From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 08:06:37 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8553016A4CE for ; Mon, 26 Jul 2004 08:06:37 +0000 (GMT) Received: from mail.butovo-online.ru (mail.b-o.ru [212.5.78.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC2FD43D1F for ; Mon, 26 Jul 2004 08:06:36 +0000 (GMT) (envelope-from resident@b-o.ru) Received: from [212.5.78.81] (helo=212.5.78.81) by mail.butovo-online.ru with esmtp (Exim 4.24) id 1Bp0gb-000Jht-8c; Mon, 26 Jul 2004 12:18:17 +0400 Date: Mon, 26 Jul 2004 12:08:55 +0400 From: Andrew Riabtsev X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <91167665580.20040726120855@b-o.ru> To: "Arie Gerszt" In-Reply-To: <000301c470ed$91015440$5b01a8c0@i8000> References: <000301c470ed$91015440$5b01a8c0@i8000> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Apache - reverse proxy with freebsd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Andrew Riabtsev List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 08:06:37 -0000 Hello Arie, Friday, July 23, 2004, 11:45:11 PM, you wrote: AG> Hi AG> Currently I am running a standard setup with NameBased Virtualhosts with AG> HTTP 1.1 with a couple of Vhosts. Each has the same public IP. AG> What I would like to do: AG> - assign each vhosts a unique RFC1918 internal address AG> - do some nat / reverse proxy magic on the freebsd box (the AG> webserver itself) AG> - I want to use the same public IP AG> Is there a solution for that? What I could not figure out, how the AG> reverse proxy could distinghish / split up the http 1.1 individual AG> domains to internal ips. Without hardcore programming - no. First that come on my mind is you can write program, which is nats and splits IPs on packets recieved from divert-socket, or for example extend ip_nat.c with functions you need. Probably there is easyer netgraph solution with less pain but noone for ng_experts answeared you so this is the only way to start for now. :) Andrew, mailto:resident@b-o.ru proud ubah haxor lvl 9 (http://www.try2hack.nl/levels/) From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 18:17:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11E2216A4CE for ; Mon, 26 Jul 2004 18:17:43 +0000 (GMT) Received: from pdx-s02.navi.net (pdx-s02.navi.net [209.95.37.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B437543D31 for ; Mon, 26 Jul 2004 18:17:42 +0000 (GMT) (envelope-from amelkomukov@flexpop.net) Received: from localhost (amelkomukov@localhost) by pdx-s02.navi.net (8.9.1a/8.9.1) with ESMTP id LAA03428 for ; Mon, 26 Jul 2004 11:17:42 -0700 (PDT) Date: Mon, 26 Jul 2004 11:17:42 -0700 (PDT) From: Alex Melkomukov X-Sender: amelkomukov@pdx-s02.navi.net To: freebsd-isp@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: chrooting Postfix+SASL+TLS X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 18:17:43 -0000 Hello all, I tried posting to the FreeBSD Questions list with no luck. I figured I would try this list to see if anyone has an answer/pointers for me to work with. posted message: Hi all, Has anyone successfully set up Postfix to run chrooted with saslauthd? I've been trying to get this to work for several days now and have run out of ideas. Everything works fine non-chrooted, but as soon as I run postfix/smtpd chrooted, I get the following messages in maillog: Jul 23 09:46:30 xxx postfix/smtpd[2472]: connect from yyy[999.999.999.999] Jul 23 09:46:30 xxx postfix/smtpd[2472]: setting up TLS connection from yyy[999.999.999.999] Jul 23 09:46:30 xxx postfix/smtpd[2472]: TLS connection established from yyy[999.999.999.99]: TLSv1 with cipher RC4-MD5 (128/128 bits) Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: yyy[999.999.999.999]: SASL LOGIN authentication failed Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: Read failed in network_biopair_interop with errno=0: num_read=0, want_read=5 Jul 23 09:46:30 xxx postfix/smtpd[2472]: lost connection after AUTH from yyy[999.999.999.999] Jul 23 09:46:30 xxx postfix/smtpd[2472]: disconnect from yyy[999.999.999.999] Here is what I have installed: OS: FreeBSD 4.9-RELEASE ports installed: openssl-0.9.7d cyrus-sasl-2.1.18 cyrus-sasl-saslauthd-2.1.18_1 postfix installed from source with TLS patch applied: postfix-2.1.3 pfixtls-0.8.18-2.1.3-0.9.7d postfix chroot directory: /var/spool/postfix saslauthd startup options: /usr/local/sbin/saslauthd -a getpwent -m /var/spool/postfix/var/state/saslauthd tls/sasl options in /etc/postfix/main.cf: # sasl config # broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # tls config # smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom I have tried all kinds of tips from my archive searches and still no luck. Can anyone give me any pointers/instructions on how to run postfix chrooted with saslauthd using FreeBSD 4.9? any advice will be appreciated. thanks in advance, Alex M. From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 20:12:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B639C16A4CE for ; Mon, 26 Jul 2004 20:12:03 +0000 (GMT) Received: from mail.wintek.com (mail.wintek.com [199.233.104.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5703643D1F for ; Mon, 26 Jul 2004 20:12:03 +0000 (GMT) (envelope-from rjk@wintek.com) Received: from [172.28.1.248] (rjk.wintek.com [206.230.2.248]) i6QKC1fU045058 for ; Mon, 26 Jul 2004 15:12:01 -0500 (EST) (envelope-from rjk@wintek.com) Message-ID: <41056580.3050007@wintek.com> Date: Mon, 26 Jul 2004 15:11:44 -0500 From: Richard Kuhns User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040628 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=0.4 required=7.0 tests=RCVD_IN_ORBS,USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:12:03 -0000 I'm hoping someone will be willing to share a better way to handle this. We offer virus/spam filtering for customers with their own mail servers. We're currently implementing this by configuring the customer's firewall to only accept smtp connections from our servers (all running sendmail under FreeBSD 4), and the customer's MX records point to their server first and our server(s) second and third. In most cases this works just fine -- attempts by a mail server to deliver mail directly to the customer fail, the mail server tries the secondary MX site (us), we accept and filter the message and deliver it to the customer (or not). Sometimes, though, there's a very long delay for messages to be delivered - up to several days. In each case I've been able to track down, it's been a Microsoft Exchange 2000 server that has issues with sending messages to the secondary mail server. Does anyone have a good way we could use to list our server as the primary, and then forward the messages? I've been going through the bat book, but the indexing leaves a little to be desired and I haven't found anything that looks applicable yet. Any suggestions would be greatly appreciated. Thanks in advance... - Rich -- Richard Kuhns Wintek Corporation E-mail: rjk@wintek.com 427 N 6th Street Tel: +1 (765) 742-8428 Lafayette, IN 47901-1126 Fax: +1 (765) 742-0646 United States of America From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 20:34:04 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EE6D16A4CE for ; Mon, 26 Jul 2004 20:34:04 +0000 (GMT) Received: from whitehall.lin-tech.net (whitehall.lin-tech.net [66.118.35.