Re: 'bgpctl show rib in neighbor $peer' no longer shows unfiltered received routes

Thanks for the rapid response and proposal. I'd wanted to test yesterday but had to postpone. On Mon, May 8, 2023 at 12:18 PM Claudio Jeker wrote: > Here is a possible solution where a perfect match aborts the detection > loop. Now this only works if the labels are in the right order ("in" > befo

'bgpctl show rib in neighbor $peer' no longer shows unfiltered received routes

While diagnosing an unrelated matter, I find that 'bgpctl show rib' has difficulty with the 'in' keyword. The 'out' counterpart works as expected. Looking at bgpctl(8), the following should work (but doesn't): $ bgpctl show rib in neighbor $peer ambiguous argument: in valid commands/args: invali

Re: Multiple, simultaneous interfaces using dhclient

On Sun, Jul 13, 2014 at 10:11 AM, Björn Ketelaars < bjorn.ketela...@hydroxide.nl> wrote: > It sounds like that your default inet route is overwritten after dhclient > on vlan1 is issued. That's not something I'd expect, given that the dhclient instances should be in separate routing domains.

Multiple, simultaneous interfaces using dhclient

Dear list, as my ISP is migrating to a new network setup, I'm forced to tinker with my local setup. Unfortunately, I'm struggling to get two interfaces (vlan0, vlan1) working simultaneously with DHCP. Separately, they work fine. Together, vlan1 drops my internet connection (vlan0); the latter won

Re: Documentation on rc.conf.local lacks important warning

Though I looked on a 5.3 system, rc.conf(8) suggests the following: "It is advisable to leave rc.conf untouched, and instead create and edit a new rc.conf.local file." That's rather different from creating a copy. From a brief look at CVS, it's the same for -current. Regards, Rogier On Sun, Fe

Re: Trouble getting ipsec.conf 'tag' working in 5.3

On Tue, Jun 11, 2013 at 3:26 PM, mxb wrote: > Tried to tag pkts on $int_if ? Eg > match in on $if_int from ($if_int:network) to $pbx_net tag PBX > Yes and that works. But shouldn't it already be covered by the 'PBX' tag in ipsec.conf? That's what I expected and what I'm trying to figure out. Th

Re: Trouble getting ipsec.conf 'tag' working in 5.3

A kind soul (thank you) suggested I add the following to my ruleset: pass quick on enc0 proto ipencap Unfortunately, that does still not allow the inner outbound traffic to pass. >From what I can tell, the original ruleset already let ipencap traffic pass on enc0. I verified with tcpdump and

Trouble getting ipsec.conf 'tag' working in 5.3

Dear list, after re-installing a machine with 5.3 (i386), I wanted to tighten up the filtering rules. To that end, I added a 'block log' rule near the top of my rules. This appears to be unexpectedly effective. I'm having trouble with my IPsec VPN to a VoIP PBX. Although my SAs come up as expecte

Re: em(4) fails to initialize for Intel i350-F2 dual-port fibre NIC

Apologies for the delayed follow-up; I was unable to test over the weekend. I plugged in both fibres this afternoon. With the diff, the hardware appears to be correctly initialized. Both ports properly find their link. Light testing today shows no surprises. Any particular things I should test ad

Re: em(4) fails to initialize for Intel i350-F2 dual-port fibre NIC

Hi Jonathan, thanks for the diff. Currently building a kernel with it and will report back. Regards, Rogier On Sat, Apr 27, 2013 at 3:24 AM, Jonathan Gray wrote: > On Fri, Apr 26, 2013 at 10:51:45PM +0200, Rogier Krieger wrote: > > Dear list, > > > > after installing

em(4) fails to initialize for Intel i350-F2 dual-port fibre NIC

Dear list, after installing a dual-port fibre NIC, it seems the card is recognized, but fails to initalize. The card in question is an i350-F2. I've upgraded to the latest snapshot to see if there's any improvement, but alas. em0 at pci8 dev 0 function 0 "Intel I350 Fiber" rev 0x01: msiem0: Hard

Re: Advice on adding com2 to (amd64) GENERIC; enabling easier IPMI SOL with SuperMicro boards

On Sat, Apr 6, 2013 at 1:35 AM, Ted Unangst wrote: > I guess you missed the subsequent put back yesterday. :) Guilty as charged. > [...] com2 renumbers any other pci attached com ports from the likes of puc. I suppose for those running tools such as conserver, this would mean changing the conf

