On May 11, 2005, at 8:38 AM, J.C. Roberts wrote:
On Wed, 11 May 2005 02:23:43 -0400, Bruno Delbono
<[EMAIL PROTECTED]> wrote:
Smith wrote:
alerts. If sendmail has a security alert and OpenBSD is vulnerable,
OpenBSD will let me know pretty quickly. I don't need to keep track
of
sendmail alerts, j
s?
- -Chad
_\|/_
(o o)
- --oOO-(_)-OOo------
Chad M Stewart [EMAIL PROTECTED]
"If you don't do it right the first time, you'll just
have to do it aga
Hi Phillip,
My situation, at this point is hypothetical, though based on reality in
carrier grade messaging systems. I have been building and implementing
large scale systems for many years, so I have had time thinking small,
which can be good and bad. :)
I understand your setup, makes perfect
Phillip,
Thank you for pointing out spamlogd. I never noticed that before and
will look into that tomorrow. It looks to be what I might be looking
for.
Thanks again,
Chad
On Sep 9, 2005, at 1:05 PM, Hans van Leeuwen wrote:
<..snip..>
My all-time record is 3726 seconds.
That's not chuckling, that's rolling on the floor laughing out
loud :-)
I had to check my logs and I found
# grep 81.71.83.132 daemon*
daemon.62:Jul 8 11:13:21 zeus spamd[13726]: 81.71.83
ts disabled, as this "feature"
causes harm, and never any good from what I can tell.
-Chad
_\|/_
(o o)
----------oOO-(_)-OOo--
Chad M Stewart, GCIH
While not at all supported and could break things I have done in the
past
## CLAMAV on OpenBSD
cd /usr
[EMAIL PROTECTED]:/cvs cvs get \
-rHEAD -Pports/security/clamav
then go make a package and assuming that works, install it. YMMV and
use at your own risk or demise. :) I did it this wee
On Oct 21, 2005, at 2:16 PM, Sebastian Cufre wrote:
Well, the problem is that with OpenBSD 3.7 other thing doesn't work
(php4-xslt makes apache crash when used), and OpenBSD 3.8 is no yet
released
officially.
And if you'd pre-ordered 3.8 then you might have gotten an email like
I did tod
James,
The more I think about this one, the more I think there is no
solution to your issue. Well okay there are two choices, either use
spamd or not. :)
You would have to have ESP to know from which IP address a particular
sender would be sending. If I'm sitting in a hotel and using th
On Oct 26, 2005, at 11:54 AM, Graham Toal wrote:
My experience is that greylisting requires at least 2 failed
attempts.
Maybe my pf.conf isn't setup properly. But, there's always 1
'extra' failure
that seems to me should pass through.
James is right, it's a design flaw of spamd that two
Why would you want to do that? Put spamd in front of postfix and sit
back and watch the spammers waste their time. Sure the first few
hours can be trying as legitimate mail trickles through. Before I
deployed spamd for the first time I lowered the passtime and tested.
Once I was satisfi
On Nov 2, 2005, at 1:41 PM, Dag Richards wrote:
True I guess I am just trying to justify the time I spent learning/
configuring STP to quiet the local CISCO nazi's who howled at me
for not buying PIX fw's.
There is the small feature gap in not being able to fail back though.
CARP of course w
On Nov 3, 2005, at 8:17 AM, Markus Wernig wrote:
Well, the only use that came to my mind was a perl daemon running
on the
FW that accepts rule updates from a remote client. While that can be
done with other means (ssh, sh scripts), i can imagine that a perl
class
for manipulating pf rules w
On Nov 16, 2005, at 3:57 PM, Tobias Walkowiak wrote:
I just set up 2 redundant firewalls that use CARP / pfsync. I ran
into the
fact that everything works fine but when shutting down the MASTER, the
BACKUP doesn't take over the states of the connections. Is that
intended or
did I do somethin
While building a new openbsd 3.8/carp/pf firewall pair I discovered
the following
rl1: flags=8943 mtu 1500
lladdr 00:e0:29:5b:31:00
description: LAN
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.44 netmask 0xff00 bro
On Nov 22, 2005, at 11:52 AM, Ralf Hornik Mailings wrote:
Could this be a bug in preemption? Has anyone else successfully set up
carp with preemption? My OS is now OpenBSD 3.8 RELEASE. After going to
stable, I'll be back! :-)
This past weekend I implemented a pair of 3.8 (right of CD) carp/pf
I had tested quite a bit in 3.7 in a lab environment, never found an
issue. Now this is 3.8 in production for my business network. I
just pulled the patch cable from the switch for the WAN NIC on the
master node. Poof the FW service switched to the backup node. I
then plugged the patch
On Nov 20, 2005, at 10:02 PM, Paul Yiu wrote:
Hi Guys,
Hope you guys can help on this ssh issue has been posted in 2004.
