Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
On 26/04/12 12:17 AM, Gary Gendel wrote: That isn't what spamdyke is trying to accomplish here. This checks to see if the sender is trying to spoof the MTA. What spamdyke is trying to do is to blacklist emails based upon the ip address embedded in the sending domain name. For example: If I get mail from 208.1.48.3 and it's reverse domain lookup resolves to customer.208.001_48.3.sample.com and sample.com is on my list it is blocked. Again, it's available with the following configuration parameter: check_reverse_client_hostname_access type:table Table should have key sample.com and RHS = REJECT, blah Table details: http://www.postfix.org/access.5.html ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
On 4/26/12 5:01 AM, Christopher Chan wrote: On 26/04/12 12:17 AM, Gary Gendel wrote: That isn't what spamdyke is trying to accomplish here. This checks to see if the sender is trying to spoof the MTA. What spamdyke is trying to do is to blacklist emails based upon the ip address embedded in the sending domain name. For example: If I get mail from 208.1.48.3 and it's reverse domain lookup resolves to customer.208.001_48.3.sample.com and sample.com is on my list it is blocked. Again, it's available with the following configuration parameter: check_reverse_client_hostname_access type:table Table should have key sample.com and RHS = REJECT, blah Table details: http://www.postfix.org/access.5.html Chris, I'm still unclear on how to do this. How could you write a regular express to check to see if the connecting ip address is buried in the reverse dns lookup. In my example, spamdyke would reject customer.208.001_48.3.sample.com, but customer.108.001_48.3.sample.com would not be rejected because it doesn't match the ip address of the sending MTA. This prevents rejecting reverse dns names with strings of arbitrary numbers in them. Gary ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] Cannot open: Illegal byte sequence with a file containing a question mark
Hello, I have a problem with extracting a tar file. The tar file contains some files with a question mark in the filename. On a Linux Machine, the file looks like this; Adig?zel-Huda.jpg (a black rhombus with a question mark in it) When I extract that tar file on my openindiana 148b machine, I get the following error: Adig\374zel-Huda.jpg: Cannot open: Illegal byte sequence On the Linux Machine is ext3 as filesystem and on the openindiana Machine is zfs v28. Is there a solution for this problem? Greeting Flo ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Cannot open: Illegal byte sequence with a file containing a question mark
IIRC there's a choice of tar programs ... so: which tar are you using? perhaps using gtar can help? HTH Michael On Thu, Apr 26, 2012 at 15:24, Flo flor...@acw.at wrote: Hello, I have a problem with extracting a tar file. The tar file contains some files with a question mark in the filename. On a Linux Machine, the file looks like this; Adig?zel-Huda.jpg (a black rhombus with a question mark in it) When I extract that tar file on my openindiana 148b machine, I get the following error: Adig\374zel-Huda.jpg: Cannot open: Illegal byte sequence On the Linux Machine is ext3 as filesystem and on the openindiana Machine is zfs v28. Is there a solution for this problem? Greeting Flo ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss -- Michael Schuster http://recursiveramblings.wordpress.com/ ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Cannot open: Illegal byte sequence with a file containing a question mark
I have to use tar, because the tar file is an openvz container and vzrestore uses tar. The first time, I encountered this problem, was, when I wanted to restore an openvz container to a nfs share. The nfs server is my openindiana machine and the openvz server is a debian squeeze. Here I got this error: Adig\374zel-Huda.jpg: Cannot open: Input/output error Greeting Flo Am 2012-04-26 15:26, schrieb Michael Schuster: IIRC there's a choice of tar programs ... so: which tar are you using? perhaps using gtar can help? HTH Michael On Thu, Apr 26, 2012 at 15:24, Floflor...@acw.at wrote: Hello, I have a problem with extracting a tar file. The tar file contains some files with a question mark in the filename. On a Linux Machine, the file looks like this; Adig?zel-Huda.jpg (a black rhombus with a question mark in it) When I extract that tar file on my openindiana 148b machine, I get the following error: Adig\374zel-Huda.jpg: Cannot open: Illegal byte sequence On the Linux Machine is ext3 as filesystem and on the openindiana Machine is zfs v28. Is there a solution for this problem? Greeting Flo ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] Updating curl (and webmin???)
