From owner-freebsd-isp@FreeBSD.ORG Mon Feb 12 09:43:50 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 246FA16A407 for ; Mon, 12 Feb 2007 09:43:50 +0000 (UTC) (envelope-from anders@FreeBSD.org) Received: from fupp.net (totem.fix.no [80.91.36.20]) by mx1.freebsd.org (Postfix) with ESMTP id DA73013C471 for ; Mon, 12 Feb 2007 09:43:49 +0000 (UTC) (envelope-from anders@FreeBSD.org) Received: from localhost (totem.fix.no [80.91.36.20]) by fupp.net (Postfix) with ESMTP id 3862C8D9866; Mon, 12 Feb 2007 10:17:17 +0100 (CET) Received: from fupp.net ([80.91.36.20]) by localhost (totem.fix.no [80.91.36.20]) (amavisd-new, port 10024) with LMTP id 22111-01-3; Mon, 12 Feb 2007 10:17:16 +0100 (CET) Received: by fupp.net (Postfix, from userid 1000) id C5CE48D9864; Mon, 12 Feb 2007 10:17:16 +0100 (CET) Date: Mon, 12 Feb 2007 10:17:16 +0100 From: Anders Nordby To: John Nielsen Message-ID: <20070212091716.GA8025@fupp.net> References: <20070207130614.GA15328@fupp.net> <200702070934.34074.lists@jnielsen.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200702070934.34074.lists@jnielsen.net> X-PGP-Key: http://anders.fix.no/pgp/ X-PGP-Key-FingerPrint: 1E0F C53C D8DF 6A8F EAAD 19C5 D12A BC9F 0083 5956 User-Agent: Mutt/1.5.11 Cc: freebsd-isp@freebsd.org Subject: Re: Per virtualhost bandwidth/hitrate statistics for Apache X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 09:43:50 -0000 Hi, On Wed, Feb 07, 2007 at 09:34:33AM -0500, John Nielsen wrote: >> I just wonder if anyone has any good hints about software to use (Apache >> module?) for fetching per-virtualhost statistics about bandwidth usage >> and hitrates (hits per second) from Apache. I've been using mod_watch >> for a while, to graph this with MRTG, but it's discontinued it seems. >> >> What do people use to measure statistics per virtualhost? > I use Apache's logrotate and a separate log directory for each virtualhost. I > have a script that runs from cron every day that runs the logs through > webalizer and then cleans up logs older than a specified number of days. In > fact (since I'm feeling like sharing), here it is: > (..) I guess I should have been more specific. I am looking for *realtime* statistics/data, which means (for me) not to use the logs. Especially what I look for is: - hitrate (number of hits per second). - bandwidth usage per virtual host (how much data is that site pushing NOW). - service time (if possible). Squid does it. :-) Then again it has an integrated snmp daemon, which unfortunately Apache does not. mod_watch works, but it is not supported by its author anymore, and I had some trouble with it. Thanks anyway. Cheers, -- Anders. From owner-freebsd-isp@FreeBSD.ORG Mon Feb 12 09:43:50 2007 Return-Path: X-Original-To: freebsd-isp@FreeBSD.org Delivered-To: freebsd-isp@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7942216A409 for ; Mon, 12 Feb 2007 09:43:50 +0000 (UTC) (envelope-from anders@FreeBSD.org) Received: from fupp.net (totem.fix.no [80.91.36.20]) by mx1.freebsd.org (Postfix) with ESMTP id DA2B613C46B for ; Mon, 12 Feb 2007 09:43:49 +0000 (UTC) (envelope-from anders@FreeBSD.org) Received: from localhost (totem.fix.no [80.91.36.20]) by fupp.net (Postfix) with ESMTP id BC7718D9888; Mon, 12 Feb 2007 10:20:19 +0100 (CET) Received: from fupp.net ([80.91.36.20]) by localhost (totem.fix.no [80.91.36.20]) (amavisd-new, port 10024) with LMTP id 22111-02-2; Mon, 12 Feb 2007 10:20:19 +0100 (CET) Received: by fupp.net (Postfix, from userid 1000) id 5071D8D9874; Mon, 12 Feb 2007 10:20:19 +0100 (CET) Date: Mon, 12 Feb 2007 10:20:19 +0100 From: Anders Nordby To: Jorge Evangelista Message-ID: <20070212092019.GB8025@fupp.net> References: <20070207130614.GA15328@fupp.net> <200702070934.34074.lists@jnielsen.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-PGP-Key: http://anders.fix.no/pgp/ X-PGP-Key-FingerPrint: 1E0F C53C D8DF 6A8F EAAD 19C5 D12A BC9F 0083 5956 User-Agent: Mutt/1.5.11 Cc: freebsd-isp@FreeBSD.org Subject: Re: Per virtualhost bandwidth/hitrate statistics for Apache X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 09:43:50 -0000 Hi, Thanks. But this is to limit bandwidth. I didn't want that. I just want to measure how much bandwidth is used (and other things), per virtual host, in real time. On Wed, Feb 07, 2007 at 10:33:06AM -0500, Jorge Evangelista wrote: > A days ago I have configured a web server with bandwidth manager > (module bwmod) compile with apache web server. It works fine. You > could try install this module http://bwmod.sourceforge.net/index.html > and test with your virtualhosts. > > Here, my small guide install, it made in spanish. > > Instalando el bwmod, primero comentar las lineas mencionadas abajo > > vi mod_bw.c > > /* Compatibility for APR < 1 */ > #if (APR_MAJOR_VERSION >= 1) > #define apr_atomic_inc32 apr_atomic_inc > #define apr_atomic_dec32 apr_atomic_dec > #define apr_atomic_add32 apr_atomic_add > #define apr_atomic_cas32 apr_atomic_cas > #define apr_atomic_set32 apr_atomic_set > #endif > > > Compilar con el siguiente comando > > /usr/local/apache2/bin/apxs -i -a -c mod_bw.c > > > Habilitar en apache httpd.conf > > BandWidthModule On > > > Para bandwitdh ilimitado a una IP > BandWidth 200.168.190.6 0 > > > Para colocar el bandwidth a los virtual hosts > > Limit al internal users to 1000 kb/s with a minimum of 50kb/s > > > BandwidthModule On > ForceBandWidthModule On > Bandwidth all 1024000 > MinBandwidth all 50000 > LargeFileLimit * 500 50000 > Servername www.example.com > > > Limit every user to a max of 10Kb/s on a vhost : > > > BandwidthModule On > ForceBandWidthModule On > Bandwidth all 10240 > MinBandwidth all -1 > Servername www.example.com > > > > Examples : > BandWidth all 102400 > MinBandWidth all 50000 > > The example above, will have a top speed of 100kb for the 1ยบ > client. If more clients come, it will be splitted accordingly but > everyone will have at least 50kb (even if you have 50 clients) > > BandWidth all 50000 > MinBandWidth all -1 > > This example, makes everyone have 50kb as top speed. > > > > > > > > On 2/7/07, John Nielsen wrote: > >On Wednesday 07 February 2007 08:06, Anders Nordby wrote: > >> I just wonder if anyone has any good hints about software to use (Apache > >> module?) for fetching per-virtualhost statistics about bandwidth usage > >> and hitrates (hits per second) from Apache. I've been using mod_watch > >> for a while, to graph this with MRTG, but it's discontinued it seems. > >> > >> What do people use to measure statistics per virtualhost? > > > >I use Apache's logrotate and a separate log directory for each > >virtualhost. I > >have a script that runs from cron every day that runs the logs through > >webalizer and then cleans up logs older than a specified number of days. In > >fact (since I'm feeling like sharing), here it is: > > > >#!/bin/sh > >for path in `cat /usr/local/scripts/logpaths.txt` ; do > > for log in `find ${path} -name access\* | sort -n` ; do > > if [ -r ${path}/hostname.txt ]; then > > host=`cat ${path}/hostname.txt` > > /usr/local/bin/webalizer -Q -p -n ${host} \ > > -o ${path} ${log} > > else > > /usr/local/bin/webalizer -Q -p -o ${path} ${log} > > fi > > done > > find ${path} -name \*.log\* ! -newermt '1 month ago' -delete > >done > > > >The script depends on the existence of a "logpaths.txt" file, which > >contains a > >list of directories to scan, one per line. It also supports an > >optional "hostname.txt" for each directory so webalizer can use the right > >one > >in the title of its reports. Webalizer output is stored in the log > >directory > >but that could easily be changed. > > > >The output is plain HTML, so you can publish it on a (presumably private) > >webserver somewhere. Since I give certain clients access to their reports I > >use webmin for this. However I just point webmin to a dummy file within > >each > >log directory and don't let it actually run webalizer (since my script > >already takes care of that). So just the "View report" button works, but it > >gets the job done. > > > >JN > >_______________________________________________ > >freebsd-isp@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-isp > >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > > -- > "The network is the computer" > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- Anders. From owner-freebsd-isp@FreeBSD.ORG Mon Feb 12 10:27:02 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7AD9A16A401 for ; Mon, 12 Feb 2007 10:27:02 +0000 (UTC) (envelope-from ladyoz401@aol.com) Received: from mail2.flixster.com (mail2.flixster.com [209.237.233.42]) by mx1.freebsd.org (Postfix) with ESMTP id 686A013C491 for ; Mon, 12 Feb 2007 10:27:02 +0000 (UTC) (envelope-from ladyoz401@aol.com) Received: from job03.flixster.com (mail1.flixster.com [209.237.233.41]) by mail2.flixster.com (Postfix) with ESMTP id A4072387B66 for ; Mon, 12 Feb 2007 02:27:09 -0800 (PST) Received: from [64.12.116.16] by www.flixster.com with HTTP; for ; 12 Feb 2007 02:24:29 PST Message-ID: <1610407741.1171276026307.JavaMail.www@job03.flixster.com> From: Dorothy Singleton Sender: Dorothy Singleton To: freebsd-isp@freebsd.org Content-Transfer-Encoding: 7bit Importance: High Date: Mon, 12 Feb 2007 02:27:09 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Hey X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bounce@flixster.