> Sent: Tuesday, April 29, 2025 at 1:35 AM
> From: "Zé Loff"
> To: "ed bennett"
> Cc: "misc@openbsd.org"
> Subject: Re: I need help with pf and smtpd.conf to deal with an ongoing
> attack on port 25 that is sending out emails.
>
> On M
>Apart from that, you might be able to do something different with your
>MTA: you can configure it to listen on the egress interface, allowing
>only for local delivery, *and* to listen on lo0, allowing those messages
>to be forwarded. This shouldn't be too hard to do with OpenSMTPD.
Shouldn't a U
Open Mail Relay: Why It Is Considered A Spammer's Dream
https://www.duocircle.com/content/mail-relay-smtp/open-mail-relay
An open mail relay is a Simple Mail Transfer Protocol (SMTP) server
configured in such a way that it allows anybody on the Internet to send
e-mail through it https://en.wikipe
On Mon, Apr 28, 2025 at 12:32:56PM +, ed bennett wrote:
> I only want to receive incoming emails and only send emails from the server
> itself,
> either with scripts or while logged on with ssh.
> I've completely blocked port 25 and the submission ports.
> With 25 open, I
On Mon, Apr 28, 2025 at 12:32:56PM +, ed bennett wrote:
> I only want to receive incoming emails and only send emails from the server
> itself,
> either with scripts or while logged on with ssh.
> I've completely blocked port 25 and the submission ports.
> With 25 open, I
I only want to receive incoming emails and only send emails from the server
itself,
either with scripts or while logged on with ssh.
I've completely blocked port 25 and the submission ports.
With 25 open, I can't even login and I have to use IPMI.
First what can I do with just pf? I hav
On 2025-02-08, Mike Fischer wrote:
> Hi!
>
> I’m running a UTM arm64 VM on a Mac mini M2 Pro (which works fine). But
> pkg_add(1) does not update any ports. I have checked several mirrors and the
> updated ports don’t seem to be present on any of them. The
> …/pub/OpenBSD/7.6/packages-stable/ar
b1 at usb1 configuration 1 interface 0 "Red Hat xHCI root hub" rev 3.00/1.00
addr 1
virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio2
scsibus0 at vioblk0: 1 targets
sd0 at scsibus0 targ 0 lun 0:
sd0: 20480MB, 512 bytes/sector, 41943040 sectors
virtio2
So after further investigation, here is what I have found out.
- The USB port is not broken or disabled
- The xHCI root hub is being configured when a device is plugged in.
- The device only appears when I have it plugged in before boot.
- If I remove and insert the device, the PCI
I have VP2420 with coreboot, and have followed the instructions in the
FAQ. Though it looks like my inability to comprehend the functionality
may be hindering a successful connection...
Anyone got it working with OpenBSD? If yes, I'd like some tips.
Thanks in advance.
-ag
On Tue, Oct 22, 2024 at 5:57 AM Stuart Henderson
wrote:
>
> On 2024-10-21, nisp1953 wrote:
> > --9592f4062501dcbe
> > Content-Type: text/plain; charset="UTF-8"
> >
> > I see that py3-scipy is broken.
> > https://openports.pl/path/math/py-scipy,python3
> > Does anyone know when it migh
On 2024-10-21, nisp1953 wrote:
> --9592f4062501dcbe
> Content-Type: text/plain; charset="UTF-8"
>
> I see that py3-scipy is broken.
> https://openports.pl/path/math/py-scipy,python3
> Does anyone know when it might be fixed?
Not yet.
Looks like blas and lapack ports probably want upd
I see that py3-scipy is broken.
https://openports.pl/path/math/py-scipy,python3
Does anyone know when it might be fixed?
I am using OpenBSD 7.6 on AMD64.
--
Thanks in advance,
Jonathan
>> I am a Ph.D. student at Cornell ORIE. I saw a Dell Optiplex 7050 SFF lying
>> around in our department and decided to install OpenBSD on it. The machine
>> does not have WiFi connectivity, but there is an RJ45 Ethernet jack, so I
>> plugged a cable in, and wrote a standard hostname.em0
>>
On 2024-10-18, Stuart Henderson wrote:
> On 2024-10-17, Qingyao Sun wrote:
>>
>> Besides FTP (port 21), I also cannot use SSH or access websites via =
>> HTTPS (port 443). However, I can somehow connect to HTTP (port 80) on =
>> remote servers.
