Re: Squid -vs- IPv6
On 2014-05-19 Mon 12:01 PM |, Craig R. Skinner wrote: > FYI: This breaks Squid 3.3.8 on 5.4 release: > > $ fgrep family /etc/resolv.conf > family inet4 > (this may effect other daemons too) > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Bugged by the FreeBSD ports team: > http://www.freebsd.org/cgi/query-pr.cgi?pr=176951 > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > Bugged @ Squid HQ: > http://bugs.squid-cache.org/show_bug.cgi?id=4024 > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > Bug now patched by the Squid team: Status: RESOLVED FIXED --- Comment #11 from Amos Jeffries 2014-10-14 07:28:10 UTC --- I have applied a patch to Squid-3 to log a warning but not abort if ::1 and *only* ::1 has failed to resolve. http://bugs.squid-cache.org/show_bug.cgi?id=4024#c11 Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: [NEW] mail/spamdba
On 2014-04-07 Mon 13:01 PM |, Craig R. Skinner wrote: > Hello OpenBSD porters, > > Attached here is a new port of spamdba - pf spamd database assistant > > > spamdba assists postmasters to routinely manipulate the spamd(8) > database. This tool is a wrapper for spamdb(8), simplifying common > tasks, such as:- > > o Adding/deleting of all, or a pattern matched subset of entries. > > o Dumping & loading of dumps - for OS upgrades, database format >changes, sharing data between different architecture/OS machines, etc > Machine dump, wipe disks & reinstall after time_t 64 bit changes: $ uname -a OpenBSD palm.britvault.co.uk 5.4 GENERIC#37 i386 $ spamdba dump Dump: /var/tmp/spamdba.dump.aFViL4d $ mv /var/tmp/spamdba.dump.aFViL4d /home/postmaster spamdb reload after clean install: $ uname -a OpenBSD palm.britvault.co.uk 5.5 GENERIC#276 i386 $ ls -l /var/db/spamdb ls: /var/db/spamdb: No such file or directory $ sudo touch /var/db/spamd $ ls -l /var/db/spamd -rw-r--r-- 1 root wheel 0 Jul 12 13:32 /var/db/spamd $ sudo chown _spamd:postmasters /var/db/spamd $ sudo chmod 660 /var/db/spamd $ ls -l /var/db/spamd -rw-rw 1 _spamd postmasters 0 Jul 12 13:32 /var/db/spamd $ sube postmaster $ ls -l spamdba.dump.aFViL4d -rw-r- 1 postmaster postmasters 49502 Jul 10 13:04 spamdba.dump.aFViL4d $ spamdba load -f spamdba.dump.aFViL4d spamdb: cannot open /var/db/spamd for reading: Inappropriate file type or format Processed: 535 Log: /var/tmp/spamdba_add_SPAMTRAP.log.s8J7nph Processed: 307 Log: /var/tmp/spamdba_add_TRAPPED.log.i6QITng Processed: 253 Log: /var/tmp/spamdba_add_WHITE.log.zdVooOc $ ls -l /var/db/spamd -rw-rw 1 _spamd postmasters 131072 Jul 12 13:34 /var/db/spamd $ spamdb | wc -l 1095 http://web.britvault.co.uk/products/spamdba/
Re: rc scripts
On 2014-07-03 Thu 14:13 PM |, Ian McWilliam wrote: > > Secondly is it acceptable to create a common rc script to hold common subs > used amongst multiple rc > script for a port, eg samba.subr that will be used by smbd and nmbd rc > scripts? . /usr/local/libexec/samba-control ?
Re: rc scripts
On 2014-07-03 Thu 16:23 PM |, Ian McWilliam wrote: > > OK. Samba4 contains the /usr/local/bin/samba which is the full blown Active > Directory Server. > The RC script for that (when I write it) will need checks to make sure that > smbd / nmbd / winbindd are > not running as those daemons are not used in an ADS setup. They can also be started from /etc/inetd.conf
Re: unbound fails to start on boot
On 2014-05-27 Tue 14:13 PM |, Martin, Matthew wrote:
> I'm moving to unbound in preparation for 5.6. Trying to start unbound
> on boot with pkg_scripts would always fail; however, starting it
> manually would succeed. This seems to be because /etc/rc does not have
> /usr/local/sbin in it's PATH and /etc/rc.d/unbound calls
> unbound-control-setup.
>
I'm using this with the packaged unbound-1.4.20 on 5.4 RELEASE:
#!/bin/sh
#
_sbin='/usr/local/sbin'
_chroot='/var/unbound'
_etc="${_chroot}/etc"
_config="${_etc}/unbound.conf"
daemon="${_sbin}/unbound"
daemon_flags="-c ${_config}"
. /etc/rc.d/rc.subr
pexp="unbound${daemon_flags:+ ${daemon_flags}}"
rc_reload=NO
rc_pre() {
if grep '^[[:space:]]*control-enable:[[:space:]]*yes' \
${_config} > /dev/null 2>&1 && \
! [[ -f ${_etc}/unbound_server.key ||
-f ${_etc}/unbound_server.pem ||
-f ${_etc}/unbound_control.key ||
-f ${_etc}/unbound_control.pem ]]; then
${_sbin}/unbound-control-setup 2> /dev/null
fi
if grep '^[[:space:]]*auto-trust-anchor-file:' \
${_config} > /dev/null 2>&1; then
${_sbin}/unbound-anchor -v -a "${_chroot}/db/root.key" || true
fi
}
rc_start() {
${_sbin}/unbound-checkconf > /dev/null &&
${rcexec} "unbound ${daemon_flags}"
}
rc_cmd $1
Squid -vs- IPv6
FYI: This breaks Squid 3.3.8 on 5.4 release: $ fgrep family /etc/resolv.conf family inet4 (this may effect other daemons too) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bugged by the FreeBSD ports team: http://www.freebsd.org/cgi/query-pr.cgi?pr=176951 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bugged @ Squid HQ: http://bugs.squid-cache.org/show_bug.cgi?id=4024 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= There are patches & compile options, which I don't understand.
Re: [NEW] mail/spamdba
Any comments/thoughts/OKs? On 2014-04-07 Mon 13:01 PM |, Craig R. Skinner wrote: > Hello OpenBSD porters, > > Attached here is a new port of spamdba - pf spamd database assistant > > > spamdba assists postmasters to routinely manipulate the spamd(8) > database. This tool is a wrapper for spamdb(8), simplifying common > tasks, such as:- > > o Adding/deleting of all, or a pattern matched subset of entries. > > o Dumping & loading of dumps - for OS upgrades, database format >changes, sharing data between different architecture/OS machines, etc > > Feedback welcome, > Craig. >
[NEW] mail/spamdba
Hello OpenBSD porters, Attached here is a new port of spamdba - pf spamd database assistant spamdba assists postmasters to routinely manipulate the spamd(8) database. This tool is a wrapper for spamdb(8), simplifying common tasks, such as:- o Adding/deleting of all, or a pattern matched subset of entries. o Dumping & loading of dumps - for OS upgrades, database format changes, sharing data between different architecture/OS machines, etc Feedback welcome, Craig. spamdba.tar.gz Description: application/tar-gz
Re: [NEW] sysutils/libsysexits
Ping. On 2014-03-13 Thu 10:05 AM |, Craig R. Skinner wrote: > Post ports unlock resend. > > On 2014-02-01 Sat 19:53 PM |, Craig R. Skinner wrote: > > Hello again, > > > > This new port of libsysexits is a dependency of the newly submitted port > > mail/abersnuik > > > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > COMMENT= shell script system exit codes library > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > pkg/DESCR: > > libsysexits provides a shell script compatible reformatted version of > > the established C system exits header file: /usr/src/include/sysexits.h > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > Comments/improvements/OK? > > > > Cheers, > > Craig.
