Re: Open Mail Relay
On Sat, Aug 14, 2010 at 8:29 AM, wrote: > > I have a machine running FreeBSD, sendmail and majordomo. I have someone who > is on one of those majordomo lists complaining that they are receiving spam > from me. The complainer says I have an open mail relay that I need to fix. Insufficient data. The person reporting the spam needs to provide you with a copy of the mail, including all headers, so you can see if it came from your server, or who sent it through your server. Most likely suspects are another list member's infected machine sending out spam to the list, or an outright forgery that never went through your server. > > I went to <http://www.abuse.net/relay.html>http://www.abuse.net/relay.html to > test the machine using its IP address. Abuse.net gives a clean bill of > health, saying relaying was denied in 17 separate tests. Then it's unlikely your server is an open relay. But you may need to add some spam filtering to your lists, or at least restrict posting to members only. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Setup Fail2Ban on FreeBSD
On Fri, Apr 23, 2010 at 12:49 PM, Bauer, Aaron J. wrote: > I am currently using FreeNAS 0.7 for a file server. I have multiple SSH > bruteforce attacks each week, and wish to use fail2ban to prevent this. > > I don't have much experience with BSD, and am having trouble getting > everything to work. I ran pkg_add -r python25 and pkg_add -r py25-fail2ban. > I now have all the files for Fail2Ban, and did the cp jail.conf jail.local as > the other distro's for linux use. > > However, how do I start using fail2ban? I have configured it for CentOS and > Ubuntu, and it starts in init.d. I don't know how to add it to /etc/rc.d to > get it to work correctly.. > add the line: fail2ban_enable="YES" to /etc/rc.conf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 8: Postfix policyd-weight not working!!!
On Thu, Apr 8, 2010 at 9:29 AM, perikillo wrote: > Hi people. > > I'm working in my first spam gateway, using Postfix + policyd-weight. > > I have 2 jails for this, the jail-A is the mail server, where the mailboxes > exist, they are on each user home directory: > > /home/user-1 > /home/user-2 > /home/user-3 > ... > /home/user-N > > This jail-A have samba+ldap=PDC, nss_ldap+pam_ldap working + > dovecot+postfix working to. > > id test > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) > id root > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator),512(Domain Admins) > > I can add users without a issue using smbldap-tools. > > I have test dovecot+postfix and I can send emails with that jail. > > Now I want to setup my spam gateway, is another jail called jail-B, I have > setup nss_ldap+pam_ldap to contact my PDC(jail-A) and is working: > > id user1 > uid=10002(user1) gid=513(Domain Users) groups=513(Domain Users) > id test > uid=10003(test) gid=513(Domain Users) groups=513(Domain Users) > > Now, the part is the one is not working is postfix+ policyd-weight. > > Went I test with other machine in the network using telnet, for some reason > once postfix accept the mail wants to send the email to the outside not > internally. I have setup transport to send the email jail-A but I don't see > any task doing this, check: > > Apr 8 07:02:01 filtro postfix/qmgr[6723]: 97002BB47C2: from=, > size=409, nrcpt=1 (queue active) > Apr 8 07:02:04 filtro postfix/smtpd[6727]: connect from filtro.X.org > [192.168.49.7] > Apr 8 07:02:31 filtro postfix/smtp[6725]: connect to X.org[X.Y.Z.W]:25: > Operation timed out > Apr 8 07:02:31 filtro postfix/smtp[6725]: 97002BB47C2: to=, > relay=none, delay=869, delays=839/0.03/30/0, dsn=4.4.1, status=deferred > (connect to X.org[X.Y.Z.W]:25: Operation timed out) You say that X.org should be delivered locally. Postfix doesn't think X.org is a local domain. > Apr 8 07:10:00 filtro postfix/sendmail[6763]: fatal: root(0): No recipient > addresses found in message header This appears that you've used "sendmail -t" to inject some mail, and there was no To: header. Don't rely on headers for mail routing. > > X.Y.Z.W --> Public address. > > My postfix settings are this: > > alias_maps = hash:/etc/aliases > command_directory = /usr/local/sbin > config_directory = /usr/local/etc/postfix > daemon_directory = /usr/local/libexec/postfix > data_directory = /var/db/postfix > debug_peer_level = 2 > home_mailbox = Maildir/ > html_directory = /usr/local/share/doc/postfix > inet_interfaces = all > local_destination_concurrency_limit = 2 > mail_owner = postfix > mailq_path = /usr/local/bin/mailq > manpage_directory = /usr/local/man > mydomain = X.org > myhostname = filtro.X.org You might want to add mydestination = $mydomain $myhostname localhost > myorigin = $mydomain > newaliases_path = /usr/local/bin/newaliases > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix > relay_domains = $transport_maps Bad idea. If you add a transport for eg. hotmail, you become an instant open relay. Don't reuse transport_maps this way. If mail is delivered locally on this box, relay_domains should be explicitly set empty. relay_domains = > sample_directory = /usr/local/etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = maildrop > smtpd_delay_reject = yes > smtpd_helo_required = yes > smtpd_recipient_restrictions = permit_mynetworks, > reject_unauth_destination, reject_non_fqdn_recipient, > reject_invalid_helo_hostname, check_policy_service > inet:[192.168.49.7]:12525 > soft_bounce = no > transport_maps = hash:/usr/local/etc/postfix/transport > unknown_local_recipient_reject_code = 550 > > Now, my transport file is: > > nis.X.org smtp:[192.168.49.6] ----->jail-A > > Is created: transport.db > > Another think, in the log I don't see went is touching "policyd-weight: > 12525" or this is just for the outside connections? Mail that's permitted by "permit_mynetworks" or submitted via the sendmail(1) interface won't trigger the policy server in your config. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
