Changing kern.nprocs and kern.nfiles

[Mik J]

Hello,

Does anyone know how to change these values ?

# sysctl kern.nprocs=52
sysctl: kern.nprocs: Operation not permitted
# sysctl kern.nfiles=575
sysctl: kern.nfiles: Operation not permitted

Regards

Re: Changing kern.nprocs and kern.nfiles

[Martijn van Duren]

On 11/16/18 10:24 AM, Mik J wrote:
> Hello,
> 
> Does anyone know how to change these values ?
> 
> # sysctl kern.nprocs=52
> sysctl: kern.nprocs: Operation not permitted
> # sysctl kern.nfiles=575
> sysctl: kern.nfiles: Operation not permitted
> 
> Regards
> 
See sysctl(2):
   Second level nameTypeChangeable
...
   KERN_NFILES  integer no
...
   KERN_NPROCS  integer no
...
 KERN_NFILES (kern.nfiles)
 Number of open files.
...
 KERN_NPROCS (kern.nprocs)
 The number of entries in the kernel process table.

If you want to change the maximum number of open files/processes take a
look at ksh(1) ulimit or csh(1) limit and login.conf(5).

Hope this helps.

martijn@

Re: OpenBSD with root FS mounted read only

[Daniel Polak]

Stuart Henderson wrote on 15-11-2018 22:53:

On 2018-11-15, Kevin Chadwick  wrote:

The main benefit of read-only is not having to do disk checks but the time for
root is negligible.

well, it's not just time fsck'ing, those checks can fail, and then if
you don't have OOB you have to go visit the machine ..
Agree entirely and that is why on our firewalls I always use a RO root 
filesystem and whatever needs to be RW is in MFS.

It does require minor modification of among others /etc/rc though.

Root of the problem is the relative fragility of the current file system 
but changing that is of course a major undertaking.


Daniel

Re: Changing kern.nprocs and kern.nfiles

[Otto Moerbeek]

On Fri, Nov 16, 2018 at 10:55:23AM +0100, Martijn van Duren wrote:

> On 11/16/18 10:24 AM, Mik J wrote:
> > Hello,
> > 
> > Does anyone know how to change these values ?
> > 
> > # sysctl kern.nprocs=52
> > sysctl: kern.nprocs: Operation not permitted
> > # sysctl kern.nfiles=575
> > sysctl: kern.nfiles: Operation not permitted
> > 
> > Regards
> > 
> See sysctl(2):
>Second level nameTypeChangeable
> ..
>KERN_NFILES  integer no
> ..
>KERN_NPROCS  integer no
> ..
>  KERN_NFILES (kern.nfiles)
>  Number of open files.
> ..
>  KERN_NPROCS (kern.nprocs)
>  The number of entries in the kernel process table.
> 
> If you want to change the maximum number of open files/processes take a
> look at ksh(1) ulimit or csh(1) limit and login.conf(5).
> 
> Hope this helps.
> 
> martijn@

There are also kern.maxfiles and kern.maxproc for system wide limits.
But in most cases,these values do not need to be changed.

-Otto

Re: Changing kern.nprocs and kern.nfiles

[Mik J]

 Hello,
Thank you to both of you.
I had already changed openfiles-max=65536 in login.conf and kern.maxproc=16384 
in sysctl.conf.
Have a nice day

Le vendredi 16 novembre 2018 à 11:18:42 UTC+1, Otto Moerbeek 
 a écrit :  
 
 On Fri, Nov 16, 2018 at 10:55:23AM +0100, Martijn van Duren wrote:

> On 11/16/18 10:24 AM, Mik J wrote:
> > Hello,
> > 
> > Does anyone know how to change these values ?
> > 
> > # sysctl kern.nprocs=52
> > sysctl: kern.nprocs: Operation not permitted
> > # sysctl kern.nfiles=575
> > sysctl: kern.nfiles: Operation not permitted
> > 
> > Regards
> > 
> See sysctl(2):
>            Second level name            Type                    Changeable
> ..
>            KERN_NFILES                  integer                no
> ..
>            KERN_NPROCS                  integer                no
> ..
>      KERN_NFILES (kern.nfiles)
>              Number of open files.
> ..
>      KERN_NPROCS (kern.nprocs)
>              The number of entries in the kernel process table.
> 
> If you want to change the maximum number of open files/processes take a
> look at ksh(1) ulimit or csh(1) limit and login.conf(5).
> 
> Hope this helps.
> 
> martijn@

There are also kern.maxfiles and kern.maxproc for system wide limits.
But in most cases,these values do not need to be changed.

