Re: Beefier alternative to soekris 4801 for openbsd router?

Somewhat O/T, but the old HP Proliant servers had pretty good Serial consoles (obsoleted now by iLo / RILO). iLo and RILO simply rock. Diana Eichert wrote: On Wed, 11 May 2005, Mark Uemura wrote: Any other recommendations? Here's another alternative that you may want to look into. http://www.com

Re: Mail Server Architecture

This is a very dangerous approach to take, relying solely on the final mail reader's client to correctly handle malicious messages. Dangerous is a fact of life, dealing with Windows workstations. I'd rather deal with a client mishandling a malicious message than have my MTA rooted because I d

Re: Mail Server Architecture

> After mulling over the idea of having a virus/spam filter on an MTA, I > believe that the best solution is to use an enterprise anti-virus > program like Norton Anti-Virus and an email client that supports > Bayesian spam filtering. The setup should be where the anti-virus > server downloads the

Re: tuning systrace policy for expect

Ok, its at http://82.129.235.194/systrace_expect.txt On 5/10/05, Ray <[EMAIL PROTECTED]> wrote: > On Tue, May 10, 2005 at 10:59:40AM +0200, Kim Onnel wrote: > > I've tried to auto generate with systrace -A and tune according to > > errors, and this is what i have : > > Can you attach the systrace

Re: Mail Server Architecture

Smith wrote: I've been playing with OpenBSD for around 5 years. I vaguelly recall only one security alert for sendmail in all that time (I could be wrong on this). I also vaguelly recall postfix having a couple of security alerts within the last couple of weeks (I could be wrong on this). And

Re: Mail Server Architecture

Smith wrote: alerts. If sendmail has a security alert and OpenBSD is vulnerable, OpenBSD will let me know pretty quickly. I don't need to keep track of sendmail alerts, just OpenBSD's. PS - Maybe someone can teach you mail 101. It's never a good idea to have a CNAME to be the MX. confuciun.co

Re: Mail Server Architecture

Here are my $.02, YMMV. 1) Security should always be layered (belt & suspenders / whatever). 2) If the site is large enough to warrant the expense, I don't run anything on the firewall other than NAT, packet filtering, and IPSec. 3) HTTP Proxies (both ways), smtp proxies, web servers, etc., all go

Re: sshd and port 22 [SOLVED]

I appreciate for your replies! It was a problem with the machine (a LINUX box!) I was initiating ssh! A firewall was running in the background and didn't realize! Thanks a lot for your time and support On Tuesday 10 May 2005 21:34, Jordan Klein wrote: > Take a look at your /etc/ssh/sshd_config

Re: Beefier alternative to soekris 4801 for openbsd router?

> I purchased the Commell board in a case designed for it, there is an > access panel for the CF socket. The PCI slot becomes unusable in the > case. The board I purchased also uses the Intel NIC's for 3/100M & 1/1G > NICs. We purchased these to evaluate using the bozes with OpenBSD PF and > pff

PF on openbsd 3.7

Hi all, I have problem with openbsd 3.7. Here was my method when doing cvs. cvs -d [EMAIL PROTECTED]:/cvs -q up -rOPENBSD_3_7 -P src Here was my problem. # pfctl -sa pfctl: DIOCGETRULES: Permission denied pfctl: DIOCGETRULES: Permission denied No queue in use pfctl: DIOCGETSTATUS: Permission den

PF on openbsd 3.7

Hi all, I have problem with openbsd 3.7. Here was my method when doing cvs. cvs -d [EMAIL PROTECTED]:/cvs -q up -rOPENBSD_3_7 -P src Here was my problem. # pfctl -sa pfctl: DIOCGETRULES: Permission denied pfctl: DIOCGETRULES: Permission denied No queue in use pfctl: DIOCGETSTATUS: Permission den

mm bug in openbsd?

http://www.cppsecurity.com/memory_vulns_delalleau.pdf page 33

Re: mm bug in openbsd?

Hello! On Wed, May 11, 2005 at 12:54:13PM +0200, OwenBSD wrote: >http://www.cppsecurity.com/memory_vulns_delalleau.pdf >page 33 from http://www.openbsd.org/cgi-bin/cvsweb/src/sys/uvm/uvm_mmap.c : Revision 1.55 / (download) - annotate - [select for diffs] , Sat Jan 15 : 06:54:51 2005 UTC (3 mont

Re: Beefier alternative to soekris 4801 for openbsd router?