Re: Advice on adding com2 to (amd64) GENERIC; enabling easier IPMI SOL with SuperMicro boards

Out of curiosity, after seeing the commit and subsequent backing out of this change, what'd be the expected issues with enabling com2 that require more thought? Regards, Rogier On Sat, Mar 30, 2013 at 8:01 AM, Ted Unangst wrote: > On Sat, Mar 30, 2013 at 02:06, Rogier Krieg

Advice on adding com2 to (amd64) GENERIC; enabling easier IPMI SOL with SuperMicro boards

Dear list, in an attempt to save on serial cabling for our machines, I'm trying to see if IPMI Serial over Lan (SOL) works as advertised. For our Dell boxes, things seem to work, but our SuperMicro boards (X7SPA-HF and X8ST3-F) require extra work. The latter seem to insist on using com2 (i.e. COM

Re: smtpd relay

On Tue, Feb 26, 2013 at 4:39 PM, Zoran Kolic wrote: > accept for any relay via my.isp.smtpserver iirc, smtpd.conf(5) mentions the host being in URL form, e.g. smtp://my.isp.smtpserver At least, it does for my Feb 17th snapshot. Regards, Rogier

Re: OpenSMTPd error after upgrading to -current

On Sun, Feb 3, 2013 at 10:19 PM, Frank Brodbeck wrote: > /etc/mail/smtpd.conf:12: error: invalid url: smtps+auth://mail.split-brain.de The description of the relay parameter in smtpd.conf(5) is accurate. It seems the examples section in smtpd.conf(5) is slightly outdated, however. The format for

Re: ext2fs read errors

On Sun, Dec 30, 2012 at 12:54 PM, Martijn van Duren wrote: > Jan Stary schreef op zo 30-12-2012 om 12:24 [+0100]: >> On Dec 30 10:43:00, m.vandu...@jonker.nl wrote: >> > I'm migrating my data from an ext3 partition [...] > That is correct. And I mounted it mount_ext2fs /dev/wd0i /mnt. Why would

Re: ftp/www.openbsd.org downtime today. don't panic

On Fri, Oct 12, 2012 at 4:08 PM, Bob Beck wrote: > Please don't panic. Naturally, this happens on a day one forgets to bring a towel. Cheers, Rogier

Re: IPv6, OpenBSD and .. Mac OS X Lion

Here, it took a few iterations of properly reading the rtadvd.conf(5) manual, but the various Mac devices over here (OS X v10.6+, iOS v5+) properly get addresses and DNS servers assigned. My setup: Addresses here are assigned over rtadvd(8); DNS information over DHCPv6. With the recent patch to rt

Re: AUTHENTICATION_METHOD = 65001 (unknown)

On Sun, Jun 10, 2012 at 8:12 PM, Ray Zorthin wrote: >  2) Do we need to use iked(8) instead of isakmpd(8)? Instead, you may want to look at npppd and using the L2TP variant natively available on your iPad. At least, that's how I have an iOS device connect (v5.1.1 currently, but worked for several

Re: Recent DELL hardware support

On Thu, Apr 5, 2012 at 21:02, Kostas Zorbadelos wrote: > The only remaining question is PERC H200 support. mpii(4) should cover the Dell PERC H200.

Re: how to find dependencies when building a new kernel

On Tue, Nov 29, 2011 at 11:38, T. Valent wrote: > [dmassage] It's not part of the official OpenBSD or the ports tree. Are you sure it's not in sysutils/dmassage? It would seem you're trying to build your own stripped-down kernel. Doing that sort of thing is typically a "you break it, you get to

Re: DNS Google ?

Lest I'm mistaken, both serve DNS data, but in different roles. nsd is for serving authoritative zones, not for resolver work. unbound is a resolver. Regards, Rogier

Re: dhclient, resolv.conf

On Thu, Oct 20, 2011 at 20:11, wrote: > But again, I insist in my first question: how I get that > dhclient respect my resolv.conf and do not touch it? If you insist on dhclient not touching resolv.conf and do not want to edit the in-base dhclient-script, you can use the 'script' parameter descr

Re: bsd.rd and (automated) upgrading

On Sat, Apr 30, 2011 at 11:54, David Steiner wrote: > can the upgrade process via bsd.rd be automated? Yes, see e.g. Yaifo. The link came by earlier this week on the list. http://sourceforge.net/projects/yaifo/files/yaifo/4.8/yaifo-4.8.tgz/download Regards, Rogier

Trying to find mfi(4) cards, am I looking for the LSISAS2108 chip?

