It's time to buy a laptop for OpenBSD. I'm looking for recommendations
from people actually running OpenBSD on their laptop. My requirements
are pretty light:
* X Windows at 1920x1080 resolution (my vision cannot cope with
anything higher)
* 14 inch screen
* *light* *weight*
* Functional Wifi
On Sept 25, Stuart Henderson werote:
> OpenBSD/arm64 on Apple hardware doesn't use firmware from bwfm-firmware,
> there's some process to copy it from MacOS via the Asahi installer and
> it's then picked up by the OpenBSD installer. (I'm not sure of all the
> details, the only option for wifi on m
Can somebody tell me what I'm doing wrong here. When I run
'make' against this makefile it blows up with:
Fatal: WRKDIR ends with a slash: /usr/ports/pobj/ (in hush/hush-proxyctl)
Fatal: WRKDIST ends with a slash: /usr/ports/pobj/ (in hush/hush-proxyctl)
Fatal: WRKSRC ends with a slash: /usr/port
Stuart Henderson writes:
> I think you'd need to disable mount completely, otherwise you can mount
> a new writable filesystem (e.g. MFS) that doesn't have noexec.
Yeah, I completely missed that vector. And really, that makes more
sense. How often do you live mount filesystems on a firewall?
A
Omar Polo writes:
> or they can just upload to /usr/local or /home, or mess with /etc, or...
> I don't see how this would help.
It's another layer to make things more difficult.
If the writable filesystems are noexec and they can't take that
away, uploads become less valuable.
/etc is always go
I am curious to hear peoples thoughts on adding some mount(2)
hardening when the system is running at securelevel 2. Specifically:
* do not allow removing MT_NODEV, MT_NOEXEC, MT_NOSUID,
or MT_RDONLY in conjunction with MNT_UPDATE
* do not allow MNT_WXALLOWED in conjunc
Try changing ($wan:0) to $(wan) and see what happens.
Kevin Williams writes:
> The main use case I see for this is to manage a fleet of more than 10 or
> so machines/VMs/instances. rdist or a package such as Ansible could
> manage the crontab and possibly search announce@ on marc.info for
> keywords to hold off on the upgrade.
Blind updating out o
Todd C. Miller writes:
> local-zone: "1.1.10.in-addr.arpa." transparent
That (well, a variant) was the answer. I was having a real problem
wrapping my head around what 'transparent' did, so I was applying
it incorrectly. Thanks for prodding me to revisit it!
--lyndon
I am at Witt's End.
I am trying to get unbound to serve up reverse DNS for our internal
1918 address space. I have been going hammer and tongs at unbound.conf
to try to make it forward requests for '*.10.in-addr.arpa.' to our
two internal nameservers that are authoritative for the 10.in-addr.arpa
Sean Kamath writes:
> Just which hosts and ports? No caching?
Sorry, I should have given a better description ...
We proxy http, https, and rsync. squid functions as a simple L7
relay for those protocols. The purpose of the proxy is to restrict
1) which internal hosts can establish outbound c
We've been running squid on OpenBSD for years, but it seems these
days that any time it tries to proxy a file > 1MB, it just dies.
This makes it impossible to do thinks like mirror the OpenBSD
distributions.
Does anyone know of another HTTP proxy that supports squid-style
ACLs? That's a big part
Peter Hessler writes:
> On 2023 Sep 13 (Wed) at 14:45:37 -0700 (-0700), Lyndon Nerenberg (VE7TFX/VE6B
> BM) wrote:
> :This might be worth a note in the rpki-client manpage
>
> Please re-read my entire email.
>
Doh! Sorry, I didn't look at that part of the page as I alrea
Peter Hessler writes:
> Because ARIN insists on a completely ridiculous agreement for a public
> key to verify their data.
That's odd. I didn't have to agree to anything to download the file.
This might be worth a note in the rpki-client manpage, as it certainly
violates POLA.
--lyndon
After some head bashing wondering why rpki-client wasn't
finding our ROAs I discovered the system doesn't ship with
ARINs tal file. So great swaths of RPKI data aren't getting
downloaded.
Why are those things?
