Re: digitally signed distribution (was: OBSD's perspective on SELinux)

[Lars Hansson]

On 9/24/07, Martin Schrvder [EMAIL PROTECTED] wrote:
 2007/9/24, Joachim Schipper [EMAIL PROTECTED]:
  Sure it does, just pull from CVS over SSH and compile your own. Only

 Where do I get the ssh fingerprints of the CVS servers?

Where do you get the public keys for the digitally signed distributions?

---
Lars Hansson

Re: digitally signed distribution (was: OBSD's perspective on SELinux)

[Darren Spruell]

   Sure it does, just pull from CVS over SSH and compile your own. Only
 
  Where do I get the ssh fingerprints of the CVS servers?

http://www.openbsd.org/anoncvs.html#CVSROOT, of course.

Not all are listed, but one can either use one that needs verified or
contact the maintainer for a correct fingerprint.

DS

RAID1 powerloss - can parity rewrite be safely backgrounded?

[Matt]

I'm running a RAID1 mirror on OpenBSD 4.1 (webserver)
On a power failure the parity becomes dirty and needs rewriting, which 
results in  1.5 hours 'downtime'.

Is it safe to background this in /etc/rc or is that a no-no?

I found a reference this was possible/safe on-list but it was a) 2003 
and b) dealt with RAID5.

I'd like to make sure I am not doing something dangerous.

Thanks,

Matt

Re: OpenCON 2007 // Call for Papers

[Marc Balmer]

Eric Johnson wrote:

On Mon, 24 Sep 2007 22:55:16 +0200
Ed [EMAIL PROTECTED] wrote:


http://2006.opencon.org/


Just out of curiousity (since I can't make it), is there a newer page
on this?


That is the webpage of last years conference, please visit

  http://www.opencon.org/

for the current conference information.

- mb

Re: SMTP flood + spamdb

[patrick keshishian]

On 9/23/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote:
 patrick keshishian [EMAIL PROTECTED] writes:

  I'm running spamdb in greylist mode, but these servers were
  getting white-listed very quickly.

 Then it sounds almost like you were running with a too short passtime,
 but then that's easy to adjust.

The default (which I believe is 25 minutes).


  At around 1:40 PM (PDT) my SMTP server started getting flooded
  by enormous amount of connections.  The connections were for
  seemingly random users @my-domain-name.

 We've been seeing a lot of that here, too.  Mostly it's a few (maybe
 20) a day to the most widely known domain here, then occasionally
 somebody pushes the generate button for too long and one domain
 almost nobody actually uses gets the bouces for 700+ fake
 addresses[1].  Bob Beck's greyscanner is rather effective, as is the
 more manual methods I've blogged about the observations quite a bit,
 starting with [2].

I have just re-opened my SMTP port which I had shut since 1440
Sunday. Not 1 hour has passed yet and my GREY list is almost
at 300.

I've added about 250 (count at the time) bogus emails to the
greytrap list but since they are unique I don't think it will
help the situation much.

I'm very certain right now, this flood is due to a spammer
using these fake addresses @my-domain-name to spam these mail
server (all around the world -- Japan, South America, US,
Germany, Ireland, etc...) and I'm getting the brunt of it in
the form of these bounced messages.

At this point I think I have no other choice but to wait out
the storm.


 Short summary for those who are not too interested in blog posts: I
 started seeing more than the usual amount of bounce activity in my
 mail server log summaries, close enough to what you describe.  So
 after a bit of thinking and log browsing I decided this was generated
 mainly by misconfigured mail servers bouncing spam.  Then I decided I
 wanted to do an experiment, to see if I could poison the well and at
 the same time get a feel for the data I was collecting.


When you speak of misconfigured mail servers bouncing spam,
what exactly is a proper configured mail server supposed to
do with spam directed at non-existing user @their-host-name?

Just curious.


FYI, as of now my:

 - GREY list count is 342 (and growing)
 - unique bogus email count is 341
 - ESTABLISHED spamd connection count is 63 (and growing)


This is not fun :-\



 I started publishing the fake addresses on a web page[3] as well as
 entering them into the list of trap addresses.  I've been seeing
 evidence that the addresses are actually being harvested and used as
 to-be-spammed addresses too: addresses which are all uppercase on the
 web page turning up in the spamd logs and greylist dumps in all
 lowercase, addresses which have been on my flypaper list for months
 turn up all the time, and we see a steadily growing number of hosts in
 TRAPPED state.

 My users here are not getting any more spam than they used to (as
 close as does not matter to none), false positives are pretty much an
 unknown, and it looks like we're succeeding in making the spammers
 work harder.

 [1] 
 http://bsdly.blogspot.com/2007/08/lady-in-distress-or-then-again-maybe.html
 [2] http://bsdly.blogspot.com/2007/07/hey-spammer-heres-list-for-you.html
 [3] http://www.bsdly.net/~peter/traplist.html

Re: SMTP flood + spamdb

[Peter N. M. Hansteen]

patrick keshishian [EMAIL PROTECTED] writes:

 When you speak of misconfigured mail servers bouncing spam,
 what exactly is a proper configured mail server supposed to
 do with spam directed at non-existing user @their-host-name?

The real question in there is, what does a properly configured mail
server do with spam?  My answer is, if it gets as far as content
filtering, drop it as soon as it's classified as spam, don't bounce
it.  Bouncing spam is never useful, the purported return address is
extremely unlikely to be deliverable.

A bounce is only useful for valid messages (which happen to be sent to
a mistyped address), which in our context means that the message has
passed greylisting and most likely some content filtering or other.
In all likelihood you will still bounce to a few bogus ones, but
taking this approach makes you a lot less noisy.

The noise you are seeing is from sites which either don't bother much
with filtering, or if they do, belong to that little cult of bouncing
spam is good believers.

  - GREY list count is 342 (and growing)
  - unique bogus email count is 341
  - ESTABLISHED spamd connection count is 63 (and growing)

Unless your spamd box is extremely skinny, none of these figures are
particularly worrying.  spamd allocates IIRC about 12 kilobytes of
buffers per tarpitted host, for greylist entries just another tuple in
the database.

My list of trap addresses, all harvested from stuff from out there, is
just over 2700.  Right now there are 273 hosts in the greylist at the
gateway closest to where I'm sitting (my home net, actually), with 533
in TRAPPED state.

 This is not fun :-\

Well, it should not be a huge problem.  IMO people who fake addresses
in other people's domains should be prosecuted for some variety of
fraud, but with the current level of digital competence in law
enforcement that is just not going to happen.  In the meantime we have
reasonable countermeasures.  See what greyscanner can do for you.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Debugging ral

[Francesco Toscan]

I'd like to thank in public Damien Bergamini, he helped me a lot in 
debugging my ral setup: it was very very slow and unreliable. With 
Damien's tips now I have a better understanding of my ral device and, 
above all, it works flawlessy.


I wrote a small doc reporting this experience and Damien's tips: I hope 
it could be useful.

http://sekureshell.altervista.org/docs/trouble_ral.html

f.
Soekris docs  resources - http://sekureshell.altervista.org

hoststated, using the same tables for more than one service

[Josh]

Hello there.

I am using hoststated to fail over to a backup server. No dramas in that 
department.


However, I have more than one internet connection for which hoststated 
is doing rdr's for. Each incoming internet connection goes to a specific 
carp ip, and I tag it. Then I use a reply-to later on to tell it which 
gateway to reply back to (instead of going out the default route).


so the network looks like this:

conn1 - conn1_firewall - hoststated_firewall(carp1) - server
conn2 - conn2_firewall - hoststated_firewall(carp2) - server
conn3 - conn3_firewall - hoststated_firewall(carp3) - server


Anyway, my question is, can I use the same tables in multiple service 
entries? ( one for each connection )


Example:

# for internet connection one
service connection_one {
   virtual host 192.168.0.1 port 25
   tag route_one
   table main_server
   backup table backup_server
}

# for internet connection two
service connection_two {
   virtual host 192.168.0.2 port 25
   tag route_two
   table main_server
   backup table backup_server
}

and so on.

Can I do that without any weird side effects?

It will save me duplicating the table entry's for each different 
internet connection I get connections on.


Thanks,
   Josh

Re: hoststated, using the same tables for more than one service

[Pierre-Yves Ritschard]

 Anyway, my question is, can I use the same tables in multiple service 
 entries? ( one for each connection )
 

no problem there.

Re: SMTP flood + spamdb

[Craig Skinner]

patrick keshishian wrote:


I'm very certain right now, this flood is due to a spammer
using these fake addresses @my-domain-name to spam these mail
server (all around the world -- Japan, South America, US,
Germany, Ireland, etc...) and I'm getting the brunt of it in
the form of these bounced messages.