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 10:27:02 -0000 [spacer.gif] [spacer.gif] [spacer.gif] [1][logo.gif] freebsd-isp@freebsd.org [spacer.gif] [2][movie_pic_titanic.jpg] [3]...but are we movie compatible? [4]www.flixster.com Flixster, Inc 208 Utah St San Francisco, CA 94109 [hey.gif] just a reminder... [5]Come take this movie quiz. -Dorothy S [6][btn_take_the_test.jpg] [spacer.gif] Dorothy Singleton has invited you to take the Flixster Movie Compatibility Test (MCT) to find out if you have similar taste in movies. Flixster is a place where everyone can rate movies they like, share their favorites with friends, and meet new people with similar movie taste. Flixster is completely free. Cheers, Team Flixster (Joe & Saran) This invitation was sent by: Dorothy Singleton (ladyoz401@aol.com) [spacer.gif] [spacer.gif] [spacer.gif] This email was sent to freebsd-isp@freebsd.org. If you prefer not to receieve any Flixster invitations by email [7]tell us here. [pixel?em.id=249398857] References 1. http://www.flixster.com/servlet/invite/554127697wpoA554133962Br1leoaCm 2. http://www.flixster.com/servlet/invite/554127697wpoA554133962Br1leoaCm?l=p 3. http://www.flixster.com/servlet/invite/554127697wpoA554133962Br1leoaCm?l=c 4. http://www.flixster.com/servlet/invite/554127697wpoA554133962Br1leoaCm 5. http://www.flixster.com/servlet/invite/554127697wpoA554133962Br1leoaCm?l=a 6. http://www.flixster.com/servlet/invite/554127697wpoA554133962Br1leoaCm?l=b 7. http://www.flixster.com/DoNotSend.jsp?e=freebsd-isp@freebsd.org From owner-freebsd-isp@FreeBSD.ORG Mon Feb 12 21:58:07 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E229916A401 for ; Mon, 12 Feb 2007 21:58:07 +0000 (UTC) (envelope-from james@umpquanet.com) Received: from ns.umpquanet.com (ns.umpquanet.com [63.105.30.37]) by mx1.freebsd.org (Postfix) with ESMTP id AB17A13C474 for ; Mon, 12 Feb 2007 21:58:07 +0000 (UTC) (envelope-from james@umpquanet.com) Received: from ns.umpquanet.com (localhost [127.0.0.1]) by ns.umpquanet.com (8.13.8/8.13.8) with ESMTP id l1CLYgku045350 for ; Mon, 12 Feb 2007 13:34:42 -0800 (PST) (envelope-from james@umpquanet.com) Received: (from james@localhost) by ns.umpquanet.com (8.13.8/8.13.8/Submit) id l1CLYfRj045349 for freebsd-isp@freebsd.org; Mon, 12 Feb 2007 13:34:41 -0800 (PST) (envelope-from james@umpquanet.com) Date: Mon, 12 Feb 2007 13:34:41 -0800 From: James Long To: freebsd-isp@freebsd.org Message-ID: <20070212213441.GA44882@ns.umpquanet.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) Subject: PPPoE : FreeBSD pppoed doesn't communicate with Linksys BEFSR41 ver. 2 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 21:58:08 -0000 I have a FreeBSD 6.2-STABLE server set up to provide PPP over ethernet. It works fine when tested from a 6.2-STABLE client. I'm trying to test it with a consumer-grade device, a Linksys BEFSR41 ver. 2. I have cut-and-pasted the service name, user name and password from my working client into the Linksys. The Linksys' WAN jack is plugged in to the same switch as the PPPoE provider, and the Linksys shows a WAN link light. But clicking on the Linksys' "Connect" button in its built-in web GUI doesn't create a connection. I see a few sparse flashes of the WAN activity light on the Linksys, and eventually get a pop-up window that says the Linksys could not connect to the PPPoE server. The logs on the PPPoE server show nothing, as though no activity had been sent. Has anyone successfully used this Linksys client with FreeBSD PPPoE? Are there specific settings or caveats I need to know about to make a successful connection? Is there a list of known compatibile/incompatible devices with ppp(8)? Does anyone have specific experience on what consumer-grade devices do or do not work with FreeBSD PPPoE? In case it helps, the server-side ppp.conf is below. Thank you, Jim default: set log Phase Chat LCP IPCP CCP tun command ident user-ppp VERSION (built COMPILATIONDATE) pppoe-server: # this is pppoe server-side set timeout 0 set device PPPoE:fxp1:net-wireless set speed sync set mru 1492 set mtu 1492 allow mode direct enable proxy set ifaddr 172.19.0.5 172.19.0.101-172.19.0.150 255.255.255.255 enable lqr enable chap enable pap # enable passwdauth set radius /etc/ppp/radius.conf set dns 172.19.0.2 172.19.0.2 accept dns set filter in 0 deny 0/0 10.0.0.0/8 set filter in 1 deny 0/0 127.0.0.0/8 set filter in 2 deny 0/0 169.254.0.0/16 set filter in 3 deny 0/0 172.16.0.0/12 set filter in 4 deny 0/0 192.168.0.0/16 set filter in 39 permit HISADDR 0/0 pppoed settings: pppoed_enable="YES" # Run the PPP over Ethernet daemon. pppoed_provider="net-wireless" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid -l pppoe-server" pppoed_interface="fxp1" # The interface that pppoed runs on. root 54711 0.0 0.1 1368 912 ?? Is 2Feb07 0:00.01 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-server -p net-wireless fxp1 There are no log entries, presumably because pppoed does not even see a PPPoE service request coming from the linksys. If someone can educate me on how to use e.g. tcpdump to capture the PPPoE session setup traffic to confirm or refute this, I'm willing to learn. From owner-freebsd-isp@FreeBSD.ORG Wed Feb 14 10:02:55 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1AB0A16A408 for ; Wed, 14 Feb 2007 10:02:55 +0000 (UTC) (envelope-from ea@sellinet.net) Received: from sellinet.net (galileo.sellinet.net [82.199.192.2]) by mx1.freebsd.org (Postfix) with SMTP id 701F613C4A7 for ; Wed, 14 Feb 2007 10:02:53 +0000 (UTC) (envelope-from ea@sellinet.net) Received: (qmail 28752 invoked by uid 1009); 14 Feb 2007 12:02:52 +0200 Received: from ea@sellinet.net by galileo by uid 1002 with qmail-scanner-1.22 (spamassassin: 3.0.3. Clear:RC:1(127.0.0.1):. Processed in 0.025881 secs); 14 Feb 2007 10:02:52 -0000 Received: from unknown (HELO z.sellinet.net) (127.0.0.1) by localhost with SMTP; 14 Feb 2007 12:02:51 +0200 Received: from 82.199.192.218 (SquirrelMail authenticated user ea@sellinet.net); by z.sellinet.net with HTTP; Wed, 14 Feb 2007 12:02:51 +0200 (EET) Message-ID: <59187.82.199.192.218.1171447371.squirrel@82.199.192.218> In-Reply-To: <20070210182015.GA9234@ns.umpquanet.com> References: <2947.82.199.223.6.1171128810.squirrel@82.199.223.6> <20070210182015.GA9234@ns.umpquanet.com> Date: Wed, 14 Feb 2007 12:02:51 +0200 (EET) From: ea@sellinet.net To: "Jim Long" User-Agent: SquirrelMail/1.4.2 X-Mailer: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=windows-1251 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: ea@sellinet.net, freebsd-isp@freebsd.org Subject: Re: [Strange behavior with arp permanent entries] X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 10:02:55 -0000 > On Sat, Feb 10, 2007 at 07:33:30PM +0200, ea@sellinet.net wrote: >> >> I'm trying to restrict some LAN access by arp permanent entries. But it >> didn't work or it didn't work as I realize it. For example I have the >> following perm entries: >> >> user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan] >> user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan] >> >> And from what I realize if the user1 attempts to use user2's IP address. >> The Router should block all packets which coming from wrong physical >> address. But actually that didn't happen and user1 can use user2's IP >> address without any problems. > > Have you tried using 'staticarp' in this interface's ifconfig(8) > settings? If you turn on staticarp, you'll probably need to specify > arp entries for ALL hosts on that interface -- or at least, all the > ones you care about. > Yea, I tried but the situation is the same as it was without staticarp..Any other ideas? Regards, E.A. > HTH, > > Jim > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -------------------------------------------------------------- SELLINET Internet Services Provider - http://www.sellinet.net/ From owner-freebsd-isp@FreeBSD.ORG Wed Feb 14 10:21:45 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 59A6316A400 for ; Wed, 14 Feb 2007 10:21:45 +0000 (UTC) (envelope-from sigexfoundry@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id C519813C4A8 for ; Wed, 14 Feb 2007 10:21:44 +0000 (UTC) (envelope-from sigexfoundry@gmail.com) Received: by nf-out-0910.google.com with SMTP id m19so643788nfc for ; Wed, 14 Feb 2007 02:21:43 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=fxdEXSG2GzVc1pOc8xztJRwltxVdoXjxAmwBwLNoCSWTNi8sM/aEywJ/qk+CPfYYyxfN9qMr0X3rd0i3gAhf9IWW7ShsRccfviHoaTqLjI7Rn7cUwCxif4KNWM/zotsuY8/kIb8PnDxEcENUr131fIEJ+L8xYwmuB47UwGXtvho= Received: by 10.49.19.5 with SMTP id w5mr143101nfi.1171448503184; Wed, 14 Feb 2007 02:21:43 -0800 (PST) Received: by 10.49.60.11 with HTTP; Wed, 14 Feb 2007 02:21:43 -0800 (PST) Message-ID: Date: Wed, 14 Feb 2007 12:21:43 +0200 From: "The Foundry" To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: The truth about SigEx Ventures and the SigEx Foundry X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 10:21:45 -0000 First of all, I'd like to appologise for the noise and for cross-posting. This is my first and last e-mail on this list. As you may have noticed from the subject of the e-mail, I'm about to speak about the SigEx Ventures company, an organisation that appoints itself as the liaison between strategic investors and young tallented people in IT&C. It originates in the US but currently operates in Europe. Specifically in Pau, France. On their website (www.sigex.com, now www.thefoundryschool.tv) they speak fluent Corporatese. I must admit, I'm not a native English speaker, but even so my ear is trained well enough for me to be able to tell spam from ham. They present some glossy products, that nobody ever actually saw working. They're all vaporware. On the same website they speak about fantastic opportunities offered to young talented fellows in the IT&C field, in the shape of internship at their fantastic research centre in Pau. Unfortunately, it's all in the demo because the real deal is nothing like it. There's no such thing as opportunity to work with cutting-edge technologies or leading researchers in the branch. It's all smoke and mirrors. As a former intern there, I feel that the truth should be made available, as neither of their statements really hold true. My best bet is that they attract investors and suck up their cash without ever producing anything. I'm gathering all sorts of information, starting with my own experience, on http://sigexfoundry.blogspot.com. Feel free to read more there. Why am I doing this? There is a term for my action, called whistleblowing. I'd like to underline the fact that I'm by no means affected by SigEx's past or current actions, I went there as an intern for merely satisfying my own curiosity about them. But I know that many of the subscribers of this list are scholars, professors, people with strong positions in the branch, most of which can easily pass as models for younger enthusiasts. They're the ones I'd like this mail to reach. It'd be a real pity if more people suffered from SigEx's dubious practices. Once again, here is the link to the blog: http://sigexfoundry.blogspot.com And, once again, sorry for the noise. From owner-freebsd-isp@FreeBSD.ORG Wed Feb 14 17:06:20 2007 Return-Path: X-Original-To: freebsd-isp@FreeBSD.ORG Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3059F16A406; Wed, 14 Feb 2007 17:06:20 +0000 (UTC) (envelope-from msgs_for_me@mail.ru) Received: from mx28.mail.ru (mx28.mail.ru [194.67.23.67]) by mx1.freebsd.org (Postfix) with ESMTP id C7EB213C494; Wed, 14 Feb 2007 17:06:19 +0000 (UTC) (envelope-from msgs_for_me@mail.ru) Received: from mx33.mail.ru (mx33.mail.ru [194.67.23.194]) by mx28.mail.ru (mPOP.Fallback_MX) with ESMTP id DB40B716873; Wed, 14 Feb 2007 18:36:29 +0300 (MSK) Received: from [80.244.229.35] (port=7229 helo=VLADIMIR) by mx33.mail.ru with asmtp id 1HHMBG-000DLd-00; Wed, 14 Feb 2007 18:36:27 +0300 X-Nat-Received: from [192.168.1.110]:3843 [ident-empty] by smtp-proxy.vltele.com with TPROXY id 1171467214.12688 Date: Wed, 14 Feb 2007 18:36:25 +0300 From: Vladimir Kapustin X-Mailer: The Bat! (v3.85.03) Professional Organization: vltele.com X-Priority: 3 (Normal) Message-ID: <1024498861.20070214183625@mail.ru> To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-isp@FreeBSD.ORG, freebsd-net@freebsd.org, freebsd-performance@FreeBSD.ORG Subject: How to optimize ruleset for gateway? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Vladimir Kapustin List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 17:06:20 -0000 Hi, all! I have such a problem when configuring the gateway for my LAN: I want to minimize the number of rules, and for this purpose I chose PF, but, as I wrote earlyer: http://lists.freebsd.org/pipermail/freebsd-pf/2007-January/002958.html and found some mails of other people: http://lists.freebsd.org/pipermail/freebsd-pf/2006-October/002681.html if I want to configure connection speed for each user on PF, I must configure the number of queues equal to the number of users, i.e. if I configure one queue and allow the table of users go to the Internet through this queue, I see, that all of them share the bandwidth of this queue. I don't think this is a good idea, and now I choosing some other variants of optimization, such as: 1. Configure PF for major rules and SPAM filtering and IPFW+DUMMYNET for queueing. I've read somewhere, that IPFW-shaper supports tables the way I need. I'm afraid that two firewalls should significantly decrease perfomance. 2. Configure only IPFW. But this means that I have to read full documentation about it, and find the way to protect the Internet from SPAM going from my local NET. The ruleset looks like: 0. Binat for real IP. 1. Block NetBIOS 2. Pass all from table-1 3. Pass all from table-128kbps queue 1(128kbps) 4. ..................... 5. Pass all from table-1024kbps queue 4(1024kbps) 6. Some spam-protection tool (like spamd) 7. Block all Could somebody give me some advice what way to go? P.S. Now my gateway works on 2-processor Xeon router with Redhat and iptables. It has 100 Mbps Internet channel, and in the time of maximum charge it processes 10-20 kpps. From owner-freebsd-isp@FreeBSD.ORG Wed Feb 14 18:12:30 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5422D16A400 for ; Wed, 14 Feb 2007 18:12:30 +0000 (UTC) (envelope-from sten.daniel.sorsdal@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.224]) by mx1.freebsd.org (Postfix) with ESMTP id 1124013C48D for ; Wed, 14 Feb 2007 18:12:29 +0000 (UTC) (envelope-from sten.daniel.sorsdal@gmail.com) Received: by wr-out-0506.google.com with SMTP id i22so327145wra for ; Wed, 14 Feb 2007 10:12:29 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; b=kvufw8NHQLt0NCvspVENZ06hNgX7S/ef16Fl/s3hQWFVIja+bIcEMdSSigb7IokMdaregOwCo/+vmc2j7opLz3eF3ne9kV998oMkrjluSBZxF7qrW1gUDnTAC3Fdm+HKSbkTiSgr4xLndGJARmCpvBtw04J7cJF5uDh9+A8WEQM= Received: by 10.90.31.19 with SMTP id e19mr1004198age.1171476326670; Wed, 14 Feb 2007 10:05:26 -0800 (PST) Received: from ?192.168.11.5? ( [72.189.175.204]) by mx.google.com with ESMTP id 6sm1343529agd.2007.02.14.10.05.25; Wed, 14 Feb 2007 10:05:26 -0800 (PST) Message-ID: <45D34F5E.8060609@gmail.com> Date: Wed, 14 Feb 2007 13:05:18 -0500 User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: James Long References: <20070212213441.GA44882@ns.umpquanet.com> In-Reply-To: <20070212213441.GA44882@ns.umpquanet.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit From: Sten Daniel Soersdal Cc: freebsd-isp@freebsd.org Subject: Re: PPPoE : FreeBSD pppoed doesn't communicate with Linksys BEFSR41 ver. 2 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 18:12:30 -0000 James Long wrote: > There are no log entries, presumably because pppoed does not even see > a PPPoE service request coming from the linksys. If someone can educate > me on how to use e.g. tcpdump to capture the PPPoE session setup traffic > to confirm or refute this, I'm willing to learn. Try dumping the connection attempts with tcpdump like: tcpdump -pi fxp1 -w /tmp/mydump.cap -s 1600 Then loading the mydump.cap file in ethereal might prove more useful. Also i've seen a handful or two of commercial routers that simply do not set the right fields in the packets. I wouldn't be too quick to blame ppp. -- Sten Daniel Soersdal From owner-freebsd-isp@FreeBSD.ORG Wed Feb 14 18:28:40 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CD98916A400 for ; Wed, 14 Feb 2007 18:28:40 +0000 (UTC) (envelope-from sten.daniel.sorsdal@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.231]) by mx1.freebsd.org (Postfix) with ESMTP id 9139713C4A6 for ; Wed, 14 Feb 2007 18:28:40 +0000 (UTC) (envelope-from sten.daniel.sorsdal@gmail.com) Received: by wx-out-0506.google.com with SMTP id s18so309407wxc for ; Wed, 14 Feb 2007 10:28:39 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; b=AdwQl25sfRNW0U5BMVayG4/LKbryWZCayb0a1dJN5gBFXqW7B9XTVrnEzr4uczW48VbZXHT2Pa7CjFqAPPD6/KV8HqpxHJARhPWloQCXE07bVUztgdmQXg81WJdULbsrCA1r3soKbj40kbNDSq6HCYY31/Hv6ss8UCtOABidiNs= Received: by 10.90.68.15 with SMTP id q15mr1028269aga.1171476049503; Wed, 14 Feb 2007 10:00:49 -0800 (PST) Received: from ?192.168.11.5? ( [72.189.175.204]) by mx.google.com with ESMTP id 34sm1340330agc.2007.02.14.10.00.48; Wed, 14 Feb 2007 10:00:49 -0800 (PST) Message-ID: <45D34E49.8090808@gmail.com> Date: Wed, 14 Feb 2007 13:00:41 -0500 User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: ea@sellinet.net References: <2947.82.199.223.6.1171128810.squirrel@82.199.223.6> In-Reply-To: <2947.82.199.223.6.1171128810.squirrel@82.199.223.6> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit From: Sten Daniel Soersdal Cc: freebsd-isp@freebsd.org Subject: Re: [Strange behavior with arp permanent entries] X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 18:28:40 -0000 ea@sellinet.net wrote: > Hello, Guys! > > I'm trying to restrict some LAN access by arp permanent entries. But it > didn't work or it didn't work as I realize it. For example I have the > following perm entries: > > > user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan] > user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan] > > > And from what I realize if the user1 attempts to use user2's IP address. > The Router should block all packets which coming from wrong physical > address. But actually that didn't happen and user1 can use user2's IP > address without any problems. The router wont block packets coming from anyone. It should however prevent packets going *to* the wrong user. But that depends heavily on whether the layer2 network cooperates and the bad hosts network stack. Tip: If you want the effect of each user having their own physical lan (so they can't steal each others ip addresses) you need to segregate them in a manner that effectively gives each user a physical lan. Vlans might help, if done correctly. > > Maybe someone of you will advice me to use ipfw arp rules but when I turn > net.link.ether.ipfw ON I'm getting very low performance from the router. > We talking about 800mbps and 600k packets per second, and many users which > means many ipfw arp rules. Then perhaps you need to solve the problem on a different level or different unit? Perhaps segregate the users at edge using vlans and thus removing filter needs? -- Sten Daniel Soersdal From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 12:15:38 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BD14816A400 for ; Thu, 15 Feb 2007 12:15:38 +0000 (UTC) (envelope-from ea@sellinet.net) Received: from sellinet.net (galileo.sellinet.net [82.199.192.2]) by mx1.freebsd.org (Postfix) with SMTP id 1EF4D13C491 for ; Thu, 15 Feb 2007 12:15:37 +0000 (UTC) (envelope-from ea@sellinet.net) Received: (qmail 20239 invoked by uid 1009); 15 Feb 2007 14:15:35 +0200 Received: from ea@sellinet.net by galileo by uid 1002 with qmail-scanner-1.22 (spamassassin: 3.0.3. Clear:RC:1(127.0.0.1):. Processed in 0.05792 secs); 15 Feb 2007 12:15:35 -0000 Received: from unknown (HELO z.sellinet.net) (127.0.0.1) by localhost with SMTP; 15 Feb 2007 14:15:35 +0200 Received: from 82.199.192.218 (SquirrelMail authenticated user ea@sellinet.net); by z.sellinet.net with HTTP; Thu, 15 Feb 2007 14:15:35 +0200 (EET) Message-ID: <33702.82.199.192.218.1171541735.squirrel@82.199.192.218> In-Reply-To: <45D34E49.8090808@gmail.com> References: <2947.82.199.223.6.1171128810.squirrel@82.199.223.6> <45D34E49.8090808@gmail.com> Date: Thu, 15 Feb 2007 14:15:35 +0200 (EET) From: ea@sellinet.net To: "Sten Daniel Soersdal" User-Agent: SquirrelMail/1.4.2 X-Mailer: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=windows-1251 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-isp@freebsd.org Subject: Re: [Strange behavior with arp permanent entries] X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 12:15:38 -0000 > ea@sellinet.net wrote: >> Hello, Guys! >> >> I'm trying to restrict some LAN access by arp permanent entries. But it >> didn't work or it didn't work as I realize it. For example I have the >> following perm entries: >> >> >> user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan] >> user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan] >> >> >> And from what I realize if the user1 attempts to use user2's IP address. >> The