Over the last few weeks we made some good progress. We fixed quite a
few subtle bugs that were causing some strange behavior in acpi. In
fact I am virtually out of bug reports at this time so it is time for
you to do some more testing!
Please update to -current and apply this diff:
Index: GENERI
On Tue, Feb 20, 2007 at 09:59:49PM -0500, Nick Holland wrote:
> First of all, regarding your dmesg: that's a feature, not a bug. The
> system attempts to store multiple dmesgs in RAM and keep them after a
> reboot. This can be very handy at times, but disconcerting to those
> not expecting it. T
On Tuesday 20 February 2007 21:04, Cory Albrecht wrote:
> Hello all,
>
> Yes, it's me again with more problems. :-)
>
> I'm trying to get my OpenBSD firewall to authenticate normal user
> accounts off of an LDAP server running on a different machine.
>
> I installed ports/sysutils/login_ldap and mo
Hello all,
Yes, it's me again with more problems. :-)
I'm trying to get my OpenBSD firewall to authenticate normal user
accounts off of an LDAP server running on a different machine.
I installed ports/sysutils/login_ldap and modified /etc/login.conf based
on the examples from /usr/local/shar
Paul Irofti wrote:
> On Tue, Feb 20, 2007 at 11:00:07PM +0200, Paul Irofti wrote:
>> Strange, the dmesg I submitted (and the one dmesg shows:) both point to
>> my configuration before the snapshot update. But the login informs me
>> that I'm running ``OpenBSD 4.1-beta (GENERIC) #847'' and uname say
Turn off inetd to close 13,37,133.
Configure sendmail not to listen on ports 25 and 587,
That leaves 22(ssh) and 53(domain).
On 2/20/07, Bray Mailloux <[EMAIL PROTECTED]> wrote:
I ran an nmap -sS localhost which output
port state service
13/tcp open daytime
22/tcp
J.C. Roberts wrote:
> FAQ 4.9
> http://www.openbsd.org/faq/faq4.html#SendDmesg
> "NOTE - Please send only GENERIC kernel dmesgs. Custom kernels that have
> device drivers removed are not helpful."
>
> On systems where one can run GENERIC or GENERIC.MP do developers prefer
> if we send in a separ
Bray Mailloux wrote:
> I ran an nmap -sS localhost which output
>
> port state service
> 13/tcp open daytime
> 22/tcp open ssh
> 25/tcp open smtp
> 37/tcp open time
> 53/tcp open domain
> 113/tcpopen auth
> 587/tcpopen
I ran an nmap -sS localhost which output
port state service
13/tcp open daytime
22/tcp open ssh
25/tcp open smtp
37/tcp open time
53/tcp open domain
113/tcpopen auth
587/tcpopen submission
This BSD box will be
Ok thanks. AMD64 have now been installed using a Flash disk.
2007/2/20, Stuart Henderson <[EMAIL PROTECTED]>:
On 2007/02/20 02:18, Sunnz wrote:
> Ohh, got AMD64 here... so how could I connect to the wireless network
> from boot CD? Is there a way to load the ral driver or something?
You could r
Hey guys,
I've looked at the web front end for the cvs tree and looking in
ports/lang/python/ with the filter of OPENBSD_4_0 and 2.5 seems to be in there.
http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/python/?only_with_tag=OPENBSD_4_0
But when I do a `cvs checkout -rOPENBSD_4_0 ports`
I don'
On 2/20/07, Rui Miguel Silva Seabra <[EMAIL PROTECTED]> wrote:
On Ter, 2007-02-20 at 15:07 -0600, Jacob Yocom-Piatt wrote:
> i have seen a number of spammer outfits doing this: following the RFC
> and retrying until the spam gets though and they're whitelisted, then
> they're free to push crap th
On Ter, 2007-02-20 at 15:07 -0600, Jacob Yocom-Piatt wrote:
> i have seen a number of spammer outfits doing this: following the RFC
> and retrying until the spam gets though and they're whitelisted, then
> they're free to push crap through. any thoughts on how to best combat
> this behavior besides
On 2/20/07, Woodchuck <[EMAIL PROTECTED]> wrote:
On Tue, 20 Feb 2007, Mike Erdely wrote:
> Guido Tschakert wrote:
> > The first and the last entry are both spamd (8), but spamassassin from
> > ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
> > I am looking for)
>
> The
Guido Tschakert <[EMAIL PROTECTED]> wrote:
> Hello,
>
> while reading the discussion about spamd, I decided to learn a little
> bit about it and have a look in the manual, but man spamd yields to the
> manual of "spamd - daemonized version of spamassassin" what is not
> exactly what I was looking
On Tue, 20 Feb 2007, Mike Erdely wrote:
> Guido Tschakert wrote:
> > The first and the last entry are both spamd (8), but spamassassin from
> > ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
> > I am looking for)
>
> The man page for OpenBSD's spamd is not in /usr/local.
