Sendmail basic mail server
Hi, I have an OpenBSD 4.7 machine. I want to build a mailserver using sendmail MTA. Openbsd hostname : box.my.domain When i send a mail, i comes from u...@box.my.domain instead of u...@domainchosed.net What i have done : cp /usr/share/sendmail/cf/openbsd-proto /etc/mail m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto /etc/mail/sendmail.cf in /etc/rc.conf : sendmail_flags=-L sm-mta -C/etc/mail/sendmail.cf -bd -q30m in my /etc/mail/virtusertable : u...@domainchosed.net user in my /etc/mail/genericstable : user u...@domainchosed.net in my /etc/local-host-names : domainchosed.net i also done : makemap hash genericstable.db genericstable makemap hash virtusertable.db virtusertable restart sendmail But it still send mail using @box.my.domain ; someone can help me ? thanks
Re: Version numbering
On Fri, 14 Jan 2011 17:27:31 +0100 pe...@bsdly.net (Peter N. M. Hansteen) wrote: Gregory Edigarov g...@bestnet.kharkov.ua writes: Just wondering what is going to be after 4.9? 4.10 or 5.0? we went from 3.9 to 4.0 five years ago. don't expect version numbers to go hex or multidigit-between-dots anytime soon. (although hex would have been kinda fun) No, I wasn't expecting it. I just made a clarification for myself. -- With best regards, Gregory Edigarov
Re: Sendmail basic mail server
Hi, Pls try below in /usr/share/sendmail/cf/openbsd-proto.mc file Pls change dnl MASQUERADE_AS(`mycompany.com')dnl to MASQUERADE_AS(`my.domain ')dnl Then, m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto.mc /etc/mail/ sendmail.cf On Mon, Jan 17, 2011 at 1:27 PM, OpenBSD Geek open...@e-solutions.rewrote: Hi, I have an OpenBSD 4.7 machine. I want to build a mailserver using sendmail MTA. Openbsd hostname : box.my.domain When i send a mail, i comes from u...@box.my.domain instead of u...@domainchosed.net What i have done : cp /usr/share/sendmail/cf/openbsd-proto /etc/mail m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto /etc/mail/sendmail.cf in /etc/rc.conf : sendmail_flags=-L sm-mta -C/etc/mail/sendmail.cf -bd -q30m in my /etc/mail/virtusertable : u...@domainchosed.net user in my /etc/mail/genericstable : user u...@domainchosed.net in my /etc/local-host-names : domainchosed.net i also done : makemap hash genericstable.db genericstable makemap hash virtusertable.db virtusertable restart sendmail But it still send mail using @box.my.domain ; someone can help me ? thanks -- Thank you Indunil Jayasooriya
Re: Sendmail basic mail server
i done changes, but it still send from @box.my.domain Any other idea ? Thanks On Mon, 17 Jan 2011 13:52:03 +0530, Indunil Jayasooriya induni...@gmail.com wrote: Hi, Pls try below in /usr/share/sendmail/cf/openbsd-proto.mc file Pls change dnl MASQUERADE_AS(`mycompany.com')dnl to MASQUERADE_AS(`my.domain ')dnl Then, m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto.mc /etc/mail/ sendmail.cf On Mon, Jan 17, 2011 at 1:27 PM, OpenBSD Geek open...@e-solutions.rewrote: Hi, I have an OpenBSD 4.7 machine. I want to build a mailserver using sendmail MTA. Openbsd hostname : box.my.domain When i send a mail, i comes from u...@box.my.domain instead of u...@domainchosed.net What i have done : cp /usr/share/sendmail/cf/openbsd-proto /etc/mail m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto /etc/mail/sendmail.cf in /etc/rc.conf : sendmail_flags=-L sm-mta -C/etc/mail/sendmail.cf -bd -q30m in my /etc/mail/virtusertable : u...@domainchosed.net user in my /etc/mail/genericstable : user u...@domainchosed.net in my /etc/local-host-names : domainchosed.net i also done : makemap hash genericstable.db genericstable makemap hash virtusertable.db virtusertable restart sendmail But it still send mail using @box.my.domain ; someone can help me ? thanks
