On Monday 22 January 2007 11:38, Bob Eby wrote: > [EMAIL PROTECTED] > > > freeze is not available as package, you need to install it from the > > ports > tree. > > Good to know, but painful to hear. Guess I'll have to work on > learning ports... > > [EMAIL PROTECTED] > > > <disclaimer> > > I don't use anti-virus mail scanners. > > </disclaimer> > > Well, I'm really just interested in a bayes based anti-spam mail > gateway that allows for fairly easy end-user training. I chose that > HOWTO because it is very complete and I can follow it fairly easily > (my internal server also happens to be Exchange). I really don't > want to be spending a lot of time on this, and in fact, I'm within an > inch or two of just going out and buying a proprietary solution > (assuming something even exists). In the past we've used bayes > filtering via OpenBSD and postfix on an external mail gateway, but we > never got the bayes training into a useable state, so filter > performance started out sketchy and has become useless over time. > > > The most likely reason why pkg_add died is because you do not have > > your > > > PKG_PATH variable set to your nearest mirror. > > Mine is: > PKG_PATH=ftp://mirror.sg.depaul.edu/pub/OpenBSD/4.0/packages/i386/ > Dunno much about "nearest" but it appears quick. > > > If you want to know more about freeze-2.5 you can easily type: > > # cd /usr/ports > > # make search key=freeze > > Ok, so freeze is a compression library, and a few other packages rely > on it. Not sure how that helps me other than raising questions about > why amavisd uses it... > > > In general, the anti-virus scanners have a lot of dependencies and > > not > > > > all of the dependencies (or all scanners) are licensed to allow > > redistribution. > > Okay, you've got me. I don't really care that much about virus > scanning anyways. It was "bayes filtering" and "web interface" + > "steps I could actually follow" that hooked me in to this particular > HOWTO. If you've got a better HOWTO for doing bayes filtering plus a > reasonably easy to use interface for training the filter then I'm all > ears. (web interface, mail interface, it's all the same to me if > it's fairly easy to use.) Bonus points if it's something a novice > like me has a chance of installing in some reasonable time-frame. > > For the record, I'm doing this stuff in a commercial setting, but I'm > in-house so I'm only really in need of freedom 0 at this point. > > > All of this means you'll be using the ports tree to install your > > antivirus gateway. > > Well, from what little I know, I'd like to avoid this if at all > possible... Then again, I probably should at least stay current with > the latest "stable" and I believe I read the word ports somewhere in > that process. > > Of course the download line from the HOWTO I've been using: > lynx > http://www.ijs.si/software/amavisd/amavisd-new-20030616-p10.tar.gz > > Made me think this was a manual install, rather than a use of ports. > > ---<everyone>--- > > You guys have definitely answered: > Question #1: Why can't I find freeze? > > The only thing I'm still pondering a bit is: > Question #2: What am I missing? > > ie: Would I be better off doing something else? I almost chose > sendmail early on since it is built into OpenBSD, but was a bit put > off by all the configuration horror stories, so I stuck with > postfix... > > I'm pretty fond of OpenBSD because of all the neat things I've been > able to do using pf and various other networking tools in the past, > but I've definitely never tried to use it as a mail server before > (built-in OpenBSD server management via email doesn't count), nor > have I run it as a hardened external box in any kind of production > setting... (Okay, this is a DMZ, but that doesn't really change my > hardening goals.) > > Thanks for your time and input. > > -Bob > [EMAIL PROTECTED] > > P.S. - I'm a programmer, not a sys admin. Just in case that affects > anything.
Sorry to the list for the lengthy quote and post... My guess for why the "freeze" packaged failed to install (i.e. problems with your PKG_PATH var) was wrong. It seems the real reason is because the package is not on any mirror. -When a package is missing from OpenBSD mirrors but a port exists in the tree, you can be reasonably certain the reason for the missing package is a bad license. There are some concepts you need to grasp. 1.) For an antivirus or spam scanner to work effectively, the scanner must be able to read the data which is sent to it. 2.) Both virus writers, and to a lesser degree, spammers, use compression to hide their malicious crap. -In hopes of preventing #1 above and by-passing scanners/filters. 3.) There are literally countless types of file compression out there but there are only a dozen or two which get regular daily use. In order to accomplish #1, you need to be able to decompress the majority of "normally used" types of compression 4.) Some of the "regularly used" types of compression are proprietary and have strict (or strange) licenses. The reason you can not find an OpenBSD package of freeze is most likely due to it's license forbidding redistribution and/or modification and/or redistributions of modified versions... -or whatever silly clause they put in their license. 5.) The idea of "How-To" documents is often discouraged because they will rob you of much needed pain and suffering -more accurately called "learning how stuff really works." 6.) Learning to use the OpenBSD ports tree is in your best interest and is nowhere near as difficult as you imagine. In fact, the ports system is *very* easy to use. Of course, packages are even easier to use but since some of the ported applications (like the decompression utilities) have rotten licenses, there is no way to provide packages for everything contained within the ports tree. 7.) Both packages and the ports they are built from have dependencies. In a case where we are forbidden from redistributing a package because of it's crappy licenses, the application you want to install (amavis) may still depend on things (freeze) which do not have packages. In such cases, the *only* way you can use/install the needed dependencies is by using the ports tree. Yes, it is a pain in the ass but it is the best *anyone* can do without breaking the law... -and yes again, there are projects which don't give a damn about licenses and do package and redistribute everything regardless of the license terms. You can (and many do) build a spam filtering host that does not search within compressed archive attachments but on the anti-virus side of life, it would be very unwise to pass such files without scanning inside of them. If you really want to get a handle on your spam problems, the best idea is to start with the tools available within the base system, namely tossing an OpenBSD box with spamd and greylisting in front of your MX. Evaluate your results and then work from there adding other stuff like black listing, spam filtering, anti-virus scanning and other stuff. Kind Regards, JCR -- cd ~. -Almost Home