Router should block all packets which coming from wrong physical >> address. But actually that didn't happen and user1 can use user2's IP >> address without any problems. > > The router wont block packets coming from anyone. It should however > prevent packets going *to* the wrong user. But that depends heavily on > whether the layer2 network cooperates and the bad hosts network stack. Scenario 1: user1: 10.2.0.2 00:14:85:84:af:c8 perm user2: 10.2.0.3 00:0f:ea:a4:60:c5 perm User2 can't use user1's IP address. Scenario 2: user1: 10.2.0.2 00:0a:e6:f7:8a:81 perm user2: 10.2.0.3 00:0f:ea:a4:60:c5 perm User2 can use user1's IP address. So, maybe there is some truth in your words, but why this happen? What is the difference between two physical addresses? > > Tip: If you want the effect of each user having their own physical lan > (so they can't steal each others ip addresses) you need to segregate > them in a manner that effectively gives each user a physical lan. Vlans > might help, if done correctly. Unfortunately, this can't be done in our case. > >> >> Maybe someone of you will advice me to use ipfw arp rules but when I >> turn >> net.link.ether.ipfw ON I'm getting very low performance from the router. >> We talking about 800mbps and 600k packets per second, and many users >> which >> means many ipfw arp rules. > > Then perhaps you need to solve the problem on a different level or > different unit? Perhaps segregate the users at edge using vlans and thus > removing filter needs? > > -- > Sten Daniel Soersdal > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > -------------------------------------------------------------- SELLINET Internet Services Provider - http://www.sellinet.net/ From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 16:47:13 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6BC3216A409 for ; Thu, 15 Feb 2007 16:47:13 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.freebsd.org (Postfix) with ESMTP id 2FEA413C4B9 for ; Thu, 15 Feb 2007 16:47:13 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id 75FAEC2F2 for ; Thu, 15 Feb 2007 11:24:49 -0500 (EST) Received: by zoraida.natserv.net (Postfix, from userid 58) id 3EC02C2EE; Thu, 15 Feb 2007 11:24:49 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on zoraida.natserv.net X-Spam-Level: X-Spam-Status: No, score=1.0 required=4.0 tests=RCVD_IN_FIVETENSRC,SPF_PASS autolearn=disabled version=3.1.7 X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record * 1.0 RCVD_IN_FIVETENSRC RBL: Received via a relay in Five Ten block list * [66.114.65.147 listed in blackholes.five-ten-sg.com] Received: from zoraida.natserv.net (zoraida.natserv.net [66.114.65.147]) by zoraida.natserv.net (Postfix) with ESMTP id 9D9B9C2E6 for ; Thu, 15 Feb 2007 11:24:39 -0500 (EST) Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Francisco Reyes To: FreeBSD ISP Date: Thu, 15 Feb 2007 11:24:39 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 16:47:13 -0000 Anyone using something other than Clamav in an busy FreeBSD+postfix environment for antivirus? Clamav freezes often. Reading archives, seems this is not so rare in FreeBSD. We even tried better machines, and gave Clamav more memory. That helped, but still seeing issues. This is for an ISP, so experiences on other ISPs or large setups (ie over 100,000 emails per day) would be most welcome. From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 17:12:24 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9B1B816A402 for ; Thu, 15 Feb 2007 17:12:24 +0000 (UTC) (envelope-from sten.daniel.sorsdal@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.229]) by mx1.freebsd.org (Postfix) with ESMTP id 5BDAA13C46B for ; Thu, 15 Feb 2007 17:12:24 +0000 (UTC) (envelope-from sten.daniel.sorsdal@gmail.com) Received: by wr-out-0506.google.com with SMTP id 69so862504wra for ; Thu, 15 Feb 2007 09:12:23 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding:from; b=RXwjMSo59pZltlorSR4yXAY/IhpJ8iBORodYeEIw10egMDCk6mxa5JKL9U3cuccPIlhB9gpjFPVqYDCoQRACBbTEDorgTa9MziawXgWlRuJDI2Ng9y8X8K9Q2cuk7+vb0BBW+H8RTzf3J1e1rAZUKC67jd4JGdQpZp1i8/PQHBw= Received: by 10.90.113.18 with SMTP id l18mr2749118agc.1171559543739; Thu, 15 Feb 2007 09:12:23 -0800 (PST) Received: from ?192.168.11.5? ( [72.189.175.204]) by mx.google.com with ESMTP id 8sm3252853agd.2007.02.15.09.12.22; Thu, 15 Feb 2007 09:12:23 -0800 (PST) Message-ID: <45D49471.8020505@gmail.com> Date: Thu, 15 Feb 2007 12:12:17 -0500 User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: ea@sellinet.net References: <2947.82.199.223.6.1171128810.squirrel@82.199.223.6> <45D34E49.8090808@gmail.com> <33702.82.199.192.218.1171541735.squirrel@82.199.192.218> In-Reply-To: <33702.82.199.192.218.1171541735.squirrel@82.199.192.218> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit From: Sten Daniel Soersdal Cc: freebsd-isp@freebsd.org Subject: Re: [Strange behavior with arp permanent entries] X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 17:12:24 -0000 ea@sellinet.net wrote: >> ea@sellinet.net wrote: >>> Hello, Guys! >>> >>> I'm trying to restrict some LAN access by arp permanent entries. But it >>> didn't work or it didn't work as I realize it. For example I have the >>> following perm entries: >>> >>> >>> user1: (82.199.215.195) at 00:0f:ea:a4:60:c5 on vlan804 permanent [vlan] >>> user2: (82.199.215.196) at 00:13:8f:b1:68:4b on vlan804 permanent [vlan] >>> >>> >>> And from what I realize if the user1 attempts to use user2's IP address. >>> The Router should block all packets which coming from wrong physical >>> address. But actually that didn't happen and user1 can use user2's IP >>> address without any problems. >> The router wont block packets coming from anyone. It should however >> prevent packets going *to* the wrong user. But that depends heavily on >> whether the layer2 network cooperates and the bad hosts network stack. > > Scenario 1: > > user1: 10.2.0.2 00:14:85:84:af:c8 perm > user2: 10.2.0.3 00:0f:ea:a4:60:c5 perm > > User2 can't use user1's IP address. > > Scenario 2: > > user1: 10.2.0.2 00:0a:e6:f7:8a:81 perm > user2: 10.2.0.3 00:0f:ea:a4:60:c5 perm > > User2 can use user1's IP address. > > So, maybe there is some truth in your words, but why this happen? What is > the difference between two physical addresses? > When a bridge/switch does not know which port to direct a unicast packet it will broadcast it to all ports, except the port it was received. It might be that the mac-address of user1 in scenario.2 is unknown on the layer2 network (i.e. user1 is no longer logged on) and therefore the bridges/switches will broadcast all traffic destined to user1's ip address. If user2's network card has naive OS, rotten drivers, a cheesy NIC and/or the NIC is simply put in promiscuous mode then the network stack would receive the packets and process them since the IP addresses match. [ Now coincidentally since the router always believes that user1 is always reachable, even when user1 is offline, then when someone floods user1 while user1 is offline then you'd have broadcast storm on your network. ] >> Tip: If you want the effect of each user having their own physical lan >> (so they can't steal each others ip addresses) you need to segregate >> them in a manner that effectively gives each user a physical lan. Vlans >> might help, if done correctly. > > > Unfortunately, this can't be done in our case. That is very unfortunate. I have been in that position and the problems never end until everyone has their own virtual network. You have my sympathy. -- Sten Daniel Soersdal From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 17:53:04 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BBE0D16A468 for ; Thu, 15 Feb 2007 17:53:04 +0000 (UTC) (envelope-from freminlins@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.174]) by mx1.freebsd.org (Postfix) with ESMTP id 46DA313C474 for ; Thu, 15 Feb 2007 17:53:02 +0000 (UTC) (envelope-from freminlins@gmail.com) Received: by ug-out-1314.google.com with SMTP id 71so228701ugh for ; Thu, 15 Feb 2007 09:53:01 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=MpzOJ0s7QthF0T7BVINISLM0xTJ4YuptThrIABaxxTdFQGDDI5wsqT9dcOv03ym+DaTajxnwbSdK/HM6KNrSfVD0xrWVRl17FDpVtx3nXlesXixg4uQcpRtdmfBaD5lQTGH2EUszN3QLRtfRxCyPHiIL9eNmc+jR75R0Ds8j4o0= Received: by 10.78.39.16 with SMTP id m16mr467908hum.1171560434500; Thu, 15 Feb 2007 09:27:14 -0800 (PST) Received: by 10.78.159.15 with HTTP; Thu, 15 Feb 2007 09:27:14 -0800 (PST) Message-ID: Date: Thu, 15 Feb 2007 17:27:14 +0000 From: Freminlins To: "Francisco Reyes" In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: FreeBSD ISP Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 17:53:04 -0000 Francisco, On 15/02/07, Francisco Reyes wrote: > > Anyone using something other than Clamav in an busy FreeBSD+postfix > environment for antivirus? > > Clamav freezes often. Reading archives, seems this is not so rare > in FreeBSD. I think the problem with ClamAV and FreeBSD is down to threads. We had a serious problem with this, and the only solution we found was to move ClamAV to Linux. Unfortunately under high load (a few million emails a day on multiple FreeBSD machines) ClamAV is usable on FreeBSD. It hurts me to say that, but it's true. We even tried better machines, and gave Clamav more memory. That helped, but > still seeing issues. Indeed. Frem. From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 18:02:29 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 377D916A468 for ; Thu, 15 Feb 2007 18:02:29 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.freebsd.org (Postfix) with ESMTP id D5D7513C46B for ; Thu, 15 Feb 2007 18:02:28 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id 36D77C2F4 for ; Thu, 15 Feb 2007 13:02:28 -0500 (EST) Received: by zoraida.natserv.net (Postfix, from userid 58) id 02081C2F2; Thu, 15 Feb 2007 13:02:28 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on zoraida.natserv.net X-Spam-Level: X-Spam-Status: No, score=1.0 required=4.0 tests=RCVD_IN_FIVETENSRC,SPF_PASS autolearn=disabled version=3.1.7 X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record * 1.0 RCVD_IN_FIVETENSRC RBL: Received via a relay in Five Ten block