simple question about ppp

[patrick keshishian]

I have been struggling to figure out how to make ppp initiate
negotiation unsuccessfully. Can someone help me with a simple ppp.conf
that does a 'set device "!/path/to/some/prog"' that will initiate
negotiation? I have a prog that waits for input from stdin and logs
any input into a /tmp/logfile, but ppp doesn't seem to be spitting
anything out. When I type "dial" at the ppp-prompt the prog is
executed but ppp isn't sending it any data.

A simple ppp.conf and command line ppp invocation and any ppp commands
at the ppp-prompt would be most helpful.

Thanks,
--patrick

Re: MTA choice

[Mike M]

On 8/13/2010 at 11:26 PM Benny LC6fgren wrote:

|Steve Shockley wrote:
|> On 8/13/2010 2:55 AM, open...@e-solutions.re wrote:
|>> Is there someone to advice me about the choice of the MTA ?
|>
|> I've used Courier-MTA on OpenBSD for a few years.  I think it's a
good
|> choice if you want an all-in-one package but you don't think your
mail
|> server should come with an OS (Zimbra).
|
|I'll second that. We've used Courier-MTA for at least five years and
it
|is very robust with rock-solid performance and a good security record.
|
|(We use sendmail too btw, in spam-filtering mail frontends.)
|
|Unfortunately Courier-MTA isn't in ports (although its cousins
Courier-
|IMAP and Courier-POP3 are), but it is pretty straight-forward to
compile
|from source (read up carefully on the rather lengthy but
well-documented
|compile-and-install process though).
|
|http://www.courier-mta.org/
 =


I've used courier-imap for a few years on one of my servers.   I like
it because of the dedication to implementing standards and that I don't
see stupid security mistakes in it.

Re: weirdness with binat on multiple interfaces (4.7 and August 9th snapshot)

[Henning Brauer]

that is the intended and correct behaviour.
binat is gone. pfctl has a kludge. re-implementing binat as it was
before - over my dead body.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

weirdness with binat on multiple interfaces (4.7 and August 9th snapshot)

[Dan Weber]

If you pass multiple interfaces to a binat-to rule, internally pfctl
generates n^2/2 rules:

# echo "pass on {a, b, c, d, e, f, g } binat-to 1.2.3.4" |  pfctl -a test -f-
# pfctl -a test -sr
pass out on a inet all flags S/SA keep state nat-to 1.2.3.4 static-port
pass in on a inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on b inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on c inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on d inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on e inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on f inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on g inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass out on b inet all flags S/SA keep state nat-to 1.2.3.4 static-port
pass in on b inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on c inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on d inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on e inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on f inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on g inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass out on c inet all flags S/SA keep state nat-to 1.2.3.4 static-port
pass in on c inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on d inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on e inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on f inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on g inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass out on d inet all flags S/SA keep state nat-to 1.2.3.4 static-port
pass in on d inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on e inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on f inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on g inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass out on e inet all flags S/SA keep state nat-to 1.2.3.4 static-port
pass in on e inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on f inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on g inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass out on f inet all flags S/SA keep state nat-to 1.2.3.4 static-port
pass in on f inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass in on g inet from any to 1.2.3.4 flags S/SA keep state rdr-to any
pass out on g inet all flags S/SA keep state nat-to 1.2.3.4 static-port
pass in on g inet from any to 1.2.3.4 flags S/SA keep state rdr-to any

It looks like it's re-parsing all latter entries at each entry.

I realize this rule is kind of silly, although it does similar
behavior if I pass an explicit address.  And even then, I'm not sure
it makes any sense to pass in multiple interfaces to binat-to anyway,
although maybe I'm not being imaginative enough.

Found on August 9th snapshot, but also in 4.7 main.

# uname -mprsv
OpenBSD 4.8 GENERIC#134 i386 Intel(R) Pentium(R) 4 CPU 2.80GHz
("GenuineIntel" 686-class)

# dmesg  | head -3
OpenBSD 4.8 (GENERIC) #134: Mon Aug  9 11:58:12 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz ("GenuineIntel" 686-class) 2.80 GHz

Re: Same shit all over again

[Thomas Pfaff]

On Fri, 13 Aug 2010 19:46:24 +0200
disgrun tled-developers  wrote:

> Just to keep the mortals in the loop,
> 
> This date to day, on Tuesday the 13th of August 2002, Theo had another fit
> and kicked out all the OpenBSD developers for a couple of days or so:
>

This is between Theo and his developers.  It has no place here on
misc@ so please just shove it.  Go cry on your mothers' shoulder
and tell her all about how you got your feelings hurt.  It's really
fucked up what you just did.

Re: Web hosting, restrict user to access only his folder

[Benny Löfgren]

Daniel Ouellet wrote:

i used ftpd (-4Dln) for users to upload their website(with /etc/ftpchroot
configured).
My problem, user can see content of others.
For example, 2ndxx can update his folder but he can see also the 
content of

"firstxx" folder.
How can i restrict that ?


Well, you could setup no login in the master.passwd for that user and 
assign the home directory to their web site folder. They will change 
root to that and can't get out of it via ftp.




Or use for example PureFTPd which have similar functionality built-in 
and can be used with *SQL or LDAP authentication so there would be no 
need to use actual unix accounts.


That approach works only, however, if the web server isn't set up to run 
 CGI scripts or some scripting language like PHP, in which case it is a 
piece of cake to write a script to look around in apaches entire 
chroot():ed environment.


(I've long wished for a privsep apache with separate chroot():s for 
every virtual domain... one of these days I'm gonna have to look into 
it, but I suppose it's not trivial to implement or someone would have 
done it by now. :-) )



/B

--
internetlabbet.se / work:   +46 8 551 124 80  / "Words must
Benny LC6fgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted."
   /email:  benny -at- internetlabbet.se

Re: MTA choice

[Benny Löfgren]

Steve Shockley wrote:

On 8/13/2010 2:55 AM, open...@e-solutions.re wrote:

Is there someone to advice me about the choice of the MTA ?


I've used Courier-MTA on OpenBSD for a few years.  I think it's a good 
choice if you want an all-in-one package but you don't think your mail 
server should come with an OS (Zimbra). 


I'll second that. We've used Courier-MTA for at least five years and it 
is very robust with rock-solid performance and a good security record.


(We use sendmail too btw, in spam-filtering mail frontends.)

Unfortunately Courier-MTA isn't in ports (although its cousins Courier- 
IMAP and Courier-POP3 are), but it is pretty straight-forward to compile 
from source (read up carefully on the rather lengthy but well-documented 
compile-and-install process though).


http://www.courier-mta.org/

/B

--
internetlabbet.se / work:   +46 8 551 124 80  / "Words must
Benny LC6fgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted."
   /email:  benny -at- internetlabbet.se

Re: Web hosting, restrict user to access only his folder

[Bret S. Lambert]

On Sat, Aug 14, 2010 at 12:04:56AM +0400, open...@e-solutions.re wrote:
> Hi,
> 
> I installed OpenBSD 4.7 for web hosting (test).
> So i have 3 websites for 3 users (1 site per user) : 
> www.first.xx (user : firstxx)
> www.2nd.xx (user : 2ndxx)
> www.third.xx (user : thirdxx)
> 
> All web pages are stored in /var/www/domains/
> So in /var/www/domains we have 3 folders :
> www.first.xx folder (owner : firstxx ; chmod 755)
> www.2nd.xx folder (owner : 2ndxx ; chmod 755)
> www.third.xx folder (owner : thirdxx ; chmod 755)
> 
> i used ftpd (-4Dln) for users to upload their website(with /etc/ftpchroot
> configured).
> My problem, user can see content of others.
> For example, 2ndxx can update his folder but he can see also the content of
> "firstxx" folder.
> How can i restrict that ?

Somewhere between the monitor_init and yyparse calls in ftpd.c

> thank's.

Re: Web hosting, restrict user to access only his folder

[Daniel Ouellet]

i used ftpd (-4Dln) for users to upload their website(with /etc/ftpchroot
configured).
My problem, user can see content of others.
For example, 2ndxx can update his folder but he can see also the content of
"firstxx" folder.
How can i restrict that ?


Well, you could setup no login in the master.passwd for that user and 
assign the home directory to their web site folder. They will change 
root to that and can't get out of it via ftp.

Re: MTA choice

[Rich Kulawiec]

Qmail is best-known among everyone equipped with sufficient experience
as the cause of numerous operational issues and a fair amount of abuse
thanks to a number of very poor design and implementation decisions.
Many of these have been discussed over the year in exhaustive detail
on the appropriate mailing lists and newsgroups.  Anyone who isn't
fully aware of this simply hasn't been paying attention.

---Rsk

Re: Web hosting, restrict user to access only his folder

[Joachim Schipper]

On Sat, Aug 14, 2010 at 12:04:56AM +0400, open...@e-solutions.re wrote:
> Hi,
> 
> I installed OpenBSD 4.7 for web hosting (test).
> So i have 3 websites for 3 users (1 site per user) : 
> www.first.xx (user : firstxx)
> www.2nd.xx (user : 2ndxx)
> www.third.xx (user : thirdxx)
> 
> All web pages are stored in /var/www/domains/
> So in /var/www/domains we have 3 folders :
> www.first.xx folder (owner : firstxx ; chmod 755)
> www.2nd.xx folder (owner : 2ndxx ; chmod 755)
> www.third.xx folder (owner : thirdxx ; chmod 755)
> 
> i used ftpd (-4Dln) for users to upload their website(with /etc/ftpchroot
> configured).
> My problem, user can see content of others.
> For example, 2ndxx can update his folder but he can see also the content of
> "firstxx" folder.
> How can i restrict that ?

