Re: Inode numbering
Because I didn't find sufficient informations and "try and error" would be incomplete (and insecure regarding the result), I'd like to ask the following question: Let's assume we have a directory D with an inode number i(D). It contains a file F with its inode number i(F). May I state that i(D) < i(F)? usually but not always. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing Samba : FreeBSD Vs Linux ?
Charles Mason wrote: On Fri, Oct 17, 2008 at 4:42 PM, Wojciech Puchar <[EMAIL PROTECTED]> wrote: I am very interrested by feedback of "real world" samba admins running it with FreeBSD or Linux , my boss push hardly to use Linux but I would much prefer FreeBSD do what your boss wants. it's his company, and it's his right to make bad decision ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" If he's a good boss (as the poster seem to be implying) then he will be asking because he hasn't made his mind up his mind completely, but yeah don't get fired over it :) From what I have seen, both are perfectly capable and since its samba that will be doing most of the actual work its probably doesn't matter that much. Of course the next question if he goes with Linux, is which distro. Perhaps the question should be FreeBSD v Red Hat v Ubuntu v SUSE v latest flavour of the month. Since keeping it patched is essential, these sorts of admin features do matter. I am not sure what File System you plan on using but FreeBSD does have one killer feature Linux doesn't, ZFS. Linux thanks to licensing issues doesn't really have a solid implementation yet (although there have been attempts). If you need its features and can put a decent amount of RAM in to the file server, to good be a good choice and perhaps just the angle you are looking for. To be honest I haven't used ZFS in serious production yet although I have been running it at home on my DIY 1.25tb NAS without any issues for nearly a year. Still if you have spent a lot an expensive RAID system disabling it and using ZFS's superior (unless you really spent a lot on that RAID hardware) redundancy may not go down to well. Hope that's of some help. Charlie M Hello Thanks for your answer, filesystem is not really my problem I'll use a Netapp server for home directories. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing Samba : FreeBSD Vs Linux ?
hello list, a little story about samba and FreeBSD. I had to make a file server for a company that uses a program for accounting. that software works with lots of files to do the job. the software admin told me that the permissions should be very open on the directories and files so i made them 0777. the software worked like a charm for about 2 months but after that at some point the client couldn't access the files on the samba server. The files were there with the correct permissions but the software refused to access them with an error that they don't exist. I've tried to debug samba but couldn't find a clue, i have updated FreeBSD because i thought that the problem is with seekdir because the software was usign lot of files and directories. That didn't solve the problem either. I have searched the web for a guidance but couldn't find any. The interesting part comes when the company decided to change the OS to openSUSE. That did the trick. So first thing that comes in mind is that FreeBSD + samba + that accounting software just don't work together. I didn't had the chance to debug it as i should because they needed a fix ASAP. I have always used FreeBSD for web/file/VoIP server and never had a problem. I even have a FBSD box that server as a file server and there are lots of files and 10 depth directories and it works like a charm. I have no conclusions, is just a story of my own to help you make an opinion. all the best, v On Mon, Oct 20, 2008 at 10:20 AM, Frank Bonnet <[EMAIL PROTECTED]> wrote: > Charles Mason wrote: > >> On Fri, Oct 17, 2008 at 4:42 PM, Wojciech Puchar >> <[EMAIL PROTECTED]> wrote: >> >>> I am very interrested by feedback of "real world" samba admins running it with FreeBSD or Linux , my boss push hardly to use Linux but I would much prefer FreeBSD >>> do what your boss wants. it's his company, and it's his right to make bad >>> decision >>> ___ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to " >>> [EMAIL PROTECTED]" >>> >>> >> If he's a good boss (as the poster seem to be implying) then he will >> be asking because he hasn't made his mind up his mind completely, but >> yeah don't get fired over it :) >> >> From what I have seen, both are perfectly capable and since its samba >>> >> that will be doing most of the actual work its probably doesn't matter >> that much. Of course the next question if he goes with Linux, is which >> distro. Perhaps the question should be FreeBSD v Red Hat v Ubuntu v >> SUSE v latest flavour of the month. Since keeping it patched is >> essential, these sorts of admin features do matter. >> >> I am not sure what File System you plan on using but FreeBSD does have >> one killer feature Linux doesn't, ZFS. Linux thanks to licensing >> issues doesn't really have a solid implementation yet (although there >> have been attempts). If you need its features and can put a decent >> amount of RAM in to the file server, to good be a good choice and >> perhaps just the angle you are looking for. >> >> To be honest I haven't used ZFS in serious production yet although I >> have been running it at home on my DIY 1.25tb NAS without any issues >> for nearly a year. Still if you have spent a lot an expensive RAID >> system disabling it and using ZFS's superior (unless you really spent >> a lot on that RAID hardware) redundancy may not go down to well. >> >> Hope that's of some help. >> >> Charlie M >> > > Hello > > Thanks for your answer, filesystem is not really my problem I'll > use a Netapp server for home directories. > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing Samba : FreeBSD Vs Linux ?
On Mon, Oct 20, 2008 at 11:33 AM, Valentin Bud <[EMAIL PROTECTED]> wrote: > hello list, > a little story about samba and FreeBSD. > I had to make a file server for a company that uses a program for > accounting. that software works with lots of files to do the job. > > the software admin told me that the permissions should be very open on the > directories and files > so i made them 0777. the software worked like a charm for about 2 months but > after that > at some point the client couldn't access the files on the samba server. > The files were there with the correct permissions but the software refused > to access them with > an error that they don't exist. I've tried to debug samba but couldn't find > a clue, i have updated > FreeBSD because i thought that the problem is with seekdir because the > software was usign lot of files > and directories. That didn't solve the problem either. > I have searched the web for a guidance but couldn't find any. The > interesting part comes when > the company decided to change the OS to openSUSE. That did the trick. So > first > thing that comes in mind is that FreeBSD + samba + that accounting software > just don't work together. > I didn't had the chance to debug it as i should because they needed a fix > ASAP. > > I have always used FreeBSD for web/file/VoIP server and never had a problem. > I even have a FBSD > box that server as a file server and there are lots of files and 10 depth > directories and it works like a charm. > > I have no conclusions, is just a story of my own to help you make an > opinion. > Are you using the same samba config file from FreeBSD on OpenSUSE? Do you mind showing us that smb.conf -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Oh My God! They killed init! You Bastards!" --from a /. post ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing Samba : FreeBSD Vs Linux ?
Hello list, On Mon, Oct 20, 2008 at 11:03 AM, Odhiambo Washington <[EMAIL PROTECTED]>wrote: > On Mon, Oct 20, 2008 at 11:33 AM, Valentin Bud <[EMAIL PROTECTED]> > wrote: > > hello list, > > a little story about samba and FreeBSD. > > I had to make a file server for a company that uses a program for > > accounting. that software works with lots of files to do the job. > > > > the software admin told me that the permissions should be very open on > the > > directories and files > > so i made them 0777. the software worked like a charm for about 2 months > but > > after that > > at some point the client couldn't access the files on the samba server. > > The files were there with the correct permissions but the software > refused > > to access them with > > an error that they don't exist. I've tried to debug samba but couldn't > find > > a clue, i have updated > > FreeBSD because i thought that the problem is with seekdir because the > > software was usign lot of files > > and directories. That didn't solve the problem either. > > I have searched the web for a guidance but couldn't find any. The > > interesting part comes when > > the company decided to change the OS to openSUSE. That did the trick. So > > first > > thing that comes in mind is that FreeBSD + samba + that accounting > software > > just don't work together. > > I didn't had the chance to debug it as i should because they needed a fix > > ASAP. > > > > I have always used FreeBSD for web/file/VoIP server and never had a > problem. > > I even have a FBSD > > box that server as a file server and there are lots of files and 10 depth > > directories and it works like a charm. > > > > I have no conclusions, is just a story of my own to help you make an > > opinion. > > > > Are you using the same samba config file from FreeBSD on OpenSUSE? > Do you mind showing us that smb.conf. Unfortunately i didn't configured the OpenSUSE server so i don't have access to the box. AFAIK the configuration is the same. Standard samba config file just changing the netbios name and adding the shares. In the next few weeks i will be able to access the box and i will come back with the both setups. I forgot to mention that i used FBSD 6.2. all the best, v > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > "Oh My God! They killed init! You Bastards!" >--from a /. post > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DHCP release/renew lease - elegant solution?
On Friday 17 October 2008 23:24:00 Nerius Landys wrote: > I have an always-on FreeBSD box which is connected to the internet. My ISP > is some cable company and the IP address is determined via DHCP; I used to > always get the same IP address but recently the address seems to be > changing very frequently whenever I reboot the machine. > > My problem is that recently, after being on for a day or so, the internet > connection to the FreeBSD box breaks down, it stops working or becomes very > intermittent/flaky. I then reboot the machine, and thereafter it usually > uses a new IP address and the internet connection returns fo running fine. > There is no need to reboot the cable modem. If this is an always on machine, it makes no sense, unless the ISP is doing agressive accounting on there IP's: - give out a lease for x hours - but invalidate it anyway after http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Disable kontact/kmail automatic activation
On Saturday 18 October 2008 17:49:26 Benzi Mizrahi wrote: > Hello all, > > I am running FreeBSD 7.1-PRERELEASE #2 with KDE: 3.5.10. > A few *PORTUPGRADEs* ago , I can't recall when, I noticed > that when KDE is started, usually after system startup , kontact > application is started automatcally, which I 'd like to disable. > > Kde is started from /etc/ttys, and I have no automatic > activation for any apps from $HOME/.kde/Autostart. I 'd like to > be able to call kmail at my own will. Can you please tell how can > I disable kontact automatic activation? This has little to do with portupgrade or FreeBSD. You have shut down a session with Kmail active. Shut the session down without KMail active and problem solved. Please note that, Kmail minimizes to systray, unless you use ctrl-q or File => Quit, so you might think it's gone when it's not. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mounting an MP3 player?
