From owner-freebsd-isp@FreeBSD.ORG Sun Apr 17 07:42:54 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB27916A4CE for ; Sun, 17 Apr 2005 07:42:54 +0000 (GMT) Received: from smtp4.wlink.com.np (smtp4.wlink.com.np [202.79.32.87]) by mx1.FreeBSD.org (Postfix) with SMTP id 46CCE43D31 for ; Sun, 17 Apr 2005 07:42:40 +0000 (GMT) (envelope-from mail@vickysh.wlink.com.np) Received: (qmail 87794 invoked from network); 17 Apr 2005 07:42:32 -0000 Received: from unknown (HELO av-scanner-02.wlink.com.np) (202.79.32.91) by 0 with SMTP; 17 Apr 2005 07:42:32 -0000 Received: (qmail 30638 invoked by uid 1009); 17 Apr 2005 07:42:31 -0000 Received: from mail@vickysh.wlink.com.np by av-scanner-02.wlink.com.np by uid 1003 with qmail-scanner-1.20 ( Clear:RC:1(202.79.32.78):. Processed in 0.007451 secs); 17 Apr 2005 07:42:31 -0000 Received: from smtp3.wlink.com.np (202.79.32.78) by av-scanner-02.wlink.com.np with SMTP; 17 Apr 2005 07:42:30 -0000 Received: (qmail 15601 invoked by uid 514); 17 Apr 2005 07:42:32 -0000 Received: from [202.79.36.227] (HELO vicks.wlink.com.np) by smtp3.wlink.com.np (qmail-smtpd) with SMTP; 17 Apr 2005 07:42:31 -0000 (Sun, 17 Apr 2005 13:27:31 +0545) From: Vicky Shrestha Organization: WorldLink Communications To: freebsd-isp@freebsd.org Date: Sun, 17 Apr 2005 13:27:25 +0545 User-Agent: KMail/1.7.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504171327.28511.mail@vickysh.wlink.com.np> X-Spam-Check-By: smtp3.wlink.com.np Spam: No ; -4.9 / 5.0 X-Spam-Status-WL: No, hits=-4.9 required=5.0 Subject: IPSEC l2tpd and Windows shares problem X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: mail@vickysh.wlink.com.np List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2005 07:42:54 -0000 Dear all, I am running IPSEC and l2tpd in FreeBSD 4.9. I am able to connect from WindowsXP to this FreeBSD box . I am also able to ping the Hosts behind the IPSEC gateway, connect to internal ftp servers, browse intranet websites etc. However I am not able to browse network shares (windows and samba both). It does prompts for Username/password when we try to access directly , but it will never show the network shares. If I connect to a linux IPSEC gateway using rp-l2tp there is no problem. /usr/local/etc/l2tp/l2tpd.conf ==================================== [global] port = 1701 [lns default] ip range = 192.168.0.129 - 192.168.0.254 local ip = 192.168.0.2 hostname = freebsdipsec name = freebsdipsec ppp debug = yes pppoptfile = /usr/local/etc/l2tp/options.l2tpd ======================================= /usr/local/etc/l2tp/options.l2tpd ======================================= noauth proxyarp lcp-echo-interval 30 lcp-echo-failure 6 ms-dns 192.168.0.3 ms-dns 192.168.0.4 ms-wins 192.168.0.6 crtscts idle 1800 mtu 1400 mru 1400 lock nodetach debug ==================================== Note: the IP address of the Private Interface is 192.168.0.1/24 -- With regards, Vicky Shrestha From owner-freebsd-isp@FreeBSD.ORG Sun Apr 17 15:05:48 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E2B516A4CE for ; Sun, 17 Apr 2005 15:05:48 +0000 (GMT) Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BC8E43D49 for ; Sun, 17 Apr 2005 15:05:47 +0000 (GMT) (envelope-from dean@dragon.stack.nl) Received: from dragon.stack.nl (dragon.stack.nl [IPv6:2001:610:1108:5011:207:e9ff:fe09:230]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailhost.stack.nl (Postfix) with ESMTP id 9C6FC1F04E; Sun, 17 Apr 2005 17:05:46 +0200 (CEST) Received: by dragon.stack.nl (Postfix, from userid 1600) id 773375F15D; Sun, 17 Apr 2005 17:05:46 +0200 (CEST) Date: Sun, 17 Apr 2005 17:05:46 +0200 From: Dean Strik To: "Gustavo A. Baratto" Message-ID: <20050417150546.GA72647@dragon.stack.nl> References: <022301c53faa$e7da70d0$0201a8c0@mco2> <00bf01c53fad$f2103e10$6400a8c0@garrincha> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <00bf01c53fad$f2103e10$6400a8c0@garrincha> X-Editor: VIM Rulez! http://www.vim.org/ X-MUD: Outerspace - telnet://mud.stack.nl:3333 X-Really: Yes User-Agent: Mutt/1.5.9i cc: Marcelo Coelho cc: freebsd-isp@freebsd.org Subject: Re: Dual Ethernet NIC w/ failover X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2005 15:05:48 -0000 Gustavo A. Baratto wrote: > Take a look into CARP: > http://openbsd.org/faq/faq6.html#CARP > > It has been ported to freebsd, and it will probably be out for 5.4. > > Most likely you want to failover two servers, and not two NICs, since HDs > fail much mure often than NICs. Beside that not being what the poster asked for, there's more than just the NIC that can go down - think cables and switches. NIC failover is useful... -- Dean C. Strik Eindhoven University of Technology dean@stack.nl | dean@ipnet6.org | http://www.ipnet6.org/ "This isn't right. This isn't even wrong." -- Wolfgang Pauli From owner-freebsd-isp@FreeBSD.ORG Tue Apr 19 22:04:58 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3156E16A4D0 for ; Tue, 19 Apr 2005 22:04:58 +0000 (GMT) Received: from relay1.es.uci.edu (relay1.es.uci.edu [128.200.73.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id E56ED43D3F for ; Tue, 19 Apr 2005 22:04:57 +0000 (GMT) (envelope-from cadaver@tucu.net) Received: from [128.195.4.198] (kate.ics.uci.edu [128.195.4.198]) (authenticated bits=0) by relay1.es.uci.edu (8.12.11/8.12.11) with ESMTP id j3JM4oqm032740 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Tue, 19 Apr 2005 15:04:57 -0700 X-UCInetID: mshafae Mime-Version: 1.0 (Apple Message framework v622) Content-Transfer-Encoding: 7bit Message-Id: <01972cf90abfbb0ad74596d202db9b3f@tucu.net> Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-isp@freebsd.org From: Michael Date: Tue, 19 Apr 2005 15:04:49 -0700 X-Mailer: Apple Mail (2.622) Subject: Apache 1.3 dies on signal 11 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Apr 2005 22:04:58 -0000 Hi, I have a system running FreeBSD 4.11-RELEASE-p3 and Apache 1.3.33 with mod_ssl 2.8.22. Up until recently everything was working fine. Then as of last week, Apache would die unexpectedly, usually around 3:30 AM and 5:00 AM exiting with signal 11. Also, once it has died I can't start it up with mod_ssl. I checked my crontab and newsyslog for any clues what might be triggering this but I couldn't find anything that seemed to be triggering the Apache processes to exit. Looking at the archives, other folks suggested that this could be a hardware problem. I can't run memtest86 since the machine is located in a hosting facilty, but I did run two make buildworlds to see if gcc would die. Gcc didn't die. I can share the output of truss or gdb if anyone can help me figure out what is going on. If you have any tips or clues, I would greatly appreciate any suggestions. Thanks in advance, Michael From owner-freebsd-isp@FreeBSD.ORG Wed Apr 20 06:33:00 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FB2A16A4CE for ; Wed, 20 Apr 2005 06:33:00 +0000 (GMT) Received: from smtp2.enta.net (smtp2.enta.net [62.249.192.