In short: if I'd like to get a RAID5/6 supporting mfi(4) card, what current LSI/other models would I be looking for? Would that be models with the LSISAS2108 chip? The mfi(4) manual states the Dell PERC H700 to be a supported mfi(4) card. From the Dell documentation, it seems that card holds an LS

Re: ipfm+openbsd 4.6

On Mon, Jan 24, 2011 at 01:10, emigrant wrote: > ipfm dont work well in openbsd 4.6/4.7/4.8, too much changes in pf?(yes, i > use pf), any ideas what can i do? go back to 4.5? :) People here are unlikely to recommend going back in OpenBSD versions. >From the first Google hit on IPFM [1], I get

Re: network configuration problems

2010/6/19 Jean-Frangois SIMON : > # bash /etc/netstart As others have pointed at, you'll want /bin/sh instead for this case. When in doubt what to use, review the top line in the script you're about to execute and use the shell listed there. > WARNING: /etc/hostname.re0 is insecure, fixing perm

Re: anyone use these for firewall?

On Tue, Jun 15, 2010 at 17:58, Chris Smith wrote: > Ran across these Supermicro boxes: > > http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm If I'm not mistaken it's a system that turned up on the list earlier, including 4.7 dmesg. http://marc.info/?l=openbsd-misc&m=12707857161

Re: Stopped at pf_test_rule+0xa87 [again]

On Tue, Mar 9, 2010 at 22:25, Price, Joe wrote: > In summary, it sounds like Henning may have fixed it from this post: > http://marc.info/?l=openbsd-cvs&m=124955744915786&w=2 >From the message you quoted and seeing r1.655.4.1, it seems the fixes you refer to made it into 4.6-stable. You may want

Re: nmbd does not listen

On Sun, Mar 7, 2010 at 14:31, jean-francois wrote: > Is there some basic configuration I missed to do ? As a quick check, did you start both smbd and nmbd components (ps ax is your friend here) and did you place the necessary lines in /etc/rc.local as per the message you received upon install? If

Re: any known working configuration of OpenBGPd and CARP ?

On Sun, Mar 7, 2010 at 06:00, PP;QQ P(P8P?P8QP8P= wrote: > from the network point of view, packets will come from the same MAC an > IP address (because of CARP), so ... if BACKUP will "just continue to > maintain a session, established by MASTER", nobody will even know, 1 > sec is nothing in

Re: any known working configuration of OpenBGPd and CARP ?

On Sat, Mar 6, 2010 at 17:26, PP;QQ P(P8P?P8QP8P= wrote: > no, I want routes exactly to carp. That sounds odd. Routes are something different than what particular host responds to frames directed to a specific hardware address. If I understand the rest of your description correctly, you want

Re: pf: blocklists

On Thu, Mar 4, 2010 at 14:34, nixlists wrote: > spamd is great, but I need to filter other traffic. I still wonder how > people manage to download and convert blocklists for loading into pf If I understand your question and read the spamd-setup(8) man page correctly, you may want to try your luck

Re: Core dumps from daemon processes?

Would the following be an improvement for the documentation? Feel free to flame my mdoc(7) skills or lack thereof. Regards, Rogier ### Eclipse Workspace Patch 1.0 #P man5 Index: core.5 === RCS file: /cvs/src/share/man/man5/core.5,v

Re: RAID1 : offline -> online (how to?)

On Mon, Feb 22, 2010 at 00:03, Jean-Francois wrote: > Making again the test on 4.6 Now I have "bioctl: BIOCCREATERAID: Invalid > argument" however on a another machine. Am I wrong in any point ? The kernel complains about invalid metadata, so that may well stop you from rebuilding your 4.4-softra

Re: RAID1 : offline -> online (how to?)

On Sun, Feb 21, 2010 at 19:47, Jean-Francois wrote: > Seems appropriate in the latest man, but did not appear in my man page. The -R > is'nt available in version 4.4 ? any way to proceed ? As far as I know, softraid didn't support rebuilds in 4.4; it was added later. Judging from the man page dif

Re: RAID1 : offline -> online (how to?)