The current curl in OI151a3 seems to be v 7,21 Would it be very difficult for someone involved in maintaining OI151 to upgrade curl to the latest version? There are some minor adaptations to more modern web practices, it seems. And the same Q about webmin: would it be possible to either clean the current version up a bit: fix the smf manifest directory error and remove the offer to update webmin to the non-functional download of the general version, or else update the included webmin to match the most recent version? ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Cannot open: Illegal byte sequence with a file containing a question mark
Flo wrote:
On a Linux Machine, the file looks like this;
Adig?zel-Huda.jpg (a black rhombus with a question mark in it)
That's how untranslatable characters are typically displayed.
When I extract that tar file on my openindiana 148b machine, I get the
following error:
Adig\374zel-Huda.jpg: Cannot open: Illegal byte sequence
That error is EILSEQ, and it means that the file name has an illegal
UTF8 sequence in it, and that the file system you're trying to write to
uses only UTF8 for file names. See the open(2) man page for details.
Since this is ZFS, check the utf8only property. Something like this
may work for you:
zfs get utf8only `df -k . | awk 'NR==2 { print $1 }'`
If that shows that the property is set on, then that's what's causing
the failure. Sadly, it's configurable only when creating a file system,
so if you wanted to change it, you'd have to create a new file system
and copy everything over.
There's probably some magic that will tell tar to do character set
translation from whatever national character set that might be into
UTF8. If it were my file, I'd use pax with -o invalid=bypass or -o
invalid=rename to fix it up.
Or it's possible that you just need to tell tar not to do national
character set conversions that it might already be doing. Set
LANG=at.UTF-8 in your environment and try unpacking that way. (See
locale -a for viable settings.)
--
James Carlson 42.703N 71.076W carls...@workingcode.com
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Cannot open: Illegal byte sequence with a file containing a question mark
Hello,
Am 2012-04-26 16:11, schrieb James Carlson:
Flo wrote:
On a Linux Machine, the file looks like this;
Adig?zel-Huda.jpg (a black rhombus with a question mark in it)
That's how untranslatable characters are typically displayed.
When I extract that tar file on my openindiana 148b machine, I get the
following error:
Adig\374zel-Huda.jpg: Cannot open: Illegal byte sequence
That error is EILSEQ, and it means that the file name has an illegal
UTF8 sequence in it, and that the file system you're trying to write to
uses only UTF8 for file names. See the open(2) man page for details.
Since this is ZFS, check the utf8only property. Something like this
may work for you:
zfs get utf8only `df -k . | awk 'NR==2 { print $1 }'`
If that shows that the property is set on, then that's what's causing
the failure. Sadly, it's configurable only when creating a file system,
so if you wanted to change it, you'd have to create a new file system
and copy everything over.
utf8only is on. I created a new folder with utf8only=off and this worked!
Are there any disadvantages with utf8only disabled?
I use Napp-It and Napp-It enables it automatically
There's probably some magic that will tell tar to do character set
translation from whatever national character set that might be into
UTF8. If it were my file, I'd use pax with -o invalid=bypass or -o
invalid=rename to fix it up.
Or it's possible that you just need to tell tar not to do national
character set conversions that it might already be doing. Set
LANG=at.UTF-8 in your environment and try unpacking that way. (See
locale -a for viable settings.)