Hello, > Message: 3 > Date: Sun, 19 Oct 2008 14:57:43 +0100 > From: dgmm <[EMAIL PROTECTED]> > Subject: Re: mounting an MP3 player? > [...] > > Have you tried just mounting da0 etc? The may not be any slices. yes, I tried all /dev/da*; in each case the result was mount: /dev/da...: Device not configured > -- > Dave Johannes-Maria ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mounting an MP3 player?
On Mon, Oct 20, 2008 at 03:51:20PM +0200, Johannes-Maria Kaltenbach wrote: > > Hello, > > > Message: 3 > > Date: Sun, 19 Oct 2008 14:57:43 +0100 > > From: dgmm <[EMAIL PROTECTED]> > > Subject: Re: mounting an MP3 player? > > > [...] > > > > Have you tried just mounting da0 etc? The may not be any slices. > > yes, I tried all /dev/da*; in each case the result was > mount: /dev/da...: Device not configured One thing people here haven't mentioned is that device quirks (meaning: "one-offs" in the driver code) might be required to get this device to work. It's a common problem, and exists in many operating systems. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: DHCP release/renew lease - elegant solution?
On Mon, Oct 20, 2008 at 03:26:39PM +0200, Mel wrote: > On Friday 17 October 2008 23:24:00 Nerius Landys wrote: > > > I have an always-on FreeBSD box which is connected to the internet. > > My ISP is some cable company and the IP address is determined via > > DHCP; I used to always get the same IP address but recently the > > address seems to be changing very frequently whenever I reboot the > > machine. > > If this is an always on machine, it makes no sense, unless the ISP is > doing agressive accounting on there IP's: > - give out a lease for x hours > - but invalidate it anyway after > Doing a periodic dhclient -r would probably fix your problem, though > the correct solution would be to complain with your ISP and switch to > the competition if they don't get their stuff together. It would help if Nerius would spend some time in the system logs and dhclient man page to determine the state when his machine goes deaf. I suspect firewall rules using static host IP address. Believe I have also see this happen with natd, Once Upon A Time natd needed to be restarted when the external IP address changed. Is possible for dhclient to do this automatically. As for a static IP address, many ISPs charge extra for this feature. One ISP I deal with rotates our IP address every 18 to 48 hours and isn't courteous enough to do it on a regular schedule or wait until off hours. Means we have a couple of minutes of down time most every day when the router recovers. -- David Kelly N4HHE, [EMAIL PROTECTED] Whom computers would destroy, they must first drive mad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Disable kontact/kmail automatic activation
On Saturday 18 October 2008, Benzi Mizrahi wrote: > Hello all, > > I am running FreeBSD 7.1-PRERELEASE #2 with KDE: 3.5.10. > A few *PORTUPGRADEs* ago , I can't recall when, I noticed > that when KDE is started, usually after system startup , > kontact application is started automatcally, which I 'd like to > disable. Make sure you have no applications started in your KDE session, apart from any that you'd like to start each time, then click on the "Save Session" option in the main KDE menu. After doing this open up the Control Center and select the "Restore manually saved session" option in the Session Manager section. Alternatively, if you don't want anything to start up, miss out the "Save Session" step and use the "Start with an empty session" option in the Session Manager. -- Mike Clarke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
custom freebsd cd
Hello list, I have a FBSD box that runs as a web/mail server to provide access to a web based application. I want to build a custom FBSD 7.0 installation disk. By custom I mean: 1. automatic disk partition based on a scheme i provide. 2. automatic installation of the needed packages as well as the config files. I plan to update the packages which i might keep on a ftp server on remake the installation disk anytime i make package updates. 3. automatic "installation" of all the php/html/perl/sh scripts needed to run the application. Basically i want a disk that you put it in the cdrom and installs the system, packages and all the necessary scripts to run the application. More than that a modified kernel to allow pf, as well as the pf configuration file. The installation will always be on the same hardware in case of failure. So can you please give me hints as well as opinions how should i start this. What alternatives should i consider? thank you, v ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bsdlabel partiton c error message on new install
On Fri, Oct 17, 2008 at 05:22:07AM -0700, Jeremy Chadwick wrote: > On Fri, Oct 17, 2008 at 02:13:45PM +0200, andys wrote: > > Hi, > > > > on a newly installed FreeBSD 7.0 system on a dell 1950 server I see the > > following error from bsdlabel. Is there any known issues with this or is > > the only reasonable explanation that I have managed to mess it up without > > even knowing? :P And should I manually change the partition c to fix the > > prob? Is this safe to do? > > > > bsdlabel -A /dev/da0s1 > > # /dev/da0s1: > > type: SCSI > > disk: da0s1 > > label: > > flags: > > bytes/sector: 512 > > sectors/track: 63 > > tracks/cylinder: 255 > > sectors/cylinder: 16065 > > cylinders: 17750 > > sectors/unit: 285155328 > > rpm: 3600 > > interleave: 1 > > trackskew: 0 > > cylinderskew: 0 > > headswitch: 0 # milliseconds > > track-to-track seek: 0 # milliseconds > > drivedata: 0 > > > > 8 partitions: > > #size offsetfstype [fsize bsize bps/cpg] > > a: 2097152004.2BSD 2048 16384 28552 > > b: 20971520 75497472 swap > > c: 2851536870unused0 0 # "raw" part, > > don't edit > > d: 20971520 209715204.2BSD 2048 16384 28552 > > e: 20971520 419430404.2BSD 2048 16384 28552 > > f: 12582912 629145604.2BSD 2048 16384 28552 > > bsdlabel: partition c doesn't cover the whole unit! > > bsdlabel: An incorrect partition c may cause problems for standard system > > utilities > > It's complaining that 285153687 (see "c" partition) does not equal > 285155328 (see "sectors/unit" up top). > > > thanks for any advice, Im not really confident with the FreeBSD disk > > management as I havent used it much, > > I'm left wondering why you're messing around with bsdlabel on a FreeBSD > install in the first place. :-) Do you mean - as apposed to letting sysinstall handle it? Yah, I would let sysinstall do the disk mangling, but maybe he did something else. jerry > > -- > | Jeremy Chadwickjdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bsdlabel partiton c error message on new install
On Sun, Oct 19, 2008 at 03:31:07PM +0100, Andy Smith wrote: > >Hi Jerry, > ok thanks for the answer, its not very good news for me ;( as Ive >already done alot of config and installed alot of apps, but anyway >thats my problem now! >cheers Andy! > Interesting, you seemed to have seen my reply before I sent it... This format is much better - plain text in the body of the message. Sorry that starting over might be needed. See if you can discover along the way where the problem might have started. I usually take sequential notes as I do an install just in case I have to do it over, so I don't have to think so hard the next time... jerry >- Original Message >From: "Jerry McAllister" <[EMAIL PROTECTED]> >To: "andys" <[EMAIL PROTECTED]> >Cc: freebsd-questions@freebsd.org >Subject: Re: bsdlabel partiton c error message on new install >Date: 17/10/08 18:11 >On Fri, Oct 17, 2008 at 02:13:45PM +0200, andys wrote: >> Hi, >> >> on a newly installed FreeBSD 7.0 system on a dell 1950 server I see >the >> following error from bsdlabel. Is there any known issues with this >or is >> the only reasonable explanation that I have managed to mess it up >without >> even knowing? :P And should I manually change the partition c to fix >the >> prob? Is this safe to do? >> >> bsdlabel -A /dev/da0s1 >> # /dev/da0s1: >> type: SCSI >> disk: da0s1 >> label: >> flags: >> bytes/sector: 512 >> sectors/track: 63 >> tracks/cylinder: 255 >> sectors/cylinder: 16065 >> cylinders: 17750 >> sectors/unit: 285155328 >> rpm: 3600 >> interleave: 1 >> trackskew: 0 >> cylinderskew: 0 >> headswitch: 0 # milliseconds >> track-to-track seek: 0 # milliseconds >> drivedata: 0 >> >> 8 partitions: >> # size offset fstype [fsize bsize bps/cpg] >> a: 20971520 0 4.2BSD 2048 16384 28552 >> b: 20971520 75497472 swap >> c: 285153687 0 unused 0 0 # "raw" part, don't >> edit >> d: 20971520 20971520 4.2BSD 2048 16384 28552 >> e: 20971520 41943040 4.2BSD 2048 16384 28552 >> f: 12582912 62914560 4.2BSD 2048 16384 28552 >> bsdlabel: partition c doesn't cover the whole unit! >> bsdlabel: An incorrect partition c may cause problems for standard >system >> utilities >> >> thanks for any advice, Im not really confident with the FreeBSD disk >> management as I havent used it much, >If you were using sysinstall, I am not sure how this would come up. >Do you have more than one slice on the disk - that which MS refers >to as a 'primary partition'? Something you might do to create a >'dual boot' machine. >Are you in the position where you can just wipe it and do a >reinstall? I wouldn't just move or resize the c partition after >the fact. >The c partition should be equal to the size of the slice it is in. >That should just be true after the fdisk part of the operation unless >there is something wrong with the size or alignment of the slice >itself. And, in that case, I would expect it to have complained >way back in the sysinstall-fdisk part of the process. >So, I would start over if I could. >Just some pictorial perspective to make it easier (I hope) to >visualize. >Whole device > >| slice 1 : FreeBSD Slice 2 : slice 3 : Slice 4 | >| : : : | >| :<- partition c ->: : | >|Some MS thing : ' ' ' ' : Some Linux : Extra | >| :pa' pb ' pd ' pe ' pn: thing : slice | >| : ' ' ' ' : : | >| : ' ' ' ' : : | >- >A device (whole disk) can have up to 4 slices labeled 1..4. >Each slice can be of different types. >MS calls slices 'primary partitions'. >Each FreeBSD type slice can be divided in to "8" (really 7) partitions >that are labeled a..h. But, c must be used to define the whole slice. >Slices are created by fdisk. Fdisk also writes the device's MBR. >Partitions are created by bsdlabel (disk label in early versions of >FreeBSD) >bsdlabel also writes the slice's boot block. >It is possible to leave empty space in the whole disk that is not >allocated to any slice or within any given slice that is not allocated >to any partition. The total of a..h not counting c, plus any non- >allocated space, must add up to c. >It is possible to create what someone has dubbed a 'dangerously >dedicated' >disk and just not create slices, but just use bsdlabel to divide the >whole disk in to FreeBSD partitions a-h. The c partition must still >refer to the whole space available for FreeBSD partitioning. >I think it is also possible to just newfs the disk without using >either fdisk or bsdlabel and create one filesystem without slices >or parti
Re: mounting an MP3 player?
