From george at sddi.net Wed Nov 1 08:30:44 2006 From: george at sddi.net (George R.) Date: Wed, 01 Nov 2006 08:30:44 -0500 Subject: [nycbug-talk] more NYCBSDCon Message-ID: <4548A184.7040608@sddi.net> Steve's pictures http://www.flickr.com/photos/skreuzer/ (no, i'm not pissed ;-) Someone had hit Craig's List. . . interesting: http://newyork.craigslist.org/eve/218231999.html g From skreuzer at f2o.org Wed Nov 1 10:21:24 2006 From: skreuzer at f2o.org (Steven Kreuzer) Date: Wed, 01 Nov 2006 10:21:24 -0500 Subject: [nycbug-talk] more NYCBSDCon In-Reply-To: <4548A184.7040608@sddi.net> References: <4548A184.7040608@sddi.net> Message-ID: <4548BB74.2050106@f2o.org> George R. wrote: > Steve's pictures > > http://www.flickr.com/photos/skreuzer/ > > (no, i'm not pissed ;-) Are you kidding me? That should be the photo for your Christmas cards. SK From okan at demirmen.com Wed Nov 1 10:23:54 2006 From: okan at demirmen.com (Okan Demirmen) Date: Wed, 1 Nov 2006 10:23:54 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061101035435.GG1658@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> Message-ID: <20061101152354.GN8113@clam.khaoz.org> On Tue 2006.10.31 at 22:54 -0500, George Georgalis wrote: > On Tue, Oct 31, 2006 at 09:21:24PM -0500, Okan Demirmen wrote: > >On Tue 2006.10.31 at 20:48 -0500, George Georgalis wrote: > >> does anyone using spamd (or greylist frontend) have trouble > >> delivering to verizon.net? > > > >spamd(8) has little to nothing to do with delivering mail. > > unless it blocks sender verification. spamd(8) doesn't do anything in this area. spamlogd(8) will watch pflog0 for smtp traffic that your box is speaking with and will add that host to it's whitelist. spamd(8) comes into play only in front of your MTA, being on the same host or in front. > >> 450 Requested mail action not taken-Try later:sv14pub.verizon.net > >> > >> what's your solution? or do they do that (perpetually) for anyone > >> not using a major ISP MX? > > > >you are obviously on the other side of greylisting. if you are having > >issues delivering after getting 450, then it is you who should look at > >your mail configuration. > > Can you be more specific? what's wrong with this? it's the only > response I or my mta gets. > > # dnsmx verizon.net > 0 relay.verizon.net > # telnet relay.verizon.net 25 > Trying 206.46.232.11... > Connected to relay.verizon.net. > Escape character is '^]'. > 220 sv27pub.verizon.net MailPass SMTP server v1.2.0 - 112105154401JY+PrW ready Tue, 31 Oct 2006 21:44:32 -0600 > helo galis.org > 250 sv27pub.verizon.net > mail from: > 450 Requested mail action not taken-Try later:sv27pub.verizon.net yes, smtp 450. well, as i mentioned before, you are being greylisted. there are a few smtp error codes that your mta will honor, so as to try again....which is exactly what the little message verizon decided to place in the message. > presumably they are checking envelope from for something (eg > expecting my mx to do something spamd is not doing), because when > I lie about envelope from, I get substantially improved results > > # telnet relay.verizon.net 25 > Trying 206.46.232.11... > Connected to relay.verizon.net. > Escape character is '^]'. > 220 sv22pub.verizon.net MailPass SMTP server v1.2.0 - 112105154401JY+PrW ready Tue, 31 Oct 2006 21:48:30 -0600 > helo galis.org > 250 sv22pub.verizon.net > mail from: > 250 Sender OK > rcpt to: > 550 4.2.1 mailbox temporarily disabled: nobody at verizon.net > quit > 221 2.3.0 Bye received. Goodbye. > Connection closed by foreign host. > > > So my question is, does anybody running spamd deliver to > verizon.net without providing a false envelope from? > What do you do? all depends on what other checks their mta is doing. maybe they don't greylist for *@gmail.com...who knows....who cares...just send mail using a non-broken mta. From lavalamp at spiritual-machines.org Wed Nov 1 10:49:44 2006 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Wed, 1 Nov 2006 10:49:44 -0500 (EST) Subject: [nycbug-talk] EuroBSDCon is coming up ! Message-ID: <20061101103727.U63561@arbitor.digitalfreaks.org> > I do not want to miss this occasion to make you aware of a different > event that is also taking in place in Italy at about the same time, but > with a slighty different focus: OpenCON 2006. For the record, I'll be taking my three-piece road show across the Atlantic to attend EuroBSDCON. I'd be interested in hooking up with anyone who may have been in New York. It's always good to see friendly faces. And of course, NetBSD buffs that can provide a table full of exotic systems! >:} l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From george at galis.org Wed Nov 1 11:55:43 2006 From: george at galis.org (George Georgalis) Date: Wed, 1 Nov 2006 11:55:43 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061101152354.GN8113@clam.khaoz.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> Message-ID: <20061101165543.GI1658@run.galis.org> On Wed, Nov 01, 2006 at 10:23:54AM -0500, Okan Demirmen wrote: >On Tue 2006.10.31 at 22:54 -0500, George Georgalis wrote: >> So my question is, does anybody running spamd deliver to >> verizon.net without providing a false envelope from? >> What do you do? > >all depends on what other checks their mta is doing. maybe they don't >greylist for *@gmail.com...who knows....who cares...just send mail using >a non-broken mta. who cares? why do you say I'm using a broken mta? // George -- George Georgalis, systems architect, administrator < From lavalamp at spiritual-machines.org Wed Nov 1 12:14:43 2006 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Wed, 1 Nov 2006 12:14:43 -0500 (EST) Subject: [nycbug-talk] more NYCBSDCon Message-ID: <20061101121241.C63561@arbitor.digitalfreaks.org> So where are all the photos? Someone was walking around with a massive digital camera. I'm looking for some to send to vendors and other pundits who may be interested in attending future events. I'll take them in raw format even. ~BAS l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From dan at langille.org Wed Nov 1 15:07:25 2006 From: dan at langille.org (Dan Langille) Date: Wed, 01 Nov 2006 15:07:25 -0500 Subject: [nycbug-talk] NYI to the rescue Message-ID: <4548B82D.14526.1B757FA2@dan.langille.org> For those that didn't notice, FreshPorts went offline yesterday at about 1pm EST. The story behind that is for another day. NYI came to the rescue and supplied me with a box. My thanks to Jose and James for their help. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From nikolai at fetissov.org Wed Nov 1 16:38:39 2006 From: nikolai at fetissov.org (nikolai) Date: Wed, 1 Nov 2006 16:38:39 -0500 (EST) Subject: [nycbug-talk] NYCBSDCon 2006 Audio In-Reply-To: <41567.63.66.6.15.1162219783.squirrel@www.geekisp.com> References: <41567.63.66.6.15.1162219783.squirrel@www.geekisp.com> Message-ID: <24791.63.66.6.15.1162417119.squirrel@www.geekisp.com> Folks, Dave Steinberg kindly helped me setup torrent for the Conference audio. The link to hit is: http://www.fetissov.org/public/nycbsdcon06/nycbsdcon06audio.tar.torrent -- Nikolai From lists at stringsutils.com Wed Nov 1 19:30:22 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Wed, 01 Nov 2006 19:30:22 -0500 Subject: [nycbug-talk] DSPAM (bayesian version) References: <45435FCE.20980.65D77CC@dan.langille.org> <1301C881-C100-4CF3-912A-41159642DCEC@2xlp.com> Message-ID: Jonathan writes: > dspam > content based spam filter > http://dspam.nuclearelephant.com/ > features a lot of neat stuff from CRM114 A side note on dspam.. Don't know if it has been fixed, but it was not working for me with PostgreSQL (tested around June 2006). This is the only program I have ever used that corrupted (more than once) a postgresql database. In theory the database should not allow.. whatever this program was doing.. but after my 3rd DB corruption.. I just gave up on this program. From lists at stringsutils.com Wed Nov 1 19:32:39 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Wed, 01 Nov 2006 19:32:39 -0500 Subject: [nycbug-talk] greylisting proxies? References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061007151820.GA22719@run.galis.org> <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> <20061007154733.GB22719@run.galis.org> <20061101013359.GE1658@run.galis.org> Message-ID: George Georgalis writes: >>/usr/local/etc/sqlgrey/clients_ip_whitelist.local >> >>Format is: >> #Comment >> #Comment > > where exactly can I download that file? You make it. From george at galis.org Wed Nov 1 19:53:57 2006 From: george at galis.org (George Georgalis) Date: Wed, 1 Nov 2006 19:53:57 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061007151820.GA22719@run.galis.org> <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> <20061007154733.GB22719@run.galis.org> <20061101013359.GE1658@run.galis.org> Message-ID: <20061102005357.GJ1658@run.galis.org> On Wed, Nov 01, 2006 at 07:32:39PM -0500, Francisco Reyes wrote: >George Georgalis writes: > >>>/usr/local/etc/sqlgrey/clients_ip_whitelist.local >>> >>>Format is: >>> #Comment >>> #Comment >> >>where exactly can I download that file? > >You make it. > so what you do is determine all the mx ip for the domain you accept and if thoes are the same host for their outgoing smtp then all is better. anyway, maybe this will help http://galis.org/script/cc2netblock.sh # cc2netblock.sh kr cn # # determines the netblocks delegated ro Korea and China. Every third day, or # once a week, from cron, should be often enough to run. -- George Georgalis, systems architect, administrator < From okan at demirmen.com Wed Nov 1 20:05:59 2006 From: okan at demirmen.com (Okan Demirmen) Date: Wed, 1 Nov 2006 20:05:59 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061101013359.GE1658@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061001180034.GC7339@run.galis.org> <20061007151820.GA22719@run.galis.org> <0E1C3430-DF3D-4A4A-B7F6-0F8658ACCE3F@2xlp.com> <20061007154733.GB22719@run.galis.org> <20061101013359.GE1658@run.galis.org> Message-ID: <20061102010559.GB8113@clam.khaoz.org> On Tue 2006.10.31 at 20:33 -0500, George Georgalis wrote: > On Sat, Oct 28, 2006 at 12:20:30AM -0400, Francisco Reyes wrote: > >George Georgalis writes: > > > >>>On Oct 7, 2006, at 11:18 AM, George Georgalis wrote: > >>> > >>>> if they support a white list of non-complient MTAs, where is it? > >... > >> I could generate IPs from the stuff, but exactly > > > >/usr/local/etc/sqlgrey/clients_ip_whitelist.local > > > >Format is: > > #Comment > > #Comment > > where exactly can I download that file? i'm not sure if you are being obstante or what, but it has been said twice now in this thread: 1) in the sqlgrey source, and 2) on greylisting.org. an mx versus a mail host that is sending you mail doesn't nessecarily have to be related - in fact, don't expect it. From okan at demirmen.com Wed Nov 1 20:06:03 2006 From: okan at demirmen.com (Okan Demirmen) Date: Wed, 1 Nov 2006 20:06:03 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061101165543.GI1658@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> <20061101165543.GI1658@run.galis.org> Message-ID: <20061102010603.GC8113@clam.khaoz.org> On Wed 2006.11.01 at 11:55 -0500, George Georgalis wrote: > On Wed, Nov 01, 2006 at 10:23:54AM -0500, Okan Demirmen wrote: > >On Tue 2006.10.31 at 22:54 -0500, George Georgalis wrote: > >> So my question is, does anybody running spamd deliver to > >> verizon.net without providing a false envelope from? > >> What do you do? > > > >all depends on what other checks their mta is doing. maybe they don't > >greylist for *@gmail.com...who knows....who cares...just send mail using > >a non-broken mta. > > who cares? > > why do you say I'm using a broken mta? can you go back and read this thread please? then read about smtp codes, then review 4xx codes again. if your mta can't deal, then it is broken, or the configuration is severely broken. From spork at bway.net Wed Nov 1 22:22:20 2006 From: spork at bway.net (Charles Sprickman) Date: Wed, 1 Nov 2006 22:22:20 -0500 (EST) Subject: [nycbug-talk] BSD is Dying Message-ID: Someone put a little video of Jason Dixon's presentation up: http://video.google.com/videoplay?docid=7833143728685685343&hl=en C From george at galis.org Thu Nov 2 01:44:27 2006 From: george at galis.org (George Georgalis) Date: Thu, 2 Nov 2006 01:44:27 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061102010603.GC8113@clam.khaoz.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> <20061101165543.GI1658@run.galis.org> <20061102010603.GC8113@clam.khaoz.org> Message-ID: <20061102064427.GL1658@run.galis.org> On Wed, Nov 01, 2006 at 08:06:03PM -0500, Okan Demirmen wrote: >On Wed 2006.11.01 at 11:55 -0500, George Georgalis wrote: >> On Wed, Nov 01, 2006 at 10:23:54AM -0500, Okan Demirmen wrote: >> >On Tue 2006.10.31 at 22:54 -0500, George Georgalis wrote: >> >> So my question is, does anybody running spamd deliver to >> >> verizon.net without providing a false envelope from? >> >> What do you do? >> > >> >all depends on what other checks their mta is doing. maybe they don't >> >greylist for *@gmail.com...who knows....who cares...just send mail using >> >a non-broken mta. >> >> who cares? >> >> why do you say I'm using a broken mta? > >can you go back and read this thread please? then read about smtp >codes, then review 4xx codes again. if your mta can't deal, then it is >broken, or the configuration is severely broken. my mta works thank you very much. I inquired if anybody else was getting deferral from verizon perpetually and what they do about it---I get 450 for 7 days, then my mta gives up and returns the message. there are so many google hits on this verizon problem it's hard to get the good info, this list is by verizon. 1.) Please ensure that your server is accepting mail from 206.46.252.0/24. 2.) Please ensure that your server accepts a Null Mail From: command e.g. Mail From:<>. 3.) Please ensure your mail server responds to the SMTP commands within 30 seconds. 4.) Please ensure the from address used is a valid email address that is accepted by the MX server for that domain. 