___
OpenIndiana-discuss mailing list
OpenIndiana-discuss@openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Cannot open: Illegal byte sequence with a file containing a question mark
On Thu, Apr 26, 2012 at 8:44 AM, Flo flor...@acw.at wrote: Are there any disadvantages with utf8only disabled? If you have a filesystem that is utf8only with a specific normalization scheme, then all files will have consistent names. Otherwise, the files could have various odd filenames. I believe the OpenSolaris ZFS manual gives the example that different OSes choose to map the same characters to different symbols, so if you create a file named (eg. - probably incorrect) ó on a Mac, you might not be able to access it from Windows because Windows maps the ó character to something different. Now that you've extracted the files, I would suggest copying them to a utf8only filesystem with some normalization scheme (I think Napp-It suggests a specific one). Jan ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Cannot open: Illegal byte sequence with a file containing a question mark
Flo wrote: If that shows that the property is set on, then that's what's causing the failure. Sadly, it's configurable only when creating a file system, so if you wanted to change it, you'd have to create a new file system and copy everything over. utf8only is on. I created a new folder with utf8only=off and this worked! Are there any disadvantages with utf8only disabled? I use Napp-It and Napp-It enables it automatically You'd probably want to talk with the author of Napp-It to find out why he set that parameter. More generally speaking, there are a few file-system-level choices that you can make that determine how names are treated. Allowing only UTF8 is one of them. Selecting case-insensitive matches is another. Which one you choose depends mostly on what you're doing with those files. UTF8 has some great advantages -- it's an unambiguous encoding of UNICODE characters, so it fixes the usual national language character set problems you have with something like ISO 8859. And because the character values are exactly equal for at least the ASCII characters, it mostly works without having to think too much about it. One of the downsides, as you've found, is that it's a somewhat restrictive format. UNIX has traditionally allowed you to use any arbitrary byte value other than hex 00 (NUL) and 2F (/) in the name of a file (obviously, 2F is used for path separation), and in any sequence. Because UNIX allows anything here, two users with different LANG settings will see different characters when they look at the same files. UTF8, though, has rules for how multibyte characters are formed, and those rules result in the possibility that some arbitrary sequences of bytes are not necessarily legal encodings. That leads to an application compatibility problem. If an application issues an open(2) (or creat(2)) system call with a file name that has a legal UNIX name but has an illegal UTF8 sequence, what do you do? Failing the system call means a break in compatibility. Allowing the access means that the integrity of the file names is compromised. That's why there's an option, and why the normal ZFS default for the option is off -- to preserve compatibility. There's probably a deeper issue here concerning what was going on with the 'tar' program you were running. I had _thought_ that file names inside the tar format were encoded using UTF8, which would imply that the problem is that 'tar' erroneously translated that to a national language code point when trying to create the file. If so, then that could just be a configuration problem on your part -- e.g., attempting to use a national language character set when the rest of your world is set up for UTF8. But maybe I'm wrong about that. Someone who knows the internals of tar better should probably look at it. -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana? Mail number: 33 Date: Thu, Apr 26, 2012 In reply to: Gary Gendel g...@genashor.com Chris, I'm still unclear on how to do this. How could you write a regular express to check to see if the connecting ip address is buried in the reverse dns lookup. In my example, spamdyke would reject customer.208.001_48.3.sample.com, but customer.108.001_48.3.sample.com would not be rejected because it doesn't match the ip address of the sending MTA. This prevents rejecting reverse dns names with strings of arbitrary numbers in them. Gary Gary, is very simple, is maked, you don have to do nothing, just tell postfix do this add this to you main.cf smtpd_recipient_restrictions = reject_unknow_sender_domain Postfix will make a reverse lookup and if the domain not found, it will not allow get the mail. Also you can tell postfix who request to the remote server if that sender is a valid user, if it not exist i the remote server, the mail will not pass. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
