Re: sk or em
On Sunday 15 April 2007 22:30, Stuart Henderson wrote: > On 2007/04/15 20:27, Chris C. wrote: > > I'm in the need to replace my two 100mbit fxp nic's in my firewall with a > > 1000mbit one. The hardware is kinda old. (PIII) > > I'm looking for an inexpensive but not bad (so I think no realtek chips) > > nic. Have looked at sk and bge, but couldn't find any bge nics at my > > local vendors. So... which driver to go? sk? em? > > Modern Realtek re(4) are not really a problem, they do IPv4 TCP > checksum offload, HW vlan tagging, and are a better design than the > rl(4). They only handle jumbo frames up to 7.5k, but if jumbo > support was a big issue you'd probably have mentioned it already > (and even 2k would cover many of the reasons you'd want jumbos). > > I'd still go for the sk(4) if they were the same price - this is > fairly possible, unlike em(4) which will almost certainly cost more > than re(4) - but don't worry about it, pretty much anything you > pick up is likely to work fine. Thanks, will go and get some sk's. Greetings Chris
Re: sk or em
On Monday 16 April 2007 01:26, Chris Cappuccio wrote: > Chris C. [EMAIL PROTECTED] wrote: > > Hi, > > > > I'm in the need to replace my two 100mbit fxp nic's in my firewall with a > > 1000mbit one. The hardware is kinda old. (PIII) > > I'm looking for an inexpensive but not bad (so I think no realtek chips) > > nic. Have looked at sk and bge, but couldn't find any bge nics at my > > local vendors. So... which driver to go? sk? em? > > I really think this has been discussed before so if someone could just > > give me some keywords to search for in the archives I'd be lucky. > > > Get a server board from Asus, Supermicro or Tyan that has dual on-board > gigabit NICs. They will link back to the main bus with separate, PtP PCIe > links to each NIC and you will have a screaming system. I use one NIC on > an Asus P5MT-M connected to a vlan-capable switch for some higher volume > routers and it works great. Each NIC has one 1x PCIe link to the chipset, > which provides plenty of bandwidth for full-duplex gigabit ethernet > communication. Well... that is totally out of budget. That is a private system, we don't need full line speed. Thanks Chris
Re: OpenBSD/alpha Status
On Apr 15, 2007, at 4:37 PM, Chris Cappuccio wrote: Don't lament, I didn't mean to sound like I was lamenting. OpenBSD/armish is a much more interesting platform and I plan on add a Thecus N2100 to my servers soon. 1. There is a potential fix for "the alpha bug" coming up Very good! I'm glad to hear that. 2. The cats boards are junk, you didn't want them anyways, As reported by miod@ "Make it clear that it was the hardware which turned out to be unreliable, not the software (and after having a cats board catch fire here, I dare you to prove me wrong... how can a I-need-no-watts-really board catch fire?)" That's horrible. I don't think I will leave my cats boards unattended after hearing that. Bryan
Re: OpenBSD/alpha Status
On Apr 15, 2007, at 3:48 PM, Henning Brauer wrote: all alphas, but it seems to happen more often on miatas than on cs20s. my cs20 is pretty stable. the cs20 is probably the nicest alpha we support. The CS20 does seem to be a pretty nice machine. I noticed that there is one obvious CS20 in the newrack.jpg picture. Is power consumption pretty high on these? Bryan
Re: using spamd to block outbound spam
Paolo Supino wrote: I appriciate your straight and forward replies :-) but the world isn't black and white and sometime you have to create work arounds to overcome other people's crap (well most of the time). No, in this case it is black and white. There is NO WAY to reliably fix this problem other than fixing the broken app or implementing the measures Bob Beck suggested. --- Lars Hanssn
Re: Mail Server (seeking recommendations)
On 16/04/07, Shane Harbour <[EMAIL PROTECTED]> wrote: > > I'm running Postfix/Dovecot with PostgreSQL (for authorization and mail > routing) all from the ports. I've got it setup so that in the near > future I can do virtual hosting of my wife's domains. It's pretty > simple to setup and there is a examples at postfix.org and dovecot.org. > It would be easy enough to right a script (pick your language) or setup > a GUI application/web page to administer user accounts. > > My Personal prefferance is exim4 and courier-imapd. I have come to love exim as an MTA because of it's flexibility, and getting it working with the anti malware toolchain is simple. Everything said above is true for courier as for dovecot... my main gripe with dovecot is the poor developer support and documentation. Courier is by no means brilliant but I find it is easier to use than dovecot. my $0.02c
Re: CARP access outside a subnet
I'm sorry to bring this up again, since it didn't get any responses the first time. But I haven't had any luck on my own, and was hoping someone might have an idea. On 4/9/07, david l goodrich <[EMAIL PROTECTED]> wrote: > > I have two hosts in a CARP group. > > on router-meus-cd1, i have the following network configuration: > > router-meus-cd1# ifconfig xennet1 > xennet1: > flags=8963 mtu > 1500 > capabilities=2800 > enabled=0 > address: 00:16:3e:71:ef:6f > inet 10.10.10.2 netmask 0xff00 broadcast 10.10.10.255 > inet6 fe80::216:3eff:fe71:ef6f%xennet1 prefixlen 64 scopeid 0x4 > router-meus-cd1# ifconfig carp216 > carp216: flags=8843 mtu 1500 > carp: MASTER carpdev xennet1 vhid 216 advbase 1 advskew 0 > address: 00:00:5e:00:01:d8 > inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 > router-meus-cd1# > > on router-meus-cn1, i have a similar configuration: > > router-meus-cn1# ifconfig xennet1 > xennet1: > flags=8963 mtu > 1500 > capabilities=2800 > enabled=0 > address: 00:16:3e:04:d3:e0 > inet 10.10.10.1 netmask 0xff00 broadcast 10.10.10.255 > inet6 fe80::216:3eff:fe04:d3e0%xennet1 prefixlen 64 scopeid 0x4 > router-meus-cn1# ifconfig carp216 > carp216: flags=8843 mtu 1500 > carp: BACKUP carpdev xennet1 vhid 216 advbase 1 advskew 0216.51.247.30 > > address: 00:00:5e:00:01:d8 > inet 216.51.247.30 netmask 0xfff8 broadcast 216.51.247.31 > router-meus-cn1# > > > The default route, nameservers, etc are all set correctly. > > CARP works great on the 216.51.247.24/29 subnet, from any machine on that > subnet I can ping 216.51.247.30. > > When I get outside the subnet, I can't ping the address or ssh to it. > > Does anyone have some insight into why this is happening? > > Thanks > --david
Re: Sending mail from rc.local
On Mon, Apr 16, 2007 at 01:40:01AM +0300, Keith Richardson wrote: > The fact that touch is not working suggests rc.local is not even being=20 > called I tested it again. Touch looks to be working now, although I noticed that I had to fork mysqld_safe. Apparently the script stopped when I didn't. I have verified that /etc/rc.local is being called, since outcommenting the lines starting the daemons I usually run made sure they didn't. > what is the output during boot time?=20 I have no display connected. I operate the server through OpenSSH. Also I have placed an else statement for the executable bit test. The test succeeds so the script should be called from rc.local. Ivo van der Sangen
Re: Mail Server (seeking recommendations)
I'm running Postfix/Dovecot with PostgreSQL (for authorization and mail routing) all from the ports. I've got it setup so that in the near future I can do virtual hosting of my wife's domains. It's pretty simple to setup and there is a examples at postfix.org and dovecot.org. It would be easy enough to right a script (pick your language) or setup a GUI application/web page to administer user accounts. Shane Stuart Henderson wrote: On 2007/04/15 14:06, Bryan Vyhmeister wrote: This is exactly why I have hesitated to move to a system based on postfix and dovecot for my main ISP mail server. This pair are pretty easy. Postfix (also more recent Exim versions) can look at Dovecot for smtp-auth; Dovecot's auth setup is quite simple and flexible. My staff needs to be able to add accounts easily and unfortunately, the command line is not that easy for them. BSD auth, ldap, sql, text files - take your pick... There's also dovecot-sieve if you need server-side filtering. One thing to note if you use milters, Postfix milter support is not based on libmilter; building milter apps on a box with Sendmail 8.14 installed will result in breakage when run against Postfix until Postfix milter support is updated unless you take extra care.