Thank you in advance.
I hit the same ssh problem with openbsd 3.7. I got serial console
set up, I got a user which assigned in a wheel group, when I log in
using ssh
On Nov 23, 2005, at 5:38 AM, Eli K. Breen wrote:
I found the problem you describe when I specifically set the
advskew on the two carp interfaces. Give it a whirl.
Give what a whirl? I do have advskew set on the carp interfaces on
the backup node. Since I want one node of the two to be pri
ks,
Ken Ebling
_\|/_
(o o)
oOO-(_)-OOo--
Chad M Stewart, GCIH Phone: 585 202 6643
[EMAIL PROTECTED] http://balius.com/ Balius Inc.
Unix is very simple, but it takes a genius to
understand the simplicity. (Dennis Ritchie)
-
Being a U5, its used, which means someone could have changed the baud
rate of the serial port. :) I've got two U10s, a SS20, and 220R in
my basement^H^H data center. ;-)
If you can use a keyboard & monitor to get to the ok prompt, then you
can check the speed of the serial port. I can't
I worked with a customer once that had a software based load
balancing solution. I liked the way it worked. While I was working
on the box if I was going to take the service down for maintenance I
could tell the local agent and the box was removed from the pool of
servers.
Anyone know o
On May 21, 2006, at 10:18 AM, Morten Liebach wrote:
On 2006-05-20 20:48:13 -0400, Chad M Stewart wrote:
I worked with a customer once that had a software based load
balancing solution. I liked the way it worked. While I was working
on the box if I was going to take the service down for
On May 21, 2006, at 11:25 AM, Joachim Schipper wrote:
There are various proxies, talking either a specific protocol. Most
should either be able to do failover or be able to be re-configured
for
a new host very quickly.
A bit of scripting might glue this all together. Was there a specific
ap
Two dmesg's below, both bsd and bsd.mp, these are from my 15" MacBook
Pro.The fun part will be building a 3 or 4 carp/pf group of
nodes. :) The softw
I also plan on trying to setup an instance of OpenBSD to be the
firewall for the host OS. I read about something similar using
Wind
On May 31, 2006, at 5:21 PM, Bachman Kharazmi wrote:
I've a problem when I do "ifconfig carp1 down" on the MASTER host to
test if BACKUP takes over the traffic..
You're not alone. I have a pair of boxes running 3.8/pf/carp/etc..
I upgraded them to 3.9 and during the upgrade discovered th
I'm trying to debug why when I take either carp interface (only 2 in
a 2 pair fw) not all carp interfaces fail over. Only that interface
switches. If I take one of the physical interfaces down, both carp
interfaces switch over.
fw1 -
# uname -a
OpenBSD sabus 3.9 GENERIC#617 i386
# sysctl
My firewall is a firewall, provides packet level blocking/allow,
ftpproxy, and nothing else. Adding other services can make it more
vulnerable, either by software problems or configuration problems.
The mail server that gets mail via my MX records sits in my DMZ. On
it I use spamd, postfi
On Jun 9, 2006, at 7:07 AM, Pancho Cole wrote:
I have been building and testing some postfix mail server
configurations recently, and I am looking for advice.
I currently have postfix authenticating against the password file,
but I think I want to use SQL (PostgreSQL) or LDAP, though I have
I'm playing around with hoststated. I have two systems behind the
firewall running hoststated. I setup Apache on the boxes to act as
proxies, everything works nicely, until I disable the service and
then enable the same service, hoststated dies.
(full dmesg and other info below)
Output f
On Oct 4, 2007, at 11:11 AM, a.padilla wrote:
Hi, I'm a student trying to learn pf on my own. I'm trying to set
up a nat. I've read documentation yet I still can't get the
internal machine to communicate to the outside world.
I've been following this documentation: http://www.openbsd.org
I'd like to say Thank you to all of the developers around the world
who make OpenBSD what it is! If I had the skills to write code I
would help, for now my contributions will have to be in other ways.
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
and this has to be t
On Oct 5, 2007, at 2:53 PM, Karsten McMinn wrote:
On 10/5/07, Chad M Stewart <[EMAIL PROTECTED]> wrote:
My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
drat, I was hoping for first the first post. you forgot the pic.
Okay, well fresh from an install on my Sun X210
On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote:
pass in inet proto icmp all icmp-type $icmp_types keep state
This can be used as a covert communication channel. Allowing
internal IPs to send/receive ping is bad.
