Re: OpenSSH ignoring keys
Lars Noodin wrote: It seems that ssh-add, ssh-agent or sshd start letting any key in when authorized_keys contains an overwhelming number of keys. I made three sets of rsa keys, 768 bits, 1024 bits and 2048 bits, each with over 9 rsa keys a piece. On the client, I start ssh-agent and load a key using ssh-add. This lets me log in using that specific key as normal, and not with others with small numbers of keys. I'm not sure what number of keys makes the overload. On the set up I have with current, 90001 keys and fewer in authorized_keys gives expected behavior. However, when I put 90002 public keys in .ssh/authorized_keys, then *any* key is accepted regardless of which was loaded using ssh-add and no pass phrase is requested. That behavior is exhibited using any ofthe three key lengths. Here is an illustration. # two keys with different fingerprints and pass phrases $ ssh-keygen -l -f ./Keys768/key_rsa_9;ssh-keygen -l \ -f ./Keys768/key_rsa_0; 768 87:d2:95:1d:c6:ad:c1:af:c1:ac:94:84:1c:cf:9c:88 \ ./Keys768/key_rsa_9.pub (RSA) 768 37:42:e3:de:40:64:ed:6f:a2:92:43:d4:05:52:fc:72 \ ./Keys768/key_rsa_0.pub (RSA) # clear ssh agent ssh-add -D; All identities removed. # load key 0 $ ssh-add ./Keys768/key_rsa_0 Enter passphrase for ./Keys768/key_rsa_0: Identity added: ./Keys768/key_rsa_0 \ (./Keys768/key_rsa_0) # show which key is loaded (0) $ ssh-add -l 768 37:42:e3:de:40:64:ed:6f:a2:92:43:d4:05:52:fc:72 \ ./Keys768/key_rsa_0 (RSA) $ ssh -i ./Keys768/key_rsa_9 -l lizard 127.0.0.1 \ whoami lizard # show that key 0 is loaded in the agent $ time ssh -i ./Keys768/key_rsa_0 -l lizard 127.0.0.1 whoami lizard 0m3.80s real 0m0.00s user 0m0.01s system # now log in with two more keys we aren't using $ time ssh -i ./Keys768/key_rsa_1 -l lizard 127.0.0.1 whoami lizard 0m3.85s real 0m0.01s user 0m0.00s system $ time ssh -i ./Keys768/key_rsa_2 -l lizard 127.0.0.1 whoami lizard 0m3.84s real 0m0.00s user 0m0.01s system $ ssh-add -l 768 37:42:e3:de:40:64:ed:6f:a2:92:43:d4:05:52:fc:72 \ ./Keys768/key_rsa_0 (RSA) I have some more material also regarding how long it takes to tar or move 90+K files in FFS. I realize that there may not may be too many occasions that an account is going to be shared with that many keys, but an error message or failure to be able to log in (with the wrong key) is what I was expecting. Is not your problem just that ssh, after trying the key supplied with -i, tries any key loaded into ssh-agent? What if you try ``ssh-add -D'' before trying to login with the invalid keys? Otherwise, try adding -v to see what happens and what keys are really used to log in. /Alexander
PF and Pool
Hi Misc@, On -i386current, using systat I noticed some problems: on pf page, TYPE NAME VALUE RATE NOTES counter memory 14644826 170.04 on pool page, NAME SIZE REQUESTS FAILINUSEPGREQ PGREL NPAGE HIWAT MINPG MAXPG IDLE mbpl 256 709776637 86043 643 143 0 143 143 1 384 100 mcl2k 2048 217655197 1995 112 856 0 856 856 4 3072 798 pfruleitempl 1230514059 330201471356643661 0 43661 43661 0 80 pfstatepl 216 26986682 14705417 10 5556 0 5556 5556 0 55560 These must be a problem right? I've tried replacing RAM since I think these are memory problem. But it keep coming. Then I updated to current, it's not going anywhere. I think somewhere in the h/w there's something really wrong. Sometimes, something like these occurs: $ traceroute www.yahoo.com traceroute to www-real.wa1.b.yahoo.com (209.131.36.158), 64 hops max, 40 byte packets 1 114.134.73.241 (114.134.73.241) 17.869 ms 1.471 ms 1.111 ms 2 114.134.72.165 (114.134.72.165) 12.978 ms 31.337 ms 14.595 ms 3 116.51.17.97 (116.51.17.97) 13.974 mssendto: No route to host traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 * sendto: No route to host 4 traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 *sendto: No route to host traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 *sendto: No route to host traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 * sendto: No route to host 5 traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 *sendto: No route to host traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 *sendto: No route to host traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 $ traceroute www.yahoo.com traceroute: unknown host www.yahoo.com $ traceroute www.yahoo.com traceroute to www-real.wa1.b.yahoo.com (209.131.36.158), 64 hops max, 40 byte packets sendto: No route to host 1 traceroute: wrote www-real.wa1.b.yahoo.com 40 chars, ret=-1 I appreciate if anyone could shed some light or share experience about these kinda stuff. Thanks. The infamous dmesg; OpenBSD 4.6-current (GENERIC.MP) #13: Wed Sep 30 00:19:12 WIT 2009 r...@greenrouter-jkt01.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 9fixed_disk cpu0: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR real mem = 2142744576 (2043MB) avail mem = 2067693568 (1971MB) RTC BIOS diagnostic error 9fixed_disk mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @ 0x7fbe4000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0054.061120091710 date 06/11/2009 bios0: Intel S3000AH acpi0 at bios0: rev 2 acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT SSDT SSDT HEST BERT ERST EINJ acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) D CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S SE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 5 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P32_) acpiprt2 at acpi0: bus 1 (PEX0) acpiprt3 at acpi0: bus -1 (PEX1) acpiprt4 at acpi0: bus -1 (PEX2) acpiprt5 at acpi0: bus -1 (PEX3) acpiprt6 at acpi0: bus 2 (PEX4) acpiprt7 at acpi0: bus 3 (PEX5) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpibtn0 at acpi0: SLPB bios0: ROM list: 0xc/0x9000 cpu0: Enhanced SpeedStep 3000 MHz: speeds: 3000, 2400 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0x00 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 5 int 17 (irq 255) pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01: apic 5 int 17 (irq 255) pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: apic 5 int 16 (irq 9), address 00:15:17:86:51:72 em1 at pci2 dev 0 function 1 Intel PRO/1000 PT (82571EB) rev 0x06: apic 5
IPSEC ECN: no-go?