On Mon, Oct 20, 2008 at 06:37:50AM -0700, Jeremy Chadwick wrote: > On Mon, Oct 20, 2008 at 03:51:20PM +0200, Johannes-Maria Kaltenbach wrote: > > > > Hello, > > > > > Message: 3 > > > Date: Sun, 19 Oct 2008 14:57:43 +0100 > > > From: dgmm <[EMAIL PROTECTED]> > > > Subject: Re: mounting an MP3 player? > > > > > [...] > > > > > > Have you tried just mounting da0 etc? The may not be any slices. > > > > yes, I tried all /dev/da*; in each case the result was > > mount: /dev/da...: Device not configured > > One thing people here haven't mentioned is that device quirks (meaning: > "one-offs" in the driver code) might be required to get this device to > work. It's a common problem, and exists in many operating systems. Part of the problem (revealed in a private communication) was that the device permissions were incorrect; they were _write only_. :-/ Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpPA7Jlj33Lo.pgp Description: PGP signature
RE: I've just found a new and interesting spam source - legitimatebounce messages
> The term coined for this type of mail is "backscatter". > > There is no easy solution for this. The backscatter article on > postfix.org, for example, caused our mail servers to start rejecting > mail that was generated from PHP scripts and CGIs on our own systems, > which makes no sense. The article: > > http://www.postfix.org/BACKSCATTER_README.html > > If the backscatter is all directed to a single Email address (rather > than a series of addresses, e.g. [EMAIL PROTECTED], and > you have [EMAIL PROTECTED] accepted), then a solution is to reject > mail with an RCPT TO of an account or virtual address that does not > exist on your machine. > > This, of course, has a wonderful side effect: spammers now have a way to > detect what Email addresses on your box legitimately accept mail, thus > once they find one which never gets a bounceback, will start pounding > that address to kingdom come. > > Let me know if you do find a reliable, decent solution that does not > involve SPF or postfix header_checks or body_checks. > The following doesn't fix the problem but it does help mitigate the deluge. We use a PERL script to tail our maillogs looking for any source IP that tries to send mail to more than 4 invalid addresses. When flagged, that IP is then added to a PF table that blocks the address and issues RST's for 12 hours. Of course, we also have a whitelist for "valid" SMTP servers. Like I said, it doesn't catch it all, but it catches *a lot* and generates almost no complaints. This does help obfuscate the valid/invalid addresses because all mail is accepted as far as the sender is concerned until the IP is blocked at the network layer. The usual complaint is from an remote office that has 12 real estate agents behind a single IP, all with Outlook set to check mail "sooner than now." :-) Mike PGP.sig Description: PGP signature
Re: Installing Samba : FreeBSD Vs Linux ?
the software admin told me that the permissions should be very open on the directories and files so i made them 0777. the software worked like a charm for about 2 months but after that at some point the client couldn't access the files on the samba server. if it could work for 2 months and then refused - something must have been changed on the client software side. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I've just found a new and interesting spam source - legitimatebounce messages
On Monday 20 October 2008, Michael K. Smith - Adhost said: > > The term coined for this type of mail is "backscatter". > > > > There is no easy solution for this. The backscatter article on > > postfix.org, for example, caused our mail servers to start > > rejecting mail that was generated from PHP scripts and CGIs on > > our own systems, which makes no sense. The article: > > > > http://www.postfix.org/BACKSCATTER_README.html > > > > If the backscatter is all directed to a single Email address > > (rather than a series of addresses, e.g. > > [EMAIL PROTECTED], and you have [EMAIL PROTECTED] > > accepted), then a solution is to reject mail with an RCPT TO of > > an account or virtual address that does not exist on your > > machine. > > > > This, of course, has a wonderful side effect: spammers now have a > > way to detect what Email addresses on your box legitimately > > accept mail, thus once they find one which never gets a > > bounceback, will start pounding that address to kingdom come. > > > > Let me know if you do find a reliable, decent solution that does > > not involve SPF or postfix header_checks or body_checks. > > The following doesn't fix the problem but it does help mitigate the > deluge. We use a PERL script to tail our maillogs looking for any > source IP that tries to send mail to more than 4 invalid addresses. > When flagged, that IP is then added to a PF table that blocks the > address and issues RST's for 12 hours. Of course, we also have a > whitelist for "valid" SMTP servers. Like I said, it doesn't catch > it all, but it catches *a lot* and generates almost no complaints. > This does help obfuscate the valid/invalid addresses because all > mail is accepted as far as the sender is concerned until the IP is > blocked at the network layer. > > The usual complaint is from an remote office that has 12 real > estate agents behind a single IP, all with Outlook set to check > mail "sooner than now." :-) > > Mike SpamAssassin also has a backscatter feature, you just have to enable it. It tags backscatter and hands it off to procmail. From there you can easily do whatever you want with the tagged mail including kick off a script to block the offending IP. In my case I just dump it along with any spam to /dev/null. It works so well I had to bounce a couple of emails just to make sure it wasn't also grabbing mine. Nope, anything I bounce gets delivered. My backscatter is now virtually zero. Of course like everything else SpamAssassin it's tuneable. It's a very good solution without a lot of heavy lifting. Beech -- --- Beech Rintoul - FreeBSD Developer - [EMAIL PROTECTED] /"\ ASCII Ribbon Campaign | FreeBSD Since 4.x \ / - NO HTML/RTF in e-mail | http://people.freebsd.org/~beech X - NO Word docs in e-mail | Skype: akbeech / \ - http://www.FreeBSD.org/releases/7.0R/announce.html --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
High Performance Computing Mini-Cluster
Hello, i am interested in setting up a small cluster, of about 5 machines to show how this can work on a university environment. Its kind of a pitch to university authorities to show them how this work so they can think on investing top dollars on it. We have a bunch of workstations running FreeBSD, However as i been reading through the documentation, the canonical situacion would be a environment where the machines netboot over the server, get most of their partitions over NFS and have NIS installed so users can authenticate at the server and share resources available at the cluster. My question is, it is possible to just install SGE, grid Mathematica (or maybe MPI, open-MPI, a custom application), share the home directory over NFS, copy some ssh keys to the other nodes and run them like a cluster?. Please someone with more experience on this kind of install help me with a series of steps designed on how to get this running. Regards Gerardo Paredes __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: page fault while in kernel mode
On Sun, 2008-10-19 at 13:16 -0700, Jeremy Chadwick wrote: > On Sun, Oct 19, 2008 at 03:50:01PM -0400, Robert Fitzpatrick wrote: > > I took a working 5.4-i386 server and trying to convert its RAID 5 to > > RAID 10 and load 7.0 amd64. I kept getting BTX halted even after > > flashing the latest bios and firmware for the raid card, Intel SRCZCR, > > in this dual Xeon 2.4GHz supermicro superserver. I have another server, > > bit newer, but same basic hardware makeup with Xeon 3.0 procs that runs > > 6.1-amd64 fine. Anyway, so I have resorted to the i386 version of 7.0 to > > see if the server is just incapable of running amd64, which after > > passing the initial boot where amd64 failed, now gives me the subject > > error after some reference to GEOM_LABEL. I did rebuild the RAID to > > RAID-10, can someone tell me what this error means? > > > > http://columbus.webtent.org/freebsd.png > > Can you please try 7.1-BETA2 instead (ISOs are now available)? There > have been fixes/improvements to BTX since 7.0-RELEASE which could fix > your problem. > Thanks, but that didn't work either trying 7.1-BETA2 amd64 :( Forgot to mention I added memory to this server as well, took it from 2GB it was using under 5.4-RELEASE up to 6GB filling all slots, that is why I wanted to load amd64. I reduced down to 4GB and now am able to install 7.0-RELEASE i386. Does this mean that I may have a hardware issue or can FreeBSD produce the page fault I was getting when using over 4GB with i386? I would love to figure out this BTX halted issue instead...any ideas on that? -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: page fault while in kernel mode