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84EEE43D2F for ; Wed, 20 Apr 2005 06:32:59 +0000 (GMT) (envelope-from steve@enta.net) Received: from [195.74.102.3] (steve.1024.co.uk [195.74.102.3]) by smtp2.enta.net (Postfix) with ESMTP id 22B4620B70C; Wed, 20 Apr 2005 07:45:01 +0100 (BST) Message-ID: <4265F799.6010201@enta.net> Date: Wed, 20 Apr 2005 07:32:57 +0100 From: Steve Lalonde User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Michael References: <01972cf90abfbb0ad74596d202db9b3f@tucu.net> In-Reply-To: <01972cf90abfbb0ad74596d202db9b3f@tucu.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-isp@freebsd.org Subject: Re: Apache 1.3 dies on signal 11 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 06:33:00 -0000 Michael wrote: > > Hi, > > I have a system running FreeBSD 4.11-RELEASE-p3 and Apache 1.3.33 with > mod_ssl 2.8.22. Up until recently everything was working fine. Then as > of last week, Apache would die unexpectedly, usually around 3:30 AM > and 5:00 AM exiting with signal 11. Also, once it has died I can't > start it up with mod_ssl. I checked my crontab and newsyslog for any > clues what might be triggering this but I couldn't find anything that > seemed to be triggering the Apache processes to exit. > > Looking at the archives, other folks suggested that this could be a > hardware problem. I can't run memtest86 since the machine is located > in a hosting facilty, but I did run two make buildworlds to see if gcc > would die. Gcc didn't die. > > I can share the output of truss or gdb if anyone can help me figure > out what is going on. If you have any tips or clues, I would greatly > appreciate any suggestions. > > Thanks in advance, > > Michael > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" Similar problem here dual zeon tin that will not run apache with mod_ssl compiled in, even if started without ssl it just dies with signal 11 every time it tries to start. recompile without ssl and box is stable new memory for the box has arrived now so maybe that will solve it. -- Steve Lalonde RTFM Chief Technical Officer Entanet International Ltd http://www.enta.net/ From owner-freebsd-isp@FreeBSD.ORG Wed Apr 20 10:13:47 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF32E16A4CE for ; Wed, 20 Apr 2005 10:13:47 +0000 (GMT) Received: from relay1.es.uci.edu (relay1.es.uci.edu [128.200.73.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76D5C43D1F for ; Wed, 20 Apr 2005 10:13:47 +0000 (GMT) (envelope-from cadaver@tucu.net) Received: from [10.19.72.31] (c-24-126-25-181.hsd1.ca.comcast.net [24.126.25.181]) (authenticated bits=0) by relay1.es.uci.edu (8.12.11/8.12.11) with ESMTP id j3KADlhs019249 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Wed, 20 Apr 2005 03:13:47 -0700 X-UCInetID: mshafae Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: <01972cf90abfbb0ad74596d202db9b3f@tucu.net> References: <01972cf90abfbb0ad74596d202db9b3f@tucu.net> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Michael Date: Wed, 20 Apr 2005 03:13:46 -0700 To: freebsd-isp@freebsd.org X-Mailer: Apple Mail (2.622) Subject: Re: Apache 1.3 dies on signal 11 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 10:13:47 -0000 On Apr 19, 2005, at 3:04 PM, Michael wrote: > > Hi, > > I have a system running FreeBSD 4.11-RELEASE-p3 and Apache 1.3.33 with > mod_ssl 2.8.22. Up until recently everything was working fine. Then as > of last week, Apache would die unexpectedly, usually around 3:30 AM > and 5:00 AM exiting with signal 11. Also, once it has died I can't > start it up with mod_ssl. I checked my crontab and newsyslog for any > clues what might be triggering this but I couldn't find anything that > seemed to be triggering the Apache processes to exit. > > Looking at the archives, other folks suggested that this could be a > hardware problem. I can't run memtest86 since the machine is located > in a hosting facilty, but I did run two make buildworlds to see if gcc > would die. Gcc didn't die. > > I can share the output of truss or gdb if anyone can help me figure > out what is going on. If you have any tips or clues, I would greatly > appreciate any suggestions. > > Thanks in advance, > > Michael > I had a suspicion that mod_php might have something to do with my problems judging from other posts I saw in the mailing list archives. I disabled my php extensions in /usr/local/etc/php/extension.ini one by one until Apache would start up with mod_ssl and not die. If I disable the openssl php extension, things work fine as far as I can tell. With the openssl extension enabled, Apache dies and this is what I get from the backtrace in gdb: (gdb) where #0 0x283f0fcc in RSA_new () from /usr/lib/libcrypto.so.3 #1 0x2840b70e in RSAPrivateKey_asn1_meth () from /usr/lib/libcrypto.so.3 #2 0x28417d20 in ASN1_item_ex_new () from /usr/lib/libcrypto.so.3 #3 0x28417b4c in ASN1_item_ex_new () from /usr/lib/libcrypto.so.3 #4 0x28413801 in ASN1_item_ex_d2i () from /usr/lib/libcrypto.so.3 #5 0x2841329e in ASN1_item_d2i () from /usr/lib/libcrypto.so.3 #6 0x2840b773 in d2i_RSAPrivateKey () from /usr/lib/libcrypto.so.3 #7 0x2830c3f0 in ssl_init_TmpKeysHandle (action=1, s=0x809b038, p=0x809b010) at ssl_engine_init.c:443 #8 0x2830bfa6 in ssl_init_Module (s=0x809b038, p=0x809b010) at ssl_engine_init.c:282 #9 0x8055a88 in ap_init_modules (p=0x809b010, s=0x809b038) at http_config.c:1664 #10 0x805df76 in standalone_main (argc=3, argv=0xbfbffb54) at http_main.c:5379 #11 0x805e6ff in main (argc=3, argv=0xbfbffb54) at http_main.c:5767 Does anyone know why this is happening? Michael From owner-freebsd-isp@FreeBSD.ORG Wed Apr 20 14:43:31 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBE1B16A4CF for ; Wed, 20 Apr 2005 14:43:31 +0000 (GMT) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B0F143D39 for ; Wed, 20 Apr 2005 14:43:29 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DOGQF-0008QU-9Z by authid ; Wed, 20 Apr 2005 17:43:23 +0300 Date: Wed, 20 Apr 2005 17:43:23 +0300 From: Odhiambo Washington To: Andrey Karyagin Message-ID: <20050420144323.GB60384@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , Andrey Karyagin , freebsd-isp@freebsd.org References: <200504112216161.SM01492@KrisLaptop> <425B5522.2000008@narod.