Hi, I operate a VPN that has some road warriors who all get a default route attached that points them into the local VPN gateway. With names and IP numbers replaced, this looks like this: # ipsecctl -s all FLOWS: flow esp in from 192.168.1.22 to 0.0.0.0/0 peer 1.1.1.1 srcid 5.5.5.5/32 dstid brokencli...@example.com type use flow esp out from 0.0.0.0/0 to 192.168.1.22 peer 1.1.1.1 srcid 5.5.5.5/32 dstid brokencli...@example.com type require flow esp in from 192.168.1.7 to 0.0.0.0/0 peer 2.2.2.2 srcid 5.5.5.5/32 dstid workingcli...@example.com type use flow esp out from 0.0.0.0/0 to 192.168.1.7 peer 2.2.2.2 srcid 5.5.5.5/32 dstid workingcli...@example.com type require ... SAD: esp tunnel from 1.1.1.1 to 5.5.5.5 spi 0x394587da auth hmac-sha1 enc aes-256 esp tunnel from 5.5.5.5 to 1.1.1.1 spi 0x4792a016 auth hmac-sha1 enc aes-256 esp tunnel from 2.2.2.2 to 5.5.5.5 spi 0x69dc89bb auth hmac-sha1 enc aes-256 esp tunnel from 5.5.5.5 to 2.2.2.2 spi 0xb60d9775 auth hmac-sha1 enc aes-256 ... There are other users with numbers literally one off from brokenclient@, but they all work without a hitch. Using tcpdump, I can see the broken client's traffic on enc0, but it does not leave the LAN interface. I made sure that no packet filters interfere. The only difference that I can see is that the broken client sends all his packets with TOS = 0x3, whereas the working client sends his packets without any (non-default) TOS value. Searching around, I found that this question was already raised by Martin Hedenfalk well over a year ago (http://marc.info/?l=openbsd-miscm=121127258816047w=2), but he got no answer. Kind regards, --Toni++
Re: spamd - nixspam list, September 30, 2009
Hi, On Wed, 30.09.2009 at 09:12:16 -0600, Bob Beck b...@ualberta.ca wrote: Again? sheesh, it wasn't supposed to, we had talked to them. yes, again. I get a 404 all the time. Kind regards, --Toni++
Re: spamd - nixspam list, September 30, 2009
On Thu, 1 Oct 2009 12:26:43 +0200, Toni Mueller wrote: Hi, On Wed, 30.09.2009 at 09:12:16 -0600, Bob Beck b...@ualberta.ca wrote: Again? sheesh, it wasn't supposed to, we had talked to them. yes, again. I get a 404 all the time. Kind regards, --Toni++ Me too, but I learned my lesson first time around. Now I have a cronjob that runs a script which attempts to get the file. If that fails the existing local nixspam file is used. crontab: 31 * * * * /root/bin/nixpix nixpix: #!/bin/sh cd /root/data rm -f nixspam ftp http://www.openbsd.org/spamd/nixspam.gz if [ $? -eq 0 ] ; then gunzip nixspam.gz cut -d -f 1 nixspam /var/db/nixspam fi exit spamd.conf: (relevant lines only) # Nixspam recent sources list. # :method=http:\ # :file=www.openbsd.org/spamd/nixspam.gz # Mirrored from http://www.heise.de/ix/nixspam nixspam:\ :black:\ :msg=Your address %A is in the nixspam list\n\ See http://www.heise.de/ix/nixspam/dnsbl_en/ for details:\ :method=file:\ :file=/var/db/nixspam My guess is that it's better to have a stale nixspam file than none. If you don't agree then don't do this. FWIW, Rod/ --- *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
spamd - Nixspam
Hi all, spamd-setup is generating a 404 not found message while trying to download /spamd/nixspam.gz Is there a process change that I have missed or is this temporarily broken ? Ta __ Get more done like never before with Yahoo!7 Mail. Learn more: http://au.overview.mail.yahoo.com/
Re: spamd - nixspam list, September 30, 2009
On Thu, 01.10.2009 at 21:16:30 +1000, Rod Whitworth glis...@witworx.com wrote: Me too, but I learned my lesson first time around. Now I have a cronjob that runs a script which attempts to get the file. If that fails the existing local nixspam file is used. I didn't check whether the stale file gets removed, but thought about using a different source instead. If spamd(8) could use RBLs in addition to static tables, that would ease the problem, too. So far, I can only use nixspam in my SpamAssassin configuration, which is a bit late. Kind regards, --Toni++
Re: spamd - nixspam list, September 30, 2009
On 2009-10-01 14:39, Toni Mueller wrote: I didn't check whether the stale file gets removed, but thought about using a different source instead. If spamd(8) could use RBLs in addition to static tables, that would ease the problem, too. The concept of RBLs aren't in line with the idea that spamd should use little of your resources and many resources for the spammer. Add RBL functionality between spamd and your smtp server, if you need.
Re: spamd - Nixspam
On Thu, Oct 1, 2009 at 7:29 AM, Steve fivering...@yahoo.com.au wrote: spamd-setup is generating a 404 not found message while trying to download /spamd/nixspam.gz Is there a process change that I have missed or is this temporarily broken ? One of the reasons people are told to check the archives is so that they don't ask the same question two days in a row.
Re: spamd - nixspam list, September 30, 2009
Rod Whitworth wrote: nixpix: #!/bin/sh cd /root/data rm -f nixspam ftp http://www.openbsd.org/spamd/nixspam.gz if [ $? -eq 0 ] ; then gunzip nixspam.gz cut -d -f 1 nixspam /var/db/nixspam fi Any particular reason why you don't use: zcat nixspam.gz | cut -d -f 1 /var/db/nixspam Obviously the above script must run before spamd-setup; how much sooner do you run it?
OpenBSD + (OpenLDAP, SASL, Samba)
Hi,
I've configured SASL to autenticate against Active Directory (it's
working, OK)
I've configured OpenLDAP to autenticate against SASL, using
'pass-through autentication' (it's working too)
I've managed to configure ypldap too, if I set the user password with
smbldap-passwd user
the user can login on the samba system, it works, no problem.
But my objective is to autenticate the user against AD, just the
password, there's no problem if I need to create each user on the LDAP
system and use just the password on the AD side.
I thought it would be possible to configure Samba + LDAP to autenticate
against AD, since LDAP on the 'pass-through' configuration is working,
that is, LDAP is autenticating against Active Directory by SASL.
So when I set the userPassword attribute on LDAP to:
userPassword: {sasl}fa...@my.domain
I can authenticate via LDAP (ldapsearch) but not via Samba.
Is it possible to get it working like that? Is there another way to get
this setup working?
Am I totally crazy and trying to do an impossible configuration?