Re: [NEW] security/cagair
ping On 2014-03-13 Thu 10:03 AM |, Craig R. Skinner wrote: > Post-unlock resend & reattached. > > On 2014-02-07 Fri 10:44 AM |, Craig R. Skinner wrote: > > Hello all, > > > > Attached here is a newly ported fork of the password manager by naddy@ > > http://thread.gmane.org/gmane.os.openbsd.misc/209150/focus=209211 > > > > It is a shell script and does not need building. > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > COMMENT= command line password manager with OpenSSL file encryption > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > $ cat pkg/DESCR > > Cagair is a command line password manager application, which helps > > people organise their many login details, notes, or other secure data. > > > > It stores data in a securely encrypted file, which is access protected > > by a single "master password". You only need to remember the single > > master password, instead of the many unique logins that you use. > > > > Cagair is a lightweight Korn shell script that drives the heavyweight > > OpenSSL file encryption tool, enabling the user to view/change the file > > with a secured editor of their choosing. > > > > It is open source and FREE. > > > > While designed specifically for OpenBSD, it may also function on general > > Unix-like operating systems, such as *BSD, OS X, Linux, Solaris, etc. > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > This port has a dependency of sysutils/libsysexits - which I've posted > > separately. > > > > Comments/improvements/OK? > >
Re: [NEW] mail/abersnuik
ping. On 2014-03-13 Thu 10:04 AM |, Craig R. Skinner wrote: > Post ports unlock resend & reattach. > > On 2014-02-01 Sat 19:33 PM |, Craig R. Skinner wrote: > > Hi folks, > > > > Attached here is a new port of Abersnuik: > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > COMMENT= spamd blacklists via multi-protocol, retries + random delays > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > $ cat pkg/DESCR > > Compliments spamd-setup by downloading resources, with up to 12 attempts, > > each after a random delay of up to 5 minutes. > > > > If unsuccessful, cached data from a previous run is reused. > > > > Protocols supported: http, ftp, scp, sftp, rsync. > > > > Downloading tool settable; ftp, lynx, curl, rsync, [other]... > > > > Proxies usable, caching reduces everyone's bandwidth/time/expenses. > > > > Many hosts polling the remote servers at the same time (root's default > > cron job) can result in the "zero minute rush" issue, often resulting in > > "Illegal seek" or "Broken pipe" errors. > > > > See: > > http://thread.gmane.org/gmane.os.openbsd.misc/196071 > > http://openbsd.7691.n7.nabble.com/spamd-setup-in-crontab-td80311.html > > > > This tool sorts out those niggles. > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > Index: user.list > > === > > RCS file: /cvs/ports/infrastructure/db/user.list,v > > retrieving revision 1.223 > > diff -u -p -r1.223 user.list > > --- user.list 28 Jan 2014 16:30:03 - 1.223 > > +++ user.list 1 Feb 2014 18:33:37 - > > @@ -239,3 +239,4 @@ id usergroup port options > > 728 _sockd _sockd security/dante > > 729 _greyscanner _greyscannermail/greyscanner > > 730 _kdm _kdmx11/kde4/workspace > > +731 _abersnuik _abersnuik mail/abersnuik > > > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > This port has a dependency of sysutils/libsysexits - which I'll post > > separately. > > > > Comments/improvements/OK? > > > > Cheers, > > Craig.
Re: [NEW] sysutils/libsysexits
Post ports unlock resend. On 2014-02-01 Sat 19:53 PM |, Craig R. Skinner wrote: > Hello again, > > This new port of libsysexits is a dependency of the newly submitted port > mail/abersnuik > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > COMMENT= shell script system exit codes library > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > pkg/DESCR: > libsysexits provides a shell script compatible reformatted version of > the established C system exits header file: /usr/src/include/sysexits.h > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > Comments/improvements/OK? > > Cheers, > Craig. libsysexits.tar.gz Description: application/tar-gz
Re: [NEW] mail/abersnuik
Post ports unlock resend & reattach. On 2014-02-01 Sat 19:33 PM |, Craig R. Skinner wrote: > Hi folks, > > Attached here is a new port of Abersnuik: > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > COMMENT= spamd blacklists via multi-protocol, retries + random delays > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > $ cat pkg/DESCR > Compliments spamd-setup by downloading resources, with up to 12 attempts, > each after a random delay of up to 5 minutes. > > If unsuccessful, cached data from a previous run is reused. > > Protocols supported: http, ftp, scp, sftp, rsync. > > Downloading tool settable; ftp, lynx, curl, rsync, [other]... > > Proxies usable, caching reduces everyone's bandwidth/time/expenses. > > Many hosts polling the remote servers at the same time (root's default > cron job) can result in the "zero minute rush" issue, often resulting in > "Illegal seek" or "Broken pipe" errors. > > See: > http://thread.gmane.org/gmane.os.openbsd.misc/196071 > http://openbsd.7691.n7.nabble.com/spamd-setup-in-crontab-td80311.html > > This tool sorts out those niggles. > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > Index: user.list > === > RCS file: /cvs/ports/infrastructure/db/user.list,v > retrieving revision 1.223 > diff -u -p -r1.223 user.list > --- user.list 28 Jan 2014 16:30:03 - 1.223 > +++ user.list 1 Feb 2014 18:33:37 - > @@ -239,3 +239,4 @@ id user group port options > 728 _sockd _sockd security/dante > 729 _greyscanner _greyscannermail/greyscanner > 730 _kdm _kdmx11/kde4/workspace > +731 _abersnuik _abersnuik mail/abersnuik > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > This port has a dependency of sysutils/libsysexits - which I'll post > separately. > > Comments/improvements/OK? > > Cheers, > Craig. abersnuik.tar.gz Description: application/tar-gz
Re: [NEW] security/cagair
Post-unlock resend & reattached. On 2014-02-07 Fri 10:44 AM |, Craig R. Skinner wrote: > Hello all, > > Attached here is a newly ported fork of the password manager by naddy@ > http://thread.gmane.org/gmane.os.openbsd.misc/209150/focus=209211 > > It is a shell script and does not need building. > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > COMMENT= command line password manager with OpenSSL file encryption > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > $ cat pkg/DESCR > Cagair is a command line password manager application, which helps > people organise their many login details, notes, or other secure data. > > It stores data in a securely encrypted file, which is access protected > by a single "master password". You only need to remember the single > master password, instead of the many unique logins that you use. > > Cagair is a lightweight Korn shell script that drives the heavyweight > OpenSSL file encryption tool, enabling the user to view/change the file > with a secured editor of their choosing. > > It is open source and FREE. > > While designed specifically for OpenBSD, it may also function on general > Unix-like operating systems, such as *BSD, OS X, Linux, Solaris, etc. > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > This port has a dependency of sysutils/libsysexits - which I've posted > separately. > > Comments/improvements/OK? > > Cheers, > -- > Craig cagair.tar.gz Description: application/tar-gz
