Re: opensmtpd

2015-11-24 Thread Jason Barbier 
read the man page a bit more carfully around how the auth keyword works.
you probably dont want auth on that line.

-- 
Jason Barbier | E: jab...@serversave.us
GPG Key-ID: B5F75B47(http://kusuriya.devio.us/pubkey.asc)

On Tue, Nov 24, 2015, at 08:13 AM, Krzysztof Strzeszewski wrote:
> Hello,
> 
> when I use in smtpd.conf:
> .
> ..
> ...
> listen on egress secure pki nroot.pl auth 
> ...
> ..
> .
> 
> mail sending to me can't reach:
> 
> smtp-in: Failed command on session 14529d46237222d5: "MAIL
> FROM: SIZE=1599" =>530 5.5.1 Invalid command: Must issue
> an AUTH command first
> 
> 
> when I use in smtpd.conf
> 
> .
> ..
> ...
> listen on egress secure pki nroot.pl
> ...
> ..
> .
> 
> 
> is ok, mail from world can reach to me, but then smtpd server is open
> for send mail for each.
> How to use auth for only sending mail from my client?
> 
> 
> Regards,
> Krzych
> 
> 
> my smtpd.conf:
> #
> listen on lo0
> 
> table aliases db:/etc/mail/aliases.db
> table secrets db:/etc/mail/secrets.db
> pki exaple.com certificate "/etc/ssl/mail.crt"
> pki exaple.com key "/etc/ssl/private/mail.key"
> 
> listen on egress secure pki exaple.com auth 
> accept from any for domain "exaple.com" alias  deliver to
> maildir
> 
> accept for local alias  userbase  deliver to maildir
> accept from local for any relay
> accept from any for any relay
> #

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

2015-12-08 Thread Jason Barbier 
It is a read only site, the privacy you seek is breached as soon as you
make a DNS call to openbsd.org

-- 
Jason Barbier | E: jab...@serversave.us
GPG Key-ID: B5F75B47(http://kusuriya.devio.us/pubkey.asc)

On Tue, Dec 8, 2015, at 09:58 AM, szs wrote:
> Not for security.
> For privacy.
> 
> 
>  Original Message 
> Subject: Re: letsencrypt && https && openbsd.org =
> https://www.openbsd.org/
> Local Time: December 8 2015 5:36 pm
> UTC Time: December 8 2015 5:36 pm
> From: s...@spacehopper.org
> To: misc@openbsd.org
> 
> On 2015-12-08, szs  wrote:
> > So with letsencrypt here, how about making the main site
> > default to https? Is this a good idea or is this a great idea?
> 
> Don't mistake encryption for security.
> 
> Besides, who is going to agree to the Subscriber Agreement and indemnify
> ISRG?

Re: OpenBSD Doesn't Support 64-Bit Intel

2013-07-01 Thread Jason Barbier 
Hate to burst your bubble here but 64bit x86 is also known as AMD64 
since AMD was the first to bring x86-64 to market since Intel at the 
time had the attitude of "why would any one want 64bit" 


On 2013-06-30 21:06, Jash Sefferson wrote:

Hi guys.

I’m a civil engineer by day and use OpenBSD at night, but I’m trying 
to do
high-end CAD on my home PC and OpenBSD doesn’t support 64-bit Intel 
chips.


Don't believe me? It says very clearly at the OpenBSD/amd64 page: “All
versions of the AMD Athlon 64 processors and their clones are 
supported.”

But does not mention or list any Intel chips. Not one.

Wtf? I can do CAD on my i7-980X under Windows 7 SP 1, but I’d rather
use something secure and responsibly coded like OpenBSD. Except that I
can't.

Why for the life of this platform are we not on the only future 
direction
for the platform? And I mean that literally. Neither AMD nor Intel 
sells
32-bit chips anymore. If OpenBSD remains stuck at 32 bits, people will 
stop

using and developing for it.

Who makes the decision to keep OpenBSD off of 64-bit Intel? And why 
the

hell are they doing so?

-jash


--
Jason Barbier
C:(206)650-6542|E:jab...@serversave.us

Re: virtualization

2013-01-04 Thread Jason Barbier 

On 1/4/2013 3:42 PM, Friedrich Locke wrote:

Hi folks!

I have a windows desktop and would like to install a virtualization
software in order to have two virtual machine. I pretend to install OpenBSD
on both of them.

Which virtualization solution would be the best one for OpenBSD to run on ?

Thanks.

In my experience Virtualbox has been the most compatible, but if you 
took VMware Workstation or Virtualbox the X drivers built into X will 
give you the best compatibility.