>>
>&
On 2024-10-17, Qingyao Sun wrote:
>
> Besides FTP (port 21), I also cannot use SSH or access websites via =
> HTTPS (port 443). However, I can somehow connect to HTTP (port 80) on =
> remote servers.
>
> werebane# nc -z google.com 80; echo $? =20
> Con
enbsd.org/pub/OpenBSD/7.6/packages/amd64/: empty
> Can't find curl
>
> What about another mirror? Still connection refused
>
> werebane$ doas pkg_add -v curl
> ftp://ftp.usa.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp:
> connect: Connection refused
> ftp
Just read my post it'll answer your questions..
On Fri, Oct 18, 2024, 1:27 AM Jan Stary wrote:
> On Oct 17 19:24:54, sunqingyao19970...@icloud.com wrote:
> > I am a Ph.D. student at Cornell ORIE. I saw a Dell Optiplex 7050 SFF
> lying around in our department and decided to install OpenBSD on it
On Oct 17 19:24:54, sunqingyao19970...@icloud.com wrote:
> I am a Ph.D. student at Cornell ORIE. I saw a Dell Optiplex 7050 SFF lying
> around in our department and decided to install OpenBSD on it. The machine
> does not have WiFi connectivity, but there is an RJ45 Ethernet jack, so I
> plugged
Dear Aaron,
Thanks for the reply! See inline below.
> On Oct 17, 2024, at 22:40, Aaron Mason wrote:
>
> Do you get the same response when trying to connect to port 443 on the
> Windows machine?
Yes, the Windows machine can access https://www.google.com/ through the web
browser, s
It seems like your server is not directly on the internet
Do this:
In one terminal:
doas tcpdump -nettti pflog0 port 443
(This command will literally say BLOCKED or ALLOWED for traffic. It is the
absolute best feature of pf when I was using BSD).
In a separate window:
curl https://google.com
Do you get the same response when trying to connect to port 443 on the
Windows machine? A standard config would block it if there isn't a
service running on that port that was allowed, resulting in a
connection timeout.
sed
>
> werebane$ doas pkg_add -v curl
> ftp://ftp.usa.openbsd.org/pub/OpenBSD/7.6/packages-stable/amd64/: ftp:
> connect: Connection refused
> ftp: Can't connect or login to host `ftp.usa.openbsd.org'
> ^Cpkg_add: Caught SIGINT
>
> Besides FTP (port 21),
nnect or login to host `ftp.usa.openbsd.org'
^Cpkg_add: Caught SIGINT
Besides FTP (port 21), I also cannot use SSH or access websites via HTTPS (port
443). However, I can somehow connect to HTTP (port 80) on remote servers.
werebane# nc -z google.com 80; echo $?
Connection to g
On 2024-09-01, Elie Le Vaillant wrote:
> On Fri Aug 30, 2024 at 11:56 AM CEST, Stuart Henderson wrote:
>> imho you should really be looking for a 64 bit machine if you want to
>> run a web browser.
>
> I am aware that this machine is simply unsufficient for web usage. My
> personal computer needs
On Fri Aug 30, 2024 at 11:56 AM CEST, Stuart Henderson wrote:
> imho you should really be looking for a 64 bit machine if you want to
> run a web browser.
I am aware that this machine is simply unsufficient for web usage. My
personal computer needs are quite small. Base, RSS, groff, mpv, and
links
On Fri, Aug 30, 2024 at 09:56:13AM -, Stuart Henderson wrote:
> imho you should really be looking for a 64 bit machine if you want to
> run a web browser.
