From owner-freebsd-isp@FreeBSD.ORG Sun Jul 16 22:19:37 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 229B216A4DA for ; Sun, 16 Jul 2006 22:19:37 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD4EE43D45 for ; Sun, 16 Jul 2006 22:19:36 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Sun, 16 Jul 2006 18:19:34 -0400 id 0016C0F7.44BABB77.00003D95 Received: by gaiahost.coop (sSMTP sendmail emulation); Sun, 16 Jul 2006 18:19:36 -0400 Date: Sun, 16 Jul 2006 18:19:35 -0400 From: Mark Bucciarelli To: freebsd-isp@freebsd.org Message-ID: <20060716221935.GA3600@rabbit> Mail-Followup-To: freebsd-isp@freebsd.org References: <20060714195603.GE396@rabbit> <20060714202233.GF396@rabbit> <20060715181054.GA15489@uk.tiscali.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <20060715181054.GA15489@uk.tiscali.com> User-Agent: Mutt/1.4.2.1i Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jul 2006 22:19:37 -0000 On Sat, Jul 15, 2006 at 07:10:54PM +0100, Brian Candler wrote: > The biggest pain with C CGIs is that you simply cannot trust > any data provided by the caller, and so you must be very > careful about not making any assumptions about the format of > data which could cause you to end up making a buffer underflow > or overflow. This is in addition to the security checks you > would have to do for a perl/php type of CGI (such as making > sure that data to construct a filename doesn't contain /../, > making sure that HTML and SQL special characters are properly > escaped, making sure that if you fork a shell, that shell > metacharacters are properly defanged, and so on) "fork a shell" This would be used if you want to run "find" or some other shell utility from your C code. Correct? > Another poster suggested using FastCGI. Whilst FastCGI is an > excellent framework for web applications, it does not work well > for the sort of 'shared' CGIs you're talking about (formmail, > counter etc). That's because generally you want these CGIs to > run as the UID of the website which is being accessed - in > particular to prevent one site's CGI from being able to modify > content in a different site's webspace. > > FastCGIs are persistent, and so run as whatever UID originally > started them. So unless you want a whole bunch of FastCGI > process pools running around, one for each website, then a > single-shot traditional CGI (which can be run under suexec) is > much better. Yes, I did a bunch of reading when setting up my first FreeBSD server and settled on running PHP apps using fastcgi + suexec. Very RAM-heavy, as each client get's their own php interpreter resident. They time out pretty fast, which is good for RAM but bad for the next time someone visits the site. There is no better solution I have found for performance + security with PHP. And I don't like it much ... hence my initial post. > OTOH, there are many other bottlenecks you may reach on your > webserver before CGI requests from counters and formmail become > significant at all. Much better to monitor your utilisation > and logs carefully. Another thing I did was to modify suexec so > that it would fork(), wait4(), and then log the rusage > information for each CGI execution. Analysing these logs lets > you work out, site by site, which are the CGI hogs. That sounds pretty interesting. Did you publish your work? > But before you start modifying something as security critical > as suexec, you'd better be very sure of your C and Unix. I'm sure of my C, but still learning Unix. Thanks for all the replies! m From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 14:30:25 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF5A916A4DD for ; Mon, 17 Jul 2006 14:30:25 +0000 (UTC) (envelope-from bas@cybox.nl) Received: from smtp-vbr13.xs4all.nl (smtp-vbr13.xs4all.nl [194.109.24.33]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40B4A43D45 for ; Mon, 17 Jul 2006 14:30:24 +0000 (GMT) (envelope-from bas@cybox.nl) Received: from [10.0.2.100] (a80-126-130-215.adsl.xs4all.nl [80.126.130.215]) by smtp-vbr13.xs4all.nl (8.13.6/8.13.6) with ESMTP id k6HEUN9B045213 for ; Mon, 17 Jul 2006 16:30:23 +0200 (CEST) (envelope-from bas@cybox.nl) Message-ID: <44BB9EFE.8040409@cybox.nl> Date: Mon, 17 Jul 2006 16:30:22 +0200 From: Bas Hendriks User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by XS4ALL Virus Scanner Subject: Sendmail: Deferred: Name server: xxx.xxx.xxx: host name lookup failure X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 14:30:25 -0000 Hello, I have a problem with one of my servers, Suddenly i am getting a lot of "Deferred: Name server: xxx.xxx.xxx: host name lookup failure" while DNS resolving on that box is ok(from the command line de backend servers do resolve and are reachable). The mail stays in the mailqueue. This is a mailscanning server (Mailscanner/Spamassasin/Clamav), witch functions as primary mx for several domains, after receiving mail it forwards this mail to backend servers(Using mailertable: domain.com smtp:backendserver-n.xxxx.xx). Any pointers on how to debug this would be appreciated! Best regards, Bas Hendriks -- extra info: [bas@mailscanner bas]$uname -a FreeBSD mailscanner.xxxxxx.xxx 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC i386 [bas@mailscanner bas]$telnet 0 25 Trying 0.0.0.0... Connected to 0. Escape character is '^]'. 220 mailscanner.xxxxxx.xxx ESMTP Sendmail 8.13.4/8.13.4; Mon, 17 Jul 2006 16:19:58 +0200 (CEST) From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 14:41:29 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F93E16A4FA for ; Mon, 17 Jul 2006 14:41:29 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE35243D55 for ; Mon, 17 Jul 2006 14:41:28 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id 9C208605E; Mon, 17 Jul 2006 10:41:27 -0400 (EDT) X-Virus-Scanned: amavisd-new at codefab.com Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiPode8G8IF1; Mon, 17 Jul 2006 10:41:26 -0400 (EDT) Received: from [192.168.1.251] (pool-68-161-117-245.ny325.east.verizon.net [68.161.117.245]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 636E75C35; Mon, 17 Jul 2006 10:41:26 -0400 (EDT) Message-ID: <44BBA190.6070107@mac.com> Date: Mon, 17 Jul 2006 10:41:20 -0400 From: Chuck Swiger User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Bas Hendriks References: <44BB9EFE.8040409@cybox.nl> In-Reply-To: <44BB9EFE.8040409@cybox.nl> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Sendmail: Deferred: Name server: xxx.xxx.xxx: host name lookup failure X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 14:41:29 -0000 Bas Hendriks wrote: > I have a problem with one of my servers, > Suddenly i am getting a lot of "Deferred: Name server: xxx.xxx.xxx: host > name lookup failure" while DNS resolving on that box is ok(from the > command line de backend servers do resolve and are reachable). The mail > stays in the mailqueue. That's normal when a spam-run drops a lot of mail in the queue before someone at the registrar yanks the DNS registration. You can manually flush the queue with a shorter or zero retry interval to clean up the queue of this stuck mail via sendmail -q.... -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 15:33:55 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 234F416A4DA for ; Mon, 17 Jul 2006 15:33:55 +0000 (UTC) (envelope-from mike@coloradosurf.com) Received: from cluster1.bresnan.net (cluster1.bresnan.net [69.145.248.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id A79CF43D49 for ; Mon, 17 Jul 2006 15:33:54 +0000 (GMT) (envelope-from mike@coloradosurf.com) Received: from [72.174.194.94] (HELO pigskin.com) by fe-1.cluster1.bresnan.net (CommuniGate Pro SMTP 5.0.9) with ESMTPS id 469462772; Mon, 17 Jul 2006 09:33:53 -0600 Received: from coloradosurf.com (localhost.coloradosurf.com [127.0.0.1]) by pigskin.com (8.13.6/8.13.6) with ESMTP id k6HFXiUC045099; Mon, 17 Jul 2006 09:33:44 -0600 (MDT) (envelope-from mike@coloradosurf.com) Received: (from mike@localhost) by coloradosurf.com (8.13.6/8.13.6/Submit) id k6HFXg99045098; Mon, 17 Jul 2006 09:33:43 -0600 (MDT) (envelope-from mike) Date: Mon, 17 Jul 2006 09:33:42 -0600 From: mike To: Bas Hendriks Message-ID: <20060717153342.GA45037@coloradosurf.com> References: <44BB9EFE.8040409@cybox.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44BB9EFE.8040409@cybox.nl> User-Agent: Mutt/1.4.2.1i X-Spam-Score: -1.442 () ALL_TRUSTED,SPF_HELO_PASS,SPF_PASS X-Scanned-By: MIMEDefang 2.56 on 172.16.2.1 Cc: freebsd-isp@freebsd.org Subject: Re: Sendmail: Deferred: Name server: xxx.xxx.xxx: host name lookup failure X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 15:33:55 -0000 To add on... I was using sendmail/mimedefang/clamav on freebsd6.0 (w/ probably 8.13.4 before the patch) and got the same issue. It only seemed to have the problem w/ my local domain. I resolved it by running bind on the local server w/ records for my local domain and having forwarders point to my normal internal nameservers (M$). Before switching my resolv.conf to point to localhost, it resolved all domains correctly (via dig), but I kept getting those same errors from sendmail. I think even putting it in /etc/hosts didn't work. Anyhow, the workaround came through and I haven't looked back, but it sure would be nice to understand this one better. It seems googling brought up some stuff w/ sendmail not playing nice w/ M$ nameservers (or switch these around if you prefer to lay appropriate blame) not working in certain instances but I forget the details. This may or may not be related. mike On Mon, Jul 17, 2006 at 04:30:22PM +0200, Bas Hendriks wrote: > Date: Mon, 17 Jul 2006 16:30:22 +0200 > From: Bas Hendriks > To: freebsd-isp@freebsd.org > Subject: Sendmail: Deferred: Name server: xxx.xxx.xxx: host name lookup > failure > > Hello, > > I have a problem with one of my servers, > Suddenly i am getting a lot of "Deferred: Name server: xxx.xxx.xxx: host > name lookup failure" while DNS resolving on that box is ok(from the > command line de backend servers do resolve and are reachable). The mail > stays in the mailqueue. > > This is a mailscanning server (Mailscanner/Spamassasin/Clamav), witch > functions as primary mx for several domains, after receiving mail it > forwards this mail to backend servers(Using mailertable: domain.com > smtp:backendserver-n.xxxx.xx). > > Any pointers on how to debug this would be appreciated! > > Best regards, > Bas Hendriks > > -- > extra info: > [bas@mailscanner bas]$uname -a > FreeBSD mailscanner.xxxxxx.xxx 6.0-RELEASE FreeBSD 6.0-RELEASE #0: Thu Nov > 3 09:36:13 UTC 2005 root@x64.samsco.home:/usr/obj/usr/src/sys/GENERIC > i386 > [bas@mailscanner bas]$telnet 0 25 > Trying 0.0.0.0... > Connected to 0. > Escape character is '^]'. > 220 mailscanner.xxxxxx.xxx ESMTP Sendmail 8.13.4/8.13.4; Mon, 17 Jul 2006 > 16:19:58 +0200 (CEST) > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 15:47:29 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DA81E16A4DA for ; Mon, 17 Jul 2006 15:47:29 +0000 (UTC) (envelope-from bv@bilver.wjv.com) Received: from wjv.com (fl-65-40-24-38.sta.embarqhsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 30ABD43D45 for ; Mon, 17 Jul 2006 15:47:28 +0000 (GMT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.13.6/8.13.1) with ESMTP id k6HFkTtw071470; Mon, 17 Jul 2006 11:46:29 -0400 (EDT) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.13.6/8.13.1/Submit) id k6HFkI61071469; Mon, 17 Jul 2006 11:46:18 -0400 (EDT) (envelope-from bv) Date: Mon, 17 Jul 2006 11:46:17 -0400 From: Bill Vermillion To: mike Message-ID: <20060717154617.GA71352@wjv.com> References: <44BB9EFE.8040409@cybox.nl> <20060717153342.GA45037@coloradosurf.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060717153342.GA45037@coloradosurf.com> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.11 X-Spam-Status: No, score=-4.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, HOT_NASTY,SPF_HELO_PASS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on bilver.wjv.com Cc: freebsd-isp@freebsd.org, Bas Hendriks Subject: Re: Sendmail: Deferred: Name server: xxx.xxx.xxx: host name lookup failure X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bv@wjv.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 15:47:29 -0000 At Mon, Jul 17, 2006 at 09:33 , our malformed and occasionally flatulent friend mike spewed forth this fount of brain juice: > To add on... > I was using sendmail/mimedefang/clamav on freebsd6.0 (w/ probably > 8.13.4 before the patch) and got the same issue. It only seemed > to have the problem w/ my local domain. I resolved it by running > bind on the local server w/ records for my local domain and having > forwarders point to my normal internal nameservers (M$). Before > switching my resolv.conf to point to localhost, it resolved all > domains correctly (via dig), but I kept getting those same errors > from sendmail. I think even putting it in /etc/hosts didn't work. > Anyhow, the workaround came through and I haven't looked back, > but it sure would be nice to understand this one better. It seems > googling brought up some stuff w/ sendmail not playing nice w/ M$ > nameservers (or switch these around if you prefer to lay > appropriate blame) not working in certain instances but I forget > the details. > This may or may not be related. Speaking of 'not playing well with MS' I had a problem with that eariler this year on a Linux machine I support that was updated. I could send mail anywhere EXCEPT to machines running Miscrosoft exchange. I kept getting a name not being able to resovle [or similar] in the bounced mail from the MS machines. I contacted the HW/SW provider who has a lot of clients on our mail machines [not the problem machine] and asked him to check the logs at their machine, which also bounced messages. Of course as I've seen with many MS systems "We don't have logs - they take up too much space" After checking and rechecing it turns out the machine name got added with a trailing dot in the sendmail.cf when it was set up with SuSE's interface. I just toss this out in case someone sees something similar - coonections to all except MS machines working. Bill -- Bill Vermillion - bv @ wjv . com From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 16:50:56 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AECB16A4DA for ; Mon, 17 Jul 2006 16:50:56 +0000 (UTC) (envelope-from netsecuredata@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id C808F43D45 for ; Mon, 17 Jul 2006 16:50:55 +0000 (GMT) (envelope-from netsecuredata@gmail.com) Received: by nf-out-0910.google.com with SMTP id c2so16965nfe for ; Mon, 17 Jul 2006 09:50:54 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WuCM0Oj+QJlaqR8t3uHmfTklOLWOhEjGIt1aOYMjFKZAn5KgPnYmuYILy9iQokb/cm46awm/SOdImvQOhbUH6/AzsdMx3rkBpHpEZzlFc8n0b04RJgzKBMixH8+mazaUIob+hd8HX5zCGl8DdlA9tKm/XqYwxBdzsECSiYVyQds= Received: by 10.78.179.12 with SMTP id b12mr950981huf; Mon, 17 Jul 2006 09:38:56 -0700 (PDT) Received: by 10.78.200.18 with HTTP; Mon, 17 Jul 2006 09:38:56 -0700 (PDT) Message-ID: Date: Mon, 17 Jul 2006 11:38:56 -0500 From: "Jorge Evangelista" To: freebsd-isp@freebsd.org In-Reply-To: <44B88FF6.6030803@optusnet.