On Tue, 10 May 2005, Erik Carlseen wrote: > Somewhat O/T, but the old HP Proliant servers had pretty good Serial > consoles (obsoleted now by iLo / RILO). iLo and RILO simply rock. yep, I have some iLo/RILO HP systems, however the cost of iLo/RILO either matches or exceeds the cost of the low-en

Re: mm bug in openbsd?

> I.e. fixed in 3.7 and current. > > Kind regards, > > Hannah. ...and where is the advistory? errata? fix for 3.5 / 3.6? :)

Re: Mail Server Architecture

On Wed, 11 May 2005 02:23:43 -0400, Bruno Delbono <[EMAIL PROTECTED]> wrote: >Smith wrote: >> alerts. If sendmail has a security alert and OpenBSD is vulnerable, >> OpenBSD will let me know pretty quickly. I don't need to keep track of >> sendmail alerts, just OpenBSD's. > >PS - Maybe someone

Re: Beefier alternative to soekris 4801 for openbsd router?

Well a Rilo card is basically a small computer. Even has a Mac (motorola) processor and runs embedded linux > -Original Message- > From: Diana Eichert [mailto:[EMAIL PROTECTED] > Sent: 11 May 2005 02:35 PM > To: misc@openbsd.org > Subject: Re: Beefier alternative to soekris 4801 for o

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, 11 May 2005, Mark Uemura wrote: SNIP > I'm now waiting on some ral mini-pci wireless cards that I've ordered > via [EMAIL PROTECTED] Once I pop these babies into my commell boxes, I'll be > happier > than a pig in a manure pile ;) In fact, the only thing cooler than these > boxes that I'

Re: tuning systrace policy for expect

On Wed, May 11, 2005 at 10:58:47AM +0200, Kim Onnel wrote: > On 5/10/05, Ray <[EMAIL PROTECTED]> wrote: > > On Tue, May 10, 2005 at 10:59:40AM +0200, Kim Onnel wrote: > > > I've tried to auto generate with systrace -A and tune according to > > > errors, and this is what i have : > > > > Can you at

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, 11 May 2005, Marius Van Deventer - Umzimkulu wrote: > Well a Rilo card is basically a small computer. Even has a Mac > (motorola) processor and runs embedded linux duh, that was the point I was making, but I'm glad you helped spell it out.

Re: Mail Server Architecture

On May 11, 2005, at 8:38 AM, J.C. Roberts wrote: On Wed, 11 May 2005 02:23:43 -0400, Bruno Delbono <[EMAIL PROTECTED]> wrote: Smith wrote: alerts. If sendmail has a security alert and OpenBSD is vulnerable, OpenBSD will let me know pretty quickly. I don't need to keep track of sendmail alerts, j

Re: Mail Server Architecture

On Wed, May 11, 2005 at 05:38:09AM -0700, J.C. Roberts wrote: > On Wed, 11 May 2005 02:23:43 -0400, Bruno Delbono > <[EMAIL PROTECTED]> wrote: > > >Smith wrote: > >> alerts. If sendmail has a security alert and OpenBSD is vulnerable, > >> OpenBSD will let me know pretty quickly. I don't need to

Re: Mail Server Architecture

From: "J.C. Roberts" <[EMAIL PROTECTED]> PS - Maybe someone can teach you mail 101. It's never a good idea to have a CNAME to be the MX. confuciun.com. 497 IN MX 10 mail.confuciun.com. mail.confuciun.com. 600 IN CNAME confuciun.com. Though the answer is suppos

Re: Mail Server Architecture

On Wed, 2005-05-11 at 02:17:51 -0400, Bruno Delbono proclaimed... > You've got to be kidding me. Such moronic OpenBSD zealtory with no real > world arguments to back it up? What "enterprise" runs OpenBSD sendmail > as it's main MTA. If you're an enterprise, you'd be running something > Ironmail

Re: [Systrace] tuning systrace policy for expect

On Tue, May 10, 2005 at 10:59:40AM +0200, Kim Onnel wrote: > native-fsread: filename eq "/home" permit This line should be: native-fsread: filename eq "/home" then permit Because this line failed, all lines below that are ignored, causing systrace to deny system calls such as issetugid,

Re: mm bug in openbsd?