Lynx runs just fine on my i386 ;-)
On 2024-08-29, Elie Le Vaillant wrote:
> Hello,
>
> I'm currently daily-driving a 2008 i386 machine on
> -current. Earlier this month, I tried out ungoogled-chromium,
> which was available as a package at the time. I've
> tried again today, and though the ports tree still
> lists i386 as a valid p
Hello,
I'm currently daily-driving a 2008 i386 machine on
-current. Earlier this month, I tried out ungoogled-chromium,
which was available as a package at the time. I've
tried again today, and though the ports tree still
lists i386 as a valid platform, the different mirrors
I've tried do not pro
I'm currently facing a situation where auoinstall pauses until I tell it the
correct port number :
Fetching http://10.0.2.2/52:54:00:12:34:56-install.conf?path=7.5/amd64
Fetching http://10.0.2.2/openbsd-vm-install.conf?path=7.5/amd64
Fetching http://10.0.2.2/install.conf?path=7.5/amd64
Res
On Tue, Jun 25, 2024 at 02:21:06PM -0700, Amarinder Cheema wrote:
> Hi,
>
>
> I hope everyone is having a good day!
>
> Is anyone working on a port for Intel e810 nic? If so, please let me know!
>
>
> Thanks,
>
> Amarinder
Yes.
I am starting work on a port o
Hi,
I hope everyone is having a good day!
Is anyone working on a port for Intel e810 nic? If so, please let me
know!
Thanks,
Amarinder
Hi,
I hope everyone is having a good day!
Is anyone working on a port for Intel e810 nic? If so, please let me know!
Thanks,
Amarinder
rastructure/mk/bsd.port.mk:3065
'/usr/ports/pobj/passenger-6.0.18-ruby32/.build_done': @cd /usr/ports/www/ru...)
*** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2235
'/usr/ports/packages/amd64/all/ruby32-passenger-6.0.18p1.tgz': @cd /usr/port...)
*** Error 2 in . (/usr/
aughter to learn
"motion gestures" farther.
Any chance for a pinball port soon?
Thanks!
> N0\/\/@r€Z
> --
> /\/\@rk€T
On Sat, Sep 23, 2023 at 09:15:30AM +0200, Peter J. Philipp wrote:
> On Mon, Sep 18, 2023 at 02:37:50PM +0200, Peter J. Philipp wrote:
> > Hi,
> >
> > I've been working a little bit on making OpenBSD run on Mango Pi, I haven't
> > succeeded yet, but I think we're close. My patches are here:
> >
>
On Mon, Sep 18, 2023 at 02:37:50PM +0200, Peter J. Philipp wrote:
> Hi,
>
> I've been working a little bit on making OpenBSD run on Mango Pi, I haven't
> succeeded yet, but I think we're close. My patches are here:
>
> https://github.com/pbug44/openbsd-src/tree/MANGOPI
Just a status report, I g
Hi,
I've been working a little bit on making OpenBSD run on Mango Pi, I haven't
succeeded yet, but I think we're close. My patches are here:
https://github.com/pbug44/openbsd-src/tree/MANGOPI
it's a forked version of OpenBSD src with a "MANGOPI" branch. I used to
send patches around to several
Hi,
in the meantime i have built a custom kernel with XHCI_DEBUG and UHUB_DEBUG
enabled, below the produced dmesg while i have attached and detached a USB2
device and the port freaks out:
Excerpt of the interesting part as i have attached the device:
xhci0: port=1 change=0x02
uhub0: intr
Hi,
i quick update: i experience similar problems with FreeBSD 13.2, however the
port works OK under windows and Haiku.
It seems under OpenBSD and FreeBSD only USB3 devices works, all USB2 devices
(mass storage media, HID input devices, eg. mouse) gets the port disabled.
AFAIK USB2 devices
Hi,
i have bought a second hand Lenovo Thinkpad T480s and installed OpenBSD
7.3 on it using UEFI without CSM.
The most important features of the laptop works ok, except the left
hand USB A port.The dmesg says:
uhub0: device problem, disabling port 1
While i found many similar reports, their
Thanks for that...
Ill setup a test system so ... Thanks
On Thu, 13 Apr 2023 at 07:33, Stuart Henderson
wrote:
>
> On 2023-04-12, Tom Smyth wrote:
> > does anyone have experience on running coverity on OpenBSD ...