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB93E43D49 for ; Mon, 26 Jul 2004 20:34:03 +0000 (GMT) (envelope-from bob@buckhorn.net) Received: from [209.34.61.145] (lfkn-adsl-dhcp-62-145.txucom.net [209.34.61.145]) by whitehall.lin-tech.net (Postfix) with ESMTP id EE1CAFDC8; Mon, 26 Jul 2004 15:34:08 -0500 (CDT) Message-ID: <41056A72.7020308@buckhorn.net> Date: Mon, 26 Jul 2004 15:32:50 -0500 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040614 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Richard Kuhns References: <41056580.3050007@wintek.com> In-Reply-To: <41056580.3050007@wintek.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd and fprot cc: freebsd-isp@freebsd.org Subject: Re: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:34:04 -0000 Richard, Change your servers to primary. (Since they really are, they should be anyway). That has the added advantage of providing your customers a queuing service in the event that their mail server is down (You mail servers will queue the mail until they come back on line) You mention that you have multiple servers. That's good. Give them the same MX priority. Also, if you can put them on different backbones, that's even better. Bob Martin Richard Kuhns wrote: > I'm hoping someone will be willing to share a better way to handle this. > > We offer virus/spam filtering for customers with their own mail servers. > We're currently implementing this by configuring the customer's firewall > to only accept smtp connections from our servers (all running sendmail > under FreeBSD 4), and the customer's MX records point to their server > first and our server(s) second and third. In most cases this works just > fine -- attempts by a mail server to deliver mail directly to the > customer fail, the mail server tries the secondary MX site (us), we > accept and filter the message and deliver it to the customer (or not). > > Sometimes, though, there's a very long delay for messages to be > delivered - up to several days. In each case I've been able to track > down, it's been a Microsoft Exchange 2000 server that has issues with > sending messages to the secondary mail server. > > Does anyone have a good way we could use to list our server as the > primary, and then forward the messages? I've been going through the bat > book, but the indexing leaves a little to be desired and I haven't found > anything that looks applicable yet. > > Any suggestions would be greatly appreciated. Thanks in advance... > - Rich From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 20:36:13 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E7B516A4CE for ; Mon, 26 Jul 2004 20:36:13 +0000 (GMT) Received: from luke.wtconnect.com (luke.wtconnect.com [64.232.164.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB67143D39 for ; Mon, 26 Jul 2004 20:36:12 +0000 (GMT) (envelope-from sblaydes@wtconnect.com) Received: from wtconnect.com (noc.wtconnect.com [64.232.164.10]) by luke.wtconnect.com (8.12.10/8.12.10) with ESMTP id i6QKa0tP076274; Mon, 26 Jul 2004 15:36:00 -0500 (CDT) (envelope-from sblaydes@wtconnect.com) Message-ID: <41056B3B.6050304@wtconnect.com> Date: Mon, 26 Jul 2004 15:36:11 -0500 From: Scott Blaydes User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Richard Kuhns , freebsd-isp@freebsd.org References: <41056580.3050007@wintek.com> In-Reply-To: <41056580.3050007@wintek.com> X-Enigmail-Version: 0.83.5.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=7.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on luke.wtconnect.com X-Virus-Scanned: by amavisd-new Subject: Re: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:36:13 -0000 Richard Kuhns wrote: > I'm hoping someone will be willing to share a better way to handle this. > > We offer virus/spam filtering for customers with their own mail servers. > We're currently implementing this by configuring the customer's firewall > to only accept smtp connections from our servers (all running sendmail > under FreeBSD 4), and the customer's MX records point to their server > first and our server(s) second and third. In most cases this works just > fine -- attempts by a mail server to deliver mail directly to the > customer fail, the mail server tries the secondary MX site (us), we > accept and filter the message and deliver it to the customer (or not). You could set up your FreeBSD boxes that are doing the scanning/filtering to be the primary and secondary MX for the domain and then use sendmail's mailertable to deliever the messages to the customers' servers. The mailertable will even let you ignore MX settings for the domain. Scott Blaydes From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 20:44:04 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F5DC16A4CE for ; Mon, 26 Jul 2004 20:44:04 +0000 (GMT) Received: from mail.lambertfam.org (www.lambertfam.org [216.223.208.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 325A943D41 for ; Mon, 26 Jul 2004 20:44:04 +0000 (GMT) (envelope-from lambert@lambertfam.org) Received: from localhost (localhost [127.0.0.1]) by mail.lambertfam.org (Postfix) with ESMTP id 33C7834D5E for ; Mon, 26 Jul 2004 16:44:01 -0400 (EDT) Received: from mail.lambertfam.org ([127.0.0.1]) by localhost (www.lambertfam.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69812-05 for ; Mon, 26 Jul 2004 16:43:59 -0400 (EDT) Received: from laptop.lambertfam.org (ns.tcworks.com [65.66.76.10]) by mail.lambertfam.org (Postfix) with ESMTP id 26FD034D78 for ; Mon, 26 Jul 2004 16:43:59 -0400 (EDT) Received: by laptop.lambertfam.org (Postfix, from userid 1001) id 96688C1B8; Mon, 26 Jul 2004 15:43:58 -0500 (CDT) Date: Mon, 26 Jul 2004 15:43:58 -0500 From: Scott Lambert To: freebsd-isp@freebsd.org Message-ID: <20040726204358.GB987@laptop.lambertfam.org> Mail-Followup-To: freebsd-isp@freebsd.org References: <41056580.3050007@wintek.