My best regards,
Fabio Almeida
Re: ifstated with carp0
-Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Pascal Lalonde Sent: Wednesday, September 30, 2009 11:37 PM To: Laurent CARON Cc: Steven Surdock; misc@openbsd.org Subject: Re: ifstated with carp0 On Mon, Sep 28, 2009 at 08:06:36AM +0200, Laurent CARON wrote: On 28/09/2009 04:28, Steven Surdock wrote: ... HERE IS IFSTATED DETECTING THE FAILOVER, WHICH SHOULD HAVE HAPPENED ON SEP 25, BUT DIDN'T Sep 26 14:19:03 fw2 ifstated[16189]: changing state to normal Sep 26 14:19:03 fw2 ifstated[16189]: running date|mail -s 'FW2 is now the backup firewall' root ... I feel happy not to be the only one experiencing this behavior, although this might be a config error on both sides ;) This looks quite familiar to me as well. Have a look here: http://marc.info/?l=openbsd-miscm=124942995116023w=2 Could you try testing CARP failover and monitoring with route -n monitor ? If it's really a bug with ifstated, route monitor should catch all the state changes I suppose. But in my case it didn't. Would be nice if someone else could confirm the behavior I'm getting. ... Sounds like the same issue (I wonder how I missed your post...) I also have two of the carp interfaces on (unnumbered) VLAN interfaces. I will try route -n monitor this evening. -Steve S.
DIABLITO VOL. II + DIABLITO NIGHTS + MP3 GRATIS!
Your Email client is not formatted to view HTML emails. We have included the text email of the message. Purchase securely here: iTunes: http://fburls.com/15-DOPifWig DIABLITO RECORDS sello indie alterlatino de mexico distribuido por WARNER MUSIC MEXICO DIABLITO PROMOCION - UN MP3 GRATIS! BUSCA ENLACE AL FINAL DEL EMAIL! Nuevo acoplado DIABLITO VOL. II presenta: grupos indie alterlatino de Mexico, EEUU, Puerto Rico, Sur y Centro America: PASTILLA, ARHKOTA, TASSO, LOS HOLLYWOOD, ASTRA HEIGHTS, LEVITICO, CANDY, LOS WEEDS, DEBRALLEITOR, ARDNAXELA, SUPERAQUELLO, POLBO, TANKE, PINK FLAMINGO, THE MELOVSKYS, + MALACATES TREBOL SHOP e INVITADO ESPECIAL de Mexico! DIABLITO VOL. II A la venta tiendas en Mexico 19 octubre! http://fburls.com/46-CVC0ArJ6/t/s/txt/cid/552921/sid/102676424 http://fburls.com/66-d2ESn3r9/t/s/txt/cid/552921/sid/102676424 http://fburls.com/10-pc8IM4NV/t/s/txt/cid/552921/sid/102676424 http://fburls.com/85-xKaL2aoG/t/s/txt/cid/552921/sid/102676424 http://fburls.com/13-l4TPZi3w/t/s/txt/cid/552921/sid/102676424 http://fburls.com/94-JGXCEnDd/t/s/txt/cid/552921/sid/102676424 http://fburls.com/73-zkNbZ4if/t/s/txt/cid/552921/sid/102676424 http://fburls.com/15-ge12owF2/t/s/txt/cid/552921/sid/102676424 http://fburls.com/28-nh7boAij/t/s/txt/cid/552921/sid/102676424 http://fburls.com/41-Z7oH3IE4/t/s/txt/cid/552921/sid/102676424 http://fburls.com/24-bDLTSUa0/t/s/txt/cid/552921/sid/102676424 http://fburls.com/97-n7EVBeVp/t/s/txt/cid/552921/sid/102676424 -- CONCIERTOS: DIABLITO NIGHTS presenta TERRORISMO EXTRATERRESTRE! PREMIOS PARA MEJOR DISFRAZ COMO EXTRATERRESTRE! viernes 09 de octubre 21 hr. @ Bar PiraNa Florencia 56 Zona Rosa MX DF con DEBRALLEITOR, TANKE y CANDY! (entrada solo 50mxn - chelas solo 20mxn) http://fburls.com/42-fISpM1Tv/t/s/txt/cid/552921/sid/102676424 DEBRALLEITOR * 09 oct. @ Bar PiraNa (+ TANKE y CANDY) - Mexico DF, MX * 17 oct. @ Tokyo Pop (+ LEVITICO) - Mexico DF, MX http://fburls.com/49-krogx0NT/t/s/txt/cid/552921/sid/102676424 http://fburls.com/94-JGXCEnDd/t/s/txt/cid/552921/sid/102676424 LOS WEEDS * 03 oct. @ Rocxy Sala Conciertos - Coacalco * 07 oct. @ Foro Shakespeare (+ CANDY) - Mexico DF, MX http://fburls.com/61-JlXBHDjI/t/s/txt/cid/552921/sid/102676424 CANDY * 07 oct. @ Foro Shakespeare - Mexico DF, MX * 09 OCT. @ Bar PiraNa (+ TANKE y DEBRALLEITOR) - MX DF * 17 oct. @ Toluca, MX * 24 oct. @ Hermosillo Sonora, MX http://fburls.com/84-62rpMcUG/t/s/txt/cid/552921/sid/102676424 http://fburls.com/38-zEn7IMFD/t/s/txt/cid/552921/sid/102676424 * PINK FLAMINGO - 08 oct. @ Larva (GRATIS) - Guadalajara, MX http://fburls.com/41-Z7oH3IE4/t/s/txt/cid/552921/sid/102676424 * LOS HOLLWOOD - 07 nov. @ Ensenada BC, MX http://fburls.com/85-xKaL2aoG/t/s/txt/cid/552921/sid/102676424 INTERNET * ITUNES MEXICO * TELCEL MUSIC STORE * MIXUP DIGITAL Ya puedes conseguir en linea! CANDY, LOS WEEDS, TANKE, POLBO, ARDNAXELA. Pronto Debralleitor, Superaquello, Diablito VOL. I y II - VIDEOS * TASSO 'Don't Love Me (I Never Will)' http://fburls.com/1-8oUoSKEh/t/s/txt/cid/552921/sid/102676424 * ARDNAXELA 'El Sello' http://fburls.com/33-lweRjjHe/t/s/txt/cid/552921/sid/102676424 * SUPERAQUELLO 'Pecho 'E Paloma' http://fburls.com/14-xpGo5Fab/t/s/txt/cid/552921/sid/102676424 * POLBO 'No Vayas A Votar' http://fburls.com/60-mhCG4ehK/t/s/txt/cid/552921/sid/102676424 * LOS WEEDS 'Quiereme' http://fburls.com/17-P8LGX3M0/t/s/txt/cid/552921/sid/102676424 * TANKE - 'Libelula Gris' http://fburls.com/14-DxtROEXP/t/s/txt/cid/552921/sid/102676424 * MALACATES TREBOL SHOP 'De Que Sirve Querer?' http://fburls.com/4-uhOJGH8m/t/s/txt/cid/552921/sid/102676424 * LOS HOLLYWOOD - 'No Te Aguites' http://fburls.com/71-EWNfBFGz/t/s/txt/cid/552921/sid/102676424 RADIO VISITE ENLACE PARA VOTAR POR CANDY EN IBERO! http://fburls.com/86-UBOwN7ZC/t/s/txt/cid/552921/sid/102676424 Envien mensajes SMS a Reactor 105.7FM para pedir que pongan : POLBO 'Te Quiero Mucho' SUPERAQUELLO 'Pecho 'E Paloma' DEBRALLEITOR 'Breaki' TANKE 'Tu Trucho' LOS WEEDS 'Brian Jones' ARDNAXELA 'Narciso' PASTILLA 'Esto Es' CANDY 'Painkiller' INSTRUCCIONES PARA PEDIR CON MENSAJITOS SMS: Manda mensajes de texto desde tu telcel a cabina aqui las instrucciones Palabra clave + espacio + mensaje al 30003. Costo por mensaje 3.50mxn programa palabra clave horario sopitas sopitas de 6:00 a 8:00 el fin del mundo 2 fin de 8:00 a 11:00 ariadna montaqez ari de 11:00 a 14:00 ruzo ruzo de 14:00 a 15:00 recluta reclu de 15:00 a 17:00 los de la tarde los de la tarde de 17:00 a 20:00 la reina duende la reina duende de 20:00 a 22:00 TAMBIEN PUEDEN PEDIRLO POR TELEFONO: REACTOR 105.7FM 56016399 56016397 IBERO 90.9FM 52925909 INTERFERENCIA 710AM 56 04 85 32 56 04 78 84 01800 400 4637 Y POR EMAIL: REACTOR 105.7FM reactor.i...@gmail.com INTERFERENCIA 710AM miguel.so...@imer.com.mx
