From owner-freebsd-isp Sun Jun 27 5: 2:53 1999 Delivered-To: freebsd-isp@freebsd.org Received: from cliff.i-plus.net (mail.i-plus.net [209.100.20.10]) by hub.freebsd.org (Postfix) with ESMTP id 3688E14C08 for ; Sun, 27 Jun 1999 05:02:50 -0700 (PDT) (envelope-from st@i-Plus.net) Received: from localhost (st@localhost) by cliff.i-plus.net (8.9.3/8.9.3) with ESMTP id IAA64414; Sun, 27 Jun 1999 08:02:54 -0400 (EDT) Date: Sun, 27 Jun 1999 08:02:54 -0400 (EDT) From: Troy Settle To: Chuck Robey Cc: jack , FreeBSD-ISP Subject: Re: sendmail relaying In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 26 Jun 1999, Chuck Robey wrote: > > > I thank all you guys who showed me what to do! Could I press one step > > > further, and ask how I get procmail wired in, > > > > > > cd /usr/ports/mail/procmail > > make install clean > > man {procmail(1), procmailrc(5), procmailsc(5), procmailex(5)} > > > > I'll tell you something, Jack, sarcasm nearly always reflects on the > user, not on the target. Think about it, it's true. Better to be sarcastic in the answer than to come straight out and explain to you that participants of this list should know how to do basic stuff like this long before they start posting. Personally, I'd have outright flamed you had I been following the list a little better. > > > so that I can use > > > automated filtering based upon some net database like the realtime > > > blackhole list? > > > > You don't use procmail for that, that's sendmail's job. See > > /usr/src/contrib/sendmail/cf/README > > Specifically > > rbl Turns on rejection of hosts found in the Realtime Blackhole > > List. If an argument is provided it is used as the > > name sever to contact; otherwise, the main RBL server at > > rbl.maps.vix.com is used. For details, see > > http://maps.vix.com/rbl/. > > under FEATURES > > But I wanted to filter incoming mail here, Jack, so I *did* want > procmail. You did ask about procmail and filtering. You also explicitly asked about the RBL. These 2 things are unrelated, which is what Jack tried to make clear. Both the RBL and using procmail are clearly covered in the default mc files, and clearly documented at www.sendmail.org. I'm sure it'll be in V3 of the Bat Book too. > > > I use Pine as my MTA, and I don't want to change that, > > > but I'm not sure how to shoehorn procmail into that. > > > > Pine (a MUserA, not a MTransferAgent) has no interface with > > procmail, > > I never said it did, I asked how to get procmail working. Well, someone > else answered me. Jack quoted you, corrected you, then you have the balls to _DENY_ that you said what you did in the first place? Good GOD man, did you really have such a traumatic childhood? Look Chuck, the vast majority of the posters on this list either own or operate an ISP. We deal with hundreds, if not thousands, of customer accounts on a daily basis. We have hundreds of tools that we use to get the job done. Each of these tools has a name, and each of them either control the behavior of a specific protocol or service, or they help that protocol or service get it's job done. If you are going to ask for help, please be sure you use proper terminology, or just omit the tools you *think* you're talking about. From your postings, it's clear that you did at least *some* reading on the topic, but appearantly it didn't sink in. Often, most of us admins will find ourselves reading documentation for things we've been using for years. Sometimes, we'll read it two or four times to make sure we understand it correctly. Is it really too much to expect that others do the same before asking mal-formed questions? -- Troy Settle iPlus Internet Services It's always a long day... 86400 doesn't fit into a short. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jun 27 5:30:55 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.palnet.com (mail.palnet.com [212.29.201.7]) by hub.freebsd.org (Postfix) with ESMTP id 5E96515121 for ; Sun, 27 Jun 1999 05:30:50 -0700 (PDT) (envelope-from rjebara@palnet.com) Received: from localhost (rjebara@localhost) by mail.palnet.com (8.9.3/8.9.3) with ESMTP id PAA16994; Sun, 27 Jun 1999 15:29:19 +0300 (IDT) Date: Sun, 27 Jun 1999 15:29:19 +0300 (IDT) From: Rami Abu Jebara To: Kurt Jaeger Cc: Leif Neland , freebsd-isp@FreeBSD.ORG Subject: Re: why not uucp, instead of smtp and static ip? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org you can uucp via a tcp connection configure the dialin port to be tcp .. write a cron job that would dial in (pppd should do the job) and get uucico to do the rest .. there is a sample sendmail.cf that comed with the sendmail distribution. another way is to use fetchmail or popclient these sould do the job as well .. hope this helps .. cheers Rami **************************** Rami Abu Jebara Technical Director Palnet Communications Ltd e-mail : rjebara@palnet.com Tel: ++ 972 2 583 5666 Fax: ++ 972 2 583 6354 w w w . p a l n e t . c o m On Thu, 24 Jun 1999, Kurt Jaeger wrote: > Hi! > > > I just wonder, when holding mail for a domain, which picks it up by dialin > > and doing smtp/etrn, one almost is forced to issue static ip's. > > > > Why not use uucp? Is it just considered old-fashioned, nobody understands > > how to set it up, or are there heavy reasons not to use uucp? > > All this. We still do it. It's a pain. > > -- > MfG/Best regards, Kurt Jaeger 21 years to go ! > LF.net GmbH pi@LF.net Oberon.net GmbH pi@oberon.net > Vor dem Lauch 23 fon +49 711 90074-23 Friedrich-Ebert-Str.1 > D-70567 Stuttgart fax +49 711 7289041 40210 Duesseldorf fon +49 211 179253-11 > For Redmond: "nuke the site from orbit -- it's the only way to be sure." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jun 27 5:46:49 1999 Delivered-To: freebsd-isp@freebsd.org Received: from picnic.mat.net (picnic.mat.net [206.246.122.133]) by hub.freebsd.org (Postfix) with ESMTP id 3FE5814D8D for ; Sun, 27 Jun 1999 05:46:44 -0700 (PDT) (envelope-from chuckr@picnic.mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.3/8.9.3) with ESMTP id IAA68834; Sun, 27 Jun 1999 08:46:11 -0400 (EDT) (envelope-from chuckr@picnic.mat.net) Date: Sun, 27 Jun 1999 08:46:11 -0400 (EDT) From: Chuck Robey To: Troy Settle Cc: jack , FreeBSD-ISP Subject: Re: sendmail relaying In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 27 Jun 1999, Troy Settle wrote: > > On Sat, 26 Jun 1999, Chuck Robey wrote: > > > > > I thank all you guys who showed me what to do! Could I press one step > > > > further, and ask how I get procmail wired in, > > > > > > > > > cd /usr/ports/mail/procmail > > > make install clean > > > man {procmail(1), procmailrc(5), procmailsc(5), procmailex(5)} > > > > > > > I'll tell you something, Jack, sarcasm nearly always reflects on the > > user, not on the target. Think about it, it's true. > > Better to be sarcastic in the answer than to come straight out and explain > to you that participants of this list should know how to do basic stuff > like this long before they start posting. Personally, I'd have > outright flamed you had I been following the list a little better. As long as it was polite, then maybe you'd have been right, although you (like Jack) were wrong in your assumption that I was asking twice the same thing. > > > > so that I can use > > > > automated filtering based upon some net database like the realtime > > > > blackhole list? > > > > > > You don't use procmail for that, that's sendmail's job. See > > > /usr/src/contrib/sendmail/cf/README > > > Specifically > > > rbl Turns on rejection of hosts found in the Realtime Blackhole > > > List. If an argument is provided it is used as the > > > name sever to contact; otherwise, the main RBL server at > > > rbl.maps.vix.com is used. For details, see > > > http://maps.vix.com/rbl/. > > > under FEATURES > > > > But I wanted to filter incoming mail here, Jack, so I *did* want > > procmail. > > You did ask about procmail and filtering. You also explicitly asked about > the RBL. These 2 things are unrelated, which is what Jack tried to make > clear. I knew they were unrelated, and I was specifically asking unrelated questions. I was under the impression that rbl turned off relaying for the hosts in rbl, and once I had that working (before I wrote this post) I tested it and knew it worked. In this post I specifically wanted procmail, both to redirect incoming mail, and because I was mistakenly thinking that rbl didn't block the folks on the rbl list, just the relaying of folks on rbl. You guys who like to jump on folks *really* ought to think about it for a while. That's the reason being polite pays off, because when you're wrong, you don't look so silly. Note, you weren't impolite, I was talking about my comments you referred to above about . I was saying it's a bad idea, 'cause it makes you look silly nearly every time. Both the RBL and using procmail are clearly covered in the default > mc files, and clearly documented at www.sendmail.org. I'm sure it'll be > in V3 of the Bat Book too. The new version of sendmail which changed the format of the configuration files came out a week after I bought the bat book. Needless to say, I was disgruntled at timing, that's an expensive book I expected to at least last me a while. > > > > I use Pine as my MTA, and I don't want to change that, > > > > but I'm not sure how to shoehorn procmail into that. > > > > > > Pine (a MUserA, not a MTransferAgent) has no interface with > > > procmail, I have posted 3 time (other than this one) saying I meant MUA, and that was my error. I do the same thing I think you did, which is read the mail liearly and comment that way. I will take the lesson you show here, I think I can adjust Pine to sort by subject, and I'll do that. > > > > I never said it did, I asked how to get procmail working. Well, someone > > else answered me. > > Jack quoted you, corrected you, then you have the balls to _DENY_ that you > said what you did in the first place? Good GOD man, did you really have > such a traumatic childhood? Hmmm, well, forget what I said about you being impolite. Did you read any of the later posts where I made it clear I was talking specifically about procmail for real, so your assumptions that I was wrong, are wrong. I made one error in my post, using MTA versus the MUA, but the rest was right, and I did get help publicly on procmail from another source. And you can take your comments home, then. Relying on your guesses on who was wrong, then flaming that way, just makes you look silly. > > Look Chuck, the vast majority of the posters on this list either own or > operate an ISP. We deal with hundreds, if not thousands, of customer > accounts on a daily basis. We have hundreds of tools that we use to get > the job done. Each of these tools has a name, and each of them either > control the behavior of a specific protocol or service, or they help that > protocol or service get it's job done. > > If you are going to ask for help, please be sure you use proper > terminology, or just omit the tools you *think* you're talking about. You'll notice I was asking, not declaiming like I knew it (which you imply). > > >From your postings, it's clear that you did at least *some* reading on the > topic, but appearantly it didn't sink in. Often, most of us admins will > find ourselves reading documentation for things we've been using for > years. Sometimes, we'll read it two or four times to make sure we > understand it correctly. Is it really too much to expect that others do > the same before asking mal-formed questions? Is it too much to ask that you check your assumptions before you start flaming? Whatever, this won't become a flamefest, because I won't respond anymore to this, I have my answer and I'm going home with it .... ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@picnic.mat.net | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run picnic and jaunt, both FreeBSD-current. (301) 220-2114 | ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jun 27 9:13: 1 1999 Delivered-To: freebsd-isp@freebsd.org Received: from etinc.com (et-gw.etinc.com [207.252.1.2]) by hub.freebsd.org (Postfix) with ESMTP id 3E1B114D4F for ; Sun, 27 Jun 1999 09:12:58 -0700 (PDT) (envelope-from dennis@etinc.com) Received: from workstation.etinc.com (port46.netsvr1.cst.vastnet.net [207.252.73.46]) by etinc.com (8.9.3/8.9.3) with SMTP id MAA11118; Sun, 27 Jun 1999 12:07:56 -0400 (EDT) Message-Id: <199906271607.MAA11118@etinc.com> X-Sender: dennis@mail.etinc.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Mon, 28 Jun 1999 00:19:26 -0400 To: Chuck Robey From: Dennis Subject: Re: sendmail relaying Cc: FreeBSD-ISP In-Reply-To: References: <199906262130.RAA09035@etinc.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:45 PM 6/26/99 -0400, Chuck Robey wrote: >On Sat, 26 Jun 1999, Dennis wrote: > >> Anyone who subscribes to ORBs isnt worth sending mail to anyway, so dont >> worry about it. One of my (potential) suppliers lost a big order because >> they kept bouncing my emails *shrug*, I bought from someone else. Some >> college weenie thought he was doing them a favor and it probably cost them >> 5 times his salary. > >I just checked, etinc.com isn't in the databases I could find. If >you're not in favor of efforts to limit spam, well, I think you're >categorizing yourself. > >If you think that college student misadministered the system, then that >is what you should complain about. Not any more...we upgraded sendmail a while ago. I guess they took us off automagically, becuase I never bothered to notify them. I don't *know* it was a college student...I was just saying that a lot of the people that companies have administering their servers/routers dont know much about the business implications of doing something that they think is "cool". Dennis . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jun 27 9:55:49 1999 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 856D014C23 for ; Sun, 27 Jun 1999 09:55:46 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 45004 invoked by uid 1001); 27 Jun 1999 16:55:45 +0000 (GMT) To: dennis@etinc.com Cc: chuckr@picnic.mat.net, FreeBSD-isp@FreeBSD.ORG Subject: Re: sendmail relaying From: sthaug@nethelp.no In-Reply-To: Your message of "Mon, 28 Jun 1999 00:19:26 -0400" References: <199906271607.MAA11118@etinc.com> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Sun, 27 Jun 1999 18:55:44 +0200 Message-ID: <45002.930502544@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I don't *know* it was a college student...I was just saying that a lot of > the people that companies have administering their servers/routers dont > know much about the business implications of doing something that they > think is "cool". The people who run ORBS/IMRSS are definitely not college students. They are very much aware of what they are doing. Note that it's the individual email administrator who needs to actively choose to use ORBS/IMRSS. It's not forced upon you. PS: No, I'm not a neutral observer. I help to run slave name servers for RBL, DUL (nn.uninett.no), IMRSS and ORBS (snipp.uninett.no). I'm happy to see that these databases are having an effect in actually getting open relays and spam systems closed. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jun 27 11:21:47 1999 Delivered-To: freebsd-isp@freebsd.org Received: from etinc.com (et-gw.etinc.com [207.252.1.2]) by hub.freebsd.org (Postfix) with ESMTP id C7A3214D00 for ; Sun, 27 Jun 1999 11:21:42 -0700 (PDT) (envelope-from dennis@etinc.com) Received: from workstation.etinc.com (port46.netsvr1.cst.vastnet.net [207.252.73.46]) by etinc.com (8.9.3/8.9.3) with SMTP id OAA11508; Sun, 27 Jun 1999 14:17:04 -0400 (EDT) Message-Id: <199906271817.OAA11508@etinc.com> X-Sender: dennis@mail.etinc.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Mon, 28 Jun 1999 02:28:32 -0400 To: sthaug@nethelp.no From: Dennis Subject: Re: sendmail relaying Cc: FreeBSD-isp@FreeBSD.ORG In-Reply-To: <45002.930502544@verdi.nethelp.no> References: <199906271607.MAA11118@etinc.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:55 PM 6/27/99 +0200, sthaug@nethelp.no wrote: >> I don't *know* it was a college student...I was just saying that a lot of >> the people that companies have administering their servers/routers dont >> know much about the business implications of doing something that they >> think is "cool". > >The people who run ORBS/IMRSS are definitely not college students. They >are very much aware of what they are doing. > >Note that it's the individual email administrator who needs to actively >choose to use ORBS/IMRSS. It's not forced upon you. Im not talking about ORBS admins, Im talking about email adminstrators that subscribe to it without realizing that important mail may be lost because of their actions. > >PS: No, I'm not a neutral observer. I help to run slave name servers for >RBL, DUL (nn.uninett.no), IMRSS and ORBS (snipp.uninett.no). I'm happy >to see that these databases are having an effect in actually getting >open relays and spam systems closed. Great. next we'll put litterers in jail which should effectively clean up the streets. DB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jun 27 12:58:54 1999 Delivered-To: freebsd-isp@freebsd.org Received: from picnic.mat.net (picnic.mat.net [206.246.122.133]) by hub.freebsd.org (Postfix) with ESMTP id 07E5214DAA for ; Sun, 27 Jun 1999 12:58:48 -0700 (PDT) (envelope-from chuckr@picnic.mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.3/8.9.3) with ESMTP id PAA70147; Sun, 27 Jun 1999 15:58:01 -0400 (EDT) (envelope-from chuckr@picnic.mat.net) Date: Sun, 27 Jun 1999 15:58:01 -0400 (EDT) From: Chuck Robey To: Dennis Cc: FreeBSD-ISP Subject: Re: sendmail relaying In-Reply-To: <199906271607.MAA11118@etinc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 28 Jun 1999, Dennis wrote: > At 05:45 PM 6/26/99 -0400, Chuck Robey wrote: > >On Sat, 26 Jun 1999, Dennis wrote: > > > >> Anyone who subscribes to ORBs isnt worth sending mail to anyway, so dont > >> worry about it. One of my (potential) suppliers lost a big order because > >> they kept bouncing my emails *shrug*, I bought from someone else. Some > >> college weenie thought he was doing them a favor and it probably cost them > >> 5 times his salary. > > > >I just checked, etinc.com isn't in the databases I could find. If > >you're not in favor of efforts to limit spam, well, I think you're > >categorizing yourself. > > > >If you think that college student misadministered the system, then that > >is what you should complain about. > > Not any more...we upgraded sendmail a while ago. I guess they took us off > automagically, becuase I never bothered to notify them. > > I don't *know* it was a college student...I was just saying that a lot of > the people that companies have administering their servers/routers dont > know much about the business implications of doing something that they > think is "cool". The may be true so far as it goes, Dennis, but anything that hurts business is not automatically bad, not if the business involved is performing (or allowing to be performed) acts generally deemed by the public to be anti-social or inimical to human society. It's a gray area, given, but your response makes me feel your position is "if it hurts business, it's bad" and I thoroughly disagree. It's ridiculously easy to find examples of this. Don't use a broad brush, then ... if you disagree with something, either be specific or be painted as evil yourself. ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@picnic.mat.net | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run picnic and jaunt, both FreeBSD-current. (301) 220-2114 | ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Jun 27 13:12:31 1999 Delivered-To: freebsd-isp@freebsd.org Received: from shorthair.purplecat.net (ns1.purplecat.net [208.206.222.40]) by hub.freebsd.org (Postfix) with ESMTP id 956B415167 for ; Sun, 27 Jun 1999 13:12:09 -0700 (PDT) (envelope-from peter@purplecat.net) Received: from latitude (gnat-d0cede81.neptunedata.net [208.206.222.129]) by shorthair.purplecat.net (8.8.8/8.8.8) with SMTP id QAA15134 for ; Sun, 27 Jun 1999 16:15:06 -0400 (EDT) (envelope-from peter@purplecat.net) Reply-To: From: "Peter Brezny" To: Subject: appropriate list?, was sendmail relaying Date: Sun, 27 Jun 1999 16:13:00 -0400 Message-ID: <001301bec0d9$74ed5660$c802040a@latitude> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is this a technical list, or a semantic forum? do one's _opinions_ on the matters of good or bad business belong on this list? surely we have a freebsd-opinions@freebsd.org going somewhere. and the cute little 'judge not lest ye be judged' is a fine way to live. i'm just asking if all the non-technical responses need to be mailed out to everyone on the list. My box is getting full. Thanks for your consideration. Peter Brezny purplecat.net -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG] On Behalf Of Chuck Robey Sent: Sunday, June 27, 1999 3:58 PM To: Dennis Cc: FreeBSD-ISP Subject: Re: sendmail relaying On Mon, 28 Jun 1999, Dennis wrote: > At 05:45 PM 6/26/99 -0400, Chuck Robey wrote: > >On Sat, 26 Jun 1999, Dennis wrote: > > > >> Anyone who subscribes to ORBs isnt worth sending mail to anyway, so dont > >> worry about it. One of my (potential) suppliers lost a big order because > >> they kept bouncing my emails *shrug*, I bought from someone else. Some > >> college weenie thought he was doing them a favor and it probably cost them > >> 5 times his salary. > > > >I just checked, etinc.com isn't in the databases I could find. If > >you're not in favor of efforts to limit spam, well, I think you're > >categorizing yourself. > > > >If you think that college student misadministered the system, then that > >is what you should complain about. > > Not any more...we upgraded sendmail a while ago. I guess they took us off > automagically, becuase I never bothered to notify them. > > I don't *know* it was a college student...I was just saying that a lot of > the people that companies have administering their servers/routers dont > know much about the business implications of doing something that they > think is "cool". The may be true so far as it goes, Dennis, but anything that hurts business is not automatically bad, not if the business involved is performing (or allowing to be performed) acts generally deemed by the public to be anti-social or inimical to human society. It's a gray area, given, but your response makes me feel your position is "if it hurts business, it's bad" and I thoroughly disagree. It's ridiculously easy to find examples of this. Don't use a broad brush, then ... if you disagree with something, either be specific or be painted as evil yourself. ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@picnic.mat.net | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run picnic and jaunt, both FreeBSD-current. (301) 220-2114 | ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 7:31:38 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with ESMTP id CFBAD14FC8 for ; Mon, 28 Jun 1999 07:31:23 -0700 (PDT) (envelope-from paulo@nlink.com.br) Received: from localhost (paulo@localhost) by mirage.nlink.com.br (8.9.3/8.9.1) with SMTP id LAA11602 for ; Mon, 28 Jun 1999 11:31:20 -0300 (EST) Date: Mon, 28 Jun 1999 11:31:20 -0300 (EST) From: Paulo Fragoso To: freebsd-isp@freebsd.org Subject: Apache+mod_ssl password for key. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I don't remember anymore how to start apche+mod_ssl without typing key's password. Can anyone help me? I'm using openssl and I would like to use may private key without password. Paulo. ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 7:57:43 1999 Delivered-To: freebsd-isp@freebsd.org Received: from rerun.lucentctc.com (rerun.lucentctc.com [199.93.237.2]) by hub.freebsd.org (Postfix) with ESMTP id 9CDD51519B for ; Mon, 28 Jun 1999 07:57:32 -0700 (PDT) (envelope-from mcambria@lucent.com) Received: by rerun.lucentctc.com with Internet Mail Service (5.5.2448.0) id ; Mon, 28 Jun 1999 10:57:21 -0400 Message-ID: <75ADD7496F0BD211ADC000104B8846CF5630F9@rerun.lucentctc.com> From: "Cambria, Mike" To: "'isp@freebsd.org'" Subject: sendmail masquerading unregistered domain Date: Mon, 28 Jun 1999 10:57:20 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've read the archives about using an .m4 file to setup sendmail to allow my unregistered domain to send/receive email via my ISP. There is still one thing I do not understand. The Masquerading and Relaying page at www.sendmail.org reads as if I need to enable masquerading via MASQUERADE_AS(host.domain) first, before I can use MASQUERADE_DOMAIN(my.unregistered.domain) The issue for me is that I don't want my system to masquerade as anything. I only want the unregistered domain to masquerade as the "FreeBSD system" an be converted to the domain known to the ISP. Specifically: Out of the box, FreeBSD has always just worked regarding email/sendmail. Sending mail from user@mypc.ISP.com (where 'mypc' is the name of the FreeBSD system, not a sub-domain) would always work. Conversely, from the 'net, I could always send mail to user@mypc.ISP.com . There is a TCP connection to sendmail on mypc (I believe the ISP DNS instructs the sending system to try sending mail to mypc directly as the ISP does *not* have an MX record for my system; my cable ISP doesn't support other domains.) There is no need for this system to "look like" another domain. So I don't need to set MASQUERADE_AS(isp.com). Nor do I want to, the ISP would put all mail in one mailbox. I *do* want the other systems on my LAN, using the unregistered domain for email between them, to be able to send and receive mail to/from the ISP. For mail not local to the unregistered domain, I need the unregistered domain to become mypc.ISP.com (e.g. user@myfamily.com becomes user@mypc.ISP.com for windows, user@pcname.myfamily.com becomes user@mypc.ISP.com for other FreeBSD systems) However, using MASQUERADE_DOMAIN(my.unregistered.domain), according to how I read http://www.sendmail.org/m4/masquerading.html only is used if MASQUERADE_AS is used. The only thing I can think of is to use MASQUERADE_AS(mypc.ISP.com) even though mail already uses this. Since this is very new to me, I'm looking for a bit of advice at this point. Am I even on the right track? Have I properly understood what I've read so far? Is there a better way of dealing with email? I am using FreeBSD 3.1-Release at the moment. Thanks, MikeC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 8: 9:52 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sinope.eclipse.net.uk (sinope.eclipse.net.uk [195.188.32.121]) by hub.freebsd.org (Postfix) with ESMTP id 724BE14C30 for ; Mon, 28 Jun 1999 08:09:44 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: from eclipse.net.uk (elara.eclipse.net.uk [195.188.32.31]) by sinope.eclipse.net.uk (8.9.3/8.9.3) with ESMTP id QAA11981; Mon, 28 Jun 1999 16:09:11 +0100 Message-ID: <37779047.E1054A6@eclipse.net.uk> Date: Mon, 28 Jun 1999 16:09:59 +0100 From: Stuart Henderson Organization: Eclipse Networking Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en-GB MIME-Version: 1.0 To: "Norman C. Rice" Cc: Chuck Robey , FreeBSD-ISP Subject: Re: sendmail relaying References: <19990626161247.A18733@emu.sourcee.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Turns on the ability to allow relaying based on the MX > records of the host portion of an incoming recipient. See > description below for more information before using this > feature. as long as the reject message doesn't say something like, "we will only relay for domains who list us as an mx", because at the moment $pammers will have to have a clue before they realise what to do to get around it :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 8:25: 7 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sinope.eclipse.net.uk (sinope.eclipse.net.uk [195.188.32.121]) by hub.freebsd.org (Postfix) with ESMTP id 3D77C14F67 for ; Mon, 28 Jun 1999 08:23:30 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: from eclipse.net.uk (elara.eclipse.net.uk [195.188.32.31]) by sinope.eclipse.net.uk (8.9.3/8.9.3) with ESMTP id QAA15578; Mon, 28 Jun 1999 16:22:44 +0100 Message-ID: <37779374.41AF2DEA@eclipse.net.uk> Date: Mon, 28 Jun 1999 16:23:33 +0100 From: Stuart Henderson Organization: Eclipse Networking Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en-GB MIME-Version: 1.0 To: Paulo Fragoso Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Apache+mod_ssl password for key. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I don't remember anymore how to start apche+mod_ssl without > typing key's password. Can anyone help me? There is info on www.thawte.com's faq for Apache. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 9:30:29 1999 Delivered-To: freebsd-isp@freebsd.org Received: from tank.razorfish.com (tank.razorfish.com [206.64.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 275E814DD2 for ; Mon, 28 Jun 1999 09:30:18 -0700 (PDT) (envelope-from hans@razorfish.com) Received: from yaga.razorfish.com (yaga.razorfish.com [206.64.109.6]) by tank.razorfish.com (8.9.1/8.9.1) with ESMTP id MAA21636 for ; Mon, 28 Jun 1999 12:30:17 -0400 (EDT) Received: (from hans@localhost) by yaga.razorfish.com (8.9.2/8.9.2) id MAA11156 for freebsd-isp@freebsd.org; Mon, 28 Jun 1999 12:30:17 -0400 (EDT) Message-Id: <199906281630.MAA11156@yaga.razorfish.com> Content-Type: text/plain MIME-Version: 1.0 (NeXT Mail 4.2mach v148) X-Image-URL: http://yagaland.razorfish.com/hcs.tiff X-Face: $}SX;AVK.1WpW9e}n(k95w5U?O;M3T8)YG1'%c|?JT/1_RYui,GJ".'lwb.U,(9%*b|z4| RY4T5s,+MFSx%Y_Ot[Tn-S!F9dia&cm*0+65zXMo6S~;B?i/`23C-oovCgg)b{y~kuy6c1 chjm:I(A~3^_2?3Y}[NnMgu>is6|Lm1 X-Nextstep-Mailer: Mail 4.2mach [i386] (Enhance 2.2p2) Received: by NeXT.Mailer (1.148) From: Hans-Christoph Steiner Date: Mon, 28 Jun 1999 12:30:15 -0400 To: freebsd-isp@freebsd.org Subject: Using one FreeBSD box as router/firewall/vpn X-URL: http://yagaland.steinertours.com Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We are going to attempt to build a box that will serve as our router, firewall, and VPN/IPSec machine. Right now, we are still up in the air as to whether we are going to use FreeBSD or Linux so I was wondering what kind of experience people have doing such things and whether we are crazy to try to combine all of these functions into one box. The router will use two Sangoma WANpipe T1 CSU/DSU cards connecting to two T1s using BGP routing. The firewall will use the kernel firewalling (either FBSD or Linux). The VPN, will use IPSec (FreeS/WAN or one of the FBSD implementations). -Hans | || ||| || r a z o r f i s h , inc. hans-christoph steiner [ network systems manager ] >> tel +1.212.798.6432 >> pager +1.888.433.4970 >> http://www.razorfish.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 10: 6: 8 1999 Delivered-To: freebsd-isp@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id D5CCC15343 for ; Mon, 28 Jun 1999 10:06:00 -0700 (PDT) (envelope-from jflowers@ezo.net) Received: from ivy.ezo.net (ivy.ezo.net [206.150.211.171]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id NAA16299; Mon, 28 Jun 1999 13:05:47 -0400 (EDT) Message-ID: <001d01bec188$cc446520$abd396ce@ezo.net> From: "Jim Flowers" To: "Hans-Christoph Steiner" , References: <199906281630.MAA11156@yaga.razorfish.com> Subject: Re: Using one FreeBSD box as router/firewall/vpn Date: Mon, 28 Jun 1999 13:08:09 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Your decision will be interesting. Please give us your logic when you make it. I have done a lot of fbsd routing, mostly with RIP and static routes. It is stable (2.2.2 through 3.2) and reliable. Ipfw and natd appear to operate correctly and are fairly straight-forward to setup. I have not yet setup the Sangoma driver although I have looked at it and have a unit that I may put up soon. I think the Linux driver may have the edge, here as it preceeded the fbsd version. I have heard that the Sangoma people are cooperative, although I haven't seen much discussion on the fbsd lists. The units I set up all use SKIP for VPN functions. It has worked well and has been reliable. The key management is good and the X interface is fairly intuitive. The largest system I am managing is 6 nodes spread all over the globe. I looked at early implementations of IPSEC (about a year ago) across fbsd and linux but did not feel that it was robust enough to use for production VPN's so stuck with SKIP. I think it is a big mistake to put everything in one box, particularly if you care about security. My preference is to use one box for a gateway router and firewall with an interface for a perimeter network where a bastion host and VPN Access Controller and any sacrificial hosts are located. A second interface connects an interior network, preferably using private (non-routable) addressing. The resulting system is a traditional screened subnet firewall which is well documented in the literature with a VPN operating in parallel logically but physically through the single choke point. It is both intuitive and robust and, I think, very difficult to compromise. ----- Original Message ----- From: Hans-Christoph Steiner To: Sent: Monday, June 28, 1999 12:30 PM Subject: Using one FreeBSD box as router/firewall/vpn > > We are going to attempt to build a box that will serve as our router, > firewall, and VPN/IPSec machine. Right now, we are still up in the air as to > whether we are going to use FreeBSD or Linux so I was wondering what kind of > experience people have doing such things and whether we are crazy to try to > combine all of these functions into one box. > > The router will use two Sangoma WANpipe T1 CSU/DSU cards connecting to two T1s > using BGP routing. > > The firewall will use the kernel firewalling (either FBSD or Linux). > > The VPN, will use IPSec (FreeS/WAN or one of the FBSD implementations). > > -Hans > > | || ||| || r a z o r f i s h , inc. > > hans-christoph steiner > [ network systems manager ] > > >> tel +1.212.798.6432 > >> pager +1.888.433.4970 > >> http://www.razorfish.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 10:54:10 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with ESMTP id 0714B14F03 for ; Mon, 28 Jun 1999 10:53:26 -0700 (PDT) (envelope-from paulo@nlink.com.br) Received: from localhost (paulo@localhost) by mirage.nlink.com.br (8.9.3/8.9.1) with SMTP id OAA20055; Mon, 28 Jun 1999 14:53:02 -0300 (EST) Date: Mon, 28 Jun 1999 14:53:01 -0300 (EST) From: Paulo Fragoso To: Stuart Henderson Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Apache+mod_ssl password for key. In-Reply-To: <37779374.41AF2DEA@eclipse.net.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 28 Jun 1999, Stuart Henderson wrote: > > I don't remember anymore how to start apche+mod_ssl without > > typing key's password. Can anyone help me? > > There is info on www.thawte.com's faq for Apache. > Thanks... now work fine. I didn't remeber where was this information: openssl rsa -in file1.key -out file2.key Paulo. ------ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 13:29:23 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.iol.ie (mail2.mail.iol.ie [194.125.2.193]) by hub.freebsd.org (Postfix) with ESMTP id DE72915467 for ; Mon, 28 Jun 1999 13:28:58 -0700 (PDT) (envelope-from martind@iol.ie) Received: from oemcomputer (dialup-317.cork.iol.ie [193.203.148.61]) by mail.iol.ie Sendmail (v8.9.3) with SMTP id VAA11230; Mon, 28 Jun 1999 21:28:23 +0100 (IST) Message-ID: <009901bec1a4$a15ee260$3d94cbc1@oemcomputer> From: "Martind" To: "Hans-Christoph Steiner" , Subject: Re: Using one FreeBSD box as router/firewall/vpn Date: Mon, 28 Jun 1999 21:17:20 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MIMEOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Using Linux as a firewall is madness, FreeBSD is MUCH more secure, for things as web service or clients on a network Linux is fine, but for a router, firewall or vpn controller its madness. If your router was to be taken down, oh well there goes your network, I think using Linux inside is ok but for a secure connection point FreeBSD would be the choice. Just my opinion Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Jun 28 14:16:32 1999 Delivered-To: freebsd-isp@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id 9D1CE1547D for ; Mon, 28 Jun 1999 14:16:25 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id OAA22229; Mon, 28 Jun 1999 14:16:25 -0700 (PDT) Date: Mon, 28 Jun 1999 14:16:25 -0700 (PDT) From: David Wolfskill Message-Id: <199906282116.OAA22229@pau-amma.whistle.com> To: isp@FreeBSD.ORG, mcambria@lucent.com Subject: Re: sendmail masquerading unregistered domain In-Reply-To: <75ADD7496F0BD211ADC000104B8846CF5630F9@rerun.lucentctc.