> > Im trying to scan a port im maintaining at the minute...
On 2023-04-12, Tom Smyth wrote:
> does anyone have experience on running coverity on OpenBSD ...
> Im trying to scan a port im maintaining at the minute...
> there does not seem to be binaries for coverity for OpenBSD
I don't think you can - afaik those scans are normally done on linux.
Folks,
does anyone have experience on running coverity on OpenBSD ...
Im trying to scan a port im maintaining at the minute...
there does not seem to be binaries for coverity for OpenBSD
Tjanks
--
Kindest regards,
Tom Smyth.
Stuart Henderson :
> Do you have the correct directory?
>
> The user's home directory is appended to ChrootDirectory. e.g. in your example
> something like /home/of/the/hackers/home/myftpuser.
Super good, now I'm also chrooted..
Thanks a lot, Stuart!
-- Daniele Bonini
On 2023-03-09, Daniele Bonini wrote:
> I configured sshd to chroot ftp requests in this way:
>
> Match User myftpuser
> ChrootDirectory /home/of/the/hackers
> ForceCommand internal-sftp
>
> giving the proper permissions to the destination dir, etc.
> as from Peter doc too.
Do you have the
> let's remain on sftp topic..
I finally managed to receive the proper answers from my hosting
that permitted me change sshd port successfully.
On the other hand I came across some Linoox doc about how-to produce
a chroot ssh environment to make the sshd_config settings meaningful and
On Thu, 9 Mar 2023 13:13:40 +0100
"Peter N. M. Hansteen" wrote:
> Further to the "why would you want to?" issue, I offer this from the
> Hail Mary Cloud cycle:
> https://bsdly.blogspot.com/2013/02/theres-no-protection-in-high-ports.html
About the only benefit is th
Here I am with one more trouble..
(I'm still waiting proper reply from the hosting for the change of
sshd port and the related consequences to the VPS console but let's
remain on sftp topic..)
I configured sshd to chroot ftp requests in this way:
Match User myftpuser
Chroo
Peter N. M. Hansteen :
>
> That little guide I posted a link to has a section about setting up
> a separate set of users for sftp
Thank you for your answers and the doc too, Peter.
While I'm reading you I'm trying to grasp from my hosting what are they
enforcing
under their gui layer to understa
On Thu, Mar 09, 2023 at 01:31:47PM +0100, Daniele Bonini wrote:
>
> > change it to any number you want.
>
> VPS here come in a nice package with a default web console over ssh.
>
> An other one: if I try to nobody the user default shell
> I'm out of any luck to be able to connect.
That little g
cor...@free.fr wrote:
>
> Since sftp uses ssh port, you can just change the port for sshd.
> in sshd_config:
>
> Port 22
>
> change it to any number you want.
VPS here come in a nice package with a default web console over ssh.
An other one: if I try to nobody the user
On Thu, Mar 09, 2023 at 12:47:14PM +0100, Daniele Bonini wrote:
>
> I'm wondering if there is any chance to change the default
> listening port for sftp-server.
>
> NB: I'm using it on my Linoox VPS but I see from the man
> a given OpenBSD 2.8 port origin.
it is i
On 09/03/2023 19:47, Daniele Bonini wrote:
Hello,
I'm wondering if there is any chance to change the default
listening port for sftp-server.
NB: I'm using it on my Linoox VPS but I see from the man
a given OpenBSD 2.8 port origin.
Thanks, appreciated!
-- Daniele Bonini
Since
Hello,
I'm wondering if there is any chance to change the default
listening port for sftp-server.
NB: I'm using it on my Linoox VPS but I see from the man
a given OpenBSD 2.8 port origin.
Thanks, appreciated!
-- Daniele Bonini
On 1/6/23 13:42, Alexandre Ratchov wrote:
could you post the output of dmesg (at least the midi-related lines).
I haven't been able to find any. I should add that this is a fresh
install of OpenBSD 7.2. For thoroughness, The entire dmesg is available
Here:
https://pastebin.com/McSXuvu9
with AMD Ryzen 5 4600G
and Radeon Graphics.