Re: spamd - Nixspam
It is being worked on. It will be fixed shortly. 2009/10/1 Ted Unangst ted.unan...@gmail.com: On Thu, Oct 1, 2009 at 7:29 AM, Steve fivering...@yahoo.com.au wrote: spamd-setup is generating a 404 not found message while trying to download /spamd/nixspam.gz Is there a process change that I have missed or is this temporarily broken ? One of the reasons people are told to check the archives is so that they don't ask the same question two days in a row.
Re: Ports isn't working for me...
On Wed, Sep 30, 2009 at 04:40:37PM -0400, Chris wrote: I'm using obsd4.5, following current. I installed php5 using ports. I realized that I forgot to include something in the compile options. I went back to add it, and now it won't reinstall. I added --enable-mbstring to the compile flags in the make file. I then execute a make install It does nothing. Just gives me back my prompt. So I uninstall the existing php make uninstall. I cleaned up all the files it told me to, then I try a make install and I get this: Why do you want to do that ? what's wrong with php5-mbstring ? (which is one of the packages compiled in extensions)
You have a new message
You have a new message waiting for you in the secure area of the Alliance Leicester Bank website. Simply go to https://www.mybank.alliance-leicester.co.uk/index.asp and log in to your accounts. Here you'll find any new messages you have waiting for you and if you want to get in touch with us or reply to any new messages from us, you can do so from here too. You'll find the option to 'View your messages , once you've logged in. https://www.mybank.alliance-leicester.co.uk/ customer/inbox As this e-mail is an automated message, we can't reply to any e-mails sent by return. - Alliance Leicester plc (a company registered in England and Wales with its registered office at Carlton Park, Narborough, Leicester LE19 0AL and company number 3263713).
Re: Ports isn't working for me...
Hi Marc, [ sorry for cross-posting from ports@ ] On Thu, 01.10.2009 at 17:20:05 +0200, Marc Espie es...@nerim.net wrote: Why do you want to do that ? what's wrong with php5-mbstring ? (which is one of the packages compiled in extensions) I didn't check whether it influences this extension, but please add --enable-zend-multibyte to PHP's configuration options. Applications which want to deal with UTF-8 need this, and this option is slated to become the default in PHP6. I can't wait for PHP6, however, so... If there are detrimental effects on other applications, I'm all ears. Btw, I have working 5.2.10 packages with this change for amd64, if anyone wants them (provided as-is). -- Kind regards, --Toni++
Little typo in disklabel help text
Hello! :-) I saw a little typo in the disklabel help text on this recent snapshot: # sysctl kern.version kern.version=OpenBSD 4.6-current (GENERIC.MP) #209: Tue Sep 29 12:12:05 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP # disklabel -E wd0 Label editor (enter '?' for help at any prompt) ? n The 'n' command is used to set the mount point for a partition (ie: name it). It takes as an optional argument the partition letter to name. If you do not specify a partition letter, you will be prompted for one. This option is only valid if disklabel was invoked with the -F flag. I think this should be -f, not -F, as there is no -F flag? In the short help it's corrent: n This option is not valid when run without the -f flag. Thank you for all your work on this awesome OS! :-) Tas.
Re: Little typo in disklabel help text
Sorry for second mail, forgot the diff: --- /usr/src/sbin/disklabel/editor.c.orig Sat Aug 29 20:58:02 2009 +++ /usr/src/sbin/disklabel/editor.cThu Oct 1 18:19:40 2009 @@ -1685,7 +1685,7 @@ The 'n' command is used to set the mount point for a partition (ie: name it).\n It takes as an optional argument the partition letter to name. If you do\n not specify a partition letter, you will be prompted for one. This option\n -is only valid if disklabel was invoked with the -F flag.\n); +is only valid if disklabel was invoked with the -f flag.\n); break; case 'r': puts( Tas.
Re: Ports isn't working for me...
On 2009-10-01, Toni Mueller openbsd-m...@oeko.net wrote: Hi Marc, [ sorry for cross-posting from ports@ ] On Thu, 01.10.2009 at 17:20:05 +0200, Marc Espie es...@nerim.net wrote: Why do you want to do that ? what's wrong with php5-mbstring ? (which is one of the packages compiled in extensions) I didn't check whether it influences this extension, but please add --enable-zend-multibyte to PHP's configuration options. It's already added.
