What have you looked at? are you running pf? what kind of ruleset?
Tried simplifying it?
--Bryan
On 9/25/07, rezidue <[EMAIL PROTECTED]> wrote:
> I've been having problems with throughput on a box I'm using as an edge
> gateway. I can't seem to get it to push out more than 150Mb/sec at about
> 2
I've been having problems with throughput on a box I'm using as an edge
gateway. I can't seem to get it to push out more than 150Mb/sec at about
20k pps. It's a Tyan Thunder K8SR (S2881) board that has two gig broadcom
interfaces on a shared pci-x bus. It's on the bcm5704c chipset and I'm
runnin
On Wed, 26 Sep 2007 03:16:35 +0300, Liviu Daia wrote:
>
>> Postfix would just be rejecting them and filling its logs.
>
>Oh come on, these days you're probably rejecting > 95% of messages
>anyway. :)
Nope. Every day at log reading time I do "grep reject maillog" and very
rarely do I see a res
On 9/26/07, Rob <[EMAIL PROTECTED]> wrote:
> Yeah, I agree. It's the wrong way for them to check for an open relay,
> but it is still causing a bit of a problem.
Well if it is actually caused by spamd you have 2 options:
a) not run spamd.
b) ask them to get their shit together and hope they actual
On 9/25/07, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2007/09/25 17:35, Rob wrote:
> > Since this is happening during the conversation with our inbound mail
> > server, I don't see how filtering connections between our inbound and
> > outbound mail servers would fix it.
>
> From what you say
On 2007/09/25 17:35, Rob wrote:
> Since this is happening during the conversation with our inbound mail
> server, I don't see how filtering connections between our inbound and
> outbound mail servers would fix it.
>From what you say, it sounds like your outbound mail server sends
mail to some host
I'm not 100% certain I'm "get"ting your idea here ... we do currently
run inbound/outbound mail on different IPs, but the problem isn't with
the connections themselves.
>From the example session transcript with spamd that I posted earlier:
250 Hello, spam sender. Pleased to be wasting your time.
On 26 September 2007, RW <[EMAIL PROTECTED]> wrote:
> On Tue, 25 Sep 2007 14:14:46 +0300, Liviu Daia wrote:
>
> >On 25 September 2007, RW <[EMAIL PROTECTED]> wrote:
> >[...]
> >> My defence was to write a couple of scripts. One parsed the output
> >> of spamdb looking for GREY with sender <> and th
On 2007/09/25 14:50, Rob wrote:
>
> Is there some configuration for spamd that I've missed
You could run inbound and outbound email on different IP addresses,
and don't accept incoming port 25 connections on the address used as
a source for outgoing mail.
On 2007/09/26 10:54, Josh wrote:
> So any suggestions on how to have a rdr rule in pf.conf take over when this
> happens?
Yes, just list it below the hoststated rdr anchor.
On Tue, 25 Sep 2007 14:14:46 +0300, Liviu Daia wrote:
>On 25 September 2007, RW <[EMAIL PROTECTED]> wrote:
>[...]
>> My defence was to write a couple of scripts. One parsed the output of
>> spamdb looking for GREY with sender <> and then tested the intended
>> recipient against the postfix valid m
On Wed, 2007-09-26 at 10:54 +1200, Josh wrote:
> So any suggestions on how to have a rdr rule in pf.conf take over when
> this happens?
Why? If hoststated crashes, then it's a bug. If it doesn't crash, what
are you trying to achieve?
ciao
Luca
On Tue, 25 Sep 2007 12:40:50 +0100, Craig Skinner wrote:
>RW wrote:
>>
>> The others were from bots as far as I could tell but they were not
>> being sent by MTAs which had received them.
>>
>
>Yes, but the OPs problem is back scatter, and that does not come from
>bots, they don't retry.
>
Wha
Hello,
I have to machines running OpenBSD 4.1 which are acting as a firewalls
and I have pfsync setup between the two. One of my machines had a
power loss and when we turned it back on we got a lot of pf errors
claiming bad state and what not.