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >From: "Cambria, Mike" >Date: Mon, 28 Jun 1999 10:57:20 -0400 >I've read the archives about using an .m4 file to setup sendmail to allow my >unregistered domain to send/receive email via my ISP. There is still one >thing I do not understand. >The Masquerading and Relaying page at www.sendmail.org > reads as if I need to enable masquerading via >MASQUERADE_AS(host.domain) first, before I can use >MASQUERADE_DOMAIN(my.unregistered.domain) Yes. >The issue for me is that I don't want my system to masquerade as anything. >I only want the unregistered domain to masquerade as the "FreeBSD system" an >be converted to the domain known to the ISP. >... >There is no need for this system to "look like" another domain. So I don't >need to set MASQUERADE_AS(isp.com). That wouldn't be appropriate anyway. >Nor do I want to, the ISP would put all >mail in one mailbox. I *do* want the other systems on my LAN, using the >unregistered domain for email between them, to be able to send and receive >mail to/from the ISP. For mail not local to the unregistered domain, I need >the unregistered domain to become mypc.ISP.com (e.g. user@myfamily.com > becomes user@mypc.ISP.com > for windows, user@pcname.myfamily.com > becomes user@mypc.ISP.com > for other FreeBSD systems) Right. >... >The only thing I can think of is to use MASQUERADE_AS(mypc.ISP.com) even Yes. >though mail already uses this. Since this is very new to me, I'm looking >for a bit of advice at this point. I would be surprised if your configuration "already uses this" unless it has already deviated from "out-of-the-box." >Am I even on the right track? Have I properly understood what I've read so >far? Is there a better way of dealing with email? There are issues that you don't address in the above. Basically, IMHO -- and representing no one but myself, and based in large part on my experiences as a customer of an ISP -- using a single POP maildrop is a rather hideous way to implement email connectivity for a set of multiple users (or roles). One of the basic issues is that in order to have the mail delivered to the POP maildrop, the ISP's MTA needs to perform "local" delivery. By design, this process removes and destroys envelope information. (Some ISPs implement local hacks to try to circumvent this to some extent, but it's rather like having a corporate mail center where the first thing that's done with incoming mail is rip open the envelope & throw it away... then try to deliver the content based on what's in the message. If you're really lucky, the mail center staff will have stuck a Post-It on the letter/whatever with a clue as to some part of what the envelope had written on it.) You may want to give some thought as to what happens to a message that is sent (from the outside world), addressed to "user0@mypc.ISP.com", with a Bcc: for "user1@mypc.ISP.com". (In at least one case with which I am familiar, what will happen is that the ISP will generate 2 copies of the same message (same Message-ID) in the POP mailbox... with different added-in headers (Post-It notes, to use the above analogy). Among other "interesting" effects, this means that there will be 2 instantiations of the message logged in /var/log/maillog, using the same Message-ID, intended for different people, but with the same To: and Cc: headers. It's the added-in header that shows the "real" intended recipient -- and I would expect multiple recipients being specified on the added-in header to be, at best, quite rare. Please note that it is not rare for messages of such length to be sent via email that sending 2 copies instead of 1 (addressed to both recipients) can be Very Annoying.) And, of course, that also means that using such techniques as RBL-blocking spammers via your own SMTP daemon aren't likely to be all that effective, since the spammer's SMTP dialog wasn't with your daemon anyway. :-( And if you try to send mail directly from your own system, you may be so unlucky as to find that you're in a netblock has been added to the MAPS DUL (http://maps.vix.com/dul/), in which case you either get to not send mail to folks who use said list as a means of rejecting mail, or you get to send your mail (to these folks, at least) only through your ISP. >I am using FreeBSD 3.1-Release at the moment. Little of the above is peculiar to the OS in question; as long as you're using sendmail 8.x, you can (and, IMHO, should) use the "m4" configuration mechanism for sendmail. Or consider the use of a different MTA, I suppose, but I happen to use sendmail myself. Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 4:16:57 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sinope.eclipse.net.uk (sinope.eclipse.net.uk [195.188.32.121]) by hub.freebsd.org (Postfix) with ESMTP id 35E071504E for ; Tue, 29 Jun 1999 04:16:40 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: from eclipse.net.uk (elara.eclipse.net.uk [195.188.32.31]) by sinope.eclipse.net.uk (8.9.3/8.9.3) with ESMTP id MAA04276; Tue, 29 Jun 1999 12:16:33 +0100 Message-ID: <3778AB40.54985E8C@eclipse.net.uk> Date: Tue, 29 Jun 1999 12:17:20 +0100 From: Stuart Henderson Organization: Eclipse Networking Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en-GB MIME-Version: 1.0 To: David Wolfskill Cc: isp@FreeBSD.ORG, mcambria@lucent.com Subject: Re: sendmail masquerading unregistered domain References: <199906282116.OAA22229@pau-amma.whistle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > And, of course, that also means that using such techniques as > RBL-blocking spammers via your own SMTP daemon aren't likely to be > all that effective, since the spammer's SMTP dialog wasn't with > your daemon anyway. :-( I think check_local includes patches to let you parse the received line. If you use POP3 to collect mail, there are -some- advantages :) You can use HEAD 0 to fetch just the headers and scan them so you can delete spam straight away (without having to wait for the mail to be downloaded). Obviously less of a problem if you don't have to pay for phone calls though..:) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 4:19:10 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sinope.eclipse.net.uk (sinope.eclipse.net.uk [195.188.32.121]) by hub.freebsd.org (Postfix) with ESMTP id 7AC7614C9A for ; Tue, 29 Jun 1999 04:19:03 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: from eclipse.net.uk (elara.eclipse.net.uk [195.188.32.31]) by sinope.eclipse.net.uk (8.9.3/8.9.3) with ESMTP id MAA04824; Tue, 29 Jun 1999 12:18:52 +0100 Message-ID: <3778ABCB.73728DE2@eclipse.net.uk> Date: Tue, 29 Jun 1999 12:19:39 +0100 From: Stuart Henderson Organization: Eclipse Networking Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en-GB MIME-Version: 1.0 To: Martind Cc: Hans-Christoph Steiner , freebsd-isp@FreeBSD.ORG Subject: Re: Using one FreeBSD box as router/firewall/vpn References: <009901bec1a4$a15ee260$3d94cbc1@oemcomputer> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Using Linux as a firewall is madness, FreeBSD is MUCH more secure, don't forget there are other choices too :) FreeBSD security can be hardened significantly by running with securelevel set and using chflags schg to secure critical binaries. That way you have to restart in single-user mode to make any alterations. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 9:12:55 1999 Delivered-To: freebsd-isp@freebsd.org Received: from barney.webace.com.au (unknown [203.25.160.154]) by hub.freebsd.org (Postfix) with ESMTP id B02B215253; Tue, 29 Jun 1999 09:12:39 -0700 (PDT) (envelope-from fbsdqst@webace.com.au) Received: from jason (jason.webace.com.au [203.25.160.112]) by barney.webace.com.au (8.8.8/8.8.8) with SMTP id AAA25126; Wed, 30 Jun 1999 00:15:49 +0800 (WST) (envelope-from fbsdqst@webace.com.au) Message-Id: <2.2.32.19990629161219.006d9b4c@webace.com.au> X-Sender: fbsdqst@webace.com.au X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 30 Jun 1999 00:12:19 +0800 To: freebsd-questions@freebsd.org From: Jason McKay Subject: URGENT HELP! Cc: isp@freebsd.org Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a Stallion EasyConnection 8/64-AT (ISA), running under FreeBSD 2.2.5-RELEASE. For a while now I've been running 1 x 16 port RJ45 panel without problems. Now I'm trying to add a 2nd panel and having allot of problems. When the system boots, the stli driver reports both panels and ports. When I run stlload, I get the follow error: On-Board ROM Signature reports 16 ports /kernel STALLION: Slave unable to allocate required memory for all modules, devices=17 I have tried to reset the board with the 'stlload -R' command, but still no luck. I would be very greatfull for any help you can provide. Thank You, Jason McKay. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 19: 3:14 1999 Delivered-To: freebsd-isp@freebsd.org Received: from psf.Pinyon.ORG (unknown [205.253.70.237]) by hub.freebsd.org (Postfix) with ESMTP id 8003214E07; Tue, 29 Jun 1999 19:03:05 -0700 (PDT) (envelope-from rcarter@psf.Pinyon.ORG) Received: from psf.Pinyon.ORG (localhost [127.0.0.1]) by psf.Pinyon.ORG (8.9.3/8.9.2) with ESMTP id TAA43626; Tue, 29 Jun 1999 19:00:50 -0700 (MST) (envelope-from rcarter@psf.Pinyon.ORG) Message-Id: <199906300200.TAA43626@psf.Pinyon.ORG> X-Mailer: exmh version 2.0.2 2/24/98 To: hackers@FreeBSD.ORG Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Redundant Remote Webserver clustering In-reply-to: Your message of "Tue, 29 Jun 1999 20:37:04 -0400." <199906300037.UAA65916@cs.rpi.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 29 Jun 1999 19:00:50 -0700 From: "Russell L. Carter" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org %> Define clustering. If you mean a bunch of boxes that serve up HTTP %> requests and the lot of them continue working in the face of a %> failure on one, you CAN do this with FreeBSD, and the "Beowulf" %> software you're probably thinking of for Linux WILL NOT do this. %I have looked into the "Beowulf" system alot recently. It is nothing but %a glorified COW design. And it uses "off the shelf" software components %that run under FreeBSD as well of better than linux often. I used to %thing it was a big deal. Not any more :I This is a tangent though :) That's exactly right, and has been true for about 4 years now. %> You do this on FreeBSD (or Linux or Solaris) by creating a "layer 4 %> router" or HTTP switch that directs traffic evenly among your several %> web servers, and stops sending traffic to servers that have failed. %Where could someone find information on setting this up, and what software %to use? I have someone who would be very interested in this. Isn't the %"layer 4 router" a SPoF though? I haven't actually installed one but my understanding, based on evaluating it as a competitor to some work that I am doing, is you just buy these off the shelf now. I don't have the vendor list handy at home. These things apparently are pretty good at looking inside of packets and making (fast) routing decisions based on the packet protocol and a set of site configured policies. The jargon thrown around my neck of the woods is "smart networks". They understand HTTP pretty darn well. Luckily, not IIOP, yet, which is when my interest faded. Oh yes, about that SPoF, they happily run redundantly, too, with the obvious performance optimizations for redundant channels, degrading as needed. Apparently, these things don't need proprietary extensions for their functionality so use of FreeBSD for the backend OS is unimpaired. I suspect Yahoo has a few... Anyway, maybe followup this to freebsd-isp? Not much -hackers stuff here. And if my assessment is inaccurate, I can find out quicker :-). Russell % %-- %David Cross | email: crossd@cs.rpi.edu %Systems Administrator/Research Programmer | Web: http://www.cs.rpi.edu/~crossd %Rensselaer Polytechnic Institute, | Ph: 518.276.2860 %Department of Computer Science | Fax: 518.276.4033 %I speak only for myself. | WinNT:Linux::Linux:FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 19:32:58 1999 Delivered-To: freebsd-isp@freebsd.org Received: from arutam.inch.com (ns.inch.com [207.240.140.101]) by hub.freebsd.org (Postfix) with ESMTP id 6C99515328 for ; Tue, 29 Jun 1999 19:32:55 -0700 (PDT) (envelope-from freyes@inch.com) Received: from your-name (TC1-dial-60-215.oldslip.inch.com [207.240.215.60]) by arutam.inch.com (8.9.1a/8.8.5) with SMTP id WAA29760; Tue, 29 Jun 1999 22:32:52 -0400 (EDT) Message-Id: <199906300232.WAA29760@arutam.inch.com> From: "Francisco Reyes" To: "Russell L. Carter" Cc: "freebsd-isp@FreeBSD.ORG" Date: Tue, 29 Jun 1999 22:34:22 -0400 Reply-To: "Francisco Reyes" X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 98 (4.10.1998) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Re: Redundant Remote Webserver clustering Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 29 Jun 1999 19:00:50 -0700, Russell L. Carter wrote: >%> Define clustering. If you mean a bunch of boxes that serve up HTTP >%> requests and the lot of them continue working in the face of a >%> failure on one Just recently found http://www.eddieware.org It is a research project for DNS and HTTP load balancing. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 20: 9:45 1999 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (Postfix) with SMTP id 525D8154A5 for ; Tue, 29 Jun 1999 20:09:41 -0700 (PDT) (envelope-from barrett@phoenix.aye.net) Received: (qmail 9125 invoked by uid 1000); 30 Jun 1999 03:07:39 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Jun 1999 03:07:39 -0000 Date: Tue, 29 Jun 1999 23:07:39 -0400 (EDT) From: Barrett Richardson To: Francisco Reyes Cc: "Russell L. Carter" , "freebsd-isp@FreeBSD.ORG" Subject: Re: Redundant Remote Webserver clustering In-Reply-To: <199906300232.WAA29760@arutam.inch.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 29 Jun 1999, Francisco Reyes wrote: > On Tue, 29 Jun 1999 19:00:50 -0700, Russell L. Carter wrote: > > >%> Define clustering. If you mean a bunch of boxes that serve up HTTP > >%> requests and the lot of them continue working in the face of a > >%> failure on one > > Just recently found http://www.eddieware.org > It is a research project for DNS and HTTP load balancing. > > Check out the ACE Director at www.alteon.com. You give the switch the IP address of your website, plug each of your servers into a different port. The switch relays and balances the port 80 traffic to itself across the servers. I use a similar concept with a different alteon swith to do transparant HTTP cacheing. Work great. If the cache server goes down, the switch detects it instantaneously (in human terms) and our users never know (except that the absence of the cache server makes surfing slower). Works great. - Barrett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 20:32:18 1999 Delivered-To: freebsd-isp@freebsd.org Received: from server1.siscom.net (server1.siscom.net [209.251.2.89]) by hub.freebsd.org (Postfix) with SMTP id D30E114DEB for ; Tue, 29 Jun 1999 20:32:15 -0700 (PDT) (envelope-from radams@siscom.net) Received: (qmail 1938 invoked from network); 30 Jun 1999 03:32:14 -0000 Received: from mp.siscom.net (HELO jason) ([209.251.2.49]) (envelope-sender ) by server1.siscom.net (qmail-ldap-1.03) with SMTP for ; 30 Jun 1999 03:32:14 -0000 Message-ID: <015701bec2ab$6af9bb20$3102fbd1@siscom.net> From: "Robert J. Adams" To: "Barrett Richardson" , "Francisco Reyes" Cc: "Russell L. Carter" , References: Subject: Re: Redundant Remote Webserver clustering Date: Tue, 29 Jun 1999 23:45:28 -0400 Organization: SISCOM, Inc. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Barrett, Any particular reason you chose the Alteon over the Foundry ServerIron? We are getting ready to pick up a l4 switch and are looking for recommendations. -j --- Robert J. Adams radams@siscom.net http://www.siscom.net Looking to outsource news? http://www.newshosting.com SISCOM Network Administration - President, SISCOM Inc. Phone: 937-222-8150 FAX: 937-222-8153 ----- Original Message ----- From: Barrett Richardson To: Francisco Reyes Cc: Russell L. Carter ; Sent: Tuesday, June 29, 1999 11:07 PM Subject: Re: Redundant Remote Webserver clustering > > > On Tue, 29 Jun 1999, Francisco Reyes wrote: > > > On Tue, 29 Jun 1999 19:00:50 -0700, Russell L. Carter wrote: > > > > >%> Define clustering. If you mean a bunch of boxes that serve up HTTP > > >%> requests and the lot of them continue working in the face of a > > >%> failure on one > > > > Just recently found http://www.eddieware.org > > It is a research project for DNS and HTTP load balancing. > > > > > > Check out the ACE Director at www.alteon.com. You give the switch > the IP address of your website, plug each of your servers into > a different port. The switch relays and balances the port 80 traffic to > itself across the servers. > > I use a similar concept with a different alteon swith to do transparant > HTTP cacheing. Work great. If the cache server goes down, the > switch detects it instantaneously (in human terms) and our users > never know (except that the absence of the cache server makes > surfing slower). Works great. > > - > > Barrett > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 21:17:42 1999 Delivered-To: freebsd-isp@freebsd.org Received: from implode.root.com (root.com [209.102.106.178]) by hub.freebsd.org (Postfix) with ESMTP id 89C1D14CCA for ; Tue, 29 Jun 1999 21:17:39 -0700 (PDT) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.8/8.8.5) with ESMTP id VAA01263; Tue, 29 Jun 1999 21:16:44 -0700 (PDT) Message-Id: <199906300416.VAA01263@implode.root.com> To: "Robert J. Adams" Cc: "Barrett Richardson" , "Francisco Reyes" , "Russell L. Carter" , freebsd-isp@FreeBSD.ORG Subject: Re: Redundant Remote Webserver clustering In-reply-to: Your message of "Tue, 29 Jun 1999 23:45:28 EDT." <015701bec2ab$6af9bb20$3102fbd1@siscom.net> From: David Greenman Reply-To: dg@root.com Date: Tue, 29 Jun 1999 21:16:43 -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Barrett, > >Any particular reason you chose the Alteon over the Foundry ServerIron? We >are getting ready to pick up a l4 switch and are looking for >recommendations. For what it's worth, a client of mine has had a lot of trouble with the Foundry gigabit switch (fastiron?)...several of the ports have gone permanently dead and others go dead until you power cycle it. I've never had problems like that from the Alteon ACEswitch 180 that I have here. I've found Alteon products to be very solid all around and I personally think they are worth any extra money you may have to pay for them. I'd like to also point out that Alteon has been very kind to the FreeBSD Project - providing us with both documentation and hardware to develop a driver for their PCI GE interface. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project - http://www.freebsd.org Creator of high-performance Internet servers - http://www.terasolutions.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 21:56:10 1999 Delivered-To: freebsd-isp@freebsd.org Received: from PacHell.TelcoSucks.org (PacHell.TelcoSucks.org [207.90.181.5]) by hub.freebsd.org (Postfix) with ESMTP id EEB6E14DB6 for ; Tue, 29 Jun 1999 21:55:57 -0700 (PDT) (envelope-from ulf@PacHell.TelcoSucks.org) Received: (from ulf@localhost) by PacHell.TelcoSucks.org (8.9.3/8.9.1) id VAA85034; Tue, 29 Jun 1999 21:55:48 -0700 (PDT) (envelope-from ulf) Message-ID: <19990629215547.G7687@TelcoSucks.org> Date: Tue, 29 Jun 1999 21:55:47 -0700 From: Ulf Zimmermann To: dg@root.com, "Robert J. Adams" Cc: Barrett Richardson , Francisco Reyes , "Russell L. Carter" , freebsd-isp@FreeBSD.ORG Subject: Re: Redundant Remote Webserver clustering Reply-To: ulf@Alameda.net References: <015701bec2ab$6af9bb20$3102fbd1@siscom.net> <199906300416.VAA01263@implode.root.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <199906300416.VAA01263@implode.root.com>; from David Greenman on Tue, Jun 29, 1999 at 09:16:43PM -0700 Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 3.2-STABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jun 29, 1999 at 09:16:43PM -0700, David Greenman wrote: > >Barrett, > > > >Any particular reason you chose the Alteon over the Foundry ServerIron? We > >are getting ready to pick up a l4 switch and are looking for > >recommendations. > > For what it's worth, a client of mine has had a lot of trouble with the > Foundry gigabit switch (fastiron?)...several of the ports have gone > permanently dead and others go dead until you power cycle it. I've never > had problems like that from the Alteon ACEswitch 180 that I have here. > I've found Alteon products to be very solid all around and I personally > think they are worth any extra money you may have to pay for them. I'd like > to also point out that Alteon has been very kind to the FreeBSD Project - > providing us with both documentation and hardware to develop a driver for > their PCI GE interface. As long I was using the Serveriron from Foundry I had no problems, on the other side I got an Aceswitch which had a SMD chip flying loose inside. > > -DG > > David Greenman > Co-founder/Principal Architect, The FreeBSD Project - http://www.freebsd.org > Creator of high-performance Internet servers - http://www.terasolutions.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-769-2936 Alameda Networks, Inc. | http://www.Alameda.net | Fax#: 510-521-5073 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Jun 29 22:11:12 1999 Delivered-To: freebsd-isp@freebsd.org Received: from fep4-orange.clear.net.nz (fep4-orange.clear.net.nz [203.97.32.4]) by hub.freebsd.org (Postfix) with ESMTP id 58D65154BF for ; Tue, 29 Jun 1999 22:10:57 -0700 (PDT) (envelope-from jabley@buddha.clear.net.nz) Received: from buddha.clear.net.nz (buddha.clear.net.nz [192.168.24.106]) by fep4-orange.clear.net.nz (1.5/1.3) with ESMTP id RAA11711; Wed, 30 Jun 1999 17:10:52 +1200 (NZST) Received: (from jabley@localhost) by buddha.clear.net.nz (8.9.3/8.9.2) id RAA22983; Wed, 30 Jun 1999 17:10:46 +1200 (NZST) (envelope-from jabley) Date: Wed, 30 Jun 1999 17:10:45 +1200 From: Joe Abley To: "Russell L. Carter" Cc: freebsd-isp@FreeBSD.ORG, jabley@clear.co.nz Subject: Re: Redundant Remote Webserver clustering Message-ID: <19990630171045.A22851@clear.co.nz> References: <199906300037.UAA65916@cs.rpi.edu> <199906300200.TAA43626@psf.Pinyon.ORG> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199906300200.TAA43626@psf.Pinyon.ORG>; from Russell L. Carter on Tue, Jun 29, 1999 at 07:00:50PM -0700 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jun 29, 1999 at 07:00:50PM -0700, Russell L. Carter wrote: > %Where could someone find information on setting this up, and what software > %to use? I have someone who would be very interested in this. Isn't the > %"layer 4 router" a SPoF though? > > I haven't actually installed one but my understanding, based on > evaluating it as a competitor to some work that I am doing, is you > just buy these off the shelf now. I don't have the vendor list > handy at home. www.alteon.com ("ACEdirector") www.foundrynet.com ("ServerIron") www.cisco.com ("Local Director") There are more, but I can't remember their names. We have Foundry switches here, and they seem to do the trick quite nicely. > Anyway, maybe followup this to freebsd-isp? Not much -hackers > stuff here. And if my assessment is inaccurate, I can find > out quicker :-). Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 7:59: 7 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sotr0085.cognos.com (gatekeeper.cognos.com [205.210.232.66]) by hub.freebsd.org (Postfix) with ESMTP id BC9EA14E0D for ; Wed, 30 Jun 1999 07:59:03 -0700 (PDT) (envelope-from Hoang.Tran@Cognos.COM) Received: by sotr0085.cognos.com with Internet Mail Service (5.5.2448.0) id ; Wed, 30 Jun 1999 10:58:39 -0400 Message-ID: <27CB1FE98AE7D211B9D000805F31D8000BC6CF@sotr0087.cognos.com> From: "Tran, Hoang" To: "'freebsd-isp@freebsd.org'" Subject: subscribe Date: Wed, 30 Jun 1999 10:59:07 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe freebsd-isp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 8:18:39 1999 Delivered-To: freebsd-isp@freebsd.org Received: from uq.net.au (fox.uq.net.au [203.101.255.1]) by hub.freebsd.org (Postfix) with ESMTP id 41FE714C4F for ; Wed, 30 Jun 1999 08:18:32 -0700 (PDT) (envelope-from mynet@uq.net.au) Received: from uq.net.au (dyn-17-182.dialin.uq.net.au [203.100.17.182]) by uq.net.au (8.9.3/8.9.3) with ESMTP id AAA23373; Thu, 1 Jul 1999 00:42:11 +1000 (GMT+1000) Message-ID: <377A2CFC.8BF24208@uq.net.au> Date: Thu, 01 Jul 1999 00:43:08 +1000 From: Andrew X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Stuart Henderson Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Using one FreeBSD box as router/firewall/vpn References: <009901bec1a4$a15ee260$3d94cbc1@oemcomputer> <3778ABCB.73728DE2@eclipse.net.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Some people would say OpenBSD is more secure - But that is another argument alltogther and it all come down to how people setup their systems. A novel idea though that I have seen done is burning the whole OS to a bootable CD-rom. The great thing is you have no danger of the HD crashing and even if someone finds a way in theres not a much they can do that a reboot wont fix ;) You would need to update the CD as important bugfixes/new releases came out but blank CD's are cheap. Andrew Stuart Henderson wrote: > > Using Linux as a firewall is madness, FreeBSD is MUCH more secure, > > don't forget there are other choices too :) FreeBSD security can > be hardened significantly by running with securelevel set and using > chflags schg to secure critical binaries. That way you have to > restart in single-user mode to make any alterations. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 9:41:39 1999 Delivered-To: freebsd-isp@freebsd.org Received: from gateway.cybernet.com (gateway.cybernet.com [192.245.33.1]) by hub.freebsd.org (Postfix) with ESMTP id C346C15546 for ; Wed, 30 Jun 1999 09:41:36 -0700 (PDT) (envelope-from mtaylor@cybernet.com) Received: from spiffy.cybernet.com (spiffy.cybernet.com [192.245.33.55]) by gateway.cybernet.com (8.8.8/8.8.8) with ESMTP id MAA07633 for ; Wed, 30 Jun 1999 12:41:43 -0400 (EDT) (envelope-from mtaylor@cybernet.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Wed, 30 Jun 1999 12:40:43 -0400 (EDT) Reply-To: mtaylor@cybernet.com Organization: Cybernet Systems From: "Mark J. Taylor" To: freebsd-isp@freebsd.org Subject: The NetMAX product Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Francisco has been mentioning on this list about the NetMAX product. I have just subscribed to this list, and am ready to answer any questions regarding our product! I'd like to mention that it is certainly not a "prettied-up" webmin (http://www.webmin.com). There are quite sophisticated checking and cross-validation that is done on input fields so that the admin cannot "shoot him/herself in the foot". Also, the interface to the server configuration is only via a GUI web browser, so you don't need X installed (unless your client workstation is a Unix machine, of course). Who does not have a GUI web browser? We felt that using HTML gives it a much more universal appeal, as opposed to an X11-based approach. Lastly, the packages that we've included, and integrated, and tested, go beyond what a "standard" FreeBSD/Linux install would have. Feel free to ask me/us any questions! Or, send email to netmax-support@cybernet.com or netmax-support@netmax.com --- Mark J. Taylor Networking Research Cybernet Systems mtaylor@cybernet.com 727 Airport Blvd. PHONE (734) 668-2567 Ann Arbor, MI 48108 FAX (734) 668-8780 http://www.cybernet.com/ http://www.netmax.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 9:53:16 1999 Delivered-To: freebsd-isp@freebsd.org Received: from inet.chip-web.com (c1003518-a.plstn1.sfba.home.com [24.1.82.47]) by hub.freebsd.org (Postfix) with SMTP id 4D28D15532 for ; Wed, 30 Jun 1999 09:53:14 -0700 (PDT) (envelope-from ludwigp@bigfoot.com) Received: (qmail 1006 invoked from network); 30 Jun 1999 16:53:13 -0000 Received: from speedy.chip-web.com (HELO speedy) (172.16.1.1) by inet.chip-web.com with SMTP; 30 Jun 1999 16:53:13 -0000 Message-Id: <4.1.19990630093009.00a36590@mail-r> X-Sender: ludwigp@toy.chip-web.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 30 Jun 1999 09:31:59 -0700 To: Paulo Fragoso , Stuart Henderson From: Ludwig Pummer Subject: Re: Apache+mod_ssl password for key. Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: References: <37779374.41AF2DEA@eclipse.net.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:53 AM 6/28/1999 , Paulo Fragoso wrote: >On Mon, 28 Jun 1999, Stuart Henderson wrote: > >> > I don't remember anymore how to start apche+mod_ssl without >> > typing key's password. Can anyone help me? >> >> There is info on www.thawte.com's faq for Apache. >> > >Thanks... now work fine. I didn't remeber where was this information: > >openssl rsa -in file1.key -out file2.key > Another option is to leave the password in the RSA key and have a shell script which is simply #!/bin/sh echo password And put that into the 'password dialog' line of httpd.conf. Of course, make the script executable only by root. --Ludwig Pummer ( ludwigp@bigfoot.com ) ICQ UIN: 692441 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 10:26:48 1999 Delivered-To: freebsd-isp@freebsd.org Received: from noop.colo.erols.net (noop.colo.erols.net [207.96.1.150]) by hub.freebsd.org (Postfix) with ESMTP id EE360155E4 for ; Wed, 30 Jun 1999 10:26:42 -0700 (PDT) (envelope-from gjp@noop.colo.erols.net) Received: from localhost ([127.0.0.1] helo=noop.colo.erols.net) by noop.colo.erols.net with esmtp (Exim 2.12 #1) id 10zO8i-000Awy-00; Wed, 30 Jun 1999 13:27:16 -0400 To: "Robert J. Adams" Cc: freebsd-isp@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Redundant Remote Webserver clustering In-reply-to: Your message of "Tue, 29 Jun 1999 23:45:28 EDT." <015701bec2ab$6af9bb20$3102fbd1@siscom.net> Date: Wed, 30 Jun 1999 13:27:14 -0400 Message-ID: <42095.930763634@noop.colo.erols.net> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Robert J. Adams" wrote in message ID <015701bec2ab$6af9bb20$3102fbd1@siscom.net>: > Barrett, > > Any particular reason you chose the Alteon over the Foundry ServerIron? We > are getting ready to pick up a l4 switch and are looking for > recommendations. I believe the Foundry ServerIron only does 100bT ethernet, and is a dedicated box to only doing load balancing. The Alteon ACESwitch 180/180+ is a general purpose fastether (gigether on the 180+) switch with layer2, layer3 and layer4 functionality. I've just got a ACESwitch 180+ and although I haven't gone live with it yet, initially it seems to be relatively easy to manage and flexible. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 10:31: 9 1999 Delivered-To: freebsd-isp@freebsd.org Received: from noop.colo.erols.net (noop.colo.erols.net [207.96.1.150]) by hub.freebsd.org (Postfix) with ESMTP id AD77914C59 for ; Wed, 30 Jun 1999 10:31:06 -0700 (PDT) (envelope-from gjp@noop.colo.erols.net) Received: from localhost ([127.0.0.1] helo=noop.colo.erols.net) by noop.colo.erols.net with esmtp (Exim 2.12 #1) id 10zOCr-000AxZ-00; Wed, 30 Jun 1999 13:31:33 -0400 To: Joe Abley Cc: "Russell L. Carter" , freebsd-isp@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Redundant Remote Webserver clustering In-reply-to: Your message of "Wed, 30 Jun 1999 17:10:45 +1200." <19990630171045.A22851@clear.co.nz> Date: Wed, 30 Jun 1999 13:31:28 -0400 Message-ID: <42132.930763888@noop.colo.erols.net> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Joe Abley wrote in message ID <19990630171045.A22851@clear.co.nz>: > www.alteon.com ("ACEdirector") > www.foundrynet.com ("ServerIron") > www.cisco.com ("Local Director") www.f5labs.com "Big IP" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 10:51:41 1999 Delivered-To: freebsd-isp@freebsd.org Received: from commnet.accn.org (commnet.accn.org [207.73.64.2]) by hub.freebsd.org (Postfix) with ESMTP id 8FEBA155A7 for ; Wed, 30 Jun 1999 10:51:38 -0700 (PDT) (envelope-from ryanm@accn.org) Received: from accn.org (rocky.accn.org [207.73.64.8]) by commnet.accn.org (8.9.3/8.9.3) with ESMTP id NAA07630 for ; Wed, 30 Jun 1999 13:51:35 -0400 (EDT) Message-ID: <377A591F.D847FE3D@accn.org> Date: Wed, 30 Jun 1999 13:51:27 -0400 From: ryanm Reply-To: ryanm@accn.org X-Mailer: Mozilla 4.51 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "freebsd-isp@FreeBSD.ORG" Subject: Apache + SSL + FreeBSD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Hello fellow FreeBSD users. I am curious if anyone has a working example of an httpd.conf that is secure and has support for SSL added in??? I am looking over the httpd.conf file I got from mod_ssl and I have some questions I think an example would solve. Also If anyone has any info on what I need to add to make this apache server secure I would appreciate it. I have apache compiled with SSL support built in just have a few questions on the httpd.conf and how to properly set it up. Thanks for any info, Ryan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 17: 0: 8 1999 Delivered-To: freebsd-isp@freebsd.org Received: from uq.net.au (fox.uq.net.au [203.101.255.1]) by hub.freebsd.org (Postfix) with ESMTP id 7670B15595 for ; Wed, 30 Jun 1999 16:59:47 -0700 (PDT) (envelope-from mynet@uq.net.au) Received: from uq.net.au (dyn-17-182.dialin.uq.net.au [203.100.17.182]) by uq.net.au (8.9.3/8.9.3) with ESMTP id JAA15720; Thu, 1 Jul 1999 09:59:28 +1000 (GMT+1000) Message-ID: <377AAF9B.89017EBE@uq.net.au> Date: Thu, 01 Jul 1999 10:00:27 +1000 From: Andrew X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Mitch Vincent Cc: freebsd-isp@freebsd.org Subject: Re: Using one FreeBSD box as router/firewall/vpn References: <01b201bec30b$f2cf96e0$0200000a@windows.cygone.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You use a ram disk for the parts that need to be witeable or you could have them mouted via NFS or SMBFS but kinda defeats the security aspect a bit. There is no decrease in speed except for when the system is loading. From there it all runs from ram ( which the machine would have plenty of ). You would not use this for a server but for a firewall where all you are doing is routing/filetrting/blocking packets then this is an interesting way to bring down cost and improve reliablity. If something happens and you are not in the office you simply inform the office staff to hit the reset switch. Andrew Mitch Vincent wrote: > > > >A novel idea though that I have seen done is burning > >the whole OS to a bootable CD-rom. > > > >The great thing is you have no danger of the HD crashing > >and even if someone finds a way in theres not a much they > >can do that a reboot wont fix ;) > How in the world would you do that? You would still have to have writable > filesystems for the OS to function properly. I suppose you could put system > binaries and such on the CD, but then you're talking about a horribly > decrease in speed. > > Ack, when you can just read up and secure your box, I don't think that > drastic of a measure is needed :-) > > - Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 17: 8:24 1999 Delivered-To: freebsd-isp@freebsd.org Received: from boromir.vpop.net (dns1.vpop.net [206.117.147.2]) by hub.freebsd.org (Postfix) with ESMTP id D794E157B5 for ; Wed, 30 Jun 1999 17:08:08 -0700 (PDT) (envelope-from joe@vpop.net) Received: from localhost (ring.vpop.net [206.117.147.5]) by boromir.vpop.net (8.9.1/8.9.1) with SMTP id RAA22068; Wed, 30 Jun 1999 17:06:52 -0700 (PDT) From: joe@vpop.net (Joe McDonald) To: mtaylor@cybernet.com Cc: freebsd-isp@FreeBSD.ORG Subject: Re: The NetMAX product Date: Wed, 30 Jun 1999 17:07:07 -0700 Organization: VPOP Technologies Inc. Message-ID: <3787b0cb.48631488@127.0.0.1> References: In-Reply-To: X-Mailer: Forte Agent 1.5/32.451 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Oh yeah, and you forgot to mention that you are the guys that wrote the = RAID5 code for vinum, so you have, like, lots of clue :-) -joe On Wed, 30 Jun 1999 12:40:43 -0400 (EDT), "Mark J. Taylor" wrote: > >Francisco has been mentioning on this list about the NetMAX product. >I have just subscribed to this list, and am ready to answer any >questions regarding our product! --=20 NewsHub: http://www.NewsHub.com/tech/ | MultiTrace: http://www.MultiTrace.com/ | Explore Your Net! DomainSurfer: http://www.DomainSurfer.com/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 17:24:56 1999 Delivered-To: freebsd-isp@freebsd.org Received: from blues.ghis.net (pppc1-21.eisa.net.au [203.166.251.21]) by hub.freebsd.org (Postfix) with ESMTP id 47EB214D6D for ; Wed, 30 Jun 1999 17:24:28 -0700 (PDT) (envelope-from jim@blues.ghis.net) Received: (from jim@localhost) by blues.ghis.net (8.9.3/8.9.3) id KAA32232 for isp@FreeBSD.org; Thu, 1 Jul 1999 10:24:14 +1000 (EST) Date: Thu, 1 Jul 1999 10:24:11 +1000 From: Jim Mock To: isp@FreeBSD.org Subject: wu-ftpd and anonymous ftp Message-ID: <19990701102410.A32192@blues.ghis.net> Reply-To: jim@blues.ghis.