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44B7B624.1050003@infinityprosports.com> <44B88FF6.6030803@optusnet.com.au> Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 16:50:56 -0000 Hi, I need mysql 4.0.16 for Bandwitdh Manager, anyone could tell me where I can download this version? I prefer install it via packages On 7/15/06, Colin House wrote: > James Ryan wrote: > > Perhaps you have different MySQL client and server installs... did you > > install them via ports, packages, or source? What is your output of > > "pkg_info | grep mysql"? > > > > James > > > > Jorge Evangelista wrote: > >> Hi guys, I am installing Bandwith Manager of Emerging Technologies, I > >> have installed apache, php-mysql, and mysql, it because BW is manage > >> with Web Interface, but I have been having errors when Bandwitdh > >> Manager try to connect with database. > >> There are some logs. > >> > >> 07/10/06 10:55:30: Cannot Open MySQL Database. Error: Client does not > >> support authentication protocol requested by server; consider > >> upgrading MySQL client > >> 07/10/06 10:56:00: Cannot Open MySQL Database. Error: Client does not > >> support authentication protocol requested by server; consider > >> upgrading MySQL client > >> 07/10/06 10:56:00: Can't Get Statistics for flor2 > >> 07/10/06 10:56:00: Can't Get Statistics for SinglePC > >> 07/10/06 10:56:00: Can't Get Statistics for singlepc > >> 07/10/06 10:56:30: Cannot Open MySQL Database. Error: Client does not > >> support authentication protocol requested by server; consider > >> upgrading MySQL client > >> 07/10/06 10:57:00: Cannot Open MySQL Database. Error: Client does not > >> support authentication protocol requested by server; consider > >> upgrading MySQL client > >> 07/10/06 10:57:30: Cannot Open MySQL Database. Error: Client does not > >> support authentication protocol requested by server; consider > >> upgrading MySQL client > >> > >> > >> > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > If you installed from source you need to rebuild php against the mysql5 > libraries. > > If you installed from ports/packages install php5-mysql-5.1.4. > > Should do the trick :) > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- "The network is the computer" From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 17:06:16 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F40C16A4E5; Mon, 17 Jul 2006 17:06:16 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EC3843D67; Mon, 17 Jul 2006 17:06:15 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6HH6DUj041286 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 Jul 2006 13:06:14 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k6HH67Dv019025 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jul 2006 13:06:08 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: net@freebsd.org, isp@freebsd.org Date: Mon, 17 Jul 2006 13:06:01 -0400 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200607171306.01882.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1600/Sat Jul 15 11:03:46 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: Subject: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 17:06:16 -0000 Hello! We run an FTP server for the customers to upload their data (usually -- giant core-files and database-dumps). Sometimes they forget compress them, however, wasting many gigabytes of our server's space... How hard would it be to make the stock FreeBSD FTP-server to examine the first, say, 100Kb of the uploaded file and interrupt transfer if the file is of a prohibited or is not of an allowed type? Anything under 100Kb is fine, I guess, and 100Kb is more than enough to detect compression or lack thereof... Thanks for ideas! -mi From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 17:49:49 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C088516A4DE; Mon, 17 Jul 2006 17:49:49 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 672F743D70; Mon, 17 Jul 2006 17:49:45 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2K00F356XXAL10@zone2.corenode.com>; Mon, 17 Jul 2006 07:51:33 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Mon, 17 Jul 2006 07:51:33 -1000 Date: Mon, 17 Jul 2006 07:51:33 -1000 From: "David J. Orman" In-reply-to: <200607171306.01882.mi+mx@aldan.algebra.com> To: Mikhail Teterin Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: <200607171306.01882.mi+mx@aldan.algebra.com> Cc: isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 17:49:49 -0000 The stock ftp server? If you can't base the prohibitions on file extension alone (such as the 100kb example you made) then you're going to have to modify the source of the ftp daemon yourself. Size, extension, etc - those are relatively easy limits to impliment. Actual file typing by examination of the first 100kb isn't easy, and it isn't part of the core functionality AFAIK. You'll have to write that. In fact, I'm not aware of any ftp server that does what you're asking. Maybe it would be better to examine files periodically that were uploaded via a simple program, and anything that isn't allowed, destroy. You could also make it compress things that weren't compressed to begin with, etc etc etc. Good luck, David ----- Original Message ----- From: Mikhail Teterin Date: Monday, July 17, 2006 7:06 am Subject: forcing FTP-uploaded files to be of certain types only > Hello! > > We run an FTP server for the customers to upload their data > (usually -- giant > core-files and database-dumps). > > Sometimes they forget compress them, however, wasting many > gigabytes of our > server's space... > > How hard would it be to make the stock FreeBSD FTP-server to > examine the > first, say, 100Kb of the uploaded file and interrupt transfer if > the file is > of a prohibited or is not of an allowed type? > > Anything under 100Kb is fine, I guess, and 100Kb is more than > enough to detect > compression or lack thereof... > > Thanks for ideas! > > -mi > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 17:58:34 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9AFD116A4DF; Mon, 17 Jul 2006 17:58:34 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id A91B943D46; Mon, 17 Jul 2006 17:58:33 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6HHwLck041417 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 Jul 2006 13:58:31 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k6HHwFaU019730 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jul 2006 13:58:16 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: "David J. Orman" Date: Mon, 17 Jul 2006 13:58:09 -0400 User-Agent: KMail/1.9.1 References: <200607171306.01882.mi+mx@aldan.algebra.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200607171358.09943.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1600/Sat Jul 15 11:03:46 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 17:58:34 -0000 ΠΟΞΕΔ¦ΜΟΛ 17 ΜΙΠΕΞΨ 2006 13:51, David J. Orman ΞΑΠΙΣΑΧ: > The stock ftp server? If you can't base the prohibitions on file extension > alone (such as the 100kb example you made) then you're going to have to > modify the source of the ftp daemon yourself. Size, extension, etc - those > are relatively easy limits to impliment. Actual file typing by examination > of the first 100kb isn't easy, and it isn't part of the core functionality > AFAIK. You'll have to write that. In fact, I'm not aware of any ftp server > that does what you're asking. I was hoping for some sort of plugin-API for the server... Determining the file's type is not really hard -- file(1) does just that. I'm not looking to prevent _malicious_ users -- just the ignorant ones. We don't mind LARGE files -- some of those are legitimate. We just want them to be compressed before being uploaded. In fact, checking for this is even easier, than the usual byte-sniffing done by file(1) -- just try to compress those first 100K. If the result is smaller than 50K, the whole gets rejected :-) > Maybe it would be better to examine files periodically that were uploaded > via a simple program, and anything that isn't allowed, destroy. No, destruction is not an option :-) > You could also make it compress things that weren't compressed to begin > with, etc etc etc. Yeah, and we are doing that now -- kind of. But I would like an educational message sent to the uploader instead: "Transfer aborted: please compress large files before uploading"... -mi From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 18:07:19 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6EED016A4DA; Mon, 17 Jul 2006 18:07:19 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6B9443D46; Mon, 17 Jul 2006 18:07:18 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2K00F3Z7RDAL10@zone2.corenode.com>; Mon, 17 Jul 2006 08:09:13 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Mon, 17 Jul 2006 08:09:13 -1000 Date: Mon, 17 Jul 2006 08:09:13 -1000 From: "David J. Orman" In-reply-to: <200607171358.09943.mi+mx@aldan.algebra.com> To: Mikhail Teterin Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: <200607171306.01882.mi+mx@aldan.algebra.com> <200607171358.09943.mi+mx@aldan.algebra.com> Cc: isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 18:07:19 -0000 ----- Original Message ----- From: Mikhail Teterin Date: Monday, July 17, 2006 7:58 am Subject: Re: forcing FTP-uploaded files to be of certain types only > I was hoping for some sort of plugin-API for the server... > Determining the > file's type is not really hard -- file(1) does just that. I'm not > looking to > prevent _malicious_ users -- just the ignorant ones. Ok, I see what you're interested in. I don't believe the stock FBSD server has a plugin API. Try something like ProFTPD, if you are comfortable writing a module that accesses external programs. I wouldn't do that myself, too much room for exploits, but you could always use the algorithm from file(1) in your module, as it is BSD licensed. > We don't mind LARGE files -- some of those are legitimate. We just > want them > to be compressed before being uploaded. In fact, checking for this > is even > easier, than the usual byte-sniffing done by file(1) -- just try to > compress > those first 100K. If the result is smaller than 50K, the whole gets > rejected :-) That could lead to many DoS attacks, high load, etc - but as you said you trust the users, I suspect this is not an issue to you. I personally code with security in mind no matter the situation, but you decide what is best for you. :) > No, destruction is not an option :-) Awww, that's my favorite part! ;) > Yeah, and we are doing that now -- kind of. But I would like an > educational > message sent to the uploader instead: "Transfer aborted: please > compress > large files before uploading"... Now that I understand your situation better, I see what you are attempting to do. You'll likely need something like ProFTPD to accomplish what you're asking, I don't believe the stock FTP server has the functionality/modular design necessary. Something you might want to consider - simply compressing all files recieved on the ftp server, regardless of type/previous compression. Since it sounds like you wan't worry about DoSing, malicious users, etc - and I am assuming this is on the internal network only - and also security is not your concern - simply compressing all files wouldn't hurt anything. It'll only gain you a few % on the previously compressed files, but it will take care of the uncompressed files in the process. Re-training users can be quite dificult, CPU hours costs much less than human hours. :) Either way, it sounds like you can accomplish your task. I'd personally write a module with built in file(1) type functionality myself, and not access file(1) as an external program. All of the options above, should work - however. You'll need a different FTP daemon though if you want to write a module. :) Best wishes, David From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 18:24:31 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4EF7616A4EB; Mon, 17 Jul 2006 18:24:31 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7598043D46; Mon, 17 Jul 2006 18:24:30 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6HIONe9041492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 Jul 2006 14:24:25 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k6HIOHI6020041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jul 2006 14:24:17 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: "David J. Orman" Date: Mon, 17 Jul 2006 14:24:11 -0400 User-Agent: KMail/1.9.1 References: <200607171306.01882.mi+mx@aldan.algebra.com> <200607171358.09943.mi+mx@aldan.algebra.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200607171424.11726.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1600/Sat Jul 15 11:03:46 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 18:24:31 -0000 ΠΟΞΕΔ¦ΜΟΛ 17 ΜΙΠΕΞΨ 2006 14:09, David J. Orman ΞΑΠΙΣΑΧ: > That could lead to many DoS attacks, high load, etc - but as you said you > trust the users, I suspect this is not an issue to you. I personally code > with security in mind no matter the situation, but you decide what is best > for you. :) Well, it is not hard to compress 100K (that are still in RAM) on a modern CPU. And we can just as well try 8K. It is, probably, easier, than to, say, look up an article in a database -- something web-servers do many times per second :-) Our FTP uploads happen far less often -- only 10-20 times per day... The probability of a DoS of the full filesystem is far more likely (actually happened a few times), than the DoS of overloading the CPU (and inetd takes care of not starting too many too often). Thanks a lot for your recommendations! -mi From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 18:27:41 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 388AB16A4E0; Mon, 17 Jul 2006 18:27:41 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 922C643D45; Mon, 17 Jul 2006 18:27:40 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6HIRbdU041498 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 Jul 2006 14:27:38 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k6HIRW8s020098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jul 2006 14:27:32 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: "David J. Orman" Date: Mon, 17 Jul 2006 14:27:26 -0400 User-Agent: KMail/1.9.1 References: <200607171306.01882.mi+mx@aldan.algebra.