Here is the first machine which didn't have a power l
So any suggestions on how to have a rdr rule in pf.conf take over when
this happens?
better try pkill -SEGV hoststated ;)
in either case, the pfe process catches the fact that the hce process
dies and cleans up the tables and rules before completely dying
Hi Jeremy,
On 9/25/07, Jeremy C. Reed <[EMAIL PROTECTED]> wrote:
> On Tue, 25 Sep 2007, Rob wrote:
>
> > We just ran across an odd intermittent problem with email that we
> > traced back to spamd showing up as an open relay. I double-checked the
> > documentation and mailing list archives and didn
On Tue, 25 Sep 2007, Rob wrote:
> We just ran across an odd intermittent problem with email that we
> traced back to spamd showing up as an open relay. I double-checked the
> documentation and mailing list archives and didn't find anything
> relevant.
Please let us know what service (if different
Hey guys,
We just ran across an odd intermittent problem with email that we
traced back to spamd showing up as an open relay. I double-checked the
documentation and mailing list archives and didn't find anything
relevant.
Our mail server is bara.nccn.net, 12.165.58.50. There is a
bump-in-the-wire
On 9/25/07, Lars Noodin <[EMAIL PROTECTED]> wrote:
> I'm looking at the recent article on Soekris and very favorably impressed.
>
>"Setting up a Soekris 5501 with OpenBSD 4.2" 24 Sep 2007
>http://undeadly.org/cgi?action=article&sid=20070924004901
>
> The setup seems almost perfect,
Well, I don't need scaling support out of the box, I just
want something cheap. If it takes a little bit of work to make
it happen, that's no problem. I had a hard time finding the listed
LG monitor, and the Hantouch stuff is not cheap.
Joerg Zinke [EMAIL PROTECTED] wrote:
>
> from: http://www.
Lars Noodin <[EMAIL PROTECTED]> wrote:
> There has got to be non-x86 units out there, SBC or other, running Cell
> or Freescale or anything else.
If you look hard enough, I think you can find ARM/MIPS/PowerPC based
single-board computers vaguely comparable to the Soekris range.
Heck, just look a
On Mon, 24 Sep 2007 16:15:08 -0700
Chris Cappuccio <[EMAIL PROTECTED]> wrote:
> Does anyone have any recommendations on 7" or smaller touch screens
> that have a USB input ?
>
> I want something preferrably under or around $100... I want to mount
> it on a car dash.
>
from: http://www.openbsd.o
[IMAGE]Having trouble reading this email? See it in your browser
ArabianBusiness.com Daily News Alert
GHMK ]m Gacf^Z:
GaCMO ,25 SHJcHQ 2007
[IMAGE]
GaCNHGQ GaQFmSmI
"XG^I" JZQV NcSI camGQGJ OfaGQ aTQGA HQGmc fSJ Ga_dOmI
Thanks.
On 9/25/07, Marco Pfatschbacher <[EMAIL PROTECTED]> wrote:
>
> On Tue, Sep 25, 2007 at 08:57:19AM -0700, dane johansen wrote:
> > I went to colo, and checked what happened, as soon as a type:
> > ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
> > I get:
> > ifconfig c
Dear all,
First, let me say a big hello to everyone here. I've been out of this
list for almost three years... Just came back less than a week ago and
Chuck Yerkes is sorely missing...
I don't know if this question will be better answered here or on [EMAIL
PROTECTED]
After reading an email abou
On Tue, Sep 25, 2007 at 08:57:19AM -0700, dane johansen wrote:
> I went to colo, and checked what happened, as soon as a type:
> ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
> I get:
> ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
> uvm_fault(0xd6a0752
I went to colo, and checked what happened, as soon as a type:
ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
I get:
ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
uvm_fault(0xd6a07524, 0x0, 0, 3) -> e
kernel: page fault trap, code=0
Stopped at carp_join_m
On 9/25/07, Rodrigo V. Raimundo <[EMAIL PROTECTED]> wrote:
> Antti Harri wrote:
> > On Tue, 25 Sep 2007, Rodrigo V. Raimundo wrote:
> >
> >> Is there a way to get kde's automounting functionality working under
> >> obsd?
