Thanks to whoever wrote the "install response file" email script
Just wanted to take a moment to thank the person/people responsible for adding that bit of code in. Saved my bacon just now. Had a system that stopped connecting to our auth server and tried to ssh to it to bring it back in, but couldn't get access with the user I created at install time. Found out that I fat-fingered the username after reading that mail. That saved me 8+ hours of round-trip travel to go out to the site to fix it. -CA .
Re: Hardware recommendations for compact 1U firewall
Jordon wrote: About a year ago i replaced my Soekris net5501 with the following system: Supermicro A1SAi-2550F (4 core Atom with 4 NICS + IPMI) Supermicro SC505-203B (1U case where the back of the mob comes out the front) Kingston KVR16LSE11/4 (4GB SO-DIMM) I also used a SATA-DOM because I was going for low power, but a USB flash drive would work and be a lot cheaper. Under normal usage, it pulls about 15 watts. I have been running pfSense on it with no problems. I also have the 8-core version of this board (2750) in my NAS which is running FreeNAS. I’m pretty sure that at some point while testing these boards, I ran OpenBSD on them without any issues. Those last families of Atoms are a bit underrated in my book. Jordon I recently replaced a pair of Soekris 6501's (BIOSes on both went blank) with some SuperMicro X11SBA-LN4F-O boards, SATA-DOM-064s, the CSE505-203B and 4 GB 1600 Mhz DRR3 sticks. Draws so little power that it looks like the Power Supply is wasting more in the AC-DC conversion process than the system itself is using. Considering replacing it with a 60w 12v power adapter like some of the other systems use. Memory latency is very low and very consistent since the CPU cores and the memory run at the same frequency. I was considering the A1SAi-2550F, but these were cheaper, lower power, had a shorter time to ship, and don't have the Intel Management Engine in them. Only problem is that most of the sensors don't seem to be supported: # sysctl hw.sensors hw.sensors.cpu0.temp0=39.00 degC hw.sensors.acpitz0.temp0=26.80 degC (zone temperature) # dmesg / pcidump / dmidecode: OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8482304000 (8089MB) avail mem = 8220753920 (7839MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xecef0 (58 entries) bios0: vendor American Megatrends Inc. version "1.0" date 08/25/2015 bios0: Supermicro Super Server acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SPMI MCFG SSDT SSDT SSDT UEFI LPIT CSRT acpi0: wakeup devices XHC1(S4) HDEF(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) BRCM(S0) BRC1(S0) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz, 1600.46 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz, 1600.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz, 1600.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz, 1600.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (RP03) acpiprt4 at acpi0: bus 4 (BR19) acpiprt5 at acpi0: bus 5 (BR1A) acpiprt6 at acpi0: bus 6 (BR1B) acpiprt7 at acpi0: bus 7 (BR1C) acpiprt8 at acpi0: bus 9 (RP04) acpiprt9 at acpi0: bus 10 (BR16) acpiec0 at acpi0: not present acpicpu0 at acpi0 C2: state 6: substate 8 >= num 3 C3: state 7: substate 4 >= num 3: C1(1000@
Re: Encrypted data partition
Carsten Kunze wrote: Gregor Best wrote: I just installed EncFS from ports, the version there is 1.7.4 With some short testing, it looks like it works nicely. Thank you for this information and the test. But it should be taken into account that this version is 6 years old, current release is 1.9.1. (It would be great of course if the package maintainer would find the time to update the package to a somewhat newer version some day :) Carsten For sharing encrypted data between OpenBSD and Linux, I just use an OpenBSD-based file server and connect to it over NFS (using SSH to secure the connection) The file server is an old Intel Core-2 box with 4x 1 TB hard drives in a softraid-5 configuration and a pair of 10 GB IDE disks for the OS using hardware RAID. I shut the machine down each night to keep the data safe. Much simpler configuration than hoping that the disk encryption software stays compatible between builds (EG, the Linux version may upgrade to use some kind of Linux-only technology that can't be adapted to work on OpenBSD) or that the disk encryption software is even secure in the first place. .