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <425B5522.2000008@narod.ru> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i cc: freebsd-isp@freebsd.org Subject: Re: [OBORONA-SPAM] Updating FreeBSD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 14:43:32 -0000 * Andrey Karyagin [20050412 07:57]: wrote: > Kris McElroy =D0=BF=D0=B8=D1=88=D0=B5=D1=82: >=20 > >First things I am a newb to FreeBSD and have made strides coming from > >windows. There are a few things that I am unsure about, or need some > >direction on. > > > >I am currently running: FreeBSD 4.11-RELEASE #0 and I would like to make > >sure that it is up to date with all the necessary patches, security fixe= s, > >etc... I have read up on CVSup but I am unclear of how to actually use= =20 > >it. > >Can someone give me some examples? I do not have any xwindow systems > >installed, command line only. > > > > > > > >Thanks, > > > > > >Kris McElroy > >kmcelroy@duracom.net > > > > > >=20 > > > Here are two files - cvsupfile (copy it to /etc dir) and cvsup-update.sh= =20 > (executable) with comments what you must do after cvs updating. > This procedure cvs update your OS to 4.11-STABLE. >=20 > *default host=3Dcvsup.ru.FreeBSD.org > *default base=3D/usr > *default prefix=3D/usr > *default release=3Dcvs > *default tag=3DRELENG_4 > *default delete use-rel-suffix >=20 > src-base > src-bin > src-contrib > src-crypto > src-etc > src-games > src-gnu > src-include > src-kerberosIV > src-kerberos5 > src-lib > src-libexec > src-release > src-secure > src-sbin > src-share > src-sys > src-tools > src-usrbin > src-usrsbin > *default tag=3D. ^^^^^^^^^^^^^^^^ Andrey, You are sure you want the OP to use that line as well?? -Wash http://www.netmeister.org/news/learn2quote.html -- +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ First Corollary of Taber's Second Law: Machines that piss people off get murdered. -- Pat Taber From owner-freebsd-isp@FreeBSD.ORG Wed Apr 20 14:52:11 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D355416A4CE for ; Wed, 20 Apr 2005 14:52:11 +0000 (GMT) Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id E69F043D39 for ; Wed, 20 Apr 2005 14:52:10 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DOGYi-000Fyu-0X by authid for ; Wed, 20 Apr 2005 17:52:08 +0300 Date: Wed, 20 Apr 2005 17:52:07 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20050420145207.GC60384@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Subject: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 14:52:11 -0000 Hello Sysadmins, Does anyone have any clues as to how I can easily limit access to my imapd daemon to just a few hosts? I am running courier-imap but looking at /etc/inetd.conf, I don't see how I could put it in there and hence use hosts.allow to control access. Google has not helped much, but again I may be searching using wrong keyword. -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Pohl's law: Nothing is so good that somebody, somewhere, will not hate it. From owner-freebsd-isp@FreeBSD.ORG Wed Apr 20 15:00:17 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9161F16A4CE for ; Wed, 20 Apr 2005 15:00:17 +0000 (GMT) Received: from bsd.dino.sk (bsd.dino.sk [213.215.72.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35AB643D5C for ; Wed, 20 Apr 2005 15:00:16 +0000 (GMT) (envelope-from isp@dino.sk) Received: from tablet.dino.sk ([213.215.72.59]) (AUTH: PLAIN milan) by bsd.dino.sk with esmtp; Wed, 20 Apr 2005 17:01:35 +0200 id 000000C0.42666ECF.0000536E From: Milan Obuch To: Odhiambo Washington , freebsd-isp@freebsd.org Date: Wed, 20 Apr 2005 16:59:46 +0200 User-Agent: KMail/1.7.2 References: <20050420145207.GC60384@ns2.wananchi.com> In-Reply-To: <20050420145207.GC60384@ns2.wananchi.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200504201659.46978.isp@dino.sk> Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 15:00:17 -0000 On Wednesday 20 April 2005 16:52, Odhiambo Washington wrote: > Hello Sysadmins, > > Does anyone have any clues as to how I can easily limit access to my > imapd daemon to just a few hosts? > I am running courier-imap but looking at /etc/inetd.conf, I don't > see how I could put it in there and hence use hosts.allow to control > access. Google has not helped much, but again I may be searching using > wrong keyword. > Look for courier-imap mailing list for courier specific solution. You could however simply filter port 143 tcp with ipfw, ipfilter of pf, whatever are you using. Milan From owner-freebsd-isp@FreeBSD.ORG Wed Apr 20 17:04:28 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48AF516A4CE for ; Wed, 20 Apr 2005 17:04:28 +0000 (GMT) Received: from meisai.numachi.com (meisai.numachi.com [198.175.254.6]) by mx1.FreeBSD.org (Postfix) with SMTP id 509F443D45 for ; Wed, 20 Apr 2005 17:04:24 +0000 (GMT) (envelope-from reichert@numachi.com) Received: (qmail 4942 invoked from network); 20 Apr 2005 17:04:20 -0000 Received: from natto.numachi.com (198.175.254.216) by meisai.numachi.com with SMTP; 20 Apr 2005 17:04:20 -0000 Received: (qmail 2056 invoked from network); 20 Apr 2005 17:04:20 -0000 Received: from unknown (HELO natto.numachi.com) (127.0.0.1) by natto.numachi.com with SMTP; 20 Apr 2005 17:04:20 -0000 Received: (from reichert@localhost) by natto.numachi.com (8.13.1/8.12.11/Submit) id j3KH0KMY002040; Wed, 20 Apr 2005 13:00:20 -0400 (EDT) (envelope-from reichert@numachi.com) X-Authentication-Warning: natto.numachi.com: reichert set sender to reichert@numachi.com using -f Date: Wed, 20 Apr 2005 13:00:20 -0400 From: Brian