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.96.3i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is anyone out there providing multiple host anonymous ftp access? I've got a hosting customer (a print shop) who I'm trying to setup to use anonftp to transfer files between his customers because most of the files are pretty large and end up timing out on mail downloads. I've been using wu-ftpd, and have it somewhat working but I've run into a stumbling block. Logging in as anonymous to ftp.hisdomain.com works fine, but when I try to login with his username to ftp.hisdomain.com, I get invalid password messages. I'm using wu-ftpd 2.5.0, and here's how I have the anon stuff setup.. upload /usr/home/mp/public_ftp /incoming yes mp mp 0660 nodirs virtual aaa.bbb.ccc.dd root /usr/home/mp/public_ftp virtual aaa.bbb.ccc.dd banner /usr/home/mp/public_ftp/etc/ftpmotd virtual aaa.bbb.ccc.dd logfile /usr/home/mp/logs/ftp.log Each vhost has their own IP btw. Like I said, logging in anonymously works fine as does the upload, but now he can't log in to ftp.hisdomain.com with his username and password. Has anyone had this happen? How do I get around it? Any insight would be much appreciated.. this is driving me nuts. TIA. -- - Jim Mock - jim@blues.ghis.net - systems administrator - ghis.NET - - work: http://www.ghis.net/ - personal: http://www.ghis.net/~jim/ - - FreeBSD 'zine: http://www.freebsdzine.org/ - jim@freebsdzine.org - - FreeBSD: http://advocacy.freebsd.org/ - jim@advocacy.FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 18:11:12 1999 Delivered-To: freebsd-isp@freebsd.org Received: from arutam.inch.com (ns.inch.com [207.240.140.101]) by hub.freebsd.org (Postfix) with ESMTP id 3F6E0153CC for ; Wed, 30 Jun 1999 18:11:09 -0700 (PDT) (envelope-from freyes@inch.com) Received: from your-name (TC3-dial-134-215.oldslip.inch.com [207.240.215.134]) by arutam.inch.com (8.9.1a/8.8.5) with SMTP id VAA19083; Wed, 30 Jun 1999 21:09:52 -0400 (EDT) Message-Id: <199907010109.VAA19083@arutam.inch.com> From: "Francisco Reyes" To: "Joe McDonald" , "mtaylor@cybernet.com" Cc: "freebsd-isp@FreeBSD.ORG" Date: Wed, 30 Jun 1999 21:11:38 -0400 Reply-To: "Francisco Reyes" X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 98 (4.10.1998) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Re: The NetMAX product Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 30 Jun 1999 17:07:07 -0700, Joe McDonald wrote: >>....NetMAX product. >>I have just subscribed to this list, and am ready to answer any >>questions regarding our product! One thing I would like to ad is that Cybernet's support is one of the best I have seen. Recently one of their tech support persons saved me endless hours when he discovered that the IP addresses I was given for my SDSL installation were wrong. He even helped me get things straigten out with the ISP. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 18:39:50 1999 Delivered-To: freebsd-isp@freebsd.org Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (Postfix) with ESMTP id 5EBA01542D for ; Wed, 30 Jun 1999 18:39:44 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id LAA02257; Thu, 1 Jul 1999 11:09:41 +0930 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id LAA82071; Thu, 1 Jul 1999 11:09:40 +0930 (CST) Date: Thu, 1 Jul 1999 11:09:40 +0930 From: Greg Lehey To: Joe McDonald Cc: mtaylor@cybernet.com, freebsd-isp@FreeBSD.ORG Subject: Re: The NetMAX product Message-ID: <19990701110940.D79211@freebie.lemis.com> References: <3787b0cb.48631488@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <3787b0cb.48631488@127.0.0.1>; from Joe McDonald on Wed, Jun 30, 1999 at 05:07:07PM -0700 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wednesday, 30 June 1999 at 17:07:07 -0700, Joe McDonald wrote: >> Francisco has been mentioning on this list about the NetMAX product. >> I have just subscribed to this list, and am ready to answer any >> questions regarding our product! > > Oh yeah, and you forgot to mention that you are the guys that wrote > the RAID5 code for vinum, so you have, like, lots of clue :-) Well, it would be more accurate to say that they paid for the RAID-5 code for Vinum. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 18:53:31 1999 Delivered-To: freebsd-isp@freebsd.org Received: from gw.caamora.com.au (jonath5.lnk.telstra.net [139.130.41.237]) by hub.freebsd.org (Postfix) with ESMTP id B200614EFE for ; Wed, 30 Jun 1999 18:53:23 -0700 (PDT) (envelope-from jon@gw.caamora.com.au) Received: (from jon@localhost) by gw.caamora.com.au (8.8.8/8.8.8) id LAA14743; Thu, 1 Jul 1999 11:52:58 +1000 (EST) (envelope-from jon) Message-ID: <19990701115257.C14477@caamora.com.au> Date: Thu, 1 Jul 1999 11:52:57 +1000 From: jonathan michaels To: Andrew , Stuart Henderson Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Using one FreeBSD box as router/firewall/vpn Mail-Followup-To: Andrew , Stuart Henderson , freebsd-isp@FreeBSD.ORG References: <009901bec1a4$a15ee260$3d94cbc1@oemcomputer> <3778ABCB.73728DE2@eclipse.net.uk> <377A2CFC.8BF24208@uq.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <377A2CFC.8BF24208@uq.net.au>; from Andrew on Thu, Jul 01, 1999 at 12:43:08AM +1000 X-Operating-System: FreeBSD gw.caamora.com.au 2.2.7-RELEASE i386 X-Mood: i'm alive, if it counts Organisation: Caamora, PO Box 144, Rosebery NSW 1445 Australia Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jul 01, 1999 at 12:43:08AM +1000, Andrew wrote: > Some people would say OpenBSD is more secure - But that > is another argument alltogther and it all come down to how > people setup their systems. > > A novel idea though that I have seen done is burning > the whole OS to a bootable CD-rom. not so novel now that good scsi cdrom players are so cheap .. 16x nec are only $AUD190. i've been thinking about putting in a cdrom and a ls120 drive as my only removable media .. well ok and a dlt tape streamer. wonder if it would be possible to make a ls120 diskette bootable ? sorry i'm not a systems programmer or a hardware (chip level) guru any more .. i was with motorola mc6800's but more recently (grin) mc68b09e > The great thing is you have no danger of the HD crashing > and even if someone finds a way in theres not a much they > can do that a reboot wont fix ;) same for a self-contained ls120 diskette .. wonder of teh scsi version has been released yet, they were going to do a scsi version a few years ago. > You would need to update the CD as important > bugfixes/new releases came out but blank CD's are cheap. or if you used a rewritable cd-media. or even a bootable tape, just load teh tape into the drive and punch restart button. another thought .. with cisco routers coming down in price and intel hardware geting cheaper (and by definition shoddier) is thier a point on the graph were it makes sence to use a cisco, or some sort of 'real router', especially now that so amny 'boutique' suppliers are bringing out dedicated hardware solutions ? cobalt and teh like, i mean. with the technology packing ever more functionality into those little black boxes that keep all the magic grey smoke in them, its just a matter of time before your toaster oven will be able to ask you at work when you want your grilled cheese and tomato ready, grin. i thnk t would be real neat to have a say ls120, or a cdrom, or a tape bootable system .. as a bastion hoast/router/gateway solution that uses and therefore showcases freebsd. but given some of teh technicals only a company like say whistle, inc. is going to be able to market such a device .. if thier is a market outside off a few diehards like freebsd hackers. from teh utiliity vantage point it is a real winner as well, only if i were still 25 and had full use of my faculties, sigh, thats life i suppose. sorry i've started to ramble .. its cold, raining, wet, miserable and i'm hurting badly. regards and thx fro teh neat suggestion. cheers jonathan -- =============================================================================== Jonathan Michaels PO Box 144, Rosebery, NSW 1445 Australia =========================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 19: 0:53 1999 Delivered-To: freebsd-isp@freebsd.org Received: from arutam.inch.com (ns.inch.com [207.240.140.101]) by hub.freebsd.org (Postfix) with ESMTP id 45F3F14FF7 for ; Wed, 30 Jun 1999 19:00:50 -0700 (PDT) (envelope-from freyes@inch.com) Received: from your-name (TC3-dial-134-215.oldslip.inch.com [207.240.215.134]) by arutam.inch.com (8.9.1a/8.8.5) with SMTP id WAA25510 for ; Wed, 30 Jun 1999 22:00:49 -0400 (EDT) Message-Id: <199907010200.WAA25510@arutam.inch.com> From: "Francisco Reyes" To: "FreebSD ISP list" Date: Wed, 30 Jun 1999 22:02:30 -0400 Reply-To: "Francisco Reyes" X-Mailer: PMMail 98 Professional (2.01.1600) For Windows 98 (4.10.1998) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Secondary DNS Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I recently got an SDSL line and plan to host a few domains in it, but internic requires a secondary DNS entry. Even more fun, the box currently doesn't have any DNS entry so I can not be listed as primary either. Maybe my ISP gave it a name, but I don't have it... What is my best bet for finding a secondary DNS for my sites? Talking to my ISP? Is this something ISPs offer as a service? i.e. could I pay someone for this? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 19:21:29 1999 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial0-velvet.Brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id A36DC14F22 for ; Wed, 30 Jun 1999 19:21:16 -0700 (PDT) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.8.8/8.8.8) with SMTP id MAA08440 for ; Thu, 1 Jul 1999 12:21:09 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Thu, 1 Jul 1999 12:21:07 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: Using one FreeBSD box as router/firewall/vpn In-Reply-To: <377AAF9B.89017EBE@uq.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 1 Jul 1999, Andrew wrote: > You use a ram disk for the parts that need to be witeable or you could have > them mouted via NFS or SMBFS but kinda defeats the security aspect a bit. > > There is no decrease in speed except for when the system is loading. > From there it all runs from ram ( which the machine would have plenty of ). > > You would not use this for a server but for a firewall where all you are > doing is routing/filetrting/blocking packets then this is an interesting > way to bring down cost and improve reliablity. Do it *all* in RAM instead with a minimal (and I mean *minimal* :) ) installation, rather than having the CD-ROM start then stop every time it needs to load in a binary or config file. I set up a machine a few months ago with 32Mb RAM which boots from a floppy and then fetches a .tar file via HTTP. It has an 8Mb MFS partition which has about 30% free space during normal use. There's usually about 7-10Mb free RAM, depending on how many routes GateD is handling. Next on the agenda is experimenting with a flash IDE 'drive' to eliminate all moving media and the need to fetch a 3Mb tar file via HTTP. The flash IDE will only be used for booting, it will still run exclusively from RAM after boot. Later I may also experiment with the 'thermal' setup of the machine, it currently has a power supply fan and a CPU fan, however the CPU barely gets warm when the CPU fan is powered off - it's underclocked and also due to the nature of what it's doing probably idle a lot of the time. Because the power supply is not feeding something hungry like a HD, it may also be possible to reduce the fan requirements there - although I was under the impression the fan is mainly for the computer (contents) rather than the PSU itself? What I'd really love to do eventually is to build up a custom router using embedded modules - for example, I have a 386sx40 with onboard HD & FDD controller, 2Mb flash IDE drive, LPT, 2 serial ports, keyboard, 10baseT ethernet that is the size of a 3 1/2" floppy disk. It would be nice to be able to use something like this with some extra serial ports or ethernet ports (also embedded modules) and thus not require the minimum PC expansion card height in the casing, and the inherent waste of space that goes with it. Sort of related... I've never actually tried to boot FreeBSD from the flash IDE drive on this board because it only *emulates* an IDE drive via software (ie BIOS calls), but on second thoughts I'm sure I've heard mention that the boot process uses the BIOS to load in the kernel... is this correct? It only has 4Mb so I'm not really sure how practical actually *doing* anything after the kernel is loaded would be. ;-) I could add on a HD for swap but that defeats the purpose entirely... Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://www.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 19:30:58 1999 Delivered-To: freebsd-isp@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 079EC14F22 for ; Wed, 30 Jun 1999 19:30:54 -0700 (PDT) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id TAA53364; Wed, 30 Jun 1999 19:30:38 -0700 (PDT) Date: Wed, 30 Jun 1999 19:30:36 -0700 (PDT) From: Julian Elischer To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Using one FreeBSD box as router/firewall/vpn In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 1 Jul 1999, Rowan Crowe wrote: > > Sort of related... I've never actually tried to boot FreeBSD from the > flash IDE drive on this board because it only *emulates* an IDE drive via > software (ie BIOS calls), but on second thoughts I'm sure I've heard > mention that the boot process uses the BIOS to load in the kernel... is > this correct? It only has 4Mb so I'm not really sure how practical > actually *doing* anything after the kernel is loaded would be. ;-) I could > add on a HD for swap but that defeats the purpose entirely... > Yes the boot code does it's IO through the BIOS. Assuming teh flash bios emulates the low level calls and not just high level calls, it should be possible to put a PicoBSD floppy image on it and have it boot just fine. julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 19:42: 8 1999 Delivered-To: freebsd-isp@freebsd.org Received: from phoenix (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (Postfix) with SMTP id 40CEF1528C for ; Wed, 30 Jun 1999 19:42:01 -0700 (PDT) (envelope-from barrett@phoenix.aye.net) Received: (qmail 21077 invoked by uid 1000); 1 Jul 1999 02:39:52 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Jul 1999 02:39:52 -0000 Date: Wed, 30 Jun 1999 22:39:52 -0400 (EDT) From: Barrett Richardson To: "Robert J. Adams" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Redundant Remote Webserver clustering In-Reply-To: <015701bec2ab$6af9bb20$3102fbd1@siscom.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We were doing transparent HTTP cacheing. We test drove a Foundry but couldn't get it to work (admittedly others have succeeded where we failed). > Barrett, > > Any particular reason you chose the Alteon over the Foundry ServerIron? We > are getting ready to pick up a l4 switch and are looking for > recommendations. > > -j > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 20:40:56 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [209.224.254.131]) by hub.freebsd.org (Postfix) with ESMTP id 64FA114CBE for ; Wed, 30 Jun 1999 20:40:48 -0700 (PDT) (envelope-from hetzels@westbend.net) Received: from admin (admin.westbend.net [209.224.254.141]) by mail.westbend.net (8.8.8/8.8.8) with SMTP id WAA09864; Wed, 30 Jun 1999 22:40:46 -0500 (CDT) (envelope-from hetzels@westbend.net) Message-ID: <007b01bec373$80e502a0$8dfee0d1@westbend.net> From: "Scot W. Hetzel" To: "Francisco Reyes" Cc: "FreebSD ISP list" References: <199907010200.WAA25510@arutam.inch.com> Subject: Re: Secondary DNS Date: Wed, 30 Jun 1999 22:40:45 -0500 Organization: West Bend Internet MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: Francisco Reyes > I recently got an SDSL line and plan to host a few domains in it, but > internic requires a secondary DNS entry. > > Even more fun, the box currently doesn't have any DNS entry so I can > not be listed as primary either. > You can be list as the primary, you just need to setup the DNS server on your system, then advise the internic that that boxes IP address is the Primary for your domain. > Maybe my ISP gave it a name, but I don't have it... > > What is my best bet for finding a secondary DNS for my sites? > Talking to my ISP? > Is this something ISPs offer as a service? i.e. could I pay someone for > this? > Talk with your ISP, they most likely will let you use them as a secondary DNS (for a fee). Scot W. Hetzel West Bend Internet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Jun 30 21:11: 5 1999 Delivered-To: freebsd-isp@freebsd.org Received: from server.soekris.com (host186.soekris.ipc.net [170.1.113.186]) by hub.freebsd.org (Postfix) with ESMTP id 2C03A14D3B for ; Wed, 30 Jun 1999 21:11:01 -0700 (PDT) (envelope-from soren@soekris.dk) Received: from soekris.dk ([192.168.1.8]) by server.soekris.com (8.9.2/8.9.2) with ESMTP id VAA21370; Wed, 30 Jun 1999 21:10:54 -0700 (PDT) (envelope-from soren@soekris.dk) Message-ID: <377AEA4E.45C4BC79@soekris.dk> Date: Wed, 30 Jun 1999 21:10:54 -0700 From: Soren Kristensen Organization: Soekris Engineering X-Mailer: Mozilla 4.51 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: Francisco Reyes Cc: FreebSD ISP list Subject: Re: Secondary DNS References: <199907010200.WAA25510@arutam.inch.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Francisco Reyes wrote: > > I recently got an SDSL line and plan to host a few domains in it, but > internic requires a secondary DNS entry. > > Even more fun, the box currently doesn't have any DNS entry so I can > not be listed as primary either. I have my own little server running FreeBSD on a DSL line, and found this out the hard way. In order to be a primary for yourself, you must first register you IP as a host at internic, use the hostform at: http://www.networksolutions.com/cgi-bin/itts/host > > Maybe my ISP gave it a name, but I don't have it... > > What is my best bet for finding a secondary DNS for my sites? I looked around for cheap professional DNS, but didn't really find anything I liked. So I decided doing primary on my own, and used the free DNS server at http://soa.granitecanyon.com/ for my secondary. They seems to work fine, but I prefer to do my primary on my own DNS server, as it is not that bad to be without secondary for a period, but without primary you vanish very quick.... > Talking to my ISP? > Is this something ISPs offer as a service? i.e. could I pay someone for > this? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message Best Regards, Soren Kristensen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 0:11:39 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mx.calweb.com (mx.calweb.com [209.210.251.13]) by hub.freebsd.org (Postfix) with ESMTP id 0B4B114C83 for ; Thu, 1 Jul 1999 00:11:33 -0700 (PDT) (envelope-from rdugaue@calweb.com) Received: from staff.calweb.com (rdugaue@staff.calweb.com [209.210.251.15]) by mx.calweb.com (8.9.3/8.9.3) with ESMTP id AAA13629; Thu, 1 Jul 1999 00:11:29 -0700 (PDT) Date: Thu, 1 Jul 1999 00:11:28 -0700 (PDT) From: Robert Du Gaue To: Soren Kristensen Cc: Francisco Reyes , FreebSD ISP list Subject: Re: Secondary DNS In-Reply-To: <377AEA4E.45C4BC79@soekris.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org One minor point... > I looked around for cheap professional DNS, but didn't really find ^^^^^^^^^^^^^^^^^^ In my opinion, these two words don't belong together. The saying you usually get what you pay for is true in many respects, and if you're looking for a 'professional' type service, going the 'cheap' route will usually end up with you not getting what you expected... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 0:30:25 1999 Delivered-To: freebsd-isp@freebsd.org Received: from server.soekris.com (host186.soekris.ipc.net [170.1.113.186]) by hub.freebsd.org (Postfix) with ESMTP id 01B6515620 for ; Thu, 1 Jul 1999 00:30:21 -0700 (PDT) (envelope-from soren@soekris.dk) Received: from soekris.dk ([192.168.1.8]) by server.soekris.com (8.9.2/8.9.2) with ESMTP id AAA21756; Thu, 1 Jul 1999 00:30:17 -0700 (PDT) (envelope-from soren@soekris.dk) Message-ID: <377B190A.B1EAB0AF@soekris.dk> Date: Thu, 01 Jul 1999 00:30:18 -0700 From: Soren Kristensen Organization: Soekris Engineering X-Mailer: Mozilla 4.51 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: Robert Du Gaue Cc: Francisco Reyes , FreebSD ISP list Subject: Re: Secondary DNS References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Du Gaue wrote: > > One minor point... > > > I looked around for cheap professional DNS, but didn't really find > ^^^^^^^^^^^^^^^^^^ > > In my opinion, these two words don't belong together. The saying you > usually get what you pay for is true in many respects, and if you're > looking for a 'professional' type service, going the 'cheap' route will > usually end up with you not getting what you expected... > Normally, I would agree with you. But delivering DNS service CAN be very cheap to provide, if you have well designed tools. It could be more or less an automated onetime setup, and don't cost very much after chat. That's why I don't accept $20-$50 per month for it. And we can see that "The Public DNS Service" at granitecanyon.com can provide free DNS service for currently 18976 domains at a accaptable level of service and reliability. So if they charged like t.ex $10-$30 per year, they could provide cheap and great service and reliability.... Best Regards, Soren Kristensen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 0:45: 3 1999 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id C330C15620 for ; Thu, 1 Jul 1999 00:44:56 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 23344 invoked by uid 1001); 1 Jul 1999 07:44:55 +0000 (GMT) To: soren@soekris.dk Cc: rdugaue@calweb.com, freyes@inch.com, freebsd-isp@FreeBSD.ORG Subject: Re: Secondary DNS From: sthaug@nethelp.no In-Reply-To: Your message of "Thu, 01 Jul 1999 00:30:18 -0700" References: <377B190A.B1EAB0AF@soekris.dk> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Thu, 01 Jul 1999 09:44:54 +0200 Message-ID: <23342.930815094@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > I looked around for cheap professional DNS, but didn't really find > > ^^^^^^^^^^^^^^^^^^ > > > > In my opinion, these two words don't belong together. The saying you > > usually get what you pay for is true in many respects, and if you're > > looking for a 'professional' type service, going the 'cheap' route will > > usually end up with you not getting what you expected... Agreed. TANSTAAFL. > Normally, I would agree with you. But delivering DNS service CAN be very > cheap to provide, if you have well designed tools. It could be more or > less an automated onetime setup, and don't cost very much after chat. > That's why I don't accept $20-$50 per month for it. > > And we can see that "The Public DNS Service" at granitecanyon.com can > provide free DNS service for currently 18976 domains at a accaptable > level of service and reliability. If you read comp.protocols.tcp-ip.domains, I think you'll find quite a few people who will dispute your claim of "acceptable level of service and reliability" for granitecanyon.com. But freebsd-isp is probably not the place for such a discussion... Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 4:39:34 1999 Delivered-To: freebsd-isp@freebsd.org Received: from hartley.mintel.co.uk (hartley.mintel.co.uk [194.217.87.65]) by hub.freebsd.org (Postfix) with ESMTP id BF5BF155E9 for ; Thu, 1 Jul 1999 04:39:31 -0700 (PDT) (envelope-from jason.thomson@mintel.co.uk) Received: from mintel.co.uk ([10.0.0.233]) by hartley.mintel.co.uk (8.9.2/8.9.2) with ESMTP id MAA03990 for ; Thu, 1 Jul 1999 12:30:51 +0100 (BST) Message-ID: <377B53F8.34DE5461@mintel.co.uk> Date: Thu, 01 Jul 1999 12:41:44 +0100 From: Jason Thomson X-Mailer: Mozilla 4.51 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Sendmail 8.9.x check_mail anti-spam rule broken? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As I understood the sendmail anti-spam rules, they are supposed to reject Sender addresses whose domain part does not _resolve_. I was under the impression that meant the domain had to have either MX or A or CNAME records. However, it would appear that the domain must have an A record. Or mail is rejected with: reject=451 <>... Sender domain must resolve For example, some.one@btinternet.com gets rejected. But btinternet.com has perfectly valid MX records. BT Internet is probably one of the UK's biggest ISPs. Can someone confirm that this is the expected behaviour (and I haven't got a broken config) and that this behaviour is correct (and not a bug). If by _resolve_, this means that a domain must have an A record, then maybe I need to add A records for all the domains that I maintain, and remove this anti-spam rule from my sendmail.cf file. (Because I might want to be able to receive mail from companies like British Telecom, MCI Worldcom etc. :-). However, this it doesn't seem quite right that a domain should require an A record. (I notice that freebsd.org does have an A record). Also, whilst our server rejected one legitimate message, that same rule has rejected several spams already today. Thanks for any pointers and info. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 6:30: 5 1999 Delivered-To: freebsd-isp@freebsd.org Received: from moat.teksupport.net.au (moat.teksupport.net.au [203.17.1.98]) by hub.freebsd.org (Postfix) with ESMTP id BFFE515741 for ; Thu, 1 Jul 1999 06:29:57 -0700 (PDT) (envelope-from robseco@wizard.teksupport.net.au) Received: from magician.teksupport.net.au (magician.teksupport.net.au [192.168.1.2]) by moat.teksupport.net.au (8.8.8/8.8.8) with SMTP id XAA08386 for ; Thu, 1 Jul 1999 23:29:34 +1000 (EST) (envelope-from robseco@wizard.teksupport.net.au) Message-Id: <3.0.5.32.19990701232934.00a401e0@moat-gw.teksupport.net.au> X-Sender: robseco@moat-gw.teksupport.net.au X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 01 Jul 1999 23:29:34 +1000 To: freebsd-isp@freebsd.org From: Rob Secombe Subject: FreeBSD Conference Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I received something about a FreeBSD conference coming up soon in SF with my 3.2 subscription but some thoughtful person at work 'round filed' it for me. I went looking at freebsd.org and cdrom.com but couldn't find anything. Could someone please point me at it, as I would like to attend. Thanks Rob Secombe (RS39-AU) Engineering Director Teksupport Pty. Ltd. 7 Warwick Avenue, Springvale, Melbourne Australia 3171 Ph. +61 3 9562 4577 Fx. +61 3 9547 0320 http://www.teksupport.net.au/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 6:37:59 1999 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 7217914DE3 for ; Thu, 1 Jul 1999 06:37:53 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 30284 invoked by uid 1001); 1 Jul 1999 13:37:52 +0000 (GMT) To: jason.thomson@mintel.co.uk Cc: freebsd-isp@freebsd.org Subject: Re: Sendmail 8.9.x check_mail anti-spam rule broken? From: sthaug@nethelp.no In-Reply-To: Your message of "Thu, 01 Jul 1999 12:41:44 +0100" References: <377B53F8.34DE5461@mintel.co.uk> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Thu, 01 Jul 1999 15:37:52 +0200 Message-ID: <30282.930836272@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > For example, some.one@btinternet.com gets rejected. But btinternet.com > has perfectly valid MX records. BT Internet is probably one of the UK's > biggest ISPs. They may be one of the UK's biggest ISPs. That doesn't mean they have a clue: - It appears that both of the btinternet.com name servers are on the same LAN segment (certainly behind the same router): btinternet.com. NS dns1.btinternet.com. btinternet.com. NS dns2.btinternet.com. dns1.btinternet.com. A 194.73.73.95 dns2.btinternet.com. A 194.73.73.94 and both behind a router at 194.74.74.71. (For that matter, both of their MX hosts also sit behind this same router.) - Neither of the btinternet.com name servers are authoritative for btinternet.com. This doesn't exactly give me great faith in BT Internet... Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 6:38:43 1999 Delivered-To: freebsd-isp@freebsd.org Received: from imap.ncsa.es (imap.ncsa.es [194.179.50.6]) by hub.freebsd.org (Postfix) with ESMTP id A6C4414C19 for ; Thu, 1 Jul 1999 06:38:27 -0700 (PDT) (envelope-from jesusr@ncsa.es) Received: from ender.ncsa.es (ender.ncsa.es [194.179.50.15]) by imap.ncsa.es (8.9.3/8.9.1) with ESMTP id PAA15757; Thu, 1 Jul 1999 15:37:02 +0200 (CEST) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <3.0.5.32.19990701232934.00a401e0@moat-gw.teksupport.net.au> Date: Thu, 01 Jul 1999 15:32:04 +0200 (CEST) Reply-To: jesusr@ncsa.es Organization: Nexus Comunicaciones, S.A. From: Jesus Rodriguez To: Rob Secombe Subject: RE: FreeBSD Conference Cc: freebsd-isp@FreeBSD.ORG Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 01-Jul-99 Rob Secombe wrote: > Hi, > > I received something about a FreeBSD conference coming up soon in SF with > my 3.2 subscription but some thoughtful person at work 'round filed' it for > me. I went looking at freebsd.org and cdrom.com but couldn't find anything. > Could someone please point me at it, as I would like to attend. http://www.freebsdcon.org JesusR. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 6:42: 9 1999 Delivered-To: freebsd-isp@freebsd.org Received: from sinope.eclipse.net.uk (sinope.eclipse.net.uk [195.188.32.121]) by hub.freebsd.org (Postfix) with ESMTP id 2D4A914C13 for ; Thu, 1 Jul 1999 06:41:58 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: from eclipse.net.uk (elara.eclipse.net.uk [195.188.32.31]) by sinope.eclipse.net.uk (8.9.3/8.9.3) with ESMTP id OAA30696; Thu, 1 Jul 1999 14:41:40 +0100 Message-ID: <377B7044.5F5FC41A@eclipse.net.uk> Date: Thu, 01 Jul 1999 14:42:28 +0100 From: Stuart Henderson Organization: Eclipse Networking Ltd. X-Mailer: Mozilla 4.6 [en] (WinNT; U) X-Accept-Language: en-GB MIME-Version: 1.0 To: Rob Secombe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: FreeBSD Conference References: <3.0.5.32.19990701232934.00a401e0@moat-gw.teksupport.net.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I received something about a FreeBSD conference coming up soon > in SF with my 3.2 subscription but some thoughtful person at work > 'round filed' it for me. I went looking at freebsd.org and > cdrom.com but couldn't find anything. Could someone please point > me at it, as I would like to attend. http://www.freebsdcon.org/ Stuart To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 6:47:57 1999 Delivered-To: freebsd-isp@freebsd.org Received: from moat.teksupport.net.au (moat.teksupport.net.au [203.17.1.98]) by hub.freebsd.org (Postfix) with ESMTP id 44AEF14BCD for ; Thu, 1 Jul 1999 06:47:50 -0700 (PDT) (envelope-from robseco@wizard.teksupport.net.au) Received: from magician.teksupport.net.au (magician.teksupport.net.au [192.168.1.2]) by moat.teksupport.net.au (8.8.8/8.8.8) with SMTP id XAA08520 for ; Thu, 1 Jul 1999 23:47:45 +1000 (EST) (envelope-from robseco@wizard.teksupport.net.au) Message-Id: <3.0.5.32.19990701234744.00a462c0@moat-gw.teksupport.net.au> X-Sender: robseco@moat-gw.teksupport.net.au X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 01 Jul 1999 23:47:44 +1000 To: freebsd-isp@freebsd.org From: Rob Secombe Subject: RE: FreeBSD Conference In-Reply-To: References: <3.0.5.32.19990701232934.00a401e0@moat-gw.teksupport.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks - got it. Rob. At 15:32 01-07-99 +0200, you wrote: > >On 01-Jul-99 Rob Secombe wrote: >> Hi, >> >> I received something about a FreeBSD conference coming up soon in SF with >> my 3.2 subscription but some thoughtful person at work 'round filed' it for >> me. I went looking at freebsd.org and cdrom.com but couldn't find anything. >> Could someone please point me at it, as I would like to attend. > >http://www.freebsdcon.org > >JesusR. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 7:22:43 1999 Delivered-To: freebsd-isp@freebsd.org Received: from subpop.noc.clara.net (subpop.noc.clara.net [195.8.70.64]) by hub.freebsd.org (Postfix) with ESMTP id B4CA115600 for ; Thu, 1 Jul 1999 07:22:35 -0700 (PDT) (envelope-from levine@clara.net) Received: by subpop.noc.clara.net (Postfix, from userid 1001) id 0D93ABFF11; Thu, 1 Jul 1999 15:22:33 +0100 (BST) Date: Thu, 1 Jul 1999 15:22:33 +0100 From: Neil Levine To: freebsd-isp@freebsd.org Subject: Clustering Message-ID: <19990701152233.B20856@clara.net> Reply-To: levine@clara.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is anyone working on any clustering tools for FreeBSD a la Mosix or Beowulf? N -- -------------------------------------------------------------------- Neil Levine ClaraNet(UK) Ltd. levine@clara.net http://www.clara.net -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 9:28:36 1999 Delivered-To: freebsd-isp@freebsd.org Received: from marge.mintel.co.uk (marge.mintel.co.uk [194.217.87.22]) by hub.freebsd.org (Postfix) with ESMTP id E272014E6A for ; Thu, 1 Jul 1999 09:28:26 -0700 (PDT) (envelope-from jason.thomson@mci.com) Received: from mci.com ([10.0.0.233]) by marge.mintel.co.uk (8.9.1/8.9.1) with ESMTP id RAA26287; Thu, 1 Jul 1999 17:22:27 +0100 (BST) (envelope-from jason.thomson@mci.com) Message-ID: <377B977B.644C021D@mci.com> Date: Thu, 01 Jul 1999 17:29:47 +0100 From: Jason Thomson X-Mailer: Mozilla 4.51 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: sthaug@nethelp.no Cc: freebsd-isp@freebsd.org Subject: Re: Sendmail 8.9.x check_mail anti-spam rule broken? References: <377B53F8.34DE5461@mintel.co.uk> <30282.930836272@verdi.nethelp.no> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I know. I wasn't suggesting that they were particularly competent. But they are one of many organisations that don't have A records for their domain name. The question I was really asking was: Is it necessary to have A records for a domain name in order to have EMail messages accepted by Sendmail 8.9.x for senders from that domain? As far as I was aware, it shouldn't be necessary to have an A record for a domain name, in order to send mail to that domain. If it's just btinternet with badly administered name servers, then fine, I can mail their postmaster and ask them to fix the problem. If it _is_ a problem with sendmail, then I'll tweak my config file, and add A records for all domains I maintain. sthaug@nethelp.no wrote: > > For example, some.one@btinternet.com gets rejected. But btinternet.com > > has perfectly valid MX records. BT Internet is probably one of the UK's > > biggest ISPs. > > They may be one of the UK's biggest ISPs. That doesn't mean they have > a clue: > > - It appears that both of the btinternet.com name servers are on the > same LAN segment (certainly behind the same router): > > btinternet.com. NS dns1.btinternet.com. > btinternet.com. NS dns2.btinternet.com. > > dns1.btinternet.com. A 194.73.73.95 > dns2.btinternet.com. A 194.73.73.94 > > and both behind a router at 194.74.74.71. > > (For that matter, both of their MX hosts also sit behind this same router.) > > - Neither of the btinternet.com name servers are authoritative for > btinternet.com. > > This doesn't exactly give me great faith in BT Internet... > > Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 9:40:44 1999 Delivered-To: freebsd-isp@freebsd.org Received: from gateway.cybernet.com (gateway.cybernet.com [192.245.33.1]) by hub.freebsd.org (Postfix) with ESMTP id C57B714D90 for ; Thu, 1 Jul 1999 09:40:37 -0700 (PDT) (envelope-from mtaylor@cybernet.com) Received: from spiffy.cybernet.com (spiffy.cybernet.com [192.245.33.55]) by gateway.cybernet.com (8.8.8/8.8.8) with ESMTP id MAA05661; Thu, 1 Jul 1999 12:40:48 -0400 (EDT) (envelope-from mtaylor@cybernet.