5.) Please ensure you have a proper MX record. if you must conform to all these, to send mail, that's not rfc 2821, nor is a 450 message for over 5 days. // George -- George Georgalis, systems architect, administrator < From jpb at sixshooter.v6.thrupoint.net Thu Nov 2 06:36:50 2006 From: jpb at sixshooter.v6.thrupoint.net (Jim Brown) Date: Thu, 2 Nov 2006 06:36:50 -0500 Subject: [nycbug-talk] Security Analyst Job Available (Full Time/Permanent), Rye, NY Message-ID: <20061102113650.GA18505@sixshooter.v6.thrupoint.net> Hello Everyone, A friend of mine let me know about an infosec analyst job in Rye NY (off I-95 near the Connecticut line). If you are interested feel free to call Naomi Wexer- 646-562-6018 and mention you heard it from me. I can't mention the company, but I know it's a large, well-established firm you will immediately recognize. Info is below, Jim B. ======================================================== Title: Information Security Analyst Skills: OS level Security; PKI, Firewall technologies ; Client/Clientless VPN , Intrusion Detection/Prevention Systems Date: 11-1-2006 Location: Rye, NY Area code: 914 Tax term: FULLTIME Length: FULL TIME Position ID: seca Job description: FULL TIME POSITION - PERMANENT POSITION CLIENT IS IN RYE, NY CLIENT WILL NOT SPONSOR WORK VISA DESCRIPTION * Analyze and define information security requirements and solutions. * Design and test information security products. * Identify and recommend solutions to security exposures. * Lead project teams in system consolidation, information security software upgrades, and contingency management planning and execution * Provide support in developing, implementing, and maintaining detailed corporate information security technology policies, principles, standards, and procedures. * Perform ongoing overall and targeted Risk Assessment exercises of the corporate infrastructure * Perform Penetration testing as needed REQUIREMENTS * Vulnerability assessment tools * Active Directory * OS level Security (Windows, Unix, AS400, Main Frame) Internet/Website Security (IIS, WebSphere, Web App Security) * Public Key Infrastructure (PKI) * Firewall technologies * Intrusion Detection/Prevention Systems * Client/Clientless VPN * Encryption * Network security * CISSP, SSCP, GIAC, Security+, or similar certifications is highly desirable. Other Special Requirements: Minimum of 3 years of strong hands on technical experience in Information Security, and security standards and architectural reviews. Additionally, strong technical, analytical, documentation, presentation, communication, and attention to detail skills are required: * Demonstrated skill in developing and delivering a wide range of verbal and written Communications to all levels of management. Bachelor's degree or equivalent work experience Travel required: none Telecommute: no From hubert at feyrer.de Wed Nov 1 11:21:38 2006 From: hubert at feyrer.de (Hubert Feyrer) Date: Wed, 1 Nov 2006 17:21:38 +0100 (CET) Subject: [nycbug-talk] EuroBSDCon is coming up ! In-Reply-To: <20061101103727.U63561@arbitor.digitalfreaks.org> References: <20061101103727.U63561@arbitor.digitalfreaks.org> Message-ID: On Wed, 1 Nov 2006, Brian A. Seklecki wrote: > And of course, NetBSD buffs that can provide a table full of exotic systems! >> :} I think it would be nice to have a NetBSD booth at EuroBSDCon, showing what NetBSD's up to today, maybe displaying hardware running NetBSD, documentation, etc. If someone wants to do that, I'd appreciate it. I can provide a box of t-shirts for the event if we're REALLY quick at this... - Hubert From lists at genoverly.net Thu Nov 2 08:36:39 2006 From: lists at genoverly.net (michael) Date: Thu, 2 Nov 2006 08:35:39 -0501 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061102064427.GL1658@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> <20061101165543.GI1658@run.galis.org> <20061102010603.GC8113@clam.khaoz.org> <20061102064427.GL1658@run.galis.org> Message-ID: <20061102083539.531a7fd1@dt.genoverly.com> On Thu, 2 Nov 2006 01:44:27 -0500 "George Georgalis" wrote: > I inquired if anybody else was getting deferral from verizon > perpetually and what they do about it---I get 450 for 7 days, > then my mta gives up and returns the message. Not sure if it helps, but in my (limited) experience... When sending mail TO verizon, I have found they (like many-many others) are strict about reverse dns for mx records. If they can not completely identify the server trying to talk to them, they will not proceed. After repeated attempts, they assume the assailant is a spammer and will put them on an internal blacklist. $ dig MX +short galis.org 10 run.galis.org. $ dig +short run.galis.org 70.183.8.250 $ dig -x 70.183.8.250 [snip] ;; ANSWER SECTION: 250.8.183.70.in-addr.arpa. 86269 IN PTR wsip-70-183-8-250.ri.ri.cox.net. [snip] Verizon may be under the impression that you are *not* who you say you are... but that is just my un-educated guess.. and probably so basic and obvious that it is not the answer to your problem. -- michael From stucchi at willystudios.com Thu Nov 2 08:53:45 2006 From: stucchi at willystudios.com (Massimiliano Stucchi) Date: Thu, 2 Nov 2006 14:53:45 +0100 Subject: [nycbug-talk] EuroBSDCon is coming up ! In-Reply-To: References: <20061101103727.U63561@arbitor.digitalfreaks.org> Message-ID: <20061102135345.GF69994@willystudios.com> On 011106, 17:21, Hubert Feyrer wrote: > On Wed, 1 Nov 2006, Brian A. Seklecki wrote: > > And of course, NetBSD buffs that can provide a table full of exotic systems! > >> :} > > I think it would be nice to have a NetBSD booth at EuroBSDCon, > showing what NetBSD's up to today, maybe displaying hardware running > NetBSD, documentation, etc. > > If someone wants to do that, I'd appreciate it. I can provide a box of > t-shirts for the event if we're REALLY quick at this... I'll have a table for you if you can make it there. Just let me know if there's going to be someone showing up and asking for it. Ciao! -- Massimiliano Stucchi, CTO & Director of Operations WillyStudios.com - IT Consulting, Web and VoIP Services stucchi at willystudios.com | Tel (+39) 0244417203 | Fax (+39) 0244417204 IT-20040, Carnate (Milano), via Carducci 9 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From george at galis.org Thu Nov 2 09:01:59 2006 From: george at galis.org (George Georgalis) Date: Thu, 2 Nov 2006 09:01:59 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061102083539.531a7fd1@dt.genoverly.com> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> <20061101165543.GI1658@run.galis.org> <20061102010603.GC8113@clam.khaoz.org> <20061102064427.GL1658@run.galis.org> <20061102083539.531a7fd1@dt.genoverly.com> Message-ID: <20061102140159.GN1658@run.galis.org> On Thu, Nov 02, 2006 at 08:35:39AM -0501, michael wrote: >On Thu, 2 Nov 2006 01:44:27 -0500 >"George Georgalis" wrote: > >> I inquired if anybody else was getting deferral from verizon >> perpetually and what they do about it---I get 450 for 7 days, >> then my mta gives up and returns the message. > >Not sure if it helps, but in my (limited) experience... > >When sending mail TO verizon, I have found they (like many-many others) >are strict about reverse dns for mx records. If they can not completely >identify the server trying to talk to them, they will not proceed. >After repeated attempts, they assume the assailant is a spammer and >will put them on an internal blacklist. > > $ dig MX +short galis.org > 10 run.galis.org. > > $ dig +short run.galis.org > 70.183.8.250 > > $ dig -x 70.183.8.250 > [snip] > ;; ANSWER SECTION: > 250.8.183.70.in-addr.arpa. 86269 IN PTR > wsip-70-183-8-250.ri.ri.cox.net. > [snip] > >Verizon may be under the impression that you are *not* who you say >you are... but that is just my un-educated guess.. and probably so >basic and obvious that it is not the answer to your problem. I think (tm) that is okay. yesterday I filled out a form requesting being white listed, they replied, I'm not being blocked. // George -- George Georgalis, systems architect, administrator < From george at galis.org Thu Nov 2 09:05:49 2006 From: george at galis.org (George Georgalis) Date: Thu, 2 Nov 2006 09:05:49 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061102064427.GL1658@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> <20061101165543.GI1658@run.galis.org> <20061102010603.GC8113@clam.khaoz.org> <20061102064427.GL1658@run.galis.org> Message-ID: <20061102140549.GO1658@run.galis.org> On Thu, Nov 02, 2006 at 01:44:27AM -0500, George Georgalis wrote: >On Wed, Nov 01, 2006 at 08:06:03PM -0500, Okan Demirmen wrote: >>On Wed 2006.11.01 at 11:55 -0500, George Georgalis wrote: >>> On Wed, Nov 01, 2006 at 10:23:54AM -0500, Okan Demirmen wrote: >>> >On Tue 2006.10.31 at 22:54 -0500, George Georgalis wrote: >>> >> So my question is, does anybody running spamd deliver to >>> >> verizon.net without providing a false envelope from? >>> >> What do you do? >>> > >>> >all depends on what other checks their mta is doing. maybe they don't >>> >greylist for *@gmail.com...who knows....who cares...just send mail using >>> >a non-broken mta. >>> >>> who cares? >>> >>> why do you say I'm using a broken mta? >> >>can you go back and read this thread please? then read about smtp >>codes, then review 4xx codes again. if your mta can't deal, then it is >>broken, or the configuration is severely broken. > >my mta works thank you very much. > >I inquired if anybody else was getting deferral from verizon >perpetually and what they do about it---I get 450 for 7 days, >then my mta gives up and returns the message. > >there are so many google hits on this verizon problem it's hard to >get the good info, this list is by verizon. > >1.) Please ensure that your server is accepting mail from >206.46.252.0/24. > >2.) Please ensure that your server accepts a Null Mail From: command >e.g. Mail From:<>. > >3.) Please ensure your mail server responds to the SMTP commands within >30 seconds. > >4.) Please ensure the from address used is a valid email address that is >accepted by the MX server for that domain. > >5.) Please ensure you have a proper MX record. > >if you must conform to all these, to send mail, that's not rfc >2821, nor is a 450 message for over 5 days. verizon is verifying it can deliver a <> notification message to the return path, during smtp and sends 450 if it cannot. since they never send a DATA, they never make a tuple to get through spamd. eventually they get tar-pitted and the session takes over 30 seconds before they can send RCPT. in the end, you must spamd whitelist the verizon ip that tests the return-path mx of messages you send them. or just give them a non-spamd return-path with your messages. // George -- George Georgalis, systems architect, administrator < From okan at demirmen.com Thu Nov 2 09:33:22 2006 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 2 Nov 2006 09:33:22 -0500 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061102140549.GO1658@run.galis.org> References: <20061001164839.GQ24150@clam.khaoz.org> <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> <20061101165543.GI1658@run.galis.org> <20061102010603.GC8113@clam.khaoz.org> <20061102064427.GL1658@run.galis.org> <20061102140549.GO1658@run.galis.org> Message-ID: <20061102143322.GO8113@clam.khaoz.org> On Thu 2006.11.02 at 09:05 -0500, George Georgalis wrote: are you running spamlogd(8), as the manpage recommends? From nycbug at cyth.net Thu Nov 2 13:33:56 2006 From: nycbug at cyth.net (Ray Lai) Date: Thu, 2 Nov 2006 13:32:56 -0501 Subject: [nycbug-talk] greylisting proxies? In-Reply-To: <20061102143322.GO8113@clam.khaoz.org> References: <20061101014846.GF1658@run.galis.org> <20061101022124.GD8113@clam.khaoz.org> <20061101035435.GG1658@run.galis.org> <20061101152354.GN8113@clam.khaoz.org> <20061101165543.GI1658@run.galis.org> <20061102010603.GC8113@clam.khaoz.org> <20061102064427.GL1658@run.galis.org> <20061102140549.GO1658@run.galis.org> <20061102143322.GO8113@clam.khaoz.org> Message-ID: <20061102183319.GF8070@cybertron.cyth.net> On Thu, Nov 02, 2006 at 09:33:22AM -0500, Okan Demirmen wrote: > On Thu 2006.11.02 at 09:05 -0500, George Georgalis wrote: > are you running spamlogd(8), as the manpage recommends? That wouldn't help if verizon sent and received mail from two different IPs. -Ray- From swygue at gmail.com Thu Nov 2 15:27:23 2006 From: swygue at gmail.com (swygue) Date: Thu, 2 Nov 2006 15:27:23 -0500 Subject: [nycbug-talk] Mail Server In CBL List Message-ID: Hey Guys ! One of my smtp server landed on the CBL list and I do not know why. I have two smtp servers that are on a carp fail-over, running Qmail. I followed their instructions and it appears my servers aren't "announcing non-RFC-compliant names via the HELO". Any ideas how I can fix this ? http://cbl.abuseat.org/ -Rodrique -- swygue neron --->> -------------- next part -------------- An HTML attachment was scrubbed... URL: From okan at demirmen.com Thu Nov 2 15:46:13 2006 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 2 Nov 2006 15:46:13 -0500 Subject: [nycbug-talk] Mail Server In CBL List In-Reply-To: References: Message-ID: <20061102204612.GQ8113@clam.khaoz.org> On Thu 2006.11.02 at 15:27 -0500, swygue wrote: > Hey Guys ! > > One of my smtp server landed on the CBL list and I do not know why. I have > two smtp servers that are on a carp fail-over, running Qmail. I followed > their instructions and it appears my servers aren't "announcing > non-RFC-compliant names via the HELO". Any ideas how I can fix this ? what does your host think it's name is? From swygue at gmail.com Thu Nov 2 16:04:27 2006 From: swygue at gmail.com (swygue) Date: Thu, 2 Nov 2006 16:04:27 -0500 Subject: [nycbug-talk] Mail Server In CBL List In-Reply-To: <20061102204612.GQ8113@clam.khaoz.org> References: <20061102204612.GQ8113@clam.khaoz.org> Message-ID: On 11/2/06, Okan Demirmen wrote: > > On Thu 2006.11.02 at 15:27 -0500, swygue wrote: > > Hey Guys ! > > > > One of my smtp server landed on the CBL list and I do not know why. I > have > > two smtp servers that are on a carp fail-over, running Qmail. I followed > > their instructions and it appears my servers aren't "announcing > > non-RFC-compliant names via the HELO". Any ideas how I can fix this ? > > what does your host think it's name is? Both my host has the FQDN