Re: [NEW] mail/abersnuik
FYI;- this too is an architecture independent shell script, which does not need building. On 2014-02-05 Wed 09:35 AM |, Craig R. Skinner wrote: > ping > > On 2014-02-01 Sat 19:33 PM |, Craig R. Skinner wrote: > > Hi folks, > > > > Attached here is a new port of Abersnuik: > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > COMMENT= spamd blacklists via multi-protocol, retries + random delays > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > $ cat pkg/DESCR > > Compliments spamd-setup by downloading resources, with up to 12 attempts, > > each after a random delay of up to 5 minutes. > > > > If unsuccessful, cached data from a previous run is reused. > > > > Protocols supported: http, ftp, scp, sftp, rsync. > > > > Downloading tool settable; ftp, lynx, curl, rsync, [other]... > > > > Proxies usable, caching reduces everyone's bandwidth/time/expenses. > > > > Many hosts polling the remote servers at the same time (root's default > > cron job) can result in the "zero minute rush" issue, often resulting in > > "Illegal seek" or "Broken pipe" errors. > > > > See: > > http://thread.gmane.org/gmane.os.openbsd.misc/196071 > > http://openbsd.7691.n7.nabble.com/spamd-setup-in-crontab-td80311.html > > > > This tool sorts out those niggles. > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > Index: user.list > > === > > RCS file: /cvs/ports/infrastructure/db/user.list,v > > retrieving revision 1.223 > > diff -u -p -r1.223 user.list > > --- user.list 28 Jan 2014 16:30:03 - 1.223 > > +++ user.list 1 Feb 2014 18:33:37 - > > @@ -239,3 +239,4 @@ id usergroup port options > > 728 _sockd _sockd security/dante > > 729 _greyscanner _greyscannermail/greyscanner > > 730 _kdm _kdmx11/kde4/workspace > > +731 _abersnuik _abersnuik mail/abersnuik > > > > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > This port has a dependency of sysutils/libsysexits - which I'll post > > separately. > > > > Comments/improvements/OK? > > > > Cheers, > > Craig.
[NEW] security/cagair
Hello all, Attached here is a newly ported fork of the password manager by naddy@ http://thread.gmane.org/gmane.os.openbsd.misc/209150/focus=209211 It is a shell script and does not need building. # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- COMMENT= command line password manager with OpenSSL file encryption # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ cat pkg/DESCR Cagair is a command line password manager application, which helps people organise their many login details, notes, or other secure data. It stores data in a securely encrypted file, which is access protected by a single "master password". You only need to remember the single master password, instead of the many unique logins that you use. Cagair is a lightweight Korn shell script that drives the heavyweight OpenSSL file encryption tool, enabling the user to view/change the file with a secured editor of their choosing. It is open source and FREE. While designed specifically for OpenBSD, it may also function on general Unix-like operating systems, such as *BSD, OS X, Linux, Solaris, etc. # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This port has a dependency of sysutils/libsysexits - which I've posted separately. Comments/improvements/OK? Cheers, -- Craig cagair.tar.gz Description: application/tar-gz
Re: [NEW] mail/abersnuik
ping On 2014-02-01 Sat 19:33 PM |, Craig R. Skinner wrote: > Hi folks, > > Attached here is a new port of Abersnuik: > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > COMMENT= spamd blacklists via multi-protocol, retries + random delays > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > $ cat pkg/DESCR > Compliments spamd-setup by downloading resources, with up to 12 attempts, > each after a random delay of up to 5 minutes. > > If unsuccessful, cached data from a previous run is reused. > > Protocols supported: http, ftp, scp, sftp, rsync. > > Downloading tool settable; ftp, lynx, curl, rsync, [other]... > > Proxies usable, caching reduces everyone's bandwidth/time/expenses. > > Many hosts polling the remote servers at the same time (root's default > cron job) can result in the "zero minute rush" issue, often resulting in > "Illegal seek" or "Broken pipe" errors. > > See: > http://thread.gmane.org/gmane.os.openbsd.misc/196071 > http://openbsd.7691.n7.nabble.com/spamd-setup-in-crontab-td80311.html > > This tool sorts out those niggles. > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > Index: user.list > === > RCS file: /cvs/ports/infrastructure/db/user.list,v > retrieving revision 1.223 > diff -u -p -r1.223 user.list > --- user.list 28 Jan 2014 16:30:03 - 1.223 > +++ user.list 1 Feb 2014 18:33:37 - > @@ -239,3 +239,4 @@ id user group port options > 728 _sockd _sockd security/dante > 729 _greyscanner _greyscannermail/greyscanner > 730 _kdm _kdmx11/kde4/workspace > +731 _abersnuik _abersnuik mail/abersnuik > > > # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > This port has a dependency of sysutils/libsysexits - which I'll post > separately. > > Comments/improvements/OK? > > Cheers, > Craig. -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
[NEW] sysutils/libsysexits
Hello again, This new port of libsysexits is a dependency of the newly submitted port mail/abersnuik # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- COMMENT= shell script system exit codes library # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- pkg/DESCR: libsysexits provides a shell script compatible reformatted version of the established C system exits header file: /usr/src/include/sysexits.h # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Comments/improvements/OK? Cheers, Craig. libsysexits.tar.gz Description: application/tar-gz
[NEW] mail/abersnuik