--lyndon
> dmesg | grep em
em0 at pci8 dev 0 function 0 "Intel I210" rev 0x03: msi, address
00:25:90:b8:82:b8
em1 at pci9 dev 0 function 0 "Intel I210" rev 0x03: msi, address
00:25:90:b8:82:b9
em2 at pci12 dev 0 function 0 "Intel I350" rev 0x01: msi, address
00:25:90:b8:82:ba
em3 at pci12 dev 0 function
I'm setting up jumbograms on a couple of vlans stacked
on an aggr and I need a sanithy check that I'm doing
this right.
The switches use a hardware MTU of 9192. We want an IP
MTU of 9000 for the vlans. I'm assuming this will work?
ifconfig em1 mtu 9192
ifconfig em5 mtu 9192
ifconfig aggr0
Gabor LENCSE writes:
> If you are interested, you can find the results in Tables 18 - 20 of
> this (open access) paper: https://doi.org/10.1016/j.comcom.2023.08.009
Thanks for the pointer -- that's a very interesting paper.
After giving it a quick read through, one thing immediately jumps
out.
For over a year now we have been seeing instability on our firewalls
that seems to kick in when our state tables approach 200K entries.
The number varies, but it's a safe bet that once we cross the 180K
threshold, the machines start getting cranky. At 200K+ performance
visibly degrades, often lead
I need to set up an ipsec tunnel between a couple of ip6 networks,
but I only have an ip4 path between the two gateways. I don't want
any ip4 traffic inside the ipsec tunnel, so I'm a bit puzzled about
how to set this up. Once I have the end-points up, can I just point
the ip6 traffic and routes
We are about to discover the joys of upstream BGP routing :-P The
current plan is to use a pair of OpenBSD+bgpd hosts as the routers.
Each host will require 4x10gig ports (SFP+). One of those links
(to AWS) will be close to saturated, along with the downlink to our
switches. The other two will
Nick, spare yourself the pain and just designate one machine as the
master. This is how we run all our proxy server pairs (nginx,
squid, other stuff). For a pair fooa/foob, 'a' is the master, and
gets advskew 100. The 'b' host gets 150. Make sure preemption is
enabled.
When it's upgrade time, up
Marcus MERIGHI writes:
> > vfs = catia fruit streams_xattr
>
> I run a Samba server that does not have these options set - but
> successfully serves iOS/macOS clients.
You need those extra attributes if you want to use your Samba
share for TimeMachine backups.
--lyndon
I have a C922 wired up to a mid-2014 Mac Mini. The system sees the
camera, /dev/video responds as expected, but when I run video(1) I
just get a window with a solid green background.
The camera works with MacOS, so I know the hardware is good, and
when I run the command the white "on the air" LEDs
Stuart Henderson writes:
> "synproxy state" cannot work on outbound (for more details see
> https://marc.info/?l=openbsd-tech&m=160686649524095&w=2).
>
> Because pfctl is doing something other than what you asked it to do,
> IMO the warning makes sense.
>
> Alternatively it could be classed as an
Given the rule
pass proto tcp from any to mail.example.com \
port { 25 80 110 143 443 587 993 } synproxy state
pfctl barks
/etc/pf.conf:586: warning: synproxy used for inbound rules only, ignored for
outbound
It's pretty obvious from reading pf.conf(5) that the above is the
Florian Obser writes:
>
> You need this one:
>
> filter filter-name phase phase-name match conditions decision
> Register a filter filter-name. A decision about what to do with
> the mail is taken at phase phase-name when matching conditions.
> Phases, m
My reading of smtpd.conf says that any reject action should be able
to take a message parameter. Yet the following line is rejected
with a syntax error message:
match mail-from rdns regex "\.t-online\.de$" reject "550 5.7.1 you don't
accept our mail, so we don't accept yours."
Yet the same lin
Chris Bennett writes:
> I would instead recommend a new package with the critical newbie
> information included in text form.
> FAQ, anoncvs and ftp addresses, etc.
Long ago and far away, the Berkeley distributions used to ship an
assortment of system documentation in /usr/share/doc, including a
g
We have one of the above (X12STH-SYS motherboard) that's refusing
to PXE boot. It's connecting to DHCP and downloading the pxeboot
file (according to tftpd), and the bios appears to be printing a
message saying the boot image was successfully loaded, but it only
stays on the screen for about 200ms
The first declaration in is:
typedef struct __kvm kvm_t;
and yet 'grep -r __kvm /usr/include /sys' returns only the above
line. What am I missing?