basename for it's host name. -- swygue neron --->> -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at pilosoft.com Thu Nov 2 16:25:30 2006 From: alex at pilosoft.com (alex at pilosoft.com) Date: Thu, 2 Nov 2006 16:25:30 -0500 (EST) Subject: [nycbug-talk] Mail Server In CBL List In-Reply-To: Message-ID: On Thu, 2 Nov 2006, swygue wrote: > One of my smtp server landed on the CBL list and I do not know why. I > have two smtp servers that are on a carp fail-over, running Qmail. I > followed their instructions and it appears my servers aren't "announcing > non-RFC-compliant names via the HELO". Any ideas how I can fix this ? > > http://cbl.abuseat.org/ Who cares. There are a lot of spam blocklists ran by retards. It is a self-inflicted DoS if you try to deal with each of them. People who use such blocklists deserve what they get - no email, and eventually will stop using them. -alex From skreuzer at f2o.org Thu Nov 2 17:24:44 2006 From: skreuzer at f2o.org (Steven Kreuzer) Date: Thu, 02 Nov 2006 17:24:44 -0500 Subject: [nycbug-talk] BSD is Dying In-Reply-To: References: Message-ID: <454A702C.2060703@f2o.org> Charles Sprickman wrote: > Someone put a little video of Jason Dixon's presentation up: > > http://video.google.com/videoplay?docid=7833143728685685343&hl=en > > C > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month And the video is currently on the front page of digg: http://digg.com/linux_unix/BSD_is_Dying_A_tale_of_sex_and_greed You can also find downloadable versions from Jason's site at http://talks.dixongroup.net/nycbsdcon2006/ SK From spork at bway.net Thu Nov 2 19:05:48 2006 From: spork at bway.net (Charles Sprickman) Date: Thu, 2 Nov 2006 19:05:48 -0500 (EST) Subject: [nycbug-talk] creating "local" ports Message-ID: Hi all, Google's not helping me much here... I have a number of ports where I apply some local patches and whatnot (qmail and mailfront). Currently I do this manually by stepping through the port build process. I'd like to copy these into some sort of local ports directory, but that raises a few questions: -Is there an accepted location for this branch, ie: /usr/ports/local that will not get blown away on a cvsup or portsnap update? -How does one handle packages that depend on say, qmail, but I now want to depend on local-qmail? I know portupgrade can be tought this by setting an alternate pkgdep, but is there any clever way of doing this so that when you're not using portupgrade the deps are adjusted? Thanks, Charles From swygue at gmail.com Thu Nov 2 19:13:46 2006 From: swygue at gmail.com (swygue) Date: Thu, 2 Nov 2006 19:13:46 -0500 Subject: [nycbug-talk] Mail Server In CBL List In-Reply-To: <004201c6fec7$32ef2c00$320aa8c0@helpdeskm> References: <004201c6fec7$32ef2c00$320aa8c0@helpdeskm> Message-ID: Sanjay, My smtp server pass CBL HELO check, so I don't thing what you suggest will help. After I got your response, I was notified by the Windows group of possible virus outbreak. So I am guessing some mail worm triggered their scan engine. I think Alex is right, "they are retards". In the mean time am running clamav on my box, just see if any mail is infected and remove my server ip address from their list. On 11/2/06, Sanjay Dabhi wrote: > > Hi Swygue, > > From looking at your log it's look like you left internal IP on Hostname > for SMTP HELO. instead of internal IP, please put your out bound email > hostname > which could be > > baruch.cuny.edu MX preference = 15, mail exchanger = > webmail.baruch.cuny.edu > baruch.cuny.edu MX preference = 12, mail exchanger = > pearson.baruch.cuny.edu > baruch.cuny.edu MX preference = 14, mail exchanger = pps1.baruch.cuny.edu > > and make sure this hostname resolved from outside and inside of your > network. > > If you need more help Please let me know, > > Thanks > > Sanjay > ------------------------------ > *From:* swygue [mailto:swygue at gmail.com] > *Sent:* Thursday, November 02, 2006 4:02 PM > *To:* Sanjay Dabhi > *Subject:* Re: [nycbug-talk] Mail Server In CBL List > > > > On 11/2/06, Sanjay Dabhi wrote: > > > > Hi, > > > > Do you have host entry in your DNS for this both SMTP server? > > send me your error from return mail. > > > > Yes I have host enry for both servers. > > <> > : > 216.168.28.54 does not like recipient. > Remote host said: 550-Your HELO name for IP address 150.210.155.53 was > 550 "descartes.baruch.cuny.edu" > Giving up on 216.168.28.54. > > --- Below this line is a copy of the message. > > Return-Path: > Received: (qmail 15715 invoked by uid 27); 2 Nov 2006 19:41:03 -0000 > Received: from 10.1.2.60 by descartes (envelope-from < > Rodrique_Heron at baruch.cuny.edu>, uid 82) with qmail-scanner-1.25 > ( > Clear:RC:1(10.1.2.60 ):. > Processed in 0.066125 secs); 02 Nov 2006 19:41:03 -0000 > X-Qmail-Scanner-Mail-From: Rodrique_Heron at baruch.cuny.edu via descartes > X-Qmail-Scanner: 1.25 (Clear:RC:1( 10.1.2.60):. Processed in 0.066125secs) > Received: from unknown (HELO ?10.1.2.60?) (10.1.2.60) > by descartes.baruch.cuny.edu with SMTP; 2 Nov 2006 19:41:03 -0000 > Mime-Version: 1.0 (Apple Message framework v752.2) > To: helocheck at cbl.abuseat.org > Message-Id: < 1536DD36-5842-4A39-9F5B-16DB7D600379 at baruch.cuny.edu> > Content-Type: multipart/alternative; boundary=Apple-Mail-15--494307357 > From: Rodrique Heron > Subject: Test my mail > Date: Thu, 2 Nov 2006 14:41:26 -0500 > X-Mailer: Apple Mail (2.752.2) > <> > > > > > > > -- > swygue neron --->> > -- swygue neron --->> -------------- next part -------------- An HTML attachment was scrubbed... URL: From george at sddi.net Thu Nov 2 20:33:42 2006 From: george at sddi.net (George R.) Date: Thu, 02 Nov 2006 20:33:42 -0500 Subject: [nycbug-talk] bsdtalk. . . Message-ID: <454A9C76.3050209@sddi.net> Thanks Will. . . http://undeadly.org/cgi?action=article&sid=20061103010033 Nice publicity this year. . . It's kind of cool. . . g From george at sddi.net Thu Nov 2 21:08:24 2006 From: george at sddi.net (George R.) Date: Thu, 02 Nov 2006 21:08:24 -0500 Subject: [nycbug-talk] LISA Message-ID: <454AA498.7050901@sddi.net> Anyone going to this year's USENIX LISA? http://www.usenix.org/events/lisa06/ Email me off list. . . g From dlavigne6 at sympatico.ca Thu Nov 2 21:27:09 2006 From: dlavigne6 at sympatico.ca (Dru) Date: Thu, 2 Nov 2006 21:27:09 -0500 (EST) Subject: [nycbug-talk] LISA In-Reply-To: <454AA498.7050901@sddi.net> References: <454AA498.7050901@sddi.net> Message-ID: <20061102212608.S607@dru.domain.org> On Thu, 2 Nov 2006, George R. wrote: > Anyone going to this year's USENIX LISA? > > http://www.usenix.org/events/lisa06/ > > Email me off list. . . Actually, I'm emailing on list to remind everyone there will be an all BSD booth in the exhibit hall. Anyone who has swag or wants to do some booth duty, email me off list :-) Dru From sjt.kar at gmail.com Fri Nov 3 05:18:04 2006 From: sjt.kar at gmail.com (Sujit Karataparambil) Date: Fri, 3 Nov 2006 15:48:04 +0530 Subject: [nycbug-talk] creating "local" ports In-Reply-To: References: Message-ID: <921ca19c0611030218v5c260241j2999bd8be38a7454@mail.gmail.com> > I'd like to copy these into some sort of local ports directory, but that > raises > a few questions: > > -Is there an accepted location for this branch, ie: /usr/ports/local that > will > not get blown away on a cvsup or portsnap update? There is an LocalBase Port Location in FreeBSD. -How does one handle packages that depend on say, qmail, but I now want to > depend on local-qmail? I know portupgrade can be tought this by setting > an > alternate pkgdep, but is there any clever way of doing this so that when > you're > not using portupgrade the deps are adjusted? Hope this might Help. http://www.onlamp.com/pub/a/bsd/2001/01/25/Big_Scary_Daemons.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From spork at bway.net Fri Nov 3 15:18:33 2006 From: spork at bway.net (Charles Sprickman) Date: Fri, 3 Nov 2006 15:18:33 -0500 (EST) Subject: [nycbug-talk] creating "local" ports In-Reply-To: <921ca19c0611030218v5c260241j2999bd8be38a7454@mail.gmail.com> References: <921ca19c0611030218v5c260241j2999bd8be38a7454@mail.gmail.com> Message-ID: On Fri, 3 Nov 2006, Sujit Karataparambil wrote: >> I'd like to copy these into some sort of local ports directory, but that >> raises >> a few questions: >> >> -Is there an accepted location for this branch, ie: /usr/ports/local that >> will >> not get blown away on a cvsup or portsnap update? > > > There is an LocalBase Port Location in FreeBSD. Unless I'm mistaken, that's the base location of installed ports, not the base location of the ports tree. I'm specifically looking to do something like: /usr/ports/LOCAL/qmail /usr/ports/LOCAL/mailfront etc... > -How does one handle packages that depend on say, qmail, but I now want to >> depend on local-qmail? I know portupgrade can be tought this by setting >> an >> alternate pkgdep, but is there any clever way of doing this so that when >> you're >> not using portupgrade the deps are adjusted? > > Hope this might Help. > http://www.onlamp.com/pub/a/bsd/2001/01/25/Big_Scary_Daemons.html Thanks, that looks like an interesting starter on modifying an existing port (which I do need to do, but it seems pretty trivial), but I'm specifically looking to have an additional local category and having some way of adjusting dependencies so that for example a port that depends on qmail will instead depend on LOCAL/qmail... Thanks, Charles From chsnyder at gmail.com Fri Nov 3 17:58:28 2006 From: chsnyder at gmail.com (csnyder) Date: Fri, 3 Nov 2006 17:58:28 -0500 Subject: [nycbug-talk] creating "local" ports In-Reply-To: References: <921ca19c0611030218v5c260241j2999bd8be38a7454@mail.gmail.com> Message-ID: On 11/3/06, Charles Sprickman wrote: > I'm > specifically looking to have an additional local category and having some > way of adjusting dependencies so that for example a port that depends on > qmail will instead depend on LOCAL/qmail... > That sounds like a holy grail kinda thing. It seems like the most straightforward way to do it would be to replace /usr/ports/mail/qmail with your own port, and concentrate on figuring out how to make that persist from cvsup to cvsup. Any ports that depend on qmail would just build it and go. I hope I didn't just give everyone hives with that suggestion. You could always put together your _own_ ports distribution. Nobody says you have to use FreeBSD's, but that's only practical if you need to track a few hundred or fewer upstream ports. -- Chris Snyder http://chxo.com/ From spork at bway.net Fri Nov 3 18:57:40 2006 From: spork at bway.net (Charles Sprickman) Date: Fri, 3 Nov 2006 18:57:40 -0500 (EST) Subject: [nycbug-talk] creating "local" ports In-Reply-To: <921ca19c0611030218v5c260241j2999bd8be38a7454@mail.gmail.com> References: <921ca19c0611030218v5c260241j2999bd8be38a7454@mail.gmail.com> Message-ID: Top post alert... Brought over to -ports list: http://lists.freebsd.org/pipermail/freebsd-ports/2006-November/036508.html (screwed up the subject, was editing/forwarding) I'm kind of surprised there isn't a mechanism to easily manage a local ports category. I've been getting pretty compulsive about trying to keep everything I can in ports so I have a clear picture of what's installed on each box. Charles On Fri, 3 Nov 2006, Sujit Karataparambil wrote: >> I'd like to copy these into some sort of local ports directory, but that >> raises >> a few questions: >> >> -Is there an accepted location for this branch, ie: /usr/ports/local that >> will >> not get blown away on a cvsup or portsnap update? > > > There is an LocalBase Port Location in FreeBSD. > > -How does one handle packages that depend on say, qmail, but I now want to >> depend on local-qmail? I know portupgrade can be tought this by setting >> an >> alternate pkgdep, but is there any clever way of doing this so that when >> you're >> not using portupgrade the deps are adjusted? > > > Hope this might Help. > http://www.onlamp.com/pub/a/bsd/2001/01/25/Big_Scary_Daemons.html > From lavalamp at spiritual-machines.org Fri Nov 3 22:32:56 2006 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Fri, 3 Nov 2006 22:32:56 -0500 (EST) Subject: [nycbug-talk] creating "local" ports In-Reply-To: References: <921ca19c0611030218v5c260241j2999bd8be38a7454@mail.gmail.com> Message-ID: <20061103223039.K92133@arbitor.digitalfreaks.org> In Pkgsrc we have pkgsrc-wip which essential provide the mechanism you're looking for. The problem becomes modifications to existing ports where reanaming the PKGNAME will essentially break dependencies and portupgrade logic. On the other than -- with NetBSD, and vanilla CVS for updates, we don't have to worry about CVSUp blow about localizations. ~BAS On Fri, 3 Nov 2006, Charles Sprickman wrote: > Top post alert... > > Brought over to -ports list: > > http://lists.freebsd.org/pipermail/freebsd-ports/2006-November/036508.html > > (screwed up the subject, was editing/forwarding) > > I'm kind of surprised there isn't a mechanism to easily manage a local > ports category. I've been getting pretty compulsive about trying to keep > everything I can in ports so I have a clear picture of what's installed on > each box. > > Charles > > On Fri, 3 Nov 2006, Sujit Karataparambil wrote: > >>> I'd like to copy these into some sort of local ports directory, but that >>> raises >>> a few questions: >>> >>> -Is there an accepted location for this branch, ie: /usr/ports/local that >>> will >>> not get blown away on a cvsup or portsnap update? >> >> >> There is an LocalBase Port Location in FreeBSD. >> >> -How does one handle packages that depend on say, qmail, but I now want to >>> depend on local-qmail? I know portupgrade can be tought this by setting >>> an >>> alternate pkgdep, but is there any clever way of doing this so that when >>> you're >>> not using portupgrade the deps are adjusted? >> >> >> Hope this might Help. >> http://www.onlamp.com/pub/a/bsd/2001/01/25/Big_Scary_Daemons.html >> > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From lists at stringsutils.com Sat Nov 4 14:28:12 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Sat, 04 Nov 2006 14:28:12 -0500 Subject: [nycbug-talk] Mail Server In CBL List References: Message-ID: alex at pilosoft.com