From owner-freebsd-isp Wed Jan 1 06:33:29 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id GAA29772 for isp-outgoing; Wed, 1 Jan 1997 06:33:29 -0800 (PST) Received: from mourne.gpl.net (bradley@mourne.gpl.net [194.46.0.31]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id GAA29766 for ; Wed, 1 Jan 1997 06:33:23 -0800 (PST) Received: (from bradley@localhost) by mourne.gpl.net (8.6.12/8.6.12) id OAA28640; Wed, 1 Jan 1997 14:51:42 GMT Date: Wed, 1 Jan 1997 14:51:42 +0000 (GMT) From: Dermot Bradley To: Samara McCord cc: freebsd-isp@FreeBSD.org Subject: Re: Usernames (was Sendmail, POP3 & RADIUS, etc.) In-Reply-To: <199612312029.MAA08525@syzygy.zytek.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 31 Dec 1996, Samara McCord wrote: > I think this still misses the main point. Sure it's no problem to use > sendmail, etc. to convert any old name you want into unique *8 character* > names, but then the question is: HOW IS MAIL RETRIEVED?. Most people > are willing to accept 8-character usernames for email, but here is the > problem: we have a dozen separate domains from separate companies all > on the same machine with the same POP server and the same password > file. We use a locally written delivery agent for sendmail and a modified version of Qualcomm qpopper for virtual domains. We have a DBM file for each virtual domain containing password details for each email account. For the relevant domains, sendmail calls our delivery agent. To retrieve email, the POP account for address bob@bigco.com would be bob@popmail.bigco.com - the pop server looks at the address/IP it as accessed as (one IP per virtual POP server), can differentiate between being called popmail.bigco.com and popmail.smallco.com and so uses a different DBM file and different directory for each domain. Dermot -- Dermot Bradley Email: bradley@gpl.net Communications Director Tel: +44 1232 572003 Genesis Project Ltd Fax: +44 1232 560553 Belfast & Coleraine & Desertmartin, N.I. WWW: http://www.gpl.net/ From owner-freebsd-isp Wed Jan 1 18:57:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id SAA10925 for isp-outgoing; Wed, 1 Jan 1997 18:57:03 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id SAA10909 for ; Wed, 1 Jan 1997 18:56:58 -0800 (PST) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0vfdKo-0008uxC; Wed, 1 Jan 97 18:56 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Re: Usernames (was Sendmail, POP3 & RADIUS, etc.) To: matt@clintondale.com (Matt Hamilton) Date: Wed, 1 Jan 1997 18:56:46 -0800 (PST) Cc: freebsd-isp@freebsd.org In-Reply-To: from "Matt Hamilton" at Dec 29, 96 08:25:11 pm X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Escpecially those that are trying to target a business audience. Our internal mail system at work uses first_m_last; there are very few conflicts. -- Alan Batie ______ batie@agora.rdrop.com \ / Assimilate this! +1 503 452-0960 \ / --Worf, First Contact DE 3C 29 17 C0 49 7A 27 \/ 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation. From owner-freebsd-isp Thu Jan 2 03:11:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id DAA28900 for isp-outgoing; Thu, 2 Jan 1997 03:11:37 -0800 (PST) Received: from alpha.kada.lt (alpha.kada.lt [193.219.13.141]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id DAA28895 for ; Thu, 2 Jan 1997 03:11:31 -0800 (PST) Received: from dara by alpha.kada.lt (5.65v3.2/1.1.10.5/21Jun96-0218PM) id AA03617; Thu, 2 Jan 1997 13:09:05 +0200 Message-Id: <9701021109.AA03617@alpha.kada.lt> Comments: Authenticated sender is From: "Darius Ramanauskas" To: freebsd-isp@freebsd.org Date: Thu, 2 Jan 1997 13:14:03 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: Restrict login in cisco? Priority: normal X-Mailer: Pegasus Mail for Win32 (v2.42a) Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi All, This question is not for this list but in any way. Please answer if anybody knows: How to enable login to cisco router (Access Server) for user only once? It means that if user AA is loged on to line Async1 and is trying to log on to line Async3 with the same name (AA) it should be denyed. Authentication is done by TACACS+ on FreeBSD 2.1.5. Thank You Darius P.S. Happy New Year to All... From owner-freebsd-isp Thu Jan 2 03:49:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id