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <19990701110940.D79211@freebie.lemis.com> Date: Thu, 01 Jul 1999 12:38:38 -0400 (EDT) Reply-To: mtaylor@cybernet.com Organization: Cybernet Systems From: "Mark J. Taylor" To: Greg Lehey Subject: Re: The NetMAX product Cc: freebsd-isp@FreeBSD.ORG, Joe McDonald Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was about to clarify this, but Greg beat me to it: Greg is the one who we contracted to write the software RAID5 implementation. He is the one that created vinum, so the credit all goes to him! In the current release, the NetMAX/FreeBSD uses ccd and mirroring. We are working on changing this to RAID5/vinum in the next release. Right now, we are all working very hard on getting a Linux version of NetMAX out the door. We are very close... -Mark Taylor NetMAX Developer mtaylor@cybernet.com http://www.netmax.com/ On 01-Jul-99 Greg Lehey wrote: > On Wednesday, 30 June 1999 at 17:07:07 -0700, Joe McDonald wrote: >>> Francisco has been mentioning on this list about the NetMAX product. >>> I have just subscribed to this list, and am ready to answer any >>> questions regarding our product! >> >> Oh yeah, and you forgot to mention that you are the guys that wrote >> the RAID5 code for vinum, so you have, like, lots of clue :-) > > Well, it would be more accurate to say that they paid for the RAID-5 > code for Vinum. > > Greg > -- > See complete headers for address, home page and phone numbers > finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 10:13:40 1999 Delivered-To: freebsd-isp@freebsd.org Received: from web201.mail.yahoo.com (web201.mail.yahoo.com [128.11.68.101]) by hub.freebsd.org (Postfix) with SMTP id 27A8E14FD9 for ; Thu, 1 Jul 1999 10:13:29 -0700 (PDT) (envelope-from fjrm@yahoo.com) Message-ID: <19990701171050.6124.rocketmail@web201.mail.yahoo.com> Received: from [169.71.1.12] by web201.mail.yahoo.com; Thu, 01 Jul 1999 10:10:50 PDT Date: Thu, 1 Jul 1999 10:10:50 -0700 (PDT) From: Francisco Reyes Subject: Re: The NetMAX product To: Greg Lehey Cc: freebsd-isp@FreeBSD.ORG, Joe McDonald MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Greg is the one who we contracted to write the >software RAID5 implementation. >He is the one that created vinum, Greg, Will the Raid 5 in Vinum include the boot/system disk? What will be the minimun number of disks needed for Raid 5? _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 10:17: 3 1999 Delivered-To: freebsd-isp@freebsd.org Received: from florence.pavilion.net (florence.pavilion.net [194.242.128.25]) by hub.freebsd.org (Postfix) with ESMTP id AC55114DFE for ; Thu, 1 Jul 1999 10:16:49 -0700 (PDT) (envelope-from joe@florence.pavilion.net) Received: (from joe@localhost) by florence.pavilion.net (8.9.2/8.8.8) id SAA18131; Thu, 1 Jul 1999 18:16:32 +0100 (BST) (envelope-from joe) Date: Thu, 1 Jul 1999 18:16:32 +0100 From: Josef Karthauser To: Jason Thomson Cc: sthaug@nethelp.no, freebsd-isp@FreeBSD.ORG Subject: Re: Sendmail 8.9.x check_mail anti-spam rule broken? Message-ID: <19990701181632.P69050@pavilion.net> References: <377B53F8.34DE5461@mintel.co.uk> <30282.930836272@verdi.nethelp.no> <377B977B.644C021D@mci.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <377B977B.644C021D@mci.com>; from Jason Thomson on Thu, Jul 01, 1999 at 05:29:47PM +0100 X-NCC-RegID: uk.pavilion Organisation: Pavilion Internet plc, 24 The Old Steine, Brighton, BN1 1EL, England Phone: +44-845-333-5000 Fax: +44-845-333-5001 Mobile: +44-403-596893 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jul 01, 1999 at 05:29:47PM +0100, Jason Thomson wrote: > I know. I wasn't suggesting that they were particularly competent. But they > are one of many organisations that don't have A records for their domain name. > The question I was really asking was: > > Is it necessary to have A records for a domain name in order to have EMail > messages accepted by Sendmail 8.9.x for senders from that domain? > > As far as I was aware, it shouldn't be necessary to have an A record for a > domain name, in order to send mail to that domain. > > If it's just btinternet with badly administered name servers, then fine, I > can mail their postmaster and ask them to fix the problem. If it _is_ a > problem with sendmail, then I'll tweak my config file, and add A records for > all domains I maintain. You don't need A recs for mail delivery, only MX records. Sendmail can be set to accept mail from _any_ domain, although antispamming rules could be set to make sure that the domain exists (i.e. there are some name servers somewhere carrying it), and valid MX records are in existence. I see no reason for sendmail to do an 'A rec' test; in fact I've got over 1000 domains here that don't have any A records at all. Joe -- Josef Karthauser FreeBSD: How many times have you booted today? Technical Manager Viagra for your server (http://www.uk.freebsd.org) Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org, joe@tao.org.uk] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 10:38:10 1999 Delivered-To: freebsd-isp@freebsd.org Received: from marge.mintel.co.uk (marge.mintel.co.uk [194.217.87.22]) by hub.freebsd.org (Postfix) with ESMTP id 0FA9314C14 for ; Thu, 1 Jul 1999 10:37:55 -0700 (PDT) (envelope-from jason.thomson@btinternet.com) Received: from btinternet.com ([10.0.0.233]) by marge.mintel.co.uk (8.9.1/8.9.1) with ESMTP id SAA26390; Thu, 1 Jul 1999 18:31:49 +0100 (BST) (envelope-from jason.thomson@btinternet.com) Message-ID: <377BA7BE.2949010@btinternet.com> Date: Thu, 01 Jul 1999 18:39:10 +0100 From: Jason Thomson X-Mailer: Mozilla 4.51 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Josef Karthauser , freebsd-isp@freebsd.org Subject: Re: Sendmail 8.9.x check_mail anti-spam rule broken? References: <377B53F8.34DE5461@mintel.co.uk> <30282.930836272@verdi.nethelp.no> <377B977B.644C021D@mci.com> <19990701181632.P69050@pavilion.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That's what I thought. At first, I thought that sendmail was rejecting domains that did not have an A record. Sendmail's check_mail anti spam rules do reject addresses that don't "resolve". I wasn't sure whether "resolve" meant that the domain name had to have an A record. In fact, I _think_ it means that the name has to have one or more MX records, or ultimately resolve to an IP address (i.e. there is a server to send return mail to). It seems that BT Internet's name servers were temporarily broken (my server is now accepting mail from btinternet.com). Thanks to all for the advice and info. Josef Karthauser wrote: > You don't need A recs for mail delivery, only MX records. Sendmail can > be set to accept mail from _any_ domain, although antispamming rules > could be set to make sure that the domain exists (i.e. there are some > name servers somewhere carrying it), and valid MX records are in existence. > I see no reason for sendmail to do an 'A rec' test; in fact I've got over > 1000 domains here that don't have any A records at all. > > Joe > -- > Josef Karthauser FreeBSD: How many times have you booted today? > Technical Manager Viagra for your server (http://www.uk.freebsd.org) > Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org, joe@tao.org.uk] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 11: 4:27 1999 Delivered-To: freebsd-isp@freebsd.org Received: from zoe.iserve.net (zoe.iserve.net [207.250.219.7]) by hub.freebsd.org (Postfix) with ESMTP id 51B2114EE4 for ; Thu, 1 Jul 1999 11:04:17 -0700 (PDT) (envelope-from rch@iserve.net) Received: from acidic (acidic.iserve.net [207.250.219.40]) by zoe.iserve.net (8.9.1/8.9.1) with SMTP id NAA18522 for ; Thu, 1 Jul 1999 13:04:16 -0500 (EST) Message-Id: <199907011804.NAA18522@zoe.iserve.net> X-Sender: rch@iserve.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Thu, 01 Jul 1999 13:06:34 -0500 To: freebsd-isp@FreeBSD.ORG From: Robert Hough Subject: Mail Queues In-Reply-To: <377BA7BE.2949010@btinternet.com> References: <377B53F8.34DE5461@mintel.co.uk> <30282.930836272@verdi.nethelp.no> <377B977B.644C021D@mci.com> <19990701181632.P69050@pavilion.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Where can I find some detailed information on setting up mail queues with sendmail? I've checked around on the sendmail.org site - but the only thing I can seem to find is anti-relay measures and anti-spam stuff. Basically we have a client that wants us to store incoming mail for them when they are offline, and allow them to pick it up when they get back on. __ _______ |__| __|.-----.----.--.--.-----. .--------------------------------. | |__ || -__| _| | | -__| | Robert Hough (rch@iserve.net) | |__|_______||_____|__| \___/|_____| | 317-802-3036 -/- 317-876-0846 | ----------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 11:28:24 1999 Delivered-To: freebsd-isp@freebsd.org Received: from florence.pavilion.net (florence.pavilion.net [194.242.128.25]) by hub.freebsd.org (Postfix) with ESMTP id 0656315071 for ; Thu, 1 Jul 1999 11:28:10 -0700 (PDT) (envelope-from joe@florence.pavilion.net) Received: (from joe@localhost) by florence.pavilion.net (8.9.2/8.8.8) id TAA31210; Thu, 1 Jul 1999 19:28:06 +0100 (BST) (envelope-from joe) Date: Thu, 1 Jul 1999 19:28:05 +0100 From: Josef Karthauser To: Robert Hough Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Mail Queues Message-ID: <19990701192805.R69050@pavilion.net> References: <377B53F8.34DE5461@mintel.co.uk> <30282.930836272@verdi.nethelp.no> <377B977B.644C021D@mci.com> <19990701181632.P69050@pavilion.net> <377BA7BE.2949010@btinternet.com> <199907011804.NAA18522@zoe.iserve.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199907011804.NAA18522@zoe.iserve.net>; from Robert Hough on Thu, Jul 01, 1999 at 01:06:34PM -0500 X-NCC-RegID: uk.pavilion Organisation: Pavilion Internet plc, 24 The Old Steine, Brighton, BN1 1EL, England Phone: +44-845-333-5000 Fax: +44-845-333-5001 Mobile: +44-403-596893 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jul 01, 1999 at 01:06:34PM -0500, Robert Hough wrote: > Where can I find some detailed information on setting up mail queues with > sendmail? I've checked around on the sendmail.org site - but the only thing > I can seem to find is anti-relay measures and anti-spam stuff. Basically we > have a client that wants us to store incoming mail for them when they are > offline, and allow them to pick it up when they get back on. Sendmail didn't used to be able to do alternative queues, but it looks like maybe they've fixed that now. I don't know how to drive it though, I'm more into postfix now. help etrn 214-ETRN [ | @ | # ] 214- Run the queue for the specified , or 214- all hosts within a given , or a specially-named 214- (implementation-specific). 214 End of HELP info Joe -- Josef Karthauser FreeBSD: How many times have you booted today? Technical Manager Viagra for your server (http://www.uk.freebsd.org) Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org, joe@tao.org.uk] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 14:11:56 1999 Delivered-To: freebsd-isp@freebsd.org Received: from host1.premier-hosting.com (unknown [209.98.119.194]) by hub.freebsd.org (Postfix) with ESMTP id 7DA4814C32 for ; Thu, 1 Jul 1999 14:11:52 -0700 (PDT) (envelope-from paul@premier-networks.com) Received: from premier-networks.com (cgowave-36-34.cgocable.net [24.226.36.34]) by host1.premier-hosting.com (8.9.2/8.8.7) with ESMTP id RAA16887 for ; Thu, 1 Jul 1999 17:10:30 -0400 (EDT) Message-ID: <377A850F.F8904EA8@premier-networks.com> Date: Wed, 30 Jun 1999 16:58:55 -0400 From: Paul Stewart Organization: Premier Networks X-Mailer: Mozilla 4.6 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Frontpage Server Installation Problems Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there... I am trying to install the latest port of Apache-1.3.6 with Frontpage extentions.. the port installs perfectly except the httpd doesn't get patched therefore nobody can connect.... Can someone help.. I'm on a very short deadline for clients and the only patched version I can find is in the frontpage server distribution and it's 1.2.5 apache Thanks, Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 14:50:34 1999 Delivered-To: freebsd-isp@freebsd.org Received: from blues.ghis.net (pppc2-41.eisa.net.au [203.166.251.161]) by hub.freebsd.org (Postfix) with ESMTP id 10648155C7 for ; Thu, 1 Jul 1999 14:50:22 -0700 (PDT) (envelope-from jim@blues.ghis.net) Received: (from jim@localhost) by blues.ghis.net (8.9.3/8.9.3) id HAA44168; Fri, 2 Jul 1999 07:49:46 +1000 (EST) Date: Fri, 2 Jul 1999 07:49:44 +1000 From: Jim Mock To: Paul Stewart Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Frontpage Server Installation Problems Message-ID: <19990702074944.A43495@blues.ghis.net> Reply-To: jim@blues.ghis.net References: <377A850F.F8904EA8@premier-networks.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.96.3i In-Reply-To: <377A850F.F8904EA8@premier-networks.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 30 Jun 1999 at 16:58:55 -0400, Paul Stewart wrote: > Hi there... > > I am trying to install the latest port of Apache-1.3.6 with > Frontpage extentions.. the port installs perfectly except the httpd > doesn't get patched therefore nobody can connect.... > > Can someone help.. I'm on a very short deadline for clients and the > only patched version I can find is in the frontpage server > distribution and it's 1.2.5 apache There's an article on this in this month's FreeBSD 'zine. See http://www.freebsdzine.org/ . -- - Jim Mock - jim@blues.ghis.net - systems administrator - ghis.NET - - work: http://www.ghis.net/ - personal: http://www.ghis.net/~jim/ - - FreeBSD 'zine: http://www.freebsdzine.org/ - jim@freebsdzine.org - - FreeBSD: http://advocacy.freebsd.org/ - jim@advocacy.FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 14:50:59 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [209.224.254.131]) by hub.freebsd.org (Postfix) with ESMTP id 2FC30156C5 for ; Thu, 1 Jul 1999 14:50:55 -0700 (PDT) (envelope-from hetzels@westbend.net) Received: from admin (admin.westbend.net [209.224.254.141]) by mail.westbend.net (8.8.8/8.8.8) with SMTP id QAA14613; Thu, 1 Jul 1999 16:49:57 -0500 (CDT) (envelope-from hetzels@westbend.net) Message-ID: <006c01bec40b$a975b320$8dfee0d1@westbend.net> From: "Scot W. Hetzel" To: "Paul Stewart" Cc: References: <377A850F.F8904EA8@premier-networks.com> Subject: Re: Frontpage Server Installation Problems Date: Thu, 1 Jul 1999 16:49:57 -0500 Organization: West Bend Internet MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: Paul Stewart > I am trying to install the latest port of Apache-1.3.6 with Frontpage > extentions.. the port installs perfectly except the httpd doesn't get > patched therefore nobody can connect.... > > Can someone help.. I'm on a very short deadline for clients and the only > patched version I can find is in the frontpage server distribution and > it's 1.2.5 apache > What do you mean the server doesn't get patched? Check the error log, it should show: [Sat Jun 12 19:22:34 1999] [notice] Apache/1.3.6 (Unix) FrontPage/3.0.4.3 configured -- resuming normal operations If you don't see this, the check /usr/local/libexec/apache for mod_frontpage.*. If you don't see it then you didn't install the apache13-fp port. When you installed Apache13-fp, did you install over a previous configuration or is it a fresh install? Next check your httpd.conf file, is mod_frontpage listed in the LoadModule & AddModule sections: LoadModule frontpage_module libexec/apache/mod_frontpage.so and AddModule mod_frontpage.c The ports default httpd.conf file uses IfDefine directives to change the configuration: : : This requires the Apache server to be started as "httpd -DFRONTPAGE", in order to use the FrontPage Extentions. Check your servers startup script (/usr/local/etc/rc.d/apache.sh), does it start the server with -DFRONTPAGE. If it doesn't you may want to replace it with the apache.sh.tmpl script. NOTE: Every time the server is started by the apache.sh.tmpl script it will generate a new key file for the frontpage extentions. This is used to prevent individuals from acquiring the key. Scot To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 15: 7:32 1999 Delivered-To: freebsd-isp@freebsd.org Received: from megamail.megared.net.mx (unknown [207.249.163.2]) by hub.freebsd.org (Postfix) with SMTP id E090B156B3 for ; Thu, 1 Jul 1999 15:07:26 -0700 (PDT) (envelope-from ales@megared.net.mx) Received: from [207.249.163.251] by megamail.megared.net.mx (NTMail 3.03.0017/4c.ab3r) with ESMTP id la354001 for ; Thu, 1 Jul 1999 17:03:43 -0500 Message-ID: <001d01bec40d$bccca620$fba3f9cf@megared.net.mx> From: "Alejandro Ramírez" To: "Paul Stewart" , References: <377A850F.F8904EA8@premier-networks.com> Subject: RE: Frontpage Server Installation Problems Date: Thu, 1 Jul 1999 17:04:49 -0500 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, You may want to check out this page there are the 1.3.0 version of fp-patch, and also here its the Front Page Server Extensions 2000 Resource Kit. http://officeupdate.microsoft.com/frontpage/wpp/serk/ and also you can check out this page: http://www.westbend.net/~hetzels/apache-fp/index.html Hope this helps... Ales ----- Original Message ----- From: Paul Stewart To: Sent: Wednesday, June 30, 1999 3:58 PM Subject: Frontpage Server Installation Problems > Hi there... > > I am trying to install the latest port of Apache-1.3.6 with Frontpage > extentions.. the port installs perfectly except the httpd doesn't get > patched therefore nobody can connect.... > > Can someone help.. I'm on a very short deadline for clients and the only > patched version I can find is in the frontpage server distribution and > it's 1.2.5 apache > > Thanks, > > Paul > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 18:38:37 1999 Delivered-To: freebsd-isp@freebsd.org Received: from host1.premier-hosting.com (unknown [209.98.119.194]) by hub.freebsd.org (Postfix) with ESMTP id 6D3E314FC0 for ; Thu, 1 Jul 1999 18:38:34 -0700 (PDT) (envelope-from paul@premier-networks.com) Received: from premier-networks.com (cgowave-36-34.cgocable.net [24.226.36.34]) by host1.premier-hosting.com (8.9.2/8.8.7) with ESMTP id VAA00622; Thu, 1 Jul 1999 21:37:11 -0400 (EDT) Message-ID: <377AC3C7.A997461E@premier-networks.com> Date: Wed, 30 Jun 1999 21:26:31 -0400 From: Paul Stewart Organization: Premier Networks X-Mailer: Mozilla 4.6 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Scot W. Hetzel" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Frontpage Server Installation Problems References: <377A850F.F8904EA8@premier-networks.com> <006c01bec40b$a975b320$8dfee0d1@westbend.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks to everyone who returned my email...:) The problem was me being a dummy.. I was firing up the httpd daemon by hand leaving out the -Dfrontpage command.... Sorry to bother everyone.. goes to show RTFM ;) Paul "Scot W. Hetzel" wrote: > > From: Paul Stewart > > I am trying to install the latest port of Apache-1.3.6 with Frontpage > > extentions.. the port installs perfectly except the httpd doesn't get > > patched therefore nobody can connect.... > > > > Can someone help.. I'm on a very short deadline for clients and the only > > patched version I can find is in the frontpage server distribution and > > it's 1.2.5 apache > > > What do you mean the server doesn't get patched? Check the error log, it > should show: > > [Sat Jun 12 19:22:34 1999] [notice] Apache/1.3.6 (Unix) FrontPage/3.0.4.3 > configured -- resuming normal operations > > If you don't see this, the check /usr/local/libexec/apache for > mod_frontpage.