Re: How to make spamd more annoying ?
Mikkel C. Simonsen wrote: OpenBSD lists wrote: Most of the spam I've received from marketing companies tends to come from send-only servers (looking at the user-agent of the sending server its some kind of Python library intended for just sending pre-formatted messages to a list of recipients). What I've done is constructed a script that while spmad is stuttering their connection, it connects back to the sending server on port 25 and executes an EHLO. If the sending server doesn't respond to the EHLO, it runs pfctl to add that server's address to a block list. That will block a LOT of legitimate e-mail also. Including semi-legitimate e-mails like this one... Why should all e-mail servers accept connections from the outside? Mikkel Because that is what legitimate e-mail servers are supposed to do. Yeah, it blocks emails from "Smart Host" SMTP servers, but I very rarely interact with someone using such a setup. Beside, this is only enabled on my primary server, the secondary server will still accept email where the sender doesn't listen for SMTP. A legitimate email server would detect the failure and try again with the next MX record. Marketing and spam servers tend to see a single failure and just carry on with spamming the next person. My primary server is in a fairly expensive hosting provider (They are very, very reliable, so the cost is worth it), so I try and avoid using its bandwidth as much as possible. The secondary server is located in the office and on a connection with no bandwidth cap but will fail periodically. My infrastructure was set up to stop malicious traffic traffic like bots sending malware / phishing messages and non-reputable spammers. I've noticed a correlation between marketers that don't respond to unsubscribe messages and running servers that don't bother to resend in case of error. -C .
Re: How to make spamd more annoying ?
Mik J wrote: Hello, I've been annoyed for months/years by a few marketing companies from which I regularly unsubriscribed (according to the law in my country they should have done it).A few days ago I decided to make spamd work on my pf machine. And I trapped that spam companyDec 12 19:25:55 openbsd spamd[99682]: (BLACK) x.x.x.x: -> Dec 12 19:27:40 openbsd spamd[99682]: x.x.x.x: To: victim Dec 12 19:27:40 openbsd spamd[99682]: x.x.x.x: From: =?utf-8?Lalalala= Dec 12 19:27:40 openbsd spamd[99682]: x.x.x.x: Subject: =?utf-8?Lalalalla Dec 12 19:28:45 openbsd spamd[99682]: x.x.x.x: disconnected after 387 seconds. lists: spamd-greytrap blacklist I notice that this spammer lost 387 seconds so 6 minutes. Is there a way to make them loose more time ? # grep spamd /etc/rc.conf spamd_flags="-5 -v -l 127.0.0.1 -h mymx.mydomain.com -n Somestring" Thank you Most of the spam I've received from marketing companies tends to come from send-only servers (looking at the user-agent of the sending server its some kind of Python library intended for just sending pre-formatted messages to a list of recipients). What I've done is constructed a script that while spmad is stuttering their connection, it connects back to the sending server on port 25 and executes an EHLO. If the sending server doesn't respond to the EHLO, it runs pfctl to add that server's address to a block list. Another technique I've done is to use a catch-all address for my primary email address, so each time I give out an address I give them a unique address. If I receive spam on an address (say something from "facebook" on amazon@) then I know that my address has been leaked and can readily identify who it was that leaked/sold my address to spammers. .