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200607171427.26699.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1600/Sat Jul 15 11:03:46 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: isp@freebsd.org, net@freebsd.org Subject: ftpd vs. lukemftpd (forcing FTP-uploaded ...) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 18:27:41 -0000 ΠΟΞΕΔ¦ΜΟΛ 17 ΜΙΠΕΞΨ 2006 13:51, David J. Orman ΞΑΠΙΣΑΧ: > The stock ftp server? BTW, what is the stock ftp server on 6-stable? I see two -- ftpd and lukemftpd and both are installed... Is there a web-page with comparision somewhere, perhaps? Thanks! -mi From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 18:57:06 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6718D16A4E2; Mon, 17 Jul 2006 18:57:06 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id D300743D45; Mon, 17 Jul 2006 18:57:01 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2K00F6MA26AL10@zone2.corenode.com>; Mon, 17 Jul 2006 08:58:54 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Mon, 17 Jul 2006 08:58:54 -1000 Date: Mon, 17 Jul 2006 08:58:54 -1000 From: "David J. Orman" In-reply-to: <200607171427.26699.mi+mx@aldan.algebra.com> To: Mikhail Teterin Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=utf-8 Content-language: en Content-transfer-encoding: quoted-printable Content-disposition: inline X-Accept-Language: en Priority: normal References: <200607171306.01882.mi+mx@aldan.algebra.com> <200607171427.26699.mi+mx@aldan.algebra.com> Cc: isp@freebsd.org, net@freebsd.org Subject: Re: ftpd vs. lukemftpd (forcing FTP-uploaded ...) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 18:57:06 -0000 Whichever version you are calling=2C is the version you are using=2E If = you=27re starting it via inetd=2C it=27s probably using plain =22ftpd=22= - so just figure out which daemon that one is=2E I personally do not kn= ow what actual ftp server =22ftpd=22 is=2C never used it and never check= ed=2C I don=27t allow FTP traffic for security reasons=2E As to a website with comparisons on ftp servers=2C I=27ve looked in the = past=2C and never found anything I liked (and realized what a junk proto= col FTP is to begin with=2E=2E) SFTP or some kind of ssh-based file tran= sfer is more workable=2C I personally use the built-in SSH daemon to han= dle file transfer for users=2E Hopefully somebody else will chime in who knows more about the FTPD inte= rnals of FBSD and also has a nice comparison for you=2E Good luck once a= gain=2E David ----- Original Message ----- From=3A Mikhail Teterin =3Cmi+mx=40aldan=2Ealgebra=2Ecom=3E Date=3A Monday=2C July 17=2C 2006 8=3A27 am Subject=3A ftpd vs=2E lukemftpd (forcing FTP-uploaded =2E=2E=2E) =3E =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=C4=A6=EF=BF=BD=EF=BF=BD=EF=BF=BD= 17 =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD 2006 13=3A51=2C= David J=2E Orman =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD= =EF=BF=BD=3A =3E =3E The stock ftp server=3F =3E = =3E BTW=2C what is the stock ftp server on 6-stable=3F I see two -- ftpd= = =3E and lukemftpd = =3E and both are installed=2E=2E=2E =3E = =3E Is there a web-page with comparision somewhere=2C perhaps=3F Thanks!= =3E = =3E -mi =3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =3E freebsd-isp=40freebsd=2Eorg mailing list =3E http=3A//lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-isp =3E To unsubscribe=2C send any mail to =22freebsd-isp-unsubscribe=40free= bsd=2Eorg=22 =3E From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 19:17:04 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51C0B16A5D0 for ; Mon, 17 Jul 2006 19:17:04 +0000 (UTC) (envelope-from james@infinityprosports.com) Received: from mail1.infinityprosports.com (mail1.infinityprosports.com [67.18.186.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id AA78443D64 for ; Mon, 17 Jul 2006 19:16:52 +0000 (GMT) (envelope-from james@infinityprosports.com) Received: (qmail 49298 invoked by uid 89); 17 Jul 2006 19:16:51 -0000 Received: from unknown (HELO ?192.168.0.157?) (james@infinityprosports.com@209.189.249.98) by mail1.infinityprosports.com with ESMTPA; 17 Jul 2006 19:16:51 -0000 Message-ID: <44BBE21B.8070606@infinityprosports.com> Date: Mon, 17 Jul 2006 14:16:43 -0500 From: James Ryan User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: mi+mx@aldan.algebra.com References: <200607171306.01882.mi+mx@aldan.algebra.com> <200607171427.26699.mi+mx@aldan.algebra.com> In-Reply-To: <200607171427.26699.mi+mx@aldan.algebra.com> Content-Type: text/plain; charset=KOI8-U; format=flowed Content-Transfer-Encoding: 8bit Cc: isp@freebsd.org, net@freebsd.org Subject: Re: ftpd vs. lukemftpd (forcing FTP-uploaded ...) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 19:17:04 -0000 Mikhail Teterin wrote: > ΠΟΞΕΔ¦ΜΟΛ 17 ΜΙΠΕΞΨ 2006 13:51, David J. Orman ΞΑΠΙΣΑΧ: >> The stock ftp server? > > BTW, what is the stock ftp server on 6-stable? I see two -- ftpd and lukemftpd > and both are installed... > > Is there a web-page with comparision somewhere, perhaps? Thanks! > > -mi > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" I am not aware of a stock FTP server that can accomplish what you are asking for, at least without modifying the source or writing a plug-in of some sort. You may have already thought of this, but my 2-cents is: If you don't mind waiting until the file finishes transferring to examine it, you could 1) turn on verbose logging (ftpd -ll for stock ftpd; other ftp servers have better logging though), 2) log directly to a named pipe, 3) attach a simple script at the other end that determines what the uploaded file is and deletes it accordingly. I would not recommend using ftpd for this; as I recall, and somebody correct me if I am wrong, it does not always log the complete path to an uploaded file. I'd suggest ProFTPd instead; it's CustomLog feature allows you to specify your own log format (like Apache). This means you can make a convenient string to regex, such as "date|user|action|file". Good luck, James -- James Ryan Infinity Pro Sports http://www.infinityprosports.com em: james@infinityprosports.com From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 19:35:48 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C71C16A4DD; Mon, 17 Jul 2006 19:35:48 +0000 (UTC) (envelope-from mi+mx@aldan.algebra.com) Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DEF143D55; Mon, 17 Jul 2006 19:35:45 +0000 (GMT) (envelope-from mi+mx@aldan.algebra.com) Received: from corbulon.video-collage.com (static-151-204-231-237.bos.east.verizon.net [151.204.231.237]) by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6HJZXEt041680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 Jul 2006 15:35:43 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) Received: from [172.21.130.86] (mx-broadway [38.98.68.18]) by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id k6HJZRcs020891 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jul 2006 15:35:28 -0400 (EDT) (envelope-from mi+mx@aldan.algebra.com) From: Mikhail Teterin Organization: Virtual Estates, Inc. To: James Ryan Date: Mon, 17 Jul 2006 15:35:21 -0400 User-Agent: KMail/1.9.1 References: <200607171306.01882.mi+mx@aldan.algebra.com> <200607171427.26699.mi+mx@aldan.algebra.com> <44BBE21B.8070606@infinityprosports.com> In-Reply-To: <44BBE21B.8070606@infinityprosports.com> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-u" Content-Transfer-Encoding: 8bit Content-Disposition: inline Message-Id: <200607171535.21813.mi+mx@aldan.algebra.com> X-Virus-Scanned: ClamAV 0.88/1600/Sat Jul 15 11:03:46 2006 on corbulon.video-collage.com X-Virus-Status: Clean X-Scanned-By: MIMEDefang 2.43 Cc: isp@freebsd.org, net@freebsd.org Subject: Re: ftpd vs. lukemftpd (forcing FTP-uploaded ...) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 19:35:48 -0000 ΠΟΞΕΔ¦ΜΟΛ 17 ΜΙΠΕΞΨ 2006 15:16, James Ryan ΞΑΠΙΣΑΧ: > If you don't mind waiting until the file finishes transferring to > examine it But I do, actually. The files we deal with measure in gigabytes, and take a while to transfer even over fat pipes. Rejecting the uncompressed ones right away is better, than after the initiator has come back from his lunch. > This means you can make a convenient string to regex, such as "date|user| > action|file". With any kind of post-transfer verification, there is no reliable way to notify the user of his/her failure... I think, the quick rejection should delivered via the FTProtocol itself, so the user's FTP-client shows it -- instantly. -mi From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 19:52:27 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF58916A4DE for ; Mon, 17 Jul 2006 19:52:27 +0000 (UTC) (envelope-from matt@frii.com) Received: from mail.frii.com (phobos02.frii.net [216.17.128.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3449043D77 for ; Mon, 17 Jul 2006 19:52:26 +0000 (GMT) (envelope-from matt@frii.com) Received: from elara.frii.com (elara.frii.com [216.17.128.39]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.frii.com (FRII) with ESMTP id B109FA4BEF for ; Mon, 17 Jul 2006 13:52:25 -0600 (MDT) Date: Mon, 17 Jul 2006 13:52:24 -0600 (MDT) From: Matt Ruzicka X-X-Sender: mattr@elara.frii.com To: freebsd-isp@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 19:52:28 -0000 I know this is a topic that could easily spawn a holy war, but hopefully we can all keep the constructive to a maximum. ;) My company has been purchasing almost exclusively Supermicro SuperServers for our production FreeBSD server hardware for that last four years or so. Over all I'd say we've been quite happy with Supermicro from a product stand point, but recently we've been dealing with some odd hardware issues. I still have faith in their hardware, but some concerns with their support structure is causing us to reconsider our future hardware purchasing plans. I was wondering what others are using for production FreeBSD server hardware. I'm most interested to see what manufacturers seem to be rock solid from a hardware and FreeBSD interaction perspective and also have solid support for those issues that come up from time to time. Thanks for your time and I look forward to people's feedback. Matt Ruzicka - Senior Systems Administrator Front Range Internet, Inc. matt@frii.net - (970) 212-0728 From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 20:38:40 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BF9B716A4DA for ; Mon, 17 Jul 2006 20:38:40 +0000 (UTC) (envelope-from jsimola@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20BFF43D49 for ; Mon, 17 Jul 2006 20:38:39 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by ug-out-1314.google.com with SMTP id j3so71882ugf for ; Mon, 17 Jul 2006 13:38:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hmDb5KZWBfLQDiWSrOrezk8VSht/3p8V1J2JUhzROadVl3jLvg4wloj0v3xLEIKwPjRQEsdMr98sHouZNtktThYxMYnaK8n2zbaAkVjp9oFcafto/gZssGfwYkXfwbUxsIZWwoXmaKt2xS7iBMPMsXn2YAHZix6tZcOMMfyulwA= Received: by 10.78.179.12 with SMTP id b12mr1119793huf; Mon, 17 Jul 2006 13:38:39 -0700 (PDT) Received: by 10.78.196.19 with HTTP; Mon, 17 Jul 2006 13:38:38 -0700 (PDT) Message-ID: <8eea04080607171338j7f04dbcbuccf53f1070d02fe2@mail.gmail.com> Date: Mon, 17 Jul 2006 13:38:38 -0700 From: "Jon Simola" To: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 20:38:40 -0000 On 7/17/06, Matt Ruzicka wrote: > My company has been purchasing almost exclusively Supermicro SuperServers > for our production FreeBSD server hardware for that last four years or so. > Over all I'd say we've been quite happy with Supermicro from a product > stand point, but recently we've been dealing with some odd hardware > issues. All of my Supermicro problems have been solved with BIOS upgrades. I've run across a few versions that were rather odd about SATA drives and the BIOS hanging during probes (P4SCE v1.2B, problems fixed with 1.2C). > I was wondering what others are using for production FreeBSD server > hardware. I'm most interested to see what manufacturers seem to be rock > solid from a hardware and FreeBSD interaction perspective and also have > solid support for those issues that come up from time to time. I have had nothing but great experiences with Tyan. They also have a few interesting options that I've been looking at for security/firewall appliances, such as their http://www.tyan.com/products/html/trophy_nr16.html with 4 GigE copper and 4 Fiber interfaces. -- Jon From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 22:17:51 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDBBF16A4DD for ; Mon, 17 Jul 2006 22:17:51 +0000 (UTC) (envelope-from ulf@alameda.net) Received: from mail.alameda.net (mail.alameda.net [64.81.53.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96E7D43D4C for ; Mon, 17 Jul 2006 22:17:51 +0000 (GMT) (envelope-from ulf@alameda.net) Received: by mail.alameda.net (Postfix, from userid 1000) id 00EE333D22; Mon, 17 Jul 2006 15:17:48 -0700 (PDT) Date: Mon, 17 Jul 2006 15:17:48 -0700 From: Ulf Zimmermann To: Matt Ruzicka Message-ID: <20060717221748.GG45191@evil.alameda.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 5.3-STABLE X-ANI-MailScanner-Information: Please contact the ISP for more information X-ANI-MailScanner: Found to be clean X-ANI-MailScanner-From: ulf@alameda.net Cc: freebsd-isp@freebsd.org Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ulf@Alameda.