On Sun, Feb 21, 2010 at 17:51, Jean-Francois wrote: > Sorry for the so many questions but still manual may not always > answer to them. Did you read bioctl(8) and did you try the -R option that man page mentions? It would seem appropriate for your question. > How do we make the device become onl

Re: multiple qemu hosts, typo

On Tue, Feb 2, 2010 at 15:27, Matthias Pfeifer wrote: > [...] Then the second: > this gives me a " cannot create /dev/tun0: Device busy " If I'm not mistaken, you need separate tun(4) devices per qemu instance. The reason for that lies in the device being ready for simultaneous use only by a s

Re: Jan 28 snapshot - em0 disappeared

On Mon, Feb 1, 2010 at 07:32, Steve Williams wrote: > I have downloaded the current cvs code and compiled it. It exhibits the > same problem, missing em0. It seems to nicely detect the hardware, just not liking its EEPROM contents and stopping initialisation there. While you should take a develo

Re: Doubt about updating the ports

On Sat, Dec 26, 2009 at 20:11, Daniel Bareiro wrote: > I'm updating OBSD 4.5-stable to OBSD to 4.6-stable and have a doubt when > updating ports using this [1] procedure. The instructions you linked describe how to go from 4.6-release to 4.6-stable, not what you are trying to accomplish (unless y

Re: Dell Latitude E6400 'sluggish' keyboard response with ACPI enabled

On Sun, Oct 4, 2009 at 00:14, Marco Peereboom wrote: > This fixes it. I need to come up with a way to get this in the tree > without breaking IBM T21. Indeed it does. Where I originally noticed the problem very quickly after system startup, it now seems to have disappeared. I still see acpidump

Dell Latitude E6400 'sluggish' keyboard response with ACPI enabled

While trying out a Dell Latitude E6400, I notice sluggish keyboard behaviour. This occurs both in 4.5 as well as the Oct. 2 snapshot (-current). In each case, I use the amd64 snapshots. The issues disappear when disabling ACPI via UKC. What I see is the following: some keypresses being 'missed', o

Re: mod_mp3 bug or wtf

On Tue, Sep 22, 2009 at 01:56, Andrej Elizarov wrote: > I found this example: > > mkdir /var/www/music > mkdir -p /var/www/var/www > cd /var/www/var/www > ln -s /var/www/music music > > But in this case all mp3s must be inside ServerRoot. Not good. You're essentially offering web content. Arguabl

Re: Updates to several OpenBSD hosts

On Tue, Jun 23, 2009 at 22:27, Urban Hillebrand wrote: > My aploogies for being unclear. Those hosts are all on different > locations and nets, even belong to different companies. You could try using tools such as cfengine and/or puppet (both are in ports) to have them pull in their configuration

Re: mod_fastcgi and chroot (4.4/amd64) [resolved]

On Sun, Apr 5, 2009 at 16:35, Rogier Krieger wrote: > While trying to get a test Catalyst rig running on my 4.4 machine, I > am getting bitten by the chroot(2) feature. While chroot(2) seems to be the issue, the following two things seem to make it work as desired. Make /var/www/var

mod_fastcgi and chroot (4.4/amd64)

While trying to get a test Catalyst rig running on my 4.4 machine, I am getting bitten by the chroot(2) feature. Running the following configuration snippet works fine with httpd_flags="-u" but yields the following httpd error while using chroot. The machine is a vanilla 4.4-release amd64 box, run

alias addresses in hostname.if for carp interfaces

Dear list, While reading the manual I am having difficulty figuring out what the appropriate hostname.if(5) entries should be for the following (attempted) network setup: + Desired subnet: 172.24.10.0/24 + HP ProCurve 2900-24G; providing (tagged) VLAN 10 on a physical port + bnx0 physical parent i

Re: 4.4 sshd didn't start

On Mon, Nov 3, 2008 at 21:08, Bryan Irvine <[EMAIL PROTECTED]> wrote: > Should be in rc.conf.local? If I'm not mistaken [1], you will only see a change in /etc/rc.conf.local if you select 'no' for starting sshd by default. To the OP: > On Mon, Nov 3, 2008 at 11:28 AM, elflord woods <[EMAIL PROT

Re: OpenLDAP

On Mon, Sep 8, 2008 at 09:58, my mail <[EMAIL PROTECTED]> wrote: > so i can use ldap with bdb backends in OpenBSD 4.4 eh? Take a look at the port's Makefile [1] which apparently will be in 4.4-release. Excerpt below to save you the searching. If you intended your remark as sarcasm, it's more likel

Re: FAQ License?