On Mon, Oct 20, 2008 at 12:07:17PM -0400, Robert Fitzpatrick wrote: > On Sun, 2008-10-19 at 13:16 -0700, Jeremy Chadwick wrote: > > On Sun, Oct 19, 2008 at 03:50:01PM -0400, Robert Fitzpatrick wrote: > > > I took a working 5.4-i386 server and trying to convert its RAID 5 to > > > RAID 10 and load 7.0 amd64. I kept getting BTX halted even after > > > flashing the latest bios and firmware for the raid card, Intel SRCZCR, > > > in this dual Xeon 2.4GHz supermicro superserver. I have another server, > > > bit newer, but same basic hardware makeup with Xeon 3.0 procs that runs > > > 6.1-amd64 fine. Anyway, so I have resorted to the i386 version of 7.0 to > > > see if the server is just incapable of running amd64, which after > > > passing the initial boot where amd64 failed, now gives me the subject > > > error after some reference to GEOM_LABEL. I did rebuild the RAID to > > > RAID-10, can someone tell me what this error means? > > > > > > http://columbus.webtent.org/freebsd.png > > > > Can you please try 7.1-BETA2 instead (ISOs are now available)? There > > have been fixes/improvements to BTX since 7.0-RELEASE which could fix > > your problem. > > > > Thanks, but that didn't work either trying 7.1-BETA2 amd64 :( > > Forgot to mention I added memory to this server as well, took it from > 2GB it was using under 5.4-RELEASE up to 6GB filling all slots, that is > why I wanted to load amd64. I reduced down to 4GB and now am able to > install 7.0-RELEASE i386. Does this mean that I may have a hardware > issue or can FreeBSD produce the page fault I was getting when using > over 4GB with i386? i386 cannot address more than 4GB unless the kernel is built with PAE mode enabled. This isn't enabled in GENERIC for many (justified) reasons. If you have more than 4GB, you should be using amd64, so you made the right decision there. > I would love to figure out this BTX halted issue instead...any ideas > on that? Boot loader problems are difficult to figure out/debug for reasons which should be obvious. I'm CC'ing John Baldwin here, who has experience with BTX. He might be able to shed some light on this. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: I've just found a new and interesting spam source - legitimatebounce messages
--On Monday, October 20, 2008 10:24:28 -0500 "Michael K. Smith - Adhost" <[EMAIL PROTECTED]> wrote: Let me know if you do find a reliable, decent solution that does not involve SPF or postfix header_checks or body_checks. The following doesn't fix the problem but it does help mitigate the deluge. We use a PERL script to tail our maillogs looking for any source IP that tries to send mail to more than 4 invalid addresses. When flagged, that IP is then added to a PF table that blocks the address and issues RST's for 12 hours. Of course, we also have a whitelist for "valid" SMTP servers. Like I said, it doesn't catch it all, but it catches *a lot* and generates almost no complaints. This does help obfuscate the valid/invalid addresses because all mail is accepted as far as the sender is concerned until the IP is blocked at the network layer. The usual complaint is from an remote office that has 12 real estate agents behind a single IP, all with Outlook set to check mail "sooner than now." :-) The best solution *by far* that I have found for spam (using Postfix) is mail/postfix-policyd-weight. It routinely rejects 50 to 70% of incoming mail with no false positives. It took *very* little tweaking to get it to this point, and it rejects the mail before postfix even deals with it. I use spamassassin as well, but policyd-weight does the heavy lifting. Here's one example of a rejected email: Oct 20 11:11:16 mail postfix/policyd-weight[77973]: weighted check: IN_DYN_PBL_SPAMHAUS=3.25 NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=4.75 REV_IP_EQ_HELO=-1.25 NOK_HELO_SEEMS_DIALUP=5 (check from: .hinet. - helo: .dsl.dynamic8121373125.ttnet. - helo-domain: .ttnet.) FROM/MX_MATCHES_NOT_UNVR_HELO(DOMAIN)=4.85 CLIENT_NOT_MX/A_FROM_DOMAIN=4.75 CLIENT/24_NOT_MX/A_FROM_DOMAIN=4.75; <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>; rate: 21.6 Oct 20 11:11:16 mail postfix/policyd-weight[77973]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; please relay via your ISP (ms35.hinet.net); Please use DynDNS; <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>; delay: 8s Anything above 1 is rejected. This email scored 21.6, which is off the charts. It even does greylisting. Oct 20 10:45:47 mail postfix/policyd-weight[28339]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>; delay: 0s Oct 20 10:46:51 mail postfix/policyd-weight[28339]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>; delay: 0s It does let some spam through, which spamassassin catches, but it rejects all the bogus stuff (fake hostnames, bogus MTAs, forged from addresses, etc., etc.) -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
RE: High Performance Computing Mini-Cluster
> Date: Mon, 20 Oct 2008 08:19:28 -0700 > From: [EMAIL PROTECTED] > To: freebsd-questions@freebsd.org > Subject: High Performance Computing Mini-Cluster > > Hello, i am interested in setting up a small cluster, of about 5 machines to > show how this can work on a university environment. Its kind of a pitch to > university authorities to show them how this work so they can think on > investing top dollars on it. We have a bunch of workstations running > FreeBSD, However as i been reading through the documentation, the canonical > situacion would be a environment where the machines netboot over the server, > get most of their partitions over NFS and have NIS installed so users can > authenticate at the server and share resources available at the cluster. > not an answer to your question, but you might be interested by this http://mini-itx.com/projects/cluster/ might give you some insight into what you are looking for -Sean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I've just found a new and interesting spam source - legitimatebounce messages
On Mon, Oct 20, 2008 at 11:16:31AM -0500, Paul Schmehl wrote: > --On Monday, October 20, 2008 10:24:28 -0500 "Michael K. Smith - Adhost" > <[EMAIL PROTECTED]> wrote: > >>> >>> Let me know if you do find a reliable, decent solution that does not >>> involve SPF or postfix header_checks or body_checks. >>> >> >> The following doesn't fix the problem but it does help mitigate the deluge. >> We use a PERL script to tail our maillogs looking for any source IP that >> tries to send mail to more than 4 invalid addresses. When flagged, that IP >> is then added to a PF table that blocks the address and issues RST's for 12 >> hours. Of course, we also have a whitelist for "valid" SMTP servers. Like I >> said, it doesn't catch it all, but it catches *a lot* and generates almost no >> complaints. This does help obfuscate the valid/invalid addresses because all >> mail is accepted as far as the sender is concerned until the IP is blocked at >> the network layer. >> >> The usual complaint is from an remote office that has 12 real estate agents >> behind a single IP, all with Outlook set to check mail "sooner than now." >> :-) >> > > The best solution *by far* that I have found for spam (using Postfix) is > mail/postfix-policyd-weight. It routinely rejects 50 to 70% of incoming > mail with no false positives. It took *very* little tweaking to get it > to this point, and it rejects the mail before postfix even deals with it. > I use spamassassin as well, but policyd-weight does the heavy lifting. > > Here's one example of a rejected email: > > Oct 20 11:11:16 mail postfix/policyd-weight[77973]: weighted check: > IN_DYN_PBL_SPAMHAUS=3.25 NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 > NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=4.75 REV_IP_EQ_HELO=-1.25 > NOK_HELO_SEEMS_DIALUP=5 (check from: .hinet. - helo: > .dsl.dynamic8121373125.ttnet. - helo-domain: .ttnet.) > FROM/MX_MATCHES_NOT_UNVR_HELO(DOMAIN)=4.85 > CLIENT_NOT_MX/A_FROM_DOMAIN=4.75 CLIENT/24_NOT_MX/A_FROM_DOMAIN=4.75; > > <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>; rate: 21.6 > Oct 20 11:11:16 mail postfix/policyd-weight[77973]: decided action=550 > Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to > correct HELO and DNS MX settings or to get removed from DNSBLs; please > relay via your ISP (ms35.hinet.net); Please use DynDNS; > > <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>; delay: 8s > > Anything above 1 is rejected. This email scored 21.6, which is off the > charts. > > It even does greylisting. > > Oct 20 10:45:47 mail postfix/policyd-weight[28339]: decided action=550 > temporarily blocked because of previous errors - retrying too fast. > penalty: 30 seconds x 0 retries.; > <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]>; delay: 0s > Oct 20 10:46:51 mail postfix/policyd-weight[28339]: decided action=550 > temporarily blocked because of previous errors - retrying too fast. > penalty: 30 seconds x 0 retries.; > <[EMAIL PROTECTED]> > <[EMAIL PROTECTED]>; delay: 0s > > It does let some spam through, which spamassassin catches, but it rejects > all the bogus stuff (fake hostnames, bogus MTAs, forged from addresses, > etc., etc.) We used to use numerous features in postfix to block mail during different phases of the SMTP handshake, requiring strings meet RFC standards, comply with being FQDNs, resolve, blah blah... It worked great... until... One day, one of my users mailed me stating they were in a lot of trouble: they hadn't been receiving any mails from eBay, specifically contact from buyers/sellers (to negotiate payment means, etc.), and outbid notifications. I went digging through logs, and sure enough found the cause: eBay's HELO strings were what pedants would call "absolutely preposterous". They violated 3 or 4 different checks postfix had. At first I tuned postfix to allow certain IP blocks through that check, only to find that it's nearly impossible to determine all of the IP blocks eBay has -- in fact, some of their mail gets siphoned through a third-party mailer, and it looks like that mailer uses IPs all over the place. Meaning: administrative nightmare. There is nothing worse than telling your users "Okay, I've fixed it", only to get mail from them 24 hours later stating "Umm, no you didn't, and this is really starting to piss me off". I went through the same ordeal with other users and their LiveJournal mail notifications being blocked. The point I'm trying to make is that all this overly-aggressive filtering might work great if you're one guy maintaining your own box only used by you -- and I have a feeling a lot of people who post on this list are exactly that. It's a **completely** different game when you've got other people reliant upon your mail filtering decisions. The problem with blocking mail "early on" (meaning before it's queued, e.g. SMTP 5xx or 4xx rejections) is that the end-user has no knowledge of this. They simply do not get the mail. They're left in the dark, wonde
Re: Freebsd7 mingw32 compilation utilities missing.