Look into suexec, something other than Apache, or one of PHP's built-in
mechanisms. Note that suexec is slow, Apache is standard for a reason,
and PHP's security record is pretty bad.

Joachim

Web hosting, restrict user to access only his folder

[openbsd]

Hi,

I installed OpenBSD 4.7 for web hosting (test).
So i have 3 websites for 3 users (1 site per user) : 
www.first.xx (user : firstxx)
www.2nd.xx (user : 2ndxx)
www.third.xx (user : thirdxx)

All web pages are stored in /var/www/domains/
So in /var/www/domains we have 3 folders :
www.first.xx folder (owner : firstxx ; chmod 755)
www.2nd.xx folder (owner : 2ndxx ; chmod 755)
www.third.xx folder (owner : thirdxx ; chmod 755)

i used ftpd (-4Dln) for users to upload their website(with /etc/ftpchroot
configured).
My problem, user can see content of others.
For example, 2ndxx can update his folder but he can see also the content of
"firstxx" folder.
How can i restrict that ?
thank's.

Re: MTA choice

[Internet Retard]

> Date: Fri, 13 Aug 2010 14:20:15 -0500
> From: sl...@peereboom.us
> To: webret...@live.com
> CC: r...@gsp.org; misc@openbsd.org
> Subject: Re: MTA choice
>
> Well he believes that hard disks never lie.  I guess he has a CS degree.


Go away clown. And take your "practical" engineering degree with you. Leave us
to our theory.

That is meant only as a joke. All hail Marco and Theo and... the other two
guys.

Sincerely,

IR

> On Fri, Aug 13, 2010 at 07:09:41PM +, Internet Retard wrote:
> > > Qmail is crap and is only used by people who don't know any better.
> > >
> > > ---Rsk
> >
> > DJB wrote qmail. He codes circles around most clowns and talks a lot of
smack
> > (similar to our noble leader) and he can back it up too. Take the qmail
> > challenge. I don't care for MTA software at all, but qmail is pure art.
Most
> > people bitch about it because it's "different" but most great things are.
No
> > need to trash it without any evidence.
> >
> > Sincerely,
> >
> > IR

Re: Same shit all over again

[pix]

> From: mirage.comput...@gmail.com
> This appears to be none of my business, not sure how it got to misc,
besides
> someone's deep enough interest to create a special gmail (in eu) account.
>
> Now I don't develop software, nor know anything, but this reads like the
> tree got locked because lots of testing was failing to occur, which sounds
> like a reasonable response to discovering lackluster/incomplete testing,
but
> it's tone is much more like we're outing to the community some monster, I
> don't think I'm getting that from it. More like whining from someone who
> didn't get told exactly what they wanted to hear. I appreciate all the hard
> work and socially unpleasant work that goes into protecting my OS, thanks
> for all the effort.
>

#
# Bought 4.6 CD set to replace my MacroHard dying machine.
# Bought 4.7 CD set and a bunch of books from store to learn the ropes.
# I am a very slow learner, but have the luxury of time for now.
# Went to BSDCan 2010, to realize I was one of the few with a laptop
# running OpenBSD, most of the others on their MacPro silver cans.
# Went to Linux Conference in Ottawa to realize again I was one of the
# few with a laptop running OpenBSD, most of the others on their
# HP running God knows.
# I am hoping to get invited to the Hackathon when I turn 100 years old
# so I can claim to be the oldest OpenBSD user on the planet.
# Like weather, after a storm (or rain drops), the sun always shines.
# Version 1.0

---
CF

Re: MTA choice

[Marco Peereboom]

Well he believes that hard disks never lie.  I guess he has a CS degree.

On Fri, Aug 13, 2010 at 07:09:41PM +, Internet Retard wrote:
> > Qmail is crap and is only used by people who don't know any better.
> >
> > ---Rsk
> 
> DJB wrote qmail. He codes circles around most clowns and talks a lot of smack
> (similar to our noble leader) and he can back it up too. Take the qmail
> challenge. I don't care for MTA software at all, but qmail is pure art. Most
> people bitch about it because it's "different" but most great things are. No
> need to trash it without any evidence.
> 
> Sincerely,
> 
> IR

Re: MTA choice

[Internet Retard]

> Qmail is crap and is only used by people who don't know any better.
>
> ---Rsk

DJB wrote qmail. He codes circles around most clowns and talks a lot of smack
(similar to our noble leader) and he can back it up too. Take the qmail
challenge. I don't care for MTA software at all, but qmail is pure art. Most
people bitch about it because it's "different" but most great things are. No
need to trash it without any evidence.

Sincerely,

IR

Re: Same shit all over again

[Kevin Chadwick]

I had to think a while before daring to reply to this as I'm obviously
out of my depth and don't know the background or real issues or if
what I have to say is remotely relevent, I apologise if I'm out of
order.

It seems that OpenBSD has set it's goals and is the best at it. It
doesn't really need to compete with other OS. I imagine this takes
overseers like theo who understand so much of the OS to point things
out, as I have seen from the src list. If development accelerates then
those overseers are going to have more work and pressure, and so making
their/his job as easy as possible is paramount if we want any
acceleration in development. I don't want to see large company
syndrome, where the head doesn't know what the feet are kicking.

If others think they can do his job then they are the best people to
make his job and life easier resulting in faster yet still manageable
development. If you develop hardware brilliantly you may not have to
test test test as suggested to us by other companies, but you always
have to test.

On Fri, 13 Aug 2010 13:23:28 -0500
patric conant  wrote:

> This appears to be none of my business, not sure how it got to misc, besides
> someone's deep enough interest to create a special gmail (in eu) account.
> 
> Now I don't develop software, nor know anything, but this reads like the
> tree got locked because lots of testing was failing to occur, which sounds
> like a reasonable response to discovering lackluster/incomplete testing, but
> it's tone is much more like we're outing to the community some monster, I
> don't think I'm getting that from it. More like whining from someone who
> didn't get told exactly what they wanted to hear. I appreciate all the hard
> work and socially unpleasant work that goes into protecting my OS, thanks
> for all the effort.
> 
> On Fri, Aug 13, 2010 at 12:46 PM, disgrun tled-developers <
> disgruntled.develop...@googlemail.com> wrote:
> 
> > Just to keep the mortals in the loop,
> >
> > This date to day, on Tuesday the 13th of August 2002, Theo had another fit
> > and kicked out all the OpenBSD developers for a couple of days or so:
> >
> > > Subject: Re: dealing with security issues when Theo is away
> > > Date: Tue, 13 Aug 2002 10:25:08 -0600
> > > From: Theo de Raadt 
> > >
> > > None of this that you posted changes a single thing.
> > >
> > > I DID say who was responsible.
> > >
> > > Those people were not contacted.
> > >
> > > It seems you still don't understand the level of not caring that
> > > happened.
> > >
> > > I am taking a holiday next week.  For that time, I think cvs will be
> > > turned off.
> > >
> > > Good god, reading even further, you are so fucking out of touch.
> > > There are only 3 machines on at my house at the moment, and you start
> > > talking about OTHER machines?
> > >
> > > NOONE PHONED ME.
> >
> > And:
> >
> > > Subject: And
> > > Date: Wed, 14 Aug 2002 17:35:30 -0600
> > > From: Theo de Raadt 
> > >
> > > If I don't get answers from the evasive developers soon, I am going to
> > > take this to misc, and I will be very open with naming names.
> > >
> > > This is now days of people trying to hide from what happened.
> >
> > -- snip  snip 
> >
> > So Theo shut down all machines in his basement and none of the developers
> > had any access to the work they doing.
> >
> > I'd like to remind people that at this point we lost valuable developers
> > like Niels Provos which turns out the be one of the few who fully
> > understood
> > crypto and the security improvements like separation of privileges. Not to
> > forget Hugh, Aaron and a few others Others had their account re-enabled
> > after groveling. And all that over a misunderstanding that is to blame to
> > the fact that Theo had no written procedures on how to deal with 'issues'.
> > When Theo is away, you just 'wing it'.
> >
> > Today, we see the same shit all over again... Theo just announced the
> > following:
> >
> > - snip  snip 
> >
> > > To: hack...@cvs.openbsd.org
> > > Subject: Tree locked
> > > Date: Fri, 13 Aug 2010 10:03:05 -0600
> > > From: Theo de Raadt 
> > >
> > > I am locking all the trees until the development community decides
> > > how future releases will be done.
> > >
> > > Yes, we all have to do our part.  We write code, and some people go
> > > further by building, and some people go even further by building
> > > during the release cycle.
> > >
> > > But everyone also has to test, or we will ship crap.  Yet on random
> > > releases this process totally falls over, and we end up shipping crap.
> > >
> > > Three architectures did not have one of their boot methods checked --
> > > yes, they are listed in the TESTS file! -- and the bugs were found
> > > very very late in the process.  Basically 1 week after the TEST file
> > > went up.
> > >
> > > pkg_add turns out to have a major bug which would have been spotted if
> > > just a few other people had tested another line item in the TESTS
> > > file.
> > >
> > > T

Re: Same shit all over again

[Jim Razmus]

* patric conant  [100813 14:27]:
> This appears to be none of my business, not sure how it got to misc, besides
> someone's deep enough interest to create a special gmail (in eu) account.
> 

One, or more, of the developers have chosen to take a selection of the
projects private mailing list and bring it here.