Re: Sendmail basic mail server
But it still send mail using @box.my.domain ; someone can help me ? thanks How do you send mails. as root? or as a Normal user? as root, Pls change the following in /etc/mail/openbsd-proto.mc dnl EXPOSED_USER(`root')dnl to EXPOSED_USER(`root')dnl and generate as m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto.mc /etc/mail/ sendmail.cf If it works, Pls let me know. -- Thank you Indunil Jayasooriya
Re: Sendmail basic mail server
I'm trying to send email using my username : wesley But it comes as wes...@box.my.domain [1] On Mon, 17 Jan 2011 16:37:38 +0530, Indunil Jayasooriya wrote: But it still send mail using @box.my.domain ; someone can help me ? thanks How do you send mails. as root? or as a Normal user? as root, Pls change the following in /etc/mail/openbsd-proto.mc [2] dnl EXPOSED_USER(`root')dnl to EXPOSED_USER(`root')dnl and generate as m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto.mc [3] /etc/mail/sendmail.cf [4] If it works, Pls let me know. -- Thank you Indunil Jayasooriya Links: -- [1] mailto:wes...@box.my.domain [2] http://openbsd-proto.mc/ [3] http://openbsd-proto.mc/ [4] http://sendmail.cf/
Re: pf and traceroute
Hi, I am on a 64 bit OpenBSD 4.8 stable. Here is mine on OpenBSD 4.8 firewall/router # both traceroute www.google.lk and traceroute -I www.google.lk work. From my fedora client, traceroute www.google.lk works. and traceroute -I www.google.lk also works. But second hope gives in this way *2 * * ** and the rest is fine. I have added these 2 rules in pf.conf file #For traceroute pass in log (all) on $int_if inet proto udp from $admin_pc to !$int_if \ port 33433 33626 keep state # Allow trace route pass out on $ext_if inet proto udp from any to any port 33433 33626 keep state
Re: Sendmail basic mail server
I ve done these changes It works, but why it doesn't work with my genericstable file ? divert(-1) # # Default OpenBSD sendmail configuration for systems accepting mail # from the internet. # # Note that lines beginning with dnl below are comments. divert(0)dnl VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.11 $')dnl OSTYPE(openbsd)dnl dnl dnl If you have a non-static IP address you may wish to forward outgoing mail dnl through your ISP's mail server to prevent matching one of the dialup dnl DNS black holes. Just uncomment the following line and replace dnl mail.myisp.net with the hostname of your ISP's mail server. dnl dnl define(`SMART_HOST', `mail.myisp.net')dnl dnl dnl Disable EXPN and VRFY to help thwart address harvesters and require dnl senders to say hello. dnl define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy,nobodyreturn')dnl dnl dnl We wish to make the existence of the local-host-names and dnl trusted-users files optional, hence the -o below. dnl define(`confCW_FILE', `-o MAIL_SETTINGS_DIR`'local-host-names')dnl define(`confCT_FILE', `-o MAIL_SETTINGS_DIR`'trusted-users')dnl dnl dnl Use of UUCP-style addresses in the modern internet are generally dnl an error (and sometimes used by spammers) so disable support for them. dnl To simply treat '!' as a normal character, change `reject' to dnl `nospecial'. dnl FEATURE(nouucp, `reject')dnl dnl dnl The access database allows for certain actions to be taken based on dnl the source address. dnl FEATURE(`access_db', `hash -o -TTMPF /etc/mail/access')dnl FEATURE(`blacklist_recipients')dnl dnl dnl Enable support for /etc/mail/local-host-names. dnl Contains hostnames that should be considered local. dnl FEATURE(`use_cw_file')dnl dnl dnl Enable support