On 4/26/12 11:54 AM, låzaro wrote: Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana? Mail number: 33 Date: Thu, Apr 26, 2012 In reply to: Gary Gendelg...@genashor.com Chris, I'm still unclear on how to do this. How could you write a regular express to check to see if the connecting ip address is buried in the reverse dns lookup. In my example, spamdyke would reject customer.208.001_48.3.sample.com, but customer.108.001_48.3.sample.com would not be rejected because it doesn't match the ip address of the sending MTA. This prevents rejecting reverse dns names with strings of arbitrary numbers in them. Gary Gary, is very simple, is maked, you don have to do nothing, just tell postfix do this add this to you main.cf smtpd_recipient_restrictions = reject_unknow_sender_domain Postfix will make a reverse lookup and if the domain not found, it will not allow get the mail. This is a completely different check. In spamdyke this would be a poor-man's reject-missing-sender-mx option. I'm talking about the spamdyke ip-in-rdns-keyword-whitelist-file and ip-in-rdns-keyword-blacklist-file options which allow you to specify which domains you will or will not allow the connecting MTA's ip address to be embedded in. This catches a LOT of bot spam from ISPs that return this format for all the ip addresses that have no domain assigned. For example a bot in the comcast network may resolve to this: c-98-221-123-33.hsl1.nj.comcast.net So I can just add .comcast.net to my ip-in-rdns-keyword-blacklist-file file and any bot from the comcast.net domain will be rejected. It's a very directed search as it won't reject an arbitrary number string in the sequence and deals with comcast's use of various dot levels in the domain returned based upon the subnet. Also you can tell postfix who request to the remote server if that sender is a valid user, if it not exist i the remote server, the mail will not pass. This is a problematic thing to do as many servers do not support this functionality. I gave that approach up years ago because it adds delays for non-deterministic benefits. Gary ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
OUW! sorry my missunderstanding... here you are: smtpd_recipient_restrictions = check_client_access hash:/etc/postfix/whitelist In the file: whitelist put this: some.domain.tld OK 200.55.136.18 OK Then run: postmap /etc/postfix/whitelist and finaly run postfix reload ;) Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana? Mail number: 42 Date: Thu, Apr 26, 2012 In reply to: Gary Gendel g...@genashor.com Postfix will make a reverse lookup and if the domain not found, it will not allow get the mail. This is a completely different check. In spamdyke this would be a poor-man's reject-missing-sender-mx option. I'm talking about the spamdyke ip-in-rdns-keyword-whitelist-file and ip-in-rdns-keyword-blacklist-file options which allow you to specify which domains you will or will not allow the connecting MTA's ip address to be embedded in. This catches a LOT of bot spam from ISPs that return this format for all the ip addresses that have no domain assigned. For example a bot in the comcast network may resolve to this: c-98-221-123-33.hsl1.nj.comcast.net So I can just add .comcast.net to my ip-in-rdns-keyword-blacklist-file file and any bot from the comcast.net domain will be rejected. It's a very directed search as it won't reject an arbitrary number string in the sequence and deals with comcast's use of various dot levels in the domain returned based upon the subnet. ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
Thread name: Re: [OpenIndiana-discuss] Qmail-to-go on openindiana? Mail number: 42 Date: Thu, Apr 26, 2012 In reply to: Gary Gendel g...@genashor.com Also you can tell postfix who request to the remote server if that sender is a valid user, if it not exist i the remote server, the mail will not pass. This is a problematic thing to do as many servers do not support this functionality. I gave that approach up years ago because it adds delays for non-deterministic benefits. Gary sure.. that why I say also you can me to not use that... many servers here not work with it ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] oi_151a pkg update fails -- most of the time i get a Invalid content: manifest hash failure: at other times it says live image