DAA00221 for isp-outgoing; Thu, 2 Jan 1997 03:49:38 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id DAA00216 for ; Thu, 2 Jan 1997 03:49:36 -0800 (PST) Received: from shiva.seranis.com.au (shiva.seranis.com.au [203.14.110.2]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id DAA00287 for ; Thu, 2 Jan 1997 03:49:28 -0800 (PST) Received: (from ramakant@localhost) by shiva.seranis.com.au (8.8.3/8.6.9) id WAA06054; Thu, 2 Jan 1997 22:49:28 +1100 (EST) Date: Thu, 2 Jan 1997 22:49:27 +1100 (EST) From: Ramakant Duggal To: Darius Ramanauskas cc: freebsd-isp@FreeBSD.ORG Subject: Re: Restrict login in cisco? In-Reply-To: <9701021109.AA03617@alpha.kada.lt> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk We do this to restrict multiple sessions on the Xylogics Annex. An expect script is run every minute, which telnets into the annexe, checks for multiple logins and knocks off all but one, sending the concerned user a warning that they are violating the terms of their account bla bla ... Same could be done with the route I suppose. It is slow. May be someone know of a better way ? On Thu, 2 Jan 1997, Darius Ramanauskas wrote: > Hi All, > > This question is not for this list but in any way. Please answer if > anybody knows: > > How to enable login to cisco router (Access Server) for user only > once? It means that if user AA is loged on to line Async1 and is > trying to log on to line Async3 with the same name (AA) it should be > denyed. > > Authentication is done by TACACS+ on FreeBSD 2.1.5. > > Thank You > > Darius > > P.S. > > Happy New Year to All... > From owner-freebsd-isp Thu Jan 2 07:38:58 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id HAA09045 for isp-outgoing; Thu, 2 Jan 1997 07:38:58 -0800 (PST) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id HAA09038 for ; Thu, 2 Jan 1997 07:38:56 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id HAA16474 for ; Thu, 2 Jan 1997 07:38:37 -0800 (PST) Message-Id: <199701021538.HAA16474@root.com> X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol To: freebsd-isp@freebsd.org Subject: serious security bug in wu-ftpd v2.4 From: David Greenman Reply-To: dg@root.com Date: Thu, 02 Jan 1997 07:38:37 -0800 Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Summary ------- There is a serious security bug in wu-ftpd v2.4 (including the version from Academ) which may allow both regular and anonymous users to access files as uid 0 (root). The same bug is also responsible for an advisory lock not being unlocked - potentially resulting in blocked access to future ftp logins and filling up the process table and swap space until the server dies. Description ----------- The ftpd server installs two signal handlers as part of its startup procedure: one to catch SIGPIPE for control/data port connection closes, and one to catch SIGURG for when out-of-band signaling is used with the ABOR (abort file transfer) command. The SIGPIPE handler is: lostconn(int sig) { if (debug) syslog(LOG_DEBUG, "lost connection to %s [%s]", remotehost, remoteaddr); dologout(-1); } ...which causes the ftpd server to exit via dologout() whenever the control or data connection is unexpectedly closed. The function dologout() is: dologout(int status) { if (logged_in) { (void) seteuid((uid_t) 0); logwtmp(ttyline, "", ""); } syslog(LOG_INFO, "FTP session closed"); if (xferlog) close(xferlog); acl_remove(); /* beware of flushing buffers after a SIGPIPE */ _exit(status); } ...which changes the effective uid to 0, adds a logout record to wtmp, closes the xferlog log file, removes this instance of the server from the PID file for his class, and exits. The initial part of the SIGURG handler is: myoob(int sig) { char *cp; /* only process if transfer occurring */ if (!transflag) return; cp = tmpline; if (getline(cp, 7, stdin) == NULL) { reply(221, "You could at least say goodbye."); dologout(0); } upper(cp); if (strcmp(cp, "ABOR\r\n") == 0) { tmpline[0] = '\0'; reply(426, "Transfer aborted. Data connection closed."); reply(226, "Abort successful"); longjmp(urgcatch, 1); } (...) ...which does nothing if transflag is 0 - not currently doing a file transfer, but if you are and an ABOR command was issued along with the "urgent" data that caused this signal, then the procedure does a longjmp() restoring the "urgcatch" saved