Hi folks, Attached here is a new port of Abersnuik: # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- COMMENT= spamd blacklists via multi-protocol, retries + random delays # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ cat pkg/DESCR Compliments spamd-setup by downloading resources, with up to 12 attempts, each after a random delay of up to 5 minutes. If unsuccessful, cached data from a previous run is reused. Protocols supported: http, ftp, scp, sftp, rsync. Downloading tool settable; ftp, lynx, curl, rsync, [other]... Proxies usable, caching reduces everyone's bandwidth/time/expenses. Many hosts polling the remote servers at the same time (root's default cron job) can result in the "zero minute rush" issue, often resulting in "Illegal seek" or "Broken pipe" errors. See: http://thread.gmane.org/gmane.os.openbsd.misc/196071 http://openbsd.7691.n7.nabble.com/spamd-setup-in-crontab-td80311.html This tool sorts out those niggles. # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Index: user.list === RCS file: /cvs/ports/infrastructure/db/user.list,v retrieving revision 1.223 diff -u -p -r1.223 user.list --- user.list 28 Jan 2014 16:30:03 - 1.223 +++ user.list 1 Feb 2014 18:33:37 - @@ -239,3 +239,4 @@ id usergroup port options 728 _sockd _sockd security/dante 729 _greyscanner _greyscannermail/greyscanner 730 _kdm _kdmx11/kde4/workspace +731 _abersnuik _abersnuik mail/abersnuik # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This port has a dependency of sysutils/libsysexits - which I'll post separately. Comments/improvements/OK? Cheers, Craig. abersnuik.tar.gz Description: application/tar-gz
Re: UPDATE: net/cvsync - home directory
What to do here? On 2014-01-29 Wed 14:03 PM |, Craig R. Skinner wrote: > On 2014-01-28 Tue 12:21 PM |, Stuart Henderson wrote: > > > > > > I don't really have an opinion on this change but if this goes in it > > > would be nice to add a small @comment to explain why we use /var/empty > > > > I think this might need some more thought. /var/empty is meant to be > > special for chroot purposes and I don't think it should be a "standard" > > homedir location. In particular random junk must not be written there > > which some applications are prone to do in $HOME. > > > > I know there are a bunch of other ports in the tree that currently use > > /var/empty in this way (some if not most of these only have it from > > copy-and-pasting an @newuser line from another port). If anything, > > perhaps *those* ports should change to using /nonexistent instead? > > (It can't be done blindly though, some might fail if the directory > > doesn't exist). > > > > Yes, I just copied other ports without realising the significance of > /var/empty > > cvsync hasn't (so far) written anything to /var/empty, most likely > because it can't: > $ fgrep user /etc/rc.d/cvsyncd > daemon_user="_cvsyncd" > > $ ls -ld /var/empty > drwxr-xr-x 3 root wheel 512 Jul 30 2013 /var/empty > > Otherwise, would /tmp do in this case? > -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: UPDATE: net/cvsync - home directory
On 2014-01-28 Tue 12:21 PM |, Stuart Henderson wrote: > > > > I don't really have an opinion on this change but if this goes in it would > > be nice to add a small @comment to explain why we use /var/empty > > I think this might need some more thought. /var/empty is meant to be > special for chroot purposes and I don't think it should be a "standard" > homedir location. In particular random junk must not be written there > which some applications are prone to do in $HOME. > > I know there are a bunch of other ports in the tree that currently use > /var/empty in this way (some if not most of these only have it from > copy-and-pasting an @newuser line from another port). If anything, > perhaps *those* ports should change to using /nonexistent instead? > (It can't be done blindly though, some might fail if the directory > doesn't exist). > Yes, I just copied other ports without realising the significance of /var/empty cvsync hasn't (so far) written anything to /var/empty, most likely because it can't: $ fgrep user /etc/rc.d/cvsyncd daemon_user="_cvsyncd" $ ls -ld /var/empty drwxr-xr-x 3 root wheel 512 Jul 30 2013 /var/empty Otherwise, would /tmp do in this case?
UPDATE: net/cvsync - home directory
Change $HOME from /nonexistent to /var/empty due to start up complaints: $ sudo /etc/rc.d/cvsyncd -d start doing rc_read_runfile doing rc_check cvsyncd doing rc_pre doing rc_start No home directory /nonexistant! Logging in with home = "/". doing rc_write_runfile (ok) $ userinfo _cvsyncd | grep ^dir dir /var/empty $ sudo /etc/rc.d/cvsyncd -d start doing rc_read_runfile doing rc_check cvsyncd doing rc_pre doing rc_start doing rc_write_runfile (ok) Index: Makefile === RCS file: /cvs/ports/net/cvsync/Makefile,v retrieving revision 1.47 diff -u -p -r1.47 Makefile --- Makefile29 Aug 2013 14:28:13 - 1.47 +++ Makefile28 Jan 2014 11:35:37 - @@ -3,7 +3,7 @@ COMMENT= CVS repository synchronization utility DISTNAME= cvsync-0.24.19 -REVISION= 2 +REVISION= 3 CATEGORIES=net HOMEPAGE= http://www.cvsync.org/ Index: pkg/PLIST === RCS file: /cvs/ports/net/cvsync/pkg/PLIST,v retrieving revision 1.8 diff -u -p -r1.8 PLIST --- pkg/PLIST 29 Aug 2013 14:28:14 - 1.8 +++ pkg/PLIST 28 Jan 2014 11:35:37 - @@ -1,6 +1,6 @@ @comment $OpenBSD: PLIST,v 1.8 2013/08/29 14:28:14 naddy Exp $ @newgroup _cvsyncd:697 -@newuser _cvsyncd:697:_cvsyncd:daemon:cvsync service:/nonexistent:/sbin/nologin +@newuser _cvsyncd:697:_cvsyncd:daemon:cvsync service:/var/empty:/sbin/nologin @bin bin/cvscan @bin bin/cvsup2cvsync @bin bin/cvsync Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: Update: mail/greyscanner to version 2.00
On 2014-01-08 Wed 16:04 PM |, Jan Stary wrote: > > This is what I'm talking about: > there is an MX and A for 'gmail.com', > plus this host resolves there and back, > (and apparently is an outgoing smtp of google.com). > Yet greyscanner blacklists it, with 'no MX or A for gmail.com'. > > > 110.175.80.66:gmail.com > > PTR: 110-175-80-66.static.tpgi.com.au. > > This is a spammer alright, but still, > there _is_ an MX and A for 'gmail.com', > which is all that greyscanner checks for. > > Somehow those DNS lookups must be failing, Yes. This diff is not a final solution, but enables users to see syslog warnings of what would be trapped if DNS checks were fully enabled: https://bitbucket.org/bonetruck/greyscanner/pull-request/4/disable-dns-checks-by-default-enable-warn/diff > but so far I haven't found time to look into Net::DNS > Cheers, -- Craig Skinner | http://www.bbc.co.uk/programmes/b03mtrg9/clips
Re: Update: mail/greyscanner to version 2.00
On 2014-01-07 Tue 13:56 PM |, Jan Stary wrote:
>
> If DNS_SOCK_MAX is defined in the config,
> greyscanner checks that the domain part of every sender
> has an A and an MX record, and blacklists everything else.
> That itself is surely a good thing, but:
>
> (1) the check performed is actually
>
> if ( $q[0]->qtype eq 'A' || $q[0]->qtype eq 'MX' )
>
> i.e. a sender gets a pass if there was an A _or_ and MX for it
>
> (2) I am getting a lot of false negatives, such as
>
> Jan 3 11:43:11 www greyscanner[5816]: Trapped 82.113.55.75: Mailed from
> sender xnet.cz with no MX or A
>
> This is a valid sender, and xnet.cz has both MX and A.
> Quite a few of my valid senders got blacklisted like this.
>
Maybe not directly relevant, but this IP seems to have an
invalid DNS PTR record ('/' is not a legal character):
$ dig -x 82.113.55.75 +short
75.64/26.55.113.82.in-addr.arpa.
smtp-out.xnet.cz.