Re: OpenSSH ignoring keys
Alexander Hall wrote: Is not your problem just that ssh, after trying the key supplied with -i, tries any key loaded into ssh-agent? What if you try ``ssh-add -D'' before trying to login with the invalid keys? I had tried that. Otherwise, try adding -v to see what happens and what keys are really used to log in. That made the difference. It turns out that the client gives no warning when the agent fails over to another key. I was looking at sshd in debug, but that was not giving details about the client. I should have tried -v on the client before writing. Thanks. -Lars
Drive a 2009 car from R799p/m
This Months Car Special **justgroup-africa.com http://www.justgroup-africa.com/specials ** *Save up to R1360.10 p/m* *Renault Sandero 1.6 Cup* *From **R1499.00** per month* B7 *No deposit, no residual* B7 *Power Steering* B7 *Abs* B7 *Driver and passenger * B7 *Radio/Cd/Mp3 Player* B7 *On- Board Computer* B7 *Aircon* B7 *3 year/ 45 000 Km Service Plan. * B7 *3 Years/100 000 km Mechanical Warranty* *For Terms and Conditions and cost of credit, please click **here http://www.justgroup-africa.com/specials * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php?action0=internet; * * * * * *Save up to **R1145** p/m* *Nissan NP200 * *From **R1399.00** per month * B7 *No deposit, no residual* B7 *Biggest payload in segment (800 Kg)* B7 *Crossover styling* B7 *Class leading styling* B7 *Power steering.* B7 *Canopy* B7 *Rubberizing* B7 *Front loader CD* B7 *3 Years 100 000 Km Warranty* *White only* *For Terms and Conditions and cost of credit, please click **here http://www.justgroup-africa.com/specials/month.html * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php * * * * * * * * * *Save up to R1401.00 p/m* * **Tata XENON* *From **R2999.00** per month* B7 *No deposit, no residual* B7 *Mags* B7 *MP3/CD/USB Player* B7 *Aircon* B7 *Power Steering* B7 *Canopy * B7 *5 Years / 9 Km SERVICE PLAN * B7 *3 Years/100 000 km Factory Warranty* * * * For Terms and Conditions and cost of credit, please click here http://www.justgroup-africa.com/specials/month.html * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php * * * *Save up to **R1180.50** p/m* *Tata Indica 1.4 DLX* *From **R1299.00** per month* * * B7 *No deposit, no residual* B7 *Driver and passenger airbag* * * B7 *ABS (Including EBD)* B7 *Remote immobilizer / Central locking* * * B7 *Power steering* B7 *Air conditioner* * * B7 *Service plan* B7 *2 Years/45000 km, Warranty 3 Years/100 000 km.* * * * For Terms and Conditions and cost of credit, please click here http://www.justgroup-africa.com/specials/month.html * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php * * * * * * * *Save up to **R1138.21** p/m * *Polo 1.4 Trend-line* *From **R2099.00** per month* B7 *No deposit, no residual* B7 *Mags* B7 *central locking and alarm with remote* B7 *Radio-CD* B7 *No Service Plan* * * *For Terms and Conditions and cost of credit, please click **here http://www.justgroup-africa.com/specials/month.html * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php * * * * * *Save up to **R1260.00**p/m* *Tata Indica 1.4 Limited Edition * *With **aircon** from **R899.00** per month* B7 *No deposit, no residual.Mags* B7 *Radio CD* B7 *Power Steering * B7 *Two years / 45000 Km service plan * * **For Terms and Conditions and cost of credit, please click **here http://www.justgroup-africa.com/specials/month.html * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php * * * * * *Save up to R1306.55 p/m* *Tata Indica 1.4 LE * *From **R699.00** per month * B7 *No deposit, no residual* B7 *No Mags* B7 *Power steering* B7 *Radio CD* B7 *2 Years/45000 km service plan.* *For Terms and Conditions and cost of credit, please click **here http://www.justgroup-africa.com/specials/month.html * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php * * * * ** * * * *Save up to **R346.28** p/m* *VW Golf Tenaciti 1.4i* *From **R1699.00** per month* B7 *No deposit, no residual* B7 *Radio-CD* B7 *Mags* B7 *NO SERVICE PLAN * B7 *3 Years/100 000 km Warranty* * * *For Terms and Conditions and cost of credit, please click here http://www.justgroup-africa.com/specials/month.html * *To apply, Please click here http://www.justgroup-africa.com/specials/newapplication2.php * -- Powered by PHPlist, www.phplist.com --
Re: HP DL360 Fan Control
On 9/26/2009 6:12 AM, Mikel Lindsaar wrote: I am looking at working out how to control the fans in a HP DL360. Which gen? You might be able to play with the Linux utils in compat mode, or maybe run the Linux stuff (on Linux) in a debugger to see what they do.
work and live in canada
You're invited to work and live in canada. By your host Brenda Berreth: am Brenda from Canada, i am the assistant manager of Canadian Hotels,i wish to inform you that the hotel need man and woman who can work and live in omni hotel Canada,A Division Of Delta Chelsea Canadian Hotel Canada , hotel will care of your tickets,accommodation lodging and the visa assistance in your country,if you are interested ,you should please contact me back via the mail box, omni.hotel_can...@yahoo.ca HOTEL MANAGEMENT ARE NOT RESPONSIBLE FOR YOUR CANADA CLEARANCE VISA FEE. TAKE CA Date: Thursday October 1, 2009 Time: 1:00 pm - 2:00 pm (GMT -06:00 US/Canada Central) Will you attend? RSVP to this invitation at: http://calendar.yahoo.com/advert.ominicity?v=126a1=0iid=whalbe3%40%405xm%40XM8FxbnYRd%40mPChaO%40wixEYnm7%40Ihv%40igid=gxAo8%40laV9iyaGQJ3xCxVGp%40iLvk%406prMxA2bnj%40%40b1o%40dbG Copyright ) 2009 All Rights Reserved www.yahoo.ca Privacy Policy: http://privacy.yahoo.com/privacy/ca Terms of Service: http://ca.docs.yahoo.com/info/terms/
Re: HP DL360 Fan Control
Mikel Lindsaar wrote: HP DL360 G3 I have an HP DL360 G4 and it doesn't do that: it starts full throttle, but after 15-20 seconds it settles to just very noisy and stays like that... I did not had the chance to put the machine under heavy load (yet), but I suspect that is NOT the room getting warm, it's the machines making so much heat that the room warms up :-) -- Mauro Rezzonico ma...@ch23.org, Como, Italia Maybe this world is another planet's hell - H.Huxley
ALIX and PC Engines CompactFlash
With the positive response of OpenBSD on this hardware, I'm considering purchasing these in preparation for a proof of concept. As such, if anyone has purchased the 4GB COMPACTFLASH CARDS THAT PC ENGINES SELLS (http://www.pcengines.ch/cf4dp.htm or http://www.pcengines.ch/cf4slc.htm), would you please share the RELEVANT PORTION OF YOUR DMESG for the card (and your opinions if you'd like)? I'm particularly interested in what's reported for x-sector PIO and related. While I know I can purchase CompactFlash cards from anywhere, I try to support those companies that support OpenBSD (that and it's easier just to get everything from one vendor). Thanks.