At this point I think I have no other choice but to wait out
the storm.



Read up on backscatter spam.

This is a deliberate attack on your domain.

How it works:

A spammer uses infected home user boxes to send random mail to various 
domains, with fake random addresses in your domain as the from or 
reply-to address.


When the target domain of the initial domain does not do recipient 
validation at the smtp connection stage (as it should do), but spools 
and then rejects the mail - to you, hence you are the real target.


Greylisting is of no use whatsoever because the servers sending the 
bounces to you are actual smtp boxes (sendmail, extrange, ), not 
malware, so they will quickly bypass spamd. Spamd greytraps will help a 
great deal, but you say that the addresses are random.



How to cope with it:

All you can do is make sure that you reject mail for unknown users at 
the smtp connection stage. You can rate limit most mail daemons so they 
don't overwhelm your box. Don't worry about it, I sometimes have up to 
1300 messages a minute hitting my PII 350 box on a 500M ADSL and can not 
tell the difference when surfing about.



How to run a mailserver:

Reject mail for unknown users at the initial smtp connection stage.

For valid users; either reject spam at the smtp connection stage, or 
spool it, process it later, tag it as spam and deliver it to the user's 
spam box - do not bounce it later as you will then be generating 
backscatter for some other poor soul.


Note: some versions of exchange can not do recipient validation at the 
smtp connection stage, so this will always be a problem, and is yet 
another reason never to have exchange as an internet facing mail server.

Re: SMTP flood + spamdb

[Peter N. M. Hansteen]

Craig Skinner [EMAIL PROTECTED] writes:

 malware, so they will quickly bypass spamd. Spamd greytraps will help
 a great deal, but you say that the addresses are random.

I think what happened here is that somebody let the random address
generator run for longer than intended.  

One or more spammer groups has been doing similar things to some of
the domains I admin for some months now, and the typical rate of new,
essentially random, addresses found per day is about 20, sometimes as
high as 50, and in one case more than 700.  That last one was probably
a case of asleep at the wheel too.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Proper way to install library from source

[Karel Kulhavy]

Hello

I would like to have the AoTuV Vorbis encoder. There is no package for that.
Is this supported on OpenBSD and if yes what is the proper way to do it?

I downloaded the AoTuV libvorbis (it's just a different version of
libvorbis), compiled, installed, then oggenc didn't recognize -q 2. So I
removed oggenc and compiled oggenc from sources, that recognized -q -2 but
segfaulted. I thought there is some mechanism to prevent loading a library with
different version and segfault.

When I remove all traces from libvorbis and install aotuv and vorbistools
(oggenc) from sources, then it works like charm. But I don't have mplayer,
audacity, mpd then which I want.

CL

Re: SMTP flood + spamdb

[Stuart Henderson]

On 2007/09/25 00:08, patrick keshishian wrote:
 
 I'm very certain right now, this flood is due to a spammer
 using these fake addresses @my-domain-name to spam these mail
 server (all around the world -- Japan, South America, US,
 Germany, Ireland, etc...) and I'm getting the brunt of it in
 the form of these bounced messages.
 
 At this point I think I have no other choice but to wait out
 the storm.

If it's compatible with how you use the domain, it might help
to publish SPF records.

 When you speak of misconfigured mail servers bouncing spam,
 what exactly is a proper configured mail server supposed to
 do with spam directed at non-existing user @their-host-name?

The correct behaviour is to reject it at the SMTP port, rather
than issue a bounce.

Also: all hosts listed in MX records should be aware of the
list of valid users and do the same. For sendmail, this is easy
to do with the access map. For Postfix, relay_recipient_maps.

 FYI, as of now my:
 
  - GREY list count is 342 (and growing)
  - unique bogus email count is 341
  - ESTABLISHED spamd connection count is 63 (and growing)
 
 This is not fun :-\

These are bounces, so they'll be coming from MTAs with retry
queues, so they generally will make it through to the real MTA
after (a minimum of) 3 retry attempts.

Depending on how many normal spams that spamd saves you
from, it may be a hindrance to use greylisting here. It might
be better just to get these mails handled quickly and out of
the sender's queues (depends on your bandwidth situation).

On 2007/09/24 20:01, patrick keshishian wrote:
 Btw, your reply-to field contains my e-mail address.  Is that
 intended?

Mail-Followup-To, actually - yes. It wouldn't totally surprise
me if gmail is doing something unexpected with it, though (-:

Re: OBSD's perspective on SELinux

[Marc Espie]

In all my experience, every single complex security policy I've seen
has very serious issues.   Complexity kills it. There's always a scenario
somewhere that someone has forgotten about that breaks stuff.

Heck, this even happens with access control systems like PAM. About every
3 months, we hear of a security hole where some distro has managed to ship
an ssh policy that makes it possible for root to login remotely without
entering a password, provided he does not have a DSA key (don't believe my
word, read bugtraq!).

There is no model of complex security authentication systems. There is no
tool that allows people to configure this kind of stuff properly, *and
check the results*. Not just write documents, but actually verify that
*every case* makes sense.   Consider the combinatorial complexity of that.
Consider real information systems, where people either have ten passwords
to remember, or they use some account that's not there, or there is some
temporal incongruity between what should be and what is.

(Tivoli is probably the closest there is to that in the proprietary world).

In the end, you want simple security. If you need ACLs, then you probably
fucked up your design, and decided to add an architectural band-aid to
cater over the holes of the broken design.

That said, ACLs and mandatory access control make for great security theater
(see Bruce Schneier's website if you don't get the reference).
It's the kind of expertise that allows consulting business to make a living
in security IT.

Not much actual security, though.

non-x86-based hardware for OBSD?

[Lars Noodén]

I'm looking at the recent article on Soekris and very favorably impressed.

Setting up a Soekris 5501 with OpenBSD 4.2  24 Sep 2007
http://undeadly.org/cgi?action=articlesid=20070924004901

The setup seems almost perfect, except that the AMD Geode seems to be
x86-based.

What corresponding non-x86 hardware options are common, recommended, or
even available ?

Regards,
-Lars

Re: SMTP flood + spamdb

[Peter N. M. Hansteen]

Stuart Henderson [EMAIL PROTECTED] writes:

 If it's compatible with how you use the domain, it might help
 to publish SPF records.

I suppose I'll never know how many receivers of spam claiming to be
from [EMAIL PROTECTED] (yes, fresh from the source) and friends
actually acted on the SPF info for the domain and skipped sending a
bounce, but the ones that don't use SPF in any meaningful way still
generate significant backscatter.  Once [EMAIL PROTECTED] is a
spamtrap it won't matter much of course, except for any valid mail
which might happen to venture out from the same IP address to somebody
at datadok.no.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: non-x86-based hardware for OBSD?

[nicodache]

VIA, Intel lo-comsumption, are X86-based.
You should go into the ARM world to get something like that, and you
will be disapointed, as it is much much harder to find something with
4 network connectors, serial, flash, pci, mini-pci connector, due to
the lack of products  manufacturers.

You may want to check the website of the manufacturers mentionned on
epiacenter website
(http://www.epiacenter.com/modules.php?name=Contentpa=showpagepid=39),
some of them have a very broad range of product, more than you can
easily find on the net.

Regards,

On 9/25/07, Lars Noodin [EMAIL PROTECTED] wrote:
 I'm looking at the recent article on Soekris and very favorably impressed.

 Setting up a Soekris 5501 with OpenBSD 4.2  24 Sep 2007
 http://undeadly.org/cgi?action=articlesid=20070924004901

 The setup seems almost perfect, except that the AMD Geode seems to be
 x86-based.

 What corresponding non-x86 hardware options are common, recommended, or
 even available ?

 Regards,
 -Lars

Re: non-x86-based hardware for OBSD?

[Karl Sjödahl - dunceor]

On 9/25/07, Lars NoodC)n [EMAIL PROTECTED] wrote:
 I'm looking at the recent article on Soekris and very favorably impressed.

 Setting up a Soekris 5501 with OpenBSD 4.2  24 Sep 2007
 http://undeadly.org/cgi?action=articlesid=20070924004901

 The setup seems almost perfect, except that the AMD Geode seems to be
 x86-based.

 What corresponding non-x86 hardware options are common, recommended, or
 even available ?

 Regards,
 -Lars



Do you have any special reasons for not using x86-based hardware?

BR
dunceor

Re: SMTP flood + spamdb

[Stuart Henderson]

On 2007/09/25 10:29, Stuart Henderson wrote:
 Also: all hosts listed in MX records should be aware of the
 list of valid users and do the same. For sendmail, this is easy
 to do with the access map.