Re: verifying ntp via GPS configuration?
James Hartley [EMAIL PROTECTED] wrote: > > Do you have any other ideas? Thanks. Some receivers I've tried work at 9600 instead of 4800...
Re: OpenBSD/alpha Status
Don't lament, 1. There is a potential fix for "the alpha bug" coming up 2. The cats boards are junk, you didn't want them anyways, As reported by miod@ "Make it clear that it was the hardware which turned out to be unreliable, not the software (and after having a cats board catch fire here, I dare you to prove me wrong... how can a I-need-no-watts-really board catch fire?)" Bryan Vyhmeister [EMAIL PROTECTED] wrote: > I could have posted this on the alpha list but I thought I might get > a better answer here since that list has very little traffic. OpenBSD/ > cats is no longer around and is OpenBSD/alpha on its way out as well? > I am not intending to cause any rumors or anything but I do have the > opportunity to pick up some alpha machines but I am not going to if > the platform is on its way out. I had a couple of cats machines that > are doing nothing and I don't want to have alphas in the same boat. > Thanks for the info. > > Bryan -- "It's beneficial to your health to try and believe a few impossible things before breakfast." -- Lewis Carroll
Re: Sending mail from rc.local
Mathieu Sauve-Frankel [EMAIL PROTECTED] wrote: > > if [ -x /root/reboot_notification ]; then > > You probably want to use -f here, not -x. man test. > No, if he's trying to execute it on the next line, then testing for the execute bit is the proper thing to do.
Re: Recommendation for a UPS
If you want it to be manageable from the OS, then you will probably spend over $200 USD on an APC smart-ups or other manufacturer's equivalent. If you don't care, then just get the one with the largest rating of backup current/ backup time, in the $100 range. Expect to replace the battery within 3 years. Jean-Daniel Beaubien [EMAIL PROTECTED] wrote: > >What are your power requirements? Just a single server? How big of a > >system are we talking about? ...mainframe, onyx, or a single opteron? > > > > > >Regards, > >~Jason > > > My power requirements are very small. The server is running an Athlon > xp 2000+ with 2 HDDs in raid 1 (no screen). And that's the only thing > that will be attached to the UPS. > > Regards, > > -Jd -- "It's beneficial to your health to try and believe a few impossible things before breakfast." -- Lewis Carroll
Re: sk or em
Get a server board from Asus, Supermicro or Tyan that has dual on-board gigabit NICs. They will link back to the main bus with separate, PtP PCIe links to each NIC and you will have a screaming system. I use one NIC on an Asus P5MT-M connected to a vlan-capable switch for some higher volume routers and it works great. Each NIC has one 1x PCIe link to the chipset, which provides plenty of bandwidth for full-duplex gigabit ethernet communication. Chris C. [EMAIL PROTECTED] wrote: > Hi, > > I'm in the need to replace my two 100mbit fxp nic's in my firewall with a > 1000mbit one. The hardware is kinda old. (PIII) > I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. > Have looked at sk and bge, but couldn't find any bge nics at my local > vendors. > So... which driver to go? sk? em? > I really think this has been discussed before so if someone could just give > me > some keywords to search for in the archives I'd be lucky. > > Thanks > Chris -- "It's beneficial to your health to try and believe a few impossible things before breakfast." -- Lewis Carroll
Re: Mail Server (seeking recommendations)
On 14/04/07, Steven Presser <[EMAIL PROTECTED]> wrote: Hello, I'm working for a small company which has settled on OpenBSD as its server software (because the security is excellent). We have settled on what software to use for everything but the mail server. I'd like to request recommendations from the knowledgeable people of this list. The priorities for the mail server are: 1. Security 2. Usability (for the end user - not everyone is technically skilled, although the setup can be done for anyone who needs help) 3. Ease of setup 4. Scaleability Obviously the first is by far the most important. The other three are more perks than anything else. Thank you, Steve I use exim (mail server) qpopper (pop3) and openwebmail (web-only users) and spamassassin and the spamd in pf. Adding mail routing for domains and particular users is a breeze in exim. Documentation is *extensive*. If it's good enough for ISPs then it's good enough for me. -- John
Re: Sending mail from rc.local
> if [ -x /root/reboot_notification ]; then You probably want to use -f here, not -x. man test. -- Mathieu Sauve-Frankel
Re: host to host ipsec link
On Sun, Apr 15, 2007 at 08:32:00PM +0200, Markus Wernig wrote: > Hello! > > Renaud Allard wrote: > > Markus Wernig wrote: > >> Renaud Allard wrote: > >> > >>> Did you verify that isakmpd is running? > >> Yes. It runs as follows: > >> > >> 11967 ?? Is 0:00.05 isakmpd: monitor [priv] (isakmpd) > >> 18753 ?? I 0:01.40 isakmpd -S -K -f /var/run/isakmpd.fifo > >> > >> > > -S is used for redundant setups. Did you try without that flag? > > Infact, this resolves the problem! Thanks a lot. > > Yet, it brings me to the next problem that I didn't set the -S flag, but > /etc/rc does so automatically because of sasyncd, which will be used on > those boxes in a further step. (The far goal being two firewall clusters > encrypting traffic between the networks behind them, and encrypting > traffic between the two members respectively.) Currently the order in which isakmpd, ipsecctl and sasyncd need to be invoked in order for everything to work is pretty rigid. # isakmpd -KS # ipsecctl -f /etc/ipsec.conf # sasyncd First start isakmpd with -KS, this brings up isakmpd in passive mode, isakmpd won't initiate any IKE traffic until an sasyncd process sets isakmpd to "active" mode through the fifo, you can do this by hand by issuing "M active" into the fifo with echo. Don't forget to load your rules before you issue this command. If you are not going to use sasyncd, don't use -S. -- Mathieu Sauve-Frankel