> Now I don't develop software, nor know anything, but this reads like the
> tree got locked because lots of testing was failing to occur, which sounds
> like a reasonable response to discovering lackluster/incomplete testing, but
> it's tone is much more like we're outing to the community some monster, I
> don't think I'm getting that from it. More like whining from someone who
> didn't get told exactly what they wanted to hear. I appreciate all the hard
> work and socially unpleasant work that goes into protecting my OS, thanks
> for all the effort.
> 

There are a series of internal discussions going on regarding testing
specifically during the release cycle.  If anything, the strong
reactions and conversations are a testament to our drive to do things
right.  Everyone involved in the project has high expectations for their
work as well as their fellow developers.  That's particularly apparent
here.

Please keep in mind, this is just my assessment of what's going on.  I'm
still a newbie dev and quite possibly naive.

jim@

> On Fri, Aug 13, 2010 at 12:46 PM, disgrun tled-developers <
> disgruntled.develop...@googlemail.com> wrote:
> 
> > Just to keep the mortals in the loop,
> >
> > This date to day, on Tuesday the 13th of August 2002, Theo had another fit
> > and kicked out all the OpenBSD developers for a couple of days or so:
> >
> > > Subject: Re: dealing with security issues when Theo is away
> > > Date: Tue, 13 Aug 2002 10:25:08 -0600
> > > From: Theo de Raadt 
> > >
> > > None of this that you posted changes a single thing.
> > >
> > > I DID say who was responsible.
> > >
> > > Those people were not contacted.
> > >
> > > It seems you still don't understand the level of not caring that
> > > happened.
> > >
> > > I am taking a holiday next week.  For that time, I think cvs will be
> > > turned off.
> > >
> > > Good god, reading even further, you are so fucking out of touch.
> > > There are only 3 machines on at my house at the moment, and you start
> > > talking about OTHER machines?
> > >
> > > NOONE PHONED ME.
> >
> > And:
> >
> > > Subject: And
> > > Date: Wed, 14 Aug 2002 17:35:30 -0600
> > > From: Theo de Raadt 
> > >
> > > If I don't get answers from the evasive developers soon, I am going to
> > > take this to misc, and I will be very open with naming names.
> > >
> > > This is now days of people trying to hide from what happened.
> >
> > -- snip  snip 
> >
> > So Theo shut down all machines in his basement and none of the developers
> > had any access to the work they doing.
> >
> > I'd like to remind people that at this point we lost valuable developers
> > like Niels Provos which turns out the be one of the few who fully
> > understood
> > crypto and the security improvements like separation of privileges. Not to
> > forget Hugh, Aaron and a few others Others had their account re-enabled
> > after groveling. And all that over a misunderstanding that is to blame to
> > the fact that Theo had no written procedures on how to deal with 'issues'.
> > When Theo is away, you just 'wing it'.
> >
> > Today, we see the same shit all over again... Theo just announced the
> > following:
> >
> > - snip  snip 
> >
> > > To: hack...@cvs.openbsd.org
> > > Subject: Tree locked
> > > Date: Fri, 13 Aug 2010 10:03:05 -0600
> > > From: Theo de Raadt 
> > >
> > > I am locking all the trees until the development community decides
> > > how future releases will be done.
> > >
> > > Yes, we all have to do our part.  We write code, and some people go
> > > further by building, and some people go even further by building
> > > during the release cycle.
> > >
> > > But everyone also has to test, or we will ship crap.  Yet on random
> > > releases this process totally falls over, and we end up shipping crap.
> > >
> > > Three architectures did not have one of their boot methods checked --
> > > yes, they are listed in the TESTS file! -- and the bugs were found
> > > very very late in the process.  Basically 1 week after the TEST file
> > > went up.
> > >
> > > pkg_add turns out to have a major bug which would have been spotted if
> > > just a few other people had tested another line item in the TESTS
> > > file.
> > >
> > > That is ridiculous.
> > >
> > > I cannot accept all this pressure being on me; I want recognition that
> > > all the people who thus far have accused me for not being clear are
> > > wrong.
> > > we have developers in the group who cannot by themselves recognize --
> > > even ANTICIPATE -- that we are going into the same 6-month release
> > > cycle, EVERY feb/march, and EVERY august/sept, and then participate to
> > > identify the 10 last stupid bugs that we sh

Re: MTA choice

[Martin Schröder]

2010/8/13 Jacob Yocom-Piatt :
> sendmail is a piece of software that is historically notorious for security
> problems

IMHO this opinion is based on information from the last century; how
many security problems were there in the last decade?

Best
   Martin

Re: Same shit all over again

[m brandenberg]

On Fri, 13 Aug 2010, disgrun tled-developers wrote:


This date to day, on Tuesday the 13th of August 2002, Theo had another fit
and kicked out all the OpenBSD developers for a couple of days or so:


All I can say is:  "Thank you Theo for giving a damn and not running
some kind of peewee flophouse."

--
Monty Brandenberg

Re: Same shit all over again

[patric conant]

This appears to be none of my business, not sure how it got to misc, besides
someone's deep enough interest to create a special gmail (in eu) account.

Now I don't develop software, nor know anything, but this reads like the
tree got locked because lots of testing was failing to occur, which sounds
like a reasonable response to discovering lackluster/incomplete testing, but
it's tone is much more like we're outing to the community some monster, I
don't think I'm getting that from it. More like whining from someone who
didn't get told exactly what they wanted to hear. I appreciate all the hard
work and socially unpleasant work that goes into protecting my OS, thanks
for all the effort.

On Fri, Aug 13, 2010 at 12:46 PM, disgrun tled-developers <
disgruntled.develop...@googlemail.com> wrote:

> Just to keep the mortals in the loop,
>
> This date to day, on Tuesday the 13th of August 2002, Theo had another fit
> and kicked out all the OpenBSD developers for a couple of days or so:
>
> > Subject: Re: dealing with security issues when Theo is away
> > Date: Tue, 13 Aug 2002 10:25:08 -0600
> > From: Theo de Raadt 
> >
> > None of this that you posted changes a single thing.
> >
> > I DID say who was responsible.
> >
> > Those people were not contacted.
> >
> > It seems you still don't understand the level of not caring that
> > happened.
> >
> > I am taking a holiday next week.  For that time, I think cvs will be
> > turned off.
> >
> > Good god, reading even further, you are so fucking out of touch.
> > There are only 3 machines on at my house at the moment, and you start
> > talking about OTHER machines?
> >
> > NOONE PHONED ME.
>
> And:
>
> > Subject: And
> > Date: Wed, 14 Aug 2002 17:35:30 -0600
> > From: Theo de Raadt 
> >
> > If I don't get answers from the evasive developers soon, I am going to
> > take this to misc, and I will be very open with naming names.
> >
> > This is now days of people trying to hide from what happened.
>
> -- snip  snip 
>
> So Theo shut down all machines in his basement and none of the developers
> had any access to the work they doing.
>
> I'd like to remind people that at this point we lost valuable developers
> like Niels Provos which turns out the be one of the few who fully
> understood
> crypto and the security improvements like separation of privileges. Not to
> forget Hugh, Aaron and a few others Others had their account re-enabled
> after groveling. And all that over a misunderstanding that is to blame to
> the fact that Theo had no written procedures on how to deal with 'issues'.
> When Theo is away, you just 'wing it'.
>
> Today, we see the same shit all over again... Theo just announced the
> following:
>
> - snip  snip 
>
> > To: hack...@cvs.openbsd.org
> > Subject: Tree locked
> > Date: Fri, 13 Aug 2010 10:03:05 -0600
> > From: Theo de Raadt 
> >
> > I am locking all the trees until the development community decides
> > how future releases will be done.
> >
> > Yes, we all have to do our part.  We write code, and some people go
> > further by building, and some people go even further by building
> > during the release cycle.
> >
> > But everyone also has to test, or we will ship crap.  Yet on random
> > releases this process totally falls over, and we end up shipping crap.
> >
> > Three architectures did not have one of their boot methods checked --
> > yes, they are listed in the TESTS file! -- and the bugs were found
> > very very late in the process.  Basically 1 week after the TEST file
> > went up.
> >
> > pkg_add turns out to have a major bug which would have been spotted if
> > just a few other people had tested another line item in the TESTS
> > file.
> >
> > That is ridiculous.
> >
> > I cannot accept all this pressure being on me; I want recognition that
> > all the people who thus far have accused me for not being clear are
> > wrong.
> > we have developers in the group who cannot by themselves recognize --
> > even ANTICIPATE -- that we are going into the same 6-month release
> > cycle, EVERY feb/march, and EVERY august/sept, and then participate to
> > identify the 10 last stupid bugs that we should fix.  Is there that
> > little desire to ship a good release?
> >
> > It will not be fixed by sending more mails out.  I did send out mails
> > and they were ignored.  Communication coming from me is not the
> > problem; it is clear that developers are NOT LISTENING.
> >
> > The problem is not new developers either.  Anyone accusing them has
> > got it all wrong.  New developers are supposed to learn the ropes from
> > old developers, and it is the old developers who are not doing their
> > part.  Yes, that means you.
> >
> > 31 people tested, meaning 140 people did not.  Any suggestions for
> > people who have idled out and don't want to be involved any more?
> >
> > When we ship a crap release, it is not my fault.  It is YOUR fault.
> >
> > So tell me how we are going to fix this.  Don't reply just to me.
> >
> > As I said, I w