    -Otto

  

Re: Changing kern.nprocs and kern.nfiles

[Otto Moerbeek]

On Fri, Nov 16, 2018 at 10:46:12AM +, Mik J wrote:

>  Hello,
> Thank you to both of you.
> I had already changed openfiles-max=65536 in login.conf and 
> kern.maxproc=16384 in sysctl.conf.
> Have a nice day

But why?

-Otto

> 
> Le vendredi 16 novembre 2018 à 11:18:42 UTC+1, Otto Moerbeek 
>  a écrit :  
>  
>  On Fri, Nov 16, 2018 at 10:55:23AM +0100, Martijn van Duren wrote:
> 
> > On 11/16/18 10:24 AM, Mik J wrote:
> > > Hello,
> > > 
> > > Does anyone know how to change these values ?
> > > 
> > > # sysctl kern.nprocs=52
> > > sysctl: kern.nprocs: Operation not permitted
> > > # sysctl kern.nfiles=575
> > > sysctl: kern.nfiles: Operation not permitted
> > > 
> > > Regards
> > > 
> > See sysctl(2):
> >            Second level name            Type                    Changeable
> > ..
> >            KERN_NFILES                  integer                no
> > ..
> >            KERN_NPROCS                  integer                no
> > ..
> >      KERN_NFILES (kern.nfiles)
> >              Number of open files.
> > ..
> >      KERN_NPROCS (kern.nprocs)
> >              The number of entries in the kernel process table.
> > 
> > If you want to change the maximum number of open files/processes take a
> > look at ksh(1) ulimit or csh(1) limit and login.conf(5).
> > 
> > Hope this helps.
> > 
> > martijn@
> 
> There are also kern.maxfiles and kern.maxproc for system wide limits.
> But in most cases,these values do not need to be changed.
> 
>     -Otto
> 
>   

Re: Changing kern.nprocs and kern.nfiles

[Mik J]

These are values recommended by an application I want to install on my Openbsd 
machine.
Since I have a hard time to make it work properly, I want to apply their 
settings before thightening things
I'm still in test mode.

 

Le vendredi 16 novembre 2018 à 12:07:25 UTC+1, Otto Moerbeek 
 a écrit :  
 
 On Fri, Nov 16, 2018 at 10:46:12AM +, Mik J wrote:

>  Hello,
> Thank you to both of you.
> I had already changed openfiles-max=65536 in login.conf and 
> kern.maxproc=16384 in sysctl.conf.
> Have a nice day

But why?

    -Otto

> 
>    Le vendredi 16 novembre 2018 à 11:18:42 UTC+1, Otto Moerbeek 
> a écrit :  
>  
>  On Fri, Nov 16, 2018 at 10:55:23AM +0100, Martijn van Duren wrote:
> 
> > On 11/16/18 10:24 AM, Mik J wrote:
> > > Hello,
> > > 
> > > Does anyone know how to change these values ?
> > > 
> > > # sysctl kern.nprocs=52
> > > sysctl: kern.nprocs: Operation not permitted
> > > # sysctl kern.nfiles=575
> > > sysctl: kern.nfiles: Operation not permitted
> > > 
> > > Regards
> > > 
> > See sysctl(2):
> >            Second level name            Type                    Changeable
> > ..
> >            KERN_NFILES                  integer                no
> > ..
> >            KERN_NPROCS                  integer                no
> > ..
> >      KERN_NFILES (kern.nfiles)
> >              Number of open files.
> > ..
> >      KERN_NPROCS (kern.nprocs)
> >              The number of entries in the kernel process table.
> > 
> > If you want to change the maximum number of open files/processes take a
> > look at ksh(1) ulimit or csh(1) limit and login.conf(5).
> > 
> > Hope this helps.
> > 
> > martijn@
> 
> There are also kern.maxfiles and kern.maxproc for system wide limits.
> But in most cases,these values do not need to be changed.
> 
>     -Otto
> 
>  
  