If I'm not mistaken, there has already been a thread [1] on this, including an explanation [2] of the various considerations involved. 1. MARC.info - OpenBSD-misc - Thread 'BSD Documentation License?' http://marc.info/?t=12061249355&r=1&w=2 2. MARC.info - OpenBSD-misc - Nick Holland - 'Re: BS

Re: RAID/Intel Installation Problem

On Wed, Jun 18, 2008 at 12:39 PM, Kenneth R Westerback <[EMAIL PROTECTED]> wrote: > If this is the device you expect to provide disks, the only obvious > candidate I see, it is not currently supported in the RAMDISK_CD > kernel if at all. >From a quick glance at pciide(4), I suppose it should work

Re: Got Cerfiticate how to use it. WAS: Re: OpenSSL On Openbsd help

On Sun, Jun 15, 2008 at 9:37 AM, Khalid Schofield <[EMAIL PROTECTED]> wrote: > Running openbsd 4.0 and apache 1.3 . I've loads of virtual hosts on > apache and I'm now running apache from rc.conf.local with: > httpd_flads "-u -DSSL" . That probably is a typo and in your rc.conf.local it would rea

Re: How to HIDE "OpenBSD" as user-agent?

In hopes of preventing your ending up singed and blackened around the edges... On Tue, Apr 29, 2008 at 2:18 PM, macintoshzoom <[EMAIL PROTECTED]> wrote: > How to HIDE "OpenBSD" as user-agent? > > For security reasons it is sometimes interesting to hide GLOBALLLY th > O.S. you are running on [...

mpi(4) supporting bio(4)/bioctl(8)?

he mpi driver also support bioctl? If not, I know what sort of equipment to avoid on a bunch of new servers. Thanks in advance, Rogier Krieger References: 1. NYCBSDCon 2006 - Marco Peereboom - "Bio and Sensors in OpenBSD" http://www.openbsd.org/papers/bio.pdf 2. OpenBSD CVSweb - /sr

Re: Building 4.2-stable xenocara fails - /usr/src/xenocara/lib/fontconfig claims freetype-config is not installed

On Feb 16, 2008 8:59 AM, Matthieu Herrb <[EMAIL PROTECTED]> wrote: > On Feb 15, 2008 5:31 PM, Rogier Krieger <[EMAIL PROTECTED]> wrote: > > Upon 'make build', the directory lib/fontconfig errors out on not > > being able to find freetype-config. > > yo

Re: Network Time Synchronization using timed or ntpd or a Combination?

On 10/23/07, Boris Goldberg <[EMAIL PROTECTED]> wrote: > It's always better to don't run a demon if you don't have to. :) That sort of remark has often started endless debates. :) For me, trusting rdate to provide time or using ntpd for it is pretty much the same, but feel free to disagree. The

Re: Network Time Synchronization using timed or ntpd or a Combination?

On 10/23/07, Chris Kuethe <[EMAIL PROTECTED]> wrote: > Rdate provides a single valuable service: the ability to poll a device > to see what time it thinks it is (ie. probing the health of my time servers). Good point; I should probably add that to my monitoring setup. Thanks for the suggestion,

Re: Network Time Synchronization using timed or ntpd or a Combination?

On 10/23/07, Boris Goldberg <[EMAIL PROTECTED]> wrote: > You don't really need ntpd on all systems. One (timeserver) runs ntpd, > and others use rdate, called from cron (once a day is usually enough). While your suggestion would work, it would also entail more work without adding benefit. Upon

Re: GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens

On 7/10/07, Rogier Krieger <[EMAIL PROTECTED]> wrote: If my clients (MIT KfW, SecureCRT) attempt GSSAPI authentication, [...] OpenSSH does not obtain any AFS token, forcing me to run afslog manually. Or put such a command in /etc/ssh/sshrc, as hinted at in sshd(8). This seems to work i

Re: GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens

As someone kind made me realise in an off-list reply, I should have included my sshd_config on the machine in question. I should further note that it is a 3.9-stable machine (although I did not spot changes relating to the OpenSSH behaviour regarding GSSAPI for the versions included with 4.0/4.1).

GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens

Dear list, While fiddling around to move my home directories onto AFS, I notice a bit of interesting behaviour. At a first glance, everything seems just fine. When logging in through the Krb5 mechanism (as defined in login.conf), OpenSSH nicely obtains an AFS token for me. Use case: Windows SSH c

Re: spamd

On 6/4/07, Edgars Makra <[EMAIL PROTECTED]> wrote: With one such non passable smtp server admin we tested it via phone. He said that promt is very slow (as it should be), then he got 451 Temp error. After 5, 15, 30 and 60 minutes he retried, nothing :( If you tried connecting by manually perfor

Re: pf.conf settings

On 5/28/07, Woodchuck <[EMAIL PROTECTED]> wrote: I wonder if this setup will allow you to do dhcp. Probably during boot, (before it takes effect, when the rules in /etc/rc are active), but afterwards, not. Typically, dhclient(8) uses the bpf(4) devices and is not troubled by PF's ruleset. If I

FFS panic on 4.0-release and fsck_ffs troubles (SATA drive on SiI3112)

On an older piece of hardware (PII-300) running 4.0-release running local storage at my parents', I experience FFS-related panics when writing files to the secondary HDD [wd1] (connected to a separate SATA controller [pciide1]). Since I lacked a console cable, I copied the trace and ps informatio

Re: Problem: Raid mounting root as read-only, and not from the partition desired...

On 4/7/07, Merp.com Volunteer <[EMAIL PROTECTED]> wrote: I used the directions from eclectica here: http://www.eclectica.ca/howto/openbsd-software-raid-howto.php To be blunt: you are using old (3.7) instructions that are not from the OpenBSD project, that involve compiling your own kernel (see

Re: bcw(4) is gone

On 4/6/07, Andris Delfino <[EMAIL PROTECTED]> wrote: What's wrong? They protect their license. Period. No one seems to dispute the right of copyright holders to protect their licence. That said, there are more ways than one to protect one's licence. It hardly seems unreasonable to privately co

Re: Problems with X11 traffic over ssh in pf.conf

On 3/23/07, carlopmart <[EMAIL PROTECTED]> wrote: My problem is wih pf rules. If I put on pf.conf "pass all", all works ok. Then the easiest debugging feature is doing a tcpdump on pflog0 for blocked packets. Assuming (without your pf.conf, it's hard to guess) you use a default block, add a log

Re: Problems with X11 traffic over ssh in pf.conf

On 3/23/07, carlopmart <[EMAIL PROTECTED]> wrote: Do I need to open additional ports or protocols?? Not so much additional ports or protocols, but are you sure you enabled X11 forwarding? A few suggestions for things to check: + in /etc/ssh/sshd_config, did you enable 'X11Forwarding' ? + for t

OT - spamd at cullmail.com blocking connections from Gmail

. Being a spamd user myself, I use the following exception list for Gmail's mail server pool: 64.233.162.192/28 64.233.170/24 64.233.182.192/28 Sincerely, Rogier Krieger -- Forwarded message -- From: Mail Delivery Subsystem <[EMAIL PROTECTED]> Date: Feb 23, 2007 6:39

Re: ldap authentication troubles

On 2/21/07, Vijay Sankar <[EMAIL PROTECTED]> wrote: On Wednesday 21 February 2007 10:22, Rogier Krieger wrote: > Personally, I'm having trouble using login-ldap with my local(host) > LDAP server using SSL. ftl2# more /etc/openldap/ldap.conf TLS_CACERT /etc/ssl/c

Re: ldap authentication troubles

On 2/21/07, L. V. Lammert <[EMAIL PROTECTED]> wrote: PMFJI, but could you clarify that? Requiring local accounts totally defeats the purpose of an LDAP server. Yes, it does. In fact, it is clearly documented in the login-ldap port materials. You may get around said local accounts requirement i

Re: spamd unnecessarily abrasive?

On 2/20/07, Jimmy Mdkeld | Loopia AB <[EMAIL PROTECTED]> wrote: Rogier Krieger wrote: > End user connections are what the submission port (589) is for. # grep submission /etc/services submission 587/tcp submission 587/udp As I ment to say, port 587 ;) Apparently, it is ti

Re: spamd unnecessarily abrasive?