I had a question off-list about how to do this, so I guess
some other people will benefit from an example of how to set
this up.

To:domain.comerror:550 5.1.1 No such user
To:[EMAIL PROTECTED] OK
To:[EMAIL PROTECTED]  OK
To:[EMAIL PROTECTED]  OK

then (cd /etc/mail; sudo makemap hash access  access)

Re: SMTP flood + spamdb

[RW]

On Tue, 25 Sep 2007 09:38:10 +0100, Craig Skinner wrote:


Greylisting is of no use whatsoever because the servers sending the 
bounces to you are actual smtp boxes (sendmail, extrange, ), not 
malware, so they will quickly bypass spamd. Spamd greytraps will help a 
great deal, but you say that the addresses are random.


I've snipped all the content (which I largely  agree with) above and
below this paragraph to recount my experience which started about a
fortnight ago and ran for about a week.

Log analysis showed that there were two classes of incoming unwanted
crap.

One was bounced mail that should have been rejected as invalid
recipient mail at the original target. That included an mx at
aph.gov.au, the Australian Federal Parliamnet House. Yep, the pollies
who want ISPs to block websites on request and who spent $84mil on a
kiddie-filter that some 10-year old bypassed in ten minutes,

The others were from bots as far as I could tell but they were not
being sent by MTAs which had received them.

My defence was to write a couple of scripts. One parsed the output of
spamdb looking for GREY with sender  and then tested the intended
recipient against the postfix valid mailbox database. If it failed then
the sender IP was added to a pf table that was outright blacklisted for
24 hours. The other script did housekeeping and added sender IPs to the
TRAPPED category in case they retried later.

The blacklist grew rapidly to over 1200 unique addresses but then
petered out after a few days and I turned off the cron jobs running the
scripts at day nine.

So greylisting/spamd did a hell of a good job for me. I would not have
been able to block traffic from all those crappily configured boxes
(MTAs mostly qmail or windows) unless I had a greylist database to scan
every few minutes.

Peter H and Beck@ know what they are doing alright and do good papers
on it.
Thanks.
R/

Me...a skeptic?  I trust you have proof.

Re: SMTP flood + spamdb

[Peter N. M. Hansteen]

RW [EMAIL PROTECTED] writes:

 One was bounced mail that should have been rejected as invalid
 recipient mail at the original target. That included an mx at
 aph.gov.au, the Australian Federal Parliamnet House. Yep, the pollies
 who want ISPs to block websites on request and who spent $84mil on a
 kiddie-filter that some 10-year old bypassed in ten minutes,

You did buy a nice frame to put that in, I hope? ;)

I've been noticing that the generated junk addresses which were
originally used as from addresses on spam sent to elsewhere
(generating the bounces we see here) tend to resurface pretty soon in
my greylists as to addresses on attempted incoming spam.  I also see
quite a few attempts at reaching actually deliverable addresses in our
domains with a fake from address.  So I think it may be just a matter
of time before I see spam where both to and from are already in my
spamtraps.

(and thanks, RW)

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: hoststated, using the same tables for more than one service

[Josh]

 Well after trying it, it appears there _IS_ a problem there. One of the
services was not
working. As soon as I gave it its own separate tables, it worked.

Pierre-Yves Ritschard wrote:

Anyway, my question is, can I use the same tables in multiple service 
entries? ( one for each connection )

  no problem there.

Re: SMTP flood + spamdb

[Craig Skinner]

Stuart Henderson wrote:


I had a question off-list about how to do this, so I guess
some other people will benefit from an example of how to set
this up.




If you are using postfix:

/etc/postfix/main.cf:
..
..
smtpd_recipient_restrictions =
reject_non_fqdn_hostname
reject_invalid_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unlisted_recipient   -- this one
reject_unlisted_sender
reject_unknown_reverse_client_hostname
warn_if_rejectreject_unknown_client_hostname
reject_unknown_helo_hostname
reject_unknown_sender_domain
reject_unknown_recipient_domain
permit_mynetworks
reject_unauth_destination
...
...
...
unknown_address_reject_code = 554
alias_maps = btree:$config_directory/aliases


/etc/postfix/aliases:
..
..
joe.bloggs  jb123456
joe jb123456
bloggs  jb123456


$ sudo postfix reload

Re: SMTP flood + spamdb

[Craig Skinner]

RW wrote:


The others were from bots as far as I could tell but they were not
being sent by MTAs which had received them.



Yes, but the OPs problem is back scatter, and that does not come from 
bots, they don't retry.


$ man spamd:

DESCRIPTION
 spamd is a fake sendmail(8)-like daemon which rejects false mail.
 It is designed to be very efficient so that it does not slow down
 the receiving machine.
..
..
 greylisted hosts are redirected to spamd, but spamd has not yet
 decided if they are likely spammers.  They are given a temporary
 failure message by spamd when they try to deliver mail.


Greylisting works brilliantly for bots, but wont help with hosts that 
retry, as is the case in back scatter.


If the OP was repeatedly getting mail to a few addresses from different 
hosts, he could use grey trapping. But he said that they are all random.

what if hoststated dies?

[Josh]

Gidday,

How can I have a rdr rule which redirects to the same main servers that 
hoststated does ( using a different table/macro in pf.conf than the 
hoststated rdr statement does ), which only matches when hoststated is 
not running?


What happens if hoststated crashes? Does its latest table entry's and 
rdr rules still remain?


Thanks,
   Josh

Re: hoststated, using the same tables for more than one service

[Pierre-Yves Ritschard]

On Tue, 25 Sep 2007 23:25:44 +1200
Josh [EMAIL PROTECTED] wrote:

  Well after trying it, it appears there _IS_ a problem there. One of
 the services was not
 working. As soon as I gave it its own separate tables, it worked.
 
 Pierre-Yves Ritschard wrote:
 
 Anyway, my question is, can I use the same tables in multiple
 service entries? ( one for each connection )
 
   no problem there.
 
the following works:

webhost1=a.b.c.d
webhost2=e.f.g.h
public1=w.x.y.z
public2=w.x.y.z

table web1 {
real port http
check http / code 200
host $webhost1
}

table web2 {
real port http
check http / code 200
host $webhost2
}

table sorry {
check icmp
real port http
host 127.0.0.1
}

service www1 {
virtual host $public1 port 80
table web1
backup table sorry
}

service www2 {
virtual host $public2 port 80
table web2
backup table sorry
}

Re: non-x86-based hardware for OBSD?

[Lars Noodén]

nicodache wrote:
 ...
 You should go into the ARM world to get something like that, and you
 will be disapointed, as it is much much harder to find something with
 4 network connectors, serial, flash, pci, mini-pci connector, due to
 the lack of products  manufacturers.

Yes.  I know.  Hence my query to the list.

 ... on epiacenter website ...

I find only x86-based units there: celeron, amd geode, pentium, c3,
eden, TM8600, etc.

One ARM on the list, though.  But isn't ARM now under Intel, maker of AMT?

There has got to be non-x86 units out there, SBC or other, running  Cell
or Freescale or anything else.

Regards,
-Lars

Re: SMTP flood + spamdb

[Liviu Daia]

On 25 September 2007, RW [EMAIL PROTECTED] wrote:
[...]
 My defence was to write a couple of scripts. One parsed the output of
 spamdb looking for GREY with sender  and then tested the intended
 recipient against the postfix valid mailbox database.
[...]

With Postfix you can use anvil(8) to control concurrency.

Regards,

Liviu Daia

-- 
Dr. Liviu Daia  http://www.imar.ro/~daia

Re: what if hoststated dies?

[Luca Corti]

On Wed, 2007-09-26 at 00:01 +1200, Josh wrote:
 What happens if hoststated crashes? Does its latest table entry's and 
 rdr rules still remain?

Maybe you can try a kill -9 and see what happens.

ciao

Luca

Re: non-x86-based hardware for OBSD?

[Karl Sjödahl - dunceor]

On 9/25/07, Lars NoodC)n [EMAIL PROTECTED] wrote:
 nicodache wrote:
  ...
  You should go into the ARM world to get something like that, and you
  will be disapointed, as it is much much harder to find something with
  4 network connectors, serial, flash, pci, mini-pci connector, due to
  the lack of products  manufacturers.

 Yes.  I know.  Hence my query to the list.

  ... on epiacenter website ...

 I find only x86-based units there: celeron, amd geode, pentium, c3,
 eden, TM8600, etc.

 One ARM on the list, though.  But isn't ARM now under Intel, maker of AMT?

 There has got to be non-x86 units out there, SBC or other, running  Cell
 or Freescale or anything else.