Roland Smith a écrit : On Sun, Oct 19, 2008 at 12:18:47PM +0200, Benoit wrote: Hello, i don't know if it's the good section to talk about it... Yesterday, i want to "cross-compile" an old windows program, so i installed mingw32-bin-msvcrt-r3.12.a3.9 but i can't compile because the compiler and others tools are missing on freeBSD 7, i guess. I guess it because on freeBSD 6, i can see many other packages like mingw32-binutils mingw-gcc etc etc. So my question is : how to have on freeBSD 7, all packages required to build my program ? The devel/mingw32-gcc port/package is the top package/port that you need to install. All other mingw packages/ports are dependancies or optional extras. Thanks you for your help Roland. :) Benoît ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
disappearing mouse pointer
Greetings FreeBSD When running XFCE4 I will lose the mouse pointer at times. This will only happen when I have the driver set to "nv" in xorg.conf. The mouse will still work as I can see where it is when I pass over icons and watch them highlight. If I can stop on an icon, I can click and it works. If I drop out of the XFCE4 using ctl-alt-backspace, the mouse pointer appears and all is well. If I restart the XFCE4, there is no pointer. If I change the driver to "vesa" and restart then I have a pointer again. The only way I have found to regain the pointer using "nv" is to reboot. All ports are up to date and I am running amd64 RELENG_7 as of last Saturday. uname -a FreeBSD asus64.shasta204.local 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Sat Oct 18 13:31:00 PDT 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC amd64 If I should have posted to a different list please let me know. I have also attached my xorg.conf. TIA Robert xorg.conf Description: Binary data ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I've just found a new and interesting spam source - legitimatebounce messages
--On Monday, October 20, 2008 10:11:36 -0700 Jeremy Chadwick <[EMAIL PROTECTED]> wrote: On Mon, Oct 20, 2008 at 11:16:31AM -0500, Paul Schmehl wrote: The best solution *by far* that I have found for spam (using Postfix) is mail/postfix-policyd-weight. It routinely rejects 50 to 70% of incoming mail with no false positives. It took *very* little tweaking to get it to this point, and it rejects the mail before postfix even deals with it. I use spamassassin as well, but policyd-weight does the heavy lifting. We used to use numerous features in postfix to block mail during different phases of the SMTP handshake, requiring strings meet RFC standards, comply with being FQDNs, resolve, blah blah... It worked great... until... One day, one of my users mailed me stating they were in a lot of trouble: they hadn't been receiving any mails from eBay, specifically contact from buyers/sellers (to negotiate payment means, etc.), and outbid notifications. I went digging through logs, and sure enough found the cause: eBay's HELO strings were what pedants would call "absolutely preposterous". They violated 3 or 4 different checks postfix had. At first I tuned postfix to allow certain IP blocks through that check, only to find that it's nearly impossible to determine all of the IP blocks eBay has -- in fact, some of their mail gets siphoned through a third-party mailer, and it looks like that mailer uses IPs all over the place. Meaning: administrative nightmare. There is nothing worse than telling your users "Okay, I've fixed it", only to get mail from them 24 hours later stating "Umm, no you didn't, and this is really starting to piss me off". I went through the same ordeal with other users and their LiveJournal mail notifications being blocked. The point I'm trying to make is that all this overly-aggressive filtering might work great if you're one guy maintaining your own box only used by you -- and I have a feeling a lot of people who post on this list are exactly that. It's a **completely** different game when you've got other people reliant upon your mail filtering decisions. The problem with blocking mail "early on" (meaning before it's queued, e.g. SMTP 5xx or 4xx rejections) is that the end-user has no knowledge of this. They simply do not get the mail. They're left in the dark, wondering "Did send the mail? Are they lying to me? What's going on???". It's a very sensitive thing when you're a hosting provider. In the case of my users, they would much rather get the mail and have it incorrectly flagged as spam, than not get it at all. I personally believe this directly reflects on the state of anti-spam affairs: we've gotten so aggressive that *who KNOWS* what kind of legitimate mail we're blocking. That's why it's critically important that whatever tools you use be highly configurable. In the case of policyd-weight, you can configure it so that it passes *everything* through but marks it in such a way that you can filter it appropriately. In my case, I run a small hobby website with a minimal number of email addresses. When I first installed policyd-weight, I watched it closely and discovered it was blocking legitimate mail from sbcglobal because they didn't have their mail servers' dns properly configured. The result was a score just slightly higher than the threshold for rejection (a tenth of a point or two.) I decided to make that particular check worth less overall, and that solved the problem. I have yet to receive a single complaint about mail not getting through, and, although there's only a handful of accounts on the server, we get mail from our website users constantly. I fully understand where you're coming from, Jeremy. We have the same issues at UTD. But for many smaller sites, policyd-weight would be a godsend. -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. *** Check the headers before clicking on Reply. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Updating openssl
I presently have the base version of 'openssl' installed. If I wanted to install the ports' version, is there anything special I have to do? I presently have: "WITH_OPENSSL_BASE=yes" in the /etc/make.conf file. I assume I should remove that prior to build the port. Does the port version replace the base version or do I have to do anything else? Thanks! -- Jerry [EMAIL PROTECTED] A beginning is the time for taking the most delicate care that balances are correct. Princess Irulan, "Manual of Maud'Dib" signature.asc Description: PGP signature
Right way to mount/edit dd of a disk?
Hi, I have a Linux dd file thats an image of the entire disk. If I use the fdisk-linux and do : # fdisk -ul some-big-3.5.0_Update_2-103909.i386.dd You must set cylinders. You can do this from the extra functions menu. Disk some-big-3.5.0_Update_2-103909.i386.dd: 0 MB, 0 bytes 64 heads, 32 sectors/track, 0 cylinders, total 0 sectors Units = sectors of 1 * 512 = 512 bytes Disk identifier: 0x Device Boot Start End Blocks Id System some-big-3.5.0_Update_2-103909.i386.dd18192 1535999 763904 5 Extended some-big-3.5.0_Update_2-103909.i386.dd4 * 3281914080 4 FAT16 <32M some-big-3.5.0_Update_2-103909.i386.dd58224 106495 49136 6 FAT16 some-big-3.5.0_Update_2-103909.i386.dd6 106528 204799 49136 6 FAT16 some-big-3.5.0_Update_2-103909.i386.dd7 204832 430079 112624 fc Unknown some-big-3.5.0_Update_2-103909.i386.dd8 430112 1535999 552944 6 FAT16 Partition table entries are not in disk order It looks like a good filesystem. So then I : mdconfig -a -t vnode -f some-big-3.5.0_Update_2-103909.i386.dd -u 0 mount -t msdos /dev/md0s5 /mnt to be able to get the dd5 on /mnt. I then edited the files I wanted, replaced them, and copied back to /mnt. I did "umount /mnt" and copied the dd file back to where it needed to be. It seems it didn't like it, and I'm trying to find out if editing it the way I did wasn't quite "allowed". Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: page fault while in kernel mode
On Monday 20 October 2008 12:32:37 pm Jeremy Chadwick wrote: > > Forgot to mention I added memory to this server as well, took it from > > 2GB it was using under 5.4-RELEASE up to 6GB filling all slots, that is > > why I wanted to load amd64. I reduced down to 4GB and now am able to > > install 7.0-RELEASE i386. Does this mean that I may have a hardware > > issue or can FreeBSD produce the page fault I was getting when using > > over 4GB with i386? > > i386 cannot address more than 4GB unless the kernel is built with PAE > mode enabled. This isn't enabled in GENERIC for many (justified) > reasons. If you have more than 4GB, you should be using amd64, so you > made the right decision there. If you aren't using kernel modules, then PAE should work fine. You can make kernel modules work with PAE as well, but that takes more work. > > I would love to figure out this BTX halted issue instead...any ideas > > on that? > > Boot loader problems are difficult to figure out/debug for reasons which > should be obvious. I'm CC'ing John Baldwin here, who has experience > with BTX. He might be able to shed some light on this. You will get a BTX fault in 7.0 if your CPU does not support 64-bit "long mode" (i.e., amd64). You can check to see if your CPU does support it by looking in the 'AMD features' line of 'dmesg' from an i386 kernel and seeing if you have a 'LM' feature. If you don't, your CPU only supports i386. -- John Baldwin ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mysql connection through ssl tunnel
On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: John Almberg wrote: I have two FreeBSD machines. One is a application server, the other a database server running mysql. These machines are in two different locations. I'd like to allow the application server to access mysql through an SSH tunnel. Being a newbie admin, I've never set up an SSH tunnel. I've been reading about them all morning and (as always) there seems to be more than one way to skin this cat. I'm looking for ease of set up and maintenance, as well as security (which I assume is a given.) I'd prefer NOT to have to recompile the kernels (pure cowardice... the application server is a production server that I don't want to experiment with.) Both servers have OpenSSL. Any recommendations, much appreciated. Thanks: John A very basic ssh tunnel is a simple as ssh -L3306:127.0.0.1:3306 [EMAIL PROTECTED] This will forward any connections to localhost on port 3306 through the ssh connection to remote.host then on to localhost at that end on port 3306. if you have mysql running on the app server as well then change -L3306:127.0.0.1:3306 to -L33006:127.0.0.1:3306 where 33006 is an unused tcp port on the application server. If you do use an ssh tunnel you may want to use security/autossh which will monitor the tunnel and re-establish it if it loses connection for some reason. After a few hours of work today, I have all this working perfectly. I'm using autossh to automatically create and monitor the ssh tunnel, and I can make mysql connections through the tunnel with no problems. Very cool. And that's through PF firewalls on both machines, which added flavor to the exercise ;-) One question... and maybe this is a general, philosophical question... If autossh watches over my ssh tunnel, who or what watches over autossh? As a related question, how can I make autossh start automatically after a reboot? At the moment, I start autossh from the command line, like so: > autossh -M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] There doesn't seem to be an rc.d file for autossh... Do I have to figure out how to make one? Not that this machine gets rebooted more than once a year, but so far, everything running on this machine start automatically, and I'd like to keep it that way. Any tips much appreciated. Thanks: John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: High Performance Computing Mini-Cluster