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 22:17:52 -0000 On Mon, Jul 17, 2006 at 01:52:24PM -0600, Matt Ruzicka wrote: > I know this is a topic that could easily spawn a holy war, but hopefully we > can all keep the constructive to a maximum. ;) > > My company has been purchasing almost exclusively Supermicro SuperServers > for our production FreeBSD server hardware for that last four years or so. > Over all I'd say we've been quite happy with Supermicro from a product > stand point, but recently we've been dealing with some odd hardware > issues. I still have faith in their hardware, but some concerns with > their support structure is causing us to reconsider our future hardware > purchasing plans. > > I was wondering what others are using for production FreeBSD server > hardware. I'm most interested to see what manufacturers seem to be rock > solid from a hardware and FreeBSD interaction perspective and also have > solid support for those issues that come up from time to time. > > Thanks for your time and I look forward to people's feedback. > > Matt Ruzicka - Senior Systems Administrator > Front Range Internet, Inc. > matt@frii.net - (970) 212-0728 The company I work at started with Supermicro when we moved to Linux 3+ years ago but we switched quickly to HP Proliant DL. To me the DL servers are just great in all aspect with just the little thing of HP not providing management software for FreeBSD. Considering the 3xx and up come with 3 year next business day on-site support (which can be upgraded to better service levels) the relative small price difference we saw to Supermicro, it was not worth to save those few $$$. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 22:36:35 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FF9E16A4DA for ; Mon, 17 Jul 2006 22:36:35 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B2F343D45 for ; Mon, 17 Jul 2006 22:36:33 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2K00G4LK805700@zone2.corenode.com> for freebsd-isp@freebsd.org; Mon, 17 Jul 2006 12:38:24 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Mon, 17 Jul 2006 12:38:24 -1000 Date: Mon, 17 Jul 2006 12:38:24 -1000 From: "David J. Orman" In-reply-to: To: Matt Ruzicka Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal References: Cc: freebsd-isp@freebsd.org Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 22:36:35 -0000 I like the Sun server lineup. I mostly run Solaris on them, but FreeBSD on a few (and works fine.) FreeBSD wouldn't be a supported OS, but you'd still have HW support. David ----- Original Message ----- From: Matt Ruzicka Date: Monday, July 17, 2006 9:52 am Subject: Server Hardware Recommendations > I know this is a topic that could easily spawn a holy war, but > hopefully we > can all keep the constructive to a maximum. ;) > > My company has been purchasing almost exclusively Supermicro > SuperServers > for our production FreeBSD server hardware for that last four years > or so. > Over all I'd say we've been quite happy with Supermicro from a > product > stand point, but recently we've been dealing with some odd hardware > issues. I still have faith in their hardware, but some concerns > with > their support structure is causing us to reconsider our future > hardware > purchasing plans. > > I was wondering what others are using for production FreeBSD server > hardware. I'm most interested to see what manufacturers seem to be > rock > solid from a hardware and FreeBSD interaction perspective and also > have > solid support for those issues that come up from time to time. > > Thanks for your time and I look forward to people's feedback. > > Matt Ruzicka - Senior Systems Administrator > Front Range Internet, Inc. > matt@frii.net - (970) 212-0728 > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Mon Jul 17 22:54:30 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E17EA16A4DE for ; Mon, 17 Jul 2006 22:54:30 +0000 (UTC) (envelope-from smuller@netcommplete.com.au) Received: from info.netcommplete.com.au (info.netcommplete.com.au [203.58.197.253]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4462143D46 for ; Mon, 17 Jul 2006 22:54:30 +0000 (GMT) (envelope-from smuller@netcommplete.com.au) Received: from mailbox.netcommplete.com.au (mailbox.netcommplete.lan [10.254.254.2]) by info.netcommplete.com.au (Postfix) with ESMTP id 9CA0D3F41E for ; Tue, 18 Jul 2006 08:54:27 +1000 (EST) Received: from localhost (localhost.netcommplete.com.au [127.0.0.1]) by mailbox.netcommplete.com.au (Postfix) with ESMTP id 77AD2F78A5 for ; Tue, 18 Jul 2006 08:54:27 +1000 (EST) Received: from mailbox.netcommplete.com.au ([127.0.0.1]) by localhost (mailbox.netcommplete.com.au [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 89095-07 for ; Tue, 18 Jul 2006 08:54:25 +1000 (EST) Received: from [10.254.250.110] (smuller.netcommplete.lan [10.254.250.110]) (Authenticated sender: smuller@netcommplete.com.au) by mailbox.netcommplete.com.au (Postfix) with ESMTP id BD801F78A6 for ; Tue, 18 Jul 2006 08:54:25 +1000 (EST) Message-ID: <44BC151E.8010707@netcommplete.com.au> Date: Tue, 18 Jul 2006 08:54:22 +1000 From: Scott Muller Organization: NetCommplete Pty Ltd User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <44B7B624.1050003@infinityprosports.com> <44B88FF6.6030803@optusnet.com.au> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Maia Mailguard 1.0.0 Subject: Re: Bandwith Manager with Mysql X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: smuller@netcommplete.com.au List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 22:54:31 -0000 Jorge Evangelista wrote: > Hi, I need mysql 4.0.16 for Bandwitdh Manager, anyone could tell me > where I can download this version? I prefer install it via packages > cd /usr/ports/databases/mysql40-server -- Scott Muller From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 01:40:38 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33B5216A4DF for ; Tue, 18 Jul 2006 01:40:38 +0000 (UTC) (envelope-from drais@atlasta.net) Received: from free.atlasta.net (mail.atlasta.net [209.246.234.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0122543D6E for ; Tue, 18 Jul 2006 01:40:37 +0000 (GMT) (envelope-from drais@atlasta.net) Received: from xpc.icantclick.org (125.35.33.65.cfl.res.rr.com [65.33.35.125]) by free.atlasta.net (Postfix) with ESMTP id 4A9C934D14; Mon, 17 Jul 2006 18:40:37 -0700 (PDT) Date: Mon, 17 Jul 2006 21:40:36 -0400 (EDT) From: david raistrick X-X-Sender: keen@xpc.icantclick.org To: Ulf Zimmermann In-Reply-To: <20060717221748.GG45191@evil.alameda.net> Message-ID: <20060717213720.K45193@xpc.icantclick.org> References: <20060717221748.GG45191@evil.alameda.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-isp@freebsd.org Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 01:40:38 -0000 On Mon, 17 Jul 2006, Ulf Zimmermann wrote: > The company I work at started with Supermicro when we moved to Linux > 3+ years ago but we switched quickly to HP Proliant DL. To me the > DL servers are just great in all aspect with just the little thing > of HP not providing management software for FreeBSD. Are you using any of the SATA models? How are they working out? I've yet to have a good experience with SATA and FreeBSD...... ..david --- david raistrick http://www.netmeister.org/news/learn2quote.html drais@atlasta.net http://www.expita.com/nomime.html From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 01:50:56 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 23E3716A4DD for ; Tue, 18 Jul 2006 01:50:56 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from mail.telcom.net (mail.telcom.net [200.62.2.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD35243D49 for ; Tue, 18 Jul 2006 01:50:55 +0000 (GMT) (envelope-from akachler@telcom.net) Received: from [127.0.0.1] (216-22-121-208.idstelcom.net [216.22.121.208] (may be forged)) by mail.telcom.net (8.13.6/8.13.6) with ESMTP id k6I1s1SA025899; Mon, 17 Jul 2006 21:54:03 -0400 Message-ID: <44BC3E76.7070401@telcom.net> Date: Mon, 17 Jul 2006 21:50:46 -0400 From: Arie Kachler Organization: Telcom.Net User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Matt Ruzicka , freebsd-isp@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: akachler@telcom.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 01:50:56 -0000 We've been in business since 1996 and can only praise Dell servers. They used to be more expensive, but they are now very competitive in pricing. Our first server was a Dell, and it's still going! (only monitoring though). We have about 200+ servers and have had only one troublesome server, which Dell replaced after two attempts to fix the problem without success. Out of those 200+ servers, we've had 3 Compaqs which were bought because of timing issues (Dell takes about a week to deliver a server), and all 3 Compaq servers have failed! I can't say I have experience with other brands, but I do know that Dell servers are very reliable. No, I don't work for Dell. Hope my 2 cents help. Matt Ruzicka wrote: > I know this is a topic that could easily spawn a holy war, but > hopefully we can all keep the constructive to a maximum. ;) > > My company has been purchasing almost exclusively Supermicro > SuperServers for our production FreeBSD server hardware for that last > four years or so. Over all I'd say we've been quite happy with > Supermicro from a product stand point, but recently we've been dealing > with some odd hardware issues. I still have faith in their hardware, > but some concerns with their support structure is causing us to > reconsider our future hardware purchasing plans. > > I was wondering what others are using for production FreeBSD server > hardware. I'm most interested to see what manufacturers seem to be > rock solid from a hardware and FreeBSD interaction perspective and > also have solid support for those issues that come up from time to time. > > Thanks for your time and I look forward to people's feedback. > > Matt Ruzicka - Senior Systems Administrator > Front Range Internet, Inc. > matt@frii.net - (970) 212-0728 > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > . > From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 02:01:20 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A02C516A4E5 for ; Tue, 18 Jul 2006 02:01:20 +0000 (UTC) (envelope-from rblayzor@inoc.net) Received: from mx0-a.inoc.net (mx0-a.inoc.net [64.246.130.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C7B043D45 for ; Tue, 18 Jul 2006 02:01:19 +0000 (GMT) (envelope-from rblayzor@inoc.net) Received: from [172.16.16.37] (cpe-24-29-66-248.nycap.res.rr.com [24.29.66.248]) by mx0-a.inoc.net (build v6.3.3) with ESMTP id 79915034 for multiple; Tue, 18 Jul 2006 02:01:19 +0000 (UTC) Message-ID: <44BC40EC.7040006@inoc.net> Date: Mon, 17 Jul 2006 22:01:16 -0400 From: Robert Blayzor Organization: Independent Network Operations Consortium, LLC User-Agent: Thunderbird 1.5.0.4 (Macintosh/20060516) MIME-Version: 1.0 To: akachler@telcom.net References: <44BC3E76.7070401@telcom.net> In-Reply-To: <44BC3E76.7070401@telcom.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 02:01:20 -0000 Arie Kachler wrote: > We've been in business since 1996 and can only praise Dell servers. They > used to be more expensive, but they are now very competitive in pricing. > Our first server was a Dell, and it's still going! (only monitoring I have to second this. We originally purchased about 30+ Dell servers five years ago. (mostly 1550's, 2550's and 6450's) and they've chugged right along. I think the only problems we've ever had are hard drives going bad, and I think one RAID card. That however is quickly solved by using Dell 4hr support. Speaking of which, their support is very affordable. I also must say that their server hardware is maturing quite well. We have all of the models over the years, 1550's, 1650's, 1750's, 1850's and soon 1950's. Each model we see significant improvement on the server architecture. The only downside is that usually it takes a while for the FreeBSD drivers to catch up with the newer hardware devices. We're looking to replace a lot of our old Dell servers now with new Dell servers (1950's and 1955's) but we have to make sure all of the drivers have matured before we make such an investment. -- Robert Blayzor, BOFH INOC, LLC rblayzor\@(inoc.net|gmail.com) PGP: 0x66F90BFC @ http://pgp.mit.edu Key fingerprint = 6296 F715 038B 44C1 2720 292A 8580 500E 66F9 0BFC Logic: The art of being wrong with confidence... From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 02:16:08 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A930B16A4E6 for ; Tue, 18 Jul 2006 02:16:08 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B8DE43D53 for ; Tue, 18 Jul 2006 02:16:07 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from corenode.com ([127.0.0.1]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTP id <0J2K00G5UUE4EA00@zone2.corenode.com> for freebsd-isp@freebsd.org; Mon, 17 Jul 2006 16:18:04 -1000 (HST) Received: from [132.160.192.10] by zone2.corenode.com (mshttpd); Mon, 17 Jul 2006 16:18:04 -1000 Date: Mon, 17 Jul 2006 16:18:04 -1000 From: "David J. Orman" To: freebsd-isp@freebsd.org Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.2-3.04 (built Jul 15 2005) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal Subject: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 02:16:08 -0000 Hi, I've got a curious problem. Due to a bad migration many years ago (via maildir cp's) by one of the admins at my ISP, I've got a mess when trying to view webmail. The webmail client (no, this is not something I can change) relies on server-date for email dates, instead of looking at the email headers. The server-based date for the mail is of course the file creation/modification time, and cp -p was not used apparently. All of my new mail is fine (I run my mailserver now) but my mail from about 7-10 years ago is all the date of the migration. Is there any program out there that will read the headers of the mail and change the server-date of the files? I've tried imapsync with -syncinternaldate, to see if it read headers, but it doesn't. I just want to be able to run the command on the user/imap server of choice, and have it read all the mail headers, and set the creation dates properly on the mails (all via IMAP). Any help would be much appreciated! David From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 02:50:20 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9273316A4DA for ; Tue, 18 Jul 2006 02:50:20 +0000 (UTC) (envelope-from cody@wilkshire.net) Received: from mail.wilkshire.net (mail.wilkshire.net [12.111.120.