>
> Jan 6 01:15:53 www greyscanner[10017]: Trapped 115.67.162.38: Mailed from
> sender google.com with no MX or A
>
> Needless to say, there is an MX and an A for google.com.
>
> The fact that 115.67.162.38 itself does not have an A
> and is not actually google's outgoing SMTP server does
> not come into it: this is not checked in greyscanner.
>
Not directly relevant, but like you said,
that's probably not a valid google outgoing host:
$ dig -x 115.67.162.38 +short
$ whois 115.67.162.38
[:snip: not google]
person: NSP CORE IP
address:Total Access Communication PLC
address:319 Chamchuri Square Building
address:40 Floor,
address:Phayathai Road, Pathumwan,
address:Bangkok Thailand 10330
country:TH
person: NSP CORE IP
address:Total Access Communication PLC
address:319 Chamchuri Square Building
address:40 Floor,
address:Phayathai Road, Pathumwan,
address:Bangkok Thailand 10330
country:TH
Here's a sample of greyscanner trapped no MX lines from my logs
(most of it looks spamish, others not so.):
for line in $(fgrep greyscanner /var/log/maillog | awk '/ MX / { print $7$11
}'); do print -n "$line\nPTR: "; dig -x $(print $line | cut -d: -f1) +short;
print; done
173.85.227.74:jaytronautomation.com
PTR:
37.6.249.99:hol.gr
PTR: adsl-99.37.6.249.tellas.gr.
50.193.227.41:gmail.com
PTR: 50-193-227-41-static.hfc.comcastbusiness.net.
209.85.220.50:gmail.com
PTR: mail-pa0-f50.google.com.
209.85.220.44:gmail.com
PTR: mail-pa0-f44.google.com.
110.175.80.66:gmail.com
PTR: 110-175-80-66.static.tpgi.com.au.
204.68.32.6:gmail.com
PTR: tmcip6.tmcaz.com.
209.85.192.169:gmail.com
PTR: mail-pd0-f169.google.com.
86.13.0.228:betrix.co.uk
PTR: cpc14-ward9-2-0-cust227.10-2.cable.virginm.net.
72.27.229.180:yahoo.com
PTR: host-72-27-229-180.ccvn.com.
118.136.168.2:yahoo.com
PTR: fm-dyn-118-136-168-2.fast.net.id.
110.175.80.66:yahoo.com
PTR: 110-175-80-66.static.tpgi.com.au.
204.68.32.6:yahoo.com
PTR: tmcip6.tmcaz.com.
220.135.175.84:yahoo.com
PTR: 220-135-175-84.HINET-IP.hinet.net.
92.234.53.187:yahoo.com
PTR: cpc65447-grth8-2-0-cust442.16-4.cable.virginmedia.com.
173.12.79.250:yahoo.com
PTR: 173-12-79-250-miami.hfc.comcastbusiness.net.
172.56.27.86:yahoo.com
PTR:
190.147.176.31:cable.net.co
PTR: Static-IP-cr19014717631.cable.net.co.
195.137.219.217:zadzarip.my-addr.com
PTR: zadzarip.my-addr.com.
194.247.60.73:evilstone.com
PTR: 073ip.my-addr.com.
212.22.72.199:evilstone.com
PTR: arrqdzpi.my-addr.com.
24.148.237.105:mindspring.com
PTR: user-0c99rb9.cable.mindspring.com.
186.43.89.67:edatel.net.co
PTR: adsl-186-43-89-67.edatel.net.co.
201.233.68.3:epm.net.co
PTR: cable201-233-68-3.epm.net.co.
97.68.220.138:biz.bhn.net
PTR: 97-68-220-138.biz.bhn.net.
97.68.220.138:biz.bhn.net
PTR: 97-68-220-138.biz.bhn.net.
78.83.132.25:portalvedra.com
PTR: home-78-83-132-25.optinet.bg.
88.249.199.49:ttnet.com.tr
PTR: 88.249.199.49.dynamic.ttnet.com.tr.
78.83.132.25:portalvedra.com
PTR: home-78-83-132-25.optinet.bg.
46.109.196.26:dsldevice.lan
PTR:
46.109.196.26:dsldevice.lan
PTR:
94.111.78.41:speedtouch.lan
PTR: cust-41-78-111-94.dyn.as47377.net.
46.41.213.217:betsfreebets.com
PTR:
94.111.78.41:speedtouch.lan
PTR: cust-41-78-111-94.dyn.as47377.net.
46.41.213.217:betsfreebets.com
PTR:
202.29.54.58:menbl.com
PTR:
Cheers,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: Update: mail/greyscanner to version 2.00
On 2013-12-29 Sun 19:18 PM |, Jan Stary wrote: > Works well for me. > Me too, -- Craig Skinner | http://www.bbc.co.uk/programmes/b03mtrg9/clips
Re: Update greyscanner to 1.02
OK?
On 2013-11-27 Wed 16:00 PM |, Craig R. Skinner wrote:
> On 2013-11-23 Sat 11:28 AM |, Craig R. Skinner wrote:
> > - Forwarded message from Jim Razmus -
> >
> > I'm rolling an update for greyscanner and just tagged version 1.02.
> > Would you mind mirroring the new disfile? Here's the URL:
> >
>
> Here's an un-mirrored diff that pulls directly from BitBucket:
>
> Please test as BitBucket (like Github) adds its own version numbering.