Reichert To: Odhiambo Washington , freebsd-isp@freebsd.org Message-ID: <20050420170020.GC645@numachi.com> References: <20050420145207.GC60384@ns2.wananchi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050420145207.GC60384@ns2.wananchi.com> User-Agent: Mutt/1.5.9i Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 17:04:28 -0000 On Wed, Apr 20, 2005 at 05:52:07PM +0300, Odhiambo Washington wrote: > Hello Sysadmins, > > Does anyone have any clues as to how I can easily limit access to my > imapd daemon to just a few hosts? > I am running courier-imap but looking at /etc/inetd.conf, I don't > see how I could put it in there and hence use hosts.allow to control > access. Google has not helped much, but again I may be searching using > wrong keyword. I think courier-imap uses the qmail-based tcpserver invocations, does it not? If so, you could use a tcprules database to impose those sort of constraints. > -Wash > > http://www.netmeister.org/news/learn2quote.html -- Brian Reichert 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large From owner-freebsd-isp@FreeBSD.ORG Wed Apr 20 21:08:07 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A358616A4CE for ; Wed, 20 Apr 2005 21:08:07 +0000 (GMT) Received: from materva.diewebmaster.at (materva.diewebmaster.at [80.66.42.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id D98B543D1D for ; Wed, 20 Apr 2005 21:08:04 +0000 (GMT) (envelope-from christian.damm@diewebmaster.at) Received: from localhost (localhost.diewebmaster.at [127.0.0.1]) by materva.diewebmaster.at (Postfix) with ESMTP id 084B02180E1; Wed, 20 Apr 2005 23:08:01 +0200 (CEST) Received: from materva.diewebmaster.at ([127.0.0.1]) by localhost (materva.diewebmaster.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 98063-03; Wed, 20 Apr 2005 23:08:00 +0200 (CEST) Received: from [192.168.1.11] (unknown [80.66.40.101]) by materva.diewebmaster.at (Postfix) with ESMTP id 2BFEB2180E0; Wed, 20 Apr 2005 23:07:59 +0200 (CEST) Message-ID: <4266C4BA.1010205@diewebmaster.at> Date: Wed, 20 Apr 2005 23:08:10 +0200 From: Christian Damm Organization: Die Webmaster User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: Odhiambo Washington References: <20050420145207.GC60384@ns2.wananchi.com> In-Reply-To: <20050420145207.GC60384@ns2.wananchi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at diewebmaster.at cc: freebsd-isp@freebsd.org Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 21:08:07 -0000 Odhiambo Washington schrieb: > Hello Sysadmins, > > Does anyone have any clues as to how I can easily limit access to my > imapd daemon to just a few hosts? > I am running courier-imap but looking at /etc/inetd.conf, I don't > see how I could put it in there and hence use hosts.allow to control > access. Google has not helped much, but again I may be searching using > wrong keyword. 1.) you can use the courier-suites own tcp server (quite similar to the DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do ip restrictions and much more. 2.) dont know if it is possible to compile courier imap aginst libwrap and use the tcp wrapper (hosts.allow). 3.) i would not start courier imap via inetd/xinetd - courier imap was developed to be a stanalone imap daemon running within the courier-suite/framework...sure, you could use tcp wrapper without probs when using inetd/xinetd but there are better solutions than using one of the "super servers" *urghh*. 4.) use the packet filter on your border router/gateway/firewall or firewall the host directly via ipfw/ipf/pf to restrict access. > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +======================================================================+ > |\ _,,,---,,_ | Odhiambo Washington > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > Pohl's law: > Nothing is so good that somebody, somewhere, will not hate it. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > !DSPAM:42666ca8698371595919483! > -- mfg. christian damm technische leitung phone: dw 42 email: christian.damm@diewebmaster.at icq at work: 124464652 die webmaster - flötzerweg 156 - 4030 linz - austria phone: +43-732-381242 fax: +43-732-381242-22 isdn (leonardo): +43-732-381242-33 homepage: www.diewebmaster.at, public email: office@diewebmaster.at From owner-freebsd-isp@FreeBSD.ORG Thu Apr 21 05:15:49 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C300D16A4CE for ; Thu, 21 Apr 2005 05:15:49 +0000 (GMT) Received: from smtp.t50.ru (ns4.t50.ru [81.89.65.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id F20BD43D41 for ; Thu, 21 Apr 2005 05:15:48 +0000 (GMT) (envelope-from karjagin@narod.ru) Received: from richi.teleintercom.ru ([81.89.64.105]) by smtp.t50.ru with esmtp (Exim 4.34) id 1DOU2T-0003RR-6J for freebsd-isp@freebsd.org; Thu, 21 Apr 2005 09:15:47 +0400 Message-ID: <4267374A.2090606@narod.ru> Date: Thu, 21 Apr 2005 09:16:58 +0400 From: Andrey Karyagin Organization: ZAO "Teleintercom" User-Agent: Mozilla/5.0 (X11; U; Linux i686; ru-RU; rv:1.7) Gecko/20040618 X-Accept-Language: ru-ru, ru, en MIME-Version: 1.0 To: freebsd-isp@freebsd.org References: <200504112216161.SM01492@KrisLaptop> <425B5522.2000008@narod.ru> <20050420144323.GB60384@ns2.wananchi.com> In-Reply-To: <20050420144323.GB60384@ns2.wananchi.com> X-Enigmail-Version: 0.84.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Scan-Signature: 8d7c71ee170268d7c0025c734e6afe6d Subject: Re: [OBORONA-SPAM] Updating FreeBSD X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 05:15:49 -0000 Odhiambo Washington пишет: >* Andrey Karyagin [20050412 07:57]: wrote: > > >>Kris McElroy пишет: >> >> >> >>>First things I am a newb to FreeBSD and have made strides coming from >>>windows. There are a few things that I am unsure about, or need some >>>direction on. >>> >>>I am currently running: FreeBSD 4.11-RELEASE #0 and I would like to make >>>sure that it is up to date with all the necessary patches, security fixes, >>>etc... I have read up on CVSup but I am unclear of how to actually use >>>it. >>>Can someone give me some examples? I do not have any xwindow systems >>>installed, command line only. >>> >>> >>> >>>Thanks, >>> >>> >>>Kris McElroy >>>kmcelroy@duracom.net >>> >>> >>> >>> >>> >>> >>Here are two files - cvsupfile (copy it to /etc