Re: OpenBSD/alpha Status
* Bryan Vyhmeister <[EMAIL PROTECTED]> [2007-04-16 00:32]: > On Apr 15, 2007, at 3:08 PM, Siegbert Marschall wrote: > > >Hi, > > > On the other hand, there seems to be a 'the alpha bug' around. I > don't > think it's solved yet, and it's been around for a long time. > Apparently, > it causes random crashes. > > > >only on some machines. > > Any idea if it surfaces on dual processor CS20 machines? I have the > opportunity to pick up three dual 833 Mhz CS20 machines. all alphas, but it seems to happen more often on miatas than on cs20s. my cs20 is pretty stable. the cs20 is probably the nicest alpha we support. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: OpenBSD/alpha Status
On Apr 15, 2007, at 2:50 PM, Joachim Schipper wrote: On Sun, Apr 15, 2007 at 02:30:02PM -0700, Bryan Vyhmeister wrote: That is a good sign. Another reason to keep it around is that alpha machines were commercially produced which the cats machines were just evaluation boards. Big difference. I had a very hard time finding the two cats boards I came up with. Alpha systems are much easier to come by and are a much more powerful architecture. Yes, I think that was one of the reasons to can the cats architecture: it had pretty much done what it was intended to do, provide a springboard for zaurus and lately landisk, and there just aren't many machines around. I think you meant armish rather than landisk but the point is well taken. The cats boards were difficult to deal with. On the other hand, there seems to be a 'the alpha bug' around. I don't think it's solved yet, and it's been around for a long time. Apparently, it causes random crashes. I was not aware of this bug. That is unfortunate. Hopefully this might be resolved at some point. I do hope so; but I might be wrong there. I've never owned an Alpha, an don't think it's very likely I'll acquire one in the nearish future, so I haven't followed too closely. I have two alpha machines right now and I haven't touched either one in a while. One is a PC164LX machine as I recall and I have no idea if it would work or not. I should try it. The other is an AlphaServer 4100 which I picked up and never pulled out of the crate. After I bought it, I realized that the power consumption was going to be ridiculous and so I have never used it. I think it might even be 230v which made it even harder to deal with. I am not going to give that crazy thing its own circuit with the ridiculous California power rates. Bryan
Re: OpenBSD/alpha Status
On Apr 15, 2007, at 3:08 PM, Siegbert Marschall wrote: Hi, On the other hand, there seems to be a 'the alpha bug' around. I don't think it's solved yet, and it's been around for a long time. Apparently, it causes random crashes. only on some machines. Any idea if it surfaces on dual processor CS20 machines? I have the opportunity to pick up three dual 833 Mhz CS20 machines. Bryan
Re: OpenBSD/alpha Status
Hi, >> >On the other hand, there seems to be a 'the alpha bug' around. I don't >> >think it's solved yet, and it's been around for a long time. >> >Apparently, >> >it causes random crashes. only on some machines. >> >> I was not aware of this bug. That is unfortunate. Hopefully this >> might be resolved at some point. > > I do hope so; but I might be wrong there. I've never owned an Alpha, an > don't think it's very likely I'll acquire one in the nearish future, so > I haven't followed too closely. Should be still there, didn't follow it to closely but didn't get any info about it being resolved. If somebody would've found it there'd likely been a post to the alpha list since this mystery is around for years. Have two machines down in the basement whicht have it and one which doesn't, travels with swapping the CPU-Boards as far as I could test it. But being honest I didn't turn them on in months and couldn't go into detail since to much other work had to be done. Just shooting in the blue it seemed to be something with MP and LLC, maybe putting CPUs with not working SMP Elements into SP machines and sometimes it wrecks the cache. Found only one guy though which had some knowledge about the Hardware there and he gave up on it after he got a faster CPU module which didn't show the LLC errors anymore. since SMP is slowly moving ahead, maybe something shows up... ;) -sm
Re: Mail Server (seeking recommendations)
On 2007/04/15 14:06, Bryan Vyhmeister wrote: > This is exactly why I have hesitated to move to a system based on > postfix and dovecot for my main ISP mail server. This pair are pretty easy. Postfix (also more recent Exim versions) can look at Dovecot for smtp-auth; Dovecot's auth setup is quite simple and flexible. > My staff needs to be able to add accounts easily and unfortunately, > the command line is not that easy for them. BSD auth, ldap, sql, text files - take your pick... There's also dovecot-sieve if you need server-side filtering. One thing to note if you use milters, Postfix milter support is not based on libmilter; building milter apps on a box with Sendmail 8.14 installed will result in breakage when run against Postfix until Postfix milter support is updated unless you take extra care.
Re: Mail Server (seeking recommendations)
Here is my recommendation. You only have to install and maintain patches on one piece of software other than OpenBSD. The software is OpenVPN with OpenBSD's sendmail and popa3d. Why popa3d? User can use any mail client he choses and you don't have to worry about your email server running out of space.