Error messages:
$ midicat -d -q midi/0 -q midithru/0
midi/0: couldn't open port
$ midicat -d -q midi/1 -q midithru/0
midi/1: couldn't open port
according to your dmesg (other mail), you don't any MIDI ports on your
machine.
Relevant
yzen 5 4600G
> and Radeon Graphics.
>
> Error messages:
> $ midicat -d -q midi/0 -q midithru/0
> midi/0: couldn't open port
> $ midicat -d -q midi/1 -q midithru/0
> midi/1: couldn't open port
>
according to your dmesg (other mail), you don't any MIDI ports on
yzen 5 4600G
> and Radeon Graphics.
>
> Error messages:
> $ midicat -d -q midi/0 -q midithru/0
> midi/0: couldn't open port
> $ midicat -d -q midi/1 -q midithru/0
> midi/1: couldn't open port
>
could you post the output of dmesg (at least the midi-related lines).
&
/0: couldn't open port
$ midicat -d -q midi/1 -q midithru/0
midi/1: couldn't open port
Relevant output:
$ dmesg ...
uaudio0: sync play xfer, err = 6
uaudio0: sync play xfer, err = 6
uaudio0: sync play xfer, err = 6
ugen2 at uhub2 port 2 "Roland A-PRO" rev 1.10/1.20 addr 3
$ ca
gularly attempts these connections to
udp port 0.
Any ideas about why this would occur?
Thank you,
Chris
On 2022-08-29 05:50, Stuart Henderson wrote:
On 2022-08-29, George wrote:
I am wish to run multiple site from the same IP and use different TLS
certs for each.
..
Problem is I get the certificate for the first declared
server each time unless I change the IP or port.
How are you testing
On 2022-08-29, George wrote:
> I am wish to run multiple site from the same IP and use different TLS
> certs for each.
..
> Problem is I get the certificate for the first declared
> server each time unless I change the IP or port.
How are you testing? If you're using openssl
On Sun, Aug 28, 2022 at 09:45:00PM -0400, George wrote:
> Hi guys,
> I am wish to run multiple site from the same IP and use different TLS certs
> for each.
> Example:
> server "example01.com" {
> listen on 1.2.3.4 port 80
> listen on 1.2.3.4 tls port 443
>
Hi guys,
I am wish to run multiple site from the same IP and use different TLS
certs for each.
Example:
server "example01.com" {
listen on 1.2.3.4 port 80
listen on 1.2.3.4 tls port 443
tls {
certificate "example01.com.fullchain.pem"
key "example01
On 2022-07-30, Mik J wrote:
> Hello Omar,
> Thank you for your answer.What am I supposed to do if the software has no
> Makefile
> If I want it to be installed manually, I need to type something like rake30
> build:agent
> Am I supposed to deconstruct the initial installer that is provided in t
Mik J wrote:
> Hello,
> I'm trying to make a port
> This program has dependencies with Go to name one.
> How should I indicate this dependency in the Makefile ?
for some big stuff like go, python etc the right way is often just
include the correct module
MODUL
Marc Espie writes:
> have DISTFILES be empty, put your sources under FILESDIR
> and a bit of glue to ln/mv them into WRKDIR since you got to have a WRKDIR
> for ports.
That was hinted at by a few people, and it's working like a champ!
--lyndon
es before
> pushing them to our internal distribution server.
>
> I would really like to take advantage of to automate
> as much of the packing process as I can. The problem is that port
> builds assume you're obtaining the program source from external
> distribution files, wher
Take a look at the Makefile for the sysutils/cpuid port, which has just one
C file included in the ports source tree itself.
Philip Guenther
On Wed, Jun 29, 2022 at 3:53 PM Lyndon Nerenberg (VE7TFX/VE6BBM) <
lyn...@orthanc.ca> wrote:
> We have a number of in-house utilities that we pu
automate
as much of the packing process as I can. The problem is that port
builds assume you're obtaining the program source from external
distribution files, whereas I want to build right out of the port
directory itself, i.e. have the program source live under
/usr/ports/foo/bar/src/.