--- On Mon, 10/20/08, Sean Cavanaugh <[EMAIL PROTECTED]> wrote: > From: Sean Cavanaugh <[EMAIL PROTECTED]> > Subject: RE: High Performance Computing Mini-Cluster > To: [EMAIL PROTECTED], "FreeBSD Questions" > Date: Monday, October 20, 2008, 9:52 AM > > Date: Mon, 20 Oct 2008 08:19:28 -0700 > > From: [EMAIL PROTECTED] > > To: freebsd-questions@freebsd.org > > Subject: High Performance Computing Mini-Cluster > > > > Hello, i am interested in setting up a small cluster, > of about 5 machines to show how this can work on a > university environment. Its kind of a pitch to university > authorities to show them how this work so they can think on > investing top dollars on it. We have a bunch of > workstations running FreeBSD, However as i been reading > through the documentation, the canonical situacion would be > a environment where the machines netboot over the server, > get most of their partitions over NFS and have NIS installed > so users can authenticate at the server and share resources > available at the cluster. > > > > > not an answer to your question, but you might be interested > by this http://mini-itx.com/projects/cluster/ > might give you some insight into what you are looking for > > -Sean Sean, the link you provided does a good job of helping someone understand the process involved in setting up a cluster, even if it doesn't provide detailed information in a "HOW-TO" like fashion. Then i guess is up to me to get going and ask questions where i get stuck. Maybe do the How-to documentation of my own in the process. Gerardo Paredes __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mysql connection through ssl tunnel
John Almberg wrote: > > On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: > >> John Almberg wrote: >>> I have two FreeBSD machines. One is a application server, the other a >>> database server running mysql. These machines are in two different >>> locations. I'd like to allow the application server to access mysql >>> through an SSH tunnel. >>> >>> Being a newbie admin, I've never set up an SSH tunnel. I've been >>> reading about them all morning and (as always) there seems to be more >>> than one way to skin this cat. >>> >>> I'm looking for ease of set up and maintenance, as well as security >>> (which I assume is a given.) I'd prefer NOT to have to recompile the >>> kernels (pure cowardice... the application server is a production >>> server that I don't want to experiment with.) Both servers have OpenSSL. >>> >>> Any recommendations, much appreciated. >>> >>> Thanks: John >>> >> >> A very basic ssh tunnel is a simple as >> ssh -L3306:127.0.0.1:3306 [EMAIL PROTECTED] >> >> This will forward any connections to localhost on port 3306 through the >> ssh connection to remote.host then on to localhost at that end on port >> 3306. if you have mysql running on the app server as well then change >> -L3306:127.0.0.1:3306 to -L33006:127.0.0.1:3306 where 33006 is an >> unused tcp port on the application server. If you do use an ssh tunnel >> you may want to use security/autossh which will monitor the tunnel and >> re-establish it if it loses connection for some reason. > > After a few hours of work today, I have all this working perfectly. I'm > using autossh to automatically create and monitor the ssh tunnel, and I > can make mysql connections through the tunnel with no problems. Very cool. > > And that's through PF firewalls on both machines, which added flavor to > the exercise ;-) > > One question... and maybe this is a general, philosophical question... > > If autossh watches over my ssh tunnel, who or what watches over autossh? > > As a related question, how can I make autossh start automatically after > a reboot? At the moment, I start autossh from the command line, like so: > >> autossh -M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] > > There doesn't seem to be an rc.d file for autossh... Do I have to figure > out how to make one? > You can do this all by not using autossh at all: let init watch and re-establish your ssh tunnel: This is in my /etc/ttys (wrapped for readability): ttyv8 "/usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306 remote.domain.tld >/dev/null 2>&1"unknown on I let my central machine control the tunnel, not the sending one. Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing Samba : FreeBSD Vs Linux ?
Valentin Bud wrote: hello list, a little story about samba and FreeBSD. I had to make a file server for a company that uses a program for accounting. that software works with lots of files to do the job. the software admin told me that the permissions should be very open on the directories and files so i made them 0777. the software worked like a charm for about 2 months but after that at some point the client couldn't access the files on the samba server. The files were there with the correct permissions but the software refused to access them with an error that they don't exist. I've tried to debug samba but couldn't find [...] Here's another story. Our accounting packages also dump their files, databases and settings onto network drives. This is what we tend to do: 1.- Create a dedicated network drive for every software package with its own letter. Let's say package XYZ gets letter Y:. All users connecting to Samba must load network drive for XYZ as Y:. Otherwise some client instances may complain that the database was installed on Y: but there's nothing because it is actually somewhere else. 2.- Create user xyz and group xyz. Then map the XYZ network drive as xyz:xyz. By this, we avoid permission problems. 3.- Whenever we call tech support, we tell them that our network drives are located on a Windows 2003 machine. This saves us unnecessary headaches and warranty issues. We've been doing this for years and it works like a charm. Regards, Mikhail. -- Mikhail Goriachev Webanoide ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: how to break portsnap
On Wed, Oct 8, 2008 at 2:25 AM, Barry Byrne <[EMAIL PROTECTED]> wrote: >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Steve Franks >> Sent: 07 October 2008 21:57 > >> I've googled high & low but I cannot find much other that "this cannot >> happen" replies. I've got a dual boot to amd64 and i386. The amd64 >> hasn't been able to portsnap fetch or cron since march. The i386 I >> just installed, and it portsnap's fine, so it's not a firewall or >> related issue. I've checked my key and it looks ok. What am I >> missing? >> >> Best, >> Steve >> >> >> dystant# portsnap fetch >> Looking up portsnap.FreeBSD.org mirrors... 3 mirrors found. >> Fetching snapshot tag from portsnap1.FreeBSD.org... done. >> Fetching snapshot metadata... done. >> Updating from Mon Mar 3 07:50:14 MST 2008 to Tue Oct 7 >> 12:43:25 MST 2008. >> Fetching 0 metadata patches. done. >> Applying metadata patches... done. >> Fetching 0 metadata files... done. >> Fetching 12365 patches.. done. >> Applying patches... done. >> Fetching 13708 new ports or files... /usr/sbin/portsnap: cannot open >> e53d7ea3f6fbc2e6a87a1f194ea623fc6b27c74d9aecfd61e0d765e86d861ad5.gz: >> No such file or directory >> snapshot is corrupt. >> dystant# > > Steve: > > Are you using a proxy server? If so this could be perhaps the proxy server > not fully supporting HTTP/1.1 persistent > connections. Can you try this: > > sysctl net.inet.ip.portrange.randomized=0 > portsnap fetch update > Well, I can't say for sure if that works. I'm definitely behind a ugly cheap-o windows firewall (iserver), but sometimes it works, and sometimes not...can't hurt, though, right? Best, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: High Performance Computing Mini-Cluster
On Mon, Oct 20, 2008 at 2:09 PM, Gerardo Paredes <[EMAIL PROTECTED]> wrote: > Sean, the link you provided does a good job of helping someone understand the > process involved in setting up a cluster, even if it doesn't provide detailed > information in a "HOW-TO" like fashion. Then i guess is up to me to get > going and ask questions where i get stuck. Maybe do the How-to documentation > of my own in the process. > > > Gerardo Paredes I would be very interested in any documentation you can come up with as you go forward with this project. I currently work in a bioinformatics organization that uses external HPC clusters, and I'd love to setup a small local cluster of our own some day. - Max ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Fwd: mysql connection through ssl tunnel
After a few hours of work today, I have all this working perfectly. I'm using autossh to automatically create and monitor the ssh tunnel, and I can make mysql connections through the tunnel with no problems. Very cool. And that's through PF firewalls on both machines, which added flavor to the exercise ;-) One question... and maybe this is a general, philosophical question... If autossh watches over my ssh tunnel, who or what watches over autossh? As a related question, how can I make autossh start automatically after a reboot? At the moment, I start autossh from the command line, like so: autossh -M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] There doesn't seem to be an rc.d file for autossh... Do I have to figure out how to make one? You can do this all by not using autossh at all: let init watch and re-establish your ssh tunnel: This is in my /etc/ttys (wrapped for readability): ttyv8 "/usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306 remote.domain.tld >/dev/null 2>&1"unknown on I let my central machine control the tunnel, not the sending one. H'mmm... This is new territory for me. I've just read some of the man pages and a few pages in Absolute BSD, and I guess I sort of understand what this does. I'm trying to grasp the connection between virtual terminals and this SSH tunnel... I guess my main question is, if I start the tunnel with this method, will I be able to access mysql in 'the usual way'? The following works with my autossh tunnel: mysql -h127.0.0.1 -P33006 -uuser -ppassword db So, if using the /etc/ttys file is equivalent, and I make the connection on the database server, rather than the client server, then I guess my ttys file should look like this (my ttyv8 is already used... I am guessing I should use the next one down): ttyv7 "/usr/bin/ssh -l admin -nNTx -R 3306:127.0.0.1:33006 example.com >/dev/null 2>&1"unknown on Where 'admin' is the user I am logging into on the remote machine, and 'example.com' is the hostname of the remote machine. I guess equivalent to the following? ttyv7 "/usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 [EMAIL PROTECTED] >/dev/null 2>&1"unknown on Port 33006 is not a typo. There are databases running on both machines, so I need to use a different port for the tunnel. And as far as I can tell, I reload /etc/ttys with 'kill -1 1'. This looks dangerous... -- John Websites and Marketing for On-line Collectible Dealers Identry, LLC John Almberg (631) 546-5079 [EMAIL PROTECTED] www.identry.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: High Performance Computing Mini-Cluster
On Mon, 20 Oct 2008 16:17:11 -0400 Maxim Khitrov wrote: > I would be very interested in any documentation you can come up with > as you go forward with this project. I currently work in a > bioinformatics organization that uses external HPC clusters, and I'd > love to setup a small local cluster of our own some day. Not a direct answer but there is a special maillist for the subject -- [EMAIL PROTECTED] Sometime earlier I've got a very informative answers from it's archieves. WBR -- bsam ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: error installing kmymoney2 on amd64 system running freebsd 6.3