Re: 350MHz IBM Intel Pentium II runs 5.9 fine
Craig Skinner wrote: Hi, On Wed, 30 Nov 2016 17:09:13 +0100 butresin wrote: On 16.11.29Tue 14:12, Craig Skinner wrote: real mem = 200740864 (191MB) avail mem = 184385536 (175MB) ... spdmem0 at iic0 addr 0x50: 64MB SDRAM non-parity PC100CL3 spdmem1 at iic0 addr 0x51: 64MB SDRAM non-parity PC100CL3 spdmem2 at iic0 addr 0x52: 64MB SDRAM ECC PC100CL2 spdmem3 at iic0 addr 0x55: 1GB DDR2 SDRAM PC2-5000CL5 This is odd. None of these IBM Pentium II machines have DDR memory installed. I don't think it was invented in 1999. The 3 slots are old DIMM. The other dmesg: spdmem0 at iic0 addr 0x50: 128MB SDRAM non-parity PC100CL3 spdmem1 at iic0 addr 0x51: 64MB SDRAM non-parity PC100CL3 spdmem2 at iic0 addr 0x52: 64MB SDRAM non-parity PC100CL3 spdmem3 at iic0 addr 0x55: 448MB DDR2 SDRAM PC2-2500CL5 Another identical machine, but with only 2 DIMM slots filled: spdmem0 at iic0 addr 0x50: 256MB SDRAM non-parity PC133CL2 spdmem1 at iic0 addr 0x51: 256MB SDRAM non-parity PC133CL2 spdmem2 at iic0 addr 0x55: 1GB DDR2 SDRAM PC2-6500CL5 Being an ordinary user, I dunno what that means, but the boxes run fine. Cheers! Looks like something is misinterpreting ID numbers form the EEPROM on the memory modules. But I'd like to see what is physically there before making a call on what is going wrong, if you have any photos of the system's motherboard. I'm thinking that perhaps the DDR2 modules might be for an integrated graphics chips but are reporting as part of main memory for some reason. Older systems like that were a mess and many times buses would be wired together and whatever is attached to the IIC bus may be some random peripheral that just happens to have an ID that was later re-used for a DDR2 module.
Re: 5.8 EOL
Alessandro Baggi wrote: Il 01/12/2016 17:01, Marko Cupać ha scritto: On Thu, 1 Dec 2016 15:59:41 +0100 Alessandro Baggi wrote: Hi list, I've installed some years ago OpenBSD 5.8 on apu with 3 nics. I've tried to search but no look. What is the EOL for OpenBSD 5.8? Thanks in advance. https://www.openbsd.org/faq/faq5.html#Flavors AFAIK Once 6.0 is out, 5.8 becomes unsupported (EOS). But it by no means its life ends (EOL). I have just upgraded 2 boxes that were at 5.5, but were quite alive and kicking :) -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/ Then, when 6.1 will be released, Somewhere between March and May of next year. Depends on when the code is in a releasable state. 5.9 will become unsupported. Yep, it won't be getting patches anymore. How do you provide to security patch for 5.5? We don't. Supporting a release that old would require quite a lot more volunteers to back-port and test every patch that would apply and we'd rather not waste resources on supporting the old stuff and use our time to move the project forward. Upgrading is painless and major changes are very rare, so I can't think of any compelling reasons to stay on an old version (well, unless it is the last version your platform supports)
Re: 5.8 EOL
Alessandro Baggi wrote: Hi list, I've installed some years ago OpenBSD 5.8 on apu with 3 nics. I've tried to search but no look. What is the EOL for OpenBSD 5.8? Thanks in advance. 1 September 2016 when 6.0 was released. The only support versions are the current and the immediately previous. I'd recommend upgrading to 6.0 anyway, a lot of drivers for the AMD APUs were added/updated between 18 October 2015 when 5.8 was released and now. Mostly newer graphics chips and USB 3.0 XHCI support. Helped with some issues on an A6-5200 based system I use as my backup desktop box. -Christopher Ahrens
Re: Openbsd broke my hard drive twice! Getting frustrated
On Tue, Dec 23, 2014 at 12:04:25AM -0200, Henrique Lengler wrote: > Could someone please explain me why this happened? Can you think about a way > to fix this without send it to warranty? > Any other questions? send me a reply, I'm really in need of help # cd /usr/src/distrib/miniroot/ # grep -B3 'inconsistent state' install.sub At any prompt except password prompts you can escape to a shell by typing '!'. Default answers are shown in []'s and are selected by pressing RETURN. You can exist this program at any time by pressing Control-C, but this can leave your system in an inconsistent state. Did you not see this warning while installing?