 Regards,
 -Lars



What is AMT?

Well ARM is not under Intel, Intel does ARM-processors just like
several others do (Atmel, TI, Phillips etc). ARM only licence their
technology and their designs and let others produce it.

The question is what are your goal with the system? Route, small file
server, entertainment box? Please explain your demands and purpose
with the system and people can help and identify what hw that could
suite.

Br
Dunceor

Re: non-x86-based hardware for OBSD?

[nicodache]

I think AxiomTek has what you're looking for.
And if it doesn't, then either there is no such thing as you search,
or it's well hidden.

regards,

On 9/25/07, Lars Noodin [EMAIL PROTECTED] wrote:
 nicodache wrote:
  ...
  You should go into the ARM world to get something like that, and you
  will be disapointed, as it is much much harder to find something with
  4 network connectors, serial, flash, pci, mini-pci connector, due to
  the lack of products  manufacturers.

 Yes.  I know.  Hence my query to the list.

  ... on epiacenter website ...

 I find only x86-based units there: celeron, amd geode, pentium, c3,
 eden, TM8600, etc.

 One ARM on the list, though.  But isn't ARM now under Intel, maker of AMT?

 There has got to be non-x86 units out there, SBC or other, running  Cell
 or Freescale or anything else.

 Regards,
 -Lars

Re: hoststated, using the same tables for more than one service

[Pierre-Yves Ritschard]

On Tue, 25 Sep 2007 14:08:50 +0200
Pierre-Yves Ritschard [EMAIL PROTECTED] wrote:

 On Tue, 25 Sep 2007 23:25:44 +1200
 Josh [EMAIL PROTECTED] wrote:
 
   Well after trying it, it appears there _IS_ a problem there. One of
  the services was not
  working. As soon as I gave it its own separate tables, it worked.
  
  Pierre-Yves Ritschard wrote:
  
  Anyway, my question is, can I use the same tables in multiple
  service entries? ( one for each connection )
  
no problem there.
  
 the following works:
 
After checking again, there seems to be a problem here indeed. I'll get
working on a solution.

Re: non-x86-based hardware for OBSD?

[Lars Noodén]

Karl SjC6dahl - dunceor wrote:

 What is AMT?

 http://www.intel.com/technology/platform-technology/intel-amt/index.htm

aka rootkit for everybody
 http://strombergson.com/kryptoblog/?p=311

 Well ARM is not under Intel, Intel does ARM-processors just like
 several others do (Atmel, TI, Phillips etc). ARM only licence their
 technology and their designs and let others produce it.

Ok. However, the devil is in the details.

 The question is what are your goal with the system? ...

Route / filter as the Soekris boxes are often used.

-Lars

Re: OBSD's perspective on SELinux

[Marc Espie]

Just for the fun of it, some people subscribe to misc@ from politically
correct accounts.

So, I got a bounce on my last email, because I was saying that complex
security ACLs were fucked up by design.

This email is probably going to get blocked too, which is all that they
deserve. 


Fucking retards.

Re: non-x86-based hardware for OBSD?

[Stuart Henderson]

On 2007/09/25 15:19, Lars Noodin wrote:
 nicodache wrote:
  ...
  You should go into the ARM world to get something like that, and you
  will be disapointed, as it is much much harder to find something with
  4 network connectors, serial, flash, pci, mini-pci connector, due to
  the lack of products  manufacturers.

 Yes.  I know.  Hence my query to the list.

Thecus N2100 has two ethernet, minipci, USB, serial. But although
it's low power, it's quite noisy (most of my fast arch boxes are
*far* quieter). Maybe it would be ok with a SATACF bridge and
the fan removed...but then it really could use another ethernet
port or two. And it would be nice if it had something like the
+++ reset / +++ power feature that the net5501 has.

  ... on epiacenter website ...
 
 I find only x86-based units there: celeron, amd geode, pentium, c3,
 eden, TM8600, etc.

I just noticed Commell LV-681 (socket S1 amd64; ati chipset)... it looks
quite expensive, though, and at least where I live, only a limited part
of their product range seems to be available (VIA/Intel CPU mini-itx
boards mostly - BVM list some of the others but weren't capable of
answering email last time I tried).

 One ARM on the list, though.  But isn't ARM now under Intel, maker of AMT?

Not all Intel CPUs are i386-compatible, of course...

 There has got to be non-x86 units out there, SBC or other, running  Cell
 or Freescale or anything else.

Freescale is a company, not a CPU architecture - looks like
they have designs using powerpc, arm, etc.

altroot is not mentioned in FAQ

[Jan Stary]

Hi all,

afterboot(8) mentions /altroot, which is a nice feature.

But you only learn about /altroot when you read afterboot(8).
By that time, you already have a system installed, in particular
your disk is already partitioned, and typically you don't have
the spare partition (of size at least that of /) to use for
/altroot.

So my suggestion is: /altroot should be mentioned in the
install faq, probably in the 'setting up disks' paragraph:
http://openbsd.org/faq/faq4.html#Disks

Thanks

Jan

kde automounting

[Rodrigo V. Raimundo]

Is there a way to get kde's automounting functionality working under obsd?
At linux I think it uses hal-deamon plus something like pmount.
Some way to make /etc/hotplug/attach call some kde application with 
DISPLAY=:0.0 that lets the gui-logged user mount (or not) its usb drive ?

Re: Debugging ral

[Matthew Szudzik]

 I wrote a small doc reporting this experience and Damien's tips: I hope it
 could be useful.
 http://sekureshell.altervista.org/docs/trouble_ral.html

I have a question.  You list channel 112 as having the greatest power 
(power=57), and claim that you chose the channel with the greatest 
power.  But later, when clients associate with your network they connect 
with channel 6

 ral0: sending auth to 00:19:5b:xx:xx:xx on channel 6 mode 11b

Why did you choose channel 6 instead of channel 112 (or channels 161 or 
165, which have power=16)?  Channels 1 through 6 all have power=14.

Re: kde automounting

[Antti Harri]

On Tue, 25 Sep 2007, Rodrigo V. Raimundo wrote:


Is there a way to get kde's automounting functionality working under obsd?
At linux I think it uses hal-deamon plus something like pmount.
Some way to make /etc/hotplug/attach call some kde application with 
DISPLAY=:0.0 that lets the gui-logged user mount (or not) its usb drive ?


Why not just mount the stick (with hotplug) in all cases when it's
plugged in?

--
Antti Harri

Re: Debugging ral

[Francesco Toscan]

A few lines above I wrote supported channel: i meant supported by your 
clients. Yes, this should be corrected, thank you.
I don't know if some device supports those high channels: another ral 
adapter I tested does, my laptop doesn't.
For example my iBook supports channels from 1 to 11 (don't know if it 
is an hardware limitation or it's just Apple) while another Toshiba 
laptop equipped with XP associates on chan 13 without any problem, not 
channel 112 however.
After some playing with my clients I found the most powerful supported 
channel for me is chan 6.


f.
Non sono pigro...ma non ne ho voglia :D :D

Il giorno 25/set/07, alle 16:15, Matthew Szudzik ha scritto:



Why did you choose channel 6 instead of channel 112 (or channels 161 or
165, which have power=16)?  Channels 1 through 6 all have power=14.

Re: kde automounting

[Rodrigo V. Raimundo]

Antti Harri wrote:

On Tue, 25 Sep 2007, Rodrigo V. Raimundo wrote:

Is there a way to get kde's automounting functionality working under 
obsd?

At linux I think it uses hal-deamon plus something like pmount.
Some way to make /etc/hotplug/attach call some kde application with 
DISPLAY=:0.0 that lets the gui-logged user mount (or not) its usb 
drive ?


Why not just mount the stick (with hotplug) in all cases when it's
plugged in?



Just automounting works good when you own the machine. I'm planning 
futher installing obsd on public (shared) environments.
I think p(u)mount can be a good solution to let an unprivileged user 
mount/umount removable media on its will. Sudo access to mount/umount is 
dangerous.

Re: SMTP flood + spamdb

[Chris Smith]

On Tuesday 25 September 2007, Craig Skinner wrote:
 If you are using postfix:

 /etc/postfix/main.cf:
 ..
 ..
 smtpd_recipient_restrictions =
  reject_non_fqdn_hostname
  reject_invalid_hostname
  reject_non_fqdn_sender
  reject_non_fqdn_recipient
  reject_unlisted_recipient  -- this one

Isn't this actually a postfix default?
As smtpd_reject_unlisted_recipient defaults to yes.

--
Chris

Re: what if hoststated dies?