list * [66.114.65.147 listed in blackholes.five-ten-sg.com] Received: from zoraida.natserv.net (zoraida.natserv.net [66.114.65.147]) by zoraida.natserv.net (Postfix) with ESMTP id 371AEC2B4; Thu, 15 Feb 2007 13:02:23 -0500 (EST) References: Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Francisco Reyes To: Freminlins Date: Thu, 15 Feb 2007 13:02:22 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: FreeBSD ISP Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 18:02:29 -0000 Freminlins writes: > I think the problem with ClamAV and FreeBSD is down to threads. That is what I suspect too. > serious problem with this, and the only solution we found was to move > ClamAV to Linux. I rather switch antivirus than to switch OS. :-) > Unfortunately under high load (a few million emails a day > on multiple FreeBSD machines) ClamAV is usable on FreeBSD. It hurts me to > say that, but it's true. It seems every other release works and this is just too much of a problem. Some releases work better than others, but then at some point it just stops working. Any other alternatives anyone has tried? From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 18:03:32 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 795CC16A407 for ; Thu, 15 Feb 2007 18:03:32 +0000 (UTC) (envelope-from ob@gruft.de) Received: from obh.snafu.de (obh.snafu.de [213.73.92.34]) by mx1.freebsd.org (Postfix) with ESMTP id 2F1E313C49D for ; Thu, 15 Feb 2007 18:03:32 +0000 (UTC) (envelope-from ob@gruft.de) Received: from ob by obh.snafu.de with local (Exim 4.66 (FreeBSD)) (envelope-from ) id 1HHkbp-000Mc7-CF; Thu, 15 Feb 2007 18:41:29 +0100 Date: Thu, 15 Feb 2007 18:41:29 +0100 From: Oliver Brandmueller To: Francisco Reyes Message-ID: <20070215174129.GB20210@e-Gitt.NET> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.13 (2006-08-11) Sender: Oliver Brandmueller Cc: FreeBSD ISP Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 18:03:32 -0000 Hi, On Thu, Feb 15, 2007 at 11:24:39AM -0500, Francisco Reyes wrote: > Anyone using something other than Clamav in an busy FreeBSD+postfix > environment for antivirus? > > Clamav freezes often. Reading archives, seems this is not so rare > in FreeBSD. > > We even tried better machines, and gave Clamav more memory. That helped, > but still seeing issues. > > This is for an ISP, so experiences on other ISPs or large setups (ie over > 100,000 emails per day) would be most welcome. We're using clamav (clamd, together with exim) in our setup. Our setup consisting of currently four servers assigned to this task is processing around one million deliveries per day, around 3.5 million rejects in the same period. There were times, when we also had problems with hanging clamd processes, but for several months this setup is quite stable now. We're using FreeBSD 6, amd64. Servers have 4 GB of RAM, we needed to tune a bit in the config files of clamd so that it's leveld fine with our load. Also we use it successfully with libthr instead of libpthred (through libmap.conf). At least for a recent 6-STABLE, recent clamav and the given configs I cannot agree with you on missing stability. - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! | From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 18:12:30 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BD75C16A4F6 for ; Thu, 15 Feb 2007 18:12:30 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.freebsd.org (Postfix) with ESMTP id 795DB13C442 for ; Thu, 15 Feb 2007 18:12:30 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id BF6CBC2F2 for ; Thu, 15 Feb 2007 13:12:29 -0500 (EST) Received: by zoraida.natserv.net (Postfix, from userid 58) id 86CB9C2EE; Thu, 15 Feb 2007 13:12:29 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on zoraida.natserv.net X-Spam-Level: X-Spam-Status: No, score=1.0 required=4.0 tests=RCVD_IN_FIVETENSRC,SPF_PASS autolearn=disabled version=3.1.7 X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record * 1.0 RCVD_IN_FIVETENSRC RBL: Received via a relay in Five Ten block list * [66.114.65.147 listed in blackholes.five-ten-sg.com] Received: from zoraida.natserv.net (zoraida.natserv.net [66.114.65.147]) by zoraida.natserv.net (Postfix) with ESMTP id 89F6BC163; Thu, 15 Feb 2007 13:12:22 -0500 (EST) References: <20070215174129.GB20210@e-Gitt.NET> Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Francisco Reyes To: Oliver Brandmueller Date: Thu, 15 Feb 2007 13:12:22 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: FreeBSD ISP Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 18:12:30 -0000 Oliver Brandmueller writes: > We're using clamav (clamd, together with exim) in our setup. Our setup > consisting of currently four servers assigned to this task is processing > around one million deliveries per day, around 3.5 million rejects in the :-) You get less spam than we do. We also get around 4 Million emails per day, but only about 500K are accepted. (last I checked.. may be more volume now) > clamd processes, but for several months this setup is quite stable now. I had one machine that had been stable for months. Yesterday it just simply stopped working. Upgraded to the latest clamav. Even worse. Copied another version (older) from another machine. Working again. > We're using FreeBSD 6, amd64. Servers have 4 GB of RAM, we needed to We are using FreeBSD 6 i386. Do you see better perfomance on the amd64 branch for this type of work? > tune a bit in the config files of clamd so that it's leveld fine with > our load. Hm.. that config file is not that big. What variables did you set that were helpfull? In particular no matter what I do I never see more than 4 threads running. > Also we use it successfully with libthr instead of libpthred > (through libmap.conf). What was the procedure for that? Any pointers to docs appreciated. I am looking at /etc/libmap.conf, is it just an entry there? Wouldn't that be global? So all programs in the machine will use libthr instead of libpthred? > At least for a recent 6-STABLE, recent clamav and the given configs I > cannot agree with you on missing stability. Only thing I have not tried is amd64 and libthr. However I am wondering if a process based virus scanner exists. Going over ports I see a handfull of virus scanners. I guess I will have to setup a test machine and try them. I suspsect the issue is FreeBSD's thread support, so your suggested thread library change may help until we find a process based antivirus (if there is one that works well with FreeBSD). From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 18:29:47 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 40F6816A407 for ; Thu, 15 Feb 2007 18:29:47 +0000 (UTC) (envelope-from fcash@ocis.net) Received: from smtp.sd73.bc.ca (smtp.sd73.bc.ca [142.24.13.140]) by mx1.freebsd.org (Postfix) with ESMTP id 221A313C4A3 for ; Thu, 15 Feb 2007 18:29:47 +0000 (UTC) (envelope-from fcash@ocis.net) Received: from localhost (localhost [127.0.0.1]) by localhost.sd73.bc.ca (Postfix) with ESMTP id 479851A000B0D for ; Thu, 15 Feb 2007 10:29:46 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at smtp.sd73.bc.ca Received: from smtp.sd73.bc.ca ([127.0.0.1]) by localhost (smtp.sd73.bc.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id pPhNVfhI2gzQ for ; Thu, 15 Feb 2007 10:29:36 -0800 (PST) Received: from coal (s10.sbo [192.168.0.10]) by smtp.sd73.bc.ca (Postfix) with ESMTP id 0CA541A000B19 for ; Thu, 15 Feb 2007 10:29:36 -0800 (PST) From: Freddie Cash To: freebsd-isp@freebsd.org Date: Thu, 15 Feb 2007 10:29:34 -0800 User-Agent: KMail/1.9.5 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200702151029.35246.fcash@ocis.net> Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 18:29:47 -0000 On Thursday 15 February 2007 08:24 am, Francisco Reyes wrote: > Anyone using something other than Clamav in an busy FreeBSD+postfix > environment for antivirus? > > Clamav freezes often. Reading archives, seems this is not so rare > in FreeBSD. > > We even tried better machines, and gave Clamav more memory. That > helped, but still seeing issues. > > This is for an ISP, so experiences on other ISPs or large setups (ie > over 100,000 emails per day) would be most welcome. We only processed around 300,000 - 400,000 messages per month on our FreeBSD box, but we didn't have any issues with ClamAV with Postfix and Amavisd-new on FreeBSD 6.1 (dual-AthlonMP with 4 GB RAM and 400 GB disk in RAID5). With one exception: getting an MFS to work for Amavisd's tmp directory. Worked for awhile, then it kept stalling mail delivery. Switching back to a disk-based tmp got things working, but slowed delivery down a bit. We also used CommandAV as a secondary AV tool until our license ran out (thank god -- CommandAV is a horrid piece of junk on any OS). After that, we used Kaspersky AV. The FreeBSD package doesn't follow hier(7) even the slightest, but it is a fast AV scanner and can be used as either a mail gateway daemon (including its own SMTP server) or as a scanner in amavisd-new. We've since moved our mail server over to a dual-Opteron setup with 4 GB RAM running Debian Etch (64-bit). More for political reasons than anything. Unfortunately, there's no 64-bit version of Kaspersky as of yet, so we're only using ClamAV on there (haven't felt like getting a 32-bit environment working on Debian). -- Freddie Cash fcash@ocis.net From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 18:44:31 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5388416A420 for ; Thu, 15 Feb 2007 18:44:31 +0000 (UTC) (envelope-from anderson@freebsd.org) Received: from mh1.centtech.com (moat3.centtech.com [64.129.166.50]) by mx1.freebsd.org (Postfix) with ESMTP id 30C7213C4B4 for ; Thu, 15 Feb 2007 18:44:31 +0000 (UTC) (envelope-from anderson@freebsd.org) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh1.centtech.com (8.13.8/8.13.8) with ESMTP id l1FIRsGh080143; Thu, 15 Feb 2007 12:27:54 -0600 (CST) (envelope-from anderson@freebsd.org) Message-ID: <45D4A62B.9030109@freebsd.org> Date: Thu, 15 Feb 2007 12:27:55 -0600 From: Eric Anderson User-Agent: Thunderbird 1.5.0.9 (X11/20070204) MIME-Version: 1.0 To: Francisco Reyes References: <20070215174129.GB20210@e-Gitt.NET> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.88.4/2574/Thu Feb 15 10:10:18 2007 on mh1.centtech.com X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=8.0 tests=AWL,BAYES_00 autolearn=ham version=3.1.6 X-Spam-Checker-Version: SpamAssassin 3.1.6 (2006-10-03) on mh1.centtech.com Cc: FreeBSD ISP , Oliver Brandmueller Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 18:44:31 -0000 On 02/15/07 12:12, Francisco Reyes wrote: > Oliver Brandmueller writes: > >> We're using clamav (clamd, together with exim) in our setup. Our setup >> consisting of currently four servers assigned to this task is processing >> around one million deliveries per day, around 3.5 million rejects in the > > :-) > You get less spam than we do. > We also get around 4 Million emails per day, but only about 500K are > accepted. (last I checked.. may be more volume now) > > >> clamd processes, but for several months this setup is quite stable now. > > I had one machine that had been stable for months. Yesterday it just simply > stopped working. Upgraded to the latest clamav. Even worse. Copied another > version (older) from another machine. Working again. > >> We're using FreeBSD 6, amd64. Servers have 4 GB of RAM, we needed to > > We are using FreeBSD 6 i386. > Do you see better perfomance on the amd64 branch for this type of work? > >> tune a bit in the config files of clamd so that it's leveld fine with >> our load. > > Hm.. that config file is not that big. What variables did you set that were > helpfull? In particular no matter what I do I never see more than 4 threads > running. > >> Also we use it successfully with libthr instead of libpthred >> (through libmap.conf). > > What was the procedure for that? Any pointers to docs appreciated. > I am looking at /etc/libmap.conf, is it just an entry there? > Wouldn't that be global? So all programs in the machine will use libthr > instead of libpthred? > >> At least for a recent 6-STABLE, recent clamav and the given configs I >> cannot agree with you on missing stability. > > Only thing I have not tried is amd64 and libthr. > > However I am wondering if a process based virus scanner exists. > Going over ports I see a handfull of virus scanners. I guess I will have to > setup a test machine and try them. > > I suspsect the issue is FreeBSD's thread support, so your suggested thread > library change may help until we find a process based antivirus (if there > is one that works well with FreeBSD). You can specify a lib mapping for a particular tool. See libmap.conf(5) - here's the EXAMPLES section: EXAMPLES # /etc/libmap.conf # # candidate mapping # libc_r.so.6 libpthread.so.2 # Everything that uses 'libc_r' libc_r.so libpthread.so # now uses 'libpthread' [/tmp/mplayer] # Test version of mplayer uses libc_r libpthread.so.2 libc_r.so.6 libpthread.so libc_r.so [/usr/local/jdk1.4.1/] # All Java 1.4.1 programs use libthr # This works because "javavms" executes # programs with the full pathname libpthread.so.2 libthr.so.2 libpthread.so libthr.so # Glue for Linux-only EPSON printer .so to be loaded into cups, etc. [/usr/local/lib/pips/libsc80c.so] libc.so.6 pluginwrapper/pips.so libdl.so.2 pluginwrapper/pips.so Eric From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 18:46:27 2007 Return-Path: X-Original-To: freebsd-isp@FreeBSD.ORG Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7D3CB16A41F for ; Thu, 15 Feb 2007 18:46:27 +0000 (UTC) (envelope-from _paix@rambler.ru) Received: from mx3.uts.com.ua (ns.uts.kharkov.ukrsat.com [193.109.103.195]) by mx1.freebsd.org (Postfix) with ESMTP id E24D513C4BE for ; Thu, 15 Feb 2007 18:46:26 +0000 (UTC) (envelope-from _paix@rambler.ru) Received: from vega.uts.com.ua (ns.uts.com.ua [217.12.196.130]) by mx3.uts.com.ua (Postfix) with ESMTP id A8F35F7439; Thu, 15 Feb 2007 20:13:53 +0200 (EET) Received: from vega.uts.com.ua (localhost [127.0.0.1]) by vega.uts.com.ua (Postfix) with ESMTP id C96C22285C; Thu, 15 Feb 2007 20:13:54 +0200 (EET) Received: from [10.10.2.4] (unknown [192.168.200.200]) by vega.uts.com.ua (Postfix) with ESMTP id 4EC9E2285A; Thu, 15 Feb 2007 20:13:54 +0200 (EET) Message-ID: <45D4A2DF.1050100@rambler.ru> Date: Thu, 15 Feb 2007 20:13:51 +0200 From: Sergej Kandyla <_paix@rambler.ru> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Vladimir Kapustin References: <1024498861.20070214183625@mail.ru> In-Reply-To: <1024498861.20070214183625@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV on vega.uts.com.ua Cc: freebsd-isp@FreeBSD.ORG Subject: Re: How to optimize ruleset for gateway? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 18:46:27 -0000 Vladimir Kapustin wrote: >I don't think this is a good idea, and now I choosing some other >variants of optimization, such as: > >1. Configure PF for major rules and SPAM filtering and IPFW+DUMMYNET for >queueing. I've read somewhere, that IPFW-shaper supports tables the way I >need. I'm afraid that two firewalls should significantly decrease perfomance. > > > I think you should configure PF with PF-ALTQ Some PF resources : http://www.openbsd.org/faq/pf/ http://www.benzedrine.cx/ackpri.html Examples in /usr/share/examples/pf/ could be useful too. >2. Configure only IPFW. But this means that I have to read full documentation >about it, and find the way to protect the Internet from SPAM going from my >local NET. > > >Could somebody give me some advice what way to go? > > > From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 19:01:53 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 81C1F16A402 for ; Thu, 15 Feb 2007 19:01:53 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from mail.telcom.net (mail.telcom.net [200.62.2.251]) by mx1.freebsd.org (Postfix) with ESMTP id 3CE5713C4A8 for ; Thu, 15 Feb 2007 19:01:52 +0000 (UTC) (envelope-from akachler@telcom.net) Received: from [127.0.0.1] (adsl-2-152-135.mia.bellsouth.net [65.2.152.135]) by mail.telcom.net (8.13.8/8.13.6) with ESMTP id l1FISLjW017806; Thu, 15 Feb 2007 13:28:22 -0500 (EST) (envelope-from akachler@telcom.net) Message-ID: <45D4A646.8040909@telcom.net> Date: Thu, 15 Feb 2007 13:28:22 -0500 From: Arie Kachler Organization: Telcom.Net User-Agent: Thunderbird 2.0b2 (Windows/20070116) MIME-Version: 1.0 To: Francisco Reyes References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD ISP Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: akachler@telcom.net List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 19:01:53 -0000 We have 4 large servers doing spam/virus filtering as the inbound mail exchangers for several thousand domains. These are 6.x servers with multiple processors and 2GB or RAM each. We receive about 1-2 million emails per day. Our setup is Sendmail + Mimedefang + Spamassassin + Clamd. We have no load problems at all. We are probably overbuilt, but it's important to have extra capacity when using Spamassassin. Clamd does not cause any overload. Note that we have Clam 0.8x. I have recently heard that Clam 0.90 does have load issues. Francisco Reyes wrote: > Anyone using something other than Clamav in an busy FreeBSD+postfix > environment for antivirus? > > Clamav freezes often. Reading archives, seems this is not so rare in > FreeBSD. > > We even tried better machines, and gave Clamav more memory. That > helped, but still seeing issues. > > This is for an ISP, so experiences on other ISPs or large setups (ie > over 100,000 emails per day) would be most welcome. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > . > From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 19:08:46 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4064516A408 for ; Thu, 15 Feb 2007 19:08:46 +0000 (UTC) (envelope-from freminlins@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.freebsd.org (Postfix) with ESMTP id 941E013C471 for ; Thu, 15 Feb 2007 19:08:45 +0000 (UTC) (envelope-from freminlins@gmail.com) Received: by ug-out-1314.google.com with SMTP id 71so251394ugh for ; Thu, 15 Feb 2007 11:08:44 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=LeN5VJ9WEatMEaw3P3FtbmklnO36U8kBnAgROSkZCJKyBbuhSQKRKU84khfX7snHsyqCB3tMj0YlihutdJOYKUZ+Oaah//WGmaAJ+dLfO9Wd/4y230r0EapZ1QPFGQiuPwVTAGrni44+GtGuB9FsgTVM8KRjjbAUOB7kgo/kd7s= Received: by 10.78.160.2 with SMTP id i2mr485333hue.1171566524237; Thu, 15 Feb 2007 11:08:44 -0800 (PST) Received: by 10.78.159.15 with HTTP; Thu, 15 Feb 2007 11:08:44 -0800 (PST) Message-ID: Date: Thu, 15 Feb 2007 19:08:44 +0000 From: Freminlins To: "Francisco Reyes" In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: FreeBSD ISP Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 19:08:46 -0000 Francisco, On 15/02/07, Francisco Reyes wrote: > > I rather switch antivirus than to switch OS. :-) Indeed. I didn't like what I found in Linux (Ubuntu). Like the BIND package runs as root, or that ssh allows root to log in by default, although the man page says the opposite is the default. Not that there is a root password, but someone might add one. Any other alternatives anyone has tried? > We used to use RAV until they were bought by The Beast and discontinued support. So unfortunately I have had to set up some Linux machines out of necessity. Frem. From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 19:20:40 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 71CD416A407 for ; Thu, 15 Feb 2007 19:20:40 +0000 (UTC) (envelope-from duane@dwlabs.ca) Received: from smtpout.eastlink.ca (smtpout.eastlink.ca [24.222.0.30]) by mx1.freebsd.org (Postfix) with ESMTP id 357AD13C49D for ; Thu, 15 Feb 2007 19:20:40 +0000 (UTC) (envelope-from duane@dwlabs.ca) Received: from ip04.eastlink.ca ([24.222.10.20]) by mta01.eastlink.ca (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTP id <0JDI00FQJPOEIC70@mta01.eastlink.ca> for freebsd-isp@freebsd.org; Thu, 15 Feb 2007 14:50:38 -0400 (AST) Received: from blk-224-199-230.eastlink.ca (HELO dwpc.dwlabs.ca) ([24.224.199.230]) by ip04.eastlink.ca with ESMTP; Thu, 15 Feb 2007 14:50:39 -0400 Received: from dwpc.dwlabs.ca (dwpc.dwlabs.ca [192.168.0.10] (may be forged)) by dwpc.dwlabs.ca (8.13.8/8.13.8) with ESMTP id l1FImibI027420; Thu, 15 Feb 2007 14:48:50 -0400 (AST envelope-from duane@dwpc.dwlabs.ca) Received: (from duane@localhost) by dwpc.dwlabs.ca (8.13.8/8.13.8/Submit) id l1FImixs027419; Thu, 15 Feb 2007 14:48:44 -0400 (AST envelope-from duane) Date: Thu, 15 Feb 2007 14:48:44 -0400 From: Duane Whitty In-reply-to: To: Francisco Reyes Message-id: <20070215184844.GA24682@dwpc.dwlabs.