Toni Mueller wrote:
Hi,
On Tue, 20.02.2007 at 12:33:17 -0500, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
* Use a non-forking server.
???
I've been hit by guys who simply exhausted the maximum number of
processes I configured with Apache. What limits do you usually have?
I am still very cons
On Tuesday 20 February 2007 15:14, Woodchuck wrote:
> > I don't know if there is an easy solution for this (I don't want to
> > call it a problem), but I think this shouldn't happen.
>
> This is probably a matter for the spamassassin port maintainter.
> Renaming its spamd would not be hard.
>
> Dav
Jason McIntyre wrote:
> On Tue, Feb 20, 2007 at 10:19:31PM +0100, Guido Tschakert wrote:
>> The first and the last entry are both spamd (8), but spamassassin from
>> ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
>> I am looking for)
>>
>> I don't know if there is an easy
Can anyone suggest clues as to a reasonably successful way to handle
receiving an IX /24 over both OSPF and BGP?
If ospfd has to be restarted and bgpd gets to install the /24 before
the new ospfd, the nexthops within that subnet become invalid.
I couldn't think of a way to recover from this short
Running inside VMware ESX2.5.1, kernel from 16FEB, I was just getting
ready to gather info on why the box was crashing with vic(4) enabled,
and this crash happened.
Box is still running, so if there is anything else I should gather
before a reboot, please let me know.
BTW if anyone has a good way
On Tue, 20 Feb 2007, Guido Tschakert wrote:
> Hello,
>
> while reading the discussion about spamd, I decided to learn a little
> bit about it and have a look in the manual, but man spamd yields to the
> manual of "spamd - daemonized version of spamassassin" what is not
> exactly what I was lookin
On 2/20/07, Guido Tschakert <[EMAIL PROTECTED]> wrote:
The first and the last entry are both spamd (8), but spamassassin from
ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
I am looking for)
The base system doesn't install any components under /usr/local/ by default.
Hi,
On Tue, 20.02.2007 at 12:33:17 -0500, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> > * Use a non-forking server.
> ???
I've been hit by guys who simply exhausted the maximum number of
processes I configured with Apache. What limits do you usually have?
This was effectively a DoS against all o
FAQ 4.9
http://www.openbsd.org/faq/faq4.html#SendDmesg
"NOTE - Please send only GENERIC kernel dmesgs. Custom kernels that have
device drivers removed are not helpful."
On systems where one can run GENERIC or GENERIC.MP do developers prefer
if we send in a separate dmesg for each kernel?
If get
Guido Tschakert wrote:
The first and the last entry are both spamd (8), but spamassassin from
ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
I am looking for)
The man page for OpenBSD's spamd is not in /usr/local.
On my system, SpamAssassin's spamd is (1) not (8).