Re: MTA choice

[Dave Anderson]

On Fri, 13 Aug 2010, Jacob Yocom-Piatt wrote:

>Dave Anderson wrote:
>> On Fri, 13 Aug 2010,j...@fixedpointgroup.com  wrote:
>>
>>> sendmail is fine if you have a few users at a relatively quiet domain,
>>> all of whom you want to have system accounts on the mailserver.
>>>
>> You imply that sendmail is _only_ fine for such limited uses, which is
>> certainly not true in my experience; I'm curious as to why you believe
>> this.
>
>please don't try to put words in my mouth, it makes you look stupid. at
>no point did i say what you claim i 'implied' i.e. that it is the *only*
>use case, you assume too much.

Implication is, by definition, about what you _didn't_ explicitly say.
In the context of this thread, the implication seems quite clear to me
-- but since it isn't what you intended, there's no reason for further
discussion of it.

[Lots of overreaction snipped.]

Dave

-- 
Dave Anderson

Same shit all over again

[disgrun tled-developers]

Just to keep the mortals in the loop,

This date to day, on Tuesday the 13th of August 2002, Theo had another fit
and kicked out all the OpenBSD developers for a couple of days or so:

> Subject: Re: dealing with security issues when Theo is away
> Date: Tue, 13 Aug 2002 10:25:08 -0600
> From: Theo de Raadt 
>
> None of this that you posted changes a single thing.
>
> I DID say who was responsible.
>
> Those people were not contacted.
>
> It seems you still don't understand the level of not caring that
> happened.
>
> I am taking a holiday next week.  For that time, I think cvs will be
> turned off.
>
> Good god, reading even further, you are so fucking out of touch.
> There are only 3 machines on at my house at the moment, and you start
> talking about OTHER machines?
>
> NOONE PHONED ME.

And:

> Subject: And
> Date: Wed, 14 Aug 2002 17:35:30 -0600
> From: Theo de Raadt 
>
> If I don't get answers from the evasive developers soon, I am going to
> take this to misc, and I will be very open with naming names.
>
> This is now days of people trying to hide from what happened.

-- snip  snip 

So Theo shut down all machines in his basement and none of the developers
had any access to the work they doing.

I'd like to remind people that at this point we lost valuable developers
like Niels Provos which turns out the be one of the few who fully understood
crypto and the security improvements like separation of privileges. Not to
forget Hugh, Aaron and a few others Others had their account re-enabled
after groveling. And all that over a misunderstanding that is to blame to
the fact that Theo had no written procedures on how to deal with 'issues'.
When Theo is away, you just 'wing it'.

Today, we see the same shit all over again... Theo just announced the
following:

- snip  snip 

> To: hack...@cvs.openbsd.org
> Subject: Tree locked
> Date: Fri, 13 Aug 2010 10:03:05 -0600
> From: Theo de Raadt 
>
> I am locking all the trees until the development community decides
> how future releases will be done.
>
> Yes, we all have to do our part.  We write code, and some people go
> further by building, and some people go even further by building
> during the release cycle.
>
> But everyone also has to test, or we will ship crap.  Yet on random
> releases this process totally falls over, and we end up shipping crap.
>
> Three architectures did not have one of their boot methods checked --
> yes, they are listed in the TESTS file! -- and the bugs were found
> very very late in the process.  Basically 1 week after the TEST file
> went up.
>
> pkg_add turns out to have a major bug which would have been spotted if
> just a few other people had tested another line item in the TESTS
> file.
>
> That is ridiculous.
>
> I cannot accept all this pressure being on me; I want recognition that
> all the people who thus far have accused me for not being clear are
> wrong.
> we have developers in the group who cannot by themselves recognize --
> even ANTICIPATE -- that we are going into the same 6-month release
> cycle, EVERY feb/march, and EVERY august/sept, and then participate to
> identify the 10 last stupid bugs that we should fix.  Is there that
> little desire to ship a good release?
>
> It will not be fixed by sending more mails out.  I did send out mails
> and they were ignored.  Communication coming from me is not the
> problem; it is clear that developers are NOT LISTENING.
>
> The problem is not new developers either.  Anyone accusing them has
> got it all wrong.  New developers are supposed to learn the ropes from
> old developers, and it is the old developers who are not doing their
> part.  Yes, that means you.
>
> 31 people tested, meaning 140 people did not.  Any suggestions for
> people who have idled out and don't want to be involved any more?
>
> When we ship a crap release, it is not my fault.  It is YOUR fault.
>
> So tell me how we are going to fix this.  Don't reply just to me.
>
> As I said, I will not accept responsibility for what went wrong here.
> And if anyone wants their account disabled, please accuse me just once
> more.

- snip  snip 

And he picks on a few individuals:

 - snip  snip 

> To: hack...@cvs.openbsd.org
> Subject: Testing
> Date: Fri, 13 Aug 2010 09:39:12 -0600
> From: Theo de Raadt 
>
> I would like to see some tests for the upcoming release from Henning.
>
> I hope this communication is clear enough.

- snip  snip 

> To: henn...@cvs.openbsd.org
> cc: hack...@cvs.openbsd.org
> Subject: Apology
> Date: Fri, 13 Aug 2010 09:44:45 -0600
> From: Theo de Raadt 
>
> I find myself unable to take back-talk from people discussing testing
> and then accusing me of having not done my job asking for testing,
> when they did not do their job.  You did zero tests (everyone can
> check ~jsing/TESTS) over the 3 week period, yet you feel you can
> lecture me on why the testing procedure failed.
>
> I will enable your account when you find the t

Re: MTA choice

[Bret S. Lambert]

Real hackers do their email with awk and nc.

Re: MTA choice

[Siju George]

On Fri, Aug 13, 2010 at 8:00 PM,   wrote:
>> i have heard good things about qmail but never used it myself.
>
> Thank's for your answer.
>
>

http://www.lifewithqmail.org/ldap/

name sounds similar. date.

--Siju

Re: MTA choice

[Jacob Yocom-Piatt]

Dave Anderson wrote:

On Fri, 13 Aug 2010,j...@fixedpointgroup.com  wrote:

   

sendmail is fine if you have a few users at a relatively quiet domain,
all of whom you want to have system accounts on the mailserver.
 

You imply that sendmail is _only_ fine for such limited uses, which is
certainly not true in my experience; I'm curious as to why you believe
this.

   



please don't try to put words in my mouth, it makes you look stupid. at 
no point did i say what you claim i 'implied' i.e. that it is the *only* 
use case, you assume too much.


sendmail is a piece of software that is historically notorious for 
security problems and has only been tuned up to get in the openbsd tree 
with input from some very sharp people. that says nothing about its 
ability to handle load, which it obviously can do just fine based on the 
ubiquity of its past and present usage as an mta.




It doesn't require (or, AFAICT, benefit in any way) from users having
any sort of account (let alone a system account) on the mailserver
itself, and it's not hard to set up multiple domains on the same server.

   



how about you *read* my earlier email before responding to shit that 
wasn't in it. try setting up a mailserver that does the following with 
sendmail and you will see the limitations of sendmail:


- mail delivers to either mbox or maildir on the same machine as the mta
- there is a per email address login for users who do not have a system 
account
- host multiple domains and want separate mailboxes with separate logins 
to access each mailbox
- authentication is done against a single password store for pop/imap 
and smtp auth
- a copy of every email passing through the server is kept for auditing 
purposes


sendmail works great when the final destination is a system user who may 
or may not run an mta on their workstation. this used to be one of the 
most common ways to configure a unix system e.g. students at a 
university who have shells and can register for classes on the same system.




While I haven't needed to do it myself, there's plenty of anecdotal
evidence of large, busy mailservers running sendmail.

   



call CNN, this is serious news. thanks for letting us all know about this!



I'm _not_ arguing whether sendmail is better or worse than the
alternatives; while I've looked at a few others, I've never used any of
them -- so I don't have any real basis for an opinion.  I _have_ been
using sendmail (on a light-duty, mostly-home mailserver) for 15 years.

   



so why, exactly, did you choose to respond to my email? oh, that's 
right, you're a douchebag. i love rhetorical questions.


thanks for cutting snippets out of my original email, taking them out of 
context and being annoying.