Add your client IP to the postfix debug peer list and follow up o the postfix users list On Mar 9, 2010 5:02 PM, "Jerry" wrote: On Tue, 9 Mar 2010 12:36:31 -0600 Noel Jones articulated: > Maybe you didn't have TLS enabled before? > > Anyway, this message caused by the other end disco... Hi Noel, I always had TLS enabled and it has always worked. I use Dovecot with TLS and it is not logging any errors. This whole thing started after I updated to FreeBSD-7.3 pre-release from version 7.2 last week. Every sending attempt produces this error although the mail does go through whether it is to someone on the same network or to an entirely different domain. Do you have any good idea how I can debug this? -- Jerry ges...@yahoo.com |=== |=== |=== |=== | The important thing is not to stop questioning. ___ freebsd-questions@freebsd.org mailing list http://l... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: warning: network_biopair_interop: error reading 5 bytes from the network: Connection reset by peer
On Tue, Mar 9, 2010 at 5:11 AM, Jerry wrote: > Since updating to FreeBSD 7.3-PRERELEASE, I am having problems with my > mail server. I have Postfix (2.7-20100117) installed. When sending, this > warning message appears in the mail log: > > warning: network_biopair_interop: error reading 5 bytes from the > network: Connection reset by peer > > When I posted this on the Postfix forum, Wietse Venema, the author of > Postfix, replied: > > Connection reset by peer (or error code ECONNRESET) means that the > other party hung up. > > This never happened prior to updating FreeBSD to FreeBSD > 7.3-PRERELEASE. Has anyone else experienced this or have a solution? > > -- > Jerry > ges...@yahoo.com Maybe you didn't have TLS enabled before? Anyway, this message caused by the other end disconnecting abruptly. If you just get it once in a while, it can be safely ignored. If you get it on every connection, your TLS is broken. If you get it fairly consistently with some specific client, maybe that client has a busted TLS implementation. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: [OT] ssh security
On Sun, Mar 7, 2010 at 3:25 PM, Angelin Lalev wrote: > Greetings, > > I'm doing some research into ssh and its underlying cryptographic > methods and I have questions. I don't know whom else to ask and humbly > ask for forgiveness if I'm way OT. > > So, SSH uses algorithms like ssh-dss or ssh-rsa to do key exchange. > These algorithms can defeat any attempts on eavesdropping, but cannot > defeat man-in-the-middle attacks. To defeat them, some pre-shared > information is needed - key fingerprint. > > If hypothetically someone uses instead of the plain text > authentication some challenge-response scheme, based on user's > password or even a hash of user's password would ssh be able to avoid > the need the user to have key fingerprints of the server prior the > first connection? Hypothetically, SSH could use a zero-knowledge authentication method such as SRP[1]. Until new code is written for ssh to take advantage of something like this, we're stuck with what's available. -- Noel Jones [1] http://srp.stanford.edu/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Supressing dd output
On Wed, Dec 23, 2009 at 10:19 PM, Rolf Nielsen wrote: > Hello everyone, > > I'm wondering if there's a way to supress the summary output from dd. I'm > working on a backup script, that encrypts the backups, and after encrypting > overwrites the unencrypted file several times using dd. I've tried to > redirect the output with 2>&1 > /dev/null but it doesn't work. Since I run > the script from the daily_local variable in periodic.conf, and the script > backs up 11 filsystems (ZFS) to separate files, the mail from periodic daily > gets ridiculously long, and most of it being dd summaries. > > I guess I could hack the source code of dd, but I'd prefer not to have to. > Has anyone got any ideas? > > Thanks in advance and Merry Christmas to all of you, > > Rolf Nielsen Order matters. dd ... >/dev/null 2>&1 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Simple Monitoring Of TCP/IP Question
On Wed, Dec 16, 2009 at 4:21 PM, Michael Goodell wrote: > Hello . . . > > Looking for a *simple* protocol monitoring solution to test connectivity of > various facets of a system, i.e. HTTP / HTTPS / POP3 / SMTP etc. I am not > looking, and don't want to install a *heavy* application like Nagios etc, > but rather something much more simple. > > I have seen checkservice (/usr/ports/sysutils/checkservice) in the past and > that looked quite simple to implement. Another question is there anything > more preferred that checkservice that anyone knows about? > > Thank you in advance for any direction. For a simple service/system monitor, monit may suit your needs. http://mmonit.com/monit/ ports/sysutils/monit -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Tailing logs
On Sat, Aug 23, 2008 at 10:07 AM, Chuck Robey <[EMAIL PROTECTED]> wrote: > DAve wrote: > >> DAve wrote: >> >>> I would love to have a way to tail a log, like piping to grep, except I >>> see every line and the lines I would normally grep for are highlighted. That >>> would be cool. Anyone know of a bash command or tool that will do this? >>> >>> Side note, I am tailing sendmail after changes to my outbound queue >>> runners. I want to highlight my sm-mta-out lines but still see all lines. >>> >>> DAve >>> >> >> Thank you all, I got what I needed! >> >> DAve >> >> I do this commonly to catch the lines with the word "Building" in them, > from a file "build.out: > > tail -F build.out | grep --color=always Building > > > When I get a free moment, I need to see about making that --color-always > the default. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > Look at ports/sysutils/multitail -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Hopefully an easy header rewriting problem for Postfix
On Dec 7, 2007 12:23 PM, Clint Olsen <[EMAIL PROTECTED]> wrote: > I essentially want to rewrite all envelope senders of the form: > > @host.my.domain > > to just > > @my.domain http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade Looks like exactly what you describe. Just set in main.cf: masquerade_domains = my.domain and then run "postfix reload" -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: telnet mydomain.ild 465 : connection closed