>
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/mail/greyscanner/Makefile,v
> retrieving revision 1.8
> diff -u -r1.8 Makefile
> --- Makefile 11 Oct 2013 23:49:56 - 1.8
> +++ Makefile 27 Nov 2013 15:58:23 -
> @@ -2,23 +2,29 @@
>
> COMMENT =greytrapping daemon to compliment OpenBSD spamd
>
> -DISTNAME = greyscanner-1.01
> -REVISION = 1
> +DISTNAME = greyscanner
> +PKGNAME =${DISTNAME}-1.02
> +BB_VER = 30977fa778c3
> +BB_USR = bonetruck
> +
> CATEGORIES = mail
> -HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/
> +
> +HOMEPAGE = https://bitbucket.org/${BB_USR}/${DISTNAME}
>
> MAINTAINER = Jim Razmus II
>
> # BSD
> PERMIT_PACKAGE_CDROM = Yes
>
> -#MASTER_SITES = https://bitbucket.org/bonetruck/greyscanner/get/
> -MASTER_SITES = http://spacehopper.org/mirrors/
> +MASTER_SITES = ${HOMEPAGE}/get/
> +
> +DISTFILES = ${PKGNAME}${EXTRACT_SUFX}
> +
>
> RUN_DEPENDS =mail/p5-Email-Valid \
> net/p5-Net-DNS
>
> -WRKDIST =${WRKDIR}/greyscanner
> +WRKDIST =${WRKDIR}/${BB_USR}-${DISTNAME}-${BB_VER}
>
> NO_BUILD = Yes
> NO_TEST =Yes
> Index: distinfo
> ===
> RCS file: /cvs/ports/mail/greyscanner/distinfo,v
> retrieving revision 1.1.1.1
> diff -u -r1.1.1.1 distinfo
> --- distinfo 11 Jun 2009 22:27:29 - 1.1.1.1
> +++ distinfo 27 Nov 2013 15:58:23 -
> @@ -1,5 +1,2 @@
> -MD5 (greyscanner-1.01.tar.gz) = Wl9/U5LZ1G8dMK7uPQonHw==
> -RMD160 (greyscanner-1.01.tar.gz) = 7dEGEdENPb4XvxKy94L3YanYUGk=
> -SHA1 (greyscanner-1.01.tar.gz) = UDsamjm4fKxyF/bOvmiyjqLquM4=
> -SHA256 (greyscanner-1.01.tar.gz) =
> sR8TI8ORWLTcvIKVwZBA2pCmdnjC5nbYkfEiwDBbUJs=
> -SIZE (greyscanner-1.01.tar.gz) = 6831
> +SHA256 (greyscanner-1.02.tar.gz) =
> 81e4c535e52cca28ec3776414a3eb1114f9d8e5f153736785baeae23bcc88256
> +SIZE (greyscanner-1.02.tar.gz) = 6903
>
>
> Cheers,
> --
> Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
>
Re: Update greyscanner to 1.02
On 2013-11-23 Sat 11:28 AM |, Craig R. Skinner wrote:
> - Forwarded message from Jim Razmus -
>
> I'm rolling an update for greyscanner and just tagged version 1.02.
> Would you mind mirroring the new disfile? Here's the URL:
>
Here's an un-mirrored diff that pulls directly from BitBucket:
Please test as BitBucket (like Github) adds its own version numbering.
Index: Makefile
===
RCS file: /cvs/ports/mail/greyscanner/Makefile,v
retrieving revision 1.8
diff -u -r1.8 Makefile
--- Makefile11 Oct 2013 23:49:56 - 1.8
+++ Makefile27 Nov 2013 15:58:23 -
@@ -2,23 +2,29 @@
COMMENT = greytrapping daemon to compliment OpenBSD spamd
-DISTNAME = greyscanner-1.01
-REVISION = 1
+DISTNAME = greyscanner
+PKGNAME = ${DISTNAME}-1.02
+BB_VER = 30977fa778c3
+BB_USR = bonetruck
+
CATEGORIES = mail
-HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/
+
+HOMEPAGE = https://bitbucket.org/${BB_USR}/${DISTNAME}
MAINTAINER = Jim Razmus II
# BSD
PERMIT_PACKAGE_CDROM = Yes
-#MASTER_SITES =https://bitbucket.org/bonetruck/greyscanner/get/
-MASTER_SITES = http://spacehopper.org/mirrors/
+MASTER_SITES = ${HOMEPAGE}/get/
+
+DISTFILES =${PKGNAME}${EXTRACT_SUFX}
+
RUN_DEPENDS = mail/p5-Email-Valid \
net/p5-Net-DNS
-WRKDIST = ${WRKDIR}/greyscanner
+WRKDIST = ${WRKDIR}/${BB_USR}-${DISTNAME}-${BB_VER}
NO_BUILD = Yes
NO_TEST = Yes
Index: distinfo
===
RCS file: /cvs/ports/mail/greyscanner/distinfo,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 distinfo
--- distinfo11 Jun 2009 22:27:29 - 1.1.1.1
+++ distinfo27 Nov 2013 15:58:23 -
@@ -1,5 +1,2 @@
-MD5 (greyscanner-1.01.tar.gz) = Wl9/U5LZ1G8dMK7uPQonHw==
-RMD160 (greyscanner-1.01.tar.gz) = 7dEGEdENPb4XvxKy94L3YanYUGk=
-SHA1 (greyscanner-1.01.tar.gz) = UDsamjm4fKxyF/bOvmiyjqLquM4=
-SHA256 (greyscanner-1.01.tar.gz) = sR8TI8ORWLTcvIKVwZBA2pCmdnjC5nbYkfEiwDBbUJs=
-SIZE (greyscanner-1.01.tar.gz) = 6831
+SHA256 (greyscanner-1.02.tar.gz) =
81e4c535e52cca28ec3776414a3eb1114f9d8e5f153736785baeae23bcc88256
+SIZE (greyscanner-1.02.tar.gz) = 6903
Cheers,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
[j...@bonetruck.org: Update greyscanner to 1.02]
- Forwarded message from Jim Razmus -
Date: Sun, 17 Nov 2013 09:15:57 -0600
From: Jim Razmus
To: st...@openbsd.org
Cc: "Craig R. Skinner"
Subject: Update greyscanner to 1.02
User-Agent: Mutt/1.5.21 (2010-09-15)
Hello sthen,
I'm rolling an update for greyscanner and just tagged version 1.02.
Would you mind mirroring the new distfile? Here's the URL:
https://bitbucket.org/bonetruck/greyscanner/downloads/greyscanner-1.02.tgz
Would you also mind taking a look at the attached port patch and giving
me an OK to commit it? I'm happy to swap the master_site back to your
mirror after it's updated.