Opportunity for MUMPS / CACHE Programmer /Analyst

[Shibu Singha]

GDI InfoTech, Inc. has an immediate opening for MUMPS / CACHE Programmer
/Analyst. With our client based in Albany, NY. This is a 18 Months
opportunity. 

Position Title  :  MUMPS / CACHE Programmer /Analyst

Location   :  Albany, NY

Duration  :  18 months

 

Desirable Experience:

 Minimum of four years hands-on programming experience using
MUMPS (Mass. General Utility Multi-Programming System) excluding post -
relational Cache (i.e., Cache objects, etc.).At least 6 months of this
experience be within the 18 months prior to the release of this
procurement.

 Programming experience using MUMPS (excluding post - relational
Cache) to develop and implement Admission / Discharge / Release and / or
Financial Eligibility and Billing software in a health-care delivery
environment. Relevant experience should be in a mainframe, midrange or
client server environment.

If you or any of your contacts are a fit for the requirement and are
interested in pursuing this opportunity, please email me your resume in
word format, your availability and salary/ rate requirements, a number
to reach you and a convenient time to call.

 
Regards,

Shibu Singha

one: 734-418-2341

Fax: 734-661-5992

Email: sh...@gdii.com 

Yahoo IM: shibus_5050



File #<> 
 
 
You are receiving this email because you are a member of our private
contact database. If you do not wish to receive similar email messages
in the future and to see our contact information please click here
 . We respect your privacy. This email
fully complies with the CAN-SPAM Act.

Opportunity for : MUMPS / CACHE Programmer /Analyst

[Shibu Singha]

GDI InfoTech, Inc. has an immediate opening for MUMPS / CACHE Programmer
/Analyst. With our client based in Albany, NY. This is a 18
Monthopportunity. 

Position Title  :  MUMPS / CACHE Programmer /Analyst

Location   :  Albany, NY

Duration  :  18 months

 

Desirable Experience:

 Minimum of four years hands-on programming experience using
MUMPS (Mass. General Utility Multi-Programming System) excluding post -
relational Cache (i.e., Cache objects, etc.).At least 6 months of this
experience be within the 18 months prior to the release of this
procurement.

 Programming experience using MUMPS (excluding post - relational
Cache) to develop and implement Admission / Discharge / Release and / or
Financial Eligibility and Billing software in a health-care delivery
environment. Relevant experience should be in a mainframe, midrange or
client server environment.

 

If you or any of your contacts are a fit for the requirement and are
interested in pursuing this opportunity, please email me your resume in
word format, your availability and salary/ rate requirements, a number
to reach you and a convenient time to call.

 

Regards,

Shibu Singha

one: 734-418-2341

Fax: 734-661-5992

Email: sh...@gdii.com 

Yahoo IM: shibus_5050

Re: MTA choice

[Fredrik Henbjork]

On 08/13/2010 04:02 PM, Daniel Ouellet wrote:

But I also like my network servers
to have been "field proven in the nasty wilderness" by others
for some time before starting to use them myself in production,


Men, that's rather very selfish! So, you want everyone one else to do
the work, but not you!? You don't want to participate in testing things
and improving them, but rather, just sit back and demand that you are
served on a silver plate? Or may be gold even here...


Yes, I'm "selfish" enough to want to run stable and secure software on
my *production* systems. It's hard enough to find software that
works really well as it is, and especially if it faces the Internet
and the Bad People on it who want to exploit your systems, even if
you limit yourself to "stable" releases from quality driven projects.
So I prefer to do testing on designated test systems, instead of taking
unnecessary risks with the production systems I'm responsible for.

But I bet you're the kind of guy who gladly volunteers to put yourself
and your family in a car running freshly written, and poorly tested,
0.0.0.0.0.1-alfa version brake system software to help iron out the
bugs in it. Or are you also a selfish bastard, just like me? ;-D

/Fredrik Henbjork

Re: MTA choice

[James Peltier]

- Original Message 
> From: "open...@e-solutions.re" 
> To: misc@openbsd.org
> Cc: Christer Solskogen 
> Sent: Fri, August 13, 2010 12:41:36 AM
> Subject: Re: MTA choice
> 
> I only want to know what is better (easiest way, most secure) to use.
> And  have your advice.
> 
> On Fri, 13 Aug 2010 09:04:01 +0200, Christer  Solskogen
>   wrote:
> > On Fri, Aug 13, 2010 at 8:55 AM,wrote:
> >> Hi,
> >>
> >> I want to install a  mailserver.
> >> What is the easiest and the most secure solution  ?
> >> OpenBSD comes with Sendmail. I seen a lot of people use Postfix  instead
> >> Sendmail.
> >> Is there someone to advice me about  the choice of the MTA ?
> >>
> > 
> > Why do you think OpenBSD  ships with (a custom and secure) sendmail by
> > default?
> > Do you  think it is because that is the easiest and most secure option
> > or do you  think by installing postfix you'll be all secure and stuff?
> 
>

The one that you are most familiar with will always be the most secure 
solution.  If you think choosing a particular product will ensure security you 
are wrong from the start.  I happen to like sendmail and use it still

 ---
James A. Peltier james_a_pelt...@yahoo.ca

Re: MTA choice

[Mike M]

On 8/13/2010 at 3:43 AM Peter Miller wrote:

|> I only want to know what is better (easiest way, most secure) to
use.
|> And have your advice.
|
|He just gave it to you. sendmail.
 =


My opinion, and my opinion only - if you do notd to change any of the
configuration settings from the base install, then stay with sendmail.

Once you need to start "getting into" the sendmail configuration files
to use, for example, one transport for one domain and another transport
as the default, then sendmail's configuration rapidly becomes daunting.
 


I moved over to Postfix because of its excellent security and ease of
configuration.   


YMMV and all that stuff.

Re: MTA choice

[Mike M]

On 8/13/2010 at 9:04 AM Christer Solskogen wrote:

|On Fri, Aug 13, 2010 at 8:55 AM,   wrote:
|> Hi,
|>
|> I want to install a mailserver.
|> What is the easiest and the most secure solution ?
|> OpenBSD comes with Sendmail. I seen a lot of people use Postfix
instead
|> Sendmail.
|> Is there someone to advice me about the choice of the MTA ?
|>
|
|Why do you think OpenBSD ships with (a custom and secure) sendmail by
|default?
 =


sendmail has an OpenBSD compatible license?   

   :)

Re: Disable Relayd's error message

[Kevin Chadwick]

On Fri, 13 Aug 2010 16:58:46 +0200
"Bret S. Lambert"  wrote:

> On Fri, Aug 13, 2010 at 03:41:08PM +0100, Keith wrote:
> > I just realized that if I telnet to our web servers on port 80 and
> > press enter a few times that I get a reply back from relayd that I
> > didn't expect "OpenBSD relayd at 127.0.0.1 port
> > 8080" This error is correct as we use a PF rdr rule to
> > redirect traffic on our firewall to localhost port 8080 where we
> > have relayd listening. I was wondering if it's possible to stop this
> > error from being displayed as I would prefer not to disclose to the
> > world what software we use.
> > 
> > I've had a look at our  relayd.conf  to see if there is a "return
> > error" line but there isn't and I can't see any other way of
> > stopping this error from being displayed. Does anyone have any
> > suggestions ?
> 
> Yes; the function you're looking for is relay_close_http(), in relay.c
> 
> You'll also have to hack the support for setting the string in parse.y
> 
> Of course, you could just redefine RELAYD_SERVERNAME in relayd.h, but
> that's cheating :)
> 

You can set return error in relayd.conf to blank or comment it out, I
can't remember which. You'll then get a blank error page though which
may confuse users, so if you want to customise the text other than the
style I believe you'll need to edit the source as shown.

Re: MTA choice

[Kevin Chadwick]

On Fri, 13 Aug 2010 10:14:52 -0400

> 
> Qmail is crap and is only used by people who don't know any better.
> 
> ---Rsk
> 

Actually "q"mail is only used by people who do know better because
otherwise people like yahoo wouldn't go to such lengths to install it
(caused by it's old licensing). There is a lot of bullshit about qmail
floating around which I assume drove you to your opinion, please tell
me why it is crap perhaps privately, after all this is an OpenBSD and
not a qmail mailing list and I am currently assuming that what you have
to say is wrong or has a patch for it.

Re: hp6930p insane acpitz1 and non working keyboard after halt -p

[Henrik Hellerstedt]

I donated when Marco asked for cash to hp laptops , not much, but
something...
Anyway, I can live with the problem, since suspend/resume works well :)


On Fri, Aug 13, 2010 at 16:35, Theo de Raadt  wrote:
>> My HP 6939p behaves a bit strange,
>
>
> I asked for donation HP machines a few times, for myself and a few
> other ACPI developers.  Only one person replied and it is going to
> take a few weeks to get the machine to me.
>
> So we can't help you.  Good luck fixing your own bug, all of you HP
> owners.

Re: MTA choice

[Dave Anderson]

On Fri, 13 Aug 2010, j...@fixedpointgroup.com wrote:

>sendmail is fine if you have a few users at a relatively quiet domain,
>all of whom you want to have system accounts on the mailserver.

You imply that sendmail is _only_ fine for such limited uses, which is
certainly not true in my experience; I'm curious as to why you believe
this.