Re: OpenBSD with root FS mounted read only

[Kevin Chadwick]

On 11/16/18 10:06 AM, Daniel Polak wrote:
>>> The main benefit of read-only is not having to do disk checks but the time 
>>> for
>>> root is negligible.
>> well, it's not just time fsck'ing, those checks can fail, and then if
>> you don't have OOB you have to go visit the machine ..

True, but the chance on root are next to 0 with a default layout. If you get an
outage during installation then ro root didn't help. That also only matters for
the most recently written files. An Fsck option upon failure of marking a second
partition or perhaps /altroot_fsck as where to boot a kernel from may be an
interesting idea, if possible? To ensure ssh is always available. I dislike OOB
chips in general but don't have great experience.

OTOH, I have been using ro root for so long, perhaps you have better experience?

The alternate boot functionality is something I may get involved in as we could
make our own OOB chips but I even dislike the Intel support of file/mem access??

> Agree entirely and that is why on our firewalls I always use a RO root
> filesystem and whatever needs to be RW is in MFS.
> It does require minor modification of among others /etc/rc though.
> 
> Root of the problem is the relative fragility of the current file system
> but changing that is of course a major undertaking.
> 
> Daniel

I disagree. Maybe with softdep but I have never had a major problem. Sure you
may need -y and lose the most recent files but then you could always mount sync?
I have had much worse (unexplainable corruption) on Linux with less uptime. ext4
was annoying as well because testdisk couldn't recover deleted files.

Re: OpenBSD with root FS mounted read only

[Kevin Chadwick]

On 11/15/18 9:53 PM, Stuart Henderson wrote:
> well, it's not just time fsck'ing, those checks can fail, and then if
> you don't have OOB you have to go visit the machine ..

I assume sync doesn't solve that entirely?

Re: Vacation with smtpd doesn't work in 6.4

[Martin Sukany]

Well,

I figured out, that problem is in vacation itself, where is missing 
proper control of recipient's address.


In case, the header of original message contains line like:
    From: 
vacation encloses the message by "<>", so SMTPD then receives sth like:
    RCPT TO: <>

As a temporary hack, I created little filter  each message goes through 
before it's handled by vacation itself.



If I have a time, I'll write patch for vacation 

Cheers

M>


On 11/15/18 3:48 PM, Martin Sukany wrote:

Hi,

I'm using vacation as auto-responder while I'm out of office. I've 
been using it by following way:

1) create ~/.vacation.msg contains body of the message
2) init vacation db
    $ vacation -i
3) update .forward file to pipe vacation (see below)

Unfortunately starting 6.4, it seems like vacation sends mail with 
wrong address format, see output from maillog:

_*(server) ~ # fgrep 342d2aa97860a044  /var/log/maillog*_
Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp connected 
address=local host=server.sukany.cz
Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp 
failed-command address=local host=server.sukany.cz command="RCPT 
TO:<> " result="501 5.1.3: Recipient 
address syntax error"
Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp 
disconnected address=local host=server.sukany.cz reason=disconnect



My configuration looks like:

smtpd.conf_*
(server) ~ # cat /etc/mail/smtpd.conf*_
 pki sukany.cz cert "/etc/ssl/sukany.cz.crt"
 pki sukany.cz key "/etc/ssl/private/sukany.cz.key"

listen on lo0 port 25
listen on vio0 port 25 tls-require auth-optional pki sukany.cz
listen on vio0 port 465 smtps auth pki sukany.cz
listen on vio0 port submission tls-require auth pki sukany.cz