oi_151a pkg update fails -- most of the time i get a Invalid content: manifest hash failure: at other times it says live image, yet its certainly not a live image here is some sample output (I did some looking - this is a fresh install of the 151a desktop i downloaded las night: I started with package manager, then got frustrated and switched to command line to no avail: --- package manager (begin) Preparing... Ensuring Package Manager is up to date... Refreshing catalog openindiana.org Finished refreshing catalog openindiana.org Gathering package information Error: Please check the network connection. Is the repository accessible? Invalid content: manifest hash failure: fmri: pkg:// openindiana.org/gnome/locale/es@0.5.11,5.11-0.151.1.3:20120329T212457Z expected: 235af820a4d197e995bd846824ac680c409a6210 computed: 932f43965fbf788384253a08f801f868a87eb9c2. (happened 4 times) --- package manager (end) --- Command line (begin) admin@huntington:~# umask 0022 admin@huntington:~# pkg image-update Creating Plan | Errors were encountered while attempting to retrieve package or file data for the requested operation. Details follow: Invalid content: manifest hash failure: fmri: pkg:// openindiana.org/gnome/locale/es@0.5.11,5.11-0.151.1.3:20120329T212457Z expected: 235af820a4d197e995bd846824ac680c409a6210 computed: 932f43965fbf788384253a08f801f868a87eb9c2. (happened 4 times) admin@huntington:~# pkg image-update --require-new-be Creating Plan | Errors were encountered while attempting to retrieve package or file data for the requested operation. Details follow: Invalid content: manifest hash failure: fmri: pkg:// openindiana.org/gnome/locale/es@0.5.11,5.11-0.151.1.3:20120329T212457Z expected: 235af820a4d197e995bd846824ac680c409a6210 computed: 932f43965fbf788384253a08f801f868a87eb9c2. (happened 4 times) --- Command line (end) thoughts anyone? ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
[OpenIndiana-discuss] ntp woes
I could use a bit of advice. My OpenIndiana machine can not update it's time from the ntp servers. I noticed that the time was off by a couple of minutes. The machine has two nics: bge0 - wan bge1 - lan and serves as a router for my lan. All the machines on my lan that use ntp, make requests and get results happily except this machine: $ ntpupdate us.pool.ntp.org 26 Apr 12:29:30 ntpdate[13172]: no server suitable for synchronization found However, with snoop I see the ntp request and a good response coming back from the server. NTP: - Network Time Protocol - NTP: NTP: Leap= 0x0 (OK) NTP: Version = 4 NTP: Mode= 4 (server) NTP: Stratum = 2 (secondary reference) NTP: Poll= 3 NTP: Precision = 234 seconds NTP: Synchronizing distance = 0x.02f4 (0.011536) NTP: Synchronizing dispersion = 0x.0b11 (0.043228) NTP: Reference clock = 64.113.32.5 (nist.netservicesgroup.com) NTP: Reference time = 0xd343f237.4edb0b45 (2012-04-26 12:11:35.30803) NTP: Originate time = 0xd343f710.0f35701d (2012-04-26 12:32:16.05941) NTP: Receive time = 0xd343f70d.8134a6ad (2012-04-26 12:32:13.50471) NTP: Transmit time = 0xd343f70d.81369de0 (2012-04-26 12:32:13.50474) $ ntpupdate -d us.pool.ntp.org spews what looks like a good response from the server. $ ntpq -p aways shows all servers in .INIT. state. My drift file hasn't been updated since July 2011! I tried binding ntpd to only bge0 and then tried binding it to only bge1 but that did not change things (I used the -I interface option). Anyone have a clue what to look at next? My guess it's a conflict between my NAT setup and this service running on the same host, but I'm stumped what to do next. Gary ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] ntp woes
Gary Gendel wrote: I could use a bit of advice. My OpenIndiana machine can not update it's time from the ntp servers. I noticed that the time was off by a couple of minutes. The machine has two nics: bge0 - wan bge1 - lan and serves as a router for my lan. All the machines on my lan that use ntp, make requests and get results happily except this machine: $ ntpupdate us.pool.ntp.org 26 Apr 12:29:30 ntpdate[13172]: no server suitable for synchronization found At a guess, you have a filter configured that's breaking UDP traffic on port 123. Try: ntpdate -u us.pool.ntp.org If that works, then you'll probably want to go looking at your firewall configuration. -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] ntp woes