It doesn't require (or, AFAICT, benefit in any way) from users having
any sort of account (let alone a system account) on the mailserver
itself, and it's not hard to set up multiple domains on the same server.

While I haven't needed to do it myself, there's plenty of anecdotal
evidence of large, busy mailservers running sendmail.

I'm _not_ arguing whether sendmail is better or worse than the
alternatives; while I've looked at a few others, I've never used any of
them -- so I don't have any real basis for an opinion.  I _have_ been
using sendmail (on a light-duty, mostly-home mailserver) for 15 years.

Dave

-- 
Dave Anderson

Re: MTA choice

[Rich Kulawiec]

On Fri, Aug 13, 2010 at 10:55:13AM +0400, open...@e-solutions.re wrote:
> I want to install a mailserver.
> What is the easiest and the most secure solution ?
> OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead
> Sendmail.
> Is there someone to advice me about the choice of the MTA ?

Generically speaking -- and I'm digesting several decades of
experience into a few paragraphs, so I'm going to make some
sweeping statements that, of course, have exceptions.  Except
for the last one.

If you've never done this before, then stick with sendmail because it
minimizes the probability that you'll screw up.

Postfix is easier to configure than sendmail.  It also benefits from
having been designed after many years of experience with sendmail, so
it incorporates some lessons learned.  It is relatively straighforward
to switch between the two, once you've mastered some basic concepts.

In the contemporary environment, either is a good choice for
relatively secure, relatively high-performance environments.  Both can
be configured/customized extensively and there is plenty of support for
both, from multiple sources.

Exim is newer and arguably still easier to configure.  It might be a
good choice for someone with limited requirements and little experience.

Courier is well-integrated with the other components necessary to make
a fully-featured mail server, and is worth consideration if its feature
set overlaps well with your requirements.

Qmail is crap and is only used by people who don't know any better.

---Rsk

Re: MTA choice

[Steve Shockley]

On 8/13/2010 2:55 AM, open...@e-solutions.re wrote:

Is there someone to advice me about the choice of the MTA ?


I've used Courier-MTA on OpenBSD for a few years.  I think it's a good 
choice if you want an all-in-one package but you don't think your mail 
server should come with an OS (Zimbra).  I also have Maia Mailguard in 
front of it to catch spam, and the base OS Sendmail in front of that 
because I don't trust Maia to listen on the Internet.

Re: Disable Relayd's error message

[Bret S. Lambert]

On Fri, Aug 13, 2010 at 03:41:08PM +0100, Keith wrote:
> I just realized that if I telnet to our web servers on port 80 and
> press enter a few times that I get a reply back from relayd that I
> didn't expect "OpenBSD relayd at 127.0.0.1 port
> 8080" This error is correct as we use a PF rdr rule to
> redirect traffic on our firewall to localhost port 8080 where we
> have relayd listening. I was wondering if it's possible to stop this
> error from being displayed as I would prefer not to disclose to the
> world what software we use.
> 
> I've had a look at our  relayd.conf  to see if there is a "return
> error" line but there isn't and I can't see any other way of
> stopping this error from being displayed. Does anyone have any
> suggestions ?

Yes; the function you're looking for is relay_close_http(), in relay.c

You'll also have to hack the support for setting the string in parse.y

Of course, you could just redefine RELAYD_SERVERNAME in relayd.h, but
that's cheating :)

> 
> Thanks
> Keith
> 
> HTTP/1.x 406 Not Acceptable
> Date: Fri Aug 13 15:20:18 2010
> Server: OpenBSD relayd
> Connection: close
> Content-Type: text/html
> 
> 
> 
> 406 Not Acceptable
> 
> 
> 
> Not Acceptable
> no method
> 
> OpenBSD relayd at 127.0.0.1 port 8080
> 
> 

Disable Relayd's error message

[Keith]

I just realized that if I telnet to our web servers on port 80 and press 
enter a few times that I get a reply back from relayd that I didn't 
expect "OpenBSD relayd at 127.0.0.1 port 8080" This 
error is correct as we use a PF rdr rule to redirect traffic on our 
firewall to localhost port 8080 where we have relayd listening. I was 
wondering if it's possible to stop this error from being displayed as I 
would prefer not to disclose to the world what software we use.


I've had a look at our  relayd.conf  to see if there is a "return error" 
line but there isn't and I can't see any other way of stopping this 
error from being displayed. Does anyone have any suggestions ?


Thanks
Keith

HTTP/1.x 406 Not Acceptable
Date: Fri Aug 13 15:20:18 2010
Server: OpenBSD relayd
Connection: close
Content-Type: text/html



406 Not Acceptable




Not Acceptable
no method

OpenBSD relayd at 127.0.0.1 port 8080

Re: MTA choice

[Kevin Chadwick]

On Fri, 13 Aug 2010 12:27:56 +0200
Henning Brauer  wrote:

> * Peter Miller  [2010-08-13 10:46]:
> > > I only want to know what is better (easiest way, most secure) to use.
> > > And have your advice.
> > 
> > He just gave it to you. sendmail.
> 
> I would never use sendmail for anything halfway serious.

qmail first grabbed my attention which it already had when I noticed a
large defense organisation using it.

I love qmail especially for it's use of the unix philosophy of many
small parts and that it was built with security and simplicity in
mind.

It's not too easy to setup or keep track of vulnerabilities in
patches, but spamcontrol at "www.fehcom.de" makes it easier to turn
qmail into a fully functional and modern MTA, possibly even more
functional and patched than you would desire, but still great. qmail is
almost definately easier than messing with sendmails configs, ONCE the
install is over with too.

I don't know but believe postfix has the shallowest learning
curve and has always had a good security record.

Sendmail will likely make OpenBSD upgrades easier and inherits the eyes
of OpenBSD developers.

Re: MTA choice

[Frans Haarman]

On 13 August 2010 16:30,   wrote:
> On Fri, 13 Aug 2010 09:23:30 -0500, "j...@fixedpointgroup.com"
>  wrote:
>> sendmail is fine if you have a few users at a relatively quiet domain,
>> all of whom you want to have system accounts on the mailserver. smtpd
>> does similarly but has unpredictable behavior at best. i spent many
>> hours fiddling with smtpd until i gave up on it.
>>
>> postfix is great because of the virtual user support, meaning that your
>> mail users do not require system accounts, and configurability. hosting
>> several domains, all with separate mailboxes e.g. u...@domain1.com and
>> u...@domain2.com is done pretty easily by postfix. in the instance that
>> you need support from the postfix-users mailing list don your
>> douchebag-proof-suit and you should be ok so long as you don't subscribe
>> to that list.
>>
>> i have heard good things about qmail but never used it myself.
>
> Thank's for your answer.
>

Qmail has worked for me for many years.  We get about 50.00 smtp connections
a day and do about 200K deliveries a month.

Re: MTA choice

[Henning Brauer]

* Fredrik Henbjork  [2010-08-13 15:57]:
> What are your views on qmail versus Postfix?

irrelevant here anyway.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: which monitoring do you use (on OpenBSD)

[Kevin Chadwick]

What do people think of monit.

Re: hp6930p insane acpitz1 and non working keyboard after halt -p

[Theo de Raadt]

> My HP 6939p behaves a bit strange,


I asked for donation HP machines a few times, for myself and a few
other ACPI developers.  Only one person replied and it is going to
take a few weeks to get the machine to me.

So we can't help you.  Good luck fixing your own bug, all of you HP
owners.

Re: MTA choice

[openbsd]

On Fri, 13 Aug 2010 09:23:30 -0500, "j...@fixedpointgroup.com"
 wrote:
> sendmail is fine if you have a few users at a relatively quiet domain, 
> all of whom you want to have system accounts on the mailserver. smtpd 
> does similarly but has unpredictable behavior at best. i spent many 
> hours fiddling with smtpd until i gave up on it.
> 
> postfix is great because of the virtual user support, meaning that your 
> mail users do not require system accounts, and configurability. hosting 
> several domains, all with separate mailboxes e.g. u...@domain1.com and 
> u...@domain2.com is done pretty easily by postfix. in the instance that 
> you need support from the postfix-users mailing list don your 
> douchebag-proof-suit and you should be ok so long as you don't subscribe 
> to that list.
> 
> i have heard good things about qmail but never used it myself.

Thank's for your answer.

Re: MTA choice

[Jan Stary]

> > I want to install a mailserver.
> > What is the easiest and the most secure solution ?

Your mom.

Re: MTA choice

[j...@fixedpointgroup.com]

Henning Brauer wrote:

* Peter Miller  [2010-08-13 10:46]:
   

I only want to know what is better (easiest way, most secure) to use.
And have your advice.
   

He just gave it to you. sendmail.
 

I would never use sendmail for anything halfway serious.

   



++

sendmail is fine if you have a few users at a relatively quiet domain, 
all of whom you want to have system accounts on the mailserver. smtpd 
does similarly but has unpredictable behavior at best. i spent many 
hours fiddling with smtpd until i gave up on it.


postfix is great because of the virtual user support, meaning that your 
mail users do not require system accounts, and configurability. hosting 
several domains, all with separate mailboxes e.g. u...@domain1.com and 
u...@domain2.com is done pretty easily by postfix. in the instance that 
you need support from the postfix-users mailing list don your 
douchebag-proof-suit and you should be ok so long as you don't subscribe 
to that list.


i have heard good things about qmail but never used it myself.