Re: OpenBSD/alpha Status
On Sun, Apr 15, 2007 at 02:30:02PM -0700, Bryan Vyhmeister wrote: > On Apr 15, 2007, at 12:27 PM, Joachim Schipper wrote: > > >On Sun, Apr 15, 2007 at 11:40:48AM -0700, Bryan Vyhmeister wrote: > >>I could have posted this on the alpha list but I thought I might get > >>a better answer here since that list has very little traffic. > >>OpenBSD/ > >>cats is no longer around and is OpenBSD/alpha on its way out as well? > >>I am not intending to cause any rumors or anything but I do have the > >>opportunity to pick up some alpha machines but I am not going to if > >>the platform is on its way out. I had a couple of cats machines that > >>are doing nothing and I don't want to have alphas in the same boat. > >>Thanks for the info. > > > >While I am not a developer and not privy to Theo's thoughts, I did > >notice quite a bit of work on the alpha (some developer mentioned the > >switch to gcc 3). > > That is a good sign. Another reason to keep it around is that alpha > machines were commercially produced which the cats machines were just > evaluation boards. Big difference. I had a very hard time finding the > two cats boards I came up with. Alpha systems are much easier to come > by and are a much more powerful architecture. Yes, I think that was one of the reasons to can the cats architecture: it had pretty much done what it was intended to do, provide a springboard for zaurus and lately landisk, and there just aren't many machines around. > >On the other hand, there seems to be a 'the alpha bug' around. I don't > >think it's solved yet, and it's been around for a long time. > >Apparently, > >it causes random crashes. > > I was not aware of this bug. That is unfortunate. Hopefully this > might be resolved at some point. I do hope so; but I might be wrong there. I've never owned an Alpha, an don't think it's very likely I'll acquire one in the nearish future, so I haven't followed too closely. Joachim -- TFMotD: hunt (6) - a multi-player multi-terminal game
Re: Mail Server (seeking recommendations)
On Sun, Apr 15, 2007 at 02:06:56PM -0700, Bryan Vyhmeister wrote: > On Apr 15, 2007, at 3:03 AM, Joachim Schipper wrote: > > >On Sun, Apr 15, 2007 at 02:14:56AM -0700, Bryan Vyhmeister wrote: > >>That was the primary reason for using postfix with dovecot. Years > >>back, I tried to get both sendmail and postfix working with SMTP AUTH > >>and Cyrus as I recall. It was a mess. The super-easy integration of > >>postfix and dovecot for SMTP AUTH is a welcome change. > > > >I think the main trick is in writing scripts that generate all > >databases > >from a single main file. This is fairly easy using perl, awk, > > > >Of course, this becomes a hundred times more difficult the moment user > >administration is not done centrally. > > This is exactly why I have hesitated to move to a system based on > postfix and dovecot for my main ISP mail server. I would still like > to do it that way but it definitely brings up some other issues with > easy user administration. My staff needs to be able to add accounts > easily and unfortunately, the command line is not that easy for them. > If I did all of the user administration all the time it would be a > non-issue but that is not practical. I'd suggest either writing quite a few scripts or looking at saslauthd, then. The latter was already mentioned, and seems to be widely used. Joachim -- TFMotD: resolv.conf, resolv.conf.tail (5) - resolver configuration files
Re: OpenBSD/alpha Status
On Apr 15, 2007, at 12:27 PM, Joachim Schipper wrote: On Sun, Apr 15, 2007 at 11:40:48AM -0700, Bryan Vyhmeister wrote: I could have posted this on the alpha list but I thought I might get a better answer here since that list has very little traffic. OpenBSD/ cats is no longer around and is OpenBSD/alpha on its way out as well? I am not intending to cause any rumors or anything but I do have the opportunity to pick up some alpha machines but I am not going to if the platform is on its way out. I had a couple of cats machines that are doing nothing and I don't want to have alphas in the same boat. Thanks for the info. While I am not a developer and not privy to Theo's thoughts, I did notice quite a bit of work on the alpha (some developer mentioned the switch to gcc 3). That is a good sign. Another reason to keep it around is that alpha machines were commercially produced which the cats machines were just evaluation boards. Big difference. I had a very hard time finding the two cats boards I came up with. Alpha systems are much easier to come by and are a much more powerful architecture. On the other hand, there seems to be a 'the alpha bug' around. I don't think it's solved yet, and it's been around for a long time. Apparently, it causes random crashes. I was not aware of this bug. That is unfortunate. Hopefully this might be resolved at some point. Bryan
Re: Mail Server (seeking recommendations)
On Apr 15, 2007, at 3:03 AM, Joachim Schipper wrote: On Sun, Apr 15, 2007 at 02:14:56AM -0700, Bryan Vyhmeister wrote: That was the primary reason for using postfix with dovecot. Years back, I tried to get both sendmail and postfix working with SMTP AUTH and Cyrus as I recall. It was a mess. The super-easy integration of postfix and dovecot for SMTP AUTH is a welcome change. I think the main trick is in writing scripts that generate all databases from a single main file. This is fairly easy using perl, awk, Of course, this becomes a hundred times more difficult the moment user administration is not done centrally. This is exactly why I have hesitated to move to a system based on postfix and dovecot for my main ISP mail server. I would still like to do it that way but it definitely brings up some other issues with easy user administration. My staff needs to be able to add accounts easily and unfortunately, the command line is not that easy for them. If I did all of the user administration all the time it would be a non-issue but that is not practical. Bryan
Re: Mail Server (seeking recommendations)
On Apr 15, 2007, at 1:09 PM, Adam wrote: Bryan Vyhmeister <[EMAIL PROTECTED]> wrote: Is there any reasonably easy way to get SMTP AUTH functioning with sendmail and dovecot? Yes, just put WANT_SMTPAUTH=yes in your /etc/mk.conf, install the cyrus-sasl package and recompile sendmail. Then see the configuration options listed here http://www.sendmail.org/~ca/email/auth.html Thanks. I'll look into that. I was not aware that this option existed. Bryan
Re: Mail Server (seeking recommendations)
On Apr 15, 2007, at 2:53 AM, Martin Hedenfalk wrote: On 4/15/07, Bryan Vyhmeister <[EMAIL PROTECTED]> wrote: Is there any reasonably easy way to get SMTP AUTH functioning with sendmail and dovecot? I'm using sendmail, dovecot and a PostgreSQL database with passwords. I got SMTP AUTH working nicely, using saslauthd with rimap authentication via localhost. This way I only need one password database. I'll have to look into that. Bryan
Re: sk or em
On 2007/04/15 20:27, Chris C. wrote: > I'm in the need to replace my two 100mbit fxp nic's in my firewall with a > 1000mbit one. The hardware is kinda old. (PIII) > I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. > Have looked at sk and bge, but couldn't find any bge nics at my local > vendors. > So... which driver to go? sk? em? Modern Realtek re(4) are not really a problem, they do IPv4 TCP checksum offload, HW vlan tagging, and are a better design than the rl(4). They only handle jumbo frames up to 7.5k, but if jumbo support was a big issue you'd probably have mentioned it already (and even 2k would cover many of the reasons you'd want jumbos). I'd still go for the sk(4) if they were the same price - this is fairly possible, unlike em(4) which will almost certainly cost more than re(4) - but don't worry about it, pretty much anything you pick up is likely to work fine.