--lyndon
Marc Espie writes:
> have DISTFILES be empty, put your sources under FILESDIR
> and a bit of glue to ln/mv them into WRKDIR since you got to have a WRKDIR
> for ports.
That was hinted at by a few people, and it's working like a champ!
--lyndon
We have a number of in-house utilities that we push out as packages.
Right now these are built using the standard make framework, with
a bunch of hand-crafted glue to build and sign the packages before
pushing them to our internal distribution server.
I would really like to take advantage of to a
Nick Holland writes:
> Wrote a little script which, when run:
Good grief, man! Just put the pf.conf in CVS and push it with
rdist. We do that for all our carped firewall pairs and it
works a treat. The following 'special' command in the Distfile
will give you a failsafe reload of the pf rules:
s
Ingo Schwarze writes:
> That's not new, it has been like that for at least 14 years and likely
> much longer:
Heh :-) Filing a bug report about my horrible memory seems wrong.
> I don't think adding the more characters to each line would be a good idea.
> It would cause line wrapping in mail ev
Laura, for a first step I would look at pflog(4). As Peter hinted,
if you have an obscure pf rule blocking things after the connection
sets up, this will point it out. (Make sure you have all the
appropriate pflog bits enabled, of course.)
If that doesn't work your next step is to fire up tcpdum
In the output from the daily insecurity report run, the sections on
setuid and block device changes are missing any diff markup. The
remaining sections are fine.
>From this morning's post-7.1-upgrade run:
Setuid changes:
-r-sr-xr-x 2 root bin 355952 Sep 30 13:01:03 2021 /sbin/ping
-r-sr-xr
After the 7.1 update syspatch -c started throwing errors due to a
missing signatures file:
Patch check:
syspatch: Error retrieving
http://ftp.openbsd.org/pub/OpenBSD/syspatch/7.1/amd64/SHA256.sig: 404 Not Found
The error is valid. To suppress this message it would make sense to drop
an empt
I'm trying to get synproxy working on a firewall, using the following
rule:
pass quick proto tcp from any to $front_smtp4 port 25 synproxy state
The firewall accepts the connection on the outside interface, but
I don't see (tcpdump) any attempt to complete the connectiom on the
inside interface
kasak writes:
> The one thing you should know about, is fact, that OpenBSD doesn't
> support extended attributes.
> So, basically, you cannot use streams_xattr module.
And that explains why this works on FreeBSD but not on Open. Thanks
for clarifying this.
--lyndon
Somebody please tell me what the hell I am doing wrong here.
OpenBSD 6.8, samba 4.9.18 via pkg_add, MacOS 10.15.7 fully patched.
My main goal is to get Time Machine backups running, but I keep getting
all sorts of inscrutable errors about file permissions. The backup manages
to create a few dire
ibs...@ripsbusker.no.eu.org writes:
> Aaron Mason writes:
> > What are you looking for in such a service?
>
> Minimally, SSH login, 100GB disk space, and build tools
arpnetworks.com
Henry Bonath writes:
> I would like to chime in here and confirm that I am seeing very
> similar behavior with HAProxy on OpenBSD 6.7,
> I was preparing to create my own post on this issue until I saw your thread.
> I too believe this is a bug.
We saw the same thing after upgrading our proxy host
Comète writes:
> is there any rsync mirror for firmwares ?
Nope. But you can
wget -nH -r http://firmware.openbsd.org/firmware/
instead.
tbl + troff -ms has always worked for me.
> doing a project for a large client and I would like to know if anyone has
> any issues running.
> supermicro with SOC CPUS models
> SYS-5018A-FTN4
If you have any of these, replace them. They have known buggy CPUs
and will randomly fail without warning. We replaced about a dozen
of them aft
Theo de Raadt writes:
> Disagree on this.
>
> Those programs are intentionally not in the path, since you don't
> run them by hand.
That's what I was getting at. It's not clear they are 'libexec's.
That's what confuses people. I just thought this might be a way
to make it clear(er) that you don'
For programs that live in /usr/libexec, those with manpages show
just the bare program name in the SYNOPSIS section (when there is
a SYNOPSIS section).
There is a long-standing expectation that programs documented in
section 8 of the manual can be run from a shell with /sbin:/usr/sbin
in the $PATH
> I am not familiar with Postsript printers. Thanks for correcting
> me. I want something that will work with Ghostscript and not
> depend on Printer Command Language (PCL).