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41056580.3050007@wintek.com> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new at lambertfam.org Subject: Re: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 20:44:04 -0000 On Mon, Jul 26, 2004 at 03:11:44PM -0500, Richard Kuhns wrote: > Does anyone have a good way we could use to list our server as the > primary, and then forward the messages? I've been going through the bat > book, but the indexing leaves a little to be desired and I haven't found > anything that looks applicable yet. sendmail : mailertable You probably have a mailertable.sample in /etc/mail. postfix : transport man page in /usr/local/etc/postfix/transport -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 21:10:23 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2319916A4D0 for ; Mon, 26 Jul 2004 21:10:23 +0000 (GMT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 821F843D3F for ; Mon, 26 Jul 2004 21:10:22 +0000 (GMT) (envelope-from ericx_lists@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id B2E819374C; Mon, 26 Jul 2004 17:10:21 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 36442-01-41; Mon, 26 Jul 2004 17:10:21 -0400 (EDT) Received: from vineyard.net (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 4F596935B9; Mon, 26 Jul 2004 17:10:21 -0400 (EDT) Message-ID: <4105733C.1080305@vineyard.net> Date: Mon, 26 Jul 2004 17:10:20 -0400 From: "Eric W. Bates" User-Agent: Mozilla Thunderbird 0.5 (X11/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alex Melkomukov References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET cc: freebsd-isp@freebsd.org Subject: Re: chrooting Postfix+SASL+TLS X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 21:10:23 -0000 You can chroot most of the processes as usual; but if you chroot the smtpd component you have to make sure that all the SASL components are readable in the chroot'ed tree. I have not tried it; but that certainly includes the saslauthd socket (normally: /var/state/saslauthd/mux); and probably the SASL config for postfix (normally: /usr/local/lib/sasl2/smtpd.conf. I don't remember whether the sasl library is statically linked or not. If it isn't, you will have to compile smtpd with a link-path that it will be able to reach when chroot'ed. Alex Melkomukov wrote: > Hello all, > > I tried posting to the FreeBSD Questions list with no luck. I figured I > would try this list to see if anyone has an answer/pointers for me to work > with. > > posted message: > > Hi all, > > Has anyone successfully set up Postfix to run chrooted with saslauthd? > I've been trying to get this to work for several days now and have run > out of ideas. > > Everything works fine non-chrooted, but as soon as I run > postfix/smtpd chrooted, I get the following messages in maillog: > > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: connect from yyy[999.999.999.999] > Jul 23 09:46:30 xxx postfix/smtpd[2472]: setting up TLS connection from > yyy[999.999.999.999] > Jul 23 09:46:30 xxx postfix/smtpd[2472]: TLS connection established from > yyy[999.999.999.99]: TLSv1 with cipher RC4-MD5 (128/128 bits) > Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: SASL authentication > failure: cannot connect to saslauthd server: No such file or directory > Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: yyy[999.999.999.999]: > SASL LOGIN authentication failed > Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: Read failed in > network_biopair_interop with errno=0: num_read=0, want_read=5 > Jul 23 09:46:30 xxx postfix/smtpd[2472]: lost connection after AUTH from > yyy[999.999.999.999] > Jul 23 09:46:30 xxx postfix/smtpd[2472]: disconnect from > yyy[999.999.999.999] > > > Here is what I have installed: > > OS: > > FreeBSD 4.9-RELEASE > > > > ports installed: > > openssl-0.9.7d > cyrus-sasl-2.1.18 > cyrus-sasl-saslauthd-2.1.18_1 > > > postfix installed from source with TLS patch applied: > > postfix-2.1.3 > pfixtls-0.8.18-2.1.3-0.9.7d > > > postfix chroot directory: > > /var/spool/postfix > > > saslauthd startup options: > > /usr/local/sbin/saslauthd -a getpwent -m > /var/spool/postfix/var/state/saslauthd > > > tls/sasl options in /etc/postfix/main.cf: > > # sasl config > # > broken_sasl_auth_clients = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_local_domain = > > smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks > smtpd_recipient_restrictions = permit_sasl_authenticated, > permit_mynetworks, reject_unauth_destination > > # tls config > # > smtp_use_tls = yes > smtpd_use_tls = yes > smtp_tls_note_starttls_offer = yes > smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem > smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem > smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem > smtpd_tls_loglevel = 1 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > > > I have tried all kinds of tips from my archive searches and still no luck. > > Can anyone give me any pointers/instructions on how to run postfix > chrooted with saslauthd using FreeBSD 4.9? > > any advice will be appreciated. > > thanks in advance, > > Alex M. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 23:01:33 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 50FF016A4CE for ; Mon, 26 Jul 2004 23:01:33 +0000 (GMT) Received: from smtp.uol.com.br (smtpout1.uol.com.br [200.221.11.