Re: Sending mail from rc.local
On Sun, Apr 15, 2007 at 10:00:38PM +0200, Ivo van der Sangen wrote: > I am trying to send mail from rc.local to inform users about reboots. I > wrote a script /root/reboot_notification containing the following: > > #!/bin/sh > for user in `/bin/cat /root/reboot_notification_users`; do > echo "$SERVER has rebooted at `/bin/date`" | /usr/bin/mail -s > "$server reboot" $user > done I do something somewhat similar. Look for @reboot in crontab(5). -ME
Re: Mail Server (seeking recommendations)
Bryan Vyhmeister <[EMAIL PROTECTED]> wrote: > On Apr 13, 2007, at 8:46 PM, Vijay Sankar wrote: > > > OpenBSD's sendmail, dovecot, and hastymail is a great solution, in my > > opinion, for large or small networks. It allows you to support a > > variety of clients very easily and with excellent security. Like Bryan > > Vyhmeister mentioned, postfix also is a good option instead of > > sendmail. I prefer sendmail because it is part of the OS distribution. > > Is there any reasonably easy way to get SMTP AUTH functioning with > sendmail and dovecot? Yes, just put WANT_SMTPAUTH=yes in your /etc/mk.conf, install the cyrus-sasl package and recompile sendmail. Then see the configuration options listed here http://www.sendmail.org/~ca/email/auth.html Adam
Sending mail from rc.local
I am trying to send mail from rc.local to inform users about reboots. I wrote a script /root/reboot_notification containing the following: #!/bin/sh for user in `/bin/cat /root/reboot_notification_users`; do echo "$SERVER has rebooted at `/bin/date`" | /usr/bin/mail -s "$server reboot" $user done Where $server is replaced by the hostname of the server. I added the following entry to rc.local: if [ -x /root/reboot_notification ]; then echo -n ' notifying users about reboot'; /root/reboot_notification fi I made /root/reboot_notification to be world-executable, although I don't think that's neccesary. It works like a charm if I execute the script from a user-shell. The problem is that it doesn't work from rc.local and I can't figure out why. I tried to add "/usr/bin/touch /tmp/test" to rc.local and that also didn't work which made me suspect that only programs from /bin and /sbin are allowed to be run. At the same time a Sparc-user informed me it works perfectly for him. I am running OpenBSD 4.0 stable on i386. Could this have something to do with sendmail having a "warmup-time"? I tried adding a sleep 30 before the line rc.local and that didn't help. Does anybody have an idea what I am overlooking? Ivo van der Sangen
Re: Recommendation for a UPS
What are your power requirements? Just a single server? How big of a system are we talking about? ...mainframe, onyx, or a single opteron? Regards, ~Jason My power requirements are very small. The server is running an Athlon xp 2000+ with 2 HDDs in raid 1 (no screen). And that's the only thing that will be attached to the UPS. Regards, -Jd
Re: OpenBSD/alpha Status
On Sun, Apr 15, 2007 at 11:40:48AM -0700, Bryan Vyhmeister wrote: > I could have posted this on the alpha list but I thought I might get > a better answer here since that list has very little traffic. OpenBSD/ > cats is no longer around and is OpenBSD/alpha on its way out as well? > I am not intending to cause any rumors or anything but I do have the > opportunity to pick up some alpha machines but I am not going to if > the platform is on its way out. I had a couple of cats machines that > are doing nothing and I don't want to have alphas in the same boat. > Thanks for the info. While I am not a developer and not privy to Theo's thoughts, I did notice quite a bit of work on the alpha (some developer mentioned the switch to gcc 3). On the other hand, there seems to be a 'the alpha bug' around. I don't think it's solved yet, and it's been around for a long time. Apparently, it causes random crashes. Joachim -- PotD: security/libtasn1 - Abstract Syntax Notation One structure parser library
Re: Recommendation for a UPS
- Fresh install of 4.1 (as soon as my copy gets here) - I Will probably be using nut to shutdown the server. I'm trying to find something that won't require too much configs/poking around. I'm not looking for something fancy either, I just need enough juice to shutdown the server properly when the electricity goes out. What are your power requirements? Just a single server? How big of a system are we talking about? ...mainframe, onyx, or a single opteron? Regards, ~Jason
Re: host to host ipsec link
On Sun, Apr 15, 2007 at 05:26:11PM +0200, Markus Wernig wrote: > > /etc/rc.conf.local > ipsec=YES > isakmpd_flags="-K -f /var/run/isakmpd.fifo" why the -f ...? isakmpd takes care of the fifo itself. You only need "-K", nothing else.
Recommendation for a UPS
Hi everyone, I have to replace a UPS and I was wondering if anyone could make a recommendation (Last time I purchased one was 4 years ago, so I've a bit out of the loop by now). Here is what I will be working with: - Fresh install of 4.1 (as soon as my copy gets here) - I Will probably be using nut to shutdown the server. I'm trying to find something that won't require too much configs/poking around. I'm not looking for something fancy either, I just need enough juice to shutdown the server properly when the electricity goes out. Thank you for your time, -Jd
OpenBSD/alpha Status
I could have posted this on the alpha list but I thought I might get a better answer here since that list has very little traffic. OpenBSD/ cats is no longer around and is OpenBSD/alpha on its way out as well? I am not intending to cause any rumors or anything but I do have the opportunity to pick up some alpha machines but I am not going to if the platform is on its way out. I had a couple of cats machines that are doing nothing and I don't want to have alphas in the same boat. Thanks for the info. Bryan
Re: host to host ipsec link
Hello! Renaud Allard wrote: > Markus Wernig wrote: >> Renaud Allard wrote: >> >>> Did you verify that isakmpd is running? >> Yes. It runs as follows: >> >> 11967 ?? Is 0:00.05 isakmpd: monitor [priv] (isakmpd) >> 18753 ?? I 0:01.40 isakmpd -S -K -f /var/run/isakmpd.fifo >> >> > -S is used for redundant setups. Did you try without that flag? Infact, this resolves the problem! Thanks a lot. Yet, it brings me to the next problem that I didn't set the -S flag, but /etc/rc does so automatically because of sasyncd, which will be used on those boxes in a further step. (The far goal being two firewall clusters encrypting traffic between the networks behind them, and encrypting traffic between the two members respectively.) krgds /markus
Re: host to host ipsec link
Markus Wernig wrote: > Renaud Allard wrote: > > >> It seems you just forgot to load your rules. >> Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your >> firewalls and everything should just work fine. >> > > > Hi > > I've tried to load the rules by hand with "ipsecctl -f /etc/ipsec.conf" > - to no avail. On the other hand I seemed to understand that with > "ipsec=YES" in /etc/rc.conf.local this was done automatically. > > I've tried it nevertheless, unfortunately no joy ;-) > > thx /markus > > for god's sake (it likes it warm and served by sexy japanese women), please use google: http://www.securityfocus.com/infocus/1859 turn off pf on both machines and follow the instructions with the minor modifications to /etc/ispec.conf that are req'd for your setup. use isakpmd's debugging switches to see what is going on if it doesn't work. isakmpd -dDA=10 gives mostly useful output, start there and read the isakmpd manpage.
sk or em
Hi, I'm in the need to replace my two 100mbit fxp nic's in my firewall with a 1000mbit one. The hardware is kinda old. (PIII) I'm looking for an inexpensive but not bad (so I think no realtek chips) nic. Have looked at sk and bge, but couldn't find any bge nics at my local vendors. So... which driver to go? sk? em? I really think this has been discussed before so if someone could just give me some keywords to search for in the archives I'd be lucky. Thanks Chris
Re: host to host ipsec link
Markus Wernig wrote: > Renaud Allard wrote: > >> Maybe also try on both firewalls: >> >> cd /etc/isakmpd && ln -s private/local.pub . >> >> Then restart isakmpd and reload the rules. >> > > Hi > > Tried that as well ... still no go. > I have disabled pf for setting the enc up. I suppose, that doesn't > matter, does it? > If your pf config blocks esp, ah or udp 500, you will have problems establishing the communication.
Re: host to host ipsec link
Markus Wernig wrote: > Renaud Allard wrote: > >> Did you verify that isakmpd is running? > > Yes. It runs as follows: > > 11967 ?? Is 0:00.05 isakmpd: monitor [priv] (isakmpd) > 18753 ?? I 0:01.40 isakmpd -S -K -f /var/run/isakmpd.fifo > > -S is used for redundant setups. Did you try without that flag?