Just search for a printer that supports Postscript. Many laser printers
do. I have an HP LaserJet M402dn. It supports Po
Frank Beuth writes:
> Yes, and being able to Ansible-manage even the re-installation would make the
> whole process that much nicer :)
I started writing a rebuttal to this, but it quickly turned into writing
our design document for how we handle this internally across he data-
centre. That's not
Daniel Jakots writes:
> You can automate installation with autoinstall(8). You can also
> automate upgrades with autoinstall(8)
This works like a charm. On our load balancers we PXE install
with a local rc.firsttime that installs python. After that we
do all the system, haproxy, nginx, &c manag
Kihaguru Gathura writes:
[...]
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Non-compliant with HIPAA guidance
> TLS_RSA_WITH_CAMELL TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant
> with HIPAA guidance
> TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance
> Under what circumstance
> The panic indicated that there was no memory left and
> was in UFS region. Since this is the only change I did in the last few month
> s
> I'm guessing there is a memory leak in the LACP routines, somewhere.
Seems unlikely. We run LACP trunks on all our firewalls and nginx
load balancers. Eac
Our firewalls can't connecto to firmware.openbsd.org (by design).
Is there a way to mirror the contents of firmware.openbsd.org? It
would be nice if these files were available in the usual OpenBSD
mirrors, since we already mirror those and could just point fw_update
at our internal mirror host. B
> This could be improved for 6.6. Maybe you should set a marker in
> the filesystem instead, indicating that rc.firsttime was already run.
> The upgrade procedure could remove the marker.
This is pretty common during new installs. I think in 6.5 fw_update
is run automatically when the system boot
> Sadly, no :-(
>
> But I should be able to accomplish what I need using rc.firsttime and
> a tiny bit of hackery.
Sadly, no :-(
What I was aiming for was to have the newly installed machines come
up with a 2GB MFS /tmp and a ~20GB /var/tmp. But MFS /tmp really
needs help in the system boot scri
Nick Holland writes:
> normally, /var/tmp is a symlink to /tmp.
> It can't make the link. No surprise.
> Answer "Yes" to the "Continue anyway?" prompt, and all will be fine, I
> believe.
Sadly, no :-(
But I should be able to accomplish what I need using rc.firsttime and
a tiny bit of hackery.
mabi writes:
> Now I would first like to upgrade the cluster to 6.4 and then to 6.5 and was
> wondering if it is possible to operate that cluster for a short amount of tim
> e having one node running 6.3 and the other node with 6.4 and then the same f
> or going to 6.4 to 6.5.
In general this is
While trying to PXE install a 6.5 machine I was hit with this failure:
Installing bsd 100% |**| 15163 KB00:00
Installing bsd.mp 100% |**| 15248 KB00:00
Installing bsd.rd 100% |**| 9984
For BSD virtual servers I've had no problems with Arp Networks
(https://www.arpnetworks.com/), going back several years now. I use them for
FreeBSD hosts of my own, and at $WORK we use them to host OpenBSD.
They even worked with me to get a Plan 9 server running. Their tech support
gang is wo
By far the easiest way to do this is to connect a switch to the door that
opens/closes as the door opens/closes. This assumes that when you say "the
door moves" you really meant "is opened or closed".
Whether the switch is normally open or normally closed doesn't matter. Wire
the switch to a
On 03/15/18 19:39, Edgar Pettijohn wrote:
Is there a man page template somewhere that I can use to get started
writing a manual?
No more so than there is a template somewhere that will get you started
writing Shakespeare. The mdoc macros encourage consistency of layout.
But the words come
NET-P GW-Q <-> internet <-> GW-H GW-V NET-V
In the schematic above, '' represents a NAT translation point.
'<->' is a regular router interconnect.
Except for where I screwed up, of course. That should read:
NET-P GW-Q <-> internet <-> GW-H GW-V <-> NET-V
I.e. the GW-V <-> NET-V interf
I have an IPsec conundrum I'm trying to solve. Yes, the scenario
is somewhat absurd; it's also the problem I've been taksed with
solving, so spare the peanut gallery comments, okay?