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF3EA43D49 for ; Tue, 18 Jul 2006 02:50:19 +0000 (GMT) (envelope-from cody@wilkshire.net) Received: from localhost (virusproxy3.wilkshire.net [10.10.55.23]) by mail.wilkshire.net (Postfix) with ESMTP id 3BC59A74B58; Mon, 17 Jul 2006 22:50:18 -0400 (EDT) Received: from mail.wilkshire.net ([10.10.55.20]) by localhost (virusproxy3.wilkshire.net [10.10.55.23]) (amavisd-new, port 10024) with ESMTP id 15965-08; Mon, 17 Jul 2006 22:50:12 -0400 (EDT) Received: from [192.168.1.102] (unknown [163.120.70.84]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wilkshire.net (Postfix) with ESMTP id E22C0A74248; Mon, 17 Jul 2006 22:50:11 -0400 (EDT) Message-ID: <44BC4C62.6050302@wilkshire.net> Date: Mon, 17 Jul 2006 22:50:10 -0400 From: Cody Baker User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: "David J. Orman" References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at wilkshire.net Cc: freebsd-isp@freebsd.org Subject: Re: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 02:50:20 -0000 I doubt there's anything out there automagically does it, but it wouldn't be terrible to write. "In theory" (With huge sarcastic quotes around that) the e-mail dates follow the format described at http://www.w3.org/Protocols/rfc822/#z28 . There's probably a lot of messages that deviate from that, but by in large you should be able to use them. Just use a text processing language (like Perl), pull out the date field, and convert it into the format accepted by touch and modify the file date from that. Recurse through all of the files and enjoy. Thank You, Cody Baker cody@wilkshire.net David J. Orman wrote: > Hi, > > I've got a curious problem. Due to a bad migration many years ago (via maildir cp's) by one of the admins at my ISP, I've got a mess when trying to view webmail. The webmail client (no, this is not something I can change) relies on server-date for email dates, instead of looking at the email headers. The server-based date for the mail is of course the file creation/modification time, and cp -p was not used apparently. > > All of my new mail is fine (I run my mailserver now) but my mail from about 7-10 years ago is all the date of the migration. Is there any program out there that will read the headers of the mail and change the server-date of the files? I've tried imapsync with -syncinternaldate, to see if it read headers, but it doesn't. I just want to be able to run the command on the user/imap server of choice, and have it read all the mail headers, and set the creation dates properly on the mails (all via IMAP). > > Any help would be much appreciated! > David > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 03:02:20 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D533016A4DA for ; Tue, 18 Jul 2006 03:02:20 +0000 (UTC) (envelope-from anderson@centtech.com) Received: from mh1.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6587643D45 for ; Tue, 18 Jul 2006 03:02:19 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [192.168.42.24] (andersonbox4.centtech.com [192.168.42.24]) by mh1.centtech.com (8.13.1/8.13.1) with ESMTP id k6I32Ib8038598; Mon, 17 Jul 2006 22:02:18 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <44BC4F41.3080302@centtech.com> Date: Mon, 17 Jul 2006 22:02:25 -0500 From: Eric Anderson User-Agent: Thunderbird 1.5.0.4 (X11/20060612) MIME-Version: 1.0 To: Robert Blayzor References: <44BC3E76.7070401@telcom.net> <44BC40EC.7040006@inoc.net> In-Reply-To: <44BC40EC.7040006@inoc.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.87.1/1600/Sat Jul 15 10:03:46 2006 on mh1.centtech.com X-Virus-Status: Clean Cc: freebsd-isp@freebsd.org, akachler@telcom.net Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 03:02:20 -0000 On 07/17/06 21:01, Robert Blayzor wrote: > Arie Kachler wrote: >> We've been in business since 1996 and can only praise Dell servers. They >> used to be more expensive, but they are now very competitive in pricing. >> Our first server was a Dell, and it's still going! (only monitoring > > > I have to second this. We originally purchased about 30+ Dell servers > five years ago. (mostly 1550's, 2550's and 6450's) and they've chugged > right along. I think the only problems we've ever had are hard drives > going bad, and I think one RAID card. That however is quickly solved by > using Dell 4hr support. Speaking of which, their support is very > affordable. > > I also must say that their server hardware is maturing quite well. We > have all of the models over the years, 1550's, 1650's, 1750's, 1850's > and soon 1950's. Each model we see significant improvement on the > server architecture. > > The only downside is that usually it takes a while for the FreeBSD > drivers to catch up with the newer hardware devices. > > We're looking to replace a lot of our old Dell servers now with new Dell > servers (1950's and 1955's) but we have to make sure all of the drivers > have matured before we make such an investment. > I can also say the same thing about Dell. We are a pretty large Dell shop (we have well over 1000 Dell's), and I can say that I really depend on their hardware, and their service. I highly recommend them. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Anything that works is better than anything that doesn't. ------------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 08:02:06 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F2A016A4DF for ; Tue, 18 Jul 2006 08:02:06 +0000 (UTC) (envelope-from ulf@alameda.net) Received: from mail.alameda.net (mail.alameda.net [64.81.53.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 088FE43D45 for ; Tue, 18 Jul 2006 08:02:06 +0000 (GMT) (envelope-from ulf@alameda.net) Received: by mail.alameda.net (Postfix, from userid 1000) id AE1A033D20; Tue, 18 Jul 2006 01:01:59 -0700 (PDT) Date: Tue, 18 Jul 2006 01:01:59 -0700 From: Ulf Zimmermann To: david raistrick Message-ID: <20060718080159.GH45191@evil.alameda.net> References: <20060717221748.GG45191@evil.alameda.net> <20060717213720.K45193@xpc.icantclick.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060717213720.K45193@xpc.icantclick.org> User-Agent: Mutt/1.4.2.1i Organization: Alameda Networks, Inc. X-Operating-System: FreeBSD 5.3-STABLE X-ANI-MailScanner-Information: Please contact the ISP for more information X-ANI-MailScanner: Found to be clean X-ANI-MailScanner-From: ulf@alameda.net Cc: freebsd-isp@freebsd.org, Ulf Zimmermann Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ulf@Alameda.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 08:02:06 -0000 On Mon, Jul 17, 2006 at 09:40:36PM -0400, david raistrick wrote: > On Mon, 17 Jul 2006, Ulf Zimmermann wrote: > > >The company I work at started with Supermicro when we moved to Linux > >3+ years ago but we switched quickly to HP Proliant DL. To me the > >DL servers are just great in all aspect with just the little thing > >of HP not providing management software for FreeBSD. > > Are you using any of the SATA models? How are they working out? > > I've yet to have a good experience with SATA and FreeBSD...... > > ..david We only got 1 server with a SATA drive, a DL145. It is our sniffer box (runs FreeBSD), but the disk isn't used much in it. All the others have SCSI (U320 or SAS). -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 11:28:33 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A775116A4DA for ; Tue, 18 Jul 2006 11:28:33 +0000 (UTC) (envelope-from freebsd@hub.org) Received: from hub.org (hub.org [200.46.204.220]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B44943D46 for ; Tue, 18 Jul 2006 11:28:33 +0000 (GMT) (envelope-from freebsd@hub.org) Received: from localhost (mx1.hub.org [200.46.208.251]) by hub.org (Postfix) with ESMTP id C6F37291B09; Tue, 18 Jul 2006 08:28:29 -0300 (ADT) Received: from hub.org ([200.46.204.220]) by localhost (mx1.hub.org [200.46.208.251]) (amavisd-new, port 10024) with ESMTP id 17824-03-6; Tue, 18 Jul 2006 08:28:31 -0300 (ADT) Received: from ganymede.hub.org (blk-224-179-167.eastlink.ca [24.224.179.167]) by hub.org (Postfix) with ESMTP id 0F478292578; Tue, 18 Jul 2006 05:13:06 -0300 (ADT) Received: by ganymede.hub.org (Postfix, from userid 1027) id AE8FA344AB; Tue, 18 Jul 2006 05:13:08 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by ganymede.hub.org (Postfix) with ESMTP id AABFB33DF1; Tue, 18 Jul 2006 05:13:08 -0300 (ADT) Date: Tue, 18 Jul 2006 05:13:08 -0300 (ADT) From: User Freebsd To: Ulf Zimmermann In-Reply-To: <20060717221748.GG45191@evil.alameda.net> Message-ID: <20060718051224.O1799@ganymede.hub.org> References: <20060717221748.GG45191@evil.alameda.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-isp@freebsd.org Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 11:28:33 -0000 On Mon, 17 Jul 2006, Ulf Zimmermann wrote: > The company I work at started with Supermicro when we moved to Linux 3+ > years ago but we switched quickly to HP Proliant DL. To me the DL > servers are just great in all aspect with just the little thing of HP > not providing management software for FreeBSD. I'll definitely second this one ... in my case, iLO is an remote admin's nirvana ... only thing I can't do remotely is change hardware ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 12:46:03 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2867016A4DE for ; Tue, 18 Jul 2006 12:46:03 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C03143D4C for ; Tue, 18 Jul 2006 12:46:02 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 861062A312; Tue, 18 Jul 2006 08:46:01 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 3605564AD2; Tue, 18 Jul 2006 08:46:00 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G2oxa-0006wx-NQ; Tue, 18 Jul 2006 13:45:58 +0100 Date: Tue, 18 Jul 2006 13:45:58 +0100 From: Brian Candler To: Mark Bucciarelli Message-ID: <20060718124558.GA26642@uk.tiscali.com> References: <20060714195603.GE396@rabbit> <20060714202233.GF396@rabbit> <20060715181054.GA15489@uk.tiscali.com> <20060716221935.GA3600@rabbit> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060716221935.GA3600@rabbit> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: CGI apps in C? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 12:46:03 -0000 On Sun, Jul 16, 2006 at 06:19:35PM -0400, Mark Bucciarelli wrote: > "fork a shell" > > This would be used if you want to run "find" or some other shell > utility from your C code. Correct? Yes, if you call system(), or popen(), or something else which invokes a command via a shell. If you explictly fork() and in the child do execl("/usr/bin/find",arg1,arg2...) then you don't have this problem, as you're running the program directly. Silly example: don't write things like snprintf(buf, sizeof(buf), "rm /tmp/sessions/%s", sessionid); system(str); when the user could present a sessionid of ../../etc/passwd or worse something like 1234;echo "foobar"|passwd root > Yes, I did a bunch of reading when setting up my first FreeBSD > server and settled on running PHP apps using fastcgi + suexec. > Very RAM-heavy, as each client get's their own php interpreter > resident. They time out pretty fast, which is good for RAM but > bad for the next time someone visits the site. There is no > better solution I have found for performance + security with PHP. > And I don't like it much ... hence my initial post. Well, the Unix security model is that once a process has switched to user id X, it cannot switch to another userid (at least not unless it exec's a setuid binary and hence becomes a new program). That's the basis of the security model; if you assume that an attacker comes across a process running as X where they can substitute their own code, there should be no way they can switch to user Y. So if you have 1000 users, then either you need 1000 processes floating around, each running as one of those userids, or you need to start a new process for each request. In the limiting case, you could run 1000 webservers under different uids listening on different ports, and have a front-end webserver answering on port 80 and relaying the requests to those other servers (e.g. using mod_proxy under Apache). It will eat RAM, but perhaps not as much as you might expect due to shared code pages (especially for those sites which don't have mod_php and the like loaded) Since in my experience the vast number of websites are either (a) idle, or (b) completely static content, then having a split where the majority of sites run on a single process with suexec for the odd CGI request, and a small number of "premium" servers where each user has their own httpd server process, seems to make sense. Each user can then customise their config, e.g. those who want mod_perl or mod_ruby can have it. Of course, "super premium" customers can have their own operating system too, running under Xen or VMware :-) > > Another thing I did was to modify suexec so > > that it would fork(), wait4(), and then log the rusage > > information for each CGI execution. Analysing these logs lets > > you work out, site by site, which are the CGI hogs. > > That sounds pretty interesting. Did you publish your work? Unfortunately not - it belongs to my ex-employer. However I did suggest that this functionality could easily be included in mod_cgi, with an outline patch you might be able to use here: http://mail-archives.apache.org/mod_mbox/httpd-dev/200512.mbox/%3C20051205091812.GA90189@uk.tiscali.com%3E (point 2) You replace the existing wait/waitpid call with wait4(). It's more efficient to do it there anyway. In our case it was more important to avoid touching the base code, which is why I moved this into suexec, which we had to customise for other reasons anyway. A quick google search suggests that maybe cgiwrap can do this: http://cgiwrap.sourceforge.net/changes.html "New in version 3.6.2: ... * Added support for reporting rusage/return code after executing script." But I've not used cgiwrap myself. Regards, Brian. From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 12:55:53 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 803D716A4DA; Tue, 18 Jul 2006 12:55:53 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from rune.pobox.com (rune.pobox.com [208.210.124.