Re: host to host ipsec link
Renaud Allard wrote: > Maybe also try on both firewalls: > > cd /etc/isakmpd && ln -s private/local.pub . > > Then restart isakmpd and reload the rules. > Hi Tried that as well ... still no go. I have disabled pf for setting the enc up. I suppose, that doesn't matter, does it? krgds /markus
Re: host to host ipsec link
Markus Wernig wrote: > Renaud Allard wrote: > >> It seems you just forgot to load your rules. >> Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your >> firewalls and everything should just work fine. > > > Hi > > I've tried to load the rules by hand with "ipsecctl -f /etc/ipsec.conf" > - to no avail. On the other hand I seemed to understand that with > "ipsec=YES" in /etc/rc.conf.local this was done automatically. > > I've tried it nevertheless, unfortunately no joy ;-) > > thx /markus > > Maybe also try on both firewalls: cd /etc/isakmpd && ln -s private/local.pub . Then restart isakmpd and reload the rules.
Re: host to host ipsec link
Renaud Allard wrote: > Did you verify that isakmpd is running? Yes. It runs as follows: 11967 ?? Is 0:00.05 isakmpd: monitor [priv] (isakmpd) 18753 ?? I 0:01.40 isakmpd -S -K -f /var/run/isakmpd.fifo
Re: host to host ipsec link
On 15/04/07, Markus Wernig <[EMAIL PROTECTED]> wrote: Renaud Allard wrote: > It seems you just forgot to load your rules. > Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your > firewalls and everything should just work fine. Hi I've tried to load the rules by hand with "ipsecctl -f /etc/ipsec.conf" - to no avail. On the other hand I seemed to understand that with "ipsec=YES" in /etc/rc.conf.local this was done automatically. I've tried it nevertheless, unfortunately no joy ;-) thx /markus You also need to start isakmpd with -K flag, that can be done with rc.conf.local too. -- viq
Re: host to host ipsec link
Markus Wernig wrote: > Renaud Allard wrote: > >> It seems you just forgot to load your rules. >> Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your >> firewalls and everything should just work fine. > > > Hi > > I've tried to load the rules by hand with "ipsecctl -f /etc/ipsec.conf" > - to no avail. On the other hand I seemed to understand that with > "ipsec=YES" in /etc/rc.conf.local this was done automatically. > > I've tried it nevertheless, unfortunately no joy ;-) > Did you verify that isakmpd is running?
Re: host to host ipsec link
Renaud Allard wrote: > It seems you just forgot to load your rules. > Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your > firewalls and everything should just work fine. Hi I've tried to load the rules by hand with "ipsecctl -f /etc/ipsec.conf" - to no avail. On the other hand I seemed to understand that with "ipsec=YES" in /etc/rc.conf.local this was done automatically. I've tried it nevertheless, unfortunately no joy ;-) thx /markus
Re: host to host ipsec link
Markus Wernig wrote: > Hello all > > I am trying a - what I think is - simple ipsec setup. The point is to > ipsec-encrypt all traffic between a pair of firewalls (gateA and gateB, > both OBSD 4.0), in order to send pfsync traffic over the encrypted link. > Although having read through ipsec, ipsec.conf, isakmpd and friend's > manpages, I get stuck on the same point. Obviously I'm missing some > important point. > > gateA:/etc/ipsec.conf: > ike esp from 10.111.1.1 to 10.111.1.2 > > gateB:/etc/ipsec.conf: > ike esp from 10.111.1.2 to 10.111.1.1 > > private and public key created by rc on initial boot in > /etc/isakmpd/private on both machines. > copied > gateA's /etc/isakmpd/private/local.pub to > gateB:/etc/isakmpd/pubkeys/ipv4/10.111.1.1 > and > gateB's /etc/isakmpd/private/local.pub to > gateA:/etc/isakmpd/pubkeys/ipv4/10.111.1.2 > > /etc/rc.conf.local > ipsec=YES > isakmpd_flags="-K -f /var/run/isakmpd.fifo" > > > I thought that with this, automatic keying would setup a tunnel between > 10.111.1.1 and 10.111.1.2 on system start. But nothing of the like > happens, not even a single IKE package is exchanged between the two > hosts. Consequently, when pinging from 10.111.1.1 to 10.111.1.2 or vice > versa, the packets go over the wire in the clear. > > I'm sorry, but I just can't see what I'm missing. Would anybody have a > pointer for a lost soul? > > thx /markus > > It seems you just forgot to load your rules. Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your firewalls and everything should just work fine.
Re: SSH/SFTP question
On Sat, Apr 14, 2007 at 05:32:38PM -0400, Frank Bax wrote: > > Based on what your vendor says; it looks like the file originally contains > only LF and not CRLF; so enabling ASCII transfer should convert LF to > CRLF. If your transfer software doesn't have this option find another that > does. or just convert the files yourself after you get them -- jared
host to host ipsec link
Hello all I am trying a - what I think is - simple ipsec setup. The point is to ipsec-encrypt all traffic between a pair of firewalls (gateA and gateB, both OBSD 4.0), in order to send pfsync traffic over the encrypted link. Although having read through ipsec, ipsec.conf, isakmpd and friend's manpages, I get stuck on the same point. Obviously I'm missing some important point. gateA:/etc/ipsec.conf: ike esp from 10.111.1.1 to 10.111.1.2 gateB:/etc/ipsec.conf: ike esp from 10.111.1.2 to 10.111.1.1 private and public key created by rc on initial boot in /etc/isakmpd/private on both machines. copied gateA's /etc/isakmpd/private/local.pub to gateB:/etc/isakmpd/pubkeys/ipv4/10.111.1.1 and gateB's /etc/isakmpd/private/local.pub to gateA:/etc/isakmpd/pubkeys/ipv4/10.111.1.2 /etc/rc.conf.local ipsec=YES isakmpd_flags="-K -f /var/run/isakmpd.fifo" I thought that with this, automatic keying would setup a tunnel between 10.111.1.1 and 10.111.1.2 on system start. But nothing of the like happens, not even a single IKE package is exchanged between the two hosts. Consequently, when pinging from 10.111.1.1 to 10.111.1.2 or vice versa, the packets go over the wire in the clear. I'm sorry, but I just can't see what I'm missing. Would anybody have a pointer for a lost soul? thx /markus
Re: Binary kernel and base update