[Pierre-Yves Ritschard]

On Tue, 25 Sep 2007 14:22:19 +0200
Luca Corti [EMAIL PROTECTED] wrote:

 On Wed, 2007-09-26 at 00:01 +1200, Josh wrote:
  What happens if hoststated crashes? Does its latest table entry's
  and rdr rules still remain?
 
 Maybe you can try a kill -9 and see what happens.
 
 ciao
 
 Luca
 
better try pkill -SEGV hoststated ;)
in either case, the pfe process catches the fact that the hce process
dies and cleans up the tables and rules before completely dying.

Clearance Announcement from Art Robinson

[Sheldeez Hair Products and Salons Inc.]

African American Hair Dot Com Specials. Some Items
60% Off
http://www.youtube.com/watch?v=MMlYv5iKktsDulles
Beauty Supply1110 Elden St. #B Suite 204Herndon,
VA 20170

Re: kde automounting

[Nick Guenther]

On 9/25/07, Rodrigo V. Raimundo [EMAIL PROTECTED] wrote:
 Antti Harri wrote:
  On Tue, 25 Sep 2007, Rodrigo V. Raimundo wrote:
 
  Is there a way to get kde's automounting functionality working under
  obsd?
  At linux I think it uses hal-deamon plus something like pmount.
  Some way to make /etc/hotplug/attach call some kde application with
  DISPLAY=:0.0 that lets the gui-logged user mount (or not) its usb
  drive ?
 
  Why not just mount the stick (with hotplug) in all cases when it's
  plugged in?
 

 Just automounting works good when you own the machine. I'm planning
 futher installing obsd on public (shared) environments.
 I think p(u)mount can be a good solution to let an unprivileged user
 mount/umount removable media on its will. Sudo access to mount/umount is
 dangerous.

Well, there is an unofficial freebsd port of pmount, it seems (judging
from the list at the bottom of
http://packages.debian.org/unstable/utils/pmount), so you could
probably adapt that. But would
http://www.openbsd.org/cgi-bin/man.cgi?query=hotplugd work for you?
Just make sure only root can write the hotplugd scripts and set it up
to automount and you're good, no?

-Nick

Re: carp ip balancing (-current)

[dane johansen]

I went to colo, and checked what happened, as soon as a type:
ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
I get:
ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
uvm_fault(0xd6a07524, 0x0, 0, 3) - e
kernel: page fault trap, code=0
Stopped at carp_join_multicast+0x32:movl %eax, 0(%edx)
ddb

(i cann't type anything after that).
Version is:

OpenBSD 4.2-current as of Wed Sep 19, 2007

I tried it on two (identical IBM netvista desktops) (actually it's 4
netvistas, but 2 works perfectly well, but as soon as you try to add 3d
one...)

dmesg:

OpenBSD 4.2-current (GENERIC) #0: Wed Sep 19 08:48:10 PDT 2007
[EMAIL PROTECTED]
:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.26GHz (GenuineIntel 686-class) 2.26 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM
real mem  = 534802432 (510MB)
avail mem = 509419520 (485MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/02/02, BIOS32 rev. 0 @ 0xfd844,
SMBIOS rev. 2.31 @ 0xf01e0 (51 entries)
bios0: vendor IBM version 24KT33AUS date 12/02/2002
bios0: IBM 830531U
pcibios0 at bios0: rev 2.1 @ 0xfd700/0x900
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf00/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xb200! 0xcb800/0x1000 0xcc800/0x1000
0xe/0x1!
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82845G/GL rev 0x01
vga1 at pci0 dev 2 function 0 Intel 82845G/GL Video rev 0x01: aperture at
0x8800, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 10
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 5
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 9
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x81
pci1 at ppb0 bus 2
fxp0 at pci1 dev 8 function 0 Intel PRO/100 VE rev 0x81, i82562: irq 9,
address 00:09:6b:e1:d1:17
inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0
ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x01: 24-bit
timer at 3579545Hz
pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x01: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: IC35L040AVVN07-0
wd0: 16-sector PIO, LBA, 38162MB, 78156288 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8480B, 1.02 SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 9
iic0 at ichiic0
admtemp0 at iic0 addr 0x4c: adm1032
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 9, ICH4
AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2: Intel UHCI root hub, rev 1.00 /1.00, addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ff65 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
uhidev0 at uhub1 port 2 configuration 1 interface 0
uhidev0: DELL DELL USB Keyboard, rev 1.10/1.05, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on wd0b
WARNING: / was not properly unmounted- Hide quoted text -


On 9/20/07, Chad M Stewart [EMAIL PROTECTED] wrote:

 just a thought...  so you don't lose connectivity to the boxes, give
 each box its own IP.  Then use additional IPs for the carp
 interfaces.   Then you can lose connectivity to the carp IP but
 hopefully continue with the box IP.
 On my production pair I have assigned 172.16.0.0/16 to the physical
 

Re: carp ip balancing (-current)

[Marco Pfatschbacher]

On Tue, Sep 25, 2007 at 08:57:19AM -0700, dane johansen wrote:
 I went to colo, and checked what happened, as soon as a type:
 ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
 I get:
 ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
 uvm_fault(0xd6a07524, 0x0, 0, 3) - e
 kernel: page fault trap, code=0
 Stopped at carp_join_multicast+0x32:movl %eax, 0(%edx)
 ddb

You were unlucky and stepped on a bug in -current.
Claudio fixed that already:
 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_carp.c?f=h#rev1.151

wi maximal power

[Marcus Andree]

Dear all,

First, let me say a big hello to everyone here. I've been out of this
list for almost three years... Just came back less than a week ago and
Chuck Yerkes is sorely missing...

I don't know if this question will be better answered here or on [EMAIL 
PROTECTED]

After reading an email about power management on ral devices, took
a look in the following piece of code, from if_wi.c.

It seems to suggest that power output, using wi devices, is limited.
Anything greater than 20dBm will be treated as 20dBm.

I'm waiting the arrival of some senao cards, capable of 200mW (23dBm)
output. Is the wi driver capable of handling this amount of power?


STATIC int
wi_set_txpower(struct wi_softc *sc, struct ieee80211_txpower *txpower)
{
u_int16_t   cmd;
u_int16_t   power;
int8_t  tmp;
int error;
int alc;

if (txpower == NULL) {
if (!(sc-wi_flags  WI_FLAGS_TXPOWER))
return (EINVAL);
alc = 0;/* disable ALC */
} else {
if (txpower-i_mode == IEEE80211_TXPOWER_MODE_AUTO) {
alc = 1;/* enable ALC */
sc-wi_flags = ~WI_FLAGS_TXPOWER;
} else {
alc = 0;/* disable ALC */
sc-wi_flags |= WI_FLAGS_TXPOWER;
sc-wi_txpower = txpower-i_val;
}
}   

/* Set ALC */
cmd = WI_CMD_DEBUG | (WI_DEBUG_CONFBITS  8);
if ((error = wi_cmd(sc, cmd, alc, 0x8, 0)) != 0)
return (error);

/* No need to set the TX power value if ALC is enabled */
if (alc)
return (0);

/* Convert dBM to internal TX power value */
if (sc-wi_txpower  20)
power = 128;
else if (sc-wi_txpower  -43)
power = 127;
else {
tmp = sc-wi_txpower;
tmp = -12 - tmp;
tmp = 2;

power = (u_int16_t)tmp;
}

/* Set manual TX power */
cmd = WI_CMD_WRITE_MIF;
if ((error = wi_cmd(sc, cmd,
 WI_HFA384X_CR_MANUAL_TX_POWER, power, 0)) != 0)
return (error);

if (sc-sc_ic.ic_if.if_flags  IFF_DEBUG)
printf(%s: %u (%d dBm)\n, sc-sc_dev.dv_xname, power,
sc-wi_txpower);

return (0);
}

Re: carp ip balancing (-current)

[dane johansen]

Thanks.