state, which ultimately returns back to the server main command loop. Now, some FTP client programs will abort a file transfer by BOTH closing the data connection AND issuing an ABOR with out-of-band signaling. In many instances, the ftpd server gets the SIGPIPE due to the closed data connection and begins the dologout() procedure. While it is uid 0 and sometimes while it also has the pid file advisory lock (which occurs in the acl_remove() procedure), the ftpd server will sometimes be interrupted by the SIGURG that is delivered as part of the ABOR command. Since transflag is not 0 (a file transfer WAS occuring), the signal handler does a longjmp which ultimately returns to the main command loop...and presto, you are uid 0, and to make things even better, the xferlog log file is closed so nothing you do is even logged. A patch to fix this problem is simple: *** ftpd.c.bak Wed Jan 1 22:10:05 1997 --- ftpd.c Wed Jan 1 22:10:14 1997 *************** *** 2503,2508 **** --- 2503,2514 ---- void dologout(int status) { + /* + * Prevent reception of SIGURG from resulting in a resumption + * back to the main program loop. + */ + transflag = 0; + if (logged_in) { (void) seteuid((uid_t) 0); logwtmp(ttyline, "", ""); ...which does as the comment suggests. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project From owner-freebsd-isp Thu Jan 2 10:40:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id KAA22667 for isp-outgoing; Thu, 2 Jan 1997 10:40:43 -0800 (PST) Received: from mail1.i1.net (root@mail1.i1.net [207.230.32.4]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA22662 for ; Thu, 2 Jan 1997 10:40:40 -0800 (PST) Received: from term_az.kdginc.com ([207.230.59.10]) by mail1.i1.net (8.8.3/8.8.3) with SMTP id MAA18352 for ; Thu, 2 Jan 1997 12:40:38 -0600 (CST) Date: Thu, 2 Jan 1997 12:40:38 -0600 (CST) Message-Id: <1.5.4.16.19970102124235.1ca7006e@i1.net> X-Sender: kdg@i1.net X-Mailer: Windows Eudora Light Version 1.5.4 (16) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: freebsd-isp@freebsd.org From: "Kuhlmann Design Group, Inc - MH" <66.Progress.Parkway.Maryland.Heights@mail1.i1.net>, MO.63043@mail1.i1.net Subject: unsubscribe Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk From owner-freebsd-isp Thu Jan 2 10:55:36 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id KAA23214 for isp-outgoing; Thu, 2 Jan 1997 10:55:36 -0800 (PST) Received: from gds.de (ns.gds.de [194.77.222.14]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA23171 for ; Thu, 2 Jan 1997 10:55:22 -0800 (PST) Received: from pluto.gds.de (pluto.gds.de [194.77.222.13]) by gds.de (8.7.5/8.6.12) with SMTP id TAA28926 for ; Thu, 2 Jan 1997 19:55:09 +0100 (MET) Message-Id: <199701021855.TAA28926@gds.de> Comments: Authenticated sender is From: "Richard Gresek" Organization: Plus.Net To: freebsd-isp@freebsd.org Date: Thu, 2 Jan 1997 19:54:02 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Subject: X-Server, X-Terminal Priority: normal X-mailer: Pegasus Mail for Win32 (v2.42a) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from Quoted-printable to 8bit by freefall.freebsd.org id KAA23209 Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hallo, how can I use FreeBSD as an X-Terminal? We have several FreeBSD-Systems to manage. IŽd like to use one of them as the X-Terminal for the others (not only an xterm or telnet-session). Which are the basic steps to do this? What is to be done on the server and on the client side? I have looked through the docs of FreeBSD and also XFree86 but did not find any hint about it. Thanks in advance Richard Gresek +-------------------------------------------------------------------+ : Plus.Net Internet PoP fuer : Oppenheimer Landstr. 