On 10/30/07, dhaneshk k <[EMAIL PROTECTED]> wrote: > > Hi all , pls hepl me to fix this issue > > > I followed this DOC > > > http://www.purplehat.org/?page_id=8 > > > Here while I am testing postfix setup at this point > > telnet localhost 25 : the OutPut obtained as described as in the > tutorial in the above link (This test SUCCESSFULL) > > BUT for telnet loclhost 465 I cant get the o/p as in tutorial > > > Here what I am able to getfor telnet localhost 465 > When you specify "-o smtpd_tls_wrappermode=yes" port 465 is tunneled through SSL and cannot be tested with telnet. The website you are looking at faked their test results. This automatically makes me suspicious of the rest of their how-to, but I didn't check anything else for accuracy. To test wrappermode TLS, use the "openssl s_client" command, which you can think of as an encrypted telnet for testing TLS connections. Try: $ openssl s_client -connect localhost:465 You will be presented with a couple screens of TLS handshake info, and then presented with the postfix 220 greeting banner. Also note that after you issue an EHLO command on port 465, the STARTTLS option won't be offered since TLS is already active. You can also test that TLS is working on port 25 (which requires the STARTTLS command) with: $ openssl s_client -connect localhost:25 -starttls smtp The above command issues the STARTTLS command for you and establishes an encrypted connection. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: telnet mydomain.tld 465 ERROR : connection closed
On 10/30/07, dhaneshk k <[EMAIL PROTECTED]> wrote: > > > Hi all , pls hepl me to fix this issue > > > I followed this DOC > > > http://www.purplehat.org/?page_id=8 > > > Here while I am testing postfix setup at this point > > telnet localhost 25 : the OutPut obtained as described as in the > tutorial in the above link (This test SUCCESSFULL) > > BUT for telnet loclhost 465 I cant get the o/p as in tutorial > > > Here what I am able to getfor telnet localhost 465 When you specify "-o smtpd_tls_wrappermode=yes" port 465 is tunneled through SSL and cannot be tested with telnet. The website you are looking at faked their test results. This automatically makes me suspicious of the rest of their how-to, but I didn't check anything else for accuracy. To test wrappermode TLS, use the "openssl s_client" command, which you can think of as an encrypted telnet for testing TLS connections. Try: $ openssl s_client -connect localhost:465 You will be presented with a couple screens of TLS handshake info, and then presented with the postfix 220 greeting banner. Also note that after you issue an EHLO command on port 465, the STARTTLS option won't be offered since TLS is already active. You can also test that TLS is working on port 25 (which requires the STARTTLS command) with: $ openssl s_client -connect localhost:25 -starttls smtp The above command issues the STARTTLS command for you and establishes an encrypted connection. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Named
On 8/25/07, Narek Gharibyan <[EMAIL PROTECTED]> wrote: > Has Anyone tried to use Named under windows? What are results? > I used bind on windows a couple years ago. Seemed to work as expected. Official binary packages for Windows are available from isc.org -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix/SpamAssassin Guru?
On 8/25/07, Eric Crist <[EMAIL PROTECTED]> wrote: > > On Aug 24, 2007, at 11:26 PMAug 24, 2007, Noel Jones wrote: > > [snip] > > > an easier way is to run spamassassin under the control of amavisd-new > > and let amavisd-new add address extensions such as user+spam and to > > let dovecot file the mail in a spam folder. > > Noel, > > Are you saying I just need amavisd-new installed and properly > configured? Is there something I need to tell dovecot? > > A bit more information in regards to where I can look for > documentation would be appreciated! > look in the amavisd-new, dovecot, and postfix docs for "recipient delimiter". Followup questions should go to the list for one of those projects. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Postfix/SpamAssassin Guru?
On 8/24/07, Peter Boosten <[EMAIL PROTECTED]> wrote: > > > Eric Crist wrote: > > On Aug 24, 2007, at 9:05 AMAug 24, 2007, Gerard wrote: > > > >> On August 24, 2007 at 09:32AM Eric Crist wrote: > >> > >> > > > > I've got Postfix with Dovecot and virtual users setup. What I'm looking > > for is some filtering based on the flags SpamAssassin sets, so that I > > can route any messages tagged as Spam to a Spam directory with a users > > maildir. > > Assuming you got SA running: > In my main.cf: > header_checks = regexp:/etc/postfix/header_checks > > > This is in my header_checks: > > /^X-Spam-Flag: YES/ REDIRECT [EMAIL PROTECTED] > > > Peter Note that REDIRECT acts on all recipients of a message, and cannot be customized per-user. In the above example, *all* tagged spam would be delivered to a single mailbox. OK if that's what you want. an easier way is to run spamassassin under the control of amavisd-new and let amavisd-new add address extensions such as user+spam and to let dovecot file the mail in a spam folder. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail question
On 7/26/07, Matthew Seaman <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Dylan Smith wrote: > > Eric Crist wrote: > >> On Jul 26, 2007, at 4:54 AMJul 26, 2007, Dylan Smith wrote: > >> > >>> I am currently on the last stages of setting up a FreeBSD 6.2-STABLE > >>> File and Network Application Server. One of my last tasks is to > >>> simple forward all mail from root out through my isp's SMTP(requires > >>> authentication) server and to an email account i have elsewhere. That > >>> is to say i have no purpose for a mail server other than to handle > >>> mail from things like periodic and to move that mail elsewhere. > >>> > >>> Can this be easily accomplished? If so are there any guides/how-to's? > >>> I have done a search around my usual BSD sites and books and found > >>> nothing that is easily modified to my circumstances. > > >> It can be done, but it's a PITA with Sendmail. Look into > >> /usr/ports/mail/ssmtp. We use it on our systems here where we need to > >> simply get root's email off the box. Simple configuration file, works > >> well. > > > Thanks for that little suggestion. > > Would this mean that i could just disable sendmail > > totally(sendmail_enable="none")? > > Hmmm... no one seems to have cottoned onto the 'requires > authentication' statement in the original message. As far as I can > tell, ssmtp only allows authentication via the use of cryptographic > certificates -- which is probably the most secure way of doing > authentication but also tends not to be supported on many mail > systems. a fairly simple mail client that supports authentication: http://msmtp.sourceforge.net/ -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DomainsKeys/DKIM with Postfix - Questions