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9A4A43D48 for ; Mon, 26 Jul 2004 23:01:31 +0000 (GMT) (envelope-from antonio.torres@newspace.net.br) Received: from thinkpad.newspace.net.br (200-221-55-15.speedy.speeduol.com.br [200.221.55.15]) by scorpion1.uol.com.br (Postfix) with ESMTP id BD436A505 for ; Mon, 26 Jul 2004 20:01:29 -0300 (BRT) Message-Id: <6.1.2.0.2.20040726195150.025ab640@mail.newspace.net.br> X-Sender: antonio@mail.newspace.net.br X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Mon, 26 Jul 2004 20:01:03 -0300 To: freebsd-isp@freebsd.org From: Antonio Torres In-Reply-To: <000301c470ed$91015440$5b01a8c0@i8000> References: <000301c470ed$91015440$5b01a8c0@i8000> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: Apache - reverse proxy with freebsd X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 23:01:33 -0000 At 16:45 23/7/2004, you wrote: >Hi > >Currently I am running a standard setup with NameBased Virtualhosts with >HTTP 1.1 with a couple of Vhosts. Each has the same public IP. > >What I would like to do: > > - assign each vhosts a unique RFC1918 internal address > - do some nat / reverse proxy magic on the freebsd box (the >webserver itself) > - I want to use the same public IP > >Is there a solution for that? What I could not figure out, how the >reverse proxy could distinghish / split up the http 1.1 individual >domains to internal ips. > >Thanks for hints, > >Arie Let me see if I understood... You have as Apache(real IP) front-end to a several Apaches(RFC1918 IPs) in a DMZ ? You can use the standard Apache Virtual Hosts plus Proxy/Reverse Proxy: [in production httpd.conf fragment(domainnames changed)] ServerName www.domain.com ServerAdmin webmaster@domain.com ProxyPass / http://192.168.0.171/ ProxyPassReverse / http://192.168.0.171/ ServerName www.domain2.com ServerAdmin webmaster@domain2.com ProxyPass / http://192.168.0.172:81/ ProxyPassReverse / http://192.168.0.172:81/ As You see You can also change port-number... a read on a Apache Docs can explain in more details these examples... []s Antonio Torres antonio.torres@newspace.net.br From owner-freebsd-isp@FreeBSD.ORG Mon Jul 26 23:27:31 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55C3916A4CE for ; Mon, 26 Jul 2004 23:27:31 +0000 (GMT) Received: from pdx-s02.navi.net (pdx-s02.navi.net [209.95.37.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81CC443D5E for ; Mon, 26 Jul 2004 23:27:30 +0000 (GMT) (envelope-from amelkomukov@flexpop.net) Received: from localhost (amelkomukov@localhost) by pdx-s02.navi.net (8.9.1a/8.9.1) with ESMTP id QAA16117; Mon, 26 Jul 2004 16:27:26 -0700 (PDT) Date: Mon, 26 Jul 2004 16:27:25 -0700 (PDT) From: Alex Melkomukov X-Sender: amelkomukov@pdx-s02.navi.net To: "Eric W. Bates" In-Reply-To: <4105733C.1080305@vineyard.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: chrooting Postfix+SASL+TLS X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 23:27:31 -0000 Hi Eric, I think I finally have it working! Thanks a bunch for the clues. I've been at this for a bit, but I think I finally have the all the right pieces in place. I had tried running saslauthd with the "-m /var/spool/postfix/var/state/saslauthd" option before, with no luck. I even did the chown cyrus/chgrp mail commands on the /var/spool/postfix/var/state/saslauthd directory for permissions, and was still getting errors. I even tried copying the needed SASL files into the chrooted directory, but apparently it was not in the right location. I ended up copying the liblogin*, libplain*, and smtpd.conf files (the only ones I need) from the /usr/local/lib/sasl2 directory to the /var/spool/postfix/usr/local/lib/sasl2 directory, and everything started working. To be complete, I also created the /var/spool/postfix/etc directory and copied the 'aliases.db', 'hosts', 'localtime', 'resolv.conf', and 'services' files from the /etc directory. There may be a couple of other things I had to do make it all work in chroot, but these were the 'major' steps I needed to take to make it all work. Again, thanks a bunch for the tips Eric. Alex M. On Mon, 26 Jul 2004, Eric W. Bates wrote: > You can chroot most of the processes as usual; but if you chroot the > smtpd component you have to make sure that all the SASL components are > readable in the chroot'ed tree. > > I have not tried it; but that certainly includes the saslauthd socket > (normally: /var/state/saslauthd/mux); and probably the SASL config for > postfix (normally: /usr/local/lib/sasl2/smtpd.conf. I don't remember > whether the sasl library is statically linked or not. If it isn't, you > will have to compile smtpd with a link-path that it will be able to > reach when chroot'ed. > > Alex Melkomukov wrote: > > Hello all, > > > > I tried posting to the FreeBSD Questions list with no luck. I figured I > > would try this list to see if anyone has an answer/pointers for me to work > > with. > > > > posted message: > > > > Hi all, > > > > Has anyone successfully set up Postfix to run chrooted with saslauthd? > > I've been trying to get this to work for several days now and have run > > out of ideas. > > > > Everything works fine non-chrooted, but as soon as I run > > postfix/smtpd chrooted, I get the following messages in maillog: > > > > > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: connect from yyy[999.999.999.999] > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: setting up TLS connection from > > yyy[999.999.999.999] > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: TLS connection established from > > yyy[999.999.999.99]: TLSv1 with cipher RC4-MD5 (128/128 bits) > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: SASL authentication > > failure: cannot connect to saslauthd server: No such file or directory > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: yyy[999.999.999.999]: > > SASL LOGIN authentication failed > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: warning: Read failed in > > network_biopair_interop with errno=0: num_read=0, want_read=5 > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: lost connection after AUTH from > > yyy[999.999.999.999] > > Jul 23 09:46:30 xxx postfix/smtpd[2472]: disconnect from > > yyy[999.999.999.999] > > > > > > Here is what I have installed: > > > > OS: > > > > FreeBSD 4.9-RELEASE > > > > > > > > ports installed: > > > > openssl-0.9.7d > > cyrus-sasl-2.1.18 > > cyrus-sasl-saslauthd-2.1.18_1 > > > > > > postfix installed from source with TLS patch applied: > > > > postfix-2.1.3 > > pfixtls-0.8.18-2.1.3-0.9.7d > > > > > > postfix chroot directory: > > > > /var/spool/postfix > > > > > > saslauthd startup options: > > > > /usr/local/sbin/saslauthd -a getpwent -m > > /var/spool/postfix/var/state/saslauthd > > > > > > tls/sasl options in /etc/postfix/main.cf: > > > > # sasl config > > # > > broken_sasl_auth_clients = yes > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_local_domain = > > > > smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks > > smtpd_recipient_restrictions = permit_sasl_authenticated, > > permit_mynetworks, reject_unauth_destination > > > > # tls config > > # > > smtp_use_tls = yes > > smtpd_use_tls = yes > > smtp_tls_note_starttls_offer = yes > > smtpd_tls_key_file = /etc/postfix/ssl/smtpd.pem > > smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.pem > > smtpd_tls_CAfile = /etc/postfix/ssl/smtpd.pem > > smtpd_tls_loglevel = 1 > > smtpd_tls_received_header = yes > > smtpd_tls_session_cache_timeout = 3600s > > tls_random_source = dev:/dev/urandom > > > > > > I have tried all kinds of tips from my archive searches and still no luck. > > > > Can anyone give me any pointers/instructions on how to run postfix > > chrooted with saslauthd using FreeBSD 4.9? > > > > any advice will be appreciated. > > > > thanks in advance, > > > > Alex M. > > > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 07:26:15 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE4CD16A4CE for ; Tue, 27 Jul 2004 07:26:15 +0000 (GMT) Received: from smtp.volant.org (gate.volant.org [207.111.218.