For
On Tue, Feb 20, 2007 at 10:19:31PM +0100, Guido Tschakert wrote:
>
> The first and the last entry are both spamd (8), but spamassassin from
> ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
> I am looking for)
>
> I don't know if there is an easy solution for this (I don'
On Feb 20, 2007, at 1:51 PM, [EMAIL PROTECTED] wrote:
On Tue, 20 Feb 2007 12:57:54 -0800, "Brian Keefer" <[EMAIL PROTECTED]>
said:
Now they've evolved to using botnets and the vast majority of spam
comes from such systems, so the bandwidth costs are gone and the
hosting costs are pretty much li
Hello,
while reading the discussion about spamd, I decided to learn a little
bit about it and have a look in the manual, but man spamd yields to the
manual of "spamd - daemonized version of spamassassin" what is not
exactly what I was looking for. (I installed p5-Mail-SpamAssasin from
ports/packag
All I have to say about this thread ishey Theo nice to see you back, I
needed some comic relief today. Oh and my feelings about being abrasive
towards spammers is fuck 'em, I hate spammers. I wish spamd could shit on
their servers but that's not a settable option. Maybe spamd -P would poop
on t
On Tue, 20 Feb 2007 12:57:54 -0800, "Brian Keefer" <[EMAIL PROTECTED]>
said:
> On Feb 20, 2007, at 12:36 PM, Darren Spruell wrote:
>
> > On 2/20/07, Brian Keefer <[EMAIL PROTECTED]> wrote:
> >> In the case of a greylisting type of solution, it seems that
> >> identification would be especially dev
On Tue, 20 Feb 2007, Peter Fraser wrote:
> Would not a better test be for message-id's of the format
> [EMAIL PROTECTED] ?
Probably not. It is quite possible for a legitimate MUA on a host
to generate message-ids of the [EMAIL PROTECTED] form. Consider a RFC1918 LAN
behind NAT, running from /e
> i have seen a number of spammer outfits doing this: following the RFC
> and retrying until the spam gets though and they're whitelisted, then
> they're free to push crap through. any thoughts on how to best combat
> this behavior besides spamassassin + amavisd (i.e. wasting cpu cycles
> and b
Jacob Yocom-Piatt wrote:
> i have seen a number of spammer outfits doing this: following
> the RFC and retrying until the spam gets though and they're
> whitelisted, then they're free to push crap through. any
> thoughts on how to best combat this behavior besides
> spamassassin + amavisd (i.e. was
Wim Vandeputte wrote:
> this weekend in Brussels at the ULB Solbosh campus there is once
> again the FOSDEM conference. You can found our OpenBSD/OpenSSH
> booth in the hallway at the usual place.
I thought you already founded that booth...
> Matthieu will give a talk on Xenocara in the X.Org de
I run spamd up front with a secondary spam filter behind it. My
secondary filter receives 90% less spam then before I started running
spamd. With that big of a drop I can only say wonderful things about
OpenBSD's spamd. It just plain works. When things start getting back
to pre spamd lev
On Tue, Feb 20, 2007 at 11:00:07PM +0200, Paul Irofti wrote:
> Strange, the dmesg I submitted (and the one dmesg shows:) both point to
> my configuration before the snapshot update. But the login informs me
> that I'm running ``OpenBSD 4.1-beta (GENERIC) #847'' and uname says the
> same:
>
> $ una
I've received a new mobo with a vr(4) NIC. Ever since I installed it I'm
getting very slow transfer speeds (i.e. from 7-8 mb/s to 0.3-0.4 mb/s).
I've googled and stfa and found some complaints on the freebsd mailing
lists but wasn't able to find a solution. Is this a known bug? Should I
just buy an
Theo de Raadt wrote:
If a spammer knows I am running spamd because he can detect it, and
then disconnects, no spam makes it througg -- no spam is delivered.
There is no workaround for the spammer, except to act as a regular
"follow the RFC, and retry", which most of the spammers don't do (and
whi
On Feb 20, 2007, at 12:36 PM, Darren Spruell wrote:
On 2/20/07, Brian Keefer <[EMAIL PROTECTED]> wrote:
In the case of a greylisting type of solution, it seems that
identification would be especially devastating since the work-around
is so trivial. Unless my understanding is very wrong, the wh
Strange, the dmesg I submitted (and the one dmesg shows:) both point to
my configuration before the snapshot update. But the login informs me
that I'm running ``OpenBSD 4.1-beta (GENERIC) #847'' and uname says the
same:
$ uname -rsv
OpenBSD 4.1 GENERIC#847
On Tue, 20 Feb 2007, Theo de Raadt wrote:
> > In the case of a greylisting type of solution, it seems that
> > identification would be especially devastating since the work-around
> > is so trivial. Unless my understanding is very wrong, the whole
> > effectiveness of the solution depends o
On 20-Feb-07, at 1:33 PM, K-Wizzz wrote:
First of all, the system installed without any troubles, X works
just fine with
915resolution installed. However, I have some quirky mouse
behaviour caused by
a aggressively sensitive touchpad: whenever I hit the right edge of
the pad, a
mouse whee
On 2/20/07, Brian Keefer <[EMAIL PROTECTED]> wrote:
In the case of a greylisting type of solution, it seems that
identification would be especially devastating since the work-around
is so trivial. Unless my understanding is very wrong, the whole
effectiveness of the solution depends on the spamm
> I haven't looked at the implementation in OpenBSD extensively, but at
Well, perhaps you should, instead of commenting before you do.