writes: > Who cares. There are a lot of spam blocklists ran by retards. So what do you suggest? To no use them at all? Are any RBLs that you consider sane? > It is a self-inflicted DoS if you try to deal with each of them. People who use > such blocklists deserve what they get So what is your solution for handling spam? If blocking spam was as easy as sometimes people want to make it sound.. there wouldn't be so many spammers making money out of sending millions of spam every day. From alex at pilosoft.com Sat Nov 4 15:06:42 2006 From: alex at pilosoft.com (alex at pilosoft.com) Date: Sat, 4 Nov 2006 15:06:42 -0500 (EST) Subject: [nycbug-talk] Mail Server In CBL List In-Reply-To: Message-ID: On Sat, 4 Nov 2006, Francisco Reyes wrote: > alex at pilosoft.com writes: > > > Who cares. There are a lot of spam blocklists ran by retards. > > So what do you suggest? To no use them at all? Are any RBLs that you > consider sane? spamhaus SBL is generally sane, although lately its been moving into "collateral damage" direction. nevertheless, it is probably the sanest. I can say what *not* to use: SORBS/SPEWS/spamcop. > > It is a self-inflicted DoS if you try to deal with each of them. > > People who use such blocklists deserve what they get > > So what is your solution for handling spam? > > If blocking spam was as easy as sometimes people want to make it sound.. > there wouldn't be so many spammers making money out of sending millions > of spam every day. It is *very* nontrivial, and the current state-of-the-art is probably combination of: a) MTA front-end: short (1 minute) greylisting b) bayes filtering: spamassassin or pyzor or... c) blacklists d) spamassassin plugins to do filtering based on URLs embedded in the mail, and OCR of the URLs embedded in images -alex From lists at stringsutils.com Sat Nov 4 17:57:58 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Sat, 04 Nov 2006 17:57:58 -0500 Subject: [nycbug-talk] Mail Server In CBL List References: Message-ID: alex at pilosoft.com writes: > spamhaus SBL is generally sane, although lately its been moving into > "collateral damage" direction. nevertheless, it is probably the sanest. SBL only? not sbl-xbl? I like psbl, http://psbl.surriel.com, because it is completely based on spamtraps.. and you can easily get an IP out automatically. Funny you mention spamhaus.. after you said cbl was not very good. Spamhaus loads the cbl list into one of their lists (I think the sbl-xbl one). > I can say what *not* to use: SORBS/SPEWS/spamcop. Add fiveten to the list. I can not but be amazed that people use that at all. He would block entire nets because they are owned by a company that he believes doesn't fight spam enough.. so you can have THOUSANDS of IPs blocked that have never sent any spam. > a) MTA front-end: short (1 minute) greylisting I like greylisting, but the amount of broken MTAs out there is pretty scary. Have you found 1 minute to be effective? Why so low? > c) blacklists My current home list for RBLs is reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client bl.csma.biz, reject_rbl_client dnsbl-2.uceprotect.net, reject_rbl_client dnsbl-1.uceprotect.net, reject_rbl_client psbl.surriel.com reject_rbl_client list.dsbl.org Good for a home, small company setup... BAD for a large setup with lots of virtual domains. At work I think I use something like reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com Although I read many complaints about spamcop, I find that we get relatively few complaints about it from users, yet stops a good deal of spam. The one RBL that surprised me on how much it caches.. and also the amount of complain from users.. is psbl.surriel.com That RBL is completely based on spamtraps.. and it is very easy to get out.. go to a page.. enter IP... yet we get complaints from customers.. who are too lazy to read the description on the bounce back and to unsubscribe the IP they are trying to get mail from. Part of the problem with dealing with spam.. is the different levels of tolerance from different customers.. Some customers will rather get all the spam in the world.. instead of missing emails from customers.. while others will rather not get all the mail from people they deal with.. as long as they don't get spam. From lists at stringsutils.com Sat Nov 4 18:17:23 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Sat, 04 Nov 2006 18:17:23 -0500 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 References: <003d01c6f323$526f2b20$640aa8c0@MobileZ> Message-ID: Hans Zaunere writes: > This is 4.1 so these features aren't in use. I'm afraid we're hitting some > threading issues, per previous links. What loads in the machihe? You mentioned crashes on high concurrency.. how many connections? I have a 6.1 Stable (May 2006) running Mysql 4.1.13 with no problems. Large number of selects, with a decent amount of inserts (primarily from a greylisting DB) . Number of connections per seconds, as reported by mtop, is between 200 and 600 during regular business hours. Just checked right now (saturday 6pm) and it was 170 to 200 queries per second.. Weekends are considerably slower.. This is a dedicated machine that does only mysql and absolutely nothing else. Have 1 slave running off this machine. 2GB of RAM, 2 Raptors in RAID 1. Using MyISAM tables. From what I see in top/vmstat/iostat... usually the data is coming from memory and not much disk I/O in the machine. No crashes, no issues. The only issue I have ever had is with the replication. Ocassionaly the replication will just stop working on the slave.. and a few times had to redo the entire replication setup. Often times just doing a skip on the problem transaction solves the problem. If the master gets really busy (usually in the 600 queries per second) the slave will stop replication.. and just have to "start slave" to get it going again. I still would much rather move as much work as possible to postgresql, but there is so much legacy code with Mysql that it was not very practical to try and convert it all. Most new work we do is postgresql. From lists at stringsutils.com Sat Nov 4 18:20:21 2006 From: lists at stringsutils.com (Francisco Reyes) Date: Sat, 04 Nov 2006 18:20:21 -0500 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 References: <003e01c6f323$a92afed0$640aa8c0@MobileZ> Message-ID: Hans Zaunere writes: > Thanks Thomas. I actually always recommend Linux for MySQL, but these > servers are coming from a vendor, so it's going to be a political move to > get them to change. They are a FreeBSD shop as well, which of course runs > everything else flawlessly - except MySQL. Do you use replication? Any way you could have some of the load go to a primary and some other go to a slave? Although most of our mysql load goes to a single machine we have, when possible, tried to distribute some of the load between the master and a slave we run. In particular postfix was one that was easy to do this on. We also have modified some of our PHP code to go to the master for write, but to either master/slave for reads. Helps not only with speed, but with reliability too. From lists at zaunere.com Sun Nov 5 06:23:37 2006 From: lists at zaunere.com (Hans Zaunere) Date: Sun, 5 Nov 2006 06:23:37 -0500 Subject: [nycbug-talk] MySQL and FreeBSD 6.0 In-Reply-To: Message-ID: <007b01c700cc$d83ca550$3901a8c0@MobileZ> Hi, Francisco Reyes wrote on Saturday, November 04, 2006 6:17 PM: > Hans Zaunere writes: > > > This is 4.1 so these features aren't in use. I'm afraid we're > > hitting some threading issues, per previous links. > > What loads in the machihe? > You mentioned crashes on high concurrency.. how many connections? > > I have a 6.1 Stable (May 2006) running Mysql 4.1.13 with no problems. > Large number of selects, with a decent amount of inserts (primarily > from a greylisting DB) . > > Number of connections per seconds, as reported by mtop, is between > 200 and 600 during regular business hours. Just checked right now > (saturday 6pm) and it was 170 to 200 queries per second.. Weekends > are considerably slower.. > > This is a dedicated machine that does only mysql and absolutely > nothing else. Have 1 slave running off this machine. 2GB of RAM, 2 > Raptors in RAID > 1. Using MyISAM tables. From what I see in top/vmstat/iostat... > usually the data is coming from memory and not much disk I/O in the > machine. > > > No crashes, no issues. This sounds similar to the server environment we're dealing with - except for we're at 6.0 vs 6.1. As this project developments, we're getting the feeling it's a 6.0 specific issue. If/when we move to 6.1, hopefully that clears things up. H From yds at CoolRat.org Tue Nov 7 22:47:33 2006 From: yds at CoolRat.org (Yarema) Date: Tue, 07 Nov 2006 22:47:33 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 Message-ID: <9FC8CDCE5DE20C34D7BF1C34@[192.168.1.69]> Inspired by Bob Beck's talk at the NYC BSD Con I implemented spamd and greyscanner on my FreeBSD pf edge servers. What a difference! Catches somewhere around 99% of the spam before it ever reaches the mail server. Just filed . Also available as a tarball at . Let me know what you think. If you like, let the maintainer know . The updated port is what I'm now running in production. -- Yarema http://yds.CoolRat.org/ From dan at langille.org Tue Nov 7 23:58:56 2006 From: dan at langille.org (Dan Langille) Date: Tue, 07 Nov 2006 23:58:56 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: <9FC8CDCE5DE20C34D7BF1C34@[192.168.1.69]> Message-ID: <45511DC0.2585.3C421E5D@dan.langille.org> On 7 Nov 2006 at 22:47, Yarema wrote: > Inspired by Bob Beck's talk at the NYC BSD Con I implemented spamd and > greyscanner on my FreeBSD pf edge servers. What a difference! Catches > somewhere around 99% of the spam before it ever reaches the mail server. > > Just filed . Also > available as a tarball at . > > Let me know what you think. If you like, let the maintainer know > . > > The updated port is what I'm now running in production. Thanks. Have you considered upgrading spamd to the latest version from OpenBSD? I'd contacted the maintainer about this, and have only recently started working with greylisting via pf and spamd. Are you interested in updating spamd itself? -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php From yds at CoolRat.org Wed Nov 8 01:04:58 2006 From: yds at CoolRat.org (Yarema) Date: Wed, 08 Nov 2006 01:04:58 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: <45515644.3040903@delphij.net> References: <9FC8CDCE5DE20C34D7BF1C34@[192.168.1.69]> <45515644.3040903@delphij.net> Message-ID: <2C4BD3F3FA27FCFBCC6EFF17@[192.168.1.69]> --On Wednesday, November 08, 2006 12:00 PM +0800 LI Xin wrote: > Hi, > > Yarema wrote: >> Inspired by Bob Beck's talk at the NYC BSD Con I implemented >> spamd and greyscanner on my FreeBSD pf edge servers. What a >> difference! Catches somewhere around 99% of the spam before >> it ever reaches the mail server. >> >> Just filed . >> Also available as a tarball at >> . >> >> Let me know what you think. If you like, let the maintainer >> know . >> >> The updated port is what I'm now running in production. > > I have slightly glanced at the patch and it looks fine to me, > except some minor style issues that I have already fixed at my > workspace. > > One point: Why greyscanner is marked as IGNORE? I think we > really need a MD5 and SHA256 for security reasons... > > Cheers, Thanks for looking at it so quickly. At first I made checksums for greyscanner. But then I realized that Bob Beck is updating greyscanner so often (and I clearly mark it as experimental) that it seems more pragmatic to not have to update the port every time greyscanner is tweaked. I figure that anyone using greyscanner is experienced enough to also notice if something's awry with fetching it or the code. Greyscanner is slated to be part of the OpenBSD/spamd 4.1 release according to the slides. By then the need to download the script separately will go away. If you disagree feel free to make the checksums. I was on the fence about this one. -- Yarema http://yds.CoolRat.org/ From yds at CoolRat.org Wed Nov 8 01:12:01 2006 From: yds at CoolRat.org (Yarema) Date: Wed, 08 Nov 2006 01:12:01 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: <45516D81.8090404@delphij.net> References: <45511DC0.2585.3C421E5D@dan.langille.org> <45516D81.8090404@delphij.net> Message-ID: <93D1C231DD91C6E63589A298@[192.168.1.69]> --On Wednesday, November 08, 2006 1:39 PM +0800 LI Xin wrote: > Dan Langille wrote: >> On 7 Nov 2006 at 22:47, Yarema wrote: >> >>> Inspired by Bob Beck's talk at the NYC BSD Con I implemented >>> spamd and greyscanner on my FreeBSD pf edge servers. What a >>> difference! Catches somewhere around 99% of the spam before >>> it ever reaches the mail server. >>> >>> Just filed . >>> Also available as a tarball at >>> . >>> >>> Let me know what you think. If you like, let the maintainer >>> know . >>> >>> The updated port is what I'm now running in production. >> >> Thanks. >> >> Have you considered upgrading spamd to the latest version >> from OpenBSD? I'd contacted the maintainer about this, and >> have only recently started working with greylisting via pf >> and spamd. Are you interested in updating spamd itself? > > Yes that would be great. > > If nobody step up with the update I would do that myself this > week, but I would be happy to see someone to take this over, > as I no longer use it for my own use... > > Cheers, I could try updating it since by now I'm pretty familiar with the port. How did you roll the 3.7 tarball? By hand from an OpenBSD release? -- Yarema http://yds.CoolRat.org/ From yds at CoolRat.org Wed Nov 8 01:23:40 2006 From: yds at CoolRat.org (Yarema) Date: Wed, 08 Nov 2006 01:23:40 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: <4551758D.7010104@delphij.net> References: <9FC8CDCE5DE20C34D7BF1C34@[192.168.1.69]> <45515644.3040903@delphij.net> <2C4BD3F3FA27FCFBCC6EFF17@[192.168.1.69]> <4551758D.7010104@delphij.net> Message-ID: <9492CC7C7A4CA3115A5F6559@[192.168.1.69]> --On Wednesday, November 08, 2006 2:13 PM +0800 LI Xin wrote: >>> >>> I have slightly glanced at the patch and it looks fine to me, >>> except some minor style issues