FYI - this is a very old and contentious question - 'which mta is best?'

Re: install of Aug 11 snapshot hangs

[Mark Bucciarelli]

On Thu, Aug 12, 2010 at 10:59 PM, Nick Holland
 wrote:
> On 08/12/10 13:26, Mark Bucciarelli wrote:
>>
>>  boot> disable acpi
>
> What's this about?
>

Tilting at windmills.

>
> I take it you are PXE booting because you don't have the lower thingie
> which has the floppy and CD for this machine
>

Correct.

>
> If you can't do that, could you do an sha256 against your tftp-delivered
> bsd.rd and see if it matches that on the FTP server?
>

Checked out ok.

> Have you successfully used your tftp server for anything else?

I successfully fetched the pxeboot file and diff said the two
were equal.

>
> Failing that, how about booting with a "boot bsd.rd -c" at the "boot>"
> prompt, then doing a "disable apm" then "quit"
>

Same behavior.

Igor S. suggested upgrading the ancient bios, but I'm leery
of that with no bootable cd, no floppy, and no usb boot.
I can't have the laptop stop working.  I suspect pxeboot/tftpd
is a red herring and it's the bios.

Anyway, thanks for all your efforts.

m

Salut Mon �me

[pelagie . louxamber]

Salut Mon Bme .Si aujourd\'hui mon message de
correspondance vous est adressi c\'est parce que
j\'ai voulu avoir plus de relation pour les
ichanges d\'idie, de propos, pour discuter,
dialoguer et que sais je encore surtout si vous
jtes de Afrique, un continent que  jaime
beaucoup.On m\'appelle LOUXAMBER PELAGIE, je suis
canadienne bgie de 30 ans, mais risidant ` Londres
(Angleterre) je suis cilibataire .Je suis diliguie
midicale. Je serai heureuse de savoir que vous
acceptez ma correspondance. Merci de m\'icrire sur
mon adresse Imail pelagie.louxam...@live.fr . Je
vous informe de bien vouloir me faire savoir d\'oy
vous jtes et ravi de vite recevoir vote riponse.
tiliphone: 0044 70 11 17 33 72

Re: MTA choice

[L. V. Lammert]

On Fri, 13 Aug 2010 open...@e-solutions.re wrote:

> Hi,
>
> I want to install a mailserver.
> What is the easiest and the most secure solution ?
> OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead
> Sendmail.
> Is there someone to advice me about the choice of the MTA ?
>
> Thank's.
>
For a basic mailserver, there's no reason to not use standard Senamdaill
To make it even simpler, install Webmin - the sendmail manager tool is
very useful.

Lee

Re: MTA choice

[Daniel Ouellet]

But I also like my network servers
to have been "field proven in the nasty wilderness" by others
for some time before starting to use them myself in production,


Men, that's rather very selfish! So, you want everyone one else to do 
the work, but not you!? You don't want to participate in testing things 
and improving them, but rather, just sit back and demand that you are 
served on a silver plate? Or may be gold even here...


Sorry if that sound ash here, but I can't believe what I read here

It does come out that way as you put it. I hope it's not what you mean 
right? I must be wrong for sure...


Or full of bullshit again. (;>


Were there any other reasons for writing smtpd(8), instead of
just importing Postfix into base as the default MTA, besides
Postfix's license?


Yes, license and that's in the archive. Help yourself to the answer. 
it's been beaten to death.



/Fredrik Henbjork, who also wonders if anyone here has any
strong opinions regarding the feature set and security of the
Apache in base, when compared to recent versions of (the BSD-
licensed and C-based) Nginx and lighttpd?


Same here. It's been explore in the archive as well. Help yourself to 
the answer. Or is it like your first statement. You want others to do 
the work for you and point you to the answer?


Best,

Daniel

Re: MTA choice

[Fredrik Henbjork]

On 08/13/2010 12:27 PM, Henning Brauer wrote:

* Peter Miller  [2010-08-13 10:46]:

I only want to know what is better (easiest way, most secure) to use.
And have your advice.


He just gave it to you. sendmail.


I would never use sendmail for anything halfway serious.


What are your views on qmail versus Postfix?

Note that I'm *not* criticising your choice of qmail, and especially
not now that it's in the public domain. I simply want to learn more
about the subject.

/Fredrik Henbjork

Re: MTA choice

[Fredrik Henbjork]

On 08/13/2010 03:00 PM, Daniel Ouellet wrote:


Hmmm. Sendmail was in base and is still in the system, but was replace
as the default MTA by smtpd a few release ago. So, I sure don't thin you
will see smtpd being replace again by something else in base. It was
already done. Check the archive.

It was announced and done in 4.6

http://openbsd.org/46.html

New tools:
* Added smtpd(8), a new privilege-separated SMTP daemon.

Are you saying you want the replacement in place now to be replace
again!?!?!?...


No.

For clarification; I don't believe there is such a thing as
the universal "best" MTA, since different users have different
requirements. I personally like a smallish MTA, like smtpd(8),
as the default MTA in base. But I also like my network servers
to have been "field proven in the nasty wilderness" by others
for some time before starting to use them myself in production,
and smptd(8) is still a rather fresh piece of software.

Were there any other reasons for writing smtpd(8), instead of
just importing Postfix into base as the default MTA, besides
Postfix's license?

/Fredrik Henbjork, who also wonders if anyone here has any
strong opinions regarding the feature set and security of the
Apache in base, when compared to recent versions of (the BSD-
licensed and C-based) Nginx and lighttpd?

Re: MTA choice

[Daniel Ouellet]

On 8/13/10 9:08 AM, Henning Brauer wrote:

* Daniel Ouellet  [2010-08-13 15:04]:

Hmmm. Sendmail was in base and is still in the system, but was
replace as the default MTA by smtpd a few release ago.


bullshit.


You are right as out of the box MTA in standard operation. I should 
phase it differently. Like I said sendmail is still there. smtpd is in 
base as well, but sendmail is the one in default operation. My mistake 
in the details.


# man smtpd | grep appeared
 The smtpd program first appeared in OpenBSD 4.6.

But bullshit it was from me. sendmail is still the default MTA yes, but 
you have the choice and can use smtpd.

Re: MTA choice

[Henning Brauer]

* Daniel Ouellet  [2010-08-13 15:04]:
> Hmmm. Sendmail was in base and is still in the system, but was
> replace as the default MTA by smtpd a few release ago.

bullshit.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: MTA choice

[Daniel Ouellet]

On 8/13/10 8:27 AM, Fredrik Henbjork wrote:

On 08/13/2010 10:49 AM, Richard Toohey wrote:


But as Christer has said, if it's in the OpenBSD base, that should
mean something.


Just because it's in base doesn't mean that it's the "best" choice.
After all, it *could* just mean that noone has had the time and/or
energy to replace it with something "better" in base. I think few
would argue that all things in base are perfect, and that there is
no room for improvement.


Hmmm. Sendmail was in base and is still in the system, but was replace 
as the default MTA by smtpd a few release ago. So, I sure don't thin you 
will see smtpd being replace again by something else in base. It was 
already done. Check the archive.


It was announced and done in 4.6

http://openbsd.org/46.html

New tools:
* Added smtpd(8), a new privilege-separated SMTP daemon.

Are you saying you want the replacement in place now to be replace 
again!?!?!?...

Re: MTA choice

[Daniel Ouellet]

On 8/13/10 7:35 AM, Tomas Bodzar wrote:

You can try smtpd(8) which is in base. Some people reported that they
are using it in production already. At least configuration is much
more easier then in sendmail(8)


I have been for almost 18 months now. I use it as spam filter and front 
end for others.


I do not have users n that box, not that it couldn't I guess. I never 
tried to make it so.


It's risky, yes, but you don't make an omelet without breaking eggs! I 
ran into some issue time to time before, all in misc@ if you want to see 
it. But I must say in general, it's been very good for me. I upgrade it 
to the latest time to time when I see Gilles dong lots of commit to it. 
I run two of them, so if one goes south, I can switch to a second one 
real quick, but so far, it never happened to me to have big issues. The 
only one I had was the virtual domain hosting that just didn't work as 
explain in the man page and Gilles did work on it.


If you want something simple, that's it. For a small server, I sure 
would go with it. But keep in mind it's not fully announce yet as ready 
for production, however, like the project, it's announcing productions 
things when they are rock solid. That doesn't mean smtpd is not, so if 
you run it, you help testing it and if you ran into issues, so far they 
all have been corrected pretty darn fast!


So, do as you see fit, but if you are not scare of running bleeding edge 
new OpenBSD stuff, go for it and you will have fun as long as you are 
not scare to get your hand in it and do your own research when/if 
needed. Not that it required lots of hand holding so far.


But it deserved more credit then Gilles is welling to give it! (;> I 
would say he is very conservative, just like everyone else in the 
project. They give you the best, so enjoy it!


I sure would give it a run for good, I did for a long time so far and I 
have no complains for how I use it so far!


YMMV.