NET-P GW-Q <-> internet <-> GW-H GW-V NET-V
NET-P is 10.0.2.0/24
NET-V is 10.0.11.0/24
GW-Q is an OpenBSD ho
We manage to deal with all our servers using the IPMI serial console redirect.
You might need to set it up in the BIOS once, although we've not had to do that
in ages. You do have to create the IPMI remote login/password, but you need
that anyway if you're trying to use the web/java console.
> Another option is, when writing the JSON descriptor, to have it inject an SSH
> key into the machine when provisioning. I've never done this myself, but I
> know there's a few examples floating around on the web somewhere.
That was the trick, although it took some digging to find the specific
I have only limited experience with SmartOS, but the quick fix is to login to
the global zone and use zlogin to enter the VM (get the VM hash from vmadmin
list). You'll then have a shell and can change the password, add users, and
adjust the sshd config to your liking.
Not sure that will work
I have installed one of the openbsd-6 SmartOS VM images, gotten the VM to boot,
but I'll be damned if I can find out anywhere a login id and password that will
actually let me log in to the bloody thing. Anybody been down this road and
have an answer? I'm using the c1fce07e-663b-62b9-b766-aa35
The current daemons discussion prompts a vaguely related question. We have a
small but growing collection of in-house daemons written in Go. Go's runtime
isn't amenable to the fork/setsid dance you would normally do to push a daemon
process into the background. As a workaround, I ported FreeB
> On Jul 20, 2017, at 6:35 AM, BARDOU Pierre wrote:
>
> Hello,
>
> Is there a way to make sysctl re-read its conf file, or even another file,
> like sysctl -p does on linux systems ?
> Supporting this option would be nice, as it is used by the sysctl module of
> ansible.
Here's the script we
> On Jun 10, 2017, at 10:44 AM, Charles Lecklider
> wrote:
>
> Is there no other diagnostic information I can get from the OpenBSD side?
Not really, other than running tcpdump on the two interfaces and examining the
LACP protocol packets to try to discover why the negotiation is acting the wa
> On Jun 8, 2017, at 7:47 PM, Charles Lecklider wrote:
>
> The trunk is there, seems to be configured the right way, but the second
> port doesn't come up. If I pull the cable on em0, em1 comes up, put the
> cable back, em0 doesn't join the trunk.
What you're showing looks fine. We run this al
> On Jun 8, 2017, at 7:54 PM, Lyndon Nerenberg wrote:
>
> Why do em0 and em1 have the same MAC address?
Oh shit, never mind - it's the trunk interface :-P Sorry ...
> On Jun 8, 2017, at 7:47 PM, Charles Lecklider wrote:
>
> em0: flags=8b43
> mtu 9000
>lladdr 0c:c4:7a:d9:ea:d0
>index 5 priority 0 llprio 3
>trunk: trunkdev trunk0
>media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
>status: active
> em1:
We're looking to buy some 10-gig SFP+ boards, and are eyeing up
Supermicro's 2-port boards (listed as the 'Intel 82599ES - AOC-STGN-i2S').
ix(4) doesn't list the ES variant of the chip, and a quick grep through
the driver source doesn't mention it explicitly, either. Are any of you
running th
I don't use the submission port on either server, just port 25, but 5.9
sends a message-id and 6.0 does not. What does "/if necessary/" mean for the
5.9 server? What is the deciding factor to make the header necessary? I
would like the v6.0 server to send a message-id too, how do I make
whatever-i
My relayd.conf fu is lame and needs help. Given the following config:
---8<---8<---
interval 60
timeout 2000
table { w1.example.com w2.example.com w3.example.com }
http protocol https {
tcp { nodelay, sack }
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
SYS-5018A-FTN4
FWIW, we have six of these doing firewall duty (currently running 5.9) and
they perform flawlessly. We run them in CARPed pairs, and LACP across
redundant switches.
--lyndon
> On Oct 18, 2016, at 10:48 AM, Jack J. Woehr wrote:
>
> The Power8 *needs* OpenBSD because they don't have a really good firewalling
regimen at that level.
I suspect anyone running Power8 gear is doing so behind dedicated firewall
hardware, e.g. Juniper SRX.
--lyndon
> On Sep 5, 2016, at 10:16 AM, Peter Fraser wrote:
>
> (emacs:17220): GLib-GIO-CRITICAL **: g_settings_schema_source_lookup:
> assertion 'source != NULL' failed
>
> The failed assertion does not seem to cause any trouble, and I expect
> gsettings is part of the answer,.