On 9/25/07, Marco Pfatschbacher [EMAIL PROTECTED] wrote:

 On Tue, Sep 25, 2007 at 08:57:19AM -0700, dane johansen wrote:
  I went to colo, and checked what happened, as soon as a type:
  ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
  I get:
  ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
  uvm_fault(0xd6a07524, 0x0, 0, 3) - e
  kernel: page fault trap, code=0
  Stopped at carp_join_multicast+0x32:movl %eax, 0(%edx)
  ddb

 You were unlucky and stepped on a bug in -current.
 Claudio fixed that already:

 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_carp.c?f=h#rev1.151

'����' ���� ���� ������� ����� ����� ����� ��� �������; ������ ��������� ��� ���� ����� �� 5 ����

[ArabianBusiness.com Arabic]

[IMAGE]Having trouble reading this email? See it in your browser

ArabianBusiness.com Daily News Alert

GHMK ]m Gacf^Z:

GaCMO ,25 SHJcHQ 2007



[IMAGE]

GaCNHGQ GaQFmSmI

XG^I JZQV NcSI camGQGJ OfaGQ aTQGA HQGmc fSJ Ga_dOmI
XG^I Jdfm JMfma fMOJeG Ga_dOmI GaLOmOI Eal cdJL _HmQ aad]X

GaOQec GaEcGQGJm ^QH CZal cSJfl ]m 5 SdfGJ
GJSGZ dXG^ GaJ_edGJ HQ]Z ^mcI GaQmGa GaSZfOm aJUa Eal ZcaGJ Ofa NamLmI
CNQl

ArabianBusiness.com JobsBrowse all jobs ;

Business Operations Manager
Dubai, UAE

Head of Risk - Banking
Doha, Qatar

Head of Proprietary Trading
Doha, Qatar

[IMAGE]

c^GfaGJ

Z^GQ JcdM Smdf U]^I JXfmQ Z^GQm H^mcI 382 camfd OfaGQ
cTQfZ ZLcGd 1 mJCa] cd 16 HQLG cJZOO GaNOcGJ f]dO^G fcQ_RG aacDJcQGJ
fcQG]^ aaJSf^ fGaJQ]me! fm^Z Zal SGMa EcGQI ZLcGd.

cOGdGJ aac^GfaGJ JHdm cdJLZG ]m GaCQOd
GaU]^I JeO] Eal HdGA cdJLZ SfGmcm Zal GaHMQ GacmJ H^mcI 25 camfd OfaGQ

XG^I

GaHMQmd JJXaZ aaGSJKcGQ ]m CSfG^ Gad]X fGa[GR GaCLdHmI
GaHMQmd JLQm cMGOKGJ cZ GaSZfOmI HTCd EHOGa NX CdGHmH d]X Hmd GaHaOmd HNX
CNQ LOmO C_HQ MLcG

Z^GQGJ

Ga_fmJ JM^^ ]m GaGQJ]GZ Gac]GLF aCSZGQ GaZ^GQGJ
GaM_fcI Ga_fmJmI SJT_a aLdI aaJM^m^ ]m CSHGH Ga^]RI GaMGUaI ]m CSZGQ
GaZ^GQGJ fGaCQGVm

JLGQI

OHm GdJQdGTmfdGa _GHmJGa JTJQm MUI ]m cLcfZI Qm]fam
GSJQGJmLmI GaTQ_I JQ_R Zal OZc GaCZcGa Gaccaf_I aZGFaGJ fGaJm JJcJZ HSLa
ccJGR ]m GaJfSZ GadGLM fJca_ c^fcGJ dcf c[QmI

cfGUaGJ

Ec.Ec.Sm GacGamRmI Jf^Z GJ]G^G H^mcI 4.7 camGQ OfaGQ cZ OHm GaZGacmI
HcfLH GaGJ]G^ SJXfQ GaTQ_JGd cQ_R HMQm mVc cQ]C aad]X fCMfGVG LG]I fMfVG
aHdGA fEUaGM GaS]d ]m faGmI LfefQ HLdfH cGamRmG

Gac^GaGJ GaC_KQ ^QGAI

  1. GaNamLmfd mJUOQfd ^GFcI ]fQHS aaZGFaGJ Gaca_mI GaC_KQ KQGA

  2. CcmQ ^XQm mTJQm ^UQG ]m HGQmS c^GHa 110 caGmmd OfaGQ

  3. cUGOQI cZLfd CSdGd SGc ]m GaSZfOmI

  4. JcGS_ GaZcaGJ GaNamLmI HZO N]V CSZGQ Ga]GFOI GaCcQm_mI fJQGLZ
GaOfaGQ

  5. H_Ja J]fR HcTQfZ ]m

To Advertise in this newsletter please contact
: Richard O'Sullivan
Tel: +971 50 651 4745

a^O Ja^mJ ePe GaQSGaI cd TQ_I Bm Jm Hm! GaTQ_I GaQGFOI ]m GadTQ ]m cLGa
GaGJUGaGJ fJ^dmI GacZafcGJ fGaCZcGa ]m GaTQ^ GaCfSX! f^O Jc JSLma HQmO_
GaEa_JQfdm HZO Cd GTJQ_J ]m GadSNI GaEa_JQfdmI adTQI
Arabianbusiness.com/arabic! fPa_ CKdGA GTJQG__ HcSGH^I Cf JU]M_ aCMO
cfG^ZdG (ITP.net; GitexTimes.com; ArabianBusiness.com; TimeOutDubai.com;
TimeOutAbuDhabi.com and Ahlan.ae ).

EPG Q[HJ ]m MP] ZdfGd HQmO_ GaEa_JQfdm cd ^GFcI cQGSaGJdG ]Gd^Q edG Ja^m
ePe GadTQI

Re: touch screens

[Joerg Zinke]

On Mon, 24 Sep 2007 16:15:08 -0700
Chris Cappuccio [EMAIL PROTECTED] wrote:

 Does anyone have any recommendations on 7 or smaller touch screens
 that have a USB input ?
 
 I want something preferrably under or around $100... I want to mount
 it on a car dash.
 

from: http://www.openbsd.org/cgi-bin/man.cgi?query=uts

 The uts driver works with the following touchscreens and panels:

   -   Gunze USB Touch Panel
   -   Hantouch
   -   LG L1510SF LCD Monitor
   -   Origin AE X15e HTPC case with 7 LCD

Re: non-x86-based hardware for OBSD?

[Christian Weisgerber]

Lars Noodin [EMAIL PROTECTED] wrote:

 There has got to be non-x86 units out there, SBC or other, running  Cell
 or Freescale or anything else.

If you look hard enough, I think you can find ARM/MIPS/PowerPC based
single-board computers vaguely comparable to the Soekris range.
Heck, just look at what NetBSD and Wasabi support.  However, OpenBSD
won't run there out of the box, it'll each time require a new port
to this platform.

-- 
Christian naddy Weisgerber  [EMAIL PROTECTED]

Re: touch screens

[Chris Cappuccio]

Well, I don't need scaling support out of the box, I just
want something cheap.  If it takes a little bit of work to make
it happen, that's no problem.  I had a hard time finding the listed
LG monitor, and the Hantouch stuff is not cheap.

Joerg Zinke [EMAIL PROTECTED] wrote:
 
 from: http://www.openbsd.org/cgi-bin/man.cgi?query=uts
 
  The uts driver works with the following touchscreens and panels:
 
-   Gunze USB Touch Panel
-   Hantouch
-   LG L1510SF LCD Monitor
-   Origin AE X15e HTPC case with 7 LCD

-- 
By way of deception, thou shall do war

Re: non-x86-based hardware for OBSD?

[Ted Unangst]

On 9/25/07, Lars Noodin [EMAIL PROTECTED] wrote:
 I'm looking at the recent article on Soekris and very favorably impressed.

Setting up a Soekris 5501 with OpenBSD 4.2  24 Sep 2007
http://undeadly.org/cgi?action=articlesid=20070924004901

 The setup seems almost perfect, except that the AMD Geode seems to be
 x86-based.

indeed.  meaning it uses the same compiler and kernel as the most
widely tested port of openbsd.

 What corresponding non-x86 hardware options are common, recommended, or
 even available ?

why would you want such a thing?

spamd shows up as an open relay

[Rob]

Hey guys,

We just ran across an odd intermittent problem with email that we
traced back to spamd showing up as an open relay. I double-checked the
documentation and mailing list archives and didn't find anything
relevant.

Our mail server is bara.nccn.net, 12.165.58.50. There is a
bump-in-the-wire firewall sitting in front of bara, running OpenBSD +
spamd and a few other goodies. spamd is configured to intercept
incoming smtp connections in the usual way in pf.

Some sample results from http://www.checkor.com/:

RSET
250 Hello, spam sender. Pleased to be wasting your time.
MAIL FROM: [EMAIL PROTECTED]
250 Ok to start over.
RCPT TO: [EMAIL PROTECTED]
Test Failed, 250 You are about to try to deliver spam. Your time will
be spent, for nothing.

and

RSET
250 This is hurting you more than it is hurting me.
MAIL FROM: [EMAIL PROTECTED]
250 Ok to start over.
RCPT TO: @12.165.58.50:[EMAIL PROTECTED]
Test Failed, 250 You are about to try to deliver spam. Your time will
be spent, for nothing.

and

RSET
250 This is hurting you more than it is hurting me.
MAIL FROM: [EMAIL PROTECTED]
250 Ok to start over.
RCPT TO: [EMAIL PROTECTED]@12.165.58.50
Test Failed, 250 You are about to try to deliver spam. Your time will
be spent, for nothing.

and

RSET
250 This is hurting you more than it is hurting me.
MAIL FROM: [EMAIL PROTECTED]
250 Ok to start over.
RCPT TO: [EMAIL PROTECTED]
Test Failed, 250 You are about to try to deliver spam. Your time will
be spent, for nothing.