for /etc/mail/mailertable. dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl dnl dnl Enable support for /etc/mail/trusted-users. dnl Users listed herein may spoof mail from other users. dnl FEATURE(`use_ct_file')dnl dnl dnl Enable support for /etc/mail/virtusertable. dnl Used to do N - N address mapping. dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl dnl dnl Rewrite (unqualified) outgoing email addresses using the dnl mapping listed in /etc/mail/genericstable dnl FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl dnl dnl Normally only local addresses are rewritten. By using dnl generics_entire_domain and either GENERICS_DOMAIN dnl or GENERICS_DOMAIN_FILE addresses from hosts in the dnl specified domain(s) will be rewritten too. dnl dnl FEATURE(generics_entire_domain)dnl dnl GENERICS_DOMAIN(`othercompany.com')dnl dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl dnl dnl Include the local host domain even on locally delivered mail dnl (which would otherwise contain only the username). FEATURE(always_add_domain)dnl dnl dnl Bounce messages addressed to address.REDIRECT. This allows the dnl admin to alias a user who has moved to new_address.REDIRECT so dnl that senders will know the user's new address. FEATURE(redirect)dnl dnl dnl Accept incoming connections on any IPv4 or IPv6 interface for ports dnl 25 (SMTP) and 587 (MSA). dnl FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA')dnl DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=O')dnl DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O, M=E')dnl dnl dnl Use either IPv4 or IPv6 for outgoing connections. dnl CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl CLIENT_OPTIONS(`Family=inet6, Address=::')dnl dnl dnl Some broken nameservers will return SERVFAIL (a temporary failure) dnl on T_ (IPv6) lookups. dnl define(`confBIND_OPTS', `WorkAroundBroken')dnl dnl dnl TLS/SSL support; uncomment and read starttls(8) to use. dnl dnl define(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl dnl define(`confCACERT_PATH', `CERT_DIR')dnl dnl define(`confCACERT', `CERT_DIR/mycert.pem')dnl dnl define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl dnl define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl dnl define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl dnl define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl dnl dnl Masquerading -- rewriting the From address to a specific domain. dnl Please see the MASQUERADING AND RELAYING section of dnl /usr/share/sendmail/README for details. dnl MASQUERADE_AS(`reunion.e-solutions.re')dnl dnl dnl Masquerade the envelope From in addition to the From: header. dnl dnl FEATURE(masquerade_envelope)dnl dnl dnl Masquerade host.sub.dom.ain as well as host.dom.ain. dnl dnl FEATURE(masquerade_entire_domain)dnl dnl dnl Only masquerade messages going outside the local domain. dnl dnl FEATURE(local_no_masquerade)dnl dnl dnl Rewrite addresses from u...@othercompany.com when relayed in dnl addition to locally-generated messages. dnl dnl MASQUERADE_DOMAIN(`othercompany.com')dnl dnl dnl Specific hosts that should be excepted from MASQUERADE_DOMAIN. dnl dnl
Re: DNSSEC validating resolver
On 1/15/11 12:28 PM, Josh Smith wrote: I've got to say I'm suprised the dns server in the base system of the worlds most secure OS is not able to validate dnssec responses pkg_add unbound and you're done. If you think you are that smart to use DNSSEC, then you should also be that smart to run that command. Or better re-phrase the question: Why did ISC make it so complicated to import the latest stable release of their nameserver software into OpenBSD base?