> but I don't know what the
> Most hardware + firmware combinations provide insufficient detail
> to know what pins are used for what, reserved for what, or wired
> to an auto-destruct.
But that's by design. GPIO is simply an interface to a digital I/O pin on the
CPU. Everything after that is up to the end-user. Especiall
> On May 31, 2016, at 3:58 PM, Ted Unangst wrote:
>
> If we're talking about timeframes long enough for network connectivity to
come
> and go, that's long enough for IP addresses to come and go as well.
This is an interesting problem, in general.
In my MTA development days, we would cache the ta
> In all seriousness, Richard Stallman incurred a repetitive stress injury
> from using emacs commands. Holding down Ctrl or Alt can be bad for your
> health. That's why I generally use vi even though there are things I don't
> like and wish there were a better choice by default.
acme(1)
> acme(1)
Or sam(1) if you are a purist.
On 2016-05-07 3:56 PM, Luke Small wrote:
It is because I am saving the state in virtualbox, which is like putting it
in hibernate, except instead of refreshing the time, the time remains the
same as when it last ran, which can be some time ago.
Why are you running ntpd in a VM? Just have the V
Has anyone done something like this with OpenBSD? I don't see
anything obvious and was wondering what others might have done to
accomplish this. Perhaps some kind of wrapper script ...
We had the same issue a couple of months ago. I just brought over the
tcpdump source from FreeBSD and comp
spider:/var/logtransfer/dc-fw1# find . -name pflog.*.gz -exec zcat {} |
tcpdump -entttv -r - \;
find: -exec: no terminating ";"
Find -exec invokes the command directly using exec(2). There's no shell
underlying the command, so pipes are out (even if you had correctly
escaped the '|').
The e
Well, that is exactly what I want to do. I use the system passwords
for imap anyway, so why not? Of course, the channel must be protected
by SSL/TLS when you do that.
Because there are a large number of IMAP clients that are not aware of
LOGINDISABLED, and which will blindly attempt LOGIN or AU
If someone sends a good patch: yes (see the website for the
correct address where to sent patches). Note that this isn't
as simple as it might seem: the problem is where you store
the passwords for PLAIN. You certainly don't want to reuse
the existing system passwords.
Put the authentication dat
> I m not tied in anyway to OpenBSD, what i m trying to avoid is
> multiplying the amount of different OS i m using hence the question
> about OpenBSD,
Okay, but it helps to know this info up front.
> i think i will indeed take a look at GEOM for time being.
Also, the Express releases of Solaris
On Mar 19, 2007, at 7:17 PM, Timothy A. Napthali wrote:
The only problem I can foresee is that I remember reading somewhere
that
some MTAs use NOOP as a kind of keep-alive at times.
You will also find the command sequence RSET+NOOP used to delimit
transactions when an SMTP client reuses an
The chance on something like that happening during the mv is much
smaller, because it takes much less time.
More importantly, mv (actually, rename(2)) is an atomic operation, which
means there is no period of time where /bsd does not exist. If the system
dies while there is no /bsd, it won't
On Nov 28, 2006, at 7:39 PM, Chris Kuethe wrote:
if you're not careful about your date, you might find you have some
unwanted growfs. you never know what's in swap space.
That's why it's important to finger, first.
I haven't priced shipping containers lately, but I imagine this sort of
setup could be useful in more rural areas instead of building out a
facility. Plus, they're shipping containers so you could stack a bunch
of them together.
I'm thinking the Vancouver economy could take on a whole new look
Why would you want a MIME encoding solution in the default
installation? I mean, really, what do a large majority of systems need
MIME for?
1) Character set support. These days I suspect the number of Unix users
who can live completely within the US-ASCII glyph set are in the minority.
2) PG
First, about hardware requirements.
What you're proposing is absolute overkill for such a small client load.
You won't need to upgrade the hardware :-)
About resource limits of _cyrus user and sysctl values, are there well
known values? Should I increase kern.maxfiles for example? I wouldn't
My isp blocks traffic on port 25. So i decided to experiment on adding a
listening port for sendmail.
While not an answer to your load problem, I suggest you read up on the
Submission service (RFC 4409).
--lyndon
97 matches
Mail list logo