On Apr 15, 2007, at 3:09 AM, Stuart Henderson wrote: On 2007/04/15 02:37, Bryan Vyhmeister wrote: The original poster seemed to be asking more about an incremental update system. Maybe that's the wrong term but something along the lines of the name-your-favorite-linux-distribution setup. An example might be yum in CentOS (and others) or apt-get in Debian. This seems like a much more complicated option. While possible, it would take a lot of work. Any thoughts on this part? That follows from the "base OS" being a bunch of unrelated packages as done in most Linux distributions. That's very true and that is one big reason why I like OpenBSD so much. One way of doing this would be to provide a tarball that contains all of the affected files or binaries relevant to the particular fix or possibly one large tarball with every fix for -stable up to that point. This could be installed with tar or even a nice little shell script. What about this? I run -current on most systems, but I would imagine that many people who made the more conservative decision to run -stable rather than -current would probably prefer not to trust third-party binaries either. (As an aside, how often do you update your -current systems and do you run -current on production servers?) I realize that this is always the issue when you are dealing with non- official binaries. In a production environment, I do build my own releases and all to use internally but I also recognize that this can be a pain for some people. Certain architectures like mac68k take next to forever to finish a release. The last time I tried with 3.9, it took a week and then failed with something. As soon as 4.1 has some security errata, I am going to attempt the build again on mac68k. It isn't worth it with 4.0 now that 4.1 is right around the corner. Of course this brings up the point that in a production setting, you really would have no good reason to be using mac68k machines. Other more powerful architectures can be patched pretty easily. I guess the ideal really would be for someone to put the work into developing a good way to distribute an update tarball like I referred to above and then this work could be integrated into the base system or something. Whoever put the work into this could I suppose do the work of creating the tarballs but these "official" updates could be distributed through the usual mirrors and such. That would be nice but reality sets in. I may just start fiddling around with this concept when I have a little more time. Bryan
Re: Binary kernel and base update
On Apr 15, 2007, at 3:05 AM, Marc Balmer wrote: Bryan Vyhmeister wrote: I just skimmed this whole thread and I am wondering about a couple of things. It appears that all of you are talking about basically following the instructions for release(8) and just providing the generated files for people. Is that correct? That is not enough. You have to make sure you packages are up-to- date as well. So you are also into bulk package building. If you want to this right, it is a lot work; that's why we don't do it in the project and that's probably also the reason why we ask money for it ;) You need machinery and a lot of time... That's true. It would take lots of time. Packages are not updated that frequently as I recall though for -stable. It would take a lot of time to check on this regularly though. Bryan
Re: Binary kernel and base update
On 2007/04/15 02:37, Bryan Vyhmeister wrote: > The original poster seemed to be asking more about an incremental > update system. Maybe that's the wrong term but something along the > lines of the name-your-favorite-linux-distribution setup. An example > might be yum in CentOS (and others) or apt-get in Debian. This seems > like a much more complicated option. While possible, it would take a > lot of work. Any thoughts on this part? That follows from the "base OS" being a bunch of unrelated packages as done in most Linux distributions. > One way of doing this would be to provide a tarball that contains all > of the affected files or binaries relevant to the particular fix or > possibly one large tarball with every fix for -stable up to that > point. This could be installed with tar or even a nice little shell > script. What about this? I run -current on most systems, but I would imagine that many people who made the more conservative decision to run -stable rather than -current would probably prefer not to trust third-party binaries either.
Re: Binary kernel and base update
Bryan Vyhmeister wrote: I just skimmed this whole thread and I am wondering about a couple of things. It appears that all of you are talking about basically following the instructions for release(8) and just providing the generated files for people. Is that correct? That is not enough. You have to make sure you packages are up-to-date as well. So you are also into bulk package building. If you want to this right, it is a lot work; that's why we don't do it in the project and that's probably also the reason why we ask money for it ;) You need machinery and a lot of time...
Re: Mail Server (seeking recommendations)
On Sun, Apr 15, 2007 at 02:14:56AM -0700, Bryan Vyhmeister wrote: > On Apr 15, 2007, at 2:03 AM, Jacob Yocom-Piatt wrote: > > >Bryan Vyhmeister wrote: > >>Is there any reasonably easy way to get SMTP AUTH functioning with > >>sendmail and dovecot? > > > >i asked about this a few weeks back and i think the answer is no. this > >means you have to maintain 2 pw DBs, one for dovecot, one for > >cyrus-SASL. i would like to be wrong here since it would make life > >easier for me. > > That was the primary reason for using postfix with dovecot. Years > back, I tried to get both sendmail and postfix working with SMTP AUTH > and Cyrus as I recall. It was a mess. The super-easy integration of > postfix and dovecot for SMTP AUTH is a welcome change. I think the main trick is in writing scripts that generate all databases from a single main file. This is fairly easy using perl, awk, Of course, this becomes a hundred times more difficult the moment user administration is not done centrally. Joachim -- TFMotD: vaccess (9) - check access permissions based on vnode parameters
Re: Mail Server (seeking recommendations)
On 4/15/07, Bryan Vyhmeister <[EMAIL PROTECTED]> wrote: On Apr 13, 2007, at 8:46 PM, Vijay Sankar wrote: > OpenBSD's sendmail, dovecot, and hastymail is a great solution, in my > opinion, for large or small networks. It allows you to support a > variety of clients very easily and with excellent security. Like Bryan > Vyhmeister mentioned, postfix also is a good option instead of > sendmail. I prefer sendmail because it is part of the OS distribution. Is there any reasonably easy way to get SMTP AUTH functioning with sendmail and dovecot? I'm using sendmail, dovecot and a PostgreSQL database with passwords. I got SMTP AUTH working nicely, using saslauthd with rimap authentication via localhost. This way I only need one password database. -martin
Re: 4.1 !