On 5/7/07, PeterPluta <[EMAIL PROTECTED]> wrote: I'm currently running FreeBSD 6.2, Postfix, Amavisd-new, Spamassasin, Dovecot, and ClamAV for my mail setup. I've been meaning to add Domain Keys/DKIM for a while now, but I don't really know where to start. I understand the basic concept, but it seems a bit confusing as you get into it. Has anyone here sucessfully set it up? I've been following this guide http://www.ijs.si/software/amavisd/a...docs.html#dkim and found the confusion to start when they recommend using both Domainkeys and DKIM. I thought DKIM is a replacement for the older Domain Keys? I've noticed Gmail has both Domainkey and DKIM headers. What the point of using both? Also, can I send mail from virtual domains I have without the DNS check being invalid? Say I send mail with a TO: [EMAIL PROTECTED] and my mailserver's hostname/domain is mail.mydomain2500.com, will that be rejected? The port for DKIM seems to be broken too! :( I'd appreciate someone chiming in. Cheers, Ferrarislave I have a similar setup to yours, I use both DKIM and DomainKeys with my postfix installation. I just followed the MILTER_README included with postfix and the INSTALL instructions that came with dkim-miler, but I've read the instructions you mention and they are correct also. I use both DKIM and DomainKeys because many providers still only recognize DomainKeys. As more folks move to DKIM, I'll eventually be able to drop DomainKeys. As for virtual domains, you can define for each domain if it is to use DKIM. They can all share the same private/public key files, but each domain must have its own DNS entry defining DKIM/DomainKeys usage and public key. Start with one domain using DKIM as a test, then add more as you get familiar with it. It won't cause problems to have a subset of your domains using DKIM. When I built mine a few months ago, I built both dkim-miler and dk-milter from source downloaded from sourceforge since the ports were a few versions behind at the time and the ports packages seemed very sendmail-specific - no surprise there. Haven't looked at the ports status of these two lately. I do know that dk-milter-0.5.0 and dkim-milter-0.6.6 both built easily from source and don't require any patching to work correctly with postfix (older versions needed some minor patches). I notice dkim-milter-0.7.0 was just released yesterday, haven't tried it yet. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: completly remove (or modify) a port
On 4/18/07, Ray <[EMAIL PROTECTED]> wrote: Hello all, I have been trying to work with postfix from the ports collection. I need to rebuild it to include mysql support. I tried #make deinstall but a subsequent #make install doesn't give me the options screen. try "make config" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: export nfs to a host with dynamic IP address
On 3/18/07, Zhang Weiwu <[EMAIL PROTECTED]> wrote: Maybe this is not possible, but can I export NFS share to a host that have dynamic IP address? My office server export an NFS share folder to several local desktop computers. I often need to access these NFS share from my home computer, which have dynamic IP address. I do have a fixed domain name, myhome.ods.org always have a "A" dns record pointing to my home computer. Having dynamic IP address never caused a problem for me because, as I said I have fixed domain name (updated with ez-ipupdate) but when it comes to NFS it is a problem. If I write my fixed domain name in /etc/export I wouldn't be able to mount that share. NFS server seems to check the IP address that wish to connect to it, reverse lookup its domain name, and compare it with what's written in /etc/exports. For me it doesn't work because my dynamic IP address cannot reverse resolve to my fixed domain address. So, is there a network file system that can work for my case? I never tried NFS SSL authentication things because after a google search it looks quit complex to install and configure: but if that's the only way to go I'll start to learn it. I also know samba can provide authentication so I don't have to rely on IP address to control access. However I never set up samba server before: also I would do it if that's the only way to go. Any suggestions? Thanks a lot in advance. Set up OpenVPN from ports/security/openvpn and export NFS to the VPN tunnel address. OpenVPN is secure, fairly easy to configure, and works well with dynamic IP. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ssh public key authentification
On 1/18/07, Christian Baer <[EMAIL PROTECTED]> wrote: The whole thing should be pretty trivial: I created a key using PuTTY, copied the public key to ~/.ssh/authorized_keys (everthing in one line), chose the private key in PuTTY and tried to log in. All I got in response was: "Server refused out key." Did you copy the displayed "Public key for pasting into OpenSSH" from PuttyGEN, or did you paste the actual contents of the public key? Putty's on-disk format for public keys is not compatible with OpenSSH. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Load balancing outgoing mail relay