Re: HP DL360 Fan Control
I have seen the issue, we have 1 DL360 G3 server in particular where the fan stays at full throttle at all times. We've even gone so far as replacing the fan pack to try and resolve it, but the problem seems to be something more internal. We suspect the mother board. Other than that G3 though, we haven't had any problems with fans (regardless of OS) on the DL360s. On 2009-10-01, at 3:15 PM, Mauro Rezzonico wrote: Mikel Lindsaar wrote: HP DL360 G3 I have an HP DL360 G4 and it doesn't do that: it starts full throttle, but after 15-20 seconds it settles to just very noisy and stays like that... I did not had the chance to put the machine under heavy load (yet), but I suspect that is NOT the room getting warm, it's the machines making so much heat that the room warms up :-) -- Mauro Rezzonico ma...@ch23.org, Como, Italia Maybe this world is another planet's hell - H.Huxley -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Multiple Monitors, xrandr, startx and startkde
I am using the snapshot from last week on my workstation which has two monitors and the following card vga1 at pci3 dev 0 function 0 ATI Radeon X1600 rev 0x9ea I can use both monitors using xrandr with the command xrandr --output VGA-0 --auto --left-of DVI-0 and the xorg.conf setting Section Screen Identifier Screen0 Device Card0 MonitorMonitor0 DefaultDepth24 SubSection Display Depth 24 Modes 1920x1080 1680x1050 1600x1200 1280x1024 1024x768 Virtual 3840 1080 EndSubSection EndSection If I use KDE, the xrandr command I invoked does not seem to have an effect and so I cannot use both monitors. But with X (when I run startx) I can use both. If you have any insight into this please let me know. WITH KDE: vijay$ xrandr -q Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 3840 x 1080 VGA-0 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 531mm x 298mm 1920x1080 59.9*+ 1680x1050 60.0 1280x1024 60.0 1440x900 59.9 1280x960 60.0 1280x800 59.8 1024x768 60.0 800x60060.3 56.2 640x48059.9 DVI-0 connected (normal left inverted right x axis y axis) 1920x1080 59.9 + 1680x1050 59.9 1280x1024 60.0 1440x900 59.9 1280x960 60.0 1280x800 59.9 1024x768 60.0 800x60060.3 56.2 640x48059.9 With X (default): vijay$ more xrandr.fvwm2 Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 3840 x 1080 VGA-0 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 531mm x 298mm 1920x1080 59.9*+ 1680x1050 60.0 1280x1024 60.0 1440x900 59.9 1280x960 60.0 1280x800 59.8 1024x768 60.0 800x60060.3 56.2 640x48059.9 DVI-0 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 531mm x 298mm 1920x1080 59.9*+ 1680x1050 59.9 1280x1024 60.0 1440x900 59.9 1280x960 60.0 1280x800 59.9 1024x768 60.0 800x60060.3 56.2 640x48059.9 Thanks very much, Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca
How do I change PF rules to enable ftp downloads?
Hello
I want to download via ftp, but am unable to do so. I believe that it
would have something to do with my pf.conf file in my firewall, so have
listed that below.
### simple pf.conf ##
# allow all outgoing TCP, UDP
# allow outgoing ICMP ping
# specifically block 11 common inet services
# Modified for nntp and bittorrent
#
# MACRO
ext_if = rl0
int_if = vr0
PING = echoreq
allow_tcp = { 119 } #Port needed for nntp server
#IntNet = 192.168.1.0/24 #Sub-net range
#InBitTCP = { 6969, 6881:6889 } #Ports needed for BitTorrent
#BitIP = 192.168.1.40 #BitTorrent client
tcp_services = { smtp, pop3, pop3s, www, msa, https, ftp, whois, ssh,
telnet, rsync }
udp_services = { domain }
# OPTIONS:
set block-policy drop
set optimization normal
set loginterface $ext_if
# SCRUB:
scrub in on $ext_if all
# NAT/RDR
nat on $ext_if from $int_if:network to any - $ext_if
#nat on $ext_if proto tcp from $IntNet port $InBitTCP to any - $ext_if \
static-port #nat on $ext_if proto udp from $IntNet port $InBitTCP to any
- $ext_if \
static-port
#rdr on $ext_if proto tcp from !$IntNet to any port 6969 - $BitIP port
6969
#rdr on $ext_if proto udp from !$IntNet to any port 6881:6889 - $BitIP \
port 6881:6889
# filter:
block log on $ext_if all
#pass in quick on $ext_if inet proto tcp from any to any port $InBitTCP \
flags S/SA synproxy state
#pass in quick on $ext_if inet proto udp from any to any port $InBitTCP
#pass out on $int_if inet proto tcp from any to $IntNet port
$port_bittorrent \
flags S/SA synproxy state
#pass out on $int_if inet proto udp from any to $IntNet port
$port_bittorrent
pass quick on lo0 all
pass out on $ext_if proto tcp from any to any port $allow_tcp keep state
pass out quick on $ext_if inet proto tcp from \
{ $ext_if:network, $int_if:network } to any port $tcp_services keep
state
pass out quick on $ext_if inet proto udp from \
{ $ext_if:network, $int_if:network } to any port $udp_services keep
state
pass out quick on $ext_if inet proto icmp from \
{ $ext_if:network, $int_if:network } to any icmp-type $PING keep state
antispoof for $ext_if
antispoof for $int_if
/etc/pf.conf ends ##
It has been a number of years since I set this up, and note that I have
ftp listed as a protocol to not allow. How can I change this without
compromising security please?
Many TIA.