# DKIM
listen on lo0 port 10028 tag DKIM

table aliases file:/etc/mail/aliases

action "local" maildir alias 
action "relay" relay
action "procmail" mda "/usr/local/bin/procmail -f -"

# DKIM
action "relay_dkim" relay host smtp://127.0.0.1:10027

match for local action "local"
match from any for domain "sukany.cz" action "local"
match from any for domain "server.sukany.cz" action "local"
match auth tag DKIM from any for any action "relay"
match tag DKIM from local for any action "relay"

# DKIM
match auth from any for any action "relay_dkim"
match from local for any action "relay_dkim"_*
*_

_*(server) ~ # cat /home/martin/.forward*_
\martin, "|/usr/bin/vacation martin"

Has anyone face the same / similar issue?

Cheers

M>


--
Martin Sukany
UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist
www.sukany.cz

radeondrm failure on amd64 but not on i386?

[Andy Bradford]

Hello,

I  recently installed  OpenBSD 6.4  amd64  and radeondrm  fails to  load
properly. I then  installed OpenBSD 6.4 i386 on the  same hardware (to a
USB pendrive) and it works fine. Any ideas?

dmesg for both follow:

OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3739795456 (3566MB)
avail mem = 3617247232 (3449MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (65 entries)
bios0: vendor Dell Inc. version "A04" date 04/19/2006
bios0: Dell Inc. Dell DXP051
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5) 
PCI5(S5) PCI6(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.96 MHz, 0f-06-04
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.58 MHz, 0f-06-04
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN
cpu1: 2MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-63
acpimcfg0: addr 0x0, bus 0-0
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 5 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus 3 (PCI5)
acpiprt5 at acpi0: bus 4 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpibtn0 at acpi0: VBTN
acpicmos0 at acpi0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82945G Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "Intel 82945G PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 2400 XT" rev 0x00
drm0 at radeondrm0
radeondrm0: msi
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x01: msi
azalia0: codecs: Sigmatel STAC9220/1
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: msi
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: msi
pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 "Intel 82573L" rev 0x01: msi, address 
00:13:72:1a:ed:5c
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 8 int 21
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 8 int 22
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 8 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 8 int 23
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 8 int 21
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci5 at ppb4 bus 5
"AT&T/Lucent FW322 1394" rev 0x61 at pci5 dev 5 function 0 not configured
pcib0 at pci0 dev 31 function 0 "Intel 82801GH LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI 5/cdrom 
removable
atapiscsi1 at pciide0 channel 0 drive 1
scsibus2 at atapiscsi1: 2 targets
cd1 at scsibus2 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ahci0 at pci0 dev 31 function 2 "Intel 82801GR AHCI" rev 0x01: msi, AHCI 1.1
ahci0: port 0: 3.0Gb/s
ahci0: PHY offline on port 1
ahci0: PHY offline on port 2
ahci0: PHY offline on port 3
scsibus3 at ahci0: 32 targets
sd0 at scsibus3 targ 0 lun 0:  SCSI3 0/direct fixed 
t10.ATA_ST3250824AS_5ND4HD0K
sd0: 238418MB, 512 bytes/sector, 488281250 sectors
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 8 int 17
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-5300CL5
spdmem2 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity PC2-

bind and error sending response: would block

[Kapetanakis Giannis]

Hi,

after upgrading one of my bind (cache resolver) machines to 6.4 (release) I'm 
getting these errors quite often:

Nov 16 15:55:14 server named[30616]: client: warning: client @0x6591da02440 
xxx.xxx.xxx.xxx#39702 (a1928.d.akamai.net): error sending response: would block

https://kb.isc.org/docs/aa-00717
it's either EWOULDBLOCK or EAGAIN errors.