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id B729B43D2D for ; Tue, 27 Jul 2004 07:26:15 +0000 (GMT) (envelope-from patl+freebsd@volant.org) Received: from 64-144-229-193.client.dsl.net ([64.144.229.193] helo=[192.168.0.13]) by smtp.volant.org with asmtp (TLSv1:AES256-SHA:256) (Exim 4.34 (FreeBSD)) id 1BpMLf-000Py4-Kq; Tue, 27 Jul 2004 00:26:10 -0700 Date: Tue, 27 Jul 2004 00:26:11 -0700 From: Pat Lashley To: Richard Kuhns , freebsd-isp@freebsd.org Message-ID: <1925363520.1090913171@mccaffrey.phoenix.volant.org> In-Reply-To: <41056580.3050007@wintek.com> References: <41056580.3050007@wintek.com> X-Mailer: Mulberry/3.1.0 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scan-Signature: 64c7c80b318715666ae22d0361d0eb9341283040 X-Spam-User: nobody X-Spam-Score: -4.9 (----) X-Spam-Score-Int: -48 X-Spam-Report: This mail has matched the spam-filter tests listed below. See http://spamassassin.org/tag/ for details about the specific tests reported. In general, the higher the number of total points, the more likely that it actually is spam. (The 'required' number of points listed below is the arbitrary number above which the message is normally considered spam.) Content analysis details: (-4.9 points total, 5.0 required) -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] Subject: Re: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 07:26:16 -0000 --On Monday, July 26, 2004 15:11:44 -0500 Richard Kuhns wrote: > I'm hoping someone will be willing to share a better way to handle this. > > We offer virus/spam filtering for customers with their own mail servers. > We're currently implementing this by configuring the customer's firewall > to only accept smtp connections from our servers (all running sendmail > under FreeBSD 4), and the customer's MX records point to their server > first and our server(s) second and third. In most cases this works just > fine -- attempts by a mail server to deliver mail directly to the customer > fail, the mail server tries the secondary MX site (us), we accept and > filter the message and deliver it to the customer (or not). > > Sometimes, though, there's a very long delay for messages to be delivered > - up to several days. In each case I've been able to track down, it's been > a Microsoft Exchange 2000 server that has issues with sending messages to > the secondary mail server. > > Does anyone have a good way we could use to list our server as the primary, > and then forward the messages? I've been going through the bat book, but > the indexing leaves a little to be desired and I haven't found anything > that looks applicable yet. > > Any suggestions would be greatly appreciated. Thanks in advance... If you're willing to abandon Sendmail, this sort of thing is trivial with Exim. -Pat From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 13:54:44 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CCD1B16A4CE for ; Tue, 27 Jul 2004 13:54:44 +0000 (GMT) Received: from whitehall.lin-tech.net (whitehall.lin-tech.net [66.118.35.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD54243D1D for ; Tue, 27 Jul 2004 13:54:44 +0000 (GMT) (envelope-from bob@buckhorn.net) Received: from [209.34.61.145] (lfkn-adsl-dhcp-62-145.txucom.net [209.34.61.145]) by whitehall.lin-tech.net (Postfix) with ESMTP id 537F8FDB1; Tue, 27 Jul 2004 08:54:46 -0500 (CDT) Message-ID: <41065E5F.9020108@buckhorn.net> Date: Tue, 27 Jul 2004 08:53:35 -0500 From: Bob Martin User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040614 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pat Lashley References: <41056580.3050007@wintek.com> <1925363520.1090913171@mccaffrey.phoenix.volant.org> In-Reply-To: <1925363520.1090913171@mccaffrey.phoenix.volant.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd and fprot cc: Richard Kuhns cc: freebsd-isp@freebsd.org Subject: Re: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 13:54:44 -0000 The issue here isn't the MTA. It's running a primary server as a secondary, with the DNS "primary" being unreachable. Exim can't fix that, nor postfix or any other MTA. The first server to receive the mail should be the primary in DNS. Bob Pat Lashley wrote: > --On Monday, July 26, 2004 15:11:44 -0500 Richard Kuhns > wrote: > >> I'm hoping someone will be willing to share a better way to handle this. >> >> We offer virus/spam filtering for customers with their own mail servers. >> We're currently implementing this by configuring the customer's firewall >> to only accept smtp connections from our servers (all running sendmail >> under FreeBSD 4), and the customer's MX records point to their server >> first and our server(s) second and third. In most cases this works just >> fine -- attempts by a mail server to deliver mail directly to the >> customer >> fail, the mail server tries the secondary MX site (us), we accept and >> filter the message and deliver it to the customer (or not). >> >> Sometimes, though, there's a very long delay for messages to be delivered >> - up to several days. In each case I've been able to track down, it's >> been >> a Microsoft Exchange 2000 server that has issues with sending messages to >> the secondary mail server. >> >> Does anyone have a good way we could use to list our server as the >> primary, >> and then forward the messages? I've been going through the bat book, but >> the indexing leaves a little to be desired and I haven't found anything >> that looks applicable yet. >> >> Any suggestions would be greatly appreciated. Thanks in advance... > > > If you're willing to abandon Sendmail, this sort of thing is trivial > with Exim. > > > > -Pat > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 14:30:56 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 