dir) and cvsup-update.sh >>(executable) with comments what you must do after cvs updating. >>This procedure cvs update your OS to 4.11-STABLE. >> >> >> > > > >>*default host=cvsup.ru.FreeBSD.org >>*default base=/usr >>*default prefix=/usr >>*default release=cvs >>*default tag=RELENG_4 >>*default delete use-rel-suffix >> >>src-base >>src-bin >>src-contrib >>src-crypto >>src-etc >>src-games >>src-gnu >>src-include >>src-kerberosIV >>src-kerberos5 >>src-lib >>src-libexec >>src-release >>src-secure >>src-sbin >>src-share >>src-sys >>src-tools >>src-usrbin >>src-usrsbin >>*default tag=. >> >> >^^^^^^^^^^^^^^^^ > > ports-all docs-all >Andrey, > >You are sure you want the OP to use that line as well?? > > Hello, freebsd-isp. It file ( /etc/cvsupfile ) created by "cvsup-it" port - it's not my product. But it work for FreeBSD 4.x at 100%. For FreeBSD 5.x I modified the top of file (change RELENG_4 to RELENG_5) and add "src-rescue" tag. From owner-freebsd-isp@FreeBSD.ORG Thu Apr 21 05:40:39 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE7D616A4CE for ; Thu, 21 Apr 2005 05:40:39 +0000 (GMT) Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id BCE2943D41 for ; Thu, 21 Apr 2005 05:40:38 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DOUQV-0000EH-Bo by authid for ; Thu, 21 Apr 2005 08:40:35 +0300 Date: Thu, 21 Apr 2005 08:40:35 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Message-ID: <20050421054035.GA82393@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-isp@freebsd.org References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4266C4BA.1010205@diewebmaster.at> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 05:40:39 -0000 * Christian Damm [20050421 00:08]: wrote: > > > Odhiambo Washington schrieb: > >Hello Sysadmins, > > > >Does anyone have any clues as to how I can easily limit access to my > >imapd daemon to just a few hosts? > >I am running courier-imap but looking at /etc/inetd.conf, I don't > >see how I could put it in there and hence use hosts.allow to control > >access. Google has not helped much, but again I may be searching using > >wrong keyword. > > 1.) you can use the courier-suites own tcp server (quite similar to the > DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do > ip restrictions and much more. This assumes that I use courier as the MTA, yes? In my case I only use the IMAP daemon. I use other MTA. > 2.) dont know if it is possible to compile courier imap aginst libwrap > and use the tcp wrapper (hosts.allow). Perhaps this one might be better. I will look into this. > 3.) i would not start courier imap via inetd/xinetd - courier imap was > developed to be a stanalone imap daemon running within the > courier-suite/framework...sure, you could use tcp wrapper without probs > when using inetd/xinetd but there are better solutions than using one of > the "super servers" *urghh*. I learnt that as well just yesterday! I had forgotten it's supposed to be a standalone server. > 4.) use the packet filter on your border router/gateway/firewall or > firewall the host directly via ipfw/ipf/pf to restrict access. I will start with this, since it's the easiest. -Wash http://www.netmeister.org/news/learn2quote.html -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Make it myself? But I'm a physical organic chemist! From owner-freebsd-isp@FreeBSD.ORG Thu Apr 21 07:40:18 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0C9B16A4CE for ; Thu, 21 Apr 2005 07:40:18 +0000 (GMT) Received: from ns2.wananchi.com (mail.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id F040243D1F for ; Thu, 21 Apr 2005 07:40:17 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DOWII-0006cI-De by authid ; Thu, 21 Apr 2005 10:40:14 +0300 Date: Thu, 21 Apr 2005 10:40:14 +0300 From: Odhiambo Washington To: Brian Reichert Message-ID: <20050421074014.GA23284@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , Brian Reichert , freebsd-isp@freebsd.org References: <20050420145207.GC60384@ns2.wananchi.com> <20050420170020.GC645@numachi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050420170020.GC645@numachi.com> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i cc: freebsd-isp@freebsd.org Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 07:40:18 -0000 * Brian Reichert [20050421 10:03]: wrote: > On Wed, Apr 20, 2005 at 05:52:07PM +0300, Odhiambo Washington wrote: > > Hello Sysadmins, > > > > Does anyone have any clues as to how I can easily limit access to my > > imapd daemon to just a few hosts? > > I am running courier-imap but looking at /etc/inetd.conf, I don't > > see how I could put it in there and hence use hosts.allow to control > > access. Google has not helped much, but again I may be searching using > > wrong keyword. > > I think courier-imap uses the qmail-based tcpserver invocations, > does it not? If so, you could use a tcprules database to impose > those sort of constraints. I have never used qmail in my life, so I cannot answer that. However the easiest method I have found out is using a packet filter. If you get one of those HOWTOs on the net on how I can achieve the goal, please let me know. Best regards, Odhiambo Washington Systems Admin, Wananchi Online Ltd. Are you hosting your domain name with the leaders??: See http://webhosting.info/webhosts/tophosts/Country/KE DISCLAIMER : http://ns2.wananchi.com/~wash/Email/disclaimer.txt ----------------------------------+----------------------------------------- Odhiambo WASHINGTON . WANANCHI ONLINE LTD (Nairobi, KE) http://www.wananchi.com/email/ . 1ere Etage, Loita Hse, Loita St., Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI ----------------------------------+----------------------------------------- "It is a tremendous feeling to have a customer ask for you by name or tell you that a customer referred him/her to you because of the level of customer service you provided inspired that much confidence." ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ The crucible for silver and the furnace for gold, but the Lord tests the heart. Proverbs 17:3 From owner-freebsd-isp@FreeBSD.ORG Thu Apr 21 08:50:50 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9DFF816A4CE for ; Thu, 21 Apr 2005 08:50:50 +0000 (GMT) Received: from materva.diewebmaster.at (materva.diewebmaster.at [80.66.42.