I've tried playing with -U and -n settings.
Setting -n 1 (one cpu/core) solves the problem

Ideally I would set it to -n 8 -U 8

any ideas?

system is:
isc-bind-9.11.4pl2
6.4 GENERIC.MP#364 amd64

hw.machine=amd64
hw.model=Intel(R) Xeon(R) CPU E5405 @ 2.00GHz
hw.ncpu=8
hw.cpuspeed=1995
hw.vendor=Dell Inc.
hw.product=PowerEdge 1950
hw.physmem=4273274880
hw.usermem=4273262592
hw.ncpufound=8
hw.smt=0
hw.ncpuonline=8

# netstat -m
57 mbufs in use:
42 mbufs allocated to data
11 mbufs allocated to packet headers
4 mbufs allocated to socket names and addresses
35/192 mbuf 2048 byte clusters in use (current/peak)
0/45 mbuf 2112 byte clusters in use (current/peak)
0/64 mbuf 4096 byte clusters in use (current/peak)
0/56 mbuf 8192 byte clusters in use (current/peak)
0/42 mbuf 9216 byte clusters in use (current/peak)
0/50 mbuf 12288 byte clusters in use (current/peak)
0/56 mbuf 16384 byte clusters in use (current/peak)
0/48 mbuf 65536 byte clusters in use (current/peak)
6016/6296/524288 Kbytes allocated to network (current/peak/max)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

# netstat -s
udp:
2939445 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
2251 with no checksum
620 input packets software-checksummed
1995 output packets software-checksummed
1327 dropped due to no socket
0 broadcast/multicast datagrams dropped due to no socket
0 dropped due to missing IPsec protection
0 dropped due to full socket buffers
2938118 delivered
2964353 datagrams output
2133126 missed PCB cache


thanks,

G

Re: OpenBSD with root FS mounted read only

[Jarkko Oranen]

On Thu, 2018-11-15 at 18:55 +, Kevin Chadwick wrote:
> 
> This kind of demonstrates Lennart Poeterings recent tweet/boast about
> unified
> /usr to actually be a bad idea likely taken up by Debian out of
> frustration and
> not desire/design.
> 

Well, to be fair in Linuxland the separation between /usr and / does
not gain you much since a system without /usr will most likely not work
anyway, and initrds are almost always used.

As far as I'm aware, they are/were originally separated largely due to
historical reasons anyway, not because it's inherently better to keep
them separate.

-- 
Jarkko Oranen 

Re: Vacation with smtpd doesn't work in 6.4

[Craig Skinner]

Martin, your mail server is badly configured (broken):-




Begin forwarded message:


From: mailer-dae...@britvault.co.uk (Mail Delivery System)
To: skin...@britvault.co.uk
Subject: Undelivered Mail Returned to Sender
Date: Fri, 16 Nov 2018 12:17:13 + (GMT)

This is the mail system at host teak.britvault.co.uk.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

   The mail system

: host server.sukany.cz[89.221.217.40] said: 530 5.5.1
Invalid command: Must issue a STARTTLS command first (in reply to MAIL FROM 
command)

From: Craig Skinner 
To: Martin Sukany 
Subject: Re: Vacation with smtpd doesn't work in 6.4
Date: Fri, 16 Nov 2018 11:31:52 +


Try the OpenSMTPd list Martin.

http://www.OpenSMTPd.Org/list.html

Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7
Reporting-MTA: dns; teak.britvault.co.uk
X-Postfix-Queue-ID: 42xGL107FCzVd
X-Postfix-Sender: rfc822; Skinner@Britvault.Co.UK
Arrival-Date: Fri, 16 Nov 2018 11:32:23 + (GMT)

Final-Recipient: rfc822; martin@sukany.cz
Original-Recipient: rfc822;martin@sukany.cz
Action: failed
Status: 5.5.1
Remote-MTA: dns; server.sukany.cz
Diagnostic-Code: smtp; 530 5.5.1 Invalid command: Must issue a STARTTLS command
first
--- Begin Message ---
Try the OpenSMTPd list Martin.

http://www.OpenSMTPd.Org/list.html

Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7
--- End Message ---

Re: OpenBSD with root FS mounted read only

[Kevin Chadwick]

On 11/16/18 3:43 PM, Jarkko Oranen wrote:
> As far as I'm aware, they are/were originally separated largely due to
> historical reasons anyway, not because it's inherently better to keep
> them separate.