59A1A16A4CE for ; Tue, 27 Jul 2004 14:30:56 +0000 (GMT) Received: from host04.cpu-hosting.com (65-87-196-78.synergy-networks.com [65.87.196.78]) by mx1.FreeBSD.org (Postfix) with SMTP id 7098D43D5A for ; Tue, 27 Jul 2004 14:30:53 +0000 (GMT) (envelope-from freebsd-isp@mistif.org) Received: (qmail 2568 invoked from network); 27 Jul 2004 14:30:51 -0000 Received: from unknown (HELO don) (65.87.196.101) by vcmails.com with SMTP; 27 Jul 2004 14:30:51 -0000 From: "Don Mohlmaster" To: Date: Tue, 27 Jul 2004 10:29:59 -0400 Message-ID: <002d01c473e6$352c8940$65c45741@don> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Bridging firewall without ip question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 14:30:56 -0000 I am currently running a Bridged firewall that is setup with three interfaces. Two interfaces are bridged and have no ip address assigned to either of them. The third interface is set up for administration and is not configured in the bridge group. It is locked up tight. The issue is, I am constantly receiving the following error message: /kernel: arp: *MACADDRESS of one of the bridged ifaces* is using my IP address *IPADDRESS of the administrative interface* The bridge is passing traffic, filtering, logging without issue. But, I do not like the fact that it's unhappy. Any suggestions? FreeBSD 4.9-RELEASE-p11 #5 Ipfw Bridging compiled into kernel Rc.conf configured only one iface (administrative with ip address) Thank you, Don CPU-NET.Com, Inc Customer Service http://www.cpu-net.com http://www.cpu-hosting.com From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 14:43:07 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51D6C16A4CE for ; Tue, 27 Jul 2004 14:43:07 +0000 (GMT) Received: from minotaur.host4u.net (minotaur.host4u.net [209.150.128.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC5C943D45 for ; Tue, 27 Jul 2004 14:43:06 +0000 (GMT) (envelope-from mo.autoresponder@sonictimeworks.com) Received: (from mail@localhost) by minotaur.host4u.net (8.11.6/8.11.6) id i6REgur18120 for freebsd-isp@freebsd.org; Tue, 27 Jul 2004 09:42:56 -0500 Date: Tue, 27 Jul 2004 09:42:56 -0500 From: Nobody Message-Id: <200407271442.i6REgur18120@minotaur.host4u.net> To: freebsd-isp@freebsd.org X-Loop: one Subject: SONIC TIMEWORKS AUTOMATED REPLY X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 14:43:07 -0000 This is an automated reply, no human has read or will read your message. Due to the current increase in virus related mailing activity the email address you tried to reach, mo@sonictimeworks.com, has been deactivated. Instead, please mail molsen@ Thanks for your understanding. Sonic Timeworks From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 15:21:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E502C16A4D9 for ; Tue, 27 Jul 2004 15:21:43 +0000 (GMT) Received: from mail.wintek.com (mail.wintek.com [199.233.104.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6954443D60 for ; Tue, 27 Jul 2004 15:21:43 +0000 (GMT) (envelope-from rjk@wintek.com) Received: from [172.28.1.248] (rjk.wintek.com [206.230.2.248]) i6RFLYfU051938 for ; Tue, 27 Jul 2004 10:21:35 -0500 (EST) (envelope-from rjk@wintek.com) Message-ID: <410672ED.9040805@wintek.com> Date: Tue, 27 Jul 2004 10:21:17 -0500 From: Richard Kuhns User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040628 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <41056580.3050007@wintek.com> In-Reply-To: <41056580.3050007@wintek.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new X-Spam-Status: No, hits=-0.6 required=7.0 tests=IN_REP_TO,RCVD_IN_ORBS,REFERENCES,USER_AGENT_MOZILLA_UA, X_ACCEPT_LANG version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) Subject: Re: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 15:21:44 -0000 Many thanks to everyone who suggested using mailertable to forward the messages. I hadn't used that particular feature of sendmail for over 5 years, when I had to forward some email to a uucp-only site. In my defense, though, the section on mailertable in the bat book neglects to mention that enclosing the RHS host name in square brackets turns off MX record lookups for that host. I only discovered that in the cf/README file. Once again, thanks for all the help. - Rich -- Richard Kuhns Wintek Corporation E-mail: rjk@wintek.com 427 N 6th Street Tel: +1 (765) 742-8428 Lafayette, IN 47901-1126 Fax: +1 (765) 742-0646 United States of America From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 18:15:21 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 251FA16A4CF for ; Tue, 27 Jul 2004 18:15:21 +0000 (GMT) Received: from mail.day-light.net (day-light.net [64.37.72.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id C161A43D31 for ; Tue, 27 Jul 2004 18:15:20 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (gabriel.day-light.net [69.27.46.22]) by mail.day-light.net (Postfix) with SMTP id 21D8735270 for ; Tue, 27 Jul 2004 13:15:17 -0500 (CDT) From: "John Brooks" To: Date: Tue, 27 Jul 2004 13:15:18 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: php4 port build changes X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: john@day-light.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 18:15:21 -0000 Apparently a few days ago the entire build process for php4 has been changed. But documentation on how to select extensions is nowhere to be found (at least I couldn't find it). The end result is that basic items like session support, mysql support, etc will break if you upgrade. Anybody know where the docs are on how to activate php extensions? -- John Brooks john@day-light.com From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 18:50:57 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9590B16A4CE for ; Tue, 27 Jul 2004 18:50:57 +0000 (GMT) Received: from dkcphntex01.infopaq.net (dkcphntex01.infopaq.dk [213.150.59.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1E8E43D53 for ; Tue, 27 Jul 2004 18:50:56 +0000 (GMT) (envelope-from dph@infopaq.dk) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Tue, 27 Jul 2004 20:50:52 +0200 Message-ID: <5D750988561203468C18A37D1FC0362F015B6DE1@dkcphntex01.infopaq.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: php4 port build changes thread-index: AcR0Cg2g13PF0+tnRCqLrBLf21EjQgAAKXQg From: "David Peter Hansen" To: Subject: RE: php4 port build changes X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 18:50:57 -0000 > Apparently a few days ago the entire build process for > php4 has been changed. But documentation on how to select=20 > extensions is nowhere to be found (at least I couldn't find=20 > it). The end result is that basic items like session support,=20 > mysql support, etc will break if you upgrade.