> >> At linux I think it uses hal-deamon plus something like pmount.
> >> Some
African American Hair Dot Com Specials. Some Items
60% Off
http://www.youtube.com/watch?v=MMlYv5iKktsDulles
Beauty Supply1110 Elden St. #B Suite 204Herndon,
VA 20170
On Tue, 25 Sep 2007 14:22:19 +0200
Luca Corti <[EMAIL PROTECTED]> wrote:
> On Wed, 2007-09-26 at 00:01 +1200, Josh wrote:
> > What happens if hoststated crashes? Does its latest table entry's
> > and rdr rules still remain?
>
> Maybe you can try a kill -9 and see what happens.
>
> ciao
>
> Luca
On Tuesday 25 September 2007, Craig Skinner wrote:
> If you are using postfix:
>
> /etc/postfix/main.cf:
> ..
> ..
> smtpd_recipient_restrictions =
> reject_non_fqdn_hostname
> reject_invalid_hostname
> reject_non_fqdn_sender
> reject_non_fqdn_recipient
>
Antti Harri wrote:
On Tue, 25 Sep 2007, Rodrigo V. Raimundo wrote:
Is there a way to get kde's automounting functionality working under
obsd?
At linux I think it uses hal-deamon plus something like pmount.
Some way to make /etc/hotplug/attach call some kde application with
DISPLAY=:0.0 that l
A few lines above I wrote supported channel: i meant supported by your
clients. Yes, this should be corrected, thank you.
I don't know if some device supports those "high" channels: another ral
adapter I tested does, my laptop doesn't.
For example my iBook supports channels from 1 to 11 (don't kn
On Tue, 25 Sep 2007, Rodrigo V. Raimundo wrote:
Is there a way to get kde's automounting functionality working under obsd?
At linux I think it uses hal-deamon plus something like pmount.
Some way to make /etc/hotplug/attach call some kde application with
DISPLAY=:0.0 that lets the gui-logged us
> I wrote a small doc reporting this experience and Damien's tips: I hope it
> could be useful.
> http://sekureshell.altervista.org/docs/trouble_ral.html
I have a question. You list channel 112 as having the greatest power
("power=57"), and claim that you chose the channel with the greatest
pow
Is there a way to get kde's automounting functionality working under obsd?
At linux I think it uses hal-deamon plus something like pmount.
Some way to make /etc/hotplug/attach call some kde application with
DISPLAY=:0.0 that lets the gui-logged user mount (or not) its usb drive ?
Hi all,
afterboot(8) mentions /altroot, which is a nice feature.
But you only learn about /altroot when you read afterboot(8).
By that time, you already have a system installed, in particular
your disk is already partitioned, and typically you don't have
the spare partition (of size at least that
On 2007/09/25 15:19, Lars Noodin wrote:
> nicodache wrote:
> > ...
> > You should go into the ARM world to get something like that, and you
> > will be disapointed, as it is much much harder to find something with
> > 4 network connectors, serial, flash, pci, mini-pci connector, due to
> > the lack
Just for the fun of it, some people subscribe to misc@ from politically
correct accounts.
So, I got a bounce on my last email, because I was saying that complex
security ACLs were fucked up by design.
This email is probably going to get blocked too, which is all that they
deserve.
Fucking reta
Karl SjC6dahl - dunceor wrote:
> What is AMT?
http://www.intel.com/technology/platform-technology/intel-amt/index.htm
aka "rootkit for everybody"
http://strombergson.com/kryptoblog/?p=311
> Well ARM is not under Intel, Intel does ARM-processors just like
> several others do (Atmel, TI, Philli
On Tue, 25 Sep 2007 14:08:50 +0200
Pierre-Yves Ritschard <[EMAIL PROTECTED]> wrote:
> On Tue, 25 Sep 2007 23:25:44 +1200
> Josh <[EMAIL PROTECTED]> wrote:
>
> > Well after trying it, it appears there _IS_ a problem there. One of
> > the services was not
> > working. As soon as I gave it its own
I think AxiomTek has what you're looking for.