Has a
e" coming in from separate home broadband connections or
> whatever, but it quickly breaks down for any larger cases than that.
> It is rather uncommon for UDP services to make demands of the source
> port and for them to have expectations about the ports, so when this
> happens I th
On Mon, May 16, 2022 at 6:23 AM Philipp Buehler
wrote:
> Back in the days outgoing (tcp) connections had predictable port
> numbers,
> sequence numbers, time based stamps of kinds and so on. This did change
> like "let's random all the things" and this was not only aga
...on 2022-05-16 17:57:06, Stuart Henderson wrote:
> On 2022-05-16, Alexander Bochmann wrote:
> > I seem to remember firewall rules that allowed only udp/53 as _source_
> > port
> > for DNS traffic.
> Such rules often existed to cover replies, before the days
>
o remember firewall rules that allowed only udp/53 as _source_ port
> for DNS traffic.
>
> Might have been more than 20 years ago.
Such rules often existed to cover replies, before the days
of stateful firewalls.
Hi,
...on 2022-05-16 13:23:31, Philipp Buehler wrote:
> I cannot recall many applications from 20y ago that have been very keen
> on sending from certain ports (besides IKE already mentioned by JJ).
I seem to remember firewall rules that allowed only udp/53 as _source_ port
for DNS t
Elias Carter wrote:
> I have found that preserving the source port if possible works better
> out of the box when hosting publicly accessable UDP applications
> within a private network.
Preserving the source port also works better for attacking services...
I don't see anything s
Am 16.05.2022 10:20 schrieb Elias Carter:
One possible advantage of randomizing source ports is that it helps
prevent fingerprinting of the devices behind the NAT? Are there any
other reasons?
Back in the days outgoing (tcp) connections had predictable port
numbers,
sequence numbers, time
Den mån 16 maj 2022 kl 10:35 skrev Elias Carter :
> OpenBSD/PF defaults to randomizing the source port whereas
> Linux/IPTables defaults to trying to keep the source port.
>
> I have found that preserving the source port if possible works better
> out of the box when hosting publ
In PF the default behaviour of `nat-to` is to overwrite the source
port of the outgoing packet with a random unused port number. You can
specify `static-port` to preserve the source port number.
In IPTables the default behaviour of the MASQUERADE and SNAT policies
is to try and preserve the
which doesn't accept v4
+connections on OpenBSD. Change this to "AnyIPv4".
+
+Index: src/base/bittorrent/tracker.cpp
+--- src/base/bittorrent/tracker.cpp.orig
src/base/bittorrent/tracker.cpp
+@@ -199,7 +199,7 @@ Tracker::Tracker(QObject *parent)
+
+ bool Tracker::start()
+ {
+
On 2022-04-13, wrote:
> I have had 2 issues with `qbittorrent-nox`, both are OpenBSD-specific
> and IMHO it would be appropriate if README described them.
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/qbittorrent/qbittorrent-nox/pkg/README?rev=1.3&content-type=text/x-cvsweb-markup
>
> I em
I have had 2 issues with `qbittorrent-nox`, both are OpenBSD-specific
and IMHO it would be appropriate if README described them.
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/qbittorrent/qbittorrent-nox/pkg/README?rev=1.3&content-type=text/x-cvsweb-markup
I emailed Elias M. Mariani (package m
On Thu, Jan 06, 2022 at 03:39:00PM -0500, Sean McBride wrote:
> I don't actually want to use OpenSMTPD, I was just using it as a way to test
> my experimental pf rules. I'l try to find some other way to test them.
netcat
# man nc
On 5 Jan 2022, at 11:40, Crystal Kolipe wrote:
> Have you actually changed the default /etc/mail/smtpd.conf to listen for
> external connections?
No.
> By default it only listens on the loopback interface, (and local socket).