Best regards,
jim@
Index: Makefile
===
RCS file: /cvs/ports/mail/greyscanner/Makefile,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile
--- Makefile11 Oct 2013 23:49:56 - 1.8
+++ Makefile17 Nov 2013 15:10:50 -
@@ -1,9 +1,8 @@
# $OpenBSD: Makefile,v 1.8 2013/10/11 23:49:56 naddy Exp $
-COMMENT = greytrapping daemon to compliment OpenBSD spamd
+COMMENT = greytrapping daemon to complement OpenBSD spamd
-DISTNAME = greyscanner-1.01
-REVISION = 1
+DISTNAME = greyscanner-1.02
CATEGORIES = mail
HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/
@@ -12,13 +11,11 @@ MAINTAINER =Jim Razmus II https://bitbucket.org/bonetruck/greyscanner/get/
-MASTER_SITES = http://spacehopper.org/mirrors/
+MASTER_SITES = https://bitbucket.org/bonetruck/greyscanner/downloads/
+#MASTER_SITES =http://spacehopper.org/mirrors/
RUN_DEPENDS = mail/p5-Email-Valid \
net/p5-Net-DNS
-
-WRKDIST = ${WRKDIR}/greyscanner
NO_BUILD = Yes
NO_TEST = Yes
Index: distinfo
===
RCS file: /cvs/ports/mail/greyscanner/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo11 Jun 2009 22:27:29 - 1.1.1.1
+++ distinfo17 Nov 2013 15:10:50 -
@@ -1,5 +1,2 @@
-MD5 (greyscanner-1.01.tar.gz) = Wl9/U5LZ1G8dMK7uPQonHw==
-RMD160 (greyscanner-1.01.tar.gz) = 7dEGEdENPb4XvxKy94L3YanYUGk=
-SHA1 (greyscanner-1.01.tar.gz) = UDsamjm4fKxyF/bOvmiyjqLquM4=
-SHA256 (greyscanner-1.01.tar.gz) = sR8TI8ORWLTcvIKVwZBA2pCmdnjC5nbYkfEiwDBbUJs=
-SIZE (greyscanner-1.01.tar.gz) = 6831
+SHA256 (greyscanner-1.02.tar.gz) = +VUp/IRTWFVqVpZ9s4tYyy+zmo3XYixD1m6iYSKVSwg=
+SIZE (greyscanner-1.02.tar.gz) = 6919
- End forwarded message -
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: greyscanner mod on bitbucket
ping On 2013-10-31 Thu 14:45 PM |, Craig R. Skinner wrote: > Minor upstream change merged on 23/10 > > Bitbucket's "/get/" link isn't working & the master site is on > spacehopper's mirror, so this diff may not be sufficent by itself. > > Index: Makefile > === > RCS file: /cvs/ports/mail/greyscanner/Makefile,v > retrieving revision 1.8 > diff -u -r1.8 Makefile > --- Makefile 11 Oct 2013 23:49:56 - 1.8 > +++ Makefile 31 Oct 2013 14:28:14 - > @@ -2,8 +2,7 @@ > > COMMENT =greytrapping daemon to compliment OpenBSD spamd > > -DISTNAME = greyscanner-1.01 > -REVISION = 1 > +DISTNAME = greyscanner-1.02 > CATEGORIES = mail > HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/ > > > > On 2013-10-07 Mon 13:06 PM |, Craig R. Skinner wrote: > > Has Jim moved address/on holiday/other? > > > > On 2013-09-28 Sat 10:40 AM |, wrote: > > > ping > > > > > > On 2013-09-21 Sat 12:47 PM |, wrote: > > > > Jim, > > > > > > > > There's a minor mod of greyscanner on bitbucket. > > > > > > > > I'm totally new to bitbucket, mercurial & git, so don't know if you've > > > > visability/aware of it: > > > > > > > > https://bitbucket.org/bonetruck/greyscanner/pull-requests > > > > > > > > Is this the correct method to submit mods for review? > > > > > > > > Cheers, > > > > -- > > > > Craig Skinner | http://twitter.com/Craig_Skinner | > > > > http://linkd.in/yGqkv7 > > >
Re: greyscanner mod on bitbucket
Minor upstream change merged on 23/10 Bitbucket's "/get/" link isn't working & the master site is on spacehopper's mirror, so this diff may not be sufficent by itself. Index: Makefile === RCS file: /cvs/ports/mail/greyscanner/Makefile,v retrieving revision 1.8 diff -u -r1.8 Makefile --- Makefile11 Oct 2013 23:49:56 - 1.8 +++ Makefile31 Oct 2013 14:28:14 - @@ -2,8 +2,7 @@ COMMENT = greytrapping daemon to compliment OpenBSD spamd -DISTNAME = greyscanner-1.01 -REVISION = 1 +DISTNAME = greyscanner-1.02 CATEGORIES = mail HOMEPAGE = https://bitbucket.org/bonetruck/greyscanner/ On 2013-10-07 Mon 13:06 PM |, Craig R. Skinner wrote: > Has Jim moved address/on holiday/other? > > On 2013-09-28 Sat 10:40 AM |, wrote: > > ping > > > > On 2013-09-21 Sat 12:47 PM |, wrote: > > > Jim, > > > > > > There's a minor mod of greyscanner on bitbucket. > > > > > > I'm totally new to bitbucket, mercurial & git, so don't know if you've > > > visability/aware of it: > > > > > > https://bitbucket.org/bonetruck/greyscanner/pull-requests > > > > > > Is this the correct method to submit mods for review? > > > > > > Cheers, > > > -- > > > Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7 >
Re: greyscanner mod on bitbucket
Has Jim moved address/on holiday/other? On 2013-09-28 Sat 10:40 AM |, wrote: > ping > > On 2013-09-21 Sat 12:47 PM |, wrote: > > Jim, > > > > There's a minor mod of greyscanner on bitbucket. > > > > I'm totally new to bitbucket, mercurial & git, so don't know if you've > > visability/aware of it: > > > > https://bitbucket.org/bonetruck/greyscanner/pull-requests > > > > Is this the correct method to submit mods for review? > > > > Cheers, > > -- > > Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: PostgreSQL "samenet" in pg_hba.conf
No? On 2013-10-02 Wed 18:06 PM |, Craig R. Skinner wrote: > Does the ADDRESS keyword "samenet" work in OpenBSD's PostgreSQL pg_hba.conf? > > Manually specifying an address block works, as does a DNS hostname & > domain name. > > $ pkg_info -I postgresql-server > postgresql-server-9.2.3 PostgreSQL RDBMS (server) > > $ uname -a > OpenBSD oak.britvault.co.uk 5.3 GENERIC#50 i386 > > > This page mentions an interface testing tool "test_ifaddrs": > https://www.virtualnetwork.net/about/opensource/package/postgres > > http://doxygen.postgresql.org/test__ifaddrs_8c_source.html > > Not found: > find /usr/local -type f -name test_ifaddrs > > Thoughts? > -- > Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7 >
Re: [th...@debian.org: [oss-security] CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8]
On 2013-09-13 Fri 12:42 PM |, Stuart Henderson wrote: > > I don't use it, but if security fixes aren't handled reasonably quickly, there > isn't much point in having webapps in ports. > "webapps", ugh. A trendy contradiction in terms. Woe betide the day when computers have only port 80, and EVERYTHING is rammed down it's throat. Puke. -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: NEW: mail/spamd-setup-downloader
On 2013-08-28 Wed 16:50 PM |, Landry Breuil wrote: > A PLIST is a static list of installed files, not something > generated on the fly. > Surely "make plist" makes PLISTs on the fly too. I doubt the package cares if its PLIST is hand written or generated by some mechanisim, just as long as it is correct. Anyway, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: NEW: mail/spamd-setup-downloader
On 2013-08-28 Wed 11:56 AM |, Stuart Henderson wrote:
>
> "make plist" and tweak the results as needed like other ports do.
> a port shouldn't be touching files in the ports tree itself during
> build, and in this case it won't even work (you keep appending to
> the file each time it's run).
>
The pre-install macro deletes PLIST*, so it works very well.
>
> From a quick look at the script (I'm only using spamd as a classic
> tarpit on a low priority MX rather than anything else so I'm not
> interesting in using it myself..) there are various uses of
> fixed/predictable names for tempfiles in shared directories,
> which is unsafe. It's a well known problem so there's plenty of
> advice e.g.
>
> https://www.securecoding.cert.org/confluence/display/seccode/FIO43-C.+Do+not+create+temporary+files+in+shared+directories
>
> (note, predictable names includes using $$, use mktemp with a decent
> number of X's, say 10+, instead)
>
It's part of the deliberate design concept to use predictable names as
the tool caches blacklists. If during the next run there are temporary
networking errors, the currently running instance can reuse previously
cached data. This is also essential to rsync large blacklists, as wiping
out cached files defeats the purpose of the protocol. As the blacklists
are (mostly) publicly available, I thought /var/tmp was sufficient.