AG
Re: spamd - nixspam list, September 30, 2009
On Thu, 01 Oct 2009 09:36:24 -0400, Frank Bax wrote: Rod Whitworth wrote: nixpix: #!/bin/sh cd /root/data rm -f nixspam ftp http://www.openbsd.org/spamd/nixspam.gz if [ $? -eq 0 ] ; then gunzip nixspam.gz cut -d -f 1 nixspam /var/db/nixspam fi Any particular reason why you don't use: zcat nixspam.gz | cut -d -f 1 /var/db/nixspam I was gunzip-ing it for inspection so I was lazy and used the already unzipped file. Then I had to add the guzip line to this script anyway. But you know how these things happen late at night... Obviously the above script must run before spamd-setup; how much sooner do you run it? 6 minutes. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Multiple Monitors, xrandr, startx and startkde
On Thu, 01 Oct 2009 16:47:50 -0400, Vijay Sankar vsan...@foretell.ca wrote: If you have any insight into this please let me know. KDE may be overriding your settings with its own. When I used multiple monitors, KDE autoconfigured it using its display manager (this was for a presentation). You may want to consider seeing whether KDE understands enough to do this in your case. Aaron W. Hsu -- Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. -- C. S. Lewis
Re: Multiple Monitors, xrandr, startx and startkde
Aaron W. Hsu wrote: On Thu, 01 Oct 2009 16:47:50 -0400, Vijay Sankar vsan...@foretell.ca wrote: If you have any insight into this please let me know. KDE may be overriding your settings with its own. When I used multiple monitors, KDE autoconfigured it using its display manager (this was for a presentation). You may want to consider seeing whether KDE understands enough to do this in your case. Aaron W. Hsu Thank you very much for the excellent advice. I created another account on the same system and that worked with both monitors. However, since window managers are beyond my pay grade, I applied the caveman-like approach of deleting all .kde and .X files and I now have both monitors working with my normal account :) Thanks again, Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada R3J 0X6 Phone: (204) 885-9535, E-Mail: vsan...@foretell.ca
Re: ifstated with carp0
-Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Pascal Lalonde Sent: Wednesday, September 30, 2009 11:37 PM To: Laurent CARON Cc: Steven Surdock; misc@openbsd.org Subject: Re: ifstated with carp0 On Mon, Sep 28, 2009 at 08:06:36AM +0200, Laurent CARON wrote: ... This looks quite familiar to me as well. Have a look here: http://marc.info/?l=openbsd-miscm=124942995116023w=2 Could you try testing CARP failover and monitoring with route -n monitor ? If it's really a bug with ifstated, route monitor should catch all the state changes I suppose. But in my case it didn't. Would be nice if someone else could confirm the behavior I'm getting. I see inconsistent results on failover via route -n monitor I have 13 carp interfaces, carp0 - carp12. I was running on FW2 (master) and failed back to FW1 via carpdemote on FW1. I saw 5 RTM_INFO messages on FW1 and 24 RTM_IFINFO messages on FW2. On failover from FW1 to FW2 I saw 7 RTM_IFINFO messages and on FW2 I saw only one. -Steve S.
Re: OpenBSD as MX server
because mx server will be replace is production server in next time will be use it like your recomended. thank' for all recomendation On Wed, Sep 30, 2009 at 3:44 PM, Stephan A. Rickauer stephan.ricka...@startek.ch wrote: On Wed, 2009-09-30 at 13:30 +0700, sonjaya wrote: it will be helpful if want share tutorial . man smtpd || man sendmail man spamd -- sonjaya http://sicute.blogspot.com http://www.pojokdomain.com(sell buy domain with free )
X.org killing HAL?
Hi all, I'm referring to what was said by alanc in #opensolaris at 04:02:34 at http://echelog.matzon.dk/logs/browse/opensolaris/1254434400 - anybody know anything about this, and how it will affect OpenBSD's X.org implementation? Thanks -- Aaron Mason - Programmer, open source addict - Oh, why does everything I whip leave me?
Re: ALIX and PC Engines CompactFlash
i using generic cf ( vgen) for obsd 4.5 and mother board via epia , main problem is only DMA and can handle it with setup manualy adn problem missing. On Fri, Oct 2, 2009 at 2:26 AM, Daniel Melameth dan...@melameth.com wrote: With the positive response of OpenBSD on this hardware, I'm considering purchasing these in preparation for a proof of concept. As such, if anyone has purchased the 4GB COMPACTFLASH CARDS THAT PC ENGINES SELLS (http://www.pcengines.ch/cf4dp.htm or http://www.pcengines.ch/cf4slc.htm), would you please share the RELEVANT PORTION OF YOUR DMESG for the card (and your opinions if you'd like)? I'm particularly interested in what's reported for x-sector PIO and related. While I know I can purchase CompactFlash cards from anywhere, I try to support those companies that support OpenBSD (that and it's easier just to get everything from one vendor). Thanks. -- sonjaya
Re: OpenBSD as MX server
Dear Christ, my linux box running postfix and amavisd and cbl for spam , but today that box hard to manage and update it . i see in obsd default have been tools to take care about spam that is mine consern also security problem. because this production server and log all email to trace and trace i must make sure everything good enough before replace it. On Wed, Sep 30, 2009 at 10:43 PM, Matthew Weigel uni...@idempot.net wrote: Chris wrote: Hi Sonjaya, You ask a very open-ended question here. To get into specifics would be too difficult in one email. But here is a rough outline to get you started. A rough outline of... something, certainly. Definitely something mail related. Setting up an MX server? Not so sure. Some people use Dovecot, but the version included in 4.5 does not include encryption (though you could probably use stunnel to address that...). Wait, what? $ uname -mrsv OpenBSD 4.5 GENERIC.MP#108 i386 $ grep imaps /etc/dovecot.conf # Protocols we want to be serving: imap imaps pop3 pop3s protocols = imaps pop3s $ pkg_info | grep dovecot dovecot-1.1.11p1-ldap compact IMAP/POP3 server Original author wants to replace a Linux MX with an OpenBSD MX? I think the logical approach is to - at least as a first step - look at what the Linux MX is doing now. In all probability that involves using the same MTA as is already in use on the Linux machine, the same antispam software, and mostly the same configuration files. Learning about OpenBSD's spamd would be a good idea once that's done, but at no point does it really involve dumping everything and just doing what someone on a mailing list said. -- Matthew Weigel hacker unique idempot . ent --
/dev/audio: Device busy