that I have already fixed at my >>> workspace. >>> >>> One point: Why greyscanner is marked as IGNORE? I think we >>> really need a MD5 and SHA256 for security reasons... >>> >>> Cheers, >> >> Thanks for looking at it so quickly. At first I made checksums >> for greyscanner. But then I realized that Bob Beck is updating >> greyscanner so often (and I clearly mark it as experimental) >> that it seems more pragmatic to not have to update the port >> every time greyscanner is tweaked. I figure that anyone using >> greyscanner is experienced enough to also notice if something's >> awry with fetching it or the code. Greyscanner is slated to be >> part of the OpenBSD/spamd 4.1 release according to the slides. >> By then the need to download the script separately will go away. >> >> If you disagree feel free to make the checksums. I was on the >> fence about this one. > > What about we put a verified version somewhere, say, under the > name as greyscanner-20061109 or something similar, and put > checksum on it because it's a frozen snapshot? > > Cheers, Why not just stick it in the spamd tarball? That would simplify the Makefile quite a bit. Or we could just put it in the port's files directory. That would simplify the Makefile just the same and the script is small enough. And there's no need to track it somewhere else. -- Yarema http://yds.CoolRat.org/ From yds at CoolRat.org Wed Nov 8 01:30:00 2006 From: yds at CoolRat.org (Yarema) Date: Wed, 08 Nov 2006 01:30:00 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: <45517702.2070701@delphij.net> References: <45511DC0.2585.3C421E5D@dan.langille.org> <45516D81.8090404@delphij.net> <93D1C231DD91C6E63589A298@[192.168.1.69]> <45517702.2070701@delphij.net> Message-ID: --On Wednesday, November 08, 2006 2:19 PM +0800 LI Xin wrote: > Yarema wrote: >> --On Wednesday, November 08, 2006 1:39 PM +0800 LI Xin >> wrote: >> >>> Dan Langille wrote: >>>> On 7 Nov 2006 at 22:47, Yarema wrote: >>>> >>>>> Inspired by Bob Beck's talk at the NYC BSD Con I implemented >>>>> spamd and greyscanner on my FreeBSD pf edge servers. What a >>>>> difference! Catches somewhere around 99% of the spam before >>>>> it ever reaches the mail server. >>>>> >>>>> Just filed . >>>>> Also available as a tarball at >>>>> . >>>>> >>>>> Let me know what you think. If you like, let the maintainer >>>>> know . >>>>> >>>>> The updated port is what I'm now running in production. >>>> >>>> Thanks. >>>> >>>> Have you considered upgrading spamd to the latest version >>>> from OpenBSD? I'd contacted the maintainer about this, and >>>> have only recently started working with greylisting via pf >>>> and spamd. Are you interested in updating spamd itself? >>> >>> Yes that would be great. >>> >>> If nobody step up with the update I would do that myself this >>> week, but I would be happy to see someone to take this over, >>> as I no longer use it for my own use... >>> >>> Cheers, >> >> I could try updating it since by now I'm pretty familiar with >> the port. How did you roll the 3.7 tarball? By hand from an >> OpenBSD release? > > First you need an OpenBSD cvs mirrored locally, or use the > anonymous OpenBSD CVS. I have rolled CVS information into the > tarball, so this would be done with something like > "cvs -d /home/openbsd up -rOPENBSD_4_0" > in each directories. Then, check if there is newly added files > in OpenBSD distribution, port the patches into the tree, verify > that everything goes well, remove the .#* files, and finally > you got a new tarball. > > Please note that if you roll a new tarball, I would advise that > you either include our local patchsets into it, or separate all > our local patchset out to files/. This will make maintainer's > life easier. > > So I guess it's midnight in NY? It's afternoon here so if you > are tired, just leave the work to me :-) > > Cheers, Yeah, it's 1:30am US/Eastern so I'm ready to pass out. If you do roll another tarball consider including greyscanner and all that code dealing with fetching it can be eliminated from the Makefile. -- Yarema http://yds.CoolRat.org/ From yds at CoolRat.org Wed Nov 8 09:21:12 2006 From: yds at CoolRat.org (Yarema) Date: Wed, 08 Nov 2006 09:21:12 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: <45518A09.3060309@delphij.net> References: <45511DC0.2585.3C421E5D@dan.langille.org> <45516D81.8090404@delphij.net> <93D1C231DD91C6E63589A298@[192.168.1.69]> <45517702.2070701@delphij.net> <45518A09.3060309@delphij.net> Message-ID: --On Wednesday, November 08, 2006 3:40 PM +0800 LI Xin wrote: > Yarema wrote: >> --On Wednesday, November 08, 2006 2:19 PM +0800 LI Xin >> wrote: >> >>> Yarema wrote: >>>> --On Wednesday, November 08, 2006 1:39 PM +0800 LI Xin >>>> wrote: >>>> >>>>> Dan Langille wrote: >>>>>> On 7 Nov 2006 at 22:47, Yarema wrote: >>>>>> >>>>>>> Inspired by Bob Beck's talk at the NYC BSD Con I implemented >>>>>>> spamd and greyscanner on my FreeBSD pf edge servers. What a >>>>>>> difference! Catches somewhere around 99% of the spam before >>>>>>> it ever reaches the mail server. >>>>>>> >>>>>>> Just filed . >>>>>>> Also available as a tarball at >>>>>>> . >>>>>>> >>>>>>> Let me know what you think. If you like, let the maintainer >>>>>>> know . >>>>>>> >>>>>>> The updated port is what I'm now running in production. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> Have you considered upgrading spamd to the latest version >>>>>> from OpenBSD? I'd contacted the maintainer about this, and >>>>>> have only recently started working with greylisting via pf >>>>>> and spamd. Are you interested in updating spamd itself? >>>>> >>>>> Yes that would be great. >>>>> >>>>> If nobody step up with the update I would do that myself this >>>>> week, but I would be happy to see someone to take this over, >>>>> as I no longer use it for my own use... >>>>> >>>>> Cheers, >>>> >>>> I could try updating it since by now I'm pretty familiar with >>>> the port. How did you roll the 3.7 tarball? By hand from an >>>> OpenBSD release? >>> >>> First you need an OpenBSD cvs mirrored locally, or use the >>> anonymous OpenBSD CVS. I have rolled CVS information into the >>> tarball, so this would be done with something like >>> "cvs -d /home/openbsd up -rOPENBSD_4_0" >>> in each directories. Then, check if there is newly added files >>> in OpenBSD distribution, port the patches into the tree, verify >>> that everything goes well, remove the .#* files, and finally >>> you got a new tarball. >>> >>> Please note that if you roll a new tarball, I would advise that >>> you either include our local patchsets into it, or separate all >>> our local patchset out to files/. This will make maintainer's >>> life easier. >>> >>> So I guess it's midnight in NY? It's afternoon here so if you >>> are tired, just leave the work to me :-) >>> >>> Cheers, >> >> Yeah, it's 1:30am US/Eastern so I'm ready to pass out. If >> you do roll another tarball consider including greyscanner >> and all that code dealing with fetching it can be eliminated >> from the Makefile. > > Yes. I have prepared a tarball at > http://people.freebsd.org/~delphij/misc/spamd.tar.bz2 and you > may want to try it out, to see if the upgrade has all features > you wanted. I have uploaded the necessary distfile to my home > directory but it can take some time to be populated out to > mirror sites. > > I will walk through the open PRs to see if I have missed > something. OK, I did a few test builds. I see that you opted to apply the FreeBSD patches directly to the tarball. There's one problem I found with that. In spamd-setup.c line 51 ${LOCALBASE}, or ${PREFIX} if you will, gets hard coded: #define PATH_SPAMD_CONF "/usr/local/etc/spamd.conf" Same thing probably happens with the man pages. Come to think of it I think it would be simpler to maintain the port with the local FreeBSD patches applied by the port at build time like before rather than rolling the tarball with the patches already applied. Who knows.. maybe the OpenBSD folks will someday package spamd as a tarball themselves. It would be good to have those patches still araound in the files dir if/when that happens. Otherwise looks good. Thanks again for looking into this so quickly. -- Yarema http://yds.CoolRat.org/ From yds at CoolRat.org Wed Nov 8 10:10:47 2006 From: yds at CoolRat.org (Yarema) Date: Wed, 08 Nov 2006 10:10:47 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: References: <45511DC0.2585.3C421E5D@dan.langille.org> <45516D81.8090404@delphij.net> <93D1C231DD91C6E63589A298@[192.168.1.69]> <45517702.2070701@delphij.net> <45518A09.3060309@delphij.net> Message-ID: --On Wednesday, November 08, 2006 9:21 AM -0500 Yarema wrote: > > > --On Wednesday, November 08, 2006 3:40 PM +0800 LI Xin > wrote: > >> Yarema wrote: >>> --On Wednesday, November 08, 2006 2:19 PM +0800 LI Xin >>> wrote: >>> >>>> Yarema wrote: >>>>> --On Wednesday, November 08, 2006 1:39 PM +0800 LI Xin >>>>> wrote: >>>>> >>>>>> Dan Langille wrote: >>>>>>> On 7 Nov 2006 at 22:47, Yarema wrote: >>>>>>> >>>>>>>> Inspired by Bob Beck's talk at the NYC BSD Con I implemented >>>>>>>> spamd and greyscanner on my FreeBSD pf edge servers. What a >>>>>>>> difference! Catches somewhere around 99% of the spam before >>>>>>>> it ever reaches the mail server. >>>>>>>> >>>>>>>> Just filed . >>>>>>>> Also available as a tarball at >>>>>>>> . >>>>>>>> >>>>>>>> Let me know what you think. If you like, let the maintainer >>>>>>>> know . >>>>>>>> >>>>>>>> The updated port is what I'm now running in production. >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> Have you considered upgrading spamd to the latest version >>>>>>> from OpenBSD? I'd contacted the maintainer about this, and >>>>>>> have only recently started working with greylisting via pf >>>>>>> and spamd. Are you interested in updating spamd itself? >>>>>> >>>>>> Yes that would be great. >>>>>> >>>>>> If nobody step up with the update I would do that myself this >>>>>> week, but I would be happy to see someone to take this over, >>>>>> as I no longer use it for my own use... >>>>>> >>>>>> Cheers, >>>>> >>>>> I could try updating it since by now I'm pretty familiar with >>>>> the port. How did you roll the 3.7 tarball? By hand from an >>>>> OpenBSD release? >>>> >>>> First you need an OpenBSD cvs mirrored locally, or use the >>>> anonymous OpenBSD CVS. I have rolled CVS information into the >>>> tarball, so this would be done with something like >>>> "cvs -d /home/openbsd up -rOPENBSD_4_0" >>>> in each directories. Then, check if there is newly added files >>>> in OpenBSD distribution, port the patches into the tree, verify >>>> that everything goes well, remove the .#* files, and finally >>>> you got a new tarball. >>>> >>>> Please note that if you roll a new tarball, I would advise that >>>> you either include our local patchsets into it, or separate all >>>> our local patchset out to files/. This will make maintainer's >>>> life easier. >>>> >>>> So I guess it's midnight in NY? It's afternoon here so if you >>>> are tired, just leave the work to me :-) >>>> >>>> Cheers, >>> >>> Yeah, it's 1:30am US/Eastern so I'm ready to pass out. If >>> you do roll another tarball consider including greyscanner >>> and all that code dealing with fetching it can be eliminated >>> from the Makefile. >> >> Yes. I have prepared a tarball at >> http://people.freebsd.org/~delphij/misc/spamd.tar.bz2 and you >> may want to try it out, to see if the upgrade has all features >> you wanted. I have uploaded the necessary distfile to my home >> directory but it can take some time to be populated out to >> mirror sites. >> >> I will walk through the open PRs to see if I have missed >> something. > > OK, I did a few test builds. I see that you opted to apply > the FreeBSD patches directly to the tarball. There's one > problem I found with that. In spamd-setup.c line 51 > ${LOCALBASE}, or ${PREFIX} if you will, gets hard coded: > ># define PATH_SPAMD_CONF "/usr/local/etc/spamd.conf" > > Same thing probably happens with the man pages. Come to > think of it I think it would be simpler to maintain the > port with the local FreeBSD patches applied by the port at > build time like before rather than rolling the tarball with > the patches already applied. Who knows.. maybe the OpenBSD > folks will someday package spamd as a tarball themselves. > It would be good to have those patches still araound in the > files dir if/when that happens. > > Otherwise looks good. Thanks again for looking into this so > quickly. Following up on my own email... Just updated the 4.0 version of adding files/crontab.in to be installed as ${EXAMPLESDIR}/crontab. And some minor cosmetic fixes to the Makefile. -- Yarema http://yds.CoolRat.org/ From pete at nomadlogic.org Thu Nov 9 12:07:52 2006 From: pete at nomadlogic.org (Pete Wright) Date: Thu, 9 Nov 2006 12:07:52 -0500 Subject: [nycbug-talk] FreeBSD-6.2-RELEASE coming soon Message-ID: <20061109170749.GA23043@sunset.nomadlogic.org> hi all, just a reminder that with freebsd's 6.2-RELEASE coming soon that we have a local mirror of the cvs tree and ftp site for nycbug members: freebsd.nycbug.org i've been trying to keep this site as up to date as possible, so please feel free to use it. there has been alot of work going on with NIC drivers in this relase (i know the em driver has gotten alot of work recently) so if you have some cycles let's help the FreeBSD folks out and test these beta's and RC's. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From lists at genoverly.net Sun Nov 12 08:54:45 2006 From: lists at genoverly.net (michael) Date: Sun, 12 Nov 2006 08:53:45 -0501 Subject: [nycbug-talk] UK bans denial of service attacks Message-ID: <20061112085345.4aec5ba4@dt.genoverly.com> That'll stop 'em A law was passed last week that makes it an offence to launch a denial of service attack in the UK, punishable by up to ten years in prison. http://www.theregister.com/2006/11/12/uk_bans_denial_of_service_attacks/ -- michael From mspitzer at gmail.com Sun Nov 12 16:12:53 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Sun, 12 Nov 2006 16:12:53 -0500 Subject: [nycbug-talk] UK bans denial of service attacks In-Reply-To: <20061112085345.4aec5ba4@dt.genoverly.com> References: <20061112085345.4aec5ba4@dt.genoverly.com> Message-ID: <8c50a3c30611121312y5b9e3b14k5ee4842c59753d62@mail.gmail.com> that will stop the chriminals yup there is a law now. It would also be interesting to see how they define a denial of service attack. I remember when HP, I think, defined using nmap as a denial of service attack. marc On 11/12/06, michael wrote: > That'll stop 'em > > A law was passed last week that makes it an offence to launch a > denial of service attack in the UK, punishable by up to ten > years in prison. > > http://www.theregister.com/2006/11/12/uk_bans_denial_of_service_attacks/ > > > -- > > michael > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- Freedom is nothing but a chance to be better. Albert Camus From nycbug-list at 2xlp.com Sun Nov 12 19:44:37 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Sun, 12 Nov 2006 19:44:37 -0500 Subject: [nycbug-talk] UK bans denial of service attacks In-Reply-To: <8c50a3c30611121312y5b9e3b14k5ee4842c59753d62@mail.gmail.com> References: <20061112085345.4aec5ba4@dt.genoverly.com> <8c50a3c30611121312y5b9e3b14k5ee4842c59753d62@mail.gmail.com> Message-ID: <82CF052F-D455-44D2-912E-EAEFD985C464@2xlp.com> On Nov 12, 2006, at 4:12 PM, Marc Spitzer wrote: > that will stop the chriminals yup there is a law now. It would also > be interesting to see how they define a denial of service attack. I > remember when HP, I think, defined using nmap as a denial of service > attack. that's a good point. uk computer law is notoriously vague and moronic. i remember the case of the uk cs person who tried to donate to the red cross using lynx, and landed his ass in jail as a hacker. // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From mspitzer at gmail.com Sun Nov 12 19:56:30 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Sun, 12 Nov 2006 19:56:30 -0500 Subject: [nycbug-talk] UK bans denial of service attacks In-Reply-To: <82CF052F-D455-44D2-912E-EAEFD985C464@2xlp.com> References: <20061112085345.4aec5ba4@dt.genoverly.com> <8c50a3c30611121312y5b9e3b14k5ee4842c59753d62@mail.gmail.com> <82CF052F-D455-44D2-912E-EAEFD985C464@2xlp.com> Message-ID: <8c50a3c30611121656s1476d8b9ra50227a610818034@mail.gmail.com> They have really stupid laws on slander also, yes it is true you are still guilty of slander?!?! On 11/12/06, Jonathan Vanasco wrote: > > On Nov 12, 2006, at 4:12 PM, Marc Spitzer wrote: > > > that will stop the chriminals yup there is a law now. It would also > > be interesting to see how they define a denial of service attack. I > > remember when HP, I think, defined using nmap as a denial of service > > attack. > > that's a good point. uk computer law is notoriously vague and moronic. > > i remember the case of the uk cs person who tried to donate to the > red cross using lynx, and landed his ass in jail as a hacker. > > > // Jonathan Vanasco > > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > | FindMeOn.com - The cure for Multiple Web Personality Disorder > | Web Identity Management and 3D Social Networking > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > | RoadSound.com - Tools For Bands, Stuff For Fans > | Collaborative Online Management And Syndication Tools > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > > > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- Freedom is nothing but a chance to be better. Albert Camus From marco at metm.org Mon Nov 13 10:42:51 2006 From: marco at metm.org (Marco Scoffier) Date: Mon, 13 Nov 2006 10:42:51 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org Message-ID: <20061113154251.GJ10216@ns.metm.org> I can use the freebsd.nycbug.org with cvsup to download a whole ports tree, but what is the syntax for CVSROOT so that porteasy can use the nycbug repository. I've tried different combos of : setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/var/db setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org setenv CVSROOT=:pserver:freebsd.nycbug.org setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/home/ncvs setenv CVSROOT=:pserver:anoncvs at anoncvs.at.freebsd.nycbug.org/home/ncvs But I am missing something stupid presumably. Thanks, From pete at nomadlogic.org Mon Nov 13 11:45:41 2006 From: pete at nomadlogic.org (Pete Wright) Date: Mon, 13 Nov 2006 11:45:41 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <20061113154251.GJ10216@ns.metm.org> References: <20061113154251.GJ10216@ns.metm.org> Message-ID: <20061113164538.GA20476@sunset.nomadlogic.org> On Mon, Nov 13, 2006 at 10:42:51AM -0500, Marco Scoffier wrote: > I can use the freebsd.nycbug.org with cvsup to download a whole ports > tree, but what is the syntax for CVSROOT so that porteasy can use the > nycbug repository. I've tried different combos of : > > setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/var/db > setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org > setenv CVSROOT=:pserver:freebsd.nycbug.org > setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/home/ncvs > setenv CVSROOT=:pserver:anoncvs at anoncvs.at.freebsd.nycbug.org/home/ncvs > > But I am missing something stupid presumably. > not too familiar with porteasy, but we are not running this host as a CVS pserver. we do have cvsupd running though. if this is something folks are interested in having i can look into allowing cvs access. -p -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From marco at metm.org Mon Nov 13 22:43:02 2006 From: marco at metm.org (Marco Scoffier) Date: Mon, 13 Nov 2006 22:43:02 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <20061113164538.GA20476@sunset.nomadlogic.org> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> Message-ID: <20061114034302.GA5909@ns.metm.org> On Mon, Nov 13, 2006 at 11:45:41AM -0500, Pete Wright wrote: >On Mon, Nov 13, 2006 at 10:42:51AM -0500, Marco Scoffier wrote: >> I can use the freebsd.nycbug.org with cvsup to download a whole ports >> tree, but what is the syntax for CVSROOT so that porteasy can use the >> nycbug repository. I've tried different combos of : >> >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/var/db >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org >> setenv CVSROOT=:pserver:freebsd.nycbug.org >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/home/ncvs >> setenv CVSROOT=:pserver:anoncvs at anoncvs.at.freebsd.nycbug.org/home/ncvs >> >> But I am missing something stupid presumably. >> >not too familiar with porteasy, but we are not running this host as a >CVS pserver. we do have cvsupd running though. if this is something >folks are interested in having i can look into allowing cvs access. > porteasy lets you download just the skeleton of the ports you need not the whole ports tree (thanks to Dru's blogs for that). I didn't realize the services were different, I just thought I was doing something wrong. Definitely an end-user in the whole cvsup / porteasy area. I did notice that the porteasy skeleton tree has a /usr/ports/CVS/Root file whereas a cvsup'd tree does not... So no worries if there is extra work involved, -- Marco From pete at nomadlogic.org Mon Nov 13 22:55:19 2006 From: pete at nomadlogic.org (Pete Wright) Date: Mon, 13 Nov 2006 22:55:19 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <20061114034302.GA5909@ns.metm.org> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> <20061114034302.GA5909@ns.metm.org> Message-ID: <20061114035510.GB23040@sunset.nomadlogic.org> On Mon, Nov 13, 2006 at 10:43:02PM -0500, Marco Scoffier wrote: > On Mon, Nov 13, 2006 at 11:45:41AM -0500, Pete Wright wrote: > >On Mon, Nov 13, 2006 at 10:42:51AM -0500, Marco Scoffier wrote: > >> I can use the freebsd.nycbug.org with cvsup to download a whole ports > >> tree, but what is the syntax for CVSROOT so that porteasy can use the > >> nycbug repository. I've tried different combos of : > >> > >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/var/db > >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org > >> setenv CVSROOT=:pserver:freebsd.nycbug.org > >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/home/ncvs > >> setenv CVSROOT=:pserver:anoncvs at anoncvs.at.freebsd.nycbug.org/home/ncvs > >> > >> But I am missing something stupid presumably. > >> > >not too familiar with porteasy, but we are not running this host as a > >CVS pserver. we do have cvsupd running though. if this is something > >folks are interested in having i can look into allowing cvs access. > > > porteasy lets you download just the skeleton of the ports you need not > the whole ports tree (thanks to Dru's blogs for that). > > I didn't realize the services were different, I just thought I was doing > something wrong. Definitely an end-user in the whole cvsup / porteasy > area. I did notice that the porteasy skeleton tree has a > /usr/ports/CVS/Root file whereas a cvsup'd tree does not... > > So no worries if there is extra work involved, > well this is something i think we should look into. i'll let you know when i get a chroot'd pserver up and running for testing. thanks! -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From mspitzer at gmail.com Mon Nov 13 23:26:59 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Mon, 13 Nov 2006 23:26:59 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <20061114034302.GA5909@ns.metm.org> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> <20061114034302.GA5909@ns.metm.org> Message-ID: <8c50a3c30611132026h7e3dfbb4ib9833c7eb82c3b65@mail.gmail.com> On 11/13/06, Marco Scoffier wrote: > On Mon, Nov 13, 2006 at 11:45:41AM -0500, Pete Wright wrote: > >On Mon, Nov 13, 2006 at 10:42:51AM -0500, Marco Scoffier wrote: > >> I can use the freebsd.nycbug.org with cvsup to download a whole ports > >> tree, but what is the syntax for CVSROOT so that porteasy can use the > >> nycbug repository. I've tried different combos of : > >> > >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/var/db > >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org > >> setenv CVSROOT=:pserver:freebsd.nycbug.org > >> setenv CVSROOT=:pserver:anoncvs at freebsd.nycbug.org/home/ncvs > >> setenv CVSROOT=:pserver:anoncvs at anoncvs.at.freebsd.nycbug.org/home/ncvs > >> > >> But I am missing something stupid presumably. > >> > >not too familiar with porteasy, but we are not running this host as a > >CVS pserver. we do have cvsupd running though. if this is something > >folks are interested in having i can look into allowing cvs access. > > > porteasy lets you download just the skeleton of the ports you need not > the whole ports tree (thanks to Dru's blogs for that). > umm why bother, it seems like a bad idea to me anyway. cvs is much slower then using csup/cvsup or portsnap and the deltas are generally small. I used to do something like that by excluding a bunch of foreign language ports, Chinese etc, and I had to spend most of an evening why something would not build after a bunch of months passed. After that crappy evening time and disk space well spent, get everything and be done with it. Even if you are going to need cvs for development I still think just get everything and be done is the best way to go. Generally networks are fast and disk is cheap so why bother? marc -- Freedom is nothing but a chance to be better. Albert Camus From marco at metm.org Tue Nov 14 06:36:29 2006 From: marco at metm.org (Marco Scoffier) Date: Tue, 14 Nov 2006 06:36:29 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <8c50a3c30611132026h7e3dfbb4ib9833c7eb82c3b65@mail.gmail.com> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> <20061114034302.GA5909@ns.metm.org> <8c50a3c30611132026h7e3dfbb4ib9833c7eb82c3b65@mail.gmail.com> Message-ID: <20061114113629.GN5909@ns.metm.org> On Mon, Nov 13, 2006 at 11:26:59PM -0500, Marc Spitzer wrote: >>porteasy lets you download just the skeleton of the ports you need not >>the whole ports tree (thanks to Dru's blogs for that). >> > >umm why bother, it seems like a bad idea to me anyway. cvs is much >slower then using csup/cvsup or portsnap and the deltas are generally >small. I like to be lean... ?? I usually use porteasy in jails setup to contain a specific application like just mailman+apache+postfix or some big php+mysql mess. Using porteasy I don't have to use >2G per jail which is nice, and all the skeletons of the dependencies are downloaded, so everything just builds. All skeletons can be updated in one line also: porteasy -uI Easy, -- Marco From dan at langille.org Tue Nov 14 08:06:48 2006 From: dan at langille.org (Dan Langille) Date: Tue, 14 Nov 2006 08:06:48 -0500 Subject: [nycbug-talk] Update to the FreeBSD mail/spamd filed as ports/105277 In-Reply-To: <45518A09.3060309@delphij.net> References: Message-ID: <45597918.13664.5CE6C884@dan.langille.org> On 8 Nov 2006 at 15:40, LI Xin wrote: > Yarema wrote: > > --On Wednesday, November 08, 2006 2:19 PM +0800 LI Xin > > wrote: > > > >> Yarema wrote: > >>> --On Wednesday, November 08, 2006 1:39 PM +0800 LI Xin > >>> wrote: > >>> > >>>> Dan Langille wrote: > >>>>> On 7 Nov 2006 at 22:47, Yarema wrote: > >>>>> > >>>>>> Inspired by Bob Beck's talk at the NYC BSD Con I implemented > >>>>>> spamd and greyscanner on my FreeBSD pf edge servers. What a > >>>>>> difference! Catches somewhere around 99% of the spam before > >>>>>> it ever reaches the mail server. > >>>>>> > >>>>>> Just filed . > >>>>>> Also available as a tarball at > >>>>>> . > >>>>>> > >>>>>> Let me know what you think. If you like, let the maintainer > >>>>>> know . > >>>>>> > >>>>>> The updated port is what I'm now running in production. > >>>>> > >>>>> Thanks. > >>>>> > >>>>> Have you considered upgrading spamd to the latest version > >>>>> from OpenBSD? I'd contacted the maintainer about this, and > >>>>> have only recently started working with greylisting via pf > >>>>> and spamd. Are you interested in updating spamd itself? > >>>> > >>>> Yes that would be great. > >>>> > >>>> If nobody step up with the update I would do that myself this > >>>> week, but I would be happy to see someone to take this over, > >>>> as I no longer use it for my own use... > >>>> > >>>> Cheers, > >>> > >>> I could try updating it since by now I'm pretty familiar with > >>> the port. How did you roll the 3.7 tarball? By hand from an > >>> OpenBSD release? > >> > >> First you need an OpenBSD cvs mirrored locally, or use the > >> anonymous OpenBSD CVS. I have rolled CVS information into the > >> tarball, so this would be done with something like > >> "cvs -d /home/openbsd up -rOPENBSD_4_0" > >> in each directories. Then, check if there is newly added files > >> in OpenBSD distribution, port the patches into the tree, verify > >> that everything goes well, remove the .