However they came about it is inherently better. Linux often takes the easy
rather than best route like / for the whole system. Suddenly a separate /usr was
unsupported, this was decided. A static single user is far better than a busybox
fixer. I think they have changed the stance again since then?

Re: Vacation with smtpd doesn't work in 6.4

[Martin Sukany]

Hello Craig,

I don't think so .. I'm just enforcing encrypted communication ... :)

{

listen on vio0 port25 tls-require auth-optional pki sukany.cz

}

M>

On 11/16/18 4:50 PM, Craig Skinner wrote:

Martin, your mail server is badly configured (broken):-




Begin forwarded message:


From: mailer-dae...@britvault.co.uk (Mail Delivery System)
To: skin...@britvault.co.uk
Subject: Undelivered Mail Returned to Sender
Date: Fri, 16 Nov 2018 12:17:13 + (GMT)

This is the mail system at host teak.britvault.co.uk.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

: host server.sukany.cz[89.221.217.40] said: 530 5.5.1
 Invalid command: Must issue a STARTTLS command first (in reply to MAIL 
FROM command)

From: Craig Skinner 
To: Martin Sukany 
Subject: Re: Vacation with smtpd doesn't work in 6.4
Date: Fri, 16 Nov 2018 11:31:52 +


Try the OpenSMTPd list Martin.

http://www.OpenSMTPd.Org/list.html

Cheers,

Reporting-MTA: dns; teak.britvault.co.uk
X-Postfix-Queue-ID: 42xGL107FCzVd
X-Postfix-Sender: rfc822; skin...@britvault.co.uk
Arrival-Date: Fri, 16 Nov 2018 11:32:23 + (GMT)

Final-Recipient: rfc822; mar...@sukany.cz
Original-Recipient: rfc822;mar...@sukany.cz
Action: failed
Status: 5.5.1
Remote-MTA: dns; server.sukany.cz
Diagnostic-Code: smtp; 530 5.5.1 Invalid command: Must issue a STARTTLS command
 first


--
Martin Sukany
UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist
www.sukany.cz

Simple case with not obvious solution

[sven falempin]

Amazing Readers,

In my syslog.conf I put ssllog.my.domain
when the computer start syslog is like : meeeh
your pppoe has not started yet :-( ; IE:

bad hostname @ssllog.my.domain

so I have to SIGHUP when network is actually ready.

Is there a common way to solve this ( I failed to find one in man pages ) ?

 ( I _cannot_ write into /etc/hosts )

Also if the ip change, I guess a SIGHUP is required ?

--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: Vacation with smtpd doesn't work in 6.4

[Penty Wenngren]

On Fri, Nov 16, 2018 at 05:54:13PM +0100, Martin Sukany wrote:
> Hello Craig,
> 
> I don't think so .. I'm just enforcing encrypted communication ... :)
> 
> {
> 
> listen on vio0 port25 tls-require auth-optional pki sukany.cz
> 
> }
> 
> M>


RFC 2487:

A publicly-referenced SMTP server MUST NOT require use of the
STARTTLS extension in order to deliver mail locally. This rule
prevents the STARTTLS extension from damaging the interoperability of
the Internet's SMTP infrastructure. A publicly-referenced SMTP server
is an SMTP server which runs on port 25 of an Internet host listed in
the MX record (or A record if an MX record is not present) for the
domain name on the right hand side of an Internet mail address.