On 2/20/07, J Moore <[EMAIL PROTECTED]> wrote: I was under the impression that spamd was supposed to "politely" defer connections from unknown/greylisted hosts. Given the '451' response in the SMTP conversation, it is a relatively polite and benign way to defer connections. I doubt a sending MT

Re: pf rules

On 2/12/07, Artyom Goryainov <[EMAIL PROTECTED]> wrote: block in quick on $ext_if proto tcp from {!$me, !$mynet} to $ext_if port 80 You will probably want to see the PF FAQ [1] on this, specifically the section on Lists and Macros. It tells you why you should use tables for this purpose. The l

Re: The OACK Project

On 1/24/07, Jonathan Eifrig <[EMAIL PROTECTED]> wrote: tftpd[]: oack: Permission denied That may have something to do with *file* permissions. Quoting tftpd(8): "The use of tftp(1) does not require an account or password on the remote system. Due to the lack of authentication information,

Re: ODBC repost...

On 1/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: We would then like to access that data from our mainframe via ODBC to retreive the records. Since it's not really clear to me what you intend to so, I am assuming the following: + Your mainframe runs a Windows platform + Your OpenBSD machi

Re: PHP5 install error

Just a quick guess. On 11/30/06, Brendan Grossman <[EMAIL PROTECTED]> wrote: Can't install php5-core-5.1.4p1-hardened because of conflicts (php5-core-5.1.4p1) Try to delete the conflicting package (php5-core) first. You already seem to have it installed, blocking the installation for your diff

Re: Building 4.0 problem

On 11/2/06, Josh <[EMAIL PROTECTED]> wrote: Following the man release page [...] Could you elaborate on what branch (-release, -stable, -current) and version you're trying to build 4.0 on? And of course: which 4.0 branch are you trying to build? If it's not working, try the regular binary upgr

Re: openbsd mobile question?

This *really* is something you should have looked up in the archives. Browse those for more information. The archive is your friend. On 10/16/06, Jay Jesus Amorin <[EMAIL PROTECTED]> wrote: does openbsd 4.0 supports intel ac'97 modem and intel ipw2200 on laptop? In short: don't expect Winmodem

Re: best hardware plattform for openbsd

On 10/13/06, Toni Mueller <[EMAIL PROTECTED]> wrote: Thanks for pointing me to bioctl - I was unaware about that - but I don't offhand see how I could eg. collect SMART status on the drives hanging off such a card. IIRC, you cannot collect the SMART status on individual drives. Personally, I do

Re: best hardware plattform for openbsd

On 10/13/06, Toni Mueller <[EMAIL PROTECTED]> wrote: [...] whether I should stick with RAIDframe [...] or if I should go for hardware RAID instead [...] Personally, I find using hardware RAID a lot easier. You can stick with GENERIC kernels and have fewer problems on installing/upgrading. For m

persistent fsck error on newly newfs'ed filesystem [BLK(S) MISSING IN BIT MAPS]

On one of my older P2 machines (running 3.9-stable), I seem to have a very persistent fsck error: "BLK(S) MISSING IN BIT MAPS". Regardless of whether or not I choose to salvage these, I keep getting the error below. The error occurs on an unmounted file system. After choosing to salvage, seems to

Re: mount_null replacement?

On 10/4/06, G 0kita <[EMAIL PROTECTED]> wrote: I notice mount_null was dropped as of OpenBSD 3.8, can someone tell me first of all why this was done [...] Various comments to the likes of 'turd polishing' can be found in the misc@ archives. IIRC, the developers gave up on this piece of function

Re: NIS server

On 10/3/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: [...] note that at least OpenBSD can authenticate directly against LDAP, using sysutils/login_ldap. Personally, I suspect the OP has a specific interest in implementing NIS. Through NIS, OpenBSD can obtain the information it would otherwis

Re: OpenBSD Paypal used against User Agreement?