As per the README, the cache is settable, and there are 2 examples (for
local distribution amongst a cluster of mail servers, via [s]ftp, scp,
whatever);-
/var/spool/ftp/pub/OpenBSD/spamd-cache/
/var/spool/ftp/pub/spamd/
The locks also need to have predictable names as each time spamd-setup
is run by cron, it exec's a new instance for each blacklist. There is no
persistent process to use any IPC.
After reading the CERT URL, I realise an attacker might be able to alter
the blacklists OK. I could default to using /var/[spool/]${DISTNAME}
for everything, and also check for stale files internally, rather than
rely on daily(8).
Quick question;- should tools log in /var/log, or their own sub dir
(e.g. apache, squid)? I chose to append failed $(mktemp) logs to
/var/tmp/${DISTNAME}.log as any transient networking errors are
inconsequential after a couple of days, by which time daily(8) will have
deleted the log. A newsyslog(8) entry seemed OTT for a seldom used log.
> ... retrieved=$(print ${url} | sed 's/[`??!"$%^&*()+=:;@~#\|?/<>,]/_/g')
>
> Keep known-good characters, rather than try and strip out bad
> characters. A hash of the URL might be more appropriate.
>
OK. I done it that way to make the cache human readable for any manual
administration:
$ ls /var/tmp/spamd-setup-downloader
psbl-mirror.surriel.com__psbl_psbl.txt
rsync-mirrors.uceprotect.net__RBLDNSD-ALL_dnsbl-1.uceprotect.net
www.bsdly.net__peter_bsdly.net.traplist
www.bsdly.net__peter_bsdly.net.traplist~
www.openbsd.org_spamd_nixspam
www.openbsd.org_spamd_nixspam.gz
www.openbsd.org_spamd_nixspam.gz~
www.openbsd.org_spamd_traplist
www.openbsd.org_spamd_traplist.gz
www.openbsd.org_spamd_traplist.gz~
Right then, several alterations to implement
Thanks for the help,
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: NEW: mail/spamd-setup-downloader
On 2013-08-28 Wed 08:44 AM |, Stuart Henderson wrote:
>
> - don't distribute source files in ports
> - your local rcs history is pointless to include in the port
I done this because I thought it was OK to include small files:
ports(7)
MASTER_SITES Primary sites for distribution files if not found
locally.
bsd.port.mk(5)
FILESDIR Location of other files related to the current ports.
SCRIPTDIR Old location for scripts related to the current port.
... use FILESDIR
I also want to give the code away and make it easy for others to improve.
> - don't use NO_CHECKSUM
+ fixed. My mistake as I thought it wasn't needed if not checksumming
downloaded files.
> - too many PERMIT_* lines
+ fixed, new comment seen in Makefile.template
> - don't have a MESSAGE just pointing people at the readme, pkg_add
+ fixed
> already points people at the readme
> - this is, err, not normal:
>
> @echo '@mode ${SHAREMODE}\n@group ${SHAREGRP}' >> ${PLIST}
> @echo 'share/doc/pkg-readmes/${FULLPKGNAME}' | tee -a ${PLIST}
> @${SUBST_CMD} -c -g ${BINGRP} -o ${BINOWN} \
> ${FILESDIR}/${INST_DIR}/${DISTNAME} \
> ${PREFIX}/${INST_DIR}/${DISTNAME}
> @echo '@mode ${BINMODE}\n@owner ${BINOWN}\n@group ${BINGRP}' | tee -a
> ${PLIST}
> @echo "${INST_DIR}/${DISTNAME}" | tee -a ${PLIST}
>
PLIST generation.
> - script itself has security issues
>
Thanks for the feedback Stuart.
Pointers about security appreciated.
Re: NEW: mail/spamd-setup-downloader
ping On 2013-08-23 Fri 18:09 PM |, Craig R. Skinner wrote: > > blacklists via multi-protocol + retries and random delay(s) > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > Description: > Compliments spamd-setup by downloading resources, with up to 12 attempts, > each after a random delay of up to 5 minutes. > > If unsuccessful, cached data from a previous run is reused. > > Protocols supported: http, ftp, scp, sftp, rsync. > > Downloading tool settable; ftp, lynx, curl, rsync, [other]... > > Proxies usable, caching reduces everyone's bandwidth/time/expenses. > > Many hosts polling the remote servers at the same time (root's default > cron job) can result in the "zero minute rush" issue, often resulting in > "Illegal seek" or "Broken pipe" errors. > > See: > http://thread.gmane.org/gmane.os.openbsd.misc/196071 > http://openbsd.7691.n7.nabble.com/spamd-setup-in-crontab-td80311.html > > This tool sorts out those niggles. > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > This port has a dependency of sysutils/libsysexits - which I'll post > separately. > > I've included all revisions and the RCS files for the CVS tree, so other > developers can see what's been tried up 'til now. > > Thoughts? > -- > Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7 spamd-setup-downloader.tgz Description: application/tar-gz
NEW: sysutils/libsysexits
A dependency of the newly submitted port spamd-setup-downloader
(and other things I've written)
Comment:
system exit codes shell script library
Description:
A simple shell script file of system exit codes,
which can be sourced and used like a library.
This package reformats the established C system exits header file:
/usr/src/include/sysexits.h
Example uses include:
# Source the sysexits library:
. /usr/local/lib/sysexits.sh
mkdir ${lock} 2>/dev/null || exit ${EX_TEMPFAIL}
/etc/rc.d/dhcpd check || alert ${EX_UNAVAILABLE} "dhcpd isn't running"
cd ${cache} || finish ${EX_IOERR} "Can't cd into ${cache}"
Comments?
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
libsysexits.tgz
Description: application/tar-gz
NEW: mail/spamd-setup-downloader
blacklists via multi-protocol + retries and random delay(s) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Description: Compliments spamd-setup by downloading resources, with up to 12 attempts, each after a random delay of up to 5 minutes. If unsuccessful, cached data from a previous run is reused. Protocols supported: http, ftp, scp, sftp, rsync. Downloading tool settable; ftp, lynx, curl, rsync, [other]... Proxies usable, caching reduces everyone's bandwidth/time/expenses. Many hosts polling the remote servers at the same time (root's default cron job) can result in the "zero minute rush" issue, often resulting in "Illegal seek" or "Broken pipe" errors. See: http://thread.gmane.org/gmane.os.openbsd.misc/196071 http://openbsd.7691.n7.nabble.com/spamd-setup-in-crontab-td80311.html This tool sorts out those niggles. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This port has a dependency of sysutils/libsysexits - which I'll post separately. I've included all revisions and the RCS files for the CVS tree, so other developers can see what's been tried up 'til now. Thoughts? -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7 spamd-setup-downloader.tgz Description: application/tar-gz
