Re: I would like help matching my outgoing domains to the right IP for smtpd
On 11.08., Chris Bennett wrote: > On Sat, Aug 12, 2023 at 03:49:12AM +, Philipp Buehler wrote: > > Am 12.08.2023 03:13 schrieb Chris Bennett: > > > I can't figure out how to match the outgoing mails to the correct IP/mx > > > they are coming from. Just one server, different A records for the mx > > > versus domain name. > > > > Difficult to understand what you're trying there... > > I kinda understand that you have multiple IP-addresses on that smtpd > > machine and need to send from a "correct" one? > > If so, check back that 'action' with a relay delivery has a 'src' option. > > > > HTH, > > -- > > pb > > > action "benn_to_outbound" relay src 108.181.26.184 helo > mx.bennettconstruction.us > > If this is correct, it works fine. > However, right now, I am forcing a match with > > match from local for anyaction "benn_to_outbound" > > I haven't been able to think of a way to match each individual one. > > -- > Chris Bennett > How about something like this? match from mail-from regex "@example.net" action send_example_net match from mail-from regex "@example.com" action send_example_com Cheers, Bruno
Re: My /usr cleaning campaign..
On 2023-08-15, Daniele B. wrote: > Thanks for the help, > > Unfortuately I have no clean system nor knowledge about these files.. > Do you mind to point me out almost the direction how to fix things correctly? Easiest way is probably to boot bsd.rd and do an upgrade install with the same version you're already running (then, as it looks like a release based on the file dates, re-run syspatch).
Re: Assistance Needed with Wireguard VPN Configuration and pf Rules on OpenBSD 7.3
On 2023-08-14, SOUBHEEK NATH wrote:
> 2. Please have a look at the configuration I have implemented.
>
> pass in quick on wg0 proto tcp from 10.0.8.3/32 to any port {22 80}
> block in on wg0 proto tcp from any to any port {22 80}
> block in quick on bwfm0 proto tcp from any to any port {22 80}
>
>This configuration is functioning well and your suggestions have
>greatly assisted me in achieving it.
>
>I would like to discuss my insights on this configuration and would
>appreciate your feedback on it.
>
>I. I use the word "quick" in the first line to prevent the "block"
>rules in the second line from taking precedence over it.
That's one way to do it. Personally I don't like writing "quick" on all
these lines so I normally order them for "last match wins" rather than
"first match wins". This is mostly down to personal preference.
>II. The second line effectively prevents any devices in the wireguard
>network from accessing ports 22 and 80. However, because the 'quick'
>command is used in the first line, the rule in the first line takes
>precedence and allows access to ports 22 and 80 for the machine with
>IP address 10.0.8.3.
This also blocks forwarded traffic from machines on wg0 (other than
10.0.8.3) to port 22/80 on the internet, not just to the machine running
PF. If this is what you want, that's ok, if not then you.may want "self"
instead of "any".
> On Mon, Aug 14, 2023 at 7:35 AM lain. wrote:
>>
>> On 2023年08月13日 12:17, Stuart Henderson wrote:
>> > >
>> > > https://www.vultr.com/docs/install-wireguard-vpn-server-on-openbsd-7-0/
>> >
>> > what a mess of things from the base OS and unneeded third-party tools.
>> >
>> List of tools:
>> wireguard-tools (required), nano (vim would have been enough), and the
>> rest is everything OpenBSD ships with.
wireguard-tools is not required, everything you need for wg(4) is in
the base OS.
>> Oh the horror, that's far too much, the sky is falling!
After some OS upgrades, some packages (especially those interfacing
with the kernel for things like networking) will be broken until
packages are updated.
This is a problem if you rely on wg(4) to access the machine.
I suggest replacing use of wireguard-tools with the native configuration
direct in hostname.wg0, see the wg(4) and ifconfig(8) manuals.
>> > > On Sun, Aug 13, 2023 at 7:04 AM lain. wrote:
>> > >>
>> > >> I failed to come up with reasons for using a preshared key, so I've let
>> > >> ChatGPT generate reasons for me:
>> >
>> > oh $deitt please do not.
>> >
>> What matters is not who or what answered, what matters is the answer,
>> and the answer it provided is good, but I guess autists gonna autist.
chatgpt often makes the answer sound good but the answer is not
necessarily reliable, so still needs vetting by someone who understands
the area. better leave it to someone who understands in the first place.
if you want to quote something, there's a perfectly good explanation
in the wg(4) manual.
--
Please keep replies on the mailing list.
Re: I would like help matching my outgoing domains to the right IP for smtpd
On Wed, Aug 16, 2023 at 10:21:34AM +0200, Bruno Flückiger wrote: > How about something like this? > > match from mail-from regex "@example.net" action send_example_net > match from mail-from regex "@example.com" action send_example_com > > Cheers, > Bruno > Thank you very much. I just had to add for any and it works perfectly. My dad and I ate some bad food at a restaurant, so this is a happy moment. -- Chris Bennett
urtwn(4) and IBSS?
Hi, I saw on NetBSD's manpages that the urtwn(4) driver, which was ported from OpenBSD, that their driver has IBSS support. I checked this out and saw it was this commit: http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/usb/if_urtwn.c.diff?r1=1.25&r2=1.26&only_with_tag=MAIN&f=h It came from OpenBSD the revision log for 1.26 says. Can we have this in OpenBSD, please? The initial patch doesn't look bad to me, I can even try to port it back to OpenBSD, as long as I have assurances that it makes it into -current. The reason I could use this is that I don't have an access point always on and doing IBSS between two wifi devices would work for me. Best Regards, -peter -- Over thirty years experience on Unix-like Operating Systems starting with QNX.