Re: DNSSEC validating resolver
On Mon, Jan 17, 2011 at 6:51 AM, Oliver Peter li...@peter.de.com wrote: On 1/15/11 12:28 PM, Josh Smith wrote: I've got to say I'm suprised the dns server in the base system of the worlds most secure OS is not able to validate dnssec responses pkg_add unbound and you're done. B If you think you are that smart to use DNSSEC, then you should also be that smart to run that command. Or better re-phrase the question: B Why did ISC make it so complicated to import the latest stable B release of their nameserver software into OpenBSD base? Oliver, I suppose my tongue in cheek flame tags or my statement them didn't make it obvious enough but that comment was meant to be completely facetious and just a joke... I apologize if I offended you with my (poor??) attempt at humor? Thanks, Josh Smith KD8HRX email/jabber:B juice...@gmail.com phone:B 304.237.9369(c)
Re: Sendmail basic mail server
http://www.amazon.com/sendmail-4th-Bryan-Costales/dp/0596510292/ref=sr_1_1?s=booksie=UTF8qid=1295270018sr=1-1 or just read the documentation at http://www.sendmail.com/sm/open_source/docs/ it's not that really hard if you just try yourself instead of asking on mailing lists. This is NOT an OpenBSD question. On Mon, 17 Jan 2011 14:09 +0400, OpenBSD Geek open...@e-solutions.re wrote: i done changes, but it still send from @box.my.domain Any other idea ? Thanks On Mon, 17 Jan 2011 13:52:03 +0530, Indunil Jayasooriya induni...@gmail.com wrote: Hi, Pls try below in /usr/share/sendmail/cf/openbsd-proto.mc file Pls change dnl MASQUERADE_AS(`mycompany.com')dnl to MASQUERADE_AS(`my.domain ')dnl Then, m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto.mc /etc/mail/ sendmail.cf On Mon, Jan 17, 2011 at 1:27 PM, OpenBSD Geek open...@e-solutions.rewrote: Hi, I have an OpenBSD 4.7 machine. I want to build a mailserver using sendmail MTA. Openbsd hostname : box.my.domain When i send a mail, i comes from u...@box.my.domain instead of u...@domainchosed.net What i have done : cp /usr/share/sendmail/cf/openbsd-proto /etc/mail m4 /usr/share/sendmail/cf/cf.m4 /etc/mail/openbsd-proto /etc/mail/sendmail.cf in /etc/rc.conf : sendmail_flags=-L sm-mta -C/etc/mail/sendmail.cf -bd -q30m in my /etc/mail/virtusertable : u...@domainchosed.net user in my /etc/mail/genericstable : user u...@domainchosed.net in my /etc/local-host-names : domainchosed.net i also done : makemap hash genericstable.db genericstable makemap hash virtusertable.db virtusertable restart sendmail But it still send mail using @box.my.domain ; someone can help me ? thanks
Re: pf and traceroute
On 16 jan 2011, at 18:49, Mike. wrote: In any case, now that I've moved to OpenBSD 4.8 for the firewall/router everything is working as expected now. I can traceroute from the FreeBSD client, and Windows without a problem. This was fixed between 4.7 and 4.8: http://marc.info/?l=openbsd-miscm=128218328308200w=2 /Johan
formal verification related topics
Hello all, I've recently watched this talk from 27c3: http://media.ccc.de/browse/congress/2010/27c3-4123-en-defense_is_not_dead.html Very well spent hour. I assume that since OpenBSD's crowd main goal is security, some of you might have considered using such techniques to improve the critical pieces of your code. Since these techniques are not in widespread use over the OpenBSD code base I also assume that you have some decent arguments against their use. I understand there are lincensing issues (nonfree nature of microsoft vcc and french compcert), but putting these aside, what are your practical/technical reasons for not using them? -- Jure PeD ar http://jure.pecar.org
Re: formal verification related topics
On 17 January 2011 14:59, Jure PeD ar pega...@nerv.eu.org wrote: Hello all, I've recently watched this talk from 27c3: http://media.ccc.de/browse/congress/2010/27c3-4123-en-defense_is_not_dead.htm l Very well spent hour. I assume that since OpenBSD's crowd main goal is security, some of you might have considered using such techniques to improve the critical pieces of your code. Since these techniques are not in widespread use over the OpenBSD code base I also assume that you have some decent arguments against their use. I understand there are lincensing issues (nonfree nature of microsoft vcc and french compcert), but putting these aside, what are your practical/technical reasons for not using them? Isn't formal verification of code one of those academic-impossible-to-do-in-real-world thing ?