> 
> On 11/16/18 4:50 PM, Craig Skinner wrote:
> > Martin, your mail server is badly configured (broken):-
> >
> >
> >
> >
> > Begin forwarded message:
> >
> >
> > From: mailer-dae...@britvault.co.uk (Mail Delivery System)
> > To: skin...@britvault.co.uk
> > Subject: Undelivered Mail Returned to Sender
> > Date: Fri, 16 Nov 2018 12:17:13 + (GMT)
> >
> > This is the mail system at host teak.britvault.co.uk.
> >
> > I'm sorry to have to inform you that your message could not
> > be delivered to one or more recipients. It's attached below.
> >
> > For further assistance, please send mail to postmaster.
> >
> > If you do so, please include this problem report. You can
> > delete your own text from the attached returned message.
> >
> > The mail system
> >
> > : host server.sukany.cz[89.221.217.40] said: 530 5.5.1
> >  Invalid command: Must issue a STARTTLS command first (in reply to MAIL 
> > FROM command)
> >
> > From: Craig Skinner 
> > To: Martin Sukany 
> > Subject: Re: Vacation with smtpd doesn't work in 6.4
> > Date: Fri, 16 Nov 2018 11:31:52 +
> >
> >
> > Try the OpenSMTPd list Martin.
> >
> > http://www.OpenSMTPd.Org/list.html
> >
> > Cheers,
> >
> > Reporting-MTA: dns; teak.britvault.co.uk
> > X-Postfix-Queue-ID: 42xGL107FCzVd
> > X-Postfix-Sender: rfc822; skin...@britvault.co.uk
> > Arrival-Date: Fri, 16 Nov 2018 11:32:23 + (GMT)
> >
> > Final-Recipient: rfc822; mar...@sukany.cz
> > Original-Recipient: rfc822;mar...@sukany.cz
> > Action: failed
> > Status: 5.5.1
> > Remote-MTA: dns; server.sukany.cz
> > Diagnostic-Code: smtp; 530 5.5.1 Invalid command: Must issue a STARTTLS 
> > command
> >  first
> 
> -- 
> Martin Sukany
> UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist
> www.sukany.cz
> 

Re: Having security patches to packages while running -stable

[Ivan Krylov]

> > Does this mean that I should either build the packages from ports
> > myself, or use someone else's binary packages (e.g. those from
> > m:tier); no other options?
> 
> Yes.

Thank you for the answer!

-- 
Best regards,
Ivan

Re: Vacation with smtpd doesn't work in 6.4

[Martin Sukany]

You're right, thanks.

I set it up this way as I noticed similar behaviour in some bigger 
providers ...


- changed now back to meet 2487.

M>


On 11/16/18 6:43 PM, Penty Wenngren wrote:

On Fri, Nov 16, 2018 at 05:54:13PM +0100, Martin Sukany wrote:

Hello Craig,

I don't think so .. I'm just enforcing encrypted communication ... :)

{

listen on vio0 port25 tls-require auth-optional pki sukany.cz

}

M>


RFC 2487:

A publicly-referenced SMTP server MUST NOT require use of the
STARTTLS extension in order to deliver mail locally. This rule
prevents the STARTTLS extension from damaging the interoperability of
the Internet's SMTP infrastructure. A publicly-referenced SMTP server
is an SMTP server which runs on port 25 of an Internet host listed in
the MX record (or A record if an MX record is not present) for the
domain name on the right hand side of an Internet mail address.



On 11/16/18 4:50 PM, Craig Skinner wrote:

Martin, your mail server is badly configured (broken):-




Begin forwarded message:


From: mailer-dae...@britvault.co.uk (Mail Delivery System)
To: skin...@britvault.co.uk
Subject: Undelivered Mail Returned to Sender
Date: Fri, 16 Nov 2018 12:17:13 + (GMT)

This is the mail system at host teak.britvault.co.uk.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

 The mail system

: host server.sukany.cz[89.221.217.40] said: 530 5.5.1
  Invalid command: Must issue a STARTTLS command first (in reply to MAIL 
FROM command)

From: Craig Skinner 
To: Martin Sukany 
Subject: Re: Vacation with smtpd doesn't work in 6.4
Date: Fri, 16 Nov 2018 11:31:52 +


Try the OpenSMTPd list Martin.

http://www.OpenSMTPd.Org/list.html

Cheers,

Reporting-MTA: dns; teak.britvault.co.uk
X-Postfix-Queue-ID: 42xGL107FCzVd
X-Postfix-Sender: rfc822; skin...@britvault.co.uk
Arrival-Date: Fri, 16 Nov 2018 11:32:23 + (GMT)