This is causing some of our outbound email to end up in other peoples'
junk boxes by default by large service providers (oops).

Is there some configuration for spamd that I've missed, or is it going
to require a patch to fix the way it handles mail from/rcpt to, or is
there another workaround?

Thanks,

- R.

Re: spamd shows up as an open relay

[Jeremy C. Reed]

On Tue, 25 Sep 2007, Rob wrote:

 We just ran across an odd intermittent problem with email that we
 traced back to spamd showing up as an open relay. I double-checked the
 documentation and mailing list archives and didn't find anything
 relevant.

Please let us know what service (if different thatn No-IP/CheckOR.com) 
that had you listed. Was it a dnsbl service?

 Some sample results from http://www.checkor.com/:

They assume it is an open relay even though nothing was relayed. More 
accurate relay checks attempt to relay to themselves to verify.

  Jeremy C. Reed

Re: spamd shows up as an open relay

[Rob]

Hi Jeremy,

On 9/25/07, Jeremy C. Reed [EMAIL PROTECTED] wrote:
 On Tue, 25 Sep 2007, Rob wrote:

  We just ran across an odd intermittent problem with email that we
  traced back to spamd showing up as an open relay. I double-checked the
  documentation and mailing list archives and didn't find anything
  relevant.

 Please let us know what service (if different thatn No-IP/CheckOR.com)
 that had you listed. Was it a dnsbl service?

We haven't been listed by any DNSBLs. It looks like it's just some --
a few? big? small? -- service providers that are doing some kind of
check against our mail server, finding it behaving like an open relay,
and routing mail from our mail server to their users' junk folders.

I'll reply back shortly with the name of a specific provider.

  Some sample results from http://www.checkor.com/:

 They assume it is an open relay even though nothing was relayed. More
 accurate relay checks attempt to relay to themselves to verify.

Yeah, I agree. It's the wrong way for them to check for an open relay,
but it is still causing a bit of a problem.

- R.

Re: what if hoststated dies?

[Josh]

So any suggestions on how to have a rdr rule in pf.conf take over when 
this happens?




better try pkill -SEGV hoststated ;)
in either case, the pfe process catches the fact that the hce process
dies and cleans up the tables and rules before completely dying

PF out of sync errors?

[Jake Conk]

Hello,

I have to machines running OpenBSD 4.1 which are acting as a firewalls
and I have pfsync setup between the two. One of my machines had a
power loss and when we turned it back on we got a lot of pf errors
claiming bad state and what not.

Here is the first machine which didn't have a power loss's messages:

pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
:0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::1:ff4e:9848 gwy:
ff02::1:ff4e:9848 ext: :0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
:0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::1:ff4e:9848 gwy:
ff02::1:ff4e:9848 ext: :0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
arp info overwritten for 192.168.10.30 by 00:0e:0c:4e:98:49 on bge1
pf: BAD state: TCP 192.168.10.2:45426 192.168.10.2:45426
192.168.10.40:80 [lo=4000259044 high=4000259046 win=16384 modulator=0]
[lo=0 high=1 win=1 modulator=0] 2:0 S seq=2603308934 (2603308934)
ack=0 len=0 ackskew=0 pkts=1:0 dir=out,fwd
pf: State failure on:   2 |   6
pf: BAD state: TCP 192.168.10.2:30196 192.168.10.2:30196
192.168.10.20:80 [lo=4011403077 high=4011408965 win=16384 modulator=0
wscale=0] [lo=2087131504 high=2087147888 win=46 modulator=0 wscale=7]
9:9 S seq=2689487490 (2689487490) ack=2087131504 len=0 ackskew=0
pkts=5:5 dir=out,fwd
pf: State failure on:   2 |   6
pf: BAD state: TCP 192.168.10.2:31750 192.168.10.2:31750
192.168.10.10:80 [lo=2288467466 high=2288467468 win=16384 modulator=0]
[lo=0 high=1 win=1 modulator=0] 2:0 S seq=3908591135 (3908591135)
ack=0 len=0 ackskew=0 pkts=1:0 dir=out,fwd
pf: State failure on: 1   | 5
pf: BAD state: TCP 192.168.10.2:28186 192.168.10.2:28186
192.168.10.10:80 [lo=3798010498 high=3798010500 win=16384 modulator=0]
[lo=0 high=1 win=1 modulator=0] 2:0 S seq=3506580854 (3506580854)
ack=0 len=0 ackskew=0 pkts=1:0 dir=out,fwd
pf: State failure on:   2 |   6
pf: BAD state: TCP 192.168.10.2:49031 192.168.10.2:49031
192.168.10.40:80 [lo=4161674212 high=4161674214 win=16384 modulator=0]
[lo=0 high=1 win=1 modulator=0] 2:0 S seq=3805884514 (3805884514)
ack=0 len=0 ackskew=0 pkts=1:0 dir=out,fwd
pf: State failure on:   2 |   6



And here is the second machines messages:

pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
:0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::1:ff4e:9848 gwy:
ff02::1:ff4e:9848 ext: :0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
:0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::1:ff4e:9848 gwy:
ff02::1:ff4e:9848 ext: :0:0:0:0:0:0:0 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::16 gwy: ff02::16 ext:
fe80::20e:cff:fe4e:9848 (from sync)
pf: state insert failed: tree_lan_ext lan: ff02::2 gwy: ff02::2 ext:
fe80::20e:cff:fe4e:9848 (from sync)
arp: attempt to overwrite entry for 192.168.10.30 on fxp1 by
00:0e:0c:4e:98:49 on carp1
arp: attempt to overwrite entry for 192.168.10.30 on fxp1 by
00:0e:0c:4e:98:49 on carp1
arp info overwritten for 192.168.10.30 by 00:0e:0c:4e:98:49 on fxp1
pf: dropping packet with ip options
pf: dropping packet with ip options
pf: dropping packet with ip options
pf: dropping packet with ip options
pf: dropping packet with ip options
pf: dropping packet with ip options
pf: BAD state: TCP 192.168.10.3:43927 192.168.10.3:43927
192.168.10.30:80 [lo=4160576830 high=4160582718 win=16384 modulator=0
wscale=0] [lo=1799910885 high=1799927269 win=46 modulator=0 wscale=7]
9:9 S seq=2750310474 (2750310474) ack=1799910885 len=0 ackskew=0
pkts=5:5 dir=out,fwd
pf: State failure on:   2 |   6
pf: BAD state: TCP 192.168.10.3:34685 192.168.10.3:34685
192.168.10.30:80 [lo=3444997510 high=3445003398 win=16384 modulator=0
wscale=0] [lo=2612549088 high=2612565472 win=46 modulator=0 wscale=7]
9:9 S seq=3610146868 (3610146868) ack=2612549088 len=0 

Re: SMTP flood + spamdb

[RW]

On Tue, 25 Sep 2007 12:40:50 +0100, Craig Skinner wrote:

RW wrote:
 
 The others were from bots as far as I could tell but they were not
 being sent by MTAs which had received them.
 

Yes, but the OPs problem is back scatter, and that does not come from 
bots, they don't retry.


What I was getting looked like backscatter and smelled like backscatter
it is just that some of the IPs sending it didn't check out as MTAs.
i.e. they were not listed MXs for the domain they came from AND the
domain was not likely someone with separate outbound senders.

They all retried too and when I had them as TRAPPED entries the logged
data included typical failed-to-deliver messages.

If the OP was repeatedly getting mail to a few addresses from different 
hosts, he could use grey trapping. But he said that they are all random.

My experience entirely. I trapped them by looking for  as sender,
parsing the recipient as invalid (using a postfix lookup) and then
inserting the IP into spamdb as TRAPPED.

Later I firewalled them out for 24 hours. It cut the log clutter.

The scripts are still there but the crontab lines are commented out
until needed again.
R/



A consultant is someone who's called in when someone has painted himself into a 
corner.  He's expected to levitate his client out of that corner.

-The Sayings of Chairman Morrow. 1984.

Re: what if hoststated dies?

[Luca Corti]

On Wed, 2007-09-26 at 10:54 +1200, Josh wrote:
 So any suggestions on how to have a rdr rule in pf.conf take over when 
 this happens?

