I still get the same error above. Now if I pair a /usr/bin/telnet against the /usr/local/heimdal/libexec/telnetd -a debugon the remote computer, I still get the same error above but now with a warning: *** Connection not encrypted! Communication may be eavesdropped. *** and also the login prompt.. this time it is allowing me to login, only not encrypted, unlike when I use those pairings above which automatically exits upon failed authentication. Do you have any idea what's happening here? Thank you very much. -jay __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
web chat server
I want to implemet a web chat server on FreeBSD any one did that before can give me some tips Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
squid rc startup
I cannot get squid to startup automatically, and I'm lost. I've looked in the handbook and google'd this: Nothing is working. /etc/rc.conf does have squid_enable=yes. I can start squid manualy using /usr/local/etc/rc.d/squid.sh start Can someone give me a clue? Thanks, Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]