> a basic level there are two portions, the greylist function, and the
> "waste their time" function, yes? I'm talking about bypassing the
> first, not the
On Feb 20, 2007, at 11:54 AM, Theo de Raadt wrote:
In the case of a greylisting type of solution, it seems that
identification would be especially devastating since the work-around
is so trivial. Unless my understanding is very wrong, the whole
effectiveness of the solution depends on the spamm
> I was thinking the exact same thing.
>
> A number of our customers use the ability to customize their SMTP
> banner via our products in order to avoid some very basic system
> identification by spammers (Cisco PIX does this too for instance, but
> in a very broken and disruptive way). It
> In the case of a greylisting type of solution, it seems that
> identification would be especially devastating since the work-around
> is so trivial. Unless my understanding is very wrong, the whole
> effectiveness of the solution depends on the spammers not realizing
> the difference bet
One of my users who is subscribed to yahoo groups, had the subscription
turned off, because a message was being bounded.
The bounce message was
553 5.0.0 Header Error [BODY]
Which is not very informative. After a bit of tracking I found out
that the message was a result of test in the default se
On Feb 20, 2007, at 10:00 AM, Woodchuck wrote:
On Tue, 20 Feb 2007, Peter N. M. Hansteen wrote:
J Moore <[EMAIL PROTECTED]> writes:
Isn't this a bit "over the top"?
Well, people don't read these strings at all unless they're
looking at
spamd source code or doing a "telnet yourhost.tld s
Hello,
Hold on to your favourite mail client! This is going to be a rather
longish post about my success and some issues with OpenBSD 4.0-RELEASE
on a Fujitsu Siemens Amilo Si 1520 laptop.
First of all, the system installed without any troubles, X works just fine with
915resolution installed.
On Tue, 20 Feb 2007, Peter N. M. Hansteen wrote:
> J Moore <[EMAIL PROTECTED]> writes:
>
> > Isn't this a bit "over the top"?
>
> Well, people don't read these strings at all unless they're looking at
> spamd source code or doing a "telnet yourhost.tld smtp" for debugging
> purposes. The messag
On 2/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> Greetings,
>
> Does it make any difference if I group my rules like this .
> ## logs smtp sessions
> pass in log on $ext_if proto tcp to $mailhost port smtp keep state
> ## Pass all outgoing traffics
> pass out on $ext_if inet proto t
Toni Mueller wrote:
Pro: Every bot can access the url exactly one time, afterwards its
blacklisted.
Use expire-table to free the pf table occassionally and of course make
sure that you don't block yourself - whitelist ip addresses like your
standard gateway, otherwise you may DoS yourself ;)
No, I'm not seeing this, can you mail me any
details? your setup, how big, Got a core file? etc?
you mention you have debug logging on, can you
capture a debug level syslog? if so can you pinpoint
where it stops and show me?
thanks
-Bob
* [EMAIL PROTECTED] <[EMA
Hi,
Can you recommend me a server of 1U height with raid controller which
is supported by bio(4) framework? I will be very greatful for dmesg and
sysctl hw.sensors output and one line comment about setup (which raid,
is it hot swapable, etc).
I'm looking for 1U server, where I can setup a two hot
Hi,
On Wed, 07.02.2007 at 19:08:46 +0100, Marian Hettwer <[EMAIL PROTECTED]> wrote:
> I had the same problem with botnets, attacking a specific URL. Even
> sending out 404 errors didn't help at all.