55 Frankfurt & Westerwald : 60596 Frankfurt : Tel.: +49 69 61991275 http://www.plusnet.de : Fax : +49 69 610238 +-------------------------------------------------------------------+ From owner-freebsd-isp Thu Jan 2 11:00:01 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id LAA23435 for isp-outgoing; Thu, 2 Jan 1997 11:00:01 -0800 (PST) Received: from gds.de (ns.gds.de [194.77.222.14]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA23428 for ; Thu, 2 Jan 1997 10:59:55 -0800 (PST) Received: from pluto.gds.de (pluto.gds.de [194.77.222.13]) by gds.de (8.7.5/8.6.12) with SMTP id TAA29066 for ; Thu, 2 Jan 1997 19:59:43 +0100 (MET) Message-Id: <199701021859.TAA29066@gds.de> Comments: Authenticated sender is From: "Richard Gresek" Organization: Plus.Net To: freebsd-isp@freebsd.org Date: Thu, 2 Jan 1997 19:58:36 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: SMP, FreeBSD 3.0 Priority: normal X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk What is the state of the SMP project? Can it be downloaded somewhere? Is there a special mailing-list? Thanks Richard +-------------------------------------------------------------------+ : Plus.Net Internet PoP fuer : Oppenheimer Landstr. 55 Frankfurt & Westerwald : 60596 Frankfurt : Tel.: +49 69 61991275 http://www.plusnet.de : Fax : +49 69 610238 +-------------------------------------------------------------------+ From owner-freebsd-isp Thu Jan 2 13:04:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA02587 for isp-outgoing; Thu, 2 Jan 1997 13:04:19 -0800 (PST) Received: from nt-server.nteatel.net ([207.101.8.250]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id NAA02580 for ; Thu, 2 Jan 1997 13:04:12 -0800 (PST) Received: from [207.101.0.50] by nt-server.nteatel.net (NTMail 3.02.07) with ESMTP id fa077615 for ; Thu, 2 Jan 1997 15:03:17 -0600 Message-Id: <3.0.32.19970102150357.0069bd00@chill> X-Sender: hawke#hawkewerks.com@chill X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 02 Jan 1997 15:03:58 -0600 To: freebsd-isp@FreeBSD.ORG From: HawkeWerks Multimedia Subject: Newserver recommendations Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I'm about to set up a full feed news server. I'd like any suggestions/recommendations for setup. Partition choices, any special INN configurations, recommended news feeders, etc. Any information would be greatly appreciated TIA Lloyd Duhon SA - Zoron, Inc. From owner-freebsd-isp Thu Jan 2 16:06:39 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA13665 for isp-outgoing; Thu, 2 Jan 1997 16:06:39 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id QAA13629 for ; Thu, 2 Jan 1997 16:05:16 -0800 (PST) Received: from super-g.inch.com by agora.rdrop.com with smtp (Smail3.1.29.1 #17) id m0vfx8J-0008wNC; Thu, 2 Jan 97 16:05 PST Received: from localhost (spork@localhost) by super-g.inch.com (8.8.4/8.6.9) with SMTP id TAA18403; Thu, 2 Jan 1997 19:07:20 -0500 (EST) Date: Thu, 2 Jan 1997 19:07:20 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: HawkeWerks Multimedia cc: freebsd-isp@freebsd.org Subject: Re: Newserver recommendations In-Reply-To: <3.0.32.19970102150357.0069bd00@chill> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I'd search the questions, isp, and hardware lists for the words "news and greco"... Charles On Thu, 2 Jan 1997, HawkeWerks Multimedia wrote: > I'm about to set up a full feed news server. I'd like any > suggestions/recommendations for setup. Partition choices, any special INN > configurations, recommended news feeders, etc. Any information would be > greatly appreciated > > TIA > > Lloyd Duhon > SA - Zoron, Inc. > > From owner-freebsd-isp Thu Jan 2 16:34:29 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA17171 for isp-outgoing; Thu, 2 Jan 1997 16:34:29 -0800 (PST) Received: from ns.lancite.com (ns.lancite.com [205.236.254.17]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id QAA17157 for ; Thu, 2 Jan 1997 16:34:25 -0800 (PST) Received: from dmaffei.lancite.com ([205.236.254.50]) by ns.lancite.com (8.7.5/8.7.3) with SMTP id UAA20804 for ; Thu, 2 Jan 1997 20:26:45 -0500 (EST) Received: by dmaffei.lancite.com with Microsoft Mail id <01BBF8E3.06AD35A0@dmaffei.lancite.com>; Thu, 2 Jan 1997 19:27:43 -0500 Message-ID: <01BBF8E3.06AD35A0@dmaffei.lancite.com> From: Domenico Maffei To: "'freebsd-isp@freebsd.org'" Subject: unsubscribe Date: Mon, 30 Dec 1996 21:53:05 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk From owner-freebsd-isp Thu Jan 2 17:24:12 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id RAA19836 for isp-outgoing; Thu, 2 Jan 1997 17:24:12 -0800 (PST) Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id RAA19827 for ; Thu, 2 Jan 1997 17:24:10 -0800 (PST) Received: from sand (sand.sentex.ca [206.222.77.6]) by granite.sentex.net (8.8.4/8.6.9) with SMTP id UAA12957; Thu, 2 Jan 1997 20:27:41 -0500 (EST) Message-Id: <3.0.32.19970102201614.0099e100@sentex.net> X-Sender: mdtancsa@sentex.net X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 02 Jan 1997 20:16:17 -0500 To: HawkeWerks Multimedia , freebsd-isp@freebsd.org From: Mike Tancsa Subject: Re: Newserver recommendations Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 03:03 PM 1/02/97 -0600, HawkeWerks Multimedia wrote: >I'm about to set up a full feed news server. I'd like any >suggestions/recommendations for setup. Partition choices, any special INN >configurations, recommended news feeders, etc. Any information would be >greatly appreciated I asked this question a few months or so ago and got many helpful responses... Basically, it boils down to this... *Dont* get one big whopper of a drive. Instead, split it up among many 4 gig hard drives, and with 2 SCSI controllers if you are pushing 8 disks... Depending on how many news readers you will have, and how big of a feed you want, get as much RAM as possible. 128Meg is a good starting point. Dont forget to compile in the MAXMEN option to take advantage of the extra RAM. Also, get 512K cache. Personally, I wouldnt bother with a Pentium Pro. Spend the money you save on a Pentium 166 or even a 133 and buy more RAM. I have 128Meg RAM, and an active file thats trimmed down to 16,000 news groups with a couple of UUCP feeds, and 2 nntp partial outbound feeds, and I hardly ever see the load average push much above .5-.6. Also, trim any dead weight out of the active file that you dont need... I am sure our customers are not much different from a typical ISP, and we get at best about 1500 different newsgroups being read in a month, with the most popular being the alt.binaries.pictures.erotica.* newsgroups (by a VERY, VERY large margin!) So, if you want to keep more than a couple of days around, you will need 8 gig for these groups alone! Also, the alt.binaries.warez.* take a tremendous amount of space as well. If you have never setup innd, read through the FAQ, its quite helpful... The most recent versions of INND can be found at http://www.isc.org/isc/inn.html. Also, as another person said, go through this mailing list and look at the previous postings... They are quite helpful. ---Mike From owner-freebsd-isp Thu Jan 2 19:19:52 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id TAA25184 for isp-outgoing; Thu, 2 Jan 1997 19:19:52 -0800 (PST) Received: from root.com (implode.root.com [198.145.90.17]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id TAA25178 for ; Thu, 2 Jan 1997 19:19:49 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id TAA18739 for ; Thu, 2 Jan 1997 19:19:26 -0800 (PST) Message-Id: <199701030319.TAA18739@root.com> X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol To: freebsd-isp@freebsd.org Subject: FreeBSD as T1 router From: David Greenman Reply-To: dg@root.com Date: Thu, 02 Jan 1997 19:19:26 -0800 Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk ------- Forwarded Message Return-Path: owner-freebsd-questions@freefall.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.18]) by root.com (8.7.6/8.6.5) with ESMTP id QAA18118 for ; Thu, 2 Jan 1997 16:18:49 -0800 (PST) Received: from localhost (daemon@localhost) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id OAA07312; Thu, 2 Jan 1997 14:11:38 -0800 (PST) Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA07199 for questions-outgoing; Thu, 2 Jan 1997 14:09:52 -0800 (PST) Received: from vdp01.vailsystems.com (vdp01.vailsystems.com [207.152.98.18]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA07194 for ; Thu, 2 Jan 1997 14:09:49 -0800 (PST) Received: from crocodile.vale.com (crocodile [204.117.217.147]) by vdp01.vailsystems.com (8.8.3/8.7.3) with ESMTP id QAA27094 for ; Thu, 2 Jan 1997 16:08:58 -0600 (CST) Received: from jaguar (jaguar.vale.com [204.117.217.146]) by crocodile.vale.com (8.8.3/8.7.3) with SMTP id NAA03768 for ; Thu, 2 Jan 1997 13:38:51 -0600 (CST) Message-ID: <32CC0ECB.70C@vailsys.com> Date: Thu, 02 Jan 1997 13:38:51 -0600 From: Hal Snyder Reply-To: hal@vailsys.com Organization: Vail Systems, Inc. X-Mailer: Mozilla 3.0 (WinNT; I) MIME-Version: 1.0 To: questions@freebsd.org Subject: FreeBSD/ET, T1 router Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I wonder if anyone else has results using FreeBSD on a WAN router. This message is more of a