On 4/26/12 12:55 PM, James Carlson wrote: Gary Gendel wrote: I could use a bit of advice. My OpenIndiana machine can not update it's time from the ntp servers. I noticed that the time was off by a couple of minutes. The machine has two nics: bge0 - wan bge1 - lan and serves as a router for my lan. All the machines on my lan that use ntp, make requests and get results happily except this machine: $ ntpupdate us.pool.ntp.org 26 Apr 12:29:30 ntpdate[13172]: no server suitable for synchronization found At a guess, you have a filter configured that's breaking UDP traffic on port 123. Try: ntpdate -u us.pool.ntp.org If that works, then you'll probably want to go looking at your firewall configuration. Thanks for the -u option. That worked fine so now I have to figure out what's going on. Since the other machines work fine, it means that indeed it's because I'm on the same host as the router. I don't want to set port 123 to route specifically to this machine because that would break all the other machines ntp requests. This one is tricky. Gary ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] ntp woes
Gary Gendel wrote: On 4/26/12 12:55 PM, James Carlson wrote: If that works, then you'll probably want to go looking at your firewall configuration. Thanks for the -u option. That worked fine so now I have to figure out what's going on. Since the other machines work fine, it means that indeed it's because I'm on the same host as the router. I don't want to set port 123 to route specifically to this machine because that would break all the other machines ntp requests. This one is tricky. I used to have similar problems on my home system. Because I have a /28 and a few spare external static IP addresses, I was able to set up a second address on the main (wan) interface as a work-around. The first address has no NAT configured on it, and it's what everything running locally on the machine uses by default. The second address is used exclusively for NAT to the rest of my internal network. I can't say this is the best solution, but it certainly seems to be working well for me, and has eliminated a lot of annoyances. (In particular, with the old single-address solution, I was forced to use ftp in 'passive' mode all the time, because the ipnat configuration didn't seem to like maintaining state for local applications. But with two addresses, the problem goes away, and both local and internal instances of ftp can run with either passive or non-passive mode without trouble.) Plus, it makes it much easier to filter NAT versus gateway traffic and to look at packet traces. -- James Carlson 42.703N 71.076W carls...@workingcode.com ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
On Thu, Apr 26, 2012 at 9:25 AM, Gary Gendel g...@genashor.com wrote: This is a problematic thing to do as many servers do not support this functionality. I gave that approach up years ago because it adds delays for non-deterministic benefits. Yeah, it was widely switched off after spammers realized it was an easy way to find out which email addresses on their lists were valid... -- David Brodbeck System Administrator, Linguistics University of Washington ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?
On Thursday, April 26, 2012 08:30 PM, Gary Gendel wrote: On 4/26/12 5:01 AM, Christopher Chan wrote: On 26/04/12 12:17 AM, Gary Gendel wrote: That isn't what spamdyke is trying to accomplish here. This checks to see if the sender is trying to spoof the MTA. What spamdyke is trying to do is to blacklist emails based upon the ip address embedded in the sending domain name. For example: If I get mail from 208.1.48.3 and it's reverse domain lookup resolves to customer.208.001_48.3.sample.com and sample.com is on my list it is blocked. Again, it's available with the following configuration parameter: check_reverse_client_hostname_access type:table Table should have key sample.com and RHS = REJECT, blah Table details: http://www.postfix.org/access.5.html Chris, I'm still unclear on how to do this. How could you write a regular express to check to see if the connecting ip address is buried in the reverse dns lookup. In my example, spamdyke would reject customer.208.001_48.3.sample.com, but customer.108.001_48.3.sample.com would not be rejected because it doesn't match the ip address of the sending MTA. This prevents rejecting reverse dns names with strings of arbitrary numbers in them. Gary, I am sorry, but things are a bit unclear here. Is it don't block misconfigured clients but do block clients with proper rdns in this domain? What do you mean by customer.108.001_48.3.sample.com would not be rejected because it doesn't match the ip address of the sending MTA? That customer.108.001_48.3.sample.com A would not map back to the ip of server whose PTR record points to customer.108.001_48.3.sample.com? Christopher ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