*. If you don't see it then you didn't install the > apache13-fp port. > > When you installed Apache13-fp, did you install over a previous > configuration or is it a fresh install? > > Next check your httpd.conf file, is mod_frontpage listed in the LoadModule & > AddModule sections: > > LoadModule frontpage_module libexec/apache/mod_frontpage.so > > and > > AddModule mod_frontpage.c > > The ports default httpd.conf file uses IfDefine directives to change the > configuration: > > : > : > > > This requires the Apache server to be started as "httpd -DFRONTPAGE", in > order to use the FrontPage Extentions. > > Check your servers startup script (/usr/local/etc/rc.d/apache.sh), does it > start the server with -DFRONTPAGE. If it doesn't you may want to replace it > with the apache.sh.tmpl script. > > NOTE: Every time the server is started by the apache.sh.tmpl script it will > generate a new key file for the frontpage extentions. This is used to > prevent individuals from acquiring the key. > > Scot > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- --- Paul Stewart Premier Networks (705)740-0442 voice (705)740-0443 fax http://www.premier-networks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 19:10:15 1999 Delivered-To: freebsd-isp@freebsd.org Received: from magicnet.magicnet.net (magicnet.magicnet.net [204.96.116.9]) by hub.freebsd.org (Postfix) with ESMTP id 5BBC915615 for ; Thu, 1 Jul 1999 19:10:12 -0700 (PDT) (envelope-from bill@bilver.magicnet.net) Received: (from uucp@localhost) by magicnet.magicnet.net (8.8.6/8.8.8) with UUCP id WAA14727 for freebsd-isp@freebsd.org; Thu, 1 Jul 1999 22:08:36 -0400 (EDT) Received: (from bill@localhost) by bilver.magicnet.net (8.9.1/8.9.1) id VAA47051 for freebsd-isp@freebsd.org; Thu, 1 Jul 1999 21:45:22 -0400 (EDT) From: Bill Vermillion Message-Id: <199907020145.VAA47051@bilver.magicnet.net> Subject: Re: Sendmail 8.9.x check_mail anti-spam rule broken? In-Reply-To: <377B977B.644C021D@mci.com> from Jason Thomson at "Jul 1, 1999 5:29:47 pm" To: freebsd-isp@freebsd.org Date: Thu, 1 Jul 1999 21:44:59 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jason Thomson recently said: > I know. I wasn't suggesting that they were particularly competent. > But they are one of many organisations that don't have A records > for their domain name. The question I was really asking was: > Is it necessary to have A records for a domain name in order to > have EMail messages accepted by Sendmail 8.9.x for senders from > that domain? > As far as I was aware, it shouldn't be necessary to have an A > record for a domain name, in order to send mail to that domain. Well a question then. Since an MX record points to a mail host name, how can you find the IP of that name with no A (A stands for address). ? Bill -- bv@wjv.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Jul 1 20:11: 5 1999 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial0-velvet.Brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 0F89314BC9 for ; Thu, 1 Jul 1999 20:10:51 -0700 (PDT) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.8.8/8.8.8) with SMTP id TAA11277 for ; Fri, 10 Jun 1994 19:29:21 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Fri, 10 Jun 1994 19:29:20 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: ipfw - can it deny ICMP "3.2" (type 3, subtype 2)? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, In the process of using tcpdump to check that traffic was flowing through the correct links after some routing changes, I noticed an attack on one of my users... 12:55:34.711241 193.230.186.164 > 203.20.114.159: icmp: 207.114.0.144 protocol 6 unreachable I added in a temporary ipfw block to deny and log anything from that IP: Jul 2 12:55:58 satin /kernel: ipfw: 1 Deny ICMP:3.2 193.230.186.164 203.20.114.159 in via ppp0 Jul 2 12:56:25 satin last message repeated 1736 times As this is a reasonably common attack and fairly simplistic in nature I thought I might be able to get ipfw to block it. However, after some head scratching and reading of the man pages it seems that ipfw will not allow me to block a "subtype" such as the '.2' in 3.2. satin# ipfw a 1 deny icmp from 1.2.3.4 to 1.2.3.4 icmptypes 3.2 ipfw: error: invalid ICMP type I can't just blanket block type 3 as that's destination unreachable, which generally is a legitimate ICMP message that should be passed. Any ideas? Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://www.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 2 3:33:11 1999 Delivered-To: freebsd-isp@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 4EE97150A9 for ; Fri, 2 Jul 1999 03:33:08 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 49227 invoked by uid 1001); 2 Jul 1999 10:33:06 +0000 (GMT) To: bill@bilver.magicnet.net Cc: freebsd-isp@freebsd.org Subject: Re: Sendmail 8.9.x check_mail anti-spam rule broken? From: sthaug@nethelp.no In-Reply-To: Your message of "Thu, 1 Jul 1999 21:44:59 -0400 (EDT)" References: <199907020145.VAA47051@bilver.magicnet.net> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Fri, 02 Jul 1999 12:33:06 +0200 Message-ID: <49225.930911586@verdi.nethelp.no> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > As far as I was aware, it shouldn't be necessary to have an A > > record for a domain name, in order to send mail to that domain. > > Well a question then. Since an MX record points to a mail host > name, how can you find the IP of that name with no A (A stands for > address). ? The *domain* need not have an A. The *host* that the MX points to must have an A (of course). Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 2 9:43:49 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mu.egroups.com (mu.egroups.com [207.138.41.151]) by hub.freebsd.org (Postfix) with SMTP id 4AD0914C42 for ; Fri, 2 Jul 1999 09:43:43 -0700 (PDT) (envelope-from sams@virtualtek.com) Received: from [10.1.2.25] by mu.egroups.com with NNFMP; 02 Jul 1999 17:43:43 -0000 Date: Fri, 02 Jul 1999 09:43:36 -0700 From: sams@virtualtek.com To: freebsd-isp@freebsd.org Subject: web based email for freebsd Message-ID: <7liq7o$pq6e@eGroups.com> User-Agent: eGroups-EW/0.73 Content-Length: 237 X-Mailer: www.eGroups.com Message Poster Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi everyone, Just thought I'd let you know that Joydesk.com offers web based groupware (email, bulletin board, calendar and address book)that runs on FreeBSD. Please visit http://joydesk.com when you have an opportunity. Cheers, Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 2 10:35: 2 1999 Delivered-To: freebsd-isp@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 6C7F01562C for ; Fri, 2 Jul 1999 10:35:00 -0700 (PDT) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id KAA27927; Fri, 2 Jul 1999 10:34:51 -0700 (PDT) Date: Fri, 2 Jul 1999 10:34:49 -0700 (PDT) From: Julian Elischer To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: ipfw - can it deny ICMP "3.2" (type 3, subtype 2)? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 10 Jun 1994, Rowan Crowe wrote: > Hi all, > > In the process of using tcpdump to check that traffic was flowing through > the correct links after some routing changes, I noticed an attack on one > of my users... > > 12:55:34.711241 193.230.186.164 > 203.20.114.159: icmp: 207.114.0.144 protocol 6 unreachable > > I added in a temporary ipfw block to deny and log anything from that IP: > > Jul 2 12:55:58 satin /kernel: ipfw: 1 Deny ICMP:3.2 193.230.186.164 203.20.114.159 in via ppp0 > Jul 2 12:56:25 satin last message repeated 1736 times > > As this is a reasonably common attack and fairly simplistic in nature I > thought I might be able to get ipfw to block it. However, after some head > scratching and reading of the man pages it seems that ipfw will not allow > me to block a "subtype" such as the '.2' in 3.2. > > satin# ipfw a 1 deny icmp from 1.2.3.4 to 1.2.3.4 icmptypes 3.2 > ipfw: error: invalid ICMP type > > I can't just blanket block type 3 as that's destination unreachable, which > generally is a legitimate ICMP message that should be passed. > > Any ideas? a patch to /sys/netinet/ip_fw.c that implements this and /usr/src/sbin/ipfw would not be too hard for you to write if you wanted that functionality, and we could certainly commit it if you did.. :-) julian > > Cheers. > > > -- > Rowan Crowe http://www.rowan.sensation.net.au/ > Sensation Internet Services http://www.sensation.net.au/ > Melbourne, Australia Phone: +61-3-9388-9260 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 2 10:35:52 1999 Delivered-To: freebsd-isp@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id F36B6155CA for ; Fri, 2 Jul 1999 10:35:50 -0700 (PDT) (envelope-from julian@whistle.com) Received: from current1.whistle.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with SMTP id KAA28019; Fri, 2 Jul 1999 10:35:44 -0700 (PDT) Date: Fri, 2 Jul 1999 10:35:44 -0700 (PDT) From: Julian Elischer To: Rowan Crowe Cc: freebsd-isp@FreeBSD.ORG Subject: Re: ipfw - can it deny ICMP "3.2" (type 3, subtype 2)? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Oh By the way.. check your clock.... On Fri, 10 Jun 1994, Rowan Crowe wrote: ^^^^^^^^^^^^^ > Hi all, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 2 15:22:40 1999 Delivered-To: freebsd-isp@freebsd.org Received: from impatience.valueclick.com (impatience.valueclick.com [216.64.159.40]) by hub.freebsd.org (Postfix) with SMTP id 01AB814C86 for ; Fri, 2 Jul 1999 15:22:35 -0700 (PDT) (envelope-from ask@valueclick.com) Received: (qmail 20308 invoked by uid 500); 2 Jul 1999 22:22:34 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 2 Jul 1999 22:22:34 -0000 Date: Fri, 2 Jul 1999 15:22:34 -0700 (PDT) From: Ask Bjoern Hansen To: Francisco Reyes Cc: FreebSD ISP list Subject: Re: Secondary DNS In-Reply-To: <199907010200.WAA25510@arutam.inch.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 30 Jun 1999, Francisco Reyes wrote: ... > What is my best bet for finding a secondary DNS for my sites? There is some "secondary exchange" website somewhere. I found another ISP to exchange DNS service with there. - ask -- ask bjoern hansen - more than 14M impressions per day, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Fri Jul 2 18: 1:16 1999 Delivered-To: freebsd-isp@freebsd.org Received: from velvet.sensation.net.au (serial0-velvet.Brunswick.sensation.net.au [203.20.114.195]) by hub.freebsd.org (Postfix) with ESMTP id 9FC8415114 for ; Fri, 2 Jul 1999 18:01:05 -0700 (PDT) (envelope-from rowan@sensation.net.au) Received: from localhost (rowan@localhost) by velvet.sensation.net.au (8.8.8/8.8.8) with SMTP id LAA04665 for ; Sat, 3 Jul 1999 11:01:08 +1000 (EST) (envelope-from rowan@sensation.net.au) X-Authentication-Warning: velvet.sensation.net.au: rowan owned process doing -bs Date: Sat, 3 Jul 1999 11:01:08 +1000 (EST) From: Rowan Crowe To: freebsd-isp@freebsd.org Subject: Re: ipfw - can it deny ICMP "3.2" (type 3, subtype 2)? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 2 Jul 1999, Julian Elischer wrote: > On Fri, 10 Jun 1994, Rowan Crowe wrote: This was due to a m/b upgrade, I forgot to reset the clock. (whoops) An ntpdate entry in crontab took care of it within 24 hours... > > As this is a reasonably common attack and fairly simplistic in nature I > > thought I might be able to get ipfw to block it. However, after some head > > scratching and reading of the man pages it seems that ipfw will not allow > > me to block a "subtype" such as the '.2' in 3.2. > > > > satin# ipfw a 1 deny icmp from 1.2.3.4 to 1.2.3.4 icmptypes 3.2 > > ipfw: error: invalid ICMP type > > > > I can't just blanket block type 3 as that's destination unreachable, which > > generally is a legitimate ICMP message that should be passed. > > > > Any ideas? > > a patch to /sys/netinet/ip_fw.c that implements this > and > /usr/src/sbin/ipfw > > would not be too hard for you to write if you wanted that functionality, > and we could certainly commit it if you did.. > :-) ...except my knowledge of C, especially existing code, isn't the best. ;-) You should see some of my own programs written from scratch, a lot of them use my own functions written from first principles because I don't fully understand how to pass parameters to certain standard library calls (sockets are one of those things) Any takers? :) Cheers. -- Rowan Crowe http://www.rowan.sensation.net.au/ Sensation Internet Services http://www.sensation.net.au/ Melbourne, Australia Phone: +61-3-9388-9260 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 3 15: 7:25 1999 Delivered-To: freebsd-isp@freebsd.org Received: from arnold.neland.dk (mail.neland.dk [194.255.12.232]) by hub.freebsd.org (Postfix) with ESMTP id 717E215185 for ; Sat, 3 Jul 1999 15:07:17 -0700 (PDT) (envelope-from leifn@neland.dk) Received: from gina (gina.neland.dk [192.168.0.14]) by arnold.neland.dk (8.9.3/8.9.3) with SMTP id AAA57198; Sun, 4 Jul 1999 00:07:06 +0200 (CEST) (envelope-from leifn@neland.dk) Message-ID: <012401bec5a0$61342880$0e00a8c0@neland.dk> From: "Leif Neland" To: Cc: Subject: BB, sendmail and rbl Date: Sun, 4 Jul 1999 00:05:01 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I run Big Brother on a FreeBSD box, which is connected to the world on a dial-on-demand isdn. A few days ago, I enabled FEATURE(rbl)dnl, Realtime Blackhole list in my sendmail.mc Now everytime bb connects to sendmail, the dial-on-demand kicks in! I hastily removed rbl again. 12 checks pr hour at $0.01 per call plus 2 minutes timeout adds up... How can I stop this dialup, and still use bb and rbl? Is sendmail somehow making a rbl-lookup on myself (actually the host bb is running on)? If so, could I put something in my named to prevent this? I don't want to block dns-requests to trigger dial-on-demand. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 3 18:15:42 1999 Delivered-To: freebsd-isp@freebsd.org Received: from arnold.neland.dk (mail.neland.dk [194.255.12.232]) by hub.freebsd.org (Postfix) with ESMTP id 40C3C14D0C for ; Sat, 3 Jul 1999 18:15:37 -0700 (PDT) (envelope-from leifn@neland.dk) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.9.3/8.9.3) with ESMTP id DAA96138; Sun, 4 Jul 1999 03:15:27 +0200 (CEST) (envelope-from leifn@neland.dk) Date: Sun, 4 Jul 1999 03:15:27 +0200 (CEST) From: Leif Neland To: Kurt Jaeger Cc: freebsd-isp@freebsd.org, bb@taex001.tamu.edu Subject: Re: BB, sendmail and rbl In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 4 Jul 1999, Kurt Jaeger wrote: > Hi! > > > How can I stop this dialup, and still use bb and rbl? > > You can't use rbl without a DNS lookup. Check the READMEs on RBL and > you'll understand... > I understand. But the problem was that every time bb made a check connecting to sendmail, sendmail did a lookup on 1.0.0.127.maps.rbl.vix.com. It wanted to check if localhost was blocked by rbl. As lookups on rbl are very shortlived, a dial-on-demand connection was made every 5 minutes. As I'm fairly sure I'm not in rbl (and don't want to check every 5 minutes) I put my nameserver as authoritative for 0.0.127.maps.rbl.vix.com. and 0.168.192.maps.rbl.vix.com. This stopped the connection to be dialed every 5 minutes. Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 3 19: 4:54 1999 Delivered-To: freebsd-isp@freebsd.org Received: from cyril.iaeste.dk (ns.aub.dk [195.249.214.2]) by hub.freebsd.org (Postfix) with ESMTP id 128E914F51 for ; Sat, 3 Jul 1999 19:04:42 -0700 (PDT) (envelope-from henrik@iaeste.dk) Received: from localhost (henrik@localhost [127.0.0.1]) by cyril.iaeste.dk (8.8.7/8.8.7) with ESMTP id EAA01746; Sun, 4 Jul 1999 04:04:30 +0200 Date: Sun, 4 Jul 1999 02:04:29 +0000 (GMT) From: Henrik Olsen To: bb@taex001.tamu.edu Cc: freebsd-isp@FreeBSD.ORG Subject: Re: {bb} BB, sendmail and rbl In-Reply-To: <012401bec5a0$61342880$0e00a8c0@neland.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 4 Jul 1999, Leif Neland wrote: > > I run Big Brother on a FreeBSD box, which is connected to the world on a > dial-on-demand isdn. > A few days ago, I enabled FEATURE(rbl)dnl, Realtime Blackhole list in my > sendmail.mc > > Now everytime bb connects to sendmail, the dial-on-demand kicks in! > > I hastily removed rbl again. 12 checks pr hour at $0.01 per call plus 2 > minutes timeout adds up... > > How can I stop this dialup, and still use bb and rbl? > > Is sendmail somehow making a rbl-lookup on myself (actually the host bb is > running on)? > > If so, could I put something in my named to prevent this? > I don't want to block dns-requests to trigger dial-on-demand. > > Leif One possibility is to hack sendmail.cf to exclude the rbl check for specific ip numbers, I did that for a site that used all the checks including orbs, but needed the ability to get mail from specific sites even though they where in the lists. Adding your bbnet hosts ipnumber to the no_check file will prevent the lookup. Add this in the local info section: # file containing IP numbers of machines which can sent to up even though # they have been blacklisted F{NoCheck} /etc/mail/no_check Insert this just after Scheck_mail and before the rest of the rbl check: # make a dup to mangle R$* $: $1 $| $(dequote "" $&{client_addr} $) # Check for hosts we explicitely allow though they are blacklisted R$* $| $*$={NoCheck} $@ $>3 $1 from allowed system # regenerate old value R$* $| $* $: $1 # rest of check -- Henrik Olsen, Dawn Solutions I/S URL=http://www.iaeste.dk/~henrik/ Darth Vader: Luke, come to the dark side. Luke: No. Darth Vader: Your goodness has redeemed me. Die, emperor scum. Return of the Jedi, the Movie-A-Minute version To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Jul 3 19:46:35 1999 Delivered-To: freebsd-isp@freebsd.org Received: from abc.bbs-la.com (abc.bbs-la.com [205.147.34.8]) by hub.freebsd.org (Postfix) with ESMTP id 657EB14ED1 for ; Sat, 3 Jul 1999 19:46:31 -0700 (PDT) (envelope-from root@abc.bbs-la.com) Received: from localhost (root@localhost) by abc.bbs-la.com (8.9.3/8.9.3) with ESMTP id TAA05882; Sat, 3 Jul 1999 19:46:23 -0700 Date: Sat, 3 Jul 1999 19:46:23 -0700 (PDT) From: root To: bb@taex001.tamu.edu Cc: freebsd-isp@FreeBSD.ORG Subject: Re: {bb} BB, sendmail and rbl In-Reply-To: <012401bec5a0$61342880$0e00a8c0@neland.dk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 4 Jul 1999, Leif Neland wrote: > I run Big Brother on a FreeBSD box, which is connected to the world on a > dial-on-demand isdn. > A few days ago, I enabled FEATURE(rbl)dnl, Realtime Blackhole list in my > sendmail.mc > > Now everytime bb connects to sendmail, > the dial-on-demand kicks in! > RBL is expensive in DNS transactions. Every mail address gets matched against a illegal Reverse zone scheme. If you can stand it, you could set up your named to be a downstream zone for the RBL master. It helps (A Lot)!!! Steve Foster BBS-la.com sysop@bbs-la.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message