On 9/30/06, Karel Kulhavy <[EMAIL PROTECTED]> wrote: "The PayPal service may not be used solely for the purpose of transferring money from one individual to another without an underlying transaction for the sale of goods or services." It's a payment model to allow a twice-yearly (update of) rel

Re: bioctl(8) and ami(4)

On 9/15/06, Darrin Chandler <[EMAIL PROTECTED]> wrote: [...] mostly I'm looking for a cluestick about bioctl. AFAIK, this has to do with bugs in the 3.9 bioctl that were fixed in -current a while ago. The following two threads came up in the archives: LSI MegaRaid non-hotspare http://marc.thea

skeyinit and lock - login class data unavailable (side effect of login_ldap permissions for login.conf)

Dear list, As a side effect of using login_ldap from ports, I encounter trouble using skeyinit and lock for regular users. This appears to be caused by the permission I put in place on /etc/login.conf (0600) to shield off login_ldap's bindpw attribute. Unsurprisingly, lifting these restrictions

Re: syncing data between workstations and laptop

On 8/29/06, Steffen Wendzel <[EMAIL PROTECTED]> wrote: I currently own 3 home directories. one on each of my workstations and one on my laptop but I want to have the same data in all 3 folders. Trying out Unison (available for wintel, BSD and Linux) is still on my to-do list. I've seen it menti

Re: How to update httpd without a compiller

On 8/23/06, Juha Saarinen <[EMAIL PROTECTED]> wrote: On 8/23/06, Nico Meijer <[EMAIL PROTECTED]> wrote: > Set up another, non-production, box with 3.9 and build -stable on that. Seems a slightly cumbersome way to deal with security issues which may be urgent, but perhaps that's just me? Buil

Re: spamd and TLS on port 25

On 8/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: > Keep a few sanity checks (e.g. no more than X recipients for a message > or no more than 100 messages a minute) This also helps against compromised boxes - i.e., it limits the damage. So it's generally a good idea to have some limit.

Re: spamd and TLS on port 25

On 8/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote: Note that at least Postfix has an independent greylisting implementation True and these implementations may even be quite nice. I never felt much of a need to try it out after having setup spamd. Both are likely to work with STARTTLS; s

Re: spamd and TLS on port 25

On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote: Because I require TLS and SMTP-AUTH for relaying purposes, I'm in a bind. My real problem is getting Exchange to do SMTP-TLS on a different port, so this is really a non-openbsd issue. Perhaps you'd benefit from a solution of shielding your

Re: spamd and TLS on port 25

On 8/10/06, Will H. Backman <[EMAIL PROTECTED]> wrote: Am I correct in assuming that spamd and TLS on port 25 don't get along? Given a mail server (or MUA) that is configured to require TLS on a port it connects to, it will likely have a problem with any other end not offering TLS capability. T

Re: smtp proxy

From the behaviour you describe, your design takes an effort at tearing down just about the nicest part of SMTP: its resilience against network outages. On 8/9/06, openbsd misc <[EMAIL PROTECTED]> wrote: the smtp proxy should not be allowed to queue a message, else the size of the ramdisk woul

Re: Alternative superuser aside from root

On 8/8/06, Tito Mari Francis Escaqo <[EMAIL PROTECTED]> wrote: Is it possible to replace root with another username as superuser? Sure, just change its password entry. That said, I wouldn't recommend wasting your time on this. This could make the system very secure because when it comes to B

Re: watchdogd

On 8/5/06, Felix Kronlage <[EMAIL PROTECTED]> wrote: I think, silent by default with -v for more informations seems more appropiate too. Would you care to elaborate why you want the default behaviour (notify on a changed timeout) altered? The proposed patch by the OP doesn't cause changes for

Re: OpenBSD's own compiler

On 7/31/06, R. Tyler Ballance <[EMAIL PROTECTED]> wrote: Jeeez, talk about an overreaction to the suggestion. [...] It's not that far fetched of an idea Given the times that this question popped up in the archives, Mickey's reaction isn't too surprising. From the past discussions, I gather that

Re: SATA DVD Support?

On 7/29/06, J Moore <[EMAIL PROTECTED]> wrote: I guess that squelches plans for a SATA HDD as well :( If by that you mean you expect OpenBSD to not support SATA HDDs, I can happily assure you you're wrong. OpenBSD supports various SATA controllers (such as your SiI 3112, the SiI 3114, etc.). I

Re: Help to debug Openbsd freezes...

On 7/24/06, Xavier Mertens <[EMAIL PROTECTED]> wrote: It's still running 3.5 (ok, ok, don't shoot, it's an old one but upgrades are not easy). As another poster already mentioned: upgrades are an easy and well documented process. Do your specific circumstances (e.g. problems to physically acce

  1   2   3   >