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC93943D4C for ; Thu, 21 Apr 2005 08:50:49 +0000 (GMT) (envelope-from christian.damm@diewebmaster.at) Received: from localhost (localhost.diewebmaster.at [127.0.0.1]) by materva.diewebmaster.at (Postfix) with ESMTP id BB58C2180E1; Thu, 21 Apr 2005 10:50:48 +0200 (CEST) Received: from materva.diewebmaster.at ([127.0.0.1]) by localhost (materva.diewebmaster.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00762-06; Thu, 21 Apr 2005 10:50:48 +0200 (CEST) Received: from [192.168.1.14] (da.diewebmaster.at [192.168.1.14]) by materva.diewebmaster.at (Postfix) with ESMTP id 18B942180E0; Thu, 21 Apr 2005 10:50:48 +0200 (CEST) Message-ID: <42676862.5040605@diewebmaster.at> Date: Thu, 21 Apr 2005 10:46:26 +0200 From: Christian Damm User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: Odhiambo Washington References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> <20050421054035.GA82393@ns2.wananchi.com> In-Reply-To: <20050421054035.GA82393@ns2.wananchi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at diewebmaster.at cc: freebsd-isp@freebsd.org Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 08:50:50 -0000 Odhiambo Washington schrieb: > * Christian Damm [20050421 00:08]: wrote: > >> >>Odhiambo Washington schrieb: >> >>>Hello Sysadmins, >>> >>>Does anyone have any clues as to how I can easily limit access to my >>>imapd daemon to just a few hosts? >>>I am running courier-imap but looking at /etc/inetd.conf, I don't >>>see how I could put it in there and hence use hosts.allow to control >>>access. Google has not helped much, but again I may be searching using >>>wrong keyword. >> >>1.) you can use the courier-suites own tcp server (quite similar to the >>DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do >>ip restrictions and much more. > > > This assumes that I use courier as the MTA, yes? > > In my case I only use the IMAP daemon. I use other MTA. > no, if you look at your PS output you`ll see 'couriertcpd' running - regardless which part of the courier suite you are using ('couriertcpd' is the courier suites generic tcp server) > > >>2.) dont know if it is possible to compile courier imap aginst libwrap >>and use the tcp wrapper (hosts.allow). > > > > Perhaps this one might be better. I will look into this. > method 1 is the best in any case imho. > > >>3.) i would not start courier imap via inetd/xinetd - courier imap was >>developed to be a stanalone imap daemon running within the >>courier-suite/framework...sure, you could use tcp wrapper without probs >>when using inetd/xinetd but there are better solutions than using one of >>the "super servers" *urghh*. > > > I learnt that as well just yesterday! I had forgotten it's supposed to > be a standalone server. > ok > > > >>4.) use the packet filter on your border router/gateway/firewall or >>firewall the host directly via ipfw/ipf/pf to restrict access. > > > > I will start with this, since it's the easiest. > true > > > > -Wash > > http://www.netmeister.org/news/learn2quote.html > > -- > +======================================================================+ > |\ _,,,---,,_ | Odhiambo Washington > Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com > |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 > '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 > +======================================================================+ > Make it myself? But I'm a physical organic chemist! > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > !DSPAM:42673d00268302104424051! > -- mfg. christian damm technische leitung phone: dw 42 email: christian.damm@diewebmaster.at icq at work: 124464652 die webmaster - flötzerweg 156 - 4030 linz - austria phone: +43-732-381242, fax: +43-732-381242-22, isdn (leonardo): +43-732-381242-33 homepage: www.diewebmaster.at, public email: office@diewebmaster.at From owner-freebsd-isp@FreeBSD.ORG Thu Apr 21 10:16:31 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83DA716A4CE for ; Thu, 21 Apr 2005 10:16:31 +0000 (GMT) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9788443D4C for ; Thu, 21 Apr 2005 10:16:30 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.44 #0 (FreeBSD 4.11-STABLE)) id 1DOYjT-000OBc-79 by authid ; Thu, 21 Apr 2005 13:16:27 +0300 Date: Thu, 21 Apr 2005 13:16:26 +0300 From: Odhiambo Washington To: Christian Damm Message-ID: <20050421101626.GE23284@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , Christian Damm , freebsd-isp@freebsd.org References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> <20050421054035.GA82393@ns2.wananchi.com> <42676862.5040605@diewebmaster.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42676862.5040605@diewebmaster.at> X-Disclaimer: Any views expressed in this message,where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.9i (2005-03-13) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.9i cc: freebsd-isp@freebsd.org Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 10:16:31 -0000 * Christian Damm [20050421 11:51]: wrote: > > > Odhiambo Washington schrieb: > >* Christian Damm [20050421 00:08]: wrote: > > > >> > >>Odhiambo Washington schrieb: > >> > >>>Hello Sysadmins, > >>> > >>>Does anyone have any clues as to how I can easily limit access to my > >>>imapd daemon to just a few hosts? > >>>I am running courier-imap but looking at /etc/inetd.conf, I don't > >>>see how I could put it in there and hence use hosts.allow to control > >>>access. Google has not helped much, but again I may be searching using > >>>wrong keyword. > >> > >>1.) you can use the courier-suites own tcp server (quite similar to the > >>DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do > >>ip restrictions and much more. > > > > > >This assumes that I use courier as the MTA, yes? > > > >In my case I only use the IMAP daemon. I use other MTA. > > > > no, if you look at your PS output you`ll see 'couriertcpd' running - > regardless which part of the courier suite you are using ('couriertcpd' > is the courier suites generic tcp server) You are damn right!! Now I just need to give it ACLs, you mean?? I need to find out HOW it is invoked and how I can pass it the arguments that will lead to the access control. > >>2.) dont know if it is possible to compile courier imap aginst libwrap > >>and use the tcp wrapper (hosts.allow). > > > > > > > >Perhaps this one might be better. I will look into this. > > > > method 1 is the best in any case imho. Have you used it before, by any chance? I could move quickly with some practical experience. Best regards, Odhiambo Washington Systems Admin, Wananchi Online Ltd. Are you hosting your domain name with the leaders??: See http://webhosting.info/webhosts/tophosts/Country/KE DISCLAIMER : http://ns2.wananchi.com/~wash/Email/disclaimer.txt ----------------------------------+----------------------------------------- Odhiambo WASHINGTON . WANANCHI ONLINE LTD (Nairobi, KE) http://www.wananchi.com/email/ . 