Re: integrated graphics

2013-01-11 Thread Jason Barbier 

On 1/10/2013 7:15 AM, Zoran Kolic wrote:

I found it too hard to find proper laptop for sane sum
of green papers, to run openbsd amd64.
In a haze of quest, I set my eyes on two lovely comp
cases:
chieftec bt-02b-180
silverstone sg05
Digested question would be: what integrated cpu works
on 5.2 amd64? Better to go after intel or amd? There
are posts of both sandybridge and amd fusion with gra-
phics working. I will get the lower end of one this
list recommends as a choice. If amd, probably fm1
socket, asus with realtek 8111 e/f ethernet.
Simple: what cpu?

  Zoran



Sadly right now Intel is going to be the best if you are going to use 
the integrated graphics. Intel graphics tend to be better supported than 
AMD (ATI). That may change here in the next few generations as AMD 
abandons UMS for KMS but if you want to make sure you'll get your full 
resolution Intel.


Now if you have no concern for the integrated GPU and plan on using a 
GPU that is supported I always say AMD. More performance for the price 
and to me seems more stable under multithreaded load.


--
Jason Barbier

Re: new computer

2013-01-15 Thread Jason Barbier 

On 2013-01-15 09:59, sven falempin wrote:
On Fri, Jan 11, 2013 at 9:40 AM, john slee  
wrote:



On 10 January 2013 22:21, Matt Morrow  wrote:

> You do realize the typical life of a battery is about a year?


Poppycock.

My FondletopPro battery still gives damn close to the performance
it gave new in early 2011. The battery in my Fondleslab 3GS is
near 4 years now and hasn't degraded that much either. Same
again for my Dell Latitude corporate drone unit.

If so many folks here are recommending Thinkpads, it's probably
because (a) they are (or at least used to be) very well engineered
laptops, and (b) shit works, yo.

John



laptop battery , what a joke .
+1, Laptop batteries area planned to have a 1-2 year life, and some 
times you get less some times you get more, I have one Thinkpad that the 
battery lasted about 6 months and wont hold a charge, I have another 
that is 5 years old.




asus: one of the ultra low cost pieces -may- break, the other will 
rock

solid.


For sure Asus is kind of a grab bag, but its generally a good bag.


and btw, stop smoking, it is bad for your computer.

+1

I usually like to ask peoples budgets before i give them 
recommendations but its almost always Asus or Thinkpad.


--
Jason Barbier

Re: dhcp and dns

2013-02-03 Thread Jason Barbier 

I just finished setting this up myself for DDNS updates

On 2/3/2013 6:19 AM, Loïc BLOT wrote:

I confirm dynamic dns updates works with OpenBSD named, but you must
replace OpenBSD dhcpd with isc-dhcpd from packages, failover and dynamic
dns updates works with it



--
Jason Barbier

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

2016-03-02 Thread Jason Barbier 
On Wed, Mar 2, 2016, at 12:19 PM, Claus Niesen wrote:
> Sorry for the off topic question but I'm hoping that maybe some of your
> know of or work for an email hosting provider that provides minus/hyphen
> ("-") addressing with custom domain.  All I can find are provider that
> offer plus addressing, which makes it hard for a smooth transition since
> I'm using minus addressing extensively. 
> 
> I used to run my own at home mailserver (openbsd + qmail) .  Since I no
> longer have a static IP, I switched to an email provider that supports
> minus addressing but operates in the dark ages, especially in regards to
> security updates.  Needless to say I need a better host.  I'd rather not
> host my own mailserver but so far haven't been able to find an
> alternative.
> 
> Your suggestions are greatly appreciated.  Feel free to contact me off
> list.
> Thanks,
> Claus
> 
> Specific requirements:
> - allows usage of custom domain
> - allows multiple email accounts
> - qmail style '-' addressing
> - some kind of spam filtering (gray-listing & bayes filter)
> - alias
> - imap
> - reliable and secure
> 

Your probably going to have to suck it up at some point and use +
delmiters like most people have moved to doing since according to the
RFC - is a valid email address char. But with that rant out of the way
honestly if you are not opposed to running your own server DigitalOcean
is cheap, reliable, and with some work you can have openbsd in any
config you see fit.

-- 
Jason Barbier | E: jab...@serversave.us
GPG Key-ID: B5F75B47(http://kusuriya.devio.us/pubkey.asc)

Re: crowding out bsd using systemd?

2014-06-29 Thread Jason Barbier 
>If we are in such dire need of an init system replacement, why has 
there not been widespread frenzy as >with schedulers, package managers, 
packet filters, programming languages and so forth?