On 1/17/07, Charles Trevor <[EMAIL PROTECTED]> wrote: What happens if you do multiple dig/nslookups for smarthost.domain.tld. Are the records returned in a different order each time? If not the problem may be at the NS. Nope. Postfix shuffles equal-weight MX records internally, so it doesn't matter what order the NS presents them. Multiple A records without an MX record (or when MX lookups are suppressed) are treated as equal-weight MX records per RFC. This is likely a postfix configuration problem. The original poster should seek further help on the postfix-users list. http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Load balancing outgoing mail relay
FreeBSD 6.2 with Sendmail (initially) and now postfix. MS DNS with round robin (and TTL set to 0 on the records). Resolving with nslookup gives something like: smarthost.domain.tld 192.168.0.1, 192.168.0.2, 192.168.0.3 If I kill 192.168.0.1 then it goes on the second one. But this is failover, and I need (approximately) load balancing. Postfix will always internally shuffle equal-weight MX records (or multiple A records if there is no MX). I think sendmail does this also. This will not give strict round-robin use of the smarthosts, but over thousands of messages will give an equal share to each host. It sounds as if the host has primary/secondary MX records and you haven't disabled MX lookups for the relayhost. Use in main.cf relayhost = [smarthost.domain.tld] As documented, the brackets are required to disable MX lookups. You may want to adjust initial_destination_concurrency_limit and default_destination_concurrency_limit if your smarthosts will allow more than the default 20 connections. If sending small amounts of mail, postfix connection caching may interfere with observed load sharing. You may want to turn off smtp_connection_cache_on_demand if sending small amounts of mail, but leave it on if sending thousands of messages at a time. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: a bit OT - VPN+Windows
On 1/8/07, Rob Hurle <[EMAIL PROTECTED]> wrote: On Mon, 8 Jan 2007, Wojciech Puchar wrote: > could You put me to some manual about configuring any king of VPN (with > encryption at least, preferable compression too) with windows machines as > clients and FreeBSD as servers. > OpenVPN gets my vote as an easy to use cross-platform VPN. Runs on just about everything. Compression is available, password or certificate based authentication, high level encryption, NAT and firewall friendly. The add-on windows GUI makes installation and setup easy for non-unix types. /usr/ports/security/openvpn docs and good sample configs: http://openvpn.net/ windows gui: http://openvpn.se/ -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to prevent users from receiving email
On 8/19/06, Giorgos Keramidas <[EMAIL PROTECTED]> wrote: On 2006-08-19 19:21, Bill Moran <[EMAIL PROTECTED]> wrote: > > Apparently my memory is useless and I've lost the ability to use > google as well. > > I just added a user account to a mail server, but I don't want that > user to receive mail on that server. It's running Postfix. > > I seem to remember a canonical method for preventing certain users > from receiving email. But my memory has failed, and I can't seem > to find anything on google. > > Is it an /etc/aliases trick? You can use the Postfix `access' map for this. You can enable an `access' map in Postfix by setting in your `main.cf' file: smtpd_client_restrictions = \ check_client_access hash:/usr/local/etc/postfix/access Then, in `/usr/local/etc/postfix/access' put: [EMAIL PROTECTED] REJECT and run `postmap' on the `access' file: # postmap /usr/local/etc/postfix/access Reload Postfix and off you go :-) There are other reject options too, which offer more fine-grained control of the SMTP error codes and the text of the error messages Postfix will return. See, for example: http://www.postfix.org/access.5.html Close. But check_client_access is unlikely to be effective matching a recipient address. Use check_recipient_access instead. There are lots of examples on the postfix-users list. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: vacation for postfix
On 4/27/06, albi <[EMAIL PROTECTED]> wrote: > > hi, > > i'm running a few mail-servers and 1 of my users asked for a vacation-option > > after some searching it looks like the vacation is part of the default > sendmail-install on FreeBSD 5.4, i'm using postfix however (and don't > have sendmail installed), will it work fine with postfix ? Yes, it will work fine as long as these are local (not virtual) users each with their own home directory. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: chown confusion
On 4/27/06, Huy Ton That <[EMAIL PROTECTED]> wrote: > Okay I'm feeling like an idiot now, if i chowned a directory such that > > user 'x' had the ownership of a given directory and was in group 'alpha' > > user 'b' needed to add files to the said directory and was in group 'alpha' > > now I know usually you do chown :groupname or chown > user:groupname to change ownership however... > > I can limit a directory to only a user, but I want to limit it not at a user > level, but at a group level such that all users in a group can write to a > file. > > An option to remove ownership perhaps chown -:groupname does this make > sense? Sounds as if you want to change the permissions to allow group read/write of the directory, at which point the owner won't matter. You probably want something like: # chgrp groupname dirname # chmod ug+rwx dirname http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/permissions.html -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: AND COBOL
On 3/7/06, Bob Hall <[EMAIL PROTECTED]> wrote: > ... > I couldn't figure out how to fit ALGOL in there. Ain't life a PISTOL? > After that, I need a Tylenol... -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: awk question
On 3/6/06, Bart Silverstrim <[EMAIL PROTECTED]> wrote: > I'm totally drawing a blank on where to start out on this. > > If I have a list of URLs like > http://www.happymountain.com/archive/digest.gif > > How could I use Awk or Sed to strip everything after the .com? Or is > there a "better" way to do it? I'd like to just pipe the information > from the logs to this mini-script and end up with a list of URLs > consisting of just the domain (http://www.happymountain.com). > | cut -d / -f 1-3 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: switching timezone within crontab?