=20 >=20 > Anybody know where the docs are on how to activate php extensions? >From /usr/ports/UPDATING: 20040719: AFFECTS: users of PHP AUTHOR: ale@FreeBSD.org The old lang/php4 and lang/php5 ports have been splitted into 'base' PHP, PEAR, and shared extensions to allow more flexibility and add new features. Upgrading your current PHP installation will result in a 'base' PHP installation (no PEAR and no extensions). PEAR can be found in the new devel/php4-pear and devel/php5-pear ports, while the set of PHP extensions to install can be choosen via the meta-ports lang/php4-extensions and lang/php5-extensions, or installing singular extensions individually. /david From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 18:52:10 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAB5116A4CE for ; Tue, 27 Jul 2004 18:52:10 +0000 (GMT) Received: from mailtest.sd73.bc.ca (mailtest.sd73.bc.ca [142.24.13.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DD4343D55 for ; Tue, 27 Jul 2004 18:52:10 +0000 (GMT) (envelope-from fcash-ml@sd73.bc.ca) Received: from localhost (localhost [127.0.0.1]) by mailtest.sd73.bc.ca (Postfix) with ESMTP id 47D1C7131; Tue, 27 Jul 2004 11:52:08 -0700 (PDT) Received: from mailtest.sd73.bc.ca ([127.0.0.1]) by localhost (mailtest.sd73.bc.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28033-08; Tue, 27 Jul 2004 11:52:08 -0700 (PDT) Received: from [192.168.0.166] (unknown [192.168.0.166]) by mailtest.sd73.bc.ca (Postfix) with ESMTP id 117E01EF85; Tue, 27 Jul 2004 11:52:08 -0700 (PDT) From: Freddie Cash Organization: School District 73 - Kamloops, BC To: freebsd-isp@freebsd.org Date: Tue, 27 Jul 2004 18:52:05 -0700 User-Agent: KMail/1.6.2 References: In-Reply-To: MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200407271852.05054.fcash-ml@sd73.bc.ca> X-Virus-Scanned: by amavisd-new at sd73.bc.ca Subject: Re: php4 port build changes X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 18:52:10 -0000 On July 27, 2004 11:15 am, John Brooks wrote: > Apparently a few days ago the entire build process for > php4 has been changed. But documentation on how to select > extensions is nowhere to be found (at least I couldn't find > it). The end result is that basic items like session support, > mysql support, etc will break if you upgrade. > Anybody know where the docs are on how to activate php > extensions? As with all things relating to the ports tree: /usr/ports/UPDATING and /usr/ports/CHANGES. :) There was also a HEAD's UP sent to the -ports mailing list. -- Freddie Cash, CCNT CCLP Helpdesk / Network Support Tech. School District 73 (250) 377-HELP [377-4357] fcash-ml@sd73.bc.ca From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 18:56:04 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2397016A4CE for ; Tue, 27 Jul 2004 18:56:04 +0000 (GMT) Received: from mail.day-light.net (day-light.net [64.37.72.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF10843D39 for ; Tue, 27 Jul 2004 18:56:01 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (gabriel.day-light.net [69.27.46.22]) by mail.day-light.net (Postfix) with SMTP id 3BDE735299 for ; Tue, 27 Jul 2004 13:56:01 -0500 (CDT) From: "John Brooks" To: Date: Tue, 27 Jul 2004 13:56:02 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: RE: php4 port build changes UPDATE X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: john@day-light.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 18:56:04 -0000 It seems the extensions are now in a completely separate port: /usr/port/lang/php4-extensions Hopefully this will save someone else some time tracking it down -- John Brooks john@day-light.com > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org]On Behalf Of John Brooks > Sent: Tuesday, July 27, 2004 1:15 PM > To: freebsd-isp@freebsd.org > Subject: php4 port build changes > > > Apparently a few days ago the entire build process for > php4 has been changed. But documentation on how to select > extensions is nowhere to be found (at least I couldn't find > it). The end result is that basic items like session support, > mysql support, etc will break if you upgrade. > > Anybody know where the docs are on how to activate php > extensions? > From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 19:04:56 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8FEC816A4CE for ; Tue, 27 Jul 2004 19:04:56 +0000 (GMT) Received: from mail.day-light.net (day-light.net [64.37.72.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7341B43D31 for ; Tue, 27 Jul 2004 19:04:56 +0000 (GMT) (envelope-from john@day-light.com) Received: from w1 (gabriel.day-light.net [69.27.46.22]) by mail.day-light.net (Postfix) with SMTP id 0417D3529E; Tue, 27 Jul 2004 14:04:56 -0500 (CDT) From: "John Brooks" To: "Freddie Cash" , Date: Tue, 27 Jul 2004 14:04:57 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal In-Reply-To: <200407271852.05054.fcash-ml@sd73.bc.ca> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: RE: php4 port build changes X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: john@day-light.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 19:04:56 -0000 eventually found that, but it still didn't provide very much help in tracking them down. if it had just indicated that extensions were now in a different port. but such is life, at least it was fun hunting them down. ;-) -- John Brooks john@day-light.com > -----Original Message----- > From: Freddie Cash [mailto:fcash-ml@sd73.bc.ca] > Sent: Tuesday, July 27, 2004 8:52 PM > To: freebsd-isp@freebsd.org > Cc: john@day-light.com > Subject: Re: php4 port build changes > > > On July 27, 2004 11:15 am, John Brooks wrote: > > Apparently a few days ago the entire build process for > > php4 has been changed. But documentation on how to select > > extensions is nowhere to be found (at least I couldn't find > > it). The end result is that basic items like session support, > > mysql support, etc will break if you upgrade. > > > Anybody know where the docs are on how to activate php > > extensions? > > As with all things relating to the ports tree: /usr/ports/UPDATING > and /usr/ports/CHANGES. :) > > There was also a HEAD's UP sent to the -ports mailing list. > -- > Freddie Cash, CCNT CCLP Helpdesk / Network Support Tech. > School District 73 (250) 377-HELP [377-4357] > fcash-ml@sd73.bc.ca From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 21:10:05 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0731916A4D1 for ; Tue, 27 Jul 2004 21:10:05 +0000 (GMT) Received: from smtp.volant.org (gate.volant.org [207.111.218.