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao8CAGI61EUY4MfmdGdsb2JhbACiAgEBAQ X-IronPort-AV: i="4.14,176,1170648000"; d="scan'208"; a="119331344:sNHT71834751" X-Virus-Scanned: ClamAV 0.88.6/2573/Thu Feb 15 07:37:08 2007 on dwpc.dwlabs.ca X-Virus-Status: Clean X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on dwpc.dwlabs.ca References: <20070215174129.GB20210@e-Gitt.NET> User-Agent: Mutt/1.4.2.2i X-Spam-Status: No, score=-1.5 required=5.0 tests=AWL,BAYES_00, UNPARSEABLE_RELAY autolearn=ham version=3.1.4 Cc: freebsd-isp@freebsd.org Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: duane@dwlabs.ca List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 19:20:40 -0000 On Thu, Feb 15, 2007 at 01:12:22PM -0500, Francisco Reyes wrote: > Oliver Brandmueller writes: > > >We're using clamav (clamd, together with exim) in our setup. Our setup > >consisting of currently four servers assigned to this task is processing > >around one million deliveries per day, around 3.5 million rejects in the > > :-) > You get less spam than we do. > We also get around 4 Million emails per day, but only about 500K are > accepted. (last I checked.. may be more volume now) > > [...trimmed...] > > > Also we use it successfully with libthr instead of libpthred > >(through libmap.conf). > > What was the procedure for that? Any pointers to docs appreciated. > I am looking at /etc/libmap.conf, is it just an entry there? > Wouldn't that be global? So all programs in the machine will use libthr > instead of libpthred? > It can be configured so as not to be global See libmap.conf(5) I can share my /etc/libmap.conf file if you would like an example. It is non-ClamAv related but does illustrate how to configure using different libraries for different programs. I believe I basically using the /etc/libmap.conf as generously provided by the writer of the port for the linuxpluginwrapper. [...trimmed...] > I suspsect the issue is FreeBSD's thread support, so your suggested thread > library change may help until we find a process based antivirus (if there > is one that works well with FreeBSD). There has been much discussion about making the libthr the default threading library. --Duane From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 19:24:47 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1190B16A401 for ; Thu, 15 Feb 2007 19:24:47 +0000 (UTC) (envelope-from roldan@transnet.cu) Received: from ns1.transnet.cu (ns1.transnet.cu [200.55.129.140]) by mx1.freebsd.org (Postfix) with ESMTP id B273513C474 for ; Thu, 15 Feb 2007 19:24:45 +0000 (UTC) (envelope-from roldan@transnet.cu) Received: from ns1.transnet.cu (root@localhost) by ns1.transnet.cu (8.13.5/8.13.5) with SMTP id l1FE8CIv004740 for ; Thu, 15 Feb 2007 14:08:13 GMT Received: from mail.transnet.cu ([200.55.137.3]) by ns1.transnet.cu (8.13.5/8.13.5) with ESMTP id l1FE3ZH7003743 for ; Thu, 15 Feb 2007 14:07:58 GMT Received: (from uucp@localhost) by mail.transnet.cu (8.11.3/8.11.3) id l1FIv9m67317 for ; Thu, 15 Feb 2007 13:57:09 -0500 (CST) Received: from UNKNOWN(200.55.137.12), claiming to be "prueba" via SMTP by mail.transnet.cu, id smtpdm67286; Thu Feb 15 13:57:00 2007 Message-ID: <001701c75133$e1cb0870$dd64000a@transnet.cu> From: "Roldan Vallejo Olivera" To: Date: Thu, 15 Feb 2007 14:02:47 -0500 Organization: Sitrans MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Subject: problems with KAV for FreeBSD 6.0 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 19:24:47 -0000 hello list: I have a FreeBSD 6.0 running in an HP Proliant GL 370, Dual Xeon 3.2 GHz, 1GB RAM, and RAID-5 75 GB, in this system we have a BIND DNS service and a Sendmail as a mail relay-only server, processing an average of 3GB messages daily, we have purchased a KAV license for 4 GB traffic daily, but we are having problems: sometimes our server runs out of resources and issues the following message error: "maxproc limit exceeded by uid 0, please see tuning(7) and login.conf(5) ns1 sendmail[545] syserr (root): openmailer (smtpscanner): cannot fork: resource temporarily unavailable no queue: syserr(root): daemon: cannot fork" at this moment when I try to login at the server i receive this error: "login: login: fork: resource temporarily unavailable" the server replies at ping command, but doesn't allow telnet neither ssh, and stops processing messages. we have noticed this scenario runs out of free memory as we read the output of top command: "last pid: 26888; load averages: 1.02, 0.91, 0.54 up 3+19:06:18 03:10:00 615 processes: 4 starting, 2 running, 608 sleeping, 1 lock Mem: 698M Active, 58M Inact, 188M Wired, 48M Cache, 111M Buf, 3532K Free Swap: 4096M Total, 24M Used, 4071M Free" As soon as I reboot the system everything works fine for the next 3 or 4 days... I don't know what's exactly the problem and of course, I have no idea of the solution, can anybody help me, please? thanks in advance roldan From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 19:25:04 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1097F16A407 for ; Thu, 15 Feb 2007 19:25:04 +0000 (UTC) (envelope-from bill@ayn.mi.celestial.com) Received: from ayn.mi.celestial.com (hayek.celestial.com [192.136.111.12]) by mx1.freebsd.org (Postfix) with ESMTP id E30DA13C4AC for ; Thu, 15 Feb 2007 19:25:03 +0000 (UTC) (envelope-from bill@ayn.mi.celestial.com) Received: from localhost (localhost [127.0.0.1]) by ayn.mi.celestial.com (Postfix) with ESMTP id 49C546868C740; Thu, 15 Feb 2007 11:04:24 -0800 (PST) X-Virus-Scanned: amavisd-new at mi.celestial.com Received: from ayn.mi.celestial.com ([127.0.0.1]) by localhost (ayn.mi.celestial.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 1A9t38b9aLuT; Thu, 15 Feb 2007 11:04:24 -0800 (PST) Received: by ayn.mi.celestial.com (Postfix, from userid 203) id 2E2C66800C10F; Thu, 15 Feb 2007 11:04:24 -0800 (PST) Date: Thu, 15 Feb 2007 11:04:24 -0800 From: Bill Campbell To: freebsd-isp@freebsd.org Message-ID: <20070215190424.GB20607@ayn.mi.celestial.com> Mail-Followup-To: freebsd-isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.11 OpenPKG/2.5 Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@celestial.com List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 19:25:04 -0000 On Thu, Feb 15, 2007, Francisco Reyes wrote: >Anyone using something other than Clamav in an busy FreeBSD+postfix >environment for antivirus? > >Clamav freezes often. Reading archives, seems this is not so rare >in FreeBSD. > >We even tried better machines, and gave Clamav more memory. That helped, >but still seeing issues. > >This is for an ISP, so experiences on other ISPs or large setups (ie over >100,000 emails per day) would be most welcome. I can't address this specifically for FreeBSD as none of our FreeBSD systems are running at high load levels, but I don't think that clamav is the limiting facter. We're processing around a half-million messages a day at an ISP through a single public MX server which runs postfix, amavisd, and clamav to prescreen incoming messages, forwarding them to a cluster of servers which do the mail delivery to NFS mounted Maildir stores after doing spamassassin scoring. The load average on the border MX server rarely gets as high as 1.00. Frankly I've been amazed that it handles this volume that easily. The border machine is running a Pentium(R) 4 CPU 3.20GHz with 2GB of RAM which isn't a high performance machine by today's standards. The OS is SuSE Linux Enterprise 9 SP2. We don't have any FreeBSD machines running this configuration with significant loads for comparison. Bill -- INTERNET: bill@Celestial.COM Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 There are three kinds of men. The ones that learn by reading. The few who learn by observation. The rest of them have to pee on the electric fence for themselves. -- Will Rogers From owner-freebsd-isp@FreeBSD.ORG Thu Feb 15 23:09:17 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A8F3C16A400 for ; Thu, 15 Feb 2007 23:09:17 +0000 (UTC) (envelope-from duane@dwlabs.ca) Received: from smtpout.eastlink.ca (smtpout.eastlink.ca [24.222.0.30]) by mx1.freebsd.org (Postfix) with ESMTP id 7129713C4A5 for ; Thu, 15 Feb 2007 23:09:17 +0000 (UTC) (envelope-from duane@dwlabs.ca) Received: from ip03.eastlink.ca ([24.222.10.15]) by mta01.eastlink.ca (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTP id <0JDJ00J0I1NFVWE0@mta01.eastlink.ca> for freebsd-isp@freebsd.org; Thu, 15 Feb 2007 19:09:15 -0400 (AST) Received: from blk-224-199-230.eastlink.ca (HELO dwpc.dwlabs.ca) ([24.224.199.230]) by ip03.eastlink.ca with ESMTP; Thu, 15 Feb 2007 19:09:16 -0400 Received: from dwpc.dwlabs.ca (mail.dwlabs.ca [192.168.0.10]) by dwpc.dwlabs.ca (8.13.8/8.13.8) with ESMTP id l1FN7Okv028395; Thu, 15 Feb 2007 19:07:30 -0400 (AST envelope-from duane@dwpc.dwlabs.ca) Received: (from duane@localhost) by dwpc.dwlabs.ca (8.13.8/8.13.8/Submit) id l1FN7Nhq028394; Thu, 15 Feb 2007 19:07:23 -0400 (AST envelope-from duane) Date: Thu, 15 Feb 2007 19:07:22 -0400 From: Duane Whitty In-reply-to: <001701c75133$e1cb0870$dd64000a@transnet.cu> To: Roldan Vallejo Olivera Message-id: <20070215230722.GA27427@dwpc.dwlabs.