Hello! On Wed, May 11, 2005 at 02:26:51PM +0200, OwenBSD wrote: >> I.e. fixed in 3.7 and current. >...and where is the advistory? errata? fix for 3.5 / 3.6? :) I'm not Ms. OpenBSD. I guess actual exploitation isn't that imminent. But OTOH I'd guess that the diff could be easily backported, so fe

Re: some questions about OpenBSDs future plans

On Mon, 2005-05-09 at 18:13 +0200, Henning Brauer wrote: > exim: dunno license currently, Debian uses exim as the MTA by default, so it's almost certainly free enough to stick in gnu/. > but awkward 80s design, poor implementation, just plain sucks At the risk of starting a flamewar, people say

problem booting amd64 w/ 3.6

Hi, I've got two boxen with essentially the same stuff except: one has IDE, the other has SCSI (LSI 1030 controller, apparently). The IDE box runs fine, but the other doesn't even install. It crashes after most of dmesg with this error message: uvm_fault(0x80890500, 0x1, 0, 1) -> e fa

Re: Mail Server Architecture

On 11-May-05, at 4:20 AM, Smith wrote: This is a very dangerous approach to take, relying solely on the final mail reader's client to correctly handle malicious messages. Dangerous is a fact of life, dealing with Windows workstations. I'd rather deal with a client mishandling a malicious messag

File system mirroring for SMTP/POP Servers

Hi, I am seeking for a solution for having several SMTP/POP servers on different network locations, the problem is the following, we actually have one SMTP/POP server with MX backup to another server, ok this solution is ok for some scenarios but when the main SMTP/POP server goes down (it does

Re: problem booting amd64 w/ 3.6

On 5/11/05, Toni Mueller <[EMAIL PROTECTED]> wrote: > It crashes after most of dmesg with this error message: > > uvm_fault(0x80890500, 0x1, 0, 1) -> e > fatal page fault in supervisor mode > trap type 6 code 0 rip 802003fc cs8 rflags 10297 cr2 1 cpl7 rsp > 808bbdb

Re: mm bug in openbsd?

On Wednesday 11 May 2005 12:29, Hannah Schroeter wrote: > Hello! > > On Wed, May 11, 2005 at 02:26:51PM +0200, OwenBSD wrote: > >> I.e. fixed in 3.7 and current. > > > >...and where is the advistory? errata? fix for 3.5 / 3.6? :) > > I'm not Ms. OpenBSD. I guess actual exploitation isn't that immin

Re: File system mirroring for SMTP/POP Servers

On 5/11/05, Mario Lopez <[EMAIL PROTECTED]> wrote: > I am seeking for a solution for having several SMTP/POP servers on > different network locations, the problem is the following, we actually have > one SMTP/POP server with MX backup to another server, ok this solution is > ok for some scenarios b

=?ISO-2022-JP?B?lqKPs5H4jUyNkIGmgUCBn43FkFZEVkSP7pXxgUmBn5GXl7+Ws5e/g1qBW4OLgUmBd5dMlryPl5dEg1aDioFbg1lWT0wuMoF4gZ8=?=

[EMAIL PROTECTED] [EMAIL PROTECTED] (B
jI (BI (BsMp[7ij (BM;L|[EMAIL PROTECTED] (B`5-M (BHP py
[Whttp://www.freewebs.com/outdvd98z/\E (B
\L (B[EMAIL PROTECTED]://www.freewebs.com/hyojidvd98x/ (B--

Re: mm bug in openbsd?

I.e. fixed in 3.7 and current. ...and where is the advistory? errata? fix for 3.5 / 3.6? :) I'm not Ms. OpenBSD. I guess actual exploitation isn't that imminent. But OTOH I'd guess that the diff could be easily backported, so feel free to do it. But as Hannah said, you can always backport this you

Re: some questions about OpenBSDs future plans

What is the point of this discussion? Do you think it will lead to something changing? > On Mon, 2005-05-09 at 18:13 +0200, Henning Brauer wrote: > > exim: dunno license currently, > > Debian uses exim as the MTA by default, so it's almost certainly free > enough to stick in gnu/. > > > but awk

Re: some questions about OpenBSDs future plans

On 2005 May 11, at 9:32 AM, Shawn K. Quinn wrote: > On Mon, 2005-05-09 at 18:13 +0200, Henning Brauer wrote: >> exim: dunno license currently, > > Debian uses exim as the MTA by default, so it's almost certainly free > enough to stick in gnu/. Things are being removed from there. Nothing new will

OpenBSD 3.7 image for qemu on freeoszoo

Hello everybody! I just want to announce that I've just put online the OpenBSD 3.7 disk image for qemu. If you want to download it, http://www.freeoszoo.org Any comment is always appreciated. Thank you for this wonderful os. Stefano