And if it doesn't, then either there is no such thing as you search,
or it's well hidden.
regards,
On 9/25/07, Lars Noodin <[EMAIL PROTECTED]> wrote:
> nicodache wrote:
> > ...
> > You should go into the ARM world to get something like that, and you
>
On 9/25/07, Lars NoodC)n <[EMAIL PROTECTED]> wrote:
> nicodache wrote:
> > ...
> > You should go into the ARM world to get something like that, and you
> > will be disapointed, as it is much much harder to find something with
> > 4 network connectors, serial, flash, pci, mini-pci connector, due to
On Wed, 2007-09-26 at 00:01 +1200, Josh wrote:
> What happens if hoststated crashes? Does its latest table entry's and
> rdr rules still remain?
Maybe you can try a kill -9 and see what happens.
ciao
Luca
On 25 September 2007, RW <[EMAIL PROTECTED]> wrote:
[...]
> My defence was to write a couple of scripts. One parsed the output of
> spamdb looking for GREY with sender <> and then tested the intended
> recipient against the postfix valid mailbox database.
[...]
With Postfix you can use anvil(8
nicodache wrote:
> ...
> You should go into the ARM world to get something like that, and you
> will be disapointed, as it is much much harder to find something with
> 4 network connectors, serial, flash, pci, mini-pci connector, due to
> the lack of products & manufacturers.
Yes. I know. Hence
On Tue, 25 Sep 2007 23:25:44 +1200
Josh <[EMAIL PROTECTED]> wrote:
> Well after trying it, it appears there _IS_ a problem there. One of
> the services was not
> working. As soon as I gave it its own separate tables, it worked.
>
> Pierre-Yves Ritschard wrote:
>
> Anyway, my question is, ca
Gidday,
How can I have a rdr rule which redirects to the same main servers that
hoststated does ( using a different table/macro in pf.conf than the
hoststated rdr statement does ), which only matches when hoststated is
not running?
What happens if hoststated crashes? Does its latest table en
RW wrote:
The others were from bots as far as I could tell but they were not
being sent by MTAs which had received them.
Yes, but the OPs problem is back scatter, and that does not come from
bots, they don't retry.
$ man spamd:
DESCRIPTION
spamd is a fake sendmail(8)-like daemon whic
Stuart Henderson wrote:
I had a question off-list about how to do this, so I guess
some other people will benefit from an example of how to set
this up.
If you are using postfix:
/etc/postfix/main.cf:
..
..
smtpd_recipient_restrictions =
reject_non_fqdn_hostname
reject_inval
Well after trying it, it appears there _IS_ a problem there. One of the
services was not
working. As soon as I gave it its own separate tables, it worked.
Pierre-Yves Ritschard wrote:
Anyway, my question is, can I use the same tables in multiple service
entries? ( one for each connectio
"RW" <[EMAIL PROTECTED]> writes:
> One was bounced mail that should have been rejected as "invalid
> recipient" mail at the original target. That included an mx at
> aph.gov.au, the Australian Federal Parliamnet House. Yep, the pollies
> who want ISPs to block websites on request and who spent $84
On Tue, 25 Sep 2007 09:38:10 +0100, Craig Skinner wrote:
>Greylisting is of no use whatsoever because the servers sending the
>bounces to you are actual smtp boxes (sendmail, extrange, ), not
>malware, so they will quickly bypass spamd. Spamd greytraps will help a
>great deal, but you say
On 2007/09/25 10:29, Stuart Henderson wrote:
> Also: all hosts listed in MX records should be aware of the
> list of valid users and do the same. For sendmail, this is easy
> to do with the access map.
I had a question off-list about how to do this, so I guess
some other people will benefit from a
On 9/25/07, Lars NoodC)n <[EMAIL PROTECTED]> wrote:
> I'm looking at the recent article on Soekris and very favorably impressed.
>
> "Setting up a Soekris 5501 with OpenBSD 4.2" 24 Sep 2007
> http://undeadly.org/cgi?action=article&sid=20070924004901
>
> The setup seems almost perfe
VIA, Intel lo-comsumption, are X86-based.