Re: formal verification related topics
On Mon, 17 Jan 2011 15:11:56 -0200 Christiano F. Haesbaert haesba...@haesbaert.org wrote: Isn't formal verification of code one of those academic-impossible-to-do-in-real-world thing ? It's very well possible, but not against current kernels. According to the talk they also propose a new OS design. Watch the video, it's really interesting... (the video Is the SSLiverse a safe place? was also nice) regards, Robert PS: infos: https://events.ccc.de/congress/2010/Fahrplan/events.en.html videos: ftp://ftp.ccc.de/congress/2010/
Re: formal verification related topics
On 01/18/2011 06:42 AM, Robert wrote: On Mon, 17 Jan 2011 15:11:56 -0200 Christiano F. Haesbaerthaesba...@haesbaert.org wrote: Isn't formal verification of code one of those academic-impossible-to-do-in-real-world thing ? Has been done in a microkernel, monolithic like OpenBSD would be a lot trickier: http://www.ok-labs.com/whitepapers/sample/sel4-formal-verification-of-an-os-kernel
Blogazine: Espejos, luminosidad y elegancia. publicidad me lav
[demime 1.01d removed an attachment of type image/jpeg which had a name of cfeminismo.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of agradecimiento.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of ccontrariadora.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of cpuntiseco.jpg]
3 por 1 en tus envios publicitarios este dia del Amor y la Amistad
Si no puedes ver el correo bien haz clic aqui... [http://basesdedatosmx.com/send/link.php?M=2870621N=149L=2F=T] Si tienes un producto o servicio relacionado al Diacute;a del Amor y la Amistad, te damos 3 por 1 en la publicidad que contrates. Valido hasta el 28 de febrero del 2011.Llamanos ahora (33) 3331 3693 i...@greenone.com.mx [mailto:i...@greenone.com.mx] www.greenone.com.mx [http://basesdedatosmx.com/send/link.php?M=2870621N=149L=2F=T] Atendemos a toda la republica Enviar a un amigo [http://basesdedatosmx.com/send/sendfriend.php?M=2870621C=70231954b29727cd5f885641427a97eaL=20N=149F=1i=35] Publicidad Ecologica - GreenONE.com.mx [http://basesdedatosmx.com/send/link.php?M=2870621N=149L=42F=T email no podra ser considerado SPAM mientras incluya una forma de ser removido. Si desea ser borrado de nuestras Bases o no recibir nuestros Mails haga clic aqui por favor, en GreenONE estamos para servirle. [http://basesdedatosmx.com/send/link.php?M=2870621N=149L=28F=T]
LACP trunk load balancing hash algorithm
I had a few hours to play with a hardware traffic generator today, I wanted to try beating up my OpenBSD setup to see what kind of throughput I could get. For the curious, I was able to pulverize it with 64 byte packets and it topped out at about 165kpps. Throughput was less than physical interface speed (about 800Mbps). For fun, I cranked the payload size up to 1500 bytes, but I couldn't get the box to exceed 1Gbps, even though I had several gigabit interfaces trunked together. At first, it was a switch problem (the switch was sending all the traffic over a single link). However, after I found out my switches LACP hash algorithm I was able to spread the traffic out by randomizing the port numbers. I then confirmed that 4Gbps of traffic was leaving the switch to the OpenBSD box, but only 1Gbps was coming back. Therefore, I'm guessing that the load-balancing algorithm for OpenBSD does not behave the same way as my Juniper switching gear. Does anybody know the LACP hash that the trunk interface in OpenBSD uses to load-balance the outgoing traffic? I didn't have time to do more than a cursory test with different port numbers and IP addresses, so I'm not sure what I might be doing wrong, or if its even possible to use layer 3/4 info in OpenBSD to hash the traffic. Since I'm using the box as a router, layer 2 hashing doesn't help me very much since the source MAC is always the same. I took a peek at the source, but I'm definitely not a C hacker, so nothing jumped out at me for computing the hash... Thanks, Jason -- Jason Healy|jhe...@logn.net| http://www.logn.net/