1ere Etage, Loita Hse, Loita St., Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI ----------------------------------+----------------------------------------- "It is a tremendous feeling to have a customer ask for you by name or tell you that a customer referred him/her to you because of the level of customer service you provided inspired that much confidence." ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ He who finds a wife finds what is good and receives favor from the Lord. Proverbs 18:22 From owner-freebsd-isp@FreeBSD.ORG Thu Apr 21 17:39:42 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CE5316A4CE for ; Thu, 21 Apr 2005 17:39:42 +0000 (GMT) Received: from materva.diewebmaster.at (materva.diewebmaster.at [80.66.42.216]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9F4043D2D for ; Thu, 21 Apr 2005 17:39:41 +0000 (GMT) (envelope-from christian.damm@diewebmaster.at) Received: from localhost (localhost.diewebmaster.at [127.0.0.1]) by materva.diewebmaster.at (Postfix) with ESMTP id C74012180E1; Thu, 21 Apr 2005 19:39:40 +0200 (CEST) Received: from materva.diewebmaster.at ([127.0.0.1]) by localhost (materva.diewebmaster.at [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 03751-02; Thu, 21 Apr 2005 19:39:40 +0200 (CEST) Received: from [192.168.1.14] (da.diewebmaster.at [192.168.1.14]) by materva.diewebmaster.at (Postfix) with ESMTP id 159272180E0; Thu, 21 Apr 2005 19:39:40 +0200 (CEST) Message-ID: <4267E451.1040201@diewebmaster.at> Date: Thu, 21 Apr 2005 19:35:13 +0200 From: Christian Damm User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: Odhiambo Washington References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> <20050421054035.GA82393@ns2.wananchi.com> <42676862.5040605@diewebmaster.at> <20050421101626.GE23284@ns2.wananchi.com> In-Reply-To: <20050421101626.GE23284@ns2.wananchi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at diewebmaster.at cc: freebsd-isp@freebsd.org Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2005 17:39:42 -0000 Odhiambo Washington schrieb: > * Christian Damm [20050421 11:51]: wrote: > >> >>Odhiambo Washington schrieb: >> >>>* Christian Damm [20050421 00:08]: wrote: >>> >>> >>>>Odhiambo Washington schrieb: >>>> >>>> >>>>>Hello Sysadmins, >>>>> >>>>>Does anyone have any clues as to how I can easily limit access to my >>>>>imapd daemon to just a few hosts? >>>>>I am running courier-imap but looking at /etc/inetd.conf, I don't >>>>>see how I could put it in there and hence use hosts.allow to control >>>>>access. Google has not helped much, but again I may be searching using >>>>>wrong keyword. >>>> >>>>1.) you can use the courier-suites own tcp server (quite similar to the >>>>DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do >>>>ip restrictions and much more. >>> >>> >>>This assumes that I use courier as the MTA, yes? >>> >>>In my case I only use the IMAP daemon. I use other MTA. >>> >> >>no, if you look at your PS output you`ll see 'couriertcpd' running - >>regardless which part of the courier suite you are using ('couriertcpd' >>is the courier suites generic tcp server) > > > > You are damn right!! Now I just need to give it ACLs, you mean?? > I need to find out HOW it is invoked and how I can pass it the arguments > that will lead to the access control. manpage > > > > >>>>2.) dont know if it is possible to compile courier imap aginst libwrap >>>>and use the tcp wrapper (hosts.allow). >>> >>> >>> >>>Perhaps this one might be better. I will look into this. >>> >> >>method 1 is the best in any case imho. > > > Have you used it before, by any chance? I could move quickly with some > practical experience. > sorry, no i have not used 'couriertcpd'`s config options in the past (even in big complex setups there is mostly no need to tweak it). > > > Best regards, > Odhiambo Washington > Systems Admin, > Wananchi Online Ltd. > > Are you hosting your domain name with the leaders??: > See http://webhosting.info/webhosts/tophosts/Country/KE > > > DISCLAIMER : http://ns2.wananchi.com/~wash/Email/disclaimer.txt > ----------------------------------+----------------------------------------- > Odhiambo WASHINGTON . WANANCHI ONLINE LTD (Nairobi, KE) > http://www.wananchi.com/email/ . 1ere Etage, Loita Hse, Loita St., > Mobile: (+254) 722 743 223 . # 10286, 00100 NAIROBI > ----------------------------------+----------------------------------------- > "It is a tremendous feeling to have a customer ask for you by name or tell > you that a customer referred him/her to you because of the level of customer > service you provided inspired that much confidence." > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > He who finds a wife finds what is good > and receives favor from the Lord. > Proverbs 18:22 > > > > !DSPAM:42677d8a102471219324213! > -- mfg. christian damm technische leitung phone: dw 42 email: christian.damm@diewebmaster.at icq at work: 124464652 die webmaster - flötzerweg 156 - 4030 linz - austria phone: +43-732-381242, fax: +43-732-381242-22, isdn (leonardo): +43-732-381242-33 homepage: www.diewebmaster.at, public email: office@diewebmaster.at From owner-freebsd-isp@FreeBSD.ORG Fri Apr 22 12:20:44 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B59316A4CE for ; Fri, 22 Apr 2005 12:20:44 +0000 (GMT) Received: from fmx1.freemail.hu (fmx1.freemail.hu [195.228.242.221]) by mx1.FreeBSD.org (Postfix) with SMTP id 221D643D5C for ; Fri, 22 Apr 2005 12:20:41 +0000 (GMT) (envelope-from ucsaba@freemail.hu) Received: (qmail 29886 invoked from network); 22 Apr 2005 14:20:37 +0200 Received: from fm4.freemail.hu (195.228.242.204) by fmx1.freemail.hu with SMTP; 22 Apr 2005 14:20:32 +0200 Received: (qmail 32600 invoked by uid 227048); 22 Apr 2005 14:20:23 +0200 Date: Fri, 22 Apr 2005 14:20:23 +0200 (CEST) From: =?ISO-8859-2?Q?Urb=E1n_Csaba?