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB99843D53; Tue, 18 Jul 2006 12:55:52 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from rune (localhost [127.0.0.1]) by rune.pobox.com (Postfix) with ESMTP id D05B17A3E9; Tue, 18 Jul 2006 08:56:13 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 4644C1EB68; Tue, 18 Jul 2006 08:56:11 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G2p75-0006xS-NP; Tue, 18 Jul 2006 13:55:47 +0100 Date: Tue, 18 Jul 2006 13:55:47 +0100 From: Brian Candler To: Mikhail Teterin Message-ID: <20060718125547.GB26642@uk.tiscali.com> References: <200607171306.01882.mi+mx@aldan.algebra.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607171306.01882.mi+mx@aldan.algebra.com> User-Agent: Mutt/1.4.2.1i Cc: isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 12:55:53 -0000 On Mon, Jul 17, 2006 at 01:06:01PM -0400, Mikhail Teterin wrote: > How hard would it be to make the stock FreeBSD FTP-server to examine the > first, say, 100Kb of the uploaded file and interrupt transfer if the file is > of a prohibited or is not of an allowed type? > > Anything under 100Kb is fine, I guess, and 100Kb is more than enough to detect > compression or lack thereof... I think the first few bytes should be enough to tell you if it's a gzip, pkzip or compress archive: $ gzip -c -9 /etc/services | head -c64 | file - /dev/stdin: gzip compressed data, was "services", from Unix, max compression $ compress -c /etc/services | head -c64 | file - /dev/stdin: compress'd data 16 bits $ zip - /etc/services | head -c64 | file - adding: etc/services /dev/stdin: Zip archive data, at least v2.0 to extract How wedded are you to FTP? If this was a HTTP 'PUT' then a simple CGI could read in 100 bytes, check it is compressed (e.g. with libmagic), then copy through the rest of the file. The result from the PUT can be a HTML page saying "all OK" or "please compress your data first" Regards, Brian. From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 13:15:19 2006 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC4FB16A4E8; Tue, 18 Jul 2006 13:15:19 +0000 (UTC) (envelope-from regnauld@catpipe.net) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A0E843D66; Tue, 18 Jul 2006 13:15:16 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from localhost (moof.catpipe.net [195.249.214.130]) by localhost.catpipe.net (Postfix) with ESMTP id 4115463464C; Tue, 18 Jul 2006 15:15:15 +0200 (CEST) Received: from moof.catpipe.net ([195.249.214.130]) by localhost (moof.catpipe.net [195.249.214.130]) (amavisd-new, port 10024) with ESMTP id 68061-09; Tue, 18 Jul 2006 15:15:14 +0200 (CEST) Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by moof.catpipe.net (Postfix) with ESMTP id 70F89634641; Tue, 18 Jul 2006 15:15:13 +0200 (CEST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id 375CA78C31; Tue, 18 Jul 2006 15:11:25 +0200 (CEST) Date: Tue, 18 Jul 2006 15:11:25 +0200 From: Phil Regnauld To: Brian Candler Message-ID: <20060718131124.GB75090@catpipe.net> References: <200607171306.01882.mi+mx@aldan.algebra.com> <20060718125547.GB26642@uk.tiscali.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060718125547.GB26642@uk.tiscali.com> X-Operating-System: FreeBSD 6.1-PRERELEASE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.11 X-Virus-Scanned: amavisd-new at catpipe.net Cc: Mikhail Teterin , isp@freebsd.org, net@freebsd.org Subject: Re: forcing FTP-uploaded files to be of certain types only X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 13:15:19 -0000 Brian Candler (B.Candler) writes: > How wedded are you to FTP? If this was a HTTP 'PUT' then a simple CGI could > read in 100 bytes, check it is compressed (e.g. with libmagic), then copy > through the rest of the file. The result from the PUT can be a HTML page > saying "all OK" or "please compress your data first" A reverse FTP proxy (squid might or might not support FTP proxying on "PUT", to be checked) with an external handler. Around 50 lines of Perl ought to do the trick. From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 16:58:32 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5421B16A4DA for ; Tue, 18 Jul 2006 16:58:32 +0000 (UTC) (envelope-from gary@tbe.net) Received: from kerplunk.tbe.net (kerplunk.tbe.net [209.123.115.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01B2343D46 for ; Tue, 18 Jul 2006 16:58:31 +0000 (GMT) (envelope-from gary@tbe.net) Received: by kerplunk.tbe.net (Postfix, from userid 1001) id 8CC715EE0; Tue, 18 Jul 2006 12:54:09 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by kerplunk.tbe.net (Postfix) with ESMTP id 807285CB7; Tue, 18 Jul 2006 12:54:09 -0400 (EDT) Date: Tue, 18 Jul 2006 12:54:09 -0400 (EDT) From: "Gary D. Margiotta" To: Ulf Zimmermann In-Reply-To: <20060718080159.GH45191@evil.alameda.net> Message-ID: <20060718123812.A53333@kerplunk.tbe.net> References: <20060717221748.GG45191@evil.alameda.net> <20060717213720.K45193@xpc.icantclick.org> <20060718080159.GH45191@evil.alameda.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-isp@freebsd.org, david raistrick Subject: Re: Server Hardware Recommendations X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 16:58:32 -0000 >> >> I've yet to have a good experience with SATA and FreeBSD...... >> >> ..david > > We only got 1 server with a SATA drive, a DL145. It is our sniffer > box (runs FreeBSD), but the disk isn't used much in it. > > All the others have SCSI (U320 or SAS). I run a lot of supermicro and tyan based servers, with the older ones being PATA, the new being SATA, and I've had not a single problem with SATA under FreeBSD. I am running 4-STABLE on the pata boxes, and the new SATA boxes I've been bringing up have been 6-STABLE boxes. FreeBSD has no problems with detecting the drives, or the RAID controllers (hardware and software based Promise, Highpoint and 3Ware), and I'm extremely pleased with the performance of these boxes. I avoid any SII-based controllers like the plague, and have sparingly used onboard ICH chipsets (although a new batch of servers I'm looking at have those onboard, so I'll have more info then I guess). I'm running some older Compaq DL360-G1 1U boxes with onboard SCSI Smart Array controllers, with 18 and 36GB drives in RAID-1 configs as well, and they are rock solid. They are our main MX machines, passing upwards of 30-40k e-mails per day, and have not had a single problem with them (aside from a hard drive dying, and it was a simple pull and plug hot-swap, it auto-rebuilt on the fly, no downtime). I've used some Dells in the past as well, always rock solid, almost zero problems, although I haven't used any of their newer line 1-2U servers, mine were older 1200, 2300, 2450's. > > -- > Regards, Ulf. > > --------------------------------------------------------------------- > Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 > You can find my resume at: http://seven.Alameda.net/~ulf/resume.html -Gary From owner-freebsd-isp@FreeBSD.ORG Tue Jul 18 17:36:37 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DCC316A4DE for ; Tue, 18 Jul 2006 17:36:37 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (orthanc.ca [209.89.70.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F3D043D73 for ; Tue, 18 Jul 2006 17:36:29 +0000 (GMT) (envelope-from lyndon@orthanc.ca) Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0) by orthanc.ca (8.13.4/8.13.4) with ESMTP id k6IHaO0B043952 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Jul 2006 11:36:24 -0600 (MDT) (envelope-from lyndon@orthanc.ca) Date: Tue, 18 Jul 2006 11:36:24 -0600 (MDT) From: Lyndon Nerenberg To: "David J. Orman" In-Reply-To: Message-ID: <20060718113009.L43660@orthanc.ca> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,SPF_PASS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on orthanc.ca Cc: freebsd-isp@freebsd.org Subject: Re: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 17:36:37 -0000 > All of my new mail is fine (I run my mailserver now) but my mail from > about 7-10 years ago is all the date of the migration. Is there any > program out there that will read the headers of the mail and change the > server-date of the files? I've tried imapsync with -syncinternaldate, to > see if it read headers, but it doesn't. I just want to be able to run > the command on the user/imap server of choice, and have it read all the > mail headers, and set the creation dates properly on the mails (all via > IMAP). I'm not aware of a tool that will do this, but writing a program to handle this is trivial. All it needs to do is read the message until you find the date header, parse the date, then call utimes() to update the file's mtime. If you need an RFC822 date parser, look for the infamous getdate.y. --lyndon From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 05:33:11 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92A8616A4E0 for ; Wed, 19 Jul 2006 05:33:11 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.twinthornes.com (mail.twinthornes.com [65.75.198.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4432B43D45 for ; Wed, 19 Jul 2006 05:33:11 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [10.242.169.24] (c-67-171-135-169.hsd1.or.comcast.net [67.171.135.169]) by mail.twinthornes.com (Postfix) with ESMTP id 59E5621; Tue, 18 Jul 2006 22:33:08 -0700 (PDT) Message-ID: <44BDC415.6050502@bitfreak.org> Date: Tue, 18 Jul 2006 22:33:09 -0700 From: Darren Pilgrim User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Lyndon Nerenberg References: <20060718113009.L43660@orthanc.ca> In-Reply-To: <20060718113009.L43660@orthanc.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, "David J. Orman" Subject: Re: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 05:33:11 -0000 Lyndon Nerenberg wrote: >> All of my new mail is fine (I run my mailserver now) but my mail from >> about 7-10 years ago is all the date of the migration. Is there any >> program out there that will read the headers of the mail and change >> the server-date of the files? I've tried imapsync with >> -syncinternaldate, to see if it read headers, but it doesn't. I just >> want to be able to run the command on the user/imap server of choice, >> and have it read all the mail headers, and set the creation dates >> properly on the mails (all via IMAP). > > I'm not aware of a tool that will do this, but writing a program to > handle this is trivial. All it needs to do is read the message until you > find the date header, parse the date, then call utimes() to update the > file's mtime. It's far from trivial using the Date header. When I had to do the same post-migration Maildir fix-up David is talking about, I found the format of the Date: header varied so widely that I ended up with tens of thousands (out of an archive of ~300k emails) of messages whose Date headers stumped the date-grokking functions in Perl and Visual Basic. What *is* pretty standard is the timestamps in Received headers. I don't have any messages on hand that were relayed through qmail, but Postfix, Sendmail and a handful of common Windows "enterprise" mail servers all use the same format[1] and place it immediately at the only semi-colon in the header. Since the "Date" on IMAP messages is the message creation time, not the Date header, on most IMAP servers, the timestamp in the top-most Received header is usually pretty close to the date of actual message delivery. [1] "%e %b %Y %T" in strftime(3) parlance. -- Darren Pilgrim From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 06:01:24 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A391C16A4DE for ; Wed, 19 Jul 2006 06:01:24 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (orthanc.ca [209.89.70.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8524243D6D for ; Wed, 19 Jul 2006 06:01:20 +0000 (GMT) (envelope-from lyndon@orthanc.ca) Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0) by orthanc.ca (8.13.4/8.13.4) with ESMTP id k6J61ARu048191 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jul 2006 00:01:10 -0600 (MDT) (envelope-from lyndon@orthanc.ca) Date: Wed, 19 Jul 2006 00:01:10 -0600 (MDT) From: Lyndon Nerenberg To: Darren Pilgrim In-Reply-To: <44BDC415.6050502@bitfreak.org> Message-ID: <20060718235817.H45271@orthanc.ca> References: <20060718113009.L43660@orthanc.ca> <44BDC415.6050502@bitfreak.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on orthanc.ca Cc: freebsd-isp@freebsd.org, "David J. Orman" Subject: Re: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 06:01:24 -0000 > It's far from trivial using the Date header. Oh bugger off. Rick Adams' getdate.y can handle pretty much anything you throw at it. Face it: it dealt with all the crap bnews threw at it for close to two decades. --lyndon From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 06:25:13 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2094116A4DA for ; Wed, 19 Jul 2006 06:25:13 +0000 (UTC) (envelope-from sean@gothic.net.au) Received: from visi.gothic.net.au (visi.gothic.net.au [203.206.208.