As for your question, only allow internal devices to do what you want
On Apr 25, 2007, at 4:19 PM, Tobias Weingartner wrote:
Chad M Stewart wrote:
On Apr 25, 2007, at 11:05 AM, Allen Theobald wrote:
pass in inet proto icmp all icmp-type $icmp_types keep state
This can be used as a covert communication channel. Allowing
internal IPs to send/receive ping
I have two mail servers running 4.1-stable and am trying to get spamd
synchronization working between them.
During testing using a basic set of options
/usr/libexec/spamd -y nfe0 -Y nfe0 -d
in the resulting debug I see
using multicast spam sync mode (ttl 1, group 224.0.1.240, port 8025)
on
Since having users change their settings can be problematic in many
environments, instead change the MX record. This way you can
implement spamd right away and your users will not have to change
anything. Though I would suggest moving the users to 587/465 in the
future so that they don't
On May 24, 2007, at 8:35 AM, Henning Brauer wrote:
* Bob Beck <[EMAIL PROTECTED]> [2007-05-24 08:22]:
rfc 2821 specifically forbids this behaviour.
The DATA command can fail at only two points in the protocol
exchange:
- If there was no MAIL, or no RCPT, command, or all such
command
Can you send the output of netstat -rn? Maybe that'll help myself
and others a little more.
-Chad
I'm missing something, but I can't figure out what. Below is the
contents of the spamd.conf file, nothing but a simple whitelist. A
connection from 10.37.129.2 gets directed to spamd, but the IP should
have been put into spamd-white by spamd-setup, at least that was what
I expected but cl
On Nov 13, 2006, at 10:03 PM, Darrin Chandler wrote:
My understanding about spamd-setup and spamd.conf is that
whitelists are
removed from blacklists defined in spamd.conf. That is to say, before
spamd-setup puts black entries in table it removes anything
defined in whitelists. This is NOT th
On Nov 15, 2006, at 1:47 PM, Eric Merkel wrote:
My greylisting system has been running fine for about a month but
recently run I've into a problem with greylisting. I had someone tell
me that an email they sent to me bounced. Looking at the log file
(shown below) it appears that their email serv
On Nov 17, 2006, at 6:22 PM, Gustavo Rios wrote:
I am trying to get openbsd installed in my net4801 box. I can pxeboot
it, and get bsd.rd readed from my tftp server.
But, the problem is that when i choose installtion by means of ftp. It
is too slow to download them, in the order of 4 to 5 KB/s.
On Sep 28, 2006, at 7:34 AM, sonjaya wrote:
i have bsd machine run as gateway + proxy ( running for internet acces
n dns forom my lan )
i want create rule , all internet request by proxy working fine , but
i see in pftop some protocol such as p2p aplication pass my gateway ,
how to block it .
p2
On Sep 28, 2006, at 1:26 PM, bofh wrote:
On 9/28/06, James Blasius <[EMAIL PROTECTED]> wrote:
I listened to Christoph Egger's podcast on openbsd + xen. Yowza.
Is this a
4.1 timeframe item?
People who do this need to be spanked!!! 8-) Come on, at least
give us a
URL...
I think he m
On Sep 28, 2006, at 5:04 PM, Eric Merkel wrote:
Would it make more sense to have one system acting as the firewalling
bridge in front of the email servers or should I use two bridges? My
gut instinct says it would be easier to have one bridge so that I
wouldn't have to keep the spamdb synced bet
Running 4.3-stable.
I am trying to setup relayd as a reverse proxy and have a fail back
table. When I enable the fail back table, relayd complains table
already specified.
# cat /tmp/relay.test.conf
## Macros
#
relayd_addr="127.0.0.1"
relayd_reverse_port="8080"
## Global Options
#
prefor
On Sep 17, 2008, at 12:49 AM, Aaron Stellman wrote:
On Tue, Sep 16, 2008 at 10:20:08PM -0400, Steve Shockley wrote:
Juan Miscaro wrote:
Has anyone any experience running OpenBSD on this puppy:
http://www.commell-sys.com/Product/IPC/EMB-564.htm
I'm looking for a replacement for my tower that
I am working with hoststated and trying to figure out if it will work
for what I want to do. I have some questions that I hope people can
answer for me.
kern.version=OpenBSD 4.2-stable (GENERIC) #0: Sun Dec 2 13:43:16 GMT
2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
On Dec 10, 2007, at 1:29 PM, Daniel Ouellet wrote:
Just passing what I found and the request of ntp.org in that
regard, nothing more.
Further down on http://www.pool.ntp.org/vendors.html I found
Open source projects
Open Source projects are of course particularly welcome to use the
pool i
50 matches
Mail list logo