progress report than a question... A couple months ago, we needed another ether interface on one of our WAN routers. We had been using a Cisco 2501, which has only one ether interface and is not upgradable. I persuaded my employer to let us try out an Emerging Technologies HDLC card in a PC running FreeBSD. There was some grumbling from the Cisco loyalists - who ever got fired for buying Cisco? We took advantage of slow work schedules and net traffic over the holidays to make the switch. The FreeBSD/ET-based router runs 2.1.5-R and the latest driver bits from the ET ftp site. It talks Cisco encapsulated HDLC over a T1 to a genuine Cisco router at the other end. It took about 3 hours to setup and configure FreeBSD on the PC, and another 2 hours to link in the ET driver bits and set things up. We were able to use all factory settings on the ET-5025-16 card, and used the default setup file provided by ET for Cisco HDLC, without modification. ET docs are lucid and thorough. We can add more ether slots on the system cheaply whenever we want, just by adding another SMC dual-port card. The ET card we bought also has a second async port available for Frame Relay or point-to-point. It is a big win having FreeBSD admin tools on the router. Ipfw allows us whatever level of logging detail we want on filtered packets. We linked an operations kernel without bpf, and a diagnostic one with bpf. The latter allows us to run tcpdump on the WAN interface as well as on ether. ------- End of Forwarded Message From owner-freebsd-isp Fri Jan 3 09:57:36 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id JAA04877 for isp-outgoing; Fri, 3 Jan 1997 09:57:36 -0800 (PST) Received: from srv1.thuntek.net (root@srv1.thuntek.net [206.206.98.18]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id JAA04872 for ; Fri, 3 Jan 1997 09:57:34 -0800 (PST) Received: from scott.cr.usgs.gov (aslpca.cr.usgs.gov [136.177.121.30]) by srv1.thuntek.net (8.7.5/8.6.12) with SMTP id KAA06050 for ; Fri, 3 Jan 1997 10:57:27 -0700 (MST) Message-Id: <3.0.32.19970103111025.01209b54@206.206.98.18> X-Sender: scott@206.206.98.18 X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 03 Jan 1997 11:10:28 -0700 To: freebsd-isp@freebsd.org From: Scott Halbert Subject: Remote Quotas with NFS Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Does anyone know if any of the later versions of FreeBSD support enforcement of quota on disks mounted via NFS on the *client* side. When I tried putting the 'userquota' in the fstab it said it wasn't supported by the nfs mounter (I think this was on 2.1.5). I do have quotas turned on and working on the server. My user's home disks are on a different server than the one they log into for shell access, so it is not really possible to enforce quotas there. This feature doesn't seem to be documented anywhere. There is a stub for it in the handbook, but it is yet empty. I notice that there is an rpc.rquotad available under 2.2-BETA, but not under 2.1.5. Maybe this is all that is needed? I'm not clear on where quota's get implemented on a distributed file system. Are they implemented only on the server after all? Does an over quota client just get write errors? Without the rpc.rquotad, the user cannot run the quota command and find out what is happening. Thanks! ---Scott Halbert Thunder Network Technologies, Inc. From owner-freebsd-isp Fri Jan 3 16:02:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA22031 for isp-outgoing; Fri, 3 Jan 1997 16:02:50 -0800 (PST) Received: from vex.net (shell.vex.net [207.107.242.162]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id QAA22026 for ; Fri, 3 Jan 1997 16:02:48 -0800 (PST) Received: from vex.net(really [207.107.242.162]) by vex.net via sendmail with smtp id for ; Fri, 3 Jan 1997 18:58:23 -0500 (EST) (Smail-3.2.0.90 1996-Dec-4 #3 built 1996-Dec-12) Date: Fri, 3 Jan 1997 18:58:23 -0500 (EST) From: Brian Tao To: Jacob Suter cc: isp@FreeBSD.ORG Subject: Re: Bandwidth.. In-Reply-To: <199612302010.OAA22944@intrastar.