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9181543D45 for ; Wed, 19 Jul 2006 06:25:12 +0000 (GMT) (envelope-from sean@gothic.net.au) Received: from localhost (localhost [127.0.0.1]) by visi.gothic.net.au (Postfix) with ESMTP id D76AC26A2E; Wed, 19 Jul 2006 16:25:09 +1000 (EST) X-Virus-Scanned: amavisd-new at gothic.net.au Received: from localhost ([127.0.0.1]) by localhost (visi.gothic.net.au [127.0.0.1]) (amavisd-new, port 10026) with SMTP id 3Pd2gkm93n-4; Wed, 19 Jul 2006 16:25:05 +1000 (EST) Received: from [10.99.34.33] (not.gothic.net.au [203.206.208.86]) by visi.gothic.net.au (Postfix) with ESMTP id 149E2264C0; Wed, 19 Jul 2006 16:25:05 +1000 (EST) In-Reply-To: <20060718235817.H45271@orthanc.ca> References: <20060718113009.L43660@orthanc.ca> <44BDC415.6050502@bitfreak.org> <20060718235817.H45271@orthanc.ca> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <42F40A06-5F66-4238-A6C0-F46FA9C0106D@gothic.net.au> Content-Transfer-Encoding: 7bit From: Sean Winn Date: Wed, 19 Jul 2006 16:25:03 +1000 To: Lyndon Nerenberg X-Mailer: Apple Mail (2.752.2) Cc: freebsd-isp@freebsd.org, Darren Pilgrim , "David J. Orman" Subject: Re: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 06:25:13 -0000 It is far from trivial; there's a huge variety of just completely weird/ambiguous date formats placed in Date:, usually by spamware (time zone non-existent or invalid? times that don't even exist due to DST? 01/02/2005 - is that Feb 1 or Jan 2? Guess by time zone ... or is 'EST' US or AU EST?). It'd be great if they were the only source - tag them at epoch, and they all get sorted out of the way. Unfortunately, there's a bunch of broken mail servers/clients out there just as bad, from people who've never read the RFCs. Trusting the Received header placed by your own mail server is usually a better idea - it's at least consistent, and matches what should be the time stamp on the maildir files rather than some clients idea of time. I wish I'd thought of it during migration to courier I had to do. On 19/07/2006, at 4:01 PM, Lyndon Nerenberg wrote: >> It's far from trivial using the Date header. > > Oh bugger off. Rick Adams' getdate.y can handle pretty much > anything you throw at it. Face it: it dealt with all the crap > bnews threw at it for close to two decades. > > --lyndon > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 06:36:19 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0018916A4DE for ; Wed, 19 Jul 2006 06:36:18 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (orthanc.ca [209.89.70.53]) by mx1.FreeBSD.org (Postfix) with ESMTP id 753FE43D49 for ; Wed, 19 Jul 2006 06:36:18 +0000 (GMT) (envelope-from lyndon@orthanc.ca) Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0) by orthanc.ca (8.13.4/8.13.4) with ESMTP id k6J6aBtc048380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 19 Jul 2006 00:36:11 -0600 (MDT) (envelope-from lyndon@orthanc.ca) Date: Wed, 19 Jul 2006 00:36:11 -0600 (MDT) From: Lyndon Nerenberg To: Sean Winn In-Reply-To: <42F40A06-5F66-4238-A6C0-F46FA9C0106D@gothic.net.au> Message-ID: <20060719003440.D45271@orthanc.ca> References: <20060718113009.L43660@orthanc.ca> <44BDC415.6050502@bitfreak.org> <20060718235817.H45271@orthanc.ca> <42F40A06-5F66-4238-A6C0-F46FA9C0106D@gothic.net.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.1.3 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on orthanc.ca Cc: freebsd-isp@freebsd.org, Darren Pilgrim , "David J. Orman" Subject: Re: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 06:36:19 -0000 > It is far from trivial; Again: oh bugger off. getdate.y groks anything that is (usefully) valid. The rest you should just throw in the bit bucket. Why make life miserable for yourself? From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 06:56:07 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D1A316A4DF for ; Wed, 19 Jul 2006 06:56:07 +0000 (UTC) (envelope-from ernie@puremail.eis.net.au) Received: from puremail.eis.net.au (puremail.eis.net.au [203.12.171.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id 908D743D46 for ; Wed, 19 Jul 2006 06:56:06 +0000 (GMT) (envelope-from ernie@puremail.eis.net.au) Received: (from ernie@localhost) by puremail.eis.net.au (8.13.4/8.13.4) id k6J6vGhF075077 for freebsd-isp@freebsd.org; Wed, 19 Jul 2006 16:57:16 +1000 (EST) (envelope-from ernie) From: User Ernie Message-Id: <200607190657.k6J6vGhF075077@puremail.eis.net.au> To: freebsd-isp@freebsd.org Date: Wed, 19 Jul 2006 16:57:16 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL122g (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="US-ASCII" Subject: Whitelist-only email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 06:56:07 -0000 Has anybody set up a whitelist-only email server on FreeBSD that rejects all emails except ones that are in the users personal whitelist? I am trying to figure out how to do it, I know it's an anti-spam solution for advanced email users who understand the implications of what legitimate emails they might miss as a consequence. - Ernie. From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 07:11:09 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CBF316A4DE for ; Wed, 19 Jul 2006 07:11:09 +0000 (UTC) (envelope-from mario@schmut.com) Received: from mail.schmut.com (mail.schmut.com [66.92.49.2]) by mx1.FreeBSD.org (Postfix) with SMTP id 72BA443D69 for ; Wed, 19 Jul 2006 07:11:06 +0000 (GMT) (envelope-from mario@schmut.com) Received: (qmail 49601 invoked by uid 89); 19 Jul 2006 07:11:05 -0000 Received: from schmut.com (localhost.my.domain [127.0.0.1]) by snoopy.schmut.com (tmda-ofmipd) with ESMTP; Wed, 19 Jul 2006 00:11:03 -0700 (PDT) Received: from 192.168.223.4 (SquirrelMail authenticated user mario@schmut.com) by mail.schmut.com with HTTP; Wed, 19 Jul 2006 00:11:04 -0700 (PDT) Message-ID: <43605.192.168.223.4.1153293064.squirrel@mail.schmut.com> Date: Wed, 19 Jul 2006 00:11:04 -0700 (PDT) To: In-Reply-To: <200607190657.k6J6vGhF075077@puremail.eis.net.au> References: <200607190657.k6J6vGhF075077@puremail.eis.net.au> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.9) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Delivery-Agent: TMDA/1.0.3 (Seattle Slew) From: mario X-Primary-Address: mario@schmut.com Cc: freebsd-isp@freebsd.org Subject: Re: Whitelist-only email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mario List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 07:11:09 -0000 have you looked into TMDA? I don't use it for whitelist only, but it's fairly easy to have it do just that. And it is kind of a powertool. mario;> So, User Ernie wrote: > Has anybody set up a whitelist-only email server on FreeBSD that rejects > all emails except ones that are in the users personal whitelist? > > I am trying to figure out how to do it, I know it's an anti-spam > solution for advanced email users who understand the implications of > what > legitimate emails they might miss as a consequence. > > - Ernie. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 08:01:38 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD81616A4DF for ; Wed, 19 Jul 2006 08:01:38 +0000 (UTC) (envelope-from ormandj@corenode.com) Received: from zone2.corenode.com (zone2.corenode.com [66.91.129.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 164DE43D49 for ; Wed, 19 Jul 2006 08:01:37 +0000 (GMT) (envelope-from ormandj@corenode.com) Received: from [10.0.1.22] ([66.8.217.8]) by zone2.corenode.com (Sun Java System Messaging Server 6.2-3.04 (built Jul 15 2005)) with ESMTPA id <0J2N00H7L51UCR00@zone2.corenode.com> for freebsd-isp@freebsd.org; Tue, 18 Jul 2006 22:03:30 -1000 (HST) Date: Tue, 18 Jul 2006 22:01:13 -1000 From: "David J. Orman" In-reply-to: <20060719003440.D45271@orthanc.ca> To: Lyndon Nerenberg Message-id: MIME-version: 1.0 X-Mailer: Apple Mail (2.752.2) Content-type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Content-transfer-encoding: 7BIT References: <20060718113009.L43660@orthanc.ca> <44BDC415.6050502@bitfreak.org> <20060718235817.H45271@orthanc.ca> <42F40A06-5F66-4238-A6C0-F46FA9C0106D@gothic.net.au> <20060719003440.D45271@orthanc.ca> Cc: freebsd-isp@freebsd.org, Darren Pilgrim Subject: Re: Fix dates via IMAP on messages X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 08:01:38 -0000 Thank you to the two gentleman who gave me useful input. I think I'll go about it how you said, I checked a few random messages out of the bunch and the received date looked correct. Good enough for me, I just need the dates to be somewhere in the correct ballpark, a few minutes makes no difference (these are mails from 7 years ago.. who are we kidding..) To the guy with the huge chip on his shoulder, if you don't have something helpful to say, don't say anything. I looked at the getdate.y you keep mentioning the first time you brought it up, no need to slam other people who are attempting to help, and have VALID points. I don't need all 40830484 spam mails that are stuck in my archive suddenly popping up as my most recent mail, that would be a NIGHTMARE. I'd *much* rather work off the received by date stamp. I appreciated your input the first time, and I thank you for it, but really - no need to be so abrasive to other people trying to help. It just so happens I like their solution best. Cheers, David On Jul 18, 2006, at 8:36 PM, Lyndon Nerenberg wrote: >> It is far from trivial; > > Again: oh bugger off. > > getdate.y groks anything that is (usefully) valid. The rest you > should just throw in the bit bucket. Why make life miserable for > yourself? > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 12:24:53 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A30C16A4DA for ; Wed, 19 Jul 2006 12:24:53 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3156543D53 for ; Wed, 19 Jul 2006 12:24:51 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 5D1D928D8A; Wed, 19 Jul 2006 08:24:50 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 1E57963B22; Wed, 19 Jul 2006 08:24:49 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1G3B6d-0007yE-0H; Wed, 19 Jul 2006 13:24:47 +0100 Date: Wed, 19 Jul 2006 13:24:46 +0100 From: Brian Candler To: User Ernie Message-ID: <20060719122446.GA30611@uk.tiscali.com> References: <200607190657.k6J6vGhF075077@puremail.eis.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200607190657.k6J6vGhF075077@puremail.eis.net.au> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: Whitelist-only email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 12:24:53 -0000 On Wed, Jul 19, 2006 at 04:57:16PM +1000, User Ernie wrote: > Has anybody set up a whitelist-only email server on FreeBSD that rejects all > emails except ones that are in the users personal whitelist? It's certainly doable in exim. In fact, using exim ACLs, you can reject at SMTP time: e.g. MAIL FROM: RCPT TO: 550 user@example.com does not accept mail from foo@bar.com This means you don't have to worry about generating bounces and hence generating 'collateral spam'. The lookup for allowed recipients can be done anywhere you like - in a file (e.g. $HOME/.allowfrom), in a DBM file, or even in an LDAP or SQL database. OTOH, it does depend on the sender's MTA generating valid envelope-sender addresses. Not all do, and also there are a number of envelope-sender-mangling schemes out there (e.g. SES, BATV) which you would have to decode to extract the sender address. All of this is possible though. Have you considered, however, what you will do with bounces - i.e. MAIL FROM:<> ? > I am trying to figure out how to do it, I know it's an anti-spam solution > for advanced email users who understand the implications of what > legitimate emails they might miss as a consequence. The other approach is to do this post-delivery, using a filtering program of your choice (e.g. procmail) or MTA-embedded filtering (e.g. sieve in Exim). However, if the filter then makes a decision to reject the mail, you will either blackhole it, move it into a 'Spam' folder (which is as good as blackholing), or send a fresh outgoing bounce (which is more than likely going to be collateral spam to an innocent third party) Regards, Brian. From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 15:59:11 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F22316A4DF for ; Wed, 19 Jul 2006 15:59:11 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.twinthornes.com (mail.twinthornes.com [65.75.198.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1538543D49 for ; Wed, 19 Jul 2006 15:59:10 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [10.242.169.24] (c-67-171-135-169.hsd1.or.comcast.net [67.171.135.169]) by mail.twinthornes.com (Postfix) with ESMTP id C175A21; Wed, 19 Jul 2006 08:59:09 -0700 (PDT) Message-ID: <44BE56CC.8020009@bitfreak.org> Date: Wed, 19 Jul 2006 08:59:08 -0700 From: Darren Pilgrim User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: User Ernie References: <200607190657.k6J6vGhF075077@puremail.eis.net.au> In-Reply-To: <200607190657.k6J6vGhF075077@puremail.eis.net.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org Subject: Re: Whitelist-only email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 15:59:11 -0000 User Ernie wrote: > Has anybody set up a whitelist-only email server on FreeBSD that rejects all > emails except ones that are in the users personal whitelist? I did one such system using Postfix, Courier-IMAP and Squirrelmail with a MySQL backend. I modified the address book forms to include a white-listing checkbox. Users added addresses to their address books, then checked the "Allow this person to send me email" checkbox, with the effect of setting a "whitelist" column in the address table to either 0 or 1. I configured Postfix with seperate inbound and submission ports and added check_sender_access on the inbound port and check_recipient_access on the submission port. Both were mysql maps to Squirrelmail's address table: SELECT email FROM `address` WHERE email='%s' AND whitelist=1 The check_recipient_access and a submission port were included because I felt it reasonable to require users to permit a response in order to send a message to someone. This was later combined with a Squirrelmail plugin that added automatic address collection and the whitelist column defaulted to 1. -- Darren Pilgrim From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 16:40:29 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C082C16A4E5 for ; Wed, 19 Jul 2006 16:40:29 +0000 (UTC) (envelope-from tom.yerex@science.ubc.ca) Received: from spam.science.ubc.ca (spam.science.ubc.ca [142.103.151.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73AD443D55 for ; Wed, 19 Jul 2006 16:40:28 +0000 (GMT) (envelope-from tom.yerex@science.ubc.ca) Received: from ASSP-nospam (localhost.science.ubc.ca [127.0.0.1]) by spam.science.ubc.ca (Postfix) with ESMTP id 4075A183D3; Wed, 19 Jul 2006 09:40:16 -0700 (PDT) Received: from 10.15.2.15 ([10.15.2.15] helo=gable.science.ubc.ca) by ASSP-nospam ; 19 Jul 06 16:39:34 -0000 In-Reply-To: <200607190657.k6J6vGhF075077@puremail.eis.net.au> To: User Ernie MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.1 January 17, 2006 Message-ID: From: Tom Yerex Date: Wed, 19 Jul 2006 09:39:43 -0700 X-MIMETrack: Serialize by Router on GABLE/UBC(Release 7.0.1|January 17, 2006) at 19/07/2006 09:40:20 AM, Serialize complete at 19/07/2006 09:40:20 AM Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: Whitelist-only email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 16:40:29 -0000 Hi Ernie, We are using ASSP with a lot of success. Once configured, it can act as a whitelist-only email server, and it offers additional capabilities if you choose to use them. http://assp.sourceforge.net/ Our department is fairly small (35-40), so I cannot say how well it would scale if you had a lot of users. T. Tom Yerex IT Coordinator The University of British Columbia Faculty of Science, Office of the Dean 1505-6270 University Boulevard Vancouver, B.C. Canada V6T 1Z4 v: 604.822.6080 f: 604.822.5558 User Ernie Sent by: owner-freebsd-isp@freebsd.org 07/18/2006 11:56 PM To freebsd-isp@freebsd.org cc Subject Whitelist-only email server Has anybody set up a whitelist-only email server on FreeBSD that rejects all emails except ones that are in the users personal whitelist? I am trying to figure out how to do it, I know it's an anti-spam solution for advanced email users who understand the implications of what legitimate emails they might miss as a consequence. - Ernie. _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 20:27:04 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 733C916A4E6 for ; Wed, 19 Jul 2006 20:27:04 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.twinthornes.com (mail.twinthornes.com [65.75.198.