On 3/3/06, Danny Howard <[EMAIL PROTECTED]> wrote: > Hey, > > So, we have systems running in Eastern and Pacific time zones as their > local time, not to mention DST. So, we like to schedule a few things > with UTC to save our sanity. > > If a system is not running UTC as its locale, but I want to schedule a > UTC cron job in crontab, is it sufficient to put a little: > TZ=UTC > Right before the job? > Pretty sure the above will only set the timezone for your job, and not alter the schedule time. But I don't know a solution to your problem. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Redirecting Traffic with PF
On 2/24/06, Frank Staals <[EMAIL PROTECTED]> wrote: > Hey, > > I have an FreeBSD server/firewall running 5-Stable with PF. I want to > redirect all udp traffic on port 27902 from the internet to a computer > in my network. I used this rule but I have some problem with it: > sometimes connections on that port are refused and I can't connect with > other players ( it's for a online game ) : > > rdr on $extif inet proto udp from any port 27902 -> 192.168.2.11 port 27902 > > I think the problem might have something to do with the different > network interfaces since the traffic is comming in on $extif and has to > go to an computer connected to $intif ? And how can I do that ? Can I > change it to: > > rdr on $extif inet proto udp from any port 27902 -> $intif 192.168.2.11 > port 27902 > > ? Or what do I have to do to fix it. > > Thanks in advance, > > -- > -Frank Staals > > I think you want something like rdr on $extif inet proto udp from any to self port 27902 -> 192.168.2.11 port 27902 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Syslog
On 2/15/06, Peter Ankerstål <[EMAIL PROTECTED]> wrote: > Hello, > > I'm trying to get syslog to log on a remote host. This part is really > not a problem, but when I try to define at the "loghost" to which files > i want to log my incoming logs I don't get anything to work. I cant find > anything in the manual either. > > I've tried this: > +sphere > *.* /var/log/sphere/messages > Read the syslog.conf and syslogd man pages carefully, they contain all the info you need. You probably need to adjust the syslogd entry in /etc/rc.conf to remove the -s option, and add -a RemoteIP. Then stop and restart syslogd before continuing your test. You also likely need to clear the "program specification" in syslog.conf by using: !* +sphere *.* /var/log/sphere/messages -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: sshd possible breakin attempt messages
On 2/6/06, Brad Gilmer <[EMAIL PROTECTED]> wrote: > Hello all, > > I guess one of the banes of our existance as Sys Admins is that people are > always pounding away at our systems trying to break in. Lately, I have been > getting hit with several hundred of the messages below per dayin my security > report output... > > gilmer.org login failures: > Feb 5 11:18:17 gilmer sshd[78078]: reverse mapping checking getaddrinfo for > 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! > Feb 5 11:18:18 gilmer sshd[78080]: reverse mapping checking getaddrinfo for > 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! > Feb 5 11:18:20 gilmer sshd[78082]: reverse mapping checking getaddrinfo for > 206-171-37-232.ded.pacbell.net failed - POSSIBLE BREAKIN ATTEMPT! > > I am running FreeBSD 5.4 RELEASE, and right now this box is not a production > machine, but I am going to be taking it live fairly soon. Questions: > > 1) Is there anything I should be doing to thwart this particular attack? The POSSIBLE BREAKIN ATTEMPT message is caused by a failed reverse DNS lookup, and will happen with legit logins too if you have no reverse DNS. You can silence this particular message by adding to your /etc/ssh/sshd_config: UseDNS no To prevent attackers from hammering away at your server, try ports/security/bruteforceblocker Bruteforceblocker by default adds an abusive IP to the a pf firewall blacklist, but can be very easily modified for IPFW or adding a null route. > 2) Given that I am on 5.4, should I upgrade my sshd or do anything else at > this point to make sure my machine is as secure as possible? Just keep up with the version 5 security patches. > 3) (Meta-question) - Should I upgrade to 6.0 before I go live to be sure I > am in the best possible security situation going forward? Should I wait > until 6.1 for bug fixes (generally I am opposed to n.0 anything). Your call. Base your decision on what features you need. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: RAM check
On 1/26/06, Philip Juels <[EMAIL PROTECTED]> wrote: > I'm running into random seg faults during KDE and Gnome compilation, and > I and others on the list suspect faulty RAM. Are there any utils out > there that can test/diagnose RAM (aside from the laughable BIOS POST). > http://www.memtest86.com/ http://www.memtest.org/ -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: How to have sshd log IP numbers instead of reverse lookups
On 11/24/05, James Long <[EMAIL PROTECTED]> wrote: > I was looking at /var/log/auth.log and saw an entry of the form: > > Nov 24 18:41:37 ns sshd[58083]: error: PAM: authentication error for username > from example.com > > I wish to have an IP number logged where sshd has instead logged > 'example.com' > > Reading sshd's man page and sshd_config's man page, I don't find any > way to control this. > > Since 'example.com' could have multiple IP numbers, how can I change > sshd's configuration to log the IP number from whence the > authentication error originated? > > I believe adding UseDNS no to sshd_config will do what you want. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Is there a Data Communications Program Native to FreeBSD?