Re: File system mirroring for SMTP/POP Servers

Hi Kevin, Maybe I am wrong but rsync is a syncronization utility that works in one direction, ok I could run it in both directions but I guess that this would only increment load on my servers, there is another problem I have being reading of, this servers are actually production servers where u

First Placement

Dear Customer, Be the very first listing in the top search engines immediately. Our company will now place any business with a qualified website permanently at the top of the major search engines guaranteed never to move (ex: Yahoo!, MSN, Alta Vista, etc.). This promotion includes unlimited

Re: File system mirroring for SMTP/POP Servers

Don't know what your budget / license contstraints are, but on the pricier side Lotus Domino Enterprise has excellent clustering capabilities with real-time replication and synchronization. Runs on Windows, Linux (i386, IBM zSeries and s/390, I've made it run on SLES 9 AMD64 but this is not of

Norton AntiVirus detected and quarantined a virus in a message you sent.

Recipient of the infected attachment: ZACH, First Storage Group\Mailbox Store (ZACH), CPC Returns/Inbox Subject of the message: Re: Your software One or more attachments were quarantined. Attachment application.pif was Quarantined for the following reasons: Virus [EMAIL PROTECTED] was foun

Broadcom 5704 in Proliant DL145 Supported?

We are looking at getting a pair of 1U Servers for a firewall configuration and the HP Proliant DL145 seems to fit the bill. My question is if the Broadcom 5704 Gigabit network adapters that come with these systems work well with 3.6? We also chose an HP NC1020 PCI Gigabit Server Adapter for a th

restore partitions

I would like to know if it is possible to continue restoring partitions after having restored the root partition. The FAQ mentions that the new root filesystem should be ready enough so you can reboot and continue restoring the rest of the filesystems in single user mode. I tried to restore wi

Re: some questions about OpenBSDs future plans

oooh debian does it, now there is a solid reason. gnu/ is being emptied not filled up. Why do people keep asking these same dumb questions though? Why in the world switch if there is something that is perfectly adequate? It is this bullshit switcheroo that always gets linux into trouble. On M

Re: Broadcom 5704 in Proliant DL145 Supported?

Mattias R. Lindgren wrote: We are looking at getting a pair of 1U Servers for a firewall configuration and the HP Proliant DL145 seems to fit the bill. My question is if the Broadcom 5704 Gigabit network adapters that come with these systems work well with 3.6? We also chose an HP NC1020 PCI Giga

Re: problem booting amd64 w/ 3.6

Hi, On Wed, 11.05.2005 at 19:14:21 +0200, Rogier Krieger <[EMAIL PROTECTED]> wrote: > On 5/11/05, Toni Mueller <[EMAIL PROTECTED]> wrote: > > It crashes after most of dmesg with this error message: > > > > uvm_fault(0x80890500, 0x1, 0, 1) -> e > > fatal page fault in supervisor mode >

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, 2005-05-11 at 19:53 +0900, Mark Uemura wrote: > > I purchased the Commell board in a case designed for it, there is an > > access panel for the CF socket. The PCI slot becomes unusable in the > > case. The board I purchased also uses the Intel NIC's for 3/100M & 1/1G > > NICs. We purchas

Re: PF on openbsd 3.7

On Wed, May 11, 2005 at 02:47:05AM -0700, :.:.: ikmal :.:.: wrote: > Hi all, > > I have problem with openbsd 3.7. > > Here was my method when doing cvs. > cvs -d [EMAIL PROTECTED]:/cvs -q up > -rOPENBSD_3_7 -P src > # dmesg > OpenBSD 3.7 (GENERIC) #0: Wed May 11 17:26:39 MYT 2005 > [EMAIL PR

HAPPY FEW COUPONS RABAIS !

No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.8 - Release Date: 10/05/05

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, 2005-05-11 at 19:53 +0900, Mark Uemura wrote: > > I purchased the Commell board in a case designed for it, there is an > > access panel for the CF socket. The PCI slot becomes unusable in the > > case. The board I purchased also uses the Intel NIC's for 3/100M & 1/1G > > NICs. We purchas

Re: File system mirroring for SMTP/POP Servers

I'm sorry I didn't mention it earlier, we use NetQMAIL + VPOPMAIL + mysql centralized auth. Don't know what your budget / license contstraints are, but on the pricier side Lotus Domino Enterprise has excellent clustering capabilities with real-time replication and synchronization. Runs on Wind

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, 11 May 2005, Ryan Corder wrote: SNIP > Mark, > > I was wondering where you purchased your Commel board/box from? Did > you get it straight from Commel or are they a purely OEM shop and you > have to get it via a third party? I noticed order numbers on their > page, but no where to actu

Re: problem booting amd64 w/ 3.6

On Wed, May 11, 2005 at 10:53:19PM +0200, Toni Mueller wrote: > On Wed, 11.05.2005 at 19:14:21 +0200, Rogier Krieger <[EMAIL PROTECTED]> > wrote: > > On 5/11/05, Toni Mueller <[EMAIL PROTECTED]> wrote: > > > > > > uvm_fault(0x80890500, 0x1, 0, 1) -> e > > > fatal page fault in supervi

Re: Broadcom 5704 in Proliant DL145 Supported?