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id C05F943D8B for ; Wed, 19 Jul 2006 20:26:40 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [10.242.169.20] (c-67-171-135-169.hsd1.or.comcast.net [67.171.135.169]) by mail.twinthornes.com (Postfix) with ESMTP id 8381521; Wed, 19 Jul 2006 13:26:38 -0700 (PDT) Message-ID: <44BE957E.1030904@bitfreak.org> Date: Wed, 19 Jul 2006 13:26:38 -0700 From: Darren Pilgrim User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Darren Pilgrim References: <200607190657.k6J6vGhF075077@puremail.eis.net.au> <44BE56CC.8020009@bitfreak.org> In-Reply-To: <44BE56CC.8020009@bitfreak.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, User Ernie Subject: Re: Whitelist-only email server X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 20:27:04 -0000 Darren Pilgrim wrote: > Postfix with seperate inbound and submission ports > and added check_sender_access on the inbound port and > check_recipient_access on the submission port. Both were mysql maps to > Squirrelmail's address table: Correction, it was a policy server that returned OK if the address was found in the table. The access maps are from another config. -- Darren Pilgrim From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 23:12:39 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BD6716A4E0 for ; Wed, 19 Jul 2006 23:12:39 +0000 (UTC) (envelope-from michael@staff.openaccess.org) Received: from merlin.corp.geminisolutions.com (staff.openaccess.org [216.57.214.98]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7727943D5A for ; Wed, 19 Jul 2006 23:12:38 +0000 (GMT) (envelope-from michael@staff.openaccess.org) Received: from localhost (unknown [127.0.0.1]) by merlin.corp.geminisolutions.com (Postfix) with ESMTP id 6A603F7421; Wed, 19 Jul 2006 16:14:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at example.com Received: from merlin.corp.geminisolutions.com ([127.0.0.1]) by localhost (merlin.geminisolutions.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PyFNQqNWC9pU; Wed, 19 Jul 2006 16:14:22 -0700 (PDT) Received: from [192.168.2.149] (unknown [192.168.2.149]) by merlin.corp.geminisolutions.com (Postfix) with ESMTP id DC886F741B; Wed, 19 Jul 2006 16:14:21 -0700 (PDT) In-Reply-To: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> References: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <84BAA7B3-9496-4F5F-BB67-A0728507758D@staff.openaccess.org> Content-Transfer-Encoding: 7bit From: Michael DeMan Date: Wed, 19 Jul 2006 16:12:16 -0700 To: Abimanyu Gottumukkala X-Mailer: Apple Mail (2.752.2) Cc: freebsd-isp@freebsd.org Subject: Re: Buidling small freebsd router X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 23:12:39 -0000 Hi, Check out http://www.neon1.net. Manuel (the creator of m0n0wall) has a great tutorial. Michael F. DeMan Director of Technology OpenAccess Network Services Bellingham, WA 98225 michael@staff.openaccess.org 360-647-0785 On Jul 12, 2006, at 1:51 PM, Abimanyu Gottumukkala wrote: > Hai friend i want to build small freebsd based router. will u please > suggest any tutorials or books > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Wed Jul 19 23:13:51 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3AE416A4DF for ; Wed, 19 Jul 2006 23:13:51 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4137643D45 for ; Wed, 19 Jul 2006 23:13:50 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Wed, 19 Jul 2006 19:13:50 -0400 id 007A4065.44BEBCAE.00002E60 Received: by gaiahost.coop (sSMTP sendmail emulation); Wed, 19 Jul 2006 19:13:49 -0400 Date: Wed, 19 Jul 2006 19:13:48 -0400 From: Mark Bucciarelli To: freebsd-isp@freebsd.org Message-ID: <20060719231348.GN1672@rabbit> Mail-Followup-To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: injection_projection code X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 23:13:51 -0000 Following up on the C CGI thread, I settled on the old cgiemail program from MIT, deleted all the printf and html- and url-encoding crap, and added code to protect against email header injection. If you see any holes in the injection_protection code, please let me know--it turned out to be harder than I thought, mainly because of hex encoding. Once I get a git repository up, this will available as Free Software. This only runs for the template variables that are replaced in the email headers. I identify the headers by looking for two linefeeds (or carriage returns, or carriage return+linefeeds) in a row in the template. As a little background, cgiemail lets you define a template and with field names escaped in square brackets. Then you define the form vars that match the field names and set the form action to /cgi-bin/cgiemail/template.txt. It's another issue, but I don't like that cgiemail uses PATH_TRANSLATED to lookup the template file. PATH_TRANSLATED = DOCUMENT_ROOT + PATH_INFO, so you have to put the template files in a place that is readable via a web browser. Seems like the templates are better off in a cgi-bin dir that is outside the document root. /** * Sanitize string to protect against email header injection. * * From my testing, a line feed encoded as "\%6e" is still a line feed * according to sendmail. Get rid of hex encodeing before looking for * nasties. * * This routine modifies the string passed in. */ void injection_protection( char *s ) { char *injections[] = { "\\n", "\\r", "\n", "\r", "content-type:", "bcc:", "to:", "cc:" }; char *cleaned; char *p; int i; hex2char( s ); // If we find any injection text, drop whatever comes after it. for ( i = 0; i < sizeof(injections)/sizeof(char*); i++ ) { // s = "abcde\n" // 0123456 // p = "\n" // p - s = 5 p = strcasestr( s, injections[i] ); if ( p ) { // MKB: TODO: log injection attempt. if ( p - s > 0 ) strlcpy( s, s, p - s + 1 ); else *s = '\0'; } } } /** * Convert all hex entries to char's in the given string. * * If hex code resolves to a non-printable character, just drop * it. * * Return new string in the arg passed in. * */ void hex2char( char * s ) { char *cleaned; char *p; char *q; char hex_string[3]; unsigned int hex_int; cleaned = (char*) calloc(strlen(s) + 1, sizeof(char)); // Replace hex values with characters. If hex code references a // non-printable character, drop it and continue with rest of string. hex_string[2] = '\0'; p = s; q = cleaned; while ( *p ) { if ( *p != '%' ) { *q++ = *p++; } else { p++; if ( *p ) { hex_string[0] = *p++; if ( *p ) hex_string[1] = *p++; else hex_string[1] = '\0'; sscanf(hex_string, "%x", &hex_int); if( isprint(hex_int) ) { *q++ = (char)hex_int; } if ( *p == '\0' ) *q = '\0'; } else { // value terminates in a percentage sign. *q++ = '%'; *q = '\0'; } } } strcpy( s, cleaned ); free( cleaned ); } From owner-freebsd-isp@FreeBSD.ORG Thu Jul 20 02:28:36 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 175AC16A4DA for ; Thu, 20 Jul 2006 02:28:36 +0000 (UTC) (envelope-from brad@shockwebhost.com) Received: from mail.shockwebhost.com (mail.shockwebhost.com [66.235.234.163]) by mx1.FreeBSD.org (Postfix) with SMTP id 1725243D49 for ; Thu, 20 Jul 2006 02:28:34 +0000 (GMT) (envelope-from brad@shockwebhost.com) Received: (qmail 30954 invoked by uid 399); 20 Jul 2006 02:28:34 -0000 Received: from unknown (HELO 337vdub.localdomain) (brad@shockwebhost.com@24.251.149.32) by mail.shockwebhost.com with SMTP; 20 Jul 2006 02:28:34 -0000 From: Brad Bendy Organization: Shock Webhosting, LLC. To: freebsd-isp@freebsd.org Date: Wed, 19 Jul 2006 19:27:35 -0700 User-Agent: KMail/1.6.2 References: <444ac1550607121351x5f544107k24302b10ce819ffa@mail.gmail.com> <84BAA7B3-9496-4F5F-BB67-A0728507758D@staff.openaccess.org> In-Reply-To: <84BAA7B3-9496-4F5F-BB67-A0728507758D@staff.openaccess.org> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200607191927.35303.brad@shockwebhost.com> Subject: Re: Buidling small freebsd router X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: brad@shockwebhost.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jul 2006 02:28:36 -0000 http://www.pfsense.org based off m0n0wall but with many more features, great stuff! On Wednesday 19 July 2006 16:12, Michael DeMan wrote: > Hi, > > Check out http://www.neon1.net. > > Manuel (the creator of m0n0wall) has a great tutorial. > > > Michael F. DeMan > Director of Technology > OpenAccess Network Services > Bellingham, WA 98225 > michael@staff.openaccess.org > 360-647-0785 > > On Jul 12, 2006, at 1:51 PM, Abimanyu Gottumukkala wrote: > > Hai friend i want to build small freebsd based router. will u please > > suggest any tutorials or books > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- Thank You Brad Bendy Shock Webhosting, LLC. http://www.shockwebhost.com 602-550-4004 From owner-freebsd-isp@FreeBSD.ORG Thu Jul 20 12:36:05 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 850F616A4DD for ; Thu, 20 Jul 2006 12:36:05 +0000 (UTC) (envelope-from dan@gconnect.net) Received: from mailout.gconnect.net (mailout.gconnect.net [84.21.136.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2781643D4C for ; Thu, 20 Jul 2006 12:36:04 +0000 (GMT) (envelope-from dan@gconnect.net) Received: from [192.168.100.198] (helo=gc-exchange.gconnect.intranet) by mailout.gconnect.net with esmtpa (Exim 4.42 (FreeBSD)) id 1G3Xkz-000JRt-G5 for freebsd-isp@freebsd.org; Thu, 20 Jul 2006 13:35:57 +0100 Received: from 192.168.1.110 ([192.168.1.110]) by gc-exchange.gconnect.intranet ([192.168.1.70]) with Microsoft Exchange Server HTTP-DAV ; Thu, 20 Jul 2006 12:38:07 +0000 User-Agent: Microsoft-Entourage/11.0.0.040405 Date: Thu, 20 Jul 2006 13:35:56 +0100 From: Dan Massey To: Message-ID: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Subject: Carp X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jul 2006 12:36:05 -0000 Hi all I am attempting (and failing) to create a fault-tolerant mail relay server for our dialup users. The plan is to have 2 A records as such: mailoutserver A 192.168.1.10 mailoutserver A 192.168.1.11 Which will roughly round robin for me, then to have 2 mailservers as follows: server1 Ip 192.168.1.100 carp0 vhid1 192.168.1.10 (master-server) carp1 vhid2 192.168.1.11 (backup) server2 Ip 192.168.1.101 carp0 vhid1 192.168.1.10 (backup) carp1 vhid2 192.168.1.11 (master-server) My config in /etc/rc.conf is as follows: ifconfig_fxp0="inet 192.168.1.100 netmask 255.255.255.0" cloned_interfaces="carp0" ifconfig_carp0="vhid 1 pass XXXX 192.168.1.10 255.255.255.0" cloned_interfaces="carp1" ifconfig_carp1="vhid 2 advskew 100 pass XXXX 192.168.1.11 255.255.255.0" However when I reboot only the carp1 inteface comes up when I type ifconfig: carp1: flags=49 mtu 1500 inet 192.168.1.11 netmask 0xffffff00 carp: BACKUP vhid 2 advbase 1 advskew 100 Have I got this totally wrong? Is this possible? Any help would be appreciated. Dan From owner-freebsd-isp@FreeBSD.ORG Thu Jul 20 13:13:41 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C032D16A4DF for ; Thu, 20 Jul 2006 13:13:41 +0000 (UTC) (envelope-from artem@aws-net.org.ua) Received: from saturn.interami.com (saturn.interami.com [193.41.48.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E0D143D46 for ; Thu, 20 Jul 2006 13:13:38 +0000 (GMT) (envelope-from artem@aws-net.org.ua) Received: from sigma.interami.com (sigma.interami.com [193.41.48.133]) by saturn.interami.com (8.13.1/8.13.1) with ESMTP id k6KDDXuQ058576; Thu, 20 Jul 2006 16:13:33 +0300 (EEST) (envelope-from artem@aws-net.org.ua) Received: from 217.12.197.82 (proxying for unknown) (SquirrelMail authenticated user artem) by sigma.interami.com with HTTP; Thu, 20 Jul 2006 16:14:15 +0300 (EEST) Message-ID: <49711.217.12.197.82.1153401255.squirrel@sigma.interami.com> In-Reply-To: References: Date: Thu, 20 Jul 2006 16:14:15 +0300 (EEST) From: "Artyom Viklenko" To: "Dan Massey" User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Antivirus: Dr.Web (R) for Mail Servers on saturn.interami.com host X-Antivirus-Code: 100000 Cc: freebsd-isp@freebsd.org Subject: Re: Carp X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jul 2006 13:13:41 -0000 <Ρ†ΠΈΡ‚Π°Ρ‚Π° ΠΎΡ‚="Dan Massey"> > Hi all > > I am attempting (and failing) to create a fault-tolerant mail relay server > for our dialup users. The plan is to have 2 A records as such: > > mailoutserver A 192.168.1.10 > mailoutserver A 192.168.1.11 > > Which will roughly round robin for me, then to have 2 mailservers as > follows: > > server1 > Ip 192.168.1.100 > carp0 vhid1 192.168.1.10 (master-server) > carp1 vhid2 192.168.1.11 (backup) > > server2 > Ip 192.168.1.101 > carp0 vhid1 192.168.1.10 (backup) > carp1 vhid2 192.168.1.11 (master-server) > > My config in /etc/rc.conf is as follows: > ifconfig_fxp0="inet 192.168.1.100 netmask 255.255.255.0" > cloned_interfaces="carp0" > ifconfig_carp0="vhid 1 pass XXXX 192.168.1.10 255.255.255.0" > cloned_interfaces="carp1" use only one cloned_interfaces="carp0 carp1" > ifconfig_carp1="vhid 2 advskew 100 pass XXXX 192.168.1.11 255.255.255.0" > > However when I reboot only the carp1 inteface comes up when I type > ifconfig: > > carp1: flags=49 mtu 1500 > inet 192.168.1.11 netmask 0xffffff00 > carp: BACKUP vhid 2 advbase 1 advskew 100 > > Have I got this totally wrong? Is this possible? > > Any help would be appreciated. > > Dan > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -- Sincerely yours, Artyom Viklenko. ------------------------------------------------------- artem@aws-net.org.ua | http://www.aws-net.org.ua/~artem FreeBSD: The Power to Serve - http://www.freebsd.org