Daniel

Re: MTA choice

[Gregory Edigarov]

Yeah, /me for example... handles some 100,000 connects per day, with
spam ratio about 3/1...4/1. i.e. some 25,000 deliveries per day.

On Fri, 13 Aug 2010 13:35:44 +0200
Tomas Bodzar  wrote:

> You can try smtpd(8) which is in base. Some people reported that they
> are using it in production already. At least configuration is much
> more easier then in sendmail(8)
>
> On Fri, Aug 13, 2010 at 8:55 AM,   wrote:
> > Hi,
> >
> > I want to install a mailserver.
> > What is the easiest and the most secure solution ?
> > OpenBSD comes with Sendmail. I seen a lot of people use Postfix
> > instead Sendmail.
> > Is there someone to advice me about the choice of the MTA ?
> >
> > Thank's.
> >
> >
>
>
>
> --
> bIf youbre good at something, never do it for free.bB bThe Joker
>


--
With best regards,
Gregory Edigarov

Re: MTA choice

[Fredrik Henbjork]

On 08/13/2010 10:49 AM, Richard Toohey wrote:


But as Christer has said, if it's in the OpenBSD base, that should
mean something.


Just because it's in base doesn't mean that it's the "best" choice.
After all, it *could* just mean that noone has had the time and/or
energy to replace it with something "better" in base. I think few
would argue that all things in base are perfect, and that there is
no room for improvement.

/Fredrik Henbjork, who hates Sendmail from a usability point of view.

Re: MTA choice

[Tomas Bodzar]

You can try smtpd(8) which is in base. Some people reported that they
are using it in production already. At least configuration is much
more easier then in sendmail(8)

On Fri, Aug 13, 2010 at 8:55 AM,   wrote:
> Hi,
>
> I want to install a mailserver.
> What is the easiest and the most secure solution ?
> OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead
> Sendmail.
> Is there someone to advice me about the choice of the MTA ?
>
> Thank's.
>
>



--
bIf youbre good at something, never do it for free.bB bThe Joker

Re: MTA choice

[Peter N. M. Hansteen]

Siju George  writes:

> what about qmail? ;-)


huh, hurr, he said qmail


-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: MTA choice

[Siju George]

On Fri, Aug 13, 2010 at 3:57 PM, Henning Brauer  wrote:
> * Peter Miller  [2010-08-13 10:46]:
>> > I only want to know what is better (easiest way, most secure) to use.
>> > And have your advice.
>>
>> He just gave it to you. sendmail.
>
> I would never use sendmail for anything halfway serious.
>

what about qmail? ;-)

--Siju

Re: MTA choice

[Robert]

On Fri, 13 Aug 2010 10:55:13 +0400
 wrote:
> I want to install a mailserver.
> What is the easiest and the most secure solution ?

"It depends" - as mentioned before, you need to specify the
environment, mail volume etc.

My opinion:
*) Since 4.6 OpenBSD ships with its own daemon: "man smtpd". From what
I remember it's not meant for production yet, but just for sending
internal traffic (logs, notifications etc.) it works fine for me.
*) Use qmail for large volume traffic, but be sure to read a bit about
its "developer environment" before ;)
*) If none of those two seem to be right for you, well, then use
Postfix...

regards,
Robert

Re: OBSD 4.7 and Via C7 motherboards problem

[Toni Mueller]

Hi Stuart,

thanks for the idea.

On Thu, 12.08.2010 at 12:09:02 +, Stuart Henderson  
wrote:
> Guessing based on very little information, but they probably have
> different BIOSes.

Unfortunately, as I just hear, the manufacturer dropped support for
these machines. My supplier also only learnt it when he asked the
manufacturer for a new BIOS version.

Having said that, what is the current common wisdom for reliable small
CPE boxes that are reliable enough to be safely upgraded remotely, and
will be safe to upgrade for several upcoming releases?


Kind regards,
--Toni++

Re: MTA choice

[Henning Brauer]

* Peter Miller  [2010-08-13 10:46]:
> > I only want to know what is better (easiest way, most secure) to use.
> > And have your advice.
> 
> He just gave it to you. sendmail.

I would never use sendmail for anything halfway serious.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: MTA choice

[Richard Toohey]

On 13/08/2010, at 7:41 PM, open...@e-solutions.re wrote:

> I only want to know what is better (easiest way, most secure) to use.
> And have your advice.

Easiest doesn't necessarily fit with most secure ... or everyone would
be using Windows and Macs?

You have to understand what you are setting up, and sometimes
that understanding doesn't come "easy" and security isn't a check box.

What is easy for you - is it the same as what is easy for me?
I started from scratch with the O'Reilly sendmail book ...

It's your network, your requirements, your time.  Webmail?  TLS?
POP?  IMAP?  Volume of email?

Why do you think there are so many choices in open source - what
one person found easy/useful/secure didn't work for someone else.

sendmail, popa3d, and openwebmail have worked for /me/ for a very
low volume mail server.  I didn't find it that easy (but I learnt a lot
on the way, it wasn't time wasted.)  I don't know how secure it is.

But as Christer has said, if it's in the OpenBSD base, that should
mean something.

As always - YMMV!

(And did you see http://www.openbsd.org/faq/faq1.html#HowAbout)
> 
> On Fri, 13 Aug 2010 09:04:01 +0200, Christer Solskogen
>  wrote:
>> On Fri, Aug 13, 2010 at 8:55 AM,   wrote:
>>> Hi,
>>> 
>>> I want to install a mailserver.
>>> What is the easiest and the most secure solution ?
>>> OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead
>>> Sendmail.
>>> Is there someone to advice me about the choice of the MTA ?
>>> 
>> 
>> Why do you think OpenBSD ships with (a custom and secure) sendmail by
>> default?
>> Do you think it is because that is the easiest and most secure option
>> or do you think by installing postfix you'll be all secure and stuff?

Re: MTA choice

[Peter Miller]

> I only want to know what is better (easiest way, most secure) to use.
> And have your advice.

He just gave it to you. sendmail.

> > Why do you think OpenBSD ships with (a custom and secure) sendmail by
> > default?

--
Later
Peter

Re: OpenBSD Vim Programming FAQ

[Tomas Vavrys]

I am already writing and I don't want to hurry this thing up. It won't
be ready this week. Rather in two weeks. After that I will send it to
all of you who wants to help. Thank you for your patience.

2010/8/13 Rares Aioanei :
> On Wed, 11 Aug 2010 21:43:09 +0200
> Tomas Vavrys  wrote:
>
>> I've decided to write Vim Programming FAQ. I'm not an expert
> [snip]
> I can help with the correcting part and, since I also use vim, with some 
> tips. Please note that I only have two days per week available for this, so 
> if it's ok, let me know.

Re: OpenBSD Vim Programming FAQ

[Sam Fourman Jr.]

On Thu, Aug 12, 2010 at 6:07 AM, Tomas Vavrys  wrote:
> Thank you for your point. Unfortunately there is at least 7 people who
> would like to see some tutorial. I am not a developer so I didn't know
> about the style(9). Anyways, it's not about style(9). It's about people,
> being more productive during programming, collecting habbits and tips
> from OpenBSD programmers. It won't be perfect but I enjoy it.

I would like to see a tutorial for vim and OpenBSD, it would be useful
a quick poll of my facebook friends I have 3 more that vote yes



-- 

Sam Fourman Jr.
Fourman Networks
http://www.fourmannetworks.com

Re: OpenBSD Vim Programming FAQ

[Rares Aioanei]

On Wed, 11 Aug 2010 21:43:09 +0200
Tomas Vavrys  wrote:

> I've decided to write Vim Programming FAQ. I'm not an expert 
[snip]
I can help with the correcting part and, since I also use vim, with some tips. 
Please note that I only have two days per week available for this, so if it's 
ok, let me know.

Re: MTA choice

[openbsd]

I only want to know what is better (easiest way, most secure) to use.
And have your advice.

On Fri, 13 Aug 2010 09:04:01 +0200, Christer Solskogen
 wrote:
> On Fri, Aug 13, 2010 at 8:55 AM,   wrote:
>> Hi,
>>
>> I want to install a mailserver.
>> What is the easiest and the most secure solution ?
>> OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead
>> Sendmail.
>> Is there someone to advice me about the choice of the MTA ?
>>
> 
> Why do you think OpenBSD ships with (a custom and secure) sendmail by
> default?
> Do you think it is because that is the easiest and most secure option
> or do you think by installing postfix you'll be all secure and stuff?

Re: MTA choice

[Christer Solskogen]

On Fri, Aug 13, 2010 at 8:55 AM,   wrote:
> Hi,
>
> I want to install a mailserver.
> What is the easiest and the most secure solution ?
> OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead
> Sendmail.
> Is there someone to advice me about the choice of the MTA ?
>

Why do you think OpenBSD ships with (a custom and secure) sendmail by default?
Do you think it is because that is the easiest and most secure option
or do you think by installing postfix you'll be all secure and stuff?

-- 
chs

MTA choice

[openbsd]

Hi,

I want to install a mailserver.
What is the easiest and the most secure solution ?
OpenBSD comes with Sendmail. I seen a lot of people use Postfix instead
Sendmail.
Is there someone to advice me about the choice of the MTA ?

Thank's.