You should go into the ARM world to get something like that, and you
will be disapointed, as it is much much harder to find something with
4 network connectors, serial, flash, pci, mini-pci connector, due to
the lack of products & manufacturers.
You may wa
Stuart Henderson <[EMAIL PROTECTED]> writes:
> If it's compatible with how you use the domain, it might help
> to publish SPF records.
I suppose I'll never know how many receivers of spam claiming to be
from [EMAIL PROTECTED] (yes, fresh from the source) and friends
actually acted on the SPF info
I'm looking at the recent article on Soekris and very favorably impressed.
"Setting up a Soekris 5501 with OpenBSD 4.2" 24 Sep 2007
http://undeadly.org/cgi?action=article&sid=20070924004901
The setup seems almost perfect, except that the AMD Geode seems to be
x86-based.
What cor
In all my experience, every single complex security policy I've seen
has very serious issues. Complexity kills it. There's always a scenario
somewhere that someone has forgotten about that breaks stuff.
Heck, this even happens with access control systems like PAM. About every
3 months, we hear o
On 2007/09/25 00:08, patrick keshishian wrote:
>
> I'm very certain right now, this flood is due to a spammer
> using these fake addresses @my-domain-name to spam these mail
> server (all around the world -- Japan, South America, US,
> Germany, Ireland, etc...) and I'm getting the brunt of it in
>
Hello
I would like to have the AoTuV Vorbis encoder. There is no package for that.
Is this supported on OpenBSD and if yes what is the proper way to do it?
I downloaded the AoTuV libvorbis (it's just a different "version" of
libvorbis), compiled, installed, then oggenc didn't recognize -q 2. So I
Craig Skinner <[EMAIL PROTECTED]> writes:
> malware, so they will quickly bypass spamd. Spamd greytraps will help
> a great deal, but you say that the addresses are random.
I think what happened here is that somebody let the random address
generator run for longer than intended.
One or more sp
patrick keshishian wrote:
I'm very certain right now, this flood is due to a spammer
using these fake addresses @my-domain-name to spam these mail
server (all around the world -- Japan, South America, US,
Germany, Ireland, etc...) and I'm getting the brunt of it in
the form of these bounced mess
> Anyway, my question is, can I use the same tables in multiple service
> entries? ( one for each connection )
>
no problem there.
Hello there.
I am using hoststated to fail over to a backup server. No dramas in that
department.
However, I have more than one internet connection for which hoststated
is doing rdr's for. Each incoming internet connection goes to a specific
carp ip, and I tag it. Then I use a reply-to later
I'd like to thank in public Damien Bergamini, he helped me a lot in
debugging my ral setup: it was very very slow and unreliable. With
Damien's tips now I have a better understanding of my ral device and,
above all, it works flawlessy.
I wrote a small doc reporting this experience and Damien's
"patrick keshishian" <[EMAIL PROTECTED]> writes:
> When you speak of "misconfigured mail servers bouncing spam",
> what exactly is a "proper configured mail server" supposed to
> do with spam directed at non-existing user @their-host-name?
The real question in there is, what does a properly confi
On 9/23/07, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote:
> "patrick keshishian" <[EMAIL PROTECTED]> writes:
>
> > I'm running spamdb in greylist mode, but these servers were
> > getting white-listed very quickly.
>
> Then it sounds almost like you were running with a too short passtime,
> but th
Eric Johnson wrote:
On Mon, 24 Sep 2007 22:55:16 +0200
Ed <[EMAIL PROTECTED]> wrote:
http://2006.opencon.org/
Just out of curiousity (since I can't make it), is there a newer page
on this?
That is the webpage of last years conference, please visit
http://www.opencon.org/
for the current
I'm running a RAID1 mirror on OpenBSD 4.1 (webserver)
On a power failure the parity becomes dirty and needs rewriting, which
results in > 1.5 hours 'downtime'.
Is it safe to background this in /etc/rc or is that a no-no?
I found a reference this was possible/safe on-list but it was a) 2003
and
70 matches
Mail list logo