Ah. That probably explains that then. I don't actually want to use
On Wed, Jan 05, 2022 at 11:03:02AM -0500, Sean McBride wrote:
> pass in log quick on egress proto tcp to any port smtp
> If on the OpenBSD system itself I do `telnet
> localhost 25` I see the built-in OpenSTMPD. But if I telnet from another
> machine on my LAN, I fail to connect. Sh
d to the beginning of
> /etc/pf.conf the following:
>
> pass in log quick on egress proto tcp to any port smtp
>
> then rebooted (for luck). If on the OpenBSD system itself I do `telnet
> localhost 25` I see the built-in OpenSTMPD. But if I telnet from
> another machine on my
Hi all,
(Newbie and first time poster, please be gentle :))
I'm trying to set up spamd, and I think I'm having trouble with pf. So
I tried to add a very basic test rule. I added to the beginning of
/etc/pf.conf the following:
pass in log quick on egress proto tcp to any port
On Fri, Dec 10, 2021, Michael Hekeler wrote:
> Am 10.12.21 08:49 schrieb Claus Assmann:
> > I am trying to run an SMTP server on a dynamic IP address
> Running a smtp server on dynamic IP is just asking for troubles.
That's why I want to run the server behind a static IP -- as my
mail explained..
Am 10.12.21 08:49 schrieb Claus Assmann:
> I am trying to run an SMTP server on a dynamic IP address
Running a smtp server on dynamic IP is just asking for troubles.
On Fri, Dec 10, 2021 at 08:49:08AM +, Claus Assmann wrote:
> I am trying to run an SMTP server on a dynamic IP address
> (and maybe other services later on, e.g., DNS or HTTP)
We recently published a comprehensive guide for running inbound and outbound
SMTP from a dynamic IP via an IPSEC tunne
ffic via a host (STATIC) which
>>has a static IP address to/from the host (DYNAMIC) with the dynamic IP
>>address.
> I'd run full tunnel VPN on STATIC, and connect to it from DYNAMIC. Then,
> entire traffic from DYNAMIC goes via STATIC, and you can DNAT any port you
&g
o/from the host (DYNAMIC) with the dynamic IP
>address.
>
>To route the port incoming it seems I can use:
>DYNAMIC$ ssh -o ExitOnForwardFailure=yes -N -R 25:localhost:25 STATIC
>
>This also has the advantage that the routing is only active
>as long as DYNAMIC is up and running w
I am trying to run an SMTP server on a dynamic IP address
(and maybe other services later on, e.g., DNS or HTTP)
For this, I would like to redirect traffic via a host (STATIC) which
has a static IP address to/from the host (DYNAMIC) with the dynamic IP
address.
To route the port incoming it
I am led to believe that source-track is not really the best
idea if you want good performance out of PF).
Probably the best way to hide which ports are really open on a machine is to
answer connections on *every* port, which could be done with "pass in on
proto tcp to self synproxy state", it's definitely a bodge though!
On Sun, Oct 10, 2021 at 02:48:04PM +0300, Barbaros Bilek wrote:
> Hello Peter,
>
> I think you suggest me some work around like max-src-conn-rate, right?
I would think both the rate and the number of simultaneous connections could be
relevant here, yes.
- Peter
--
Peter N. M. Hansteen, member
Hello Peter,
I think you suggest me some work around like max-src-conn-rate, right?
On Sat, Oct 9, 2021 at 5:07 PM Peter Nicolai Mathias Hansteen <
pe...@bsdly.net> wrote:
>
>
> > 7. okt. 2021 kl. 15:58 skrev Barbaros Bilek :
> >
> > Hello misc,
> >
>
Hi Stuart,
I have 'block log all' as a rule and yes i have several ports that are open.
I was told to take precautions against port scanning. I'm trying to achieve
that too. :/
On Sat, Oct 9, 2021 at 4:13 PM Stuart Henderson
wrote:
> On 2021-10-07, Barbaros Bilek wro
> 7. okt. 2021 kl. 15:58 skrev Barbaros Bilek :
>
> Hello misc,
>
> I try to block port scanning attempts with OpenBSD 6.9/amd64 + PF.
> At the top of my pf.conf i've added these lines but it didn't work.
>
> block in quick proto tcp all flags SF/SFRA label b
1 - 100 of 1749 matches
Mail list logo