> I wouldn't recommend the pf overload feature, as this depends on the
> number of tcp connection
Hi,
On Mon, 12.02.2007 at 20:20:12 +, Jeff Rollin <[EMAIL PROTECTED]> wrote:
> Then, of course, there's the contents of the backup to consider. You
> (probably) don't want your Brand New OBSD 4 installation replaced with an
> install of OBSD 2, especialy since it may not contain drivers for ha
Hi Daniel,
On Wed, 07.02.2007 at 16:26:55 -0500, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> the connection. So, any valid users that access that page will be
> redirected to the valid page and the bot will simply have it;s
> connection close.
this requires that you control the URLs being serve
On Monday 19 February 2007 14:27, atstake atstake wrote:
> I been given this Cisco VPN Client software version 4.8 where a
> "vpnclient.ini" file needs to be imported and authentication is done
> via username and password to a Cisco VPN gateway which (after
> authentication) drops me off to the int
On Tue, 2007-02-20 at 07:32 -0800, [EMAIL PROTECTED] wrote:
> Greetings,
>
> Does it make any difference if I group my rules like this .
it can be, depending on your situation. PF rules are read top to
bottom, therefore, lower rules can "override" rules that were previously
defined.
if you w
Greetings,
Does it make any difference if I group my rules like this .
## logs smtp sessions
pass in log on $ext_if proto tcp to $mailhost port smtp keep state
## Pass all outgoing traffics
pass out on $ext_if inet proto tcp all flags S/SA keep state
pass out log on $ext_if inet proto tcp from
On 2/20/07, Jimmy Mdkeld | Loopia AB <[EMAIL PROTECTED]> wrote:
Rogier Krieger wrote:
> End user connections are what the submission port (589) is for.
# grep submission /etc/services
submission 587/tcp
submission 587/udp
As I ment to say, port 587 ;)
Apparently, it is time for my c
Rogier Krieger wrote:
End user connections are what the submission port (589) is for.
Small correction: it's 587, not 589.
---
Lars Hansson
Rogier Krieger wrote:
> Humans shouldn't be connecting to port 25 in any case, unless when
> they know what they're doing (and know why they're connecting). End
> user connections are what the submission port (589) is for.
# grep submission /etc/services
submission 587/tcp
submission 587
On 2/20/07, J Moore <[EMAIL PROTECTED]> wrote:
I was under the impression that spamd was supposed to "politely" defer
connections from unknown/greylisted hosts.
Given the '451' response in the SMTP conversation, it is a relatively
polite and benign way to defer connections. I doubt a sending MT
This list appears updated:
http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html
-Steve S.
J Moore wrote:
> I'm reviewing the DNSBLs I have in my sendmail configuration:
>
> * dnsbl.sorbs.net
> * bl.spamcop.net
> * sbl.spamhaus.org
> * cbl.abuseat.org
> * ipwhois.rfc-ignorant.org
>
> Is there a
J Moore <[EMAIL PROTECTED]> writes:
> Isn't this a bit "over the top"?
Well, people don't read these strings at all unless they're looking at
spamd source code or doing a "telnet yourhost.tld smtp" for debugging
purposes. The message you quote here is essentially just a preserved
version of the
As a reminder,
this weekend in Brussels at the ULB Solbosh campus there is once again
the FOSDEM conference. You can found our OpenBSD/OpenSSH booth in the
hallway at the usual place.
Matthieu will give a talk on Xenocara in the X.Org devroom.
As for being a free event, participation and attend
On Tue, Feb 20, 2007 at 08:41:49AM +0100, Mislav Bo?i?evi? wrote:
> Is Mono Project (http://www.mono-project.com/Main_Page) supported by
> the OpenBSD OS? In other words, am I able to compile and run C# files
> under the OpenBSD OS? Thanks.
http://www.google.com/search?q=mono+openbsd tells you all
On Mon, 19 Feb 2007, Ben Calvert wrote:
> On Feb 19, 2007, at 11:13 AM, Otto Moerbeek wrote:
>
> > On Mon, 19 Feb 2007, Pierre Riteau wrote:
> >
> > > > The MacBook is different from the MacBook Pro.
> > > >
> > > > The first sign of trouble is that the UKC prompt doesn't work. It
> > > > won't
71 matches
Mail list logo