Hello Greg, When I tried to upgrade kmymoney2 on my amd64 6.4-PRERELEASE using portmaster I also received the same error message as Dino. However, after I amended the Makefile as you had suggested portmaster worked as it should. Just wanted to let you know that you seem to be on the right track. With thanks and regards, Marek On Sunday 19 October 2008 21:55:08 Greg Larkin wrote: > > Dino Vliet wrote: > > > > > > Hi Greg > > > > > > Here the tow output file pkg_info_output.txt and the Makefile > > as attachments because otherwise this messsage would be too > > large (I know that the freebsd mailinglist will not let my > > message through) > > > > Brgds > > Dino > > Hi Dino, > > Can you check in the work/kmymoney2-0.8.9/doc/en directory to see if > there is a file named errorlog or some other files with a ".log" > extension after you receive the make error? If so, please send those > as well or post them somewhere for viewing. > > It looks like the finance/kmymoney2 port Makefile needs additional > work to include dependencies on the tools that generate the PDF > documentation (pdfjadetex and others). I didn't have those tools > originally, and the PDF documentation generation was disabled. > > I installed the required tools manually, and I now get an error > during PDF generation, although it's different than what you > reported. The other thing that might be helpful is if you can change > directory into work/kmymoney2-0.8.9/doc/en, type "make -d a" and > capture the output. That will show extra debugging information from > make as it processes its targets. > > By the way, if you don't care about the PDF documentation, you can > temporarily change the port Makefile line that reads: > > CONFIGURE_ARGS= --enable-ofxplugin --enable-ofxbanking > --enable-pdf-docs > > to: > > CONFIGURE_ARGS= --enable-ofxplugin --enable-ofxbanking > > I'm likely going to make that switch dependent on the NOPORTDOCS knob > as well. > > Regards, > Greg ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mysql connection through ssl tunnel
On Oct 20, 2008, at 4:50 PM, John Almberg wrote: After a few hours of work today, I have all this working perfectly. I'm using autossh to automatically create and monitor the ssh tunnel, and I can make mysql connections through the tunnel with no problems. Very cool. And that's through PF firewalls on both machines, which added flavor to the exercise ;-) One question... and maybe this is a general, philosophical question... If autossh watches over my ssh tunnel, who or what watches over autossh? As a related question, how can I make autossh start automatically after a reboot? At the moment, I start autossh from the command line, like so: autossh -M 2 -fNg -L 33006:127.0.0.1:3306 [EMAIL PROTECTED] There doesn't seem to be an rc.d file for autossh... Do I have to figure out how to make one? You can do this all by not using autossh at all: let init watch and re-establish your ssh tunnel: This is in my /etc/ttys (wrapped for readability): ttyv8 "/usr/bin/ssh -l syslogng -nNTx -R 3306:local.domain.tld:3306 remote.domain.tld >/dev/null 2>&1"unknown on I let my central machine control the tunnel, not the sending one. H'mmm... This is new territory for me. I've just read some of the man pages and a few pages in Absolute BSD, and I guess I sort of understand what this does. I'm trying to grasp the connection between virtual terminals and this SSH tunnel... I guess my main question is, if I start the tunnel with this method, will I be able to access mysql in 'the usual way'? The following works with my autossh tunnel: mysql -h127.0.0.1 -P33006 -uuser -ppassword db So, if using the /etc/ttys file is equivalent, and I make the connection on the database server, rather than the client server, then I guess my ttys file should look like this (my ttyv8 is already used... I am guessing I should use the next one down): ttyv7 "/usr/bin/ssh -l admin -nNTx -R 3306:127.0.0.1:33006 example.com >/dev/null 2>&1"unknown on Where 'admin' is the user I am logging into on the remote machine, and 'example.com' is the hostname of the remote machine. I guess equivalent to the following? ttyv7 "/usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 [EMAIL PROTECTED] >/dev/null 2>&1"unknown on Port 33006 is not a typo. There are databases running on both machines, so I need to use a different port for the tunnel. And as far as I can tell, I reload /etc/ttys with 'kill -1 1'. This looks dangerous... -- John I tried this, and not surprisingly, it didn't work. Now I'm trying to debug it... Question... if I want to ssh from the database server to the application server (in the direction show -R), I need to use port 48444 (not the actual port, but something high). In other words, I need to do something like: ssh [EMAIL PROTECTED] -p 48444 Does this ssh port have anything to do with trying to start this ssh tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mysql connection through ssl tunnel
On Mon, Oct 20, 2008 at 03:25:23PM -0400, John Almberg wrote: > On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: >> John Almberg wrote: >>> I have two FreeBSD machines. One is a application server, the other a >>> database server running mysql. These machines are in two different >>> locations. I'd like to allow the application server to access mysql >>> through an SSH tunnel. I'm somewhat amazed at the fact that everyone so far has gone completely wild with SSH to solve this problem. Has anyone made the OP aware that MySQL *does* in fact support SSL natively, and that it can be used between client and server, as well as between master and slave (for replication)? The SSH tunnelling idea is fine if you want to access a MySQL server behind a firewall or on a private network, but I'm a bit confused as to why everyone's going to great lengths to use SSH to accomplish something MySQL has support for natively. Please clue me in. :-) -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: I've just found a new and interesting spam source - legitimatebounce messages
Paul Schmehl wrote: --On Monday, October 20, 2008 10:11:36 -0700 Jeremy Chadwick <[EMAIL PROTECTED]> wrote: On Mon, Oct 20, 2008 at 11:16:31AM -0500, Paul Schmehl wrote: The best solution *by far* that I have found for spam (using Postfix) is mail/postfix-policyd-weight. It routinely rejects 50 to 70% of incoming mail with no false positives. It took *very* little tweaking to get it to this point, and it rejects the mail before postfix even deals with it. I use spamassassin as well, but policyd-weight does the heavy lifting. We used to use numerous features in postfix to block mail during different phases of the SMTP handshake, requiring strings meet RFC standards, comply with being FQDNs, resolve, blah blah... It worked great... until... One day, one of my users mailed me stating they were in a lot of trouble: they hadn't been receiving any mails from eBay, specifically contact from buyers/sellers (to negotiate payment means, etc.), and outbid notifications. I went digging through logs, and sure enough found the cause: eBay's HELO strings were what pedants would call "absolutely preposterous". They violated 3 or 4 different checks postfix had. At first I tuned postfix to allow certain IP blocks through that check, only to find that it's nearly impossible to determine all of the IP blocks eBay has -- in fact, some of their mail gets siphoned through a third-party mailer, and it looks like that mailer uses IPs all over the place. Meaning: administrative nightmare. There is nothing worse than telling your users "Okay, I've fixed it", only to get mail from them 24 hours later stating "Umm, no you didn't, and this is really starting to piss me off". I went through the same ordeal with other users and their LiveJournal mail notifications being blocked. The point I'm trying to make is that all this overly-aggressive filtering might work great if you're one guy maintaining your own box only used by you -- and I have a feeling a lot of people who post on this list are exactly that. It's a **completely** different game when you've got other people reliant upon your mail filtering decisions. The problem with blocking mail "early on" (meaning before it's queued, e.g. SMTP 5xx or 4xx rejections) is that the end-user has no knowledge of this. They simply do not get the mail. They're left in the dark, wondering "Did send the mail? Are they lying to me? What's going on???". It's a very sensitive thing when you're a hosting provider. In the case of my users, they would much rather get the mail and have it incorrectly flagged as spam, than not get it at all. I personally believe this directly reflects on the state of anti-spam affairs: we've gotten so aggressive that *who KNOWS* what kind of legitimate mail we're blocking. That's why it's critically important that whatever tools you use be highly configurable. In the case of policyd-weight, you can configure it so that it passes *everything* through but marks it in such a way that you can filter it appropriately. In my case, I run a small hobby website with a minimal number of email addresses. When I first installed policyd-weight, I watched it closely and discovered it was blocking legitimate mail from sbcglobal because they didn't have their mail servers' dns properly configured. The result was a score just slightly higher than the threshold for rejection (a tenth of a point or two.) I decided to make that particular check worth less overall, and that solved the problem. I have yet to receive a single complaint about mail not getting through, and, although there's only a handful of accounts on the server, we get mail from our website users constantly. I fully understand where you're coming from, Jeremy. We have the same issues at UTD. But for many smaller sites, policyd-weight would be a godsend Is there an opinion on the end of policyd-weight? Specifically on the alternative listed on the main page, postfwd. Peter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mysql connection through ssl tunnel
On Oct 20, 2008, at 5:21 PM, Jeremy Chadwick wrote: On Mon, Oct 20, 2008 at 03:25:23PM -0400, John Almberg wrote: On Sep 23, 2008, at 10:09 AM, Vincent Hoffman wrote: John Almberg wrote: I have two FreeBSD machines. One is a application server, the other a database server running mysql. These machines are in two different locations. I'd like to allow the application server to access mysql through an SSH tunnel. I'm somewhat amazed at the fact that everyone so far has gone completely wild with SSH to solve this problem. Has anyone made the OP aware that MySQL *does* in fact support SSL natively, and that it can be used between client and server, as well as between master and slave (for replication)? The SSH tunnelling idea is fine if you want to access a MySQL server behind a firewall or on a private network, but I'm a bit confused as to why everyone's going to great lengths to use SSH to accomplish something MySQL has support for natively. Please clue me in. :-) Hi Jeremy, There are two PF firewalls in the mix, one at each end. The two machines are in different data centers. Actually, that is motivation behind this exercise. The client wants the database in his own data center, since it contains information he needs to have physical control over. I do know that Mysql supports SSL... somehow this got discounted early in the discussion, perhaps mistakenly? Anyway, the autossh option works perfectly, so I think I will stick with that unless there's a good reason not to. I have Monit running on the remote server, so I can probably monitor/restart autossh with that (with another few hours reading, of course :-) -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Right way to mount/edit dd of a disk?
mount -t msdos /dev/md0s5 /mnt to be able to get the dd5 on /mnt. I then edited the files I wanted, replaced them, and copied back to /mnt. I did "umount /mnt" and copied the dd file back to where it needed to be. did you mdconfig -d before copying image? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [freebsd-questions] Re: Right way to mount/edit dd of a disk?