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id E26D943D53 for ; Tue, 27 Jul 2004 21:10:04 +0000 (GMT) (envelope-from patl@volant.org) Received: from 64-144-229-193.client.dsl.net ([64.144.229.193] helo=[192.168.0.13]) by smtp.volant.org with asmtp (TLSv1:AES256-SHA:256) (Exim 4.34 (FreeBSD)) id 1BpZCt-0002xT-GG; Tue, 27 Jul 2004 14:09:57 -0700 Date: Tue, 27 Jul 2004 14:09:59 -0700 From: Pat Lashley To: Bob Martin Message-ID: <2773213520.1090962599@mccaffrey.phoenix.volant.org> In-Reply-To: <41065E5F.9020108@buckhorn.net> References: <41056580.3050007@wintek.com> <1925363520.1090913171@mccaffrey.phoenix.volant.org> <41065E5F.9020108@buckhorn.net> X-Mailer: Mulberry/3.1.0 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Scan-Signature: ccec3068c2c34a412b04326b5f6d3453a40553ac X-Spam-User: nobody X-Spam-Score: -4.8 (----) X-Spam-Score-Int: -47 X-Spam-Report: This mail has matched the spam-filter tests listed below. See http://spamassassin.org/tag/ for details about the specific tests reported. In general, the higher the number of total points, the more likely that it actually is spam. (The 'required' number of points listed below is the arbitrary number above which the message is normally considered spam.) Content analysis details: (-4.8 points total, 5.0 required) -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 0.1 AWL AWL: Auto-whitelist adjustment cc: Richard Kuhns cc: freebsd-isp@freebsd.org Subject: Re: Question about virus/spam filtering for customers with mail servers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 21:10:05 -0000 --On Tuesday, July 27, 2004 08:53:35 -0500 Bob Martin wrote: > The issue here isn't the MTA. It's running a primary server > as a secondary, with the DNS "primary" being unreachable. > > Exim can't fix that, nor postfix or any other MTA. > > The first server to receive the mail should be the primary in DNS. Yes, it should. My response was too terse; I should have made it clear that what is trivial in Exim is setting up a router/ transport to forward the customer's mail to a specific host rather than using MX records. That would completely eliminate the need for an MX record pointing to the customer's server. -Pat From owner-freebsd-isp@FreeBSD.ORG Tue Jul 27 21:48:32 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 791DE16A4CE for ; Tue, 27 Jul 2004 21:48:32 +0000 (GMT) Received: from notesmail1.csuohio.edu (notesmail1.csuohio.edu [137.148.5.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DF4243D58 for ; Tue, 27 Jul 2004 21:48:31 +0000 (GMT) (envelope-from j.mcloughlin@csuohio.edu) From: j.mcloughlin@csuohio.edu To: freebsd-isp@freebsd.org Message-ID: Date: Tue, 27 Jul 2004 17:48:27 -0400 X-MIMETrack: Serialize by Router on NotesMail1/CSU(Release 5.0.12 |February 13, 2003) at 07/27/2004 05:48:31 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Subject: James Mcloughlin/DN EDUC/Faculty/CSU is out of the office. X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jul 2004 21:48:32 -0000 I will be out of the office starting 07/18/2004 and will not return until 08/02/2004. For immediate attention, please contact my assistant, Patty Sokolowski at 216 523-7143. Otherwise, I will respond to your message when I return. Dr. Richard Hurwitz (687-4679) is Acting Dean in my absence. Thank you. From owner-freebsd-isp@FreeBSD.ORG Wed Jul 28 06:28:41 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6703416A4CE for ; Wed, 28 Jul 2004 06:28:41 +0000 (GMT) Received: from ccserver.nmsu.edu (ccserver.nmsu.edu [128.123.34.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45EEC43D49 for ; Wed, 28 Jul 2004 06:28:41 +0000 (GMT) (envelope-from jeanette@ccserver.nmsu.edu) Received: by ccserver.nmsu.edu (Postfix, from userid 41734) id 7B788151EB8; Wed, 28 Jul 2004 00:34:21 -0600 (MDT) To: freebsd-isp@freebsd.org Auto-Submitted: auto-replied Message-Id: <20040728063421.7B788151EB8@ccserver.nmsu.edu> Date: Wed, 28 Jul 2004 00:34:21 -0600 (MDT) From: jeanette@ccserver.nmsu.edu Subject: away from my mail X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 06:28:41 -0000 I will not be teaching or available during Summer 2004 and will be on sabbatical until January 2005. If you need advisement or assistance, please contact the Cirruculum and Instruction Office at 505.646.4820 From owner-freebsd-isp@FreeBSD.ORG Wed Jul 28 19:18:54 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A395016A4CE for ; Wed, 28 Jul 2004 19:18:54 +0000 (GMT) Received: from mail.egation.com (frhemail.colo.egation.com [216.218.216.14]) by mx1.FreeBSD.org (Postfix) with SMTP id 8987E43D5C for ; Wed, 28 Jul 2004 19:18:54 +0000 (GMT) (envelope-from david@mail.egation.com) Received: (qmail 15015 invoked by uid 0); 28 Jul 2004 19:18:54 -0000 Received: from david@mail.egation.com by egation.com by uid 0 with qmail-scanner-1.20 (clamuko: 0.65. uvscan: v4.3.20/v4319. Clear:RC:1(66.220.15.53):. Processed in 0.019352 secs); 28 Jul 2004 19:18:54 -0000 X-Qmail-Scanner-Mail-From: david@mail.egation.com via egation.com X-Qmail-Scanner: 1.20 (Clear:RC:1(66.220.15.53):. Processed in 0.019352 secs) Received: from frecnocpc2.noc.egation.com (66.220.15.53) by frhemail.colo.egation.com with SMTP; 28 Jul 2004 19:18:54 -0000 Received: from frecnocpc2.noc.egation.com (localhost [127.0.0.1]) i6SJIrkD038151 for ; Wed, 28 Jul 2004 12:18:53 -0700 (PDT) (envelope-from david@frecnocpc2.noc.egation.com) Received: (from david@localhost)i6SJIrDC038150 for isp@freebsd.org; Wed, 28 Jul 2004 12:18:53 -0700 (PDT) (envelope-from david) Date: Wed, 28 Jul 2004 12:18:53 -0700 From: David Wolfskill To: isp@freebsd.org Message-ID: <20040728191853.GH27055@frecnocpc2.noc.egation.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: asp/aspx support for Javascript in Apache? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 19:18:54 -0000 Sorry if this is too elementary; I haven't had occasion to do much in the way of anything too exotic with Apache -- mostly, it just works. But now my boss wants to host an organization that has pages with URLS like http://..../Catalog.aspx, and whose contents include