= To: freebsd-isp@freebsd.org Message-ID: X-Originating-IP: [85.159.48.68] X-HTTP-User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-2 Subject: IP unnumbered VLANs X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 12:20:44 -0000 Hi, I have a situation as follows: +--------+ dot1q +---------+ -----| router |---------| VLAN |vlan4 eth0| box A |eth1 | switch |-------------+ +--------+ +---------+ | vlan2 | vlan3 | | | | +----+ | | | | | | | | +--------+ +--------+ +--------+ | client | | client | | client | | box B | | box C | | box D| +--------+ +--------+ +--------+ 1. Users (client B, C, D) sould be on the same IP subnet but in different VLANs (let's say IP(B): 192.168.0.2, IP(C):192.168.0.3, IP (D):192.168.0.4. Default GW (box A) is 192.168.0.1 for all. 2. Users should not be able to communicate with each other in Layer2 3. They should be able to use only those IP addresses that I assigned to them - but they can change their MACs so startic ARP won't work here Did anybody try something like this - with success, of course :) Thanks, Csaba From owner-freebsd-isp@FreeBSD.ORG Fri Apr 22 16:15:19 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 890A116A4D3 for ; Fri, 22 Apr 2005 16:15:19 +0000 (GMT) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4D4E843D48 for ; Fri, 22 Apr 2005 16:15:18 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.2.8] (gw1.wm-access.no [81.191.131.91]) (authenticated bits=0)j3MGFHPs030140; Fri, 22 Apr 2005 18:15:17 +0200 Message-ID: <42692308.10303@wm-access.no> Date: Fri, 22 Apr 2005 18:15:04 +0200 From: =?UTF-8?B?U3RlbiBEYW5pZWwgU8O4cnNkYWw=?= User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: =?UTF-8?B?VXJiw6FuIENzYWJh?= References: In-Reply-To: X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cc: freebsd-isp@freebsd.org Subject: Re: IP unnumbered VLANs X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2005 16:15:19 -0000 > > Did anybody try something like this - with success, of course :) > Yes, had success with FreeBSD 4.x, OpenBSD and RouterOS (Linux). What you need to emphasize is a good bridge as routing gateway that has very good Layer2 filtering capabilities to filter traffic between vlans but still bridge them all together into one bridge (so they cant access each other and not be able to spoof etc). One of your imidiate weaknesses will be if two users have the same mac address, therefore i suggest a 802.1D compliant bridge (so no single customer can deny another customers service by using same mac address but instead this results in duplication of packets). Also one customer can steal another customers address by sending creative arp packets to the gateway, you might want to strengthen that with some custom code, unless it's already done. Also if they want to communicate with eachother i suggest you write a proxy arp app instead of letting them talk to eachother on L2. -- Sten Daniel Sørsdal From owner-freebsd-isp@FreeBSD.ORG Sat Apr 23 00:54:36 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BFB216A4E2 for ; Sat, 23 Apr 2005 00:54:36 +0000 (GMT) Received: from smtp.servingpeace.com (servingpeace.com [69.55.225.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9D6C43D58 for ; Sat, 23 Apr 2005 00:54:35 +0000 (GMT) (envelope-from lists@servingpeace.com) Received: from [10.0.0.2] (adsl-69-104-90-235.dsl.pltn13.pacbell.net [69.104.90.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.servingpeace.com (Postfix) with ESMTP id 925BDBA224 for ; Fri, 22 Apr 2005 17:54:35 -0700 (PDT) Message-ID: <42699CA1.2090007@servingpeace.com> Date: Fri, 22 Apr 2005 17:53:53 -0700 From: Sam Nilsson User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-isp@freebsd.org References: <20050420145207.GC60384@ns2.wananchi.com> <4266C4BA.1010205@diewebmaster.at> <20050421054035.GA82393@ns2.wananchi.com> <42676862.5040605@diewebmaster.at> <20050421101626.GE23284@ns2.wananchi.com> In-Reply-To: <20050421101626.GE23284@ns2.wananchi.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: courier-imap X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Apr 2005 00:54:36 -0000 Odhiambo Washington wrote: > * Christian Damm [20050421 11:51]: wrote: > >> >>Odhiambo Washington schrieb: >> >>>* Christian Damm [20050421 00:08]: wrote: >>> >>> >>>>Odhiambo Washington schrieb: >>>> >>>> >>>>>Hello Sysadmins, >>>>> >>>>>Does anyone have any clues as to how I can easily limit access to my >>>>>imapd daemon to just a few hosts? >>>>>I am running courier-imap but looking at /etc/inetd.conf, I don't >>>>>see how I could put it in there and hence use hosts.allow to control >>>>>access. Google has not helped much, but again I may be searching using >>>>>wrong keyword. >>>> >>>>1.) you can use the courier-suites own tcp server (quite similar to the >>>>DJB tcp server), 'couriertcpd' - look into the manpage, it is able to do >>>>ip restrictions and much more. >>> >>> >>>This assumes that I use courier as the MTA, yes? >>> >>>In my case I only use the IMAP daemon. I use other MTA. >>> >> >>no, if you look at your PS output you`ll see 'couriertcpd' running - >>regardless which part of the courier suite you are using ('couriertcpd' >>is the courier suites generic tcp server) > > > > You are damn right!! Now I just need to give it ACLs, you mean?? > I need to find out HOW it is invoked and how I can pass it the arguments > that will lead to the access control. Look here: /usr/local/etc/rc.d/courier-imap-imapd.sh And here: $ man couriertcpd ... OPTIONS -access=filename Specifies an optional access file. The access file lists the IP addresses from which connections should be accepted or rejected. The access file is also used to initialize environment variables ... I figured this out the hard way. Not too hard really. Remember that all 3rd party packages have their rc scripts in /usr/local/etc/rc.d and that man pages are your friend! - Sam