> > > mount -t msdos /dev/md0s5 /mnt > > > > to be able to get the dd5 on /mnt. I then edited the files I wanted, > > replaced them, and copied back to /mnt. I did "umount /mnt" and copied the > > dd > > file back to where it needed to be. > > did you mdconfig -d before copying image? > Well, turns out the problem I had was elsewhere with something else, but I was slowly coming back around to having to deal with this again. (Apparently FreeBSD's tar can actually create a tar that a Linux system doesn't like...) No, I didn't. That would probably have been a good idea no matter what. Will do so in the future. But otherwise my procedure seemed sane? Thanks! Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: page fault while in kernel mode
On Mon, 2008-10-20 at 13:45 -0400, John Baldwin wrote: > > i386 cannot address more than 4GB unless the kernel is built with > PAE > > mode enabled. This isn't enabled in GENERIC for many (justified) > > reasons. If you have more than 4GB, you should be using amd64, so > you > > made the right decision there. > > If you aren't using kernel modules, then PAE should work fine. You > can make > kernel modules work with PAE as well, but that takes more work. Thanks for the help, I am missing AMD Features for this CPU in dmesg, so it looks like the CPU does not support amd64. I tried to build my own kernel with PAE option and getting the following error... /usr/src/sys/dev/advansys/advansys.c: In function 'adv_action': /usr/src/sys/dev/advansys/advansys.c:259: warning: cast from pointer to integer of different size *** Error code 1 Any idea what I can do for this error? -- Robert ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mysql connection through ssl tunnel
John Almberg wrote: > > I tried this, and not surprisingly, it didn't work. Now I'm trying to > debug it... > Maybe some mixup in the keys? In my example ssh tries to read the private key of root on the connecting server, so the server where the database is located, because init is run as root. If you need another key, then you need to specify this with the -i parameter. > Question... if I want to ssh from the database server to the application > server (in the direction show -R), I need to use port 48444 (not the > actual port, but something high). In other words, I need to do something > like: > > ssh [EMAIL PROTECTED] -p 48444 > > Does this ssh port have anything to do with trying to start this ssh > tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command? > The command given shows a connection between the two ports (in my case 3306). One of them would then be 48420 (the first one). thus: ttyv7 "/usr/bin/ssh -l admin -nNTx -R 48420:local.domain.tld:3306 remote.domain.tld >/dev/null 2>&1"unknown on This works by allocating a socket to listen to 48420 on the remote side, and whenever a connection is made to this port, the connec tion is forwarded over the secure channel, and a connection is made to local.domain.tld port 3306 from the local machine. Obviously you would have to change local.domain.tld and remote.domain.tld with actual FQDN or IP addresses. Furthermore, since this connection is been made by root (which normally isn't) you need to verify the host key of the remote server (by either putting it in known_hosts of root by hand, or make the connection once from the prompt and answer 'y', or putting the key in /etc/ssh/ssh_known_hosts. The connection on the remote host indeed is made with mysql -h 127.0.0.1 -P 48420 -u user -p password db regards Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Apache aliased directory invisible
FreeBSD office19.resnet.nd.edu 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #0: Wed Oct 1 10:10:12 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 Hello all. I would like to make aliased directories in apache visible from the directory root. An example: When I visit http://myserver.com/, I would like to see the 'icons' folder (suppose that in my document root I have directories 'bobo' and 'gogo', but that /icons is actually an alias for /usr/local/share/icons). Bobo and gogo show up in the directoroy listing when I access http://myserver.com, but not /icons. How can I remedy this? -- -- Best, David Karapetyan http://davidkarapetyan.homeunix.com University of Notre Dame Department of Mathematics 255 Hurley Hall Notre Dame, IN 46556-4618 Phone: 574-631-5706 Cell: 202-460-5173 Fax: 574-631-6579 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: mysql connection through ssl tunnel
Peter Boosten wrote: > John Almberg wrote: >> I tried this, and not surprisingly, it didn't work. Now I'm trying to >> debug it... >> > > Maybe some mixup in the keys? In my example ssh tries to read the > private key of root on the connecting server, so the server where the > database is located, because init is run as root. If you need another > key, then you need to specify this with the -i parameter. > > > >> Question... if I want to ssh from the database server to the application >> server (in the direction show -R), I need to use port 48444 (not the >> actual port, but something high). In other words, I need to do something >> like: >> >> ssh [EMAIL PROTECTED] -p 48444 >> >> Does this ssh port have anything to do with trying to start this ssh >> tunnel? In other words, do I need to add a '-p 48420' to the ttyv7 command? I now see where you're going: you would have in case you ran sshd on another port than 22. > > regards > > Peter > -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Fwd: mysql connection through ssl tunnel
John Almberg wrote: > > Where 'admin' is the user I am logging into on the remote machine, and > 'example.com' is the hostname of the remote machine. I guess equivalent > to the following? > > ttyv7 "/usr/bin/ssh -nNTx -R 3306:127.0.0.1:33006 [EMAIL PROTECTED] >>/dev/null 2>&1"unknown on > > Port 33006 is not a typo. There are databases running on both machines, > so I need to use a different port for the tunnel. I don't think this will work because of 127.0.0.1 not being a FQDN, but I could be mistaken. > > And as far as I can tell, I reload /etc/ttys with 'kill -1 1'. > > This looks dangerous... > You can safely HUP it... Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
gjournal: journaled slices vs. journaled partitions
My goal is to build a 2-disk server configured with gmirror and gjournal for maximum reliability. There will never be a second operating system on the system, but I prefer not to freak out any non-FreeBSD repair tools that might be used, so I will use compatibility instead of dangerously dedicated mode. This means I need one slice, but see no reason for more. Inside that one slice will be the usual array of partitions (ie. /, swap, /var, /tmp, /usr, /data). Now, I think gmirror allows me to mirror the entire drive rather than forcing me to do per-slice or even per-partition mirroring. I'm looking for the simplest in-field replacement procedure when one of the drives dies and I imagine a whole drive mirror achieves this. Am I right? gjournal, OTOH, has me really confused. The man page for gjournal(8) specifically does not recommend that small partitions be journaled. I assume that's because the journal provider rivals the partition in size and is therefore overhead heavy. It seems to me, though, that if I can journal the slice as a whole instead of per-partition journaling, that there will essentially then be only one journal provider for the combination of all partitions (ie. slice) and that the aforementioned overhead becomes minor. Having smaller partitions included in journaling seems like a good thing to me. So how do I achieve per-slice journaling instead of per-partition? Every time I read up on someone else's gjournal implementation, it seems to end with adding .journal entries to /etc/fstab. Am I trying to achieve the impossible or ill-advised here? Carl / K0802647 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: gjournal: journaled slices vs. journaled partitions
So how do I achieve per-slice journaling instead of per-partition? The docs only says this: "gjournal only supports UFS2". It does not specifically say that you cannot have per-slice journaling. However, since you could have other filesystems on your slice, I bet that slice based journaling is not supported. Consider this: how would you journal an NTFS file system (and then boot windows after an unclean shutdown?) Another tricky question: why would you journal a SWAP partition? Best, Laszlo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Installing Samba : FreeBSD Vs Linux ?
On Mon, Oct 20, 2008 at 5:43 PM, Wojciech Puchar < [EMAIL PROTECTED]> wrote: > the software admin told me that the permissions should be very open on the >> directories and files >> so i made them 0777. the software worked like a charm for about 2 months >> but >> after that >> at some point the client couldn't access the files on the samba server. >> > > if it could work for 2 months and then refused - something must have been > changed on the client software side. No Mr. Puchar nothing changed on the client side. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: custom freebsd cd
Maybe you find usefull some of the scripts I'm using in my project, check under the "development" link: http://openmailserver.org Also, you will find very usefull the manpages for: ports, release and sysinstall. Regards. Valentin Bud escribió: Hello list, I have a FBSD box that runs as a web/mail server to provide access to a web based application. I want to build a custom FBSD 7.0 installation disk. By custom I mean: 1. automatic disk partition based on a scheme i provide. 2. automatic installation of the needed packages as well as the config files. I plan to update the packages which i might keep on a ftp server on remake the installation disk anytime i make package updates. 3. automatic "installation" of all the php/html/perl/sh scripts needed to run the application. Basically i want a disk that you put it in the cdrom and installs the system, packages and all the necessary scripts to run the application. More than that a modified kernel to allow pf, as well as the pf configuration file. The installation will always be on the same hardware in case of failure. So can you please give me hints as well as opinions how should i start this. What alternatives should i consider? thank you, v ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