Why? If hoststated crashes, then it's a bug. If it doesn't crash, what
are you trying to achieve?

ciao

Luca

Re: SMTP flood + spamdb

[RW]

On Tue, 25 Sep 2007 14:14:46 +0300, Liviu Daia wrote:

On 25 September 2007, RW [EMAIL PROTECTED] wrote:
[...]
 My defence was to write a couple of scripts. One parsed the output of
 spamdb looking for GREY with sender  and then tested the intended
 recipient against the postfix valid mailbox database.
[...]

With Postfix you can use anvil(8) to control concurrency.


Yep, you could. BUT
1- why let it get to postfix? This is crap that spamd can deal with,
with a bit of scripting help for extra functionality.

2- What concurrency?
We had a mailstorm of backscatter from hundreds of IPs each trying to
send one or two messages. We had over a thousand IPs marked TRAPPED in
spamdb at one time. Postfix would just be rejecting them and filling
its logs.

As far as I'm concerned filling the logs of mailservers that are
backscatter generators is A Good Thing .


In the beginning was The Word
and The Word was Content-type: text/plain
The Word of Rod.

Re: what if hoststated dies?

[Stuart Henderson]

On 2007/09/26 10:54, Josh wrote:
 So any suggestions on how to have a rdr rule in pf.conf take over when this 
 happens?

Yes, just list it below the hoststated rdr anchor.

Re: spamd shows up as an open relay

[Stuart Henderson]

On 2007/09/25 14:50, Rob wrote:
 
 Is there some configuration for spamd that I've missed

You could run inbound and outbound email on different IP addresses,
and don't accept incoming port 25 connections on the address used as
a source for outgoing mail.

Re: SMTP flood + spamdb

[Liviu Daia]

On 26 September 2007, RW [EMAIL PROTECTED] wrote:
 On Tue, 25 Sep 2007 14:14:46 +0300, Liviu Daia wrote:

 On 25 September 2007, RW [EMAIL PROTECTED] wrote:
 [...]
  My defence was to write a couple of scripts. One parsed the output
  of spamdb looking for GREY with sender  and then tested the
  intended recipient against the postfix valid mailbox database.
 [...]
 
 With Postfix you can use anvil(8) to control concurrency.
 

 Yep, you could. BUT

 1- why let it get to postfix? This is crap that spamd can deal with,
 with a bit of scripting help for extra functionality.

 2- What concurrency?
 We had a mailstorm of backscatter from hundreds of IPs each trying to
 send one or two messages. We had over a thousand IPs marked TRAPPED in
 spamdb at one time.

What I've been seeing here the last few weeks is somewhat
different: robots trying to determine how many connections I'll accept
concurrently.  Left alone they can get to 100+ connection attempts per
second from the same IP, they go on until I'm running out of resources
and start delaying the accept(2).  When that happens, only one or two
of these connections are subsequently used to try to send the crap, the
rest are closed immediately.  Limiting concurrency at SMTP level seems
to actually reduce the number of bots that try that (presumably the
information that my site is way too uninteresting is propagated across
the bot net).

This has nothing to do with backscatter, but FWIW, backscatter alone
has never been a real problem with Postfix until recently.  Resource
exhaustion because of insane concurrency as I described can be, and
anvil(8) is a first attempt to a solution (it's not THE solution because
it also hurts legitimate sites like Yahoo).

 Postfix would just be rejecting them and filling its logs.

Oh come on, these days you're probably rejecting  95% of messages
anyway. :)

 As far as I'm concerned filling the logs of mailservers that are
 backscatter generators is A Good Thing .

Unfortunately the people in charge with these servers either don't
have a clue, or don't care.

Regards,

Liviu Daia

--
Dr. Liviu Daia  http://www.imar.ro/~daia

Re: spamd shows up as an open relay

[Rob]

I'm not 100% certain I'm getting your idea here ... we do currently
run inbound/outbound mail on different IPs, but the problem isn't with
the connections themselves.

From the example session transcript with spamd that I posted earlier:

250 Hello, spam sender. Pleased to be wasting your time.
MAIL FROM: [EMAIL PROTECTED]
250 Ok to start over.
RCPT TO: [EMAIL PROTECTED]
250 You are about to try to deliver spam. Your time will be spent, for nothing.

For an actual MTA, the 250 code here indicates an open relay, because
we are not the MX for checkor.com. spamd of course doesn't know this
(and I'm aware that fixing it might not be easy), but it is still
triggering a false positive as an open relay.

Since this is happening during the conversation with our inbound mail
server, I don't see how filtering connections between our inbound and
outbound mail servers would fix it.

Thanks,

- R.

On 9/25/07, Stuart Henderson [EMAIL PROTECTED] wrote:
 On 2007/09/25 14:50, Rob wrote:
 
  Is there some configuration for spamd that I've missed

 You could run inbound and outbound email on different IP addresses,
 and don't accept incoming port 25 connections on the address used as
 a source for outgoing mail.

Re: spamd shows up as an open relay

[Stuart Henderson]

On 2007/09/25 17:35, Rob wrote:
 Since this is happening during the conversation with our inbound mail
 server, I don't see how filtering connections between our inbound and
 outbound mail servers would fix it.

From what you say, it sounds like your outbound mail server sends
mail to some host which carries out an on-the-fly relay test, is that
right?

If so, surely they only test the host *sending* the mail to them?

Re: spamd shows up as an open relay

[Rob]

On 9/25/07, Stuart Henderson [EMAIL PROTECTED] wrote:
 On 2007/09/25 17:35, Rob wrote:
  Since this is happening during the conversation with our inbound mail
  server, I don't see how filtering connections between our inbound and
  outbound mail servers would fix it.

 From what you say, it sounds like your outbound mail server sends
 mail to some host which carries out an on-the-fly relay test, is that
 right?

Ah, gotcha.

That's basically correct. Our user sends email to the outbound mail
server, which connects to the recipient's mail server. The problem is,
if the recipient's mail server is performing an on-the-fly check, then
its connection back to our outbound mail server would automatically be
redirected to our inbound mail server, which gets intercepted by
spamd, which appears to be the open relay.

You're right, then. If I explicitly block inbound connections to the
outbound mail server (instead of redirecting them), that might fix the
problem ... depending on just what kind of check the recipient's mail
server is doing.

 If so, surely they only test the host *sending* the mail to them?

I don't know yet exactly what they do. I'm crawling my way up their
support ladder to try to figure it out. They could be doing some kind
of open relay greylisting, or who-knows-what.

I'm a little concerned about just blocking those connections per your
suggestion, though. It might end up just changing the affected
recipients; if someone's dumb enough not to correctly check for an
open relay, someone else is certainly dumb enough to reject mail if
they can't connect back to the inbound IP.

- R.

Re: spamd shows up as an open relay

[Lars Hansson]

On 9/26/07, Rob [EMAIL PROTECTED] wrote:
 Yeah, I agree. It's the wrong way for them to check for an open relay,
 but it is still causing a bit of a problem.

Well if it is actually caused by spamd you have 2 options:
a) not run spamd.
b) ask them to get their shit together and hope they actually do.

It's amazing that in 2007 there are still so many mail operators and
relay-check sites that doesn't have a clue.
---
Lars Hansson

Re: SMTP flood + spamdb

[RW]

On Wed, 26 Sep 2007 03:16:35 +0300, Liviu Daia wrote:


 Postfix would just be rejecting them and filling its logs.

Oh come on, these days you're probably rejecting  95% of messages
anyway. :)

Nope. Every day at log reading time I do grep reject maillog and very
rarely do I see a result. spamd is the genius.


 As far as I'm concerned filling the logs of mailservers that are
 backscatter generators is A Good Thing .

Unfortunately the people in charge with these servers either don't
have a clue, or don't care.

If even one sees a lot of greytrap try-again messages followed by an
entry when it gives up, then it will be worth it if it causes a config
to be fixed.
R/

Me...a skeptic?  I trust you have proof.

Speed Problems

[rezidue]

I've been having problems with throughput on a box I'm using as an edge
gateway.  I can't seem to get it to push out more than 150Mb/sec at about
20k pps.  It's a Tyan Thunder K8SR (S2881) board that has two gig broadcom
interfaces on a shared pci-x bus.  It's on the bcm5704c chipset and I'm
running OpenBSD 4.0.  The machine has two dual core amd opteron chips and
two gigs of ram.  Barley any resources are being used when we are peaking
during the day.  When we hit around 140+Mb/sec I start seeing packet loss
and when I copy a file from this machine via scp to another host over the
gig lan I can see that it directly affects throughput.  I've spent all day
trying to find the problem but I've had no luck.  Any ideas?  Any info I can
provide?