#* files, and finally > >> you got a new tarball. > >> > >> Please note that if you roll a new tarball, I would advise that > >> you either include our local patchsets into it, or separate all > >> our local patchset out to files/. This will make maintainer's > >> life easier. > >> > >> So I guess it's midnight in NY? It's afternoon here so if you > >> are tired, just leave the work to me :-) > >> > >> Cheers, > > > > Yeah, it's 1:30am US/Eastern so I'm ready to pass out. If you do roll > > another tarball consider including greyscanner and all that code dealing > > with fetching it can be eliminated from the Makefile. > > Yes. I have prepared a tarball at > http://people.freebsd.org/~delphij/misc/spamd.tar.bz2 and you may want > to try it out, to see if the upgrade has all features you wanted. I > have uploaded the necessary distfile to my home directory but it can > take some time to be populated out to mirror sites. > > I will walk through the open PRs to see if I have missed something. Attached is a patch that provides "make config" options to the user. Using the this feature allows previously selected options to be remembered between installs. It also presents a "fancy" configuration screen to the user. To try it out issue these command: make config make showconfig FWIW, I've used your port to install on one of my servers. Works fine. I hope to see it in ports soon. :) -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php -------------- next part -------------- The following section of this message contains a file attachment prepared for transmission using the Internet MIME message format. If you are using Pegasus Mail, or any other MIME-compliant system, you should be able to save it or view it from within your mailer. If you cannot, please ask your system administrator for assistance. ---- File information ----------- File: diff-spamd.dan Date: 14 Nov 2006, 8:00 Size: 253 bytes. Type: Unknown -------------- next part -------------- A non-text attachment was scrubbed... Name: diff-spamd.dan Type: application/octet-stream Size: 253 bytes Desc: not available URL: From mspitzer at gmail.com Tue Nov 14 11:03:28 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Tue, 14 Nov 2006 11:03:28 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <20061114113629.GN5909@ns.metm.org> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> <20061114034302.GA5909@ns.metm.org> <8c50a3c30611132026h7e3dfbb4ib9833c7eb82c3b65@mail.gmail.com> <20061114113629.GN5909@ns.metm.org> Message-ID: <8c50a3c30611140803y7ffe9a5drc2c15dc8a89d37c8@mail.gmail.com> On 11/14/06, Marco Scoffier wrote: > On Mon, Nov 13, 2006 at 11:26:59PM -0500, Marc Spitzer wrote: > >>porteasy lets you download just the skeleton of the ports you need not > >>the whole ports tree (thanks to Dru's blogs for that). > >> > > > >umm why bother, it seems like a bad idea to me anyway. cvs is much > >slower then using csup/cvsup or portsnap and the deltas are generally > >small. > > I like to be lean... ?? ports tree is under 1/2 gig, I guess I have not had the desire to be quite that thin in a while. > > I usually use porteasy in jails setup to contain a specific application like > just mailman+apache+postfix or some big php+mysql mess. for that I like to make packages and just install them into the jail, I admit it does not always work on all ports but for most of them it is fine Another alternitive is to mount /usr/ports via nfs and have a full tree sitting in one place and just mount it to build stuff. /etc/make.conf and /var/db/pkg would be in the jail so all config info would stay in the jail. Make and install your ports and unmount the FS, cant get much leaner then that. > > Using porteasy I don't have to use >2G per jail which is nice, and all > the skeletons of the dependencies are downloaded, so everything just > builds. All skeletons can be updated in one line also: porteasy -uI fair enough point. marc -- Freedom is nothing but a chance to be better. Albert Camus From marco at metm.org Tue Nov 14 11:33:56 2006 From: marco at metm.org (Marco Scoffier) Date: Tue, 14 Nov 2006 11:33:56 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <8c50a3c30611140803y7ffe9a5drc2c15dc8a89d37c8@mail.gmail.com> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> <20061114034302.GA5909@ns.metm.org> <8c50a3c30611132026h7e3dfbb4ib9833c7eb82c3b65@mail.gmail.com> <20061114113629.GN5909@ns.metm.org> <8c50a3c30611140803y7ffe9a5drc2c15dc8a89d37c8@mail.gmail.com> Message-ID: <20061114163356.GB4252@ns.metm.org> On Tue, Nov 14, 2006 at 11:03:28AM -0500, Marc Spitzer wrote: >Another alternitive is to mount /usr/ports via nfs and have a full >tree sitting in one place and just mount it to build stuff. >/etc/make.conf and /var/db/pkg would be in the jail so all config info >would stay in the jail. Make and install your ports and unmount the >FS, cant get much leaner then that. > I like this idea also (not incompatible with porteasy BTW). I was going to try to mount a single /usr/ports dir from multiple jails, on a server I am bringing online in the next week or so. It will replace several other boxes and it would be real nice to only keep one tree updated. Is NFS the way to go? I was looking at the null mount examples here: http://the-labs.com/FreeBSD/JailTools/cookbook.html -- Marco From matt at atopia.net Tue Nov 14 11:53:37 2006 From: matt at atopia.net (Matt Juszczak) Date: Tue, 14 Nov 2006 11:53:37 -0500 (EST) Subject: [nycbug-talk] bsdjobs Message-ID: <20061114115141.G36754@saturn.atopia.net> Hi all, I've owned bsdjobs.net for a while now, and wanted to originally create a site dedicated to job offers for FreeBSD, NetBSD, OpenBSD, and Dragonfly. Completely free and open of course. The domain expires in a few days, and I'm wondering whether to let it go or not. If I don't let it go, I'd like to get something up and running soon so I'm not facing this exact same problem next year. I graduated college now so its a lot easier to focus on projects like this. Otherwise, if a site like this really isn't feasible, I'll just let the name go after owning it for a few years :) Any comments or opinions? Thanks! -Matt From dlavigne6 at sympatico.ca Tue Nov 14 12:13:14 2006 From: dlavigne6 at sympatico.ca (Dru) Date: Tue, 14 Nov 2006 12:13:14 -0500 (EST) Subject: [nycbug-talk] bsdjobs In-Reply-To: <20061114115141.G36754@saturn.atopia.net> References: <20061114115141.G36754@saturn.atopia.net> Message-ID: <20061114121229.Q609@dru.domain.org> On Tue, 14 Nov 2006, Matt Juszczak wrote: > Hi all, > > I've owned bsdjobs.net for a while now, and wanted to originally create a > site dedicated to job offers for FreeBSD, NetBSD, OpenBSD, and Dragonfly. > Completely free and open of course. > > The domain expires in a few days, and I'm wondering whether to let it go > or not. If I don't let it go, I'd like to get something up and running > soon so I'm not facing this exact same problem next year. I graduated > college now so its a lot easier to focus on projects like this. > > Otherwise, if a site like this really isn't feasible, I'll just let the > name go after owning it for a few years :) > > Any comments or opinions? Thanks! I've been waiting for this site to go live, my vote is keep it and let us know if there's anything we can do to help bring it to life. Dru From mspitzer at gmail.com Tue Nov 14 12:12:07 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Tue, 14 Nov 2006 12:12:07 -0500 Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <20061114163356.GB4252@ns.metm.org> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> <20061114034302.GA5909@ns.metm.org> <8c50a3c30611132026h7e3dfbb4ib9833c7eb82c3b65@mail.gmail.com> <20061114113629.GN5909@ns.metm.org> <8c50a3c30611140803y7ffe9a5drc2c15dc8a89d37c8@mail.gmail.com> <20061114163356.GB4252@ns.metm.org> Message-ID: <8c50a3c30611140912n55eea9bem37cfdc9e81c04d83@mail.gmail.com> On 11/14/06, Marco Scoffier wrote: > On Tue, Nov 14, 2006 at 11:03:28AM -0500, Marc Spitzer wrote: > >Another alternitive is to mount /usr/ports via nfs and have a full > >tree sitting in one place and just mount it to build stuff. > >/etc/make.conf and /var/db/pkg would be in the jail so all config info > >would stay in the jail. Make and install your ports and unmount the > >FS, cant get much leaner then that. > > > > I like this idea also (not incompatible with porteasy BTW). not incompatible, but if done this why adding porteasy into it turns into an added step with no real benifit, ie why bother. > > I was going to try to mount a single /usr/ports dir from multiple jails, > on a server I am bringing online in the next week or so. It will > replace several other boxes and it would be real nice to only keep one > tree updated. > > Is NFS the way to go? I was looking at the null mount examples here: > It was just what came to mind, Ike would know about GEOM Voodoo. Ike you there? With that said NFS should work. From what I remember hearing/reading null mounts are orphaned and flaky, I could be wrong here. marc -- Freedom is nothing but a chance to be better. Albert Camus From dlavigne6 at sympatico.ca Tue Nov 14 12:20:59 2006 From: dlavigne6 at sympatico.ca (Dru) Date: Tue, 14 Nov 2006 12:20:59 -0500 (EST) Subject: [nycbug-talk] Syntax question porteasy + freebsd.nycbug.org In-Reply-To: <20061114163356.GB4252@ns.metm.org> References: <20061113154251.GJ10216@ns.metm.org> <20061113164538.GA20476@sunset.nomadlogic.org> <20061114034302.GA5909@ns.metm.org> <8c50a3c30611132026h7e3dfbb4ib9833c7eb82c3b65@mail.gmail.com> <20061114113629.GN5909@ns.metm.org> <8c50a3c30611140803y7ffe9a5drc2c15dc8a89d37c8@mail.gmail.com> <20061114163356.GB4252@ns.metm.org> Message-ID: <20061114121902.F609@dru.domain.org> On Tue, 14 Nov 2006, Marco Scoffier wrote: > I was going to try to mount a single /usr/ports dir from multiple jails, > on a server I am bringing online in the next week or so. It will > replace several other boxes and it would be real nice to only keep one > tree updated. > > Is NFS the way to go? I was looking at the null mount examples here: > > http://the-labs.com/FreeBSD/JailTools/cookbook.html Nice examples. This also looks interesting and is on my list of things to try: http://lists.freebsd.org/pipermail/freebsd-current/2004-May/026768.html Apparently it is faster than NFS. Dru From pete at nomadlogic.org Thu Nov 16 12:31:49 2006 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 16 Nov 2006 09:31:49 -0800 (PST) Subject: [nycbug-talk] interesting OpenSSH development Message-ID: <11464.160.33.20.11.1163698309.squirrel@webmail.nomadlogic.org> http://thread.gmane.org/gmane.os.freebsd.current/86266/focus=86268 I'm sure most folks on talk@ have seen this. I'm pretty excited to tell you the truth. trying to properly maintain ssh key's on large clusters is pain at best. beck at open obviously had some insight - I'm hoping that the end product of this work is something positive (see Andre's response to Bob). -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From mspitzer at gmail.com Thu Nov 16 12:44:27 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Thu, 16 Nov 2006 12:44:27 -0500 Subject: [nycbug-talk] interesting OpenSSH development In-Reply-To: <11464.160.33.20.11.1163698309.squirrel@webmail.nomadlogic.org> References: <11464.160.33.20.11.1163698309.squirrel@webmail.nomadlogic.org> Message-ID: <8c50a3c30611160944w4fcb13b5y54e86dd7eae4f0db@mail.gmail.com> On 11/16/06, Peter Wright wrote: > http://thread.gmane.org/gmane.os.freebsd.current/86266/focus=86268 > > I'm sure most folks on talk@ have seen this. I'm pretty excited to tell > you the truth. trying to properly maintain ssh key's on large clusters is > pain at best. beck at open obviously had some insight - I'm hoping that the > end product of this work is something positive (see Andre's response to > Bob). > > -pete Why not just use kerberos? ssh supports kerberos as does a bunch of other services. After all if you need to set up a server anyway why not set up a server for more then just ssh? marc > > > > -- > ~~oO00Oo~~ > Peter Wright > pete at nomadlogic.org > www.nomadlogic.org/~pete > 310.869.9459 > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > -- Freedom is nothing but a chance to be better. Albert Camus From pete at nomadlogic.org Thu Nov 16 12:49:56 2006 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 16 Nov 2006 09:49:56 -0800 (PST) Subject: [nycbug-talk] interesting OpenSSH development In-Reply-To: <8c50a3c30611160944w4fcb13b5y54e86dd7eae4f0db@mail.gmail.com> References: <11464.160.33.20.11.1163698309.squirrel@webmail.nomadlogic.org> <8c50a3c30611160944w4fcb13b5y54e86dd7eae4f0db@mail.gmail.com> Message-ID: <51215.160.33.20.11.1163699396.squirrel@webmail.nomadlogic.org> > On 11/16/06, Peter Wright wrote: >> http://thread.gmane.org/gmane.os.freebsd.current/86266/focus=86268 >> >> I'm sure most folks on talk@ have seen this. I'm pretty excited to tell >> you the truth. trying to properly maintain ssh key's on large clusters >> is >> pain at best. beck at open obviously had some insight - I'm hoping that >> the >> end product of this work is something positive (see Andre's response to >> Bob). >> >> -pete > > Why not just use kerberos? ssh supports kerberos as does a bunch of > other services. After all if you need to set up a server anyway why > not set up a server for more then just ssh? > gee never thought of that -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From mspitzer at gmail.com Thu Nov 16 13:01:27 2006 From: mspitzer at gmail.com (Marc Spitzer) Date: Thu, 16 Nov 2006 13:01:27 -0500 Subject: [nycbug-talk] interesting OpenSSH development In-Reply-To: <51215.160.33.20.11.1163699396.squirrel@webmail.nomadlogic.org> References: <11464.160.33.20.11.1163698309.squirrel@webmail.nomadlogic.org> <8c50a3c30611160944w4fcb13b5y54e86dd7eae4f0db@mail.gmail.com> <51215.160.33.20.11.1163699396.squirrel@webmail.nomadlogic.org> Message-ID: <8c50a3c30611161001m39c31eetda20259528eaabe4@mail.gmail.com> On 11/16/06, Peter Wright wrote: > > > On 11/16/06, Peter Wright wrote: > >> http://thread.gmane.org/gmane.os.freebsd.current/86266/focus=86268 > >> > >> I'm sure most folks on talk@ have seen this. I'm pretty excited to tell > >> you the truth. trying to properly maintain ssh key's on large clusters > >> is > >> pain at best. beck at open obviously had some insight - I'm hoping that > >> the > >> end product of this work is something positive (see Andre's response to > >> Bob). > >> > >> -pete > > > > Why not just use kerberos? ssh supports kerberos as does a bunch of > > other services. After all if you need to set up a server anyway why > > not set up a server for more then just ssh? > > > > > gee never thought of that > it was more of a question on why come up with another "special" security tech that is just not needed, the problem is effectivly solved so why not just use it? marc > > > > -pete > > > -- > ~~oO00Oo~~ > Peter Wright > pete at nomadlogic.org > www.nomadlogic.org/~pete > 310.869.9459 > -- Freedom is nothing but a chance to be better. Albert Camus From pete at nomadlogic.org Thu Nov 16 13:16:36 2006 From: pete at nomadlogic.org (Peter Wright) Date: Thu, 16 Nov 2006 10:16:36 -0800 (PST) Subject: [nycbug-talk] interesting OpenSSH development In-Reply-To: <8c50a3c30611161001m39c31eetda20259528eaabe4@mail.gmail.com> References: <11464.160.33.20.11.1163698309.squirrel@webmail.nomadlogic.org> <8c50a3c30611160944w4fcb13b5y54e86dd7eae4f0db@mail.gmail.com> <51215.160.33.20.11.1163699396.squirrel@webmail.nomadlogic.org> <8c50a3c30611161001m39c31eetda20259528eaabe4@mail.gmail.com> Message-ID: <51103.160.33.20.11.1163700996.squirrel@webmail.nomadlogic.org> > On 11/16/06, Peter Wright wrote: >> >> > On 11/16/06, Peter Wright wrote: >> >> http://thread.gmane.org/gmane.os.freebsd.current/86266/focus=86268 >> >> >> >> I'm sure most folks on talk@ have seen this. I'm pretty excited to >> tell >> >> you the truth. trying to properly maintain ssh key's on large >> clusters >> >> is >> >> pain at best. beck at open obviously had some insight - I'm hoping that >> >> the >> >> end product of this work is something positive (see Andre's response >> to >> >> Bob). >> >> >> >> -pete >> > >> > Why not just use kerberos? ssh supports kerberos as does a bunch of >> > other services. After all if you need to set up a server anyway why >> > not set up a server for more then just ssh? >> > >> >> >> gee never thought of that >> > > it was more of a question on why come up with another "special" > security tech that is just not needed, the problem is effectivly > solved so why not just use it? > i can't speak for other companies/orgs but we are not in a position to migrate our current authentication schema over to krb for the foreseeable future. although, we are able to implement a key management policy for our unix clusters - that is separate from our corporate authentication architecture. so this would fit the bill, for us, quite nicely. while it would be nice to roll out kerberos to the facility - it is just not going to happen at our shop any time soon. generally speaking, Andre's follow up to the orginal post gives a pretty good explanation on the rationale behind this work. The last bit, for me at least, sum's up why this is attractive to my shop: "This OpenSSH PKI system is very simple and easy to use. All programs and functions necessary to use it to its full extent are included with the base OpenSSH distribution." so sure, krb may be the solution for many people - I can still appreciate this work non-the-less. -pete -- ~~oO00Oo~~ Peter Wright pete at nomadlogic.org www.nomadlogic.org/~pete 310.869.9459 From okan at demirmen.com Thu Nov 16 13:54:38 2006 From: okan at demirmen.com (Okan Demirmen) Date: Thu, 16 Nov 2006 13:54:38 -0500 Subject: [nycbug-talk] interesting OpenSSH development In-Reply-To: <8c50a3c30611160944w4fcb13b5y54e86dd7eae4f0db@mail.gmail.com> References: <11464.160.33.20.11.1163698309.squirrel@webmail.nomadlogic.org> <8c50a3c30611160944w4fcb13b5y54e86dd7eae4f0db@mail.gmail.com> Message-ID: <20061116185438.GY14882@clam.khaoz.org> On Thu 2006.11.16 at 12:44 -0500, Marc Spitzer wrote: > On 11/16/06, Peter Wright wrote: > > http://thread.gmane.org/gmane.os.freebsd.current/86266/focus=86268 > > > > I'm sure most folks on talk@ have seen this. I'm pretty excited to tell > > you the truth. trying to properly maintain ssh key's on large clusters is > > pain at best. beck at open obviously had some insight - I'm hoping that the > > end product of this work is something positive (see Andre's response to > > Bob). > > > > -pete > > Why not just use kerberos? ssh supports kerberos as does a bunch of > other services. After all if you need to set up a server anyway why > not set up a server for more then just ssh? simply put, the pki-type solution allows keys as opposed to passwords. From rodrique_heron at baruch.cuny.edu Thu Nov 16 14:29:55 2006 From: rodrique_heron at baruch.cuny.edu (Rodrique Heron) Date: Thu, 16 Nov 2006 14:29:55 -0500 Subject: [nycbug-talk] FreeBSD 6 spontaneous reboots Message-ID: Anyone experiencing spontaneous reboots with FreeBSD 6.0-RELEASE-p1 ? I have carp fail-over with two identical servers (Dell PowerEdge 1650), that has been running FreeBSD 6 for more than six months, they are my public DNS servers. Recently the slave started rebooting roughly every 3hr. BSDSAR revealed that server is at idle around the time of reboot. Nothing interesting in the logs except for debug.log (kernel: arp_rtrequest: bad gateway 1192.168.2.1 (!AF_LINK). After some googling (see link to thread below. I updated to 6.1-RELEASE- p10, removed my carp setup from both servers, to see if the server stops rebooting, that did not work. Spontaneous FreeBSD reboots, is a first for me. At what point do I determine that I am having a hardware issue. What else Can I look at ? I am running GENERIC kernel with CARP complied. http://groups-beta.google.com/group/mailing.freebsd.net/browse_thread/ thread/1f2dc2ca79375e85/# -Rodrique From af.dingo at gmail.com Fri Nov 17 08:31:07 2006 From: af.dingo at gmail.com (Jeff Quast) Date: Fri, 17 Nov 2006 08:31:07 -0500 Subject: [nycbug-talk] bsdjobs In-Reply-To: <20061114115141.G36754@saturn.atopia.net> References: <20061114115141.G36754@saturn.atopia.net> Message-ID: On 11/14/06, Matt Juszczak wrote: > Hi all, > > I've owned bsdjobs.net for a while now, and wanted to originally create a > site dedicated to job offers for FreeBSD, NetBSD, OpenBSD, and Dragonfly. > Completely free and open of course. > > The domain expires in a few days, and I'm wondering whether to let it go > or not. If I don't let it go, I'd like to get something up and running > soon so I'm not facing this exact same problem next year. I graduated > college now so its a lot easier to focus on projects like this. > > Otherwise, if a site like this really isn't feasible, I'll just let the > name go after owning it for a few years :) > > Any comments or opinions? Thanks! > yea, make yer donation link work! Start using cvs to manage the web page, throw up an anoncvs[1] server. Advertise this on the page. We'll send patches. If somebody sends alot of patches, give cvs commit access. The page gets done. As for job postings, we'll just see... Its the BSD way to get things done, isn't it? [1] http://www.openbsd.org/anoncvs.shar From nycbug-list at 2xlp.com Mon Nov 20 14:59:50 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Mon, 20 Nov 2006 14:59:50 -0500 Subject: [nycbug-talk] NYCBUG-NYPHP Holiday Party -- First, Alfred Perlstein will speak on "Captchas can be LOL." Message-ID: <98D226B3-4833-47BB-8EA9-BA0F6DCEE556@2xlp.com> I think I'm going to be out of town for this meeting for some business -- but am really interested in this talk ( I've been working on a new Captcha module for CPAN ) I know that people tend to do audio on these things -- can I make a request for someone to try and take video ? // Jonathan Vanasco | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | FindMeOn.com - The cure for Multiple Web Personality Disorder | Web Identity Management and 3D Social Networking | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | RoadSound.com - Tools For Bands, Stuff For Fans | Collaborative Online Management And Syndication Tools | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From george at ceetonetechnology.com Thu Nov 23 19:45:53 2006 From: george at ceetonetechnology.com (George R.) Date: Thu, 23 Nov 2006 19:45:53 -0500 Subject: [nycbug-talk] pictures from nycbsdcon request Message-ID: <456640C1.6030402@ceetonetechnology.com> http://freebsdgirl.com/2006/11/picture_request.html From lavalamp at spiritual-machines.org Sat Nov 25 20:56:58 2006 From: lavalamp at spiritual-machines.org (Brian A. Seklecki) Date: Sat, 25 Nov 2006 20:56:58 -0500 (EST) Subject: [nycbug-talk] pictures from nycbsdcon request In-Reply-To: <456640C1.6030402@ceetonetechnology.com> References: <456640C1.6030402@ceetonetechnology.com> Message-ID: <20061125205521.F50961@arbitor.digitalfreaks.org> I thought you were taking them? :-> Well, _someone_ was walking around with a huge (digital?) SLR. ~BAS On Thu, 23 Nov 2006, George R. wrote: > http://freebsdgirl.com/2006/11/picture_request.html > _______________________________________________ > % NYC*BUG talk mailing list > http://lists.nycbug.org/mailman/listinfo/talk > %Be sure to check out our Jobs and NYCBUG-announce lists > %We meet the first Wednesday of the month > l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were." From nycbug-list at 2xlp.com Mon Nov 27 13:38:44 2006 From: nycbug-list at 2xlp.com (Jonathan Vanasco) Date: Mon, 27 Nov 2006 13:38:44 -0500 Subject: [nycbug-talk] advice sought on port upgrade problem Message-ID: <8BBDD427-54AC-4E12-A11F-7CFE12EEC88C@2xlp.com> I can't seem to upgrade/install /usr/ports/www/libapreq2 anymore I keep running into this error: /bin/sh ../libtool --tag=CC --mode=link cc -O2 -fno-strict-aliasing -pipe -o libapreq2.la -rpath /usr/local/lib -version-info 8:0:6 / usr/local/lib/apache2/libapr-0.la /usr/local/lib/apache2/ libaprutil-0.la -ldb4 -lexpat -liconv -lm -lcrypt util.lo version.lo cookie.lo param.lo parser.lo parser_urlencoded.lo parser_header.lo parser_multipart.lo module.lo module_custom.lo module_cgi.lo error.lo -L/usr/local cc -shared .libs/util.o .libs/version.o .libs/cookie.o .libs/ param.o .libs/parser.o .libs/parser_urlencoded.o .libs/ parser_header.o .libs/parser_multipart.o .libs/module.o .libs/ module_custom.o .libs/module_cgi.o .libs/error.o -Wl,--rpath -Wl,/ usr/local/lib/apache2 -Wl,--rpath -Wl,/usr/local/lib/apache2 /usr/ local/lib/apache2/libapr-0.so /usr/local/lib/apache2/libaprutil-0.so - ldb4 -lexpat -liconv -lm -lcrypt -L/usr/local -Wl,-soname - Wl,libapreq2.so.8 -o .libs/libapreq2.so.8 /usr/bin/ld: cannot find -ldb4 i've got db4, db42 , db43, and db44 all installed. even reinstalled them to redo package registration. ldconfig -r shows me all of them: 201:-ldb-4.3.0 => /usr/local/lib/libdb-4.3.so.0 202:-ldb_cxx-4.3.0 => /usr/local/lib/libdb_cxx-4.3.so.0 207:-ldb_cxx-4.2.2 => /usr/local/lib/libdb_cxx-4.2.so.2 208:-ldb4_cxx.0 => /usr/local/lib/libdb4_cxx.so.0 210:-ldb-4.4.0 => /usr/local/lib/libdb-4.4.so.0 222:-ldb_cxx-4.4.0 => /usr/local/lib/libdb_cxx-4.4.so.0 226:-ldb4.0 => /usr/local/lib/libdb4.so.0 271:-ldb-4.2.2 => /usr/local/lib/libdb-4.2.so.2 319:-ldb-4.2.2 => /usr/local/lib/db42/libdb-4.2.so.2 320:-ldb_cxx-4.2.2 => /usr/local/lib/db42/libdb_cxx-4.2.so.2 321:-ldb-4.3.0 => /usr/local/lib/db43/libdb-4.3.so.0 322:-ldb_cxx-4.3.0 => /usr/local/lib/db43/libdb_cxx-4.3.so.0 323:-ldb-4.4.0 => /usr/local/lib/db44/libdb-4.4.so.0 324:-ldb_cxx-4.4.0 => /usr/local/lib/db44/libdb_cxx-4.4.so.0 so then I started redoing the ports it relies on, thinking maybe its an issue dealing with the library version reinstalled apr-svn reinstalled apache20 still no luck. anyone have a clue on what I should try next? I've contacted the port maintainer for advice, but this seems to deal more with generalized freebsd stuff that I don't really know about -- and really should have more exposure to. So any pointers would be greatly appreciated. From scottro at nyc.rr.com Tue Nov 28 12:21:40 2006 From: scottro at nyc.rr.com (Scott Robbins) Date: Tue, 28 Nov 2006 12:21:40 -0500 Subject: [nycbug-talk] Upgrading to Xorg-7.1 Message-ID: <20061128172140.GA64836@uws1.starlofashions.com> If anyone is interested, I tried doing the upgrade, following the instructions at http://wikitest.freebsd.org/ModularXorg It went quite smoothly. There was one case of a circular dependency--I believe it was after I installed xorg-7.1. (I was just doing this for fun on a sacrificial machine, and didn't document what I was doing.) I saw, doing a ls of /var/db/pkg that it had been registered, so I ctl-C'd out of it and ran pkgdb -F. This fixed it. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. (If there's enough interest in this post, I'll probably run it again and this time, actually make note of what I'm doing). Following the instructions, I installed the entire xorg-drivers collection (later on the X11 mailing list, flz@ mentioned that he gave that path for safety, and agreed that it's probably unnecessary). If I do have a chance for a second test run, I'll just install mouse, keyboard, vesa and the mga driver for that machine. The only other trouble I had was that portupgrading xorg-server didn't remove xorg-server-6.9. I'm not sure why and suspect it's something silly that I missed. At any rate, it went so smoothly that I'm probably going to try it on my main home machine (after doing a dump of everything to another drive first, just in case.) I was impressed by the ease of upgrade. -- Scott GPG KeyID EB3467D6 ( 1B848 077D 66F6 9DB0 FDC2 A409 FA54 D575 EB34 67D6) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Anya: Men like sports. I'm sure of it. Xander: Yes. Men like sports. Men watch the action movie, they eat of the beef, and they enjoy to look at the bosoms. A thousand years of avenging our wrongs, and that's all you've learned?