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 30 Dec 1996, Jacob Suter wrote: > > Oh geez no.. I put my current web server (AMD 5x86/133 w/ 32 megs > ram) to the test.. 16,000 hits in 12 hours and it wasn't even really > stressed. I benchmarked a 486DX4/100 with 16MB running Apache 0.65 on FreeBSD 2.0.5 (I think it was) in 1995 and it was able to sustain over 800,000 hits in a 24-hour period. This was with a large (50MB) document mix, fetched from an SGI NFS server. Interactive performance on the console was horrible, but response times to HTTP requests were still quite good. A properly equipped P133 running recent software should be able to service several million requests a day without falling over. -- Brian Tao (BT300, taob@risc.org) "Though this be madness, yet there is method in't" From owner-freebsd-isp Fri Jan 3 22:02:48 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id WAA02502 for isp-outgoing; Fri, 3 Jan 1997 22:02:48 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id WAA02457 for ; Fri, 3 Jan 1997 22:02:40 -0800 (PST) Received: from excel.tnet.com.au (excel.tnet.com.au [203.15.94.3]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id SAA03616 for ; Fri, 3 Jan 1997 18:13:27 -0800 (PST) Received: (from slaterm@localhost) by excel.tnet.com.au (8.7.4/8.7.3) id KAA11334; Sat, 4 Jan 1997 10:06:04 +0800 Date: Sat, 4 Jan 1997 10:06:04 +0800 (WST) From: Michael Slater To: freebsd-isp@FreeBSD.ORG Subject: Volume Limits. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hello, I am asking any ISP's that have volume and/or time limits on their systems, one simple question.... How do you do it ? What software/hardware is needed to implement this sort of option ? thanks Michael Slater slaterm@tnet.com.au http://www.tnet.com.au/~slaterm From owner-freebsd-isp Sat Jan 4 09:22:26 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id JAA03294 for isp-outgoing; Sat, 4 Jan 1997 09:22:26 -0800 (PST) Received: from server.medinet.si (server.medinet.si [193.77.234.34]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id JAA03286 for ; Sat, 4 Jan 1997 09:22:21 -0800 (PST) Received: (from uucp@localhost) by server.medinet.si (8.8.4/8.8.4/961228) with UUCP id SAA22987 for freebsd-isp@freebsd.org; Sat, 4 Jan 1997 18:22:16 +0100 (CET) Received: (from blaz@localhost) by gold.medinet.si (8.8.4/8.8.4/960929) id SAA00920 for freebsd-isp@freebsd.org; Sat, 4 Jan 1997 18:22:10 +0100 (CET) From: Blaz Zupan Message-Id: <199701041722.SAA00920@gold.medinet.si> Subject: Mail server To: freebsd-isp@freebsd.org Date: Sat, 4 Jan 1997 18:22:10 +0100 (CET) X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Our operation is currently split between 3 cities, with each city having its own mail server, web server, authentication server (tacacs+), etc. I'm trying to unify all of this and simplify administration. My first task will be to join the authentication servers into one (with backups) so we can have central user administration. My current problem is what to do with the mail server. For reasons I can't disclose here I need to have the mail server in a location that has quite limited bandwidth to the Internet. If I put the central mail server on a machine located there, all the other users will feel a slowdown because they will have to read their mail through this limited pipe. What are other people doing in this situation? How are you spreading your POP3 servers to different locations? Do you only have a central POP3 server? Do you have NFS mouted mail spools? I have FreeBSD 2.1.0 in one location, FreeBSD 2.1.5 in another and currently Irix 5.3 (soon to be replaced by FreeBSD 2.1.6.1) in another location (the other two machines will be upgraded to 2.1.6.1, too). I'm currently using sendmail 8.8.4 with procmail as my local delivery agent and Qualcomm's POP3 server. Oh, and a related question: does anybody know about a POP3 server that would authenticate users through either Radius or TACACS+? And also a local delivery agent that would support this? I don't want to have the users in my /etc/passwd file, I want all of the authentication to be centralised in either the Radius or TACACS+ server. Thanks for any suggestions you can offer. -- Blaz Zupan, blaz.zupan@medinet.si, http://www.medinet.si/~blaz Medinet d.o.o., Linhartova 21, 2000 Maribor, Slovenia From owner-freebsd-isp Sat Jan 4 16:06:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA29643 for isp-outgoing; Sat, 4 Jan 1997 16:06:08 -0800 (PST) Received: from boris.clintondale.com (boris.clintondale.com [206.88.120.5]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id