On 10/22/05, Bob Perry <[EMAIL PROTECTED]> wrote: > Hello, > > I'm running FreeBSD 5.4 and just installed HylaFAX. I'm just curious if > there is a data communications program native to FreeBSD that I could > easily install and run that would facilitate configuration of my > modem? > tip and cu are part of the base system and should work for manually setting modem parameters. If you want something more sophisticated, ports/comms has several. I've used ecu and kermit for various projects in the past. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bruteforceblocker + PF
On 10/6/05, Enrique Ayesta Perojo <[EMAIL PROTECTED]> wrote: > El Miércoles, 5 de Octubre de 2005 21:53, Noel Jones escribió: > > > I'm going to assume this is just a small part of your pf.conf, because > > the part you show doesn't allow any internet access. Maybe you should > > show us your entire pf.conf. > This simple pf config should work. > No, i don't see any of these messages, the only message i see is the start of > the log: > > !!! log started at Wed Oct 5 18:53:23 2005 !!! > I manually installed bruteforceblocker 1.1 (later noticed it's in ports/security) and when it starts, it looks like: --- log started at Wed Oct 5 13:13:01 2005 --- So it appears that your software is different from mine. Are you also seeing sshd logging information about failed and accepted login attempts? One thing I did notice was that all the lines in the bruteforceblocker.pl script ended with ^M. So I used vi to remove them. I don't know if that is part of your problem or not, but it's something you might check. FWIW, after making the suggested change to my syslog.conf file and editing the file locations in the bruteforceblocker.pl script, it worked first try here. The only other suggestion I have is to check your /etc/syslog.conf changes. Find the line that looks like: auth.info;authpriv.info/var/log/auth.log and change it to: auth.info;authpriv.info | exec /usr/local/sbin/bruteforceblocker.pl -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bruteforceblocker + PF
On 10/5/05, Enrique Ayesta Perojo <[EMAIL PROTECTED]> wrote: > Hello, i'm trying to install the bruteforceblocker script to stop ssh attacks, > but i'm having a problem with PF because it seems not to block the attacker > ip. > > The machine is connected to internet and has some needed services for the LAN, > so i want to log and block only outside attacks. > > The bruteforceblocker script seems to be working, because i can read the > initial time of it at /var/log/auth.log, so i think the problem may be at my > pf configuration. > > Any help? > > Thanks a lot > > /etc/pf.conf > table persist file "/var/log/bruteforce" > > # options > set block-policy return > set loginterface $ext_if > > # scrub > scrub in all > > # filter rules > block all > > pass quick on lo0 all > > pass in on bge0 from 10.200.62.0/24 to 10.200.62.17 > pass out on bge0 from 10.200.62.17 to 10.200.62.0/24 > > block in log quick inet proto tcp from to any port ssh I'm going to assume this is just a small part of your pf.conf, because the part you show doesn't allow any internet access. Maybe you should show us your entire pf.conf. Do your rules display as expected? # pfctl -s rules Did you reload pf after you edited pf.conf? # pfctl -f /etc/pf.conf Are you testing this from outside the 10.200.x.x network? In your auth.log do you see bruteforceblocker messages such as: 220.92.126.217 was logged with total count of 1. when an ssh login fails? And then after $max_attempts is exceeded you should see: IP 202.92.126.217 reached the maximum number of failed attempts!!! Adding IP to the firewall... -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ntp problem :(
> > Hmm, pinging from here I see that ntp.imag.fr = imag.imag.fr = > 129.80.30.1 so if you can ping that address then you have low level > connectivity. One possibility is that something in the middle is Apparently ntpdate is trying to use the IPv6 address that ntp.imag.fr publishes. I don't know how to tell ntpdate to use only IPv4 addresses, so a workaround is to use the IPv4 address directly. ntpdate -v 129.88.30.1 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: script advice
On 9/14/05, John Williams <[EMAIL PROTECTED]> wrote:
> Dear List,
> I have a requirement for a maximum of one user logged in at any given time.
> Following is a .profile script I wrote to enforce the requirement. The
> problem is that when the script runs, sometimes the user trying to login is
> identified as logged in and sometimes he/she is not identified as logged in.
> I.e., there is a race condition between script execution and login
> completion. Any advice for how to make it work properly? The brute force
> way is to loop on waiting for the user to be logged in, as identified by the
> who command, and then check the time of the login so as not to be confused if
> the user is already logged in. Is there a better way? Thanks!
>
Exclude the users own tty.
TTYDEV=`/usr/bin/tty`
TTY=`/usr/bin/basename $TTYDEV`
USERS=`/usr/bin/who | /usr/bin/grep -v "$TTY"`
[ -z "$USERS" ] && {
echo Other users logged on!
echo $USERS
echo logging out...
logout
}
--
Noel Jones
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: problem with email...
On 8/31/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello, > > Thank you in advance for your help. My name is Karen Donathan and I am the > Computer Science teacher at George Washington High School in Charleston, WV. > (http://gwhs.kana.k12.wv.us). We have been running FreeBSD on our webserver > for abuot 5 years. > > Over the summer, I recently began getting "fake" email messages from [EMAIL > PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED], etc. etc. > etc. The subject line is always something like "YOUR ACCOUNT IS > SUSPENDED", "You have successfully updated your password", etc. > Each of these contain an attachment, so I know that a virus is trying to get > into our server. I need some suggestions on what to do to make this stop. > The general answers are: - add a virus scanner to your mail server (clamav works well) - reject mail with invalid local sender addresses - add some spam controls to your mail server Specific answers depend on what mail software (sendmail? postfix? exim? qmail? something else?) you are using and how strict rules you can apply. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postgrey question
On 6/1/05, Kirk Strauser <[EMAIL PROTECTED]> wrote: > On Wednesday 01 June 2005 12:44 pm, Bart Silverstrim wrote: > > > That's where I was a little confused (kirk? Insight, clarification?) > > because I thought that line would have it pass the message to another > > queue on port 10023 of the localhost, like the way Amavis runs. > > That's correct. > > > I didn't know if that meant it would be running three postfix queues now > > or if it is just a misunderstanding on my part. > > Sort of, in a way, except that in theory any MTA (or other process) could use > the amavis or postgrey ports, so they're not exactly Postfix-specific. > -- > Kirk Strauser > > > The above is wrong. The postfix policy service only passes the envelope information (client IP, HELO, MAIL FROM, RCPT TO) to the policy daemon (postgrey in this instance), not the message itself, and expects a standard postfix access table action in reply, such as DEFER, REJECT, DUNNO, etc. No queue is involved. The postfix policy service is postfix-specific and not likely useful with other MTAs unless/until they specifically add support for this type of access map. This is very different from amavisd-new which expects to receive the entire message via SMTP from postfix. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to find files less than a day old?