Maybe because people don't seem to think the same thing, or feel the 
urgency to replace it. But a decent replacement always starts with one 
person with a good idea that can take criticism and play well with others,

Re: Patch to remove "adult" content from spamd(8) man page

2013-11-22 Thread Jason Barbier 

On 11/22/2013 10:50 AM, Rick Pettit wrote:

Lewis,

If censorship is your thing, why don’t you start by censoring yourself.

What you are asking for here is offensive.

-Rick

+1


On Nov 22, 2013, at 12:26 PM, Paolo Aglialoro  wrote:


Il 22/nov/2013 19:07 "J. Lewis Muir"  ha scritto:

On 11/22/13 11:17 AM, Giancarlo Razzolini wrote:

If it's offensive for you, compile your own spamd man page with
the diff you so happily provided, and live the rest of your life
happy. Remember to always take this pill again on 1st of May, and 1st
of November, every year.

Hi, Giancarlo.

Well, no one wants to maintain a patch forever.  I'd maintain it for a
while if there was a good chance it would get accepted at some point,
but if there's no chance, then I wouldn't bother.

I'm a little puzzled over the whole resistance to the patch.  If I
wrote a man page for some software I wrote, and if an example in it was
considered off-color by someone, and that someone submitted a patch to
me to change it slightly to no longer be off-color to them, and they
asked in a kind way, and the patch didn't hurt the clarity of the man
page in any way, I would likely accept the patch.  How am I hurt by it?
I may not agree with the person, but why would I insist on keeping an
example that seems off-color to them?  If it's somehow offensive to them
and can be changed in a small way not to be, then I would accept the
patch to change it.  Everybody wins--no big deal.

Lewis

+1

Re: Transparent proxy with Squid on OpenBSD 5.4

2014-01-11 Thread Jason Barbier 
In my personal setup to prevent data leakage id leave the internal 
adapters bridged then remove the external adapter from the bridge, then 
for IPv4 you can just do standard natting for anything that needs to 
leave the network but doesnt need to hit the proxy using the rdr-to 
rules, then IPv6 is totally routed so there is just some internal 
routing that goes on to exchange between the adapters.


On 1/9/2014 4:38 AM, Giancarlo Razzolini wrote:

Em 09-01-2014 08:13, Romain FABBRI - Alien Consulting escreveu:

In this topology :

 Computers <=> Switch <=> Webfiltering bridge <=>
Router <=> Internet

  


Without a bridge, a system with 2 network cards won't let :

-  data from the Computers going to the Router.

-  data from the Router going to the Computers


It will, that is what nat was created for, and openbsd with pf does it
handsomely. They won't operate as if they were on the same network
though (broadcast). Which is a security feature, from my point of view.
  


How do you make it work without a bridge ???

-  Maybe you're talking about a single network interface
system with just a proxy function on it

o   But no real security would be added in this topology, since you
can bypass the proxy

-  There could be a way to activate packets forwarding, but as
far as I know forwading requieres 2 networks

  




If you use your openbsd box as the gateway, not as a transparent bridge,
not only will you be able to achieve transparent interception with
squid, as you'll have all the other nice features it come along with it.
I believe that a transparent bridge could work, with an extra effort,
but I would need to rig me a setup to test it. But if you have control
over the router, I strongly suggest using 2 nics, and the openbsd
machine as your network gateway.

Cheers,

Re: They are watching you

2014-02-02 Thread Jason Barbier 

On 02/02/14 11:45, Chris Cappuccio wrote:

Christian Weisgerber [na...@mips.inka.de] wrote:

http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881

If you didn't know already, this is your cue to look up ifconfig(8)'s
"lladdr random".


And when you visit the US, Canada, or a number of other countries, the
NSA has keeps record of every control and text message sent or received by
your cellular phone. You know, things like your location and who you are
calling. They aren't quite watching you, it's more like, they're sleeping
with you :)
Think it would be inappropriate to ask them for dinner since they are so 
far up my bisness?

Re: OpenBSD packages extremely outdated?

2014-02-10 Thread Jason Barbier 
Whatever crack that user was smoking I need to know what it was so I 
never partake of it.


On , openda...@hushmail.com wrote:

Hello,

Are OpenBSD's packages extremely outdated? What would you say to this
guy?

"At least with Linux I don't have to wait 6 hours for all my software
to finish compiling. Think about all the trees that are unnecessarily
cut down because of all that compiling. [...snip...] OpenBSD only has
a small number of precompiled packages, and usually extremely
outdated. If you want to get anything useful you have to compile
ports."

 https://news.ycombinator.com/item?id=7196494

Thanks!

O.D.