Good Day! On Wed, May 11, 2005 at 04:55:51PM -0400, Daniel Ouellet wrote: > The one I have still doesn't work, even with 3.7 What were the bge problems you experienced? > I put an Intel card in for that. > > I disable it in the BIOS, but as far as the rest of it is concern, t

Re: some questions about OpenBSDs future plans

On Wed, 2005-05-11 at 10:49 -0600, Theo de Raadt wrote: > What is the point of this discussion? > > Do you think it will lead to something changing? If you're asking me: I was just adding to and clarifying what Henning wrote based on what I knew. If you're asking Sascha: you should have replied

Re: File system mirroring for SMTP/POP Servers

--On 11 May 2005 19:10 +0200, Mario Lopez wrote: I am seeking for a solution for having several SMTP/POP servers on different network locations, the problem is the following, we actually have one SMTP/POP server with MX backup to another server, ok this solution is ok for some scenarios but when th

Re: Zaurus 3000, openbsd and cellular telephone

Hi. In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: > hi, > i want to buy a Zaurus CL-3000 with OpenBSD. ^^^ SL-C3000 ? > it's posssible to connect a Cellular Telephone for internet access ??? > > USB ? Bluetooth? At least umodem(4) driver works well on m

Re: Broadcom 5704 in Proliant DL145 Supported?

The one I have still doesn't work, even with 3.7 What were the bge problems you experienced? It is not even seen by the boot sequence at all on my case. I didn't spend a lots of time playing with BIOS setup to much as i needed to upgrade the box from 3.6. So, I try really quick, didn't work,

Re: Zaurus 3000, openbsd and cellular telephone

* Yasuhito FUTATSUKI <[EMAIL PROTECTED]> [2005-05-12 02:33]: > > it's posssible to connect a Cellular Telephone for internet access ??? [on zaurus] > > USB ? > I have no idea what brands are available around you, but I beleive > some of Cellular Phone USB cables/adaptors work on other archs > (an

Re: Mail Server Architecture

>Wow! Such stupid arguments and remarks with statements >such as "I could be wrong on this". A couple of security >alets with postfix in the past few weeks? Make sure you >know wtf you're talking about before you put your foot >in your mouth. It was late at night, I wrote the email off the top of m

/etc/skel/.profile export PATH HOME TERM

A minor, even trivial, perhaps pointless issue---but I'm curious: /etc/skel/.profile includes the line export PATH HOME TERM This appears to be unnecessary; login(1) places all three into the environment. Simple testing with ksh and sh reveal no changes resulting from the removal of this line.

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, May 11, 2005 at 08:30:23AM -0500, Daniel Hamlin wrote: > Have you done any throughput testing on the Commell? I'm considering > using it as a firewall/router for a 45Mb connection. As you can see from the trivial test below, I'm able to get 80+ Mb/s through the Commell firewall. However

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, May 11, 2005 at 04:05:22PM -0500, Ryan Corder wrote: > I was wondering where you purchased your Commel board/box from? Did > you get it straight from Commel or are they a purely OEM shop and you > have to get it via a third party? I noticed order numbers on their > page, but no where

Binat roaming vpn clients

Hi all, The situation is as follows: I've setup isakmp for roaming clients vpn access with only shared secret authentication. Roaming users use the windows ipsec client to connect, which works fine.(albeit with some manual intervention when local ip changes but still it works.) Now the thing is

some info

A person I work with knowingly used falsified information about a degree he did not earn or have to obtain his green-card. He is T.A. Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html

Re: Beefier alternative to soekris 4801 for openbsd router?

On Wed, May 11, 2005 at 12:29:12PM -0400, Constantine A. Murenin wrote: > Doing some flirting with Diana on a public mailing list? :-) I hope that it doesn't look that way as my wife and kids would be terribly disappointed ;) I'm just happy get some good advice :) Cheers, Mark T. Uemura Open