> > > FreeBSD box that I am connected to. I think it may be a Solaris 9 box.
> > > Is there any way to get this to work in Solaris?
> > >
> >
> > Maybe the solaris find command supports the -newer option. I think
> > -newer is more widely supported, and likely to be available on
> > Solaris.
> >
> > If necessary, you could then create a reference file using touch with
> > the proper time stamp on it. You can do this automatically within a
> > script, using the date command to figure out the current time. You
> > can calculate the time one hour ago by using a command something like
> > TZ={your timezone 1} date
> >
> >
> > --
> > Noel Jones
> >
> Is there a way that I could do this without using find? I basically just
> need a listing of files to pipe to cat. Is there any easier way to do
> this? If there isn't, could you explain in more explicit email how to
> this?
>
> /Brian
>
Here's some commands that should be pretty portable.
touch `TZ=CST7CDT date "+%m%d%H%M"` /path/to/file
find . -newer /path/to/file -type f | xargs cat > tmp.txt
Adjust the value of TZ to give the proper time in your locale. I'm in
Central Standard Time, which is normally expressed as CST6CDT, so I
added one to get "CST7CDT". This creates a file stamped exactly one
hour ago that find can use as a reference.
An alternative would be to write something in perl or your programming
language of choice.
HTH...
--
Noel Jones
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to find files less than a day old?
On Tue, 29 Mar 2005 14:11:45 -0600 (CST), Brian John
<[EMAIL PROTECTED]> wrote:
> > On Tue, 29 Mar 2005 13:02:37 -0600 (CST), Brian John
> > <[EMAIL PROTECTED]> wrote:
> > > Hello,
> > > I'm trying to write a script to concatenate a bunch of files.
> Basically I
> > > want to grab a bunch of files out of a directory that are less than an
> > > hour or so old and put them in one file.
> > >
> > > This is what I am using so far:
> > >
> > > find . -mtime -1 -type f | xargs cat > temp.txt
> > >
> > > However, this only grabs files that are less than a day old, so I get
> some
> > > files returned that I don't want. I tried using -0.5 instead of -1
> and it
> > > didn't work. How can I accomplish this?
> > >
> >
> >
> > find . -mtime -1h -type f
> >
> > man find
> >
> >
> > --
> > Noel Jones
> > ___
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> >
> >
> I read the man page and didn't see that. It doesn't appear to work on the
> box that I am ssh-ing to. Sorry, I should have mentioned that it is not a
> FreeBSD box that I am connected to. I think it may be a Solaris 9 box.
> Is there any way to get this to work in Solaris?
>
Maybe the solaris find command supports the -newer option. I think
-newer is more widely supported, and likely to be available on
Solaris.
If necessary, you could then create a reference file using touch with
the proper time stamp on it. You can do this automatically within a
script, using the date command to figure out the current time. You
can calculate the time one hour ago by using a command something like
TZ={your timezone + 1} date
--
Noel Jones
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to find files less than a day old?
On Tue, 29 Mar 2005 13:02:37 -0600 (CST), Brian John <[EMAIL PROTECTED]> wrote: > Hello, > I'm trying to write a script to concatenate a bunch of files. Basically I > want to grab a bunch of files out of a directory that are less than an > hour or so old and put them in one file. > > This is what I am using so far: > > find . -mtime -1 -type f | xargs cat > temp.txt > > However, this only grabs files that are less than a day old, so I get some > files returned that I don't want. I tried using -0.5 instead of -1 and it > didn't work. How can I accomplish this? > find . -mtime -1h -type f man find -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postfix on FreeBSD
On Wed, 9 Mar 2005 17:45:34 + (UTC), Christopher Nehren <[EMAIL PROTECTED]> wrote: > On 2005-03-09, Paul Schmehl scribbled these > curious markings: > > Should be: > > postmap hash:/usr/local/etc/postfix/access > > Really? I've updated hash files (not access, but canonical and > transport) without the hash: prefix and they've worked fine. Taking a > look at the top of those files even shows the usage without the hash: > prefix (access included). > > Best Regards, > Christopher Nehren If you don't specify the database type, postfix will use the defined default_database_type Unless you are using multiple database types, you don't need to specify this. -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: postfix restrictions error
- Original Message - From: "dave" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 25, 2003 9:59 PM Subject: postfix restrictions error > Hello, > I'm trying to implement the below restrictions on my postfix 2.0.16 > system. I am getting the error: > "Missing '=' after attribute 'permit_mynetworks'" on a line number > I copied these verbatum from a site, i do not understand what is up. > Thanks for any help, it's probably just the late hour. > Thanks a lot. > Dave. > > # uce values > strict_rfc821_envelopes = yes > smtpd_etrn_restrictions = permit_mynetworks > smtpd_helo_required = yes > smtpd_helo_restrictions = > permit_mynetworks, > reject_unauth_pipelining, > reject_invalid_hostname > reject_maps_rbl > maps_rbl_domains = > sbl.spamhaus.org, > relays.ordb.org, > opm.blitzed.org, > dun.dnsrbl.net, > spam.dnsrbl.net > smtpd_sender_restrictions = > reject_non_fqdn_sender, > reject_unknown_sender_domain > smtpd_recipient_restrictions = > permit_mynetworks, > reject_unauth_destination, > reject_non_fqdn_recipient > Lines to be included in a parameter must be either all on the same line or indented with spaces. The comma is optional. examples: smtpd_helo_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_invalid_hostname reject_maps_rbl maps_rbl_domains = sbl.spamhaus.org relays.ordb.org opm.blitzed.org dun.dnsrbl.net spam.dnsrbl.net -- Noel Jones ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