QAA29638 for ; Sat, 4 Jan 1997 16:06:05 -0800 (PST) Received: (qmail 13911 invoked by uid 1000); 5 Jan 1997 00:05:46 -0000 Date: Sat, 4 Jan 1997 19:05:45 -0500 (EST) From: Matt Hamilton To: Blaz Zupan cc: freebsd-isp@freebsd.org Subject: Re: Mail server In-Reply-To: <199701041722.SAA00920@gold.medinet.si> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 4 Jan 1997, Blaz Zupan wrote: > Oh, and a related question: does anybody know about > a POP3 server that would authenticate users through > either Radius or TACACS+? And also a local delivery > agent that would support this? I don't want to > have the users in my /etc/passwd file, I want all > of the authentication to be centralised in either > the Radius or TACACS+ server. I too am trying to set up a similar system and I'm looking for ways to authenticate via RADIUS for a mail server. The closest thing I have found is the Cyrus IMAP server. It does POP too. I was designed as a sealed system ie. people do not log on to the machine they just connect via POP#, IMAP and SMTP to send/receive mail. It is so designed that it does not run as root. It has it's own mail database and own mail dir format. You replace mail.local or /bin/mail with it's delivery program and it puts mail in its dir. It can use Kerberos to authenticate users so I'm sure it can/has been adapted to use RADIUS. As it doesn't run as root and have to change into users it doesn't (I don't think) need to know all the uid/gid/GECOS/homedir etc. stuff from etc/passwd only username/password so it should work with radius. The next step (which shouldn't be too hard) is to get Sendmail to accept mail for these people. The only way I can see is that whenever users are added/deleted from your RADIUS server a list is produced of usernames and Sendmail checks against that (It does something like this with dbm files). If I can't get Cyrus to do RADIUS then I will try and set up Kerberos and get the RADIUS server to pass the requests to Kerberos. Let me know how you get on as like I said, I am trying to do the same thing. Cyrus IMAP is at: http://andrew2.andrew.cmu.edu/cyrus -Matt ------------------------------------------------------------------------------- Matt Hamilton Clintondale Aviation matt@clintondale.com http://www.clintondale.com ------------------------------------------------------------------------------- From owner-freebsd-isp Sat Jan 4 16:47:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA03046 for isp-outgoing; Sat, 4 Jan 1997 16:47:04 -0800 (PST) Received: from pit.ktu.lt (maleon@zveris.pit.ktu.lt [193.219.33.37]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id QAA03041 for ; Sat, 4 Jan 1997 16:46:56 -0800 (PST) Received: (from maleon@localhost) by pit.ktu.lt (8.7.1/8.6.9) id CAA19867; Sun, 5 Jan 1997 02:48:15 +0200 (EET) Date: Sun, 5 Jan 1997 02:48:15 +0200 (EET) From: Prodigy X-Sender: maleon@zveris To: freebsd-isp@freebsd.org In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk unsubscribe From owner-freebsd-isp Sat Jan 4 23:33:47 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id XAA18871 for isp-outgoing; Sat, 4 Jan 1997 23:33:47 -0800 (PST) Received: from ns2.harborcom.net (root@ns2.harborcom.net [206.158.4.4]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id XAA18866 for ; Sat, 4 Jan 1997 23:33:46 -0800 (PST) Received: from swoosh.dunn.org (swoosh.dunn.org [206.158.7.243]) by ns2.harborcom.net (8.8.4/8.8.4) with SMTP id CAA12536 for ; Sun, 5 Jan 1997 02:33:44 -0500 (EST) Date: Sun, 5 Jan 1997 02:31:29 -0500 () From: Bradley Dunn To: freebsd-isp@freebsd.org Subject: Weird Mail Queue error Message-ID: X-X-Sender: bradley@harborcom.net MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I noticed this error in our mail queue: Deferred: 451 queuename: Cannot create "qfXAA25590" in "/usr/spool/mqueue" (euid=41): Disc quota exceeded I have never seen that before! Well, there is no /usr/spool on our system (of course), AND there is no uid 41: bradley@ns2: {30} % id 41 id: 41: No such user I checked the message that caused this error, and it seems normal. Is this cause for concern? A security breach? This is boggling my mind. I did some looking through the sendmail source and I see queuename is a function in queue.c. The line producing this error appears to be 2078 or 2093. Thanks. -BD