Final-Recipient: rfc822; mar...@sukany.cz
Original-Recipient: rfc822;mar...@sukany.cz
Action: failed
Status: 5.5.1
Remote-MTA: dns; server.sukany.cz
Diagnostic-Code: smtp; 530 5.5.1 Invalid command: Must issue a STARTTLS command
  first

--
Martin Sukany
UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist
www.sukany.cz


--
Martin Sukany
UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist
www.sukany.cz

isc bind - error sending response: would block

[Paul B. Henson]

I recently updated a couple servers that were running OpenBSD 6.3 with bind
9.11.3 to OpenBSD 6.4 and bind 9.11.4pl2. Since then, I'm been getting a large
number of "error sending response: would block" log messages:

Nov 15 11:03:58 lisa named[79587]: client @0x6f2f02bc440 10.128.30.77#65198 
(p64-keyvalueservice.icloud.com): view internal: error sending response: would 
block

Nov 15 11:07:42 lisa named[79587]: client @0x6f325b7a440 10.128.0.19#1851 
(alt1.gmail-smtp-in.l.google.com): view internal: error sending response: would 
block

I reviewed the article at https://kb.isc.org/docs/aa-00717 ; but it's not clear
if this just a warning message, and it tries again and successfully responds
to the client, or is it's a hard error and the client never gets a response? I
wasn't getting any errors before the upgrade, and I don't think the load on
these servers is anywhere near high enough to cause them to be overloaded.

Any thoughts on what might be going on? New bug in bind? Change in OpenBSD?
So far I haven't gotten a response on the bind mailing list.

Thanks...

Re: radeondrm failure on amd64 but not on i386?

[Jonathan Gray]

On Thu, Nov 15, 2018 at 09:15:48PM -0700, Andy Bradford wrote:
> Hello,
> 
> I  recently installed  OpenBSD 6.4  amd64  and radeondrm  fails to  load
> properly. I then  installed OpenBSD 6.4 i386 on the  same hardware (to a
> USB pendrive) and it works fine. Any ideas?

There are many ways of getting an atom bios it would be helpfull to know
which method is having trouble.

Index: sys/dev/pci/drm/radeon/radeon_bios.c
===
RCS file: /cvs/src/sys/dev/pci/drm/radeon/radeon_bios.c,v
retrieving revision 1.14
diff -u -p -r1.14 radeon_bios.c
--- sys/dev/pci/drm/radeon/radeon_bios.c25 Aug 2018 18:42:43 -  
1.14
+++ sys/dev/pci/drm/radeon/radeon_bios.c17 Nov 2018 03:00:34 -
@@ -801,16 +801,27 @@ bool radeon_get_bios(struct radeon_devic
uint16_t tmp;
 
r = radeon_atrm_get_bios(rdev);
-   if (r == false)
+printf("radeon_atrm_get_bios %s\n", r == true ? "true" : "false");
+   if (r == false) {
r = radeon_acpi_vfct_bios(rdev);
-   if (r == false)
+printf("radeon_acpi_vfct_bios %s\n", r == true ? "true" : "false");
+   }
+   if (r == false) {
r = igp_read_bios_from_vram(rdev);
-   if (r == false)
+printf("igp_read_bios_from_vram %s\n", r == true ? "true" : "false");
+   }
+   if (r == false) {
r = radeon_read_bios(rdev);
-   if (r == false)
+printf("radeon_read_bios %s\n", r == true ? "true" : "false");
+   }
+   if (r == false) {
r = radeon_read_disabled_bios(rdev);
-   if (r == false)
+printf("radeon_read_disabled_bios %s\n", r == true ? "true" : "false");
+   }
+   if (r == false) {
r = radeon_read_platform_bios(rdev);
+printf("radeon_read_platform_bios %s\n", r == true ? "true" : "false");
+   }
if (r == false || rdev->bios == NULL) {
DRM_ERROR("Unable to locate a BIOS ROM\n");
rdev->bios = NULL;