Hope english list would be more useful, than russian. I need to play a few audio files simultaneously. For example, when I listen music, Psi should be able to play event sound. The problem is - can't open /dev/audio: Device busy. OpenBSD 4.5 sb1 at isapnp0 Creative SB AWE64 PnP, CTL0045, , Audio port 0x220/16,0x330/2,0 x388/4 irq 5 drq 1,5: dsp v4.16 audio0 at sb1 -- /Buzzer () KAMPANIQ ascii ribbon - PROTIW PISEM W html FORMATE /\ www.asciiribbon.org - PROTIW PROPRIETARNYH WLOVENIJ
Re: /dev/audio: Device busy
2009/10/1 Buzzer 4625...@gmail.com: I need to play a few audio files simultaneously. can't open /dev/audio: Device busy. man 1 aucat
Re: /dev/audio: Device busy
pO DANNYM RADIOPEREHWATA OT 1-Oct-2009 20:22, David Hoskin BYL ZAME^EN W \FIRE, NA ^ASTOTE misc, S TAKIM SOOB]ENIEM: I need to play a few audio files simultaneously. can't open /dev/audio: Device busy. man 1 aucat Could you be more verbose? What make you think that I did not read man aucat? -- /Buzzer () KAMPANIQ ascii ribbon - PROTIW PISEM W html FORMATE /\ www.asciiribbon.org - PROTIW PROPRIETARNYH WLOVENIJ
problem on route6d
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, We have two openbsd4.5 boxes acting as redundant gateway and firewall. They are having problem with route6d. Problem is that we can't receive any routes from upstream, but upstream can update our advertisement. This was running fine on openbsd4.3 for over a year, just recently upgraded to 4.5 from scratch. We keep exact same settings as previous. The following are some of the debugging output: Does the message *IPv6 packet information cannot be retrieved* mean kernel failed to allocate memory? # route6d -d -O 2001:df0:0:2002:1:1:2:0/112,fxp0 11:32:29: Routing Table Dump fec0::/10 if(7:lo0) gw(::1) [1] age(0) 2002:ff00::/24 if(7:lo0) gw(::1) [1] age(0) 2002:e000::/20 if(7:lo0) gw(::1) [1] age(0) 2002:7f00::/24 if(7:lo0) gw(::1) [1] age(0) 2002::/24 if(7:lo0) gw(::1) [1] age(0) :::0.0.0.0/96 if(7:lo0) gw(::1) [1] age(0) ::255.0.0.0/104 if(7:lo0) gw(::1) [1] age(0) ::224.0.0.0/100 if(7:lo0) gw(::1) [1] age(0) ::127.0.0.0/104 if(7:lo0) gw(::1) [1] age(0) ::/96 if(7:lo0) gw(::1) [1] age(0) ::/104 if(7:lo0) gw(::1) [1] age(0) 2001:df0:0:2002:1:1:1:0/112 if(1:fxp0) gw(2001:df0:0:2002:1:1:1:81) [1] age(0) 2001:df0:0:2002:1:1:2:0/112 if(11:carp0) gw(2001:df0:0:2002:1:1:2:78) [1] age(0) 10:07:39: Send rtdump Request to carp1 (ff02:c::9) 10:07:39: Send rtdump Request to carp0 (ff02:b::9) 10:07:39: Send rtdump Request to vlan534 (ff02:9::9) 10:07:39: Send rtdump Request to fxp4 (ff02:5::9) 10:07:39: Send rtdump Request to fxp1 (ff02:2::9) 10:07:39: Send rtdump Request to fxp0 (ff02:1::9) *IPv6 packet information cannot be retrieved IPv6 packet information cannot be retrieved* 10:07:49: Send(carp1): info(2) to ff02:c::9.521 10:07:49: Send(carp0): info(1) to ff02:b::9.521 10:07:49: Send(vlan534): info(2) to ff02:9::9.521 10:07:49: Send(fxp4): info(2) to ff02:5::9.521 10:07:49: Send(fxp1): info(2) to ff02:2::9.521 10:07:49: Send(fxp0): info(1) to ff02:1::9.521 *IPv6 packet information cannot be retrieved* 10:08:09: Send(carp1): info(2) to ff02:c::9.521 10:08:09: Send(carp0): info(1) to ff02:b::9.521 10:08:09: Send(vlan534): info(2) to ff02:9::9.521 cheers Marco Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkrFcmQACgkQSSHqatd3m2OSGgCgul5WBdbtBdc6EdTNB0oagoNm fiYAoJng4vwrWmvkLO/ITvWr59bnEtKg =A2Zn -END PGP SIGNATURE-
Re: OpenBSD as MX server
On Fri, 2 Oct 2009 09:25:22 +0700 sonjaya sonj...@gmail.com wrote: Dear Christ, my linux box running postfix and amavisd and cbl for spam , but today that box hard to manage and update it . i see in obsd default have been tools to take care about spam that is mine consern also security problem. because this production server and log all email to trace and trace i must make sure everything good enough before replace it. So why don't you just replicate your setup on the OpenBSD box?!? - Robert
Re: spamd - nixspam list, September 30, 2009
On Fri, Oct 2, 2009 at 7:02 AM, Rod Whitworth glis...@witworx.com wrote: On Thu, 01 Oct 2009 09:36:24 -0400, Frank Bax wrote: Rod Whitworth wrote: nixpix: #!/bin/sh cd /root/data rm -f nixspam ftp http://www.openbsd.org/spamd/nixspam.gz if [ $? -eq 0 ] ; then gunzip nixspam.gz cut -d -f 1 nixspam /var/db/nixspam fi Any particular reason why you don't use: zcat nixspam.gz | cut -d -f 1 /var/db/nixspam I was gunzip-ing it for inspection so I was lazy and used the already unzipped file. Then I had to add the guzip line to this script anyway. But you know how these things happen late at night... Obviously the above script must run before spamd-setup; how much sooner do you run it? 6 minutes. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it. That would probably cause issues if the gunzip operation failed - you'd end up with an empty nixspam file. I'd do the same but check the return value of the gunzip operation before overwriting the nixspam file. I'd also streamline the script a bit: #!/bin/sh cd /root/data rm -f nixspam if ftp http://www.openbsd.org/spamd/nixspam.gz; then if gunzip nixspam.gz; then cut -d ' ' -f 1 nixspam /var/db/nixspam fi fi Diff: --- nixpix.orig Fri Oct 2 14:27:14 2009 +++ nixpix Fri Oct 2 14:27:10 2009 @@ -1,9 +1,9 @@ #!/bin/sh cd /root/data rm -f nixspam -ftp http://www.openbsd.org/spamd/nixspam.gz -if [ $? -eq 0 ] ; then - gunzip nixspam.gz - cut -d -f 1 nixspam /var/db/nixspam +if ftp http://www.openbsd.org/spamd/nixspam.gz; then + if gunzip nixspam.gz; then + cut -d ' ' -f 1 nixspam /var/db/nixspam + fi fi exit I'd test this on something you don't care about first, just to be sure. -- Aaron Mason - Programmer, open source addict - Oh, why does everything I whip leave me?
Re: /dev/audio: Device busy
On Thu, Oct 01, 2009 at 08:49:10PM -0700, Buzzer wrote: | pO DANNYM RADIOPEREHWATA OT 1-Oct-2009 20:22, David Hoskin | BYL ZAME^EN W \FIRE, NA ^ASTOTE misc, S TAKIM SOOB]ENIEM: | | I need to play a few audio files simultaneously. | | can't open /dev/audio: Device busy. | | man 1 aucat | | Could you be more verbose? What make you think that I did not read man | aucat? I think Davids mindreading device is broken, so he couldn't tell you tried aucat. Mine seems to be misfunctioning too, can you share with the list what problems you had with aucat in servermode ? Did it give any errormessages ? You know, if you assume we can read your mind, we're going to make some assumptions of our own... Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: X.org killing HAL?
On Fri, Oct 2, 2009 at 4:26 AM, Aaron Mason simplersolut...@gmail.com wrote: Hi all, I'm referring to what was said by alanc in #opensolaris at 04:02:34 at http://echelog.matzon.dk/logs/browse/opensolaris/1254434400 - anybody know anything about this, and how it will affect OpenBSD's X.org implementation? On all existing OpenBSD version HAL is not used by X.Org. so it won't change anything. But OpenBSD will need some kind of device hotplug event notification mechanism in the future, to support hot-plugging of video cards or complex input devices. -- Matthieu Herrb