Wijnand Wiersma wrote: Or even more important: how is the song? Wijnand Excellent. Arabic style :) About magic caves and words :)
Re: Binary kernel and base update
I just skimmed this whole thread and I am wondering about a couple of things. It appears that all of you are talking about basically following the instructions for release(8) and just providing the generated files for people. Is that correct? If the above is true, I can also assist with building release(8) for i386, mac68k, macppc, sparc64, and zaurus. I could also get sparc up and running as well. I am in the U.S. but I could provide hosting fairly easily. The original poster seemed to be asking more about an incremental update system. Maybe that's the wrong term but something along the lines of the name-your-favorite-linux-distribution setup. An example might be yum in CentOS (and others) or apt-get in Debian. This seems like a much more complicated option. While possible, it would take a lot of work. Any thoughts on this part? One way of doing this would be to provide a tarball that contains all of the affected files or binaries relevant to the particular fix or possibly one large tarball with every fix for -stable up to that point. This could be installed with tar or even a nice little shell script. What about this? Bryan
Re: Mail Server (seeking recommendations)
On Apr 15, 2007, at 2:03 AM, Jacob Yocom-Piatt wrote: Bryan Vyhmeister wrote: Is there any reasonably easy way to get SMTP AUTH functioning with sendmail and dovecot? i asked about this a few weeks back and i think the answer is no. this means you have to maintain 2 pw DBs, one for dovecot, one for cyrus-SASL. i would like to be wrong here since it would make life easier for me. That was the primary reason for using postfix with dovecot. Years back, I tried to get both sendmail and postfix working with SMTP AUTH and Cyrus as I recall. It was a mess. The super-easy integration of postfix and dovecot for SMTP AUTH is a welcome change. Bryan
Re: Mail Server (seeking recommendations)
Bryan Vyhmeister wrote: > On Apr 13, 2007, at 8:46 PM, Vijay Sankar wrote: > >> OpenBSD's sendmail, dovecot, and hastymail is a great solution, in my >> opinion, for large or small networks. It allows you to support a >> variety of clients very easily and with excellent security. Like Bryan >> Vyhmeister mentioned, postfix also is a good option instead of >> sendmail. I prefer sendmail because it is part of the OS distribution. > > Is there any reasonably easy way to get SMTP AUTH functioning with > sendmail and dovecot? > i asked about this a few weeks back and i think the answer is no. this means you have to maintain 2 pw DBs, one for dovecot, one for cyrus-SASL. i would like to be wrong here since it would make life easier for me. cheers, jake > Bryan
Re: Mail Server (seeking recommendations)
On Apr 13, 2007, at 8:46 PM, Vijay Sankar wrote: OpenBSD's sendmail, dovecot, and hastymail is a great solution, in my opinion, for large or small networks. It allows you to support a variety of clients very easily and with excellent security. Like Bryan Vyhmeister mentioned, postfix also is a good option instead of sendmail. I prefer sendmail because it is part of the OS distribution. Is there any reasonably easy way to get SMTP AUTH functioning with sendmail and dovecot? Bryan
Re: Mail Server (seeking recommendations)
On Apr 13, 2007, at 8:49 PM, Sam Fourman Jr. wrote: Does your Mail setup use a PostgreSQL backend? No. I just used plain text files. This was a small test install to evaluate for my main mail server install. I haven't used any database back-end at this point. I am wanting to know because I am Looking for a OpenBSD postfix dovecott,and PostgreSQL article on the internet. That would be nice. If I get around to it, I may just try this and write up an article. I'm busy with moving my office right now so it may be wishful thinking. Bryan
Re: Binary kernel and base update
On Saturday, April 14, 2007 at 07:43:06 +0200, Marc Balmer wrote: >My company has to provide -stable base system and especially packages on >at least i386 for it's customers. We have a fan-out box to which >customer systems connect (the PKG_PATH points to it). This works really >nice an we can distribute security updates like e.g. ClamAV within >minutes to all machines we take care of. Up to here, I was hoping you were going to offer hosting facilities. >If there is interest in this, we could make it available as a (paid, but >reasonably priced) service. Contact me off-list if interested. But apparantly that's not the case. I don't see how this is of any help to this initiative. Maurice
Re: Binary kernel and base update
On Friday, April 13, 2007 at 17:21:14 -0400, Daniel Ouellet wrote: >Maurice Janssen wrote: >>On Friday, April 13, 2007 at 15:16:41 -0400, Daniel Ouellet wrote: >>>If there was a real concrete effort, not just the usual vapor ware, I >>>would/could offer hosting in Equinix peering point, for downloading >>>binaries, >> >>That's in the US? Is that OK with regard to export restrictions? > >Hmmm... You got a point there. I always forget about the backward >mentality of some leaders (hmmm, wonder if the term apply really) in >this place where they think everyone else is behind in technology, etc. > >But download of files is available from many Universities in the US as >well. Are they blocking the download for US only? I guess most of the time, it isn't checked. But that doesn't mean that we shouldn't do it by the book. >So, I can't do it then, can I, not even built the binaries either? As far as I understand it, both code and binaries are not allowed to be exported. But IANAL, I'd be happy to hear that I've got it all wrong. Perhaps you could put some information and links on the openbsdsupport.org website. That would be a start. The actual files can be hosted somewhere else. In the meantime, I tried to set things up for building stable releases. - i386 and sparc64 do it in about a day on my rather old and slow hardware. - sparc and vax are still crunching. - I've had some problems with alpha and hppa. But as these are probably not the most popular platforms, I guess this is not critical for now. I hope to fix this soon. So I guess we need a place with good connecticity to host the files. It's less than 200 MB per architecture, but I have no idea how much traffic it'll generate. Maurice
GIS Careers Newsletter : April 14, 2007
TechJobsCafe.com GIS Focus GIS and Related Fields [IMAGE] Saturday April 14, 2007 From: TechJobsCafe Map Faster & Safer - LaserTech.com Bentley Institue [IMAGE] Search All TechJobsCafe Jobs: Featured GIS Job Opportunities * Data Acquisition Coordinator -- GeoDigital International LLC -- Lompoc, CA * Database Administrator/ St. Louis -- GeoDecisions -- St Louis, MO * Project Delivery Manager - Software -- MapFrame Corporation -- Dallas, TX * Information Technology Engineer I (GIS) -- City of Mesa -- mesa, AZ * Senior Consultant Product Specialist -- PowerBuilders, Inc. -- New York or DC, NY * Project Manager East Coast -- Geographic Technologies Group, Inc -- Goldsboro, NC * GIS Consultant -- City of Houston -- Houston, TX * Senior Database Administrator -- James W. Sewall -- Old Town, ME * GeoSpatial Consultant -- eSpatial Inc -- Herndon, VA * Utility GIS Consultant -- Wind Lake Solutions -- Mukwonago, WI * Senior Applications Specialist -- Trimble -- Westminster, CO * SR. ENTERPRISE TECHNOLOGY ANALYST -- Sacramento Municipal Utility District (SMUD) -- Sacramento, CA * Manager, GIS CAD Services -- JEA -- Jacksonville, FL * GIS Specialist -- TGS-Nopec Inc. -- Houston, TX * SURVEY TECHNICIAN -- GeoDigital International LLC -- Lompoc, CA * Application Developer -- GeoDecisions -- Camp Hill, PA * GIS Analyst (entry level) -- GeoDecisions -- Camp Hill, PA * Sales Engineer -- PowerBuilders, Inc. -- Washington, DC * Web Developer -- GeoDecisions -- Camp Hill, PA * FIELD DATA PROCESSOR -- GeoDigital International LLC -- Lompoc, CA [ More GIS Jobs ] Recruit From a Targeted Audience Who do you want to hire today? Using GISCafe and TechJobsCafe is the most powerful way to get your GIS job positions filled at an extremely low price. Here is why: 1. Each of your jobs posted on TechJobsCafe also appears on GISCafe homepage. Visited by more than 125,000 GIS professionals every month, GISCafe is the #1 GIS web portal in the world. 2. Each of your job postings is also sent to the 40,000 subscribers of our daily newsletter. This is an audience that may never visit any of the major job boards such as Monster, but we will bring your job opening to this passive job-seeking audience. 3. We have thousands of resumes from GIS professionals accessible to you if you sign up for a three-month membership. 4. This extremely targeted approach costs much less than your postings on Monster or Dice and is much more effective in finding you the right candidate. Contact us today! or fill out a short registration form and we will contact you. Attention Job Seekers! Only Enter Your Resume Once. Save time when you're applying for more than one job position by posting your resume on TechJobsCafe. After you enter your resume information it is automatically available each time you apply for a job. You also have complete editorial control of your resume information, and your resume is searched by companies who are looking for your skills and talent. Visit our Job Seeker section now to get a personalized account. Career Guide The TechJobsCafe Career Guide has been reorganized and new links have been added. Check it out and gain an unf