Re: urtwn(4) and IBSS?
On 2023-08-16, Peter J. Philipp wrote: > Hi, > > I saw on NetBSD's manpages that the urtwn(4) driver, which was ported from > OpenBSD, that their driver has IBSS support. I checked this out and saw > it was this commit: > > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/usb/if_urtwn.c.diff?r1=1.25&r2=1.26&only_with_tag=MAIN&f=h > > It came from OpenBSD the revision log for 1.26 says. > > Can we have this in OpenBSD, please? The initial patch doesn't look > bad to me, I can even try to port it back to OpenBSD, as long as I have > assurances that it makes it into -current. If you port it, then at least you have it for yourself. "assurances that it makes it into -current" nope this project doesn't work that way. > The reason I could use this is that I don't have an access point always on > and doing IBSS between two wifi devices would work for me. > > Best Regards, > -peter > -- Please keep replies on the mailing list.
Re: Assistance Needed with Wireguard VPN Configuration and pf Rules on OpenBSD 7.3
Hi,
I appreciate the valuable advices you provided about pf rules in
OpenBSD. I am currently away on a trip, but once I return, I will
thoroughly test those rules and provide you with feedback.
On Wed, Aug 16, 2023 at 3:50 PM Stuart Henderson
wrote:
>
> On 2023-08-14, SOUBHEEK NATH wrote:
> > 2. Please have a look at the configuration I have implemented.
> >
> > pass in quick on wg0 proto tcp from 10.0.8.3/32 to any port {22 80}
> > block in on wg0 proto tcp from any to any port {22 80}
> > block in quick on bwfm0 proto tcp from any to any port {22 80}
> >
> >This configuration is functioning well and your suggestions have
> >greatly assisted me in achieving it.
> >
> >I would like to discuss my insights on this configuration and would
> >appreciate your feedback on it.
> >
> >I. I use the word "quick" in the first line to prevent the "block"
> >rules in the second line from taking precedence over it.
>
> That's one way to do it. Personally I don't like writing "quick" on all
> these lines so I normally order them for "last match wins" rather than
> "first match wins". This is mostly down to personal preference.
>
> >II. The second line effectively prevents any devices in the wireguard
> >network from accessing ports 22 and 80. However, because the 'quick'
> >command is used in the first line, the rule in the first line takes
> >precedence and allows access to ports 22 and 80 for the machine with
> >IP address 10.0.8.3.
>
> This also blocks forwarded traffic from machines on wg0 (other than
> 10.0.8.3) to port 22/80 on the internet, not just to the machine running
> PF. If this is what you want, that's ok, if not then you.may want "self"
> instead of "any".
>
> > On Mon, Aug 14, 2023 at 7:35 AM lain. wrote:
> >>
> >> On 2023年08月13日 12:17, Stuart Henderson wrote:
> >> > >
> >> > > https://www.vultr.com/docs/install-wireguard-vpn-server-on-openbsd-7-0/
> >> >
> >> > what a mess of things from the base OS and unneeded third-party tools.
> >> >
> >> List of tools:
> >> wireguard-tools (required), nano (vim would have been enough), and the
> >> rest is everything OpenBSD ships with.
>
> wireguard-tools is not required, everything you need for wg(4) is in
> the base OS.
>
> >> Oh the horror, that's far too much, the sky is falling!
>
> After some OS upgrades, some packages (especially those interfacing
> with the kernel for things like networking) will be broken until
> packages are updated.
> This is a problem if you rely on wg(4) to access the machine.
>
> I suggest replacing use of wireguard-tools with the native configuration
> direct in hostname.wg0, see the wg(4) and ifconfig(8) manuals.
>
> >> > > On Sun, Aug 13, 2023 at 7:04 AM lain. wrote:
> >> > >>
> >> > >> I failed to come up with reasons for using a preshared key, so I've
> >> > >> let
> >> > >> ChatGPT generate reasons for me:
> >> >
> >> > oh $deitt please do not.
> >> >
> >> What matters is not who or what answered, what matters is the answer,
> >> and the answer it provided is good, but I guess autists gonna autist.
>
> chatgpt often makes the answer sound good but the answer is not
> necessarily reliable, so still needs vetting by someone who understands
> the area. better leave it to someone who understands in the first place.
>
> if you want to quote something, there's a perfectly good explanation
> in the wg(4) manual.
>
> --
> Please keep replies on the mailing list.
>
Re: Assistance Needed with Wireguard VPN Configuration and pf Rules on OpenBSD 7.3
(Sorry, I just realized I replied to just your email address, replying again to the mailing list this time.) On 2023年08月16日 10:05, Stuart Henderson wrote: > wireguard-tools is not required, everything you need for wg(4) is in > the base OS. Oh, I didn't know that. In that case, valid point. > After some OS upgrades, some packages (especially those interfacing > with the kernel for things like networking) will be broken until > packages are updated. > This is a problem if you rely on wg(4) to access the machine. Not sure how frequent this is, but this only happened for me once on a ThinkPad T43, and it was just a matter of running pkg_add -ui both before and after an OS upgrade. > chatgpt often makes the answer sound good but the answer is not > necessarily reliable, so still needs vetting by someone who understands > the area. better leave it to someone who understands in the first place. Yes, but in my case it was more about how to phrase it, not a matter of "what the fuck am I even talking about". I understood why, I just didn't know how to explain in a way that sounds reasonable. I still stand by that the answer itself is more important than the person (or thing) answering. I would have expected the OpenBSD userbase to be much more merit-based rather than leftist-leaning as seen in most other BSD's and Linux distro's nowadays. -- lain.