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao8CANt21EUY4MfmdGdsb2JhbACiEgEBAQ X-IronPort-AV: i="4.14,178,1170648000"; d="scan'208"; a="414978595:sNHT25526634" X-Virus-Scanned: ClamAV 0.88.6/2573/Thu Feb 15 07:37:08 2007 on dwpc.dwlabs.ca X-Virus-Status: Clean X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-25) on dwpc.dwlabs.ca References: <001701c75133$e1cb0870$dd64000a@transnet.cu> User-Agent: Mutt/1.4.2.2i X-Spam-Status: No, score=-1.6 required=5.0 tests=AWL,BAYES_00, UNPARSEABLE_RELAY autolearn=ham version=3.1.4 Cc: freebsd-isp@freebsd.org Subject: Re: problems with KAV for FreeBSD 6.0 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: duane@dwlabs.ca List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Feb 2007 23:09:17 -0000 On Thu, Feb 15, 2007 at 02:02:47PM -0500, Roldan Vallejo Olivera wrote: > hello list: > I have a FreeBSD 6.0 running in an HP Proliant GL 370, Dual Xeon 3.2 GHz, > 1GB RAM, and RAID-5 75 GB, in this system we have a BIND DNS service and a > Sendmail as a mail relay-only server, processing an average of 3GB messages > daily, we have purchased a KAV license for 4 GB traffic daily, but we are > having problems: sometimes our server runs out of resources and issues the > following message error: > "maxproc limit exceeded by uid 0, please see tuning(7) and login.conf(5) > ns1 sendmail[545] syserr (root): openmailer > (smtpscanner): cannot fork: resource temporarily unavailable no queue: > syserr(root): daemon: cannot fork" > > at this moment when I try to login at the server i receive this error: > "login: login: fork: resource temporarily unavailable" > > the server replies at ping command, but doesn't allow telnet neither ssh, > and stops processing messages. we have noticed this scenario runs out of > free memory as we read the output of top command: > > "last pid: 26888; load averages: 1.02, 0.91, 0.54 up 3+19:06:18 > 03:10:00 > 615 processes: 4 starting, 2 running, 608 sleeping, 1 lock > > Mem: 698M Active, 58M Inact, 188M Wired, 48M Cache, 111M Buf, 3532K Free > Swap: 4096M Total, 24M Used, 4071M Free" > Free memory seems adequate here. You have very little swap space used. FreeBSD uses the philosophy that free memory is wasted memory. > As soon as I reboot the system everything works fine for the next 3 or 4 > days... I don't know what's exactly the problem and of course, I have no > idea of the solution, can anybody help me, please? > thanks in advance > roldan > What does sysctl kern.maxusers show? Depending on what the current value of this is you may want to increase it. Below is my current value for kern.maxusers dwpc@ /etc>sysctl kern.maxusers kern.maxusers: 250 kern.maxusers sets many kernel parameters and does not actually specify the number of users which can use the system. This and other tuning options can be found in tuning(7). --Duane From owner-freebsd-isp@FreeBSD.ORG Fri Feb 16 01:33:12 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1743E16A406 for ; Fri, 16 Feb 2007 01:33:12 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22]) by mx1.freebsd.org (Postfix) with ESMTP id E042913C4A5 for ; Fri, 16 Feb 2007 01:33:11 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay5.apple.com (a17-128-113-35.apple.com [17.128.113.35]) by mail-out3.apple.com (8.13.8/8.13.8) with ESMTP id l1G0uFmU029424; Thu, 15 Feb 2007 16:56:15 -0800 (PST) Received: from relay5.apple.com (unknown [127.0.0.1]) by relay5.apple.com (Symantec Mail Security) with ESMTP id 3C0BF29C00B; Thu, 15 Feb 2007 16:56:15 -0800 (PST) X-AuditID: 11807123-a03b9bb000000a1d-a1-45d5012feaf6 Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay5.apple.com (Apple SCV relay) with ESMTP id 2E67030400D; Thu, 15 Feb 2007 16:56:15 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <20070215230722.GA27427@dwpc.dwlabs.ca> References: <001701c75133$e1cb0870$dd64000a@transnet.cu> <20070215230722.GA27427@dwpc.dwlabs.ca> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <552B7B1A-D7D4-43DD-A75C-252665E5D6B0@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Thu, 15 Feb 2007 16:56:14 -0800 X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-isp@freebsd.org, Roldan Vallejo Olivera Subject: Re: problems with KAV for FreeBSD 6.0 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2007 01:33:12 -0000 On Thu, Feb 15, 2007 at 02:02:47PM -0500, Roldan Vallejo Olivera wrote: > hello list: > I have a FreeBSD 6.0 running in an HP Proliant GL 370, Dual Xeon > 3.2 GHz, > 1GB RAM, and RAID-5 75 GB, in this system we have a BIND DNS > service and a > Sendmail as a mail relay-only server, processing an average of 3GB > messages > daily, we have purchased a KAV license for 4 GB traffic daily, but > we are > having problems: sometimes our server runs out of resources and > issues the > following message error: > "maxproc limit exceeded by uid 0, please see tuning(7) and > login.conf(5) > ns1 sendmail[545] syserr (root): openmailer > (smtpscanner): cannot fork: resource temporarily unavailable no queue: > syserr(root): daemon: cannot fork" > > at this moment when I try to login at the server i receive this error: > "login: login: fork: resource temporarily unavailable" > > the server replies at ping command, but doesn't allow telnet > neither ssh, > and stops processing messages. This sort of problem can happen when someone mailbombs your MTA, causing it to fork excessive numbers of children. It could also happen if your anti-spam/virus-scanning stuff ends up getting stuck and leaving frozen processes around. Consider adjusting this: # maximum number of children we allow at one time #O MaxDaemonChildren=0 ...in your sendmail configuration to a reasonable value, based on how many other processes are running and how big your process table is ("sysctl kern.maxproc"?) If that doesn't solve your issue, perhaps you should set up a cron job to periodically put the output of "ps aux" into a text file, and remain logged into the machine. When you fill up the process table, try to check this file, otherwise check it promptly after a reboot if you have to do that, and see which processes are filling up the system and/or getting stuck. > we have noticed this scenario runs out of > free memory as we read the output of top command: It's not directly related; FreeBSD will happily use almost all RAM simply for (inactive) page caching, and this is normal and does not indicate a problem. However, if you encounter excessive swapping activity, it's possible that you'll end up with lots of processes starting up but not being able to complete their work and exit, which would cause the system to fall over as described above. -- -Chuck From owner-freebsd-isp@FreeBSD.ORG Fri Feb 16 06:20:28 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BB84E16A400 for ; Fri, 16 Feb 2007 06:20:28 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.freebsd.org (Postfix) with ESMTP id 8F74313C428 for ; Fri, 16 Feb 2007 06:20:28 +0000 (UTC) (envelope-from mike@sentex.net) Received: from BLUELAPIS.sentex.ca (cage.simianscience.com [64.7.134.1]) by smarthost2.sentex.ca (8.13.8/8.13.8) with SMTP id l1G5o6lm078598; Fri, 16 Feb 2007 00:50:07 -0500 (EST) (envelope-from mike@sentex.net) From: Mike Tancsa To: Francisco Reyes Date: Fri, 16 Feb 2007 00:50:17 -0500 Message-ID: References: In-Reply-To: X-Mailer: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Cc: freebsd-isp@freebsd.org Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2007 06:20:28 -0000 On Thu, 15 Feb 2007 11:24:39 -0500, in sentex.lists.freebsd.isp you wrote: > >Clamav freezes often. Reading archives, seems this is not so rare=20 >in FreeBSD. > >This is for an ISP, so experiences on other ISPs or large setups (ie = over=20 >100,000 emails per day) would be most welcome. We found changing the threading lib helped a lot with stability. (ie clamd would be locking up throughout the day under load without the change). Its been stable for over a month this way on our boxes (well over 100K emails daily) Compile as normal and add the following to libmap.conf % cat /etc/libmap.conf [clamd] libc_r.so.5 libthr.so.2 libc_r.so.6 libthr.so.2 libthr.so.2 libthr.so.2 libpthread.so.1 libthr.so.2 libpthread.so.2 libthr.so.2 However, in the last day we have seen the daemon exiting with a sig6 using the default clamav-devel port. My guess some new spam or virus hitting a bug. Not sure yet. Removing --enable-experimental from the ports Makefile seems to have helped that issue as well. ---Mike -------------------------------------------------------- Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 mike@sentex.net, (http://www.tancsa.com) From owner-freebsd-isp@FreeBSD.ORG Sat Feb 17 20:26:01 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8DD1616A406 for ; Sat, 17 Feb 2007 20:26:01 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.freebsd.org (Postfix) with ESMTP id 4977413C478 for ; Sat, 17 Feb 2007 20:26:01 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id 2B11FC2EC for ; Sat, 17 Feb 2007 15:26:00 -0500 (EST) Received: by zoraida.natserv.net (Postfix, from userid 58) id D7A8BC2AF; Sat, 17 Feb 2007 15:25:59 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on zoraida.natserv.net X-Spam-Level: X-Spam-Status: No, score=1.0 required=4.0 tests=RCVD_IN_FIVETENSRC,SPF_PASS autolearn=disabled version=3.1.7 X-Spam-Report: * -0.0 SPF_PASS SPF: sender matches SPF record * 1.0 RCVD_IN_FIVETENSRC RBL: Received via a relay in Five Ten block list * [66.114.65.147 listed in blackholes.five-ten-sg.com] Received: from zoraida.natserv.net (zoraida.natserv.net [66.114.65.147]) by zoraida.natserv.net (Postfix) with ESMTP id E3D64C163; Sat, 17 Feb 2007 15:25:56 -0500 (EST) References: Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Francisco Reyes To: Mike Tancsa Date: Sat, 17 Feb 2007 15:25:56 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-isp@freebsd.org Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Feb 2007 20:26:01 -0000 Mike Tancsa writes: > We found changing the threading lib helped a lot with stability. (ie > clamd would be locking up throughout the day under load without the > change). Its been stable for over a month this way on our boxes (well > over 100K emails daily) Great. That sound promissing. Is this with i386 or amd64? > Compile as normal and add the following to libmap.conf Thanks for the example. Will give it a try. > However, in the last day we have seen the daemon exiting with a sig6 > using the default clamav-devel port. So it has been dying alltogether? We use "monit" to make sure it is running so hopefully an ocassional crash will not be a problem. > --enable-experimental > from the ports Makefile seems to have helped that issue as well. Which version are you currently running? I had tried the very latest experimental port (as of 2/13) and had to revert back to a package I had saved from mid 2006. From owner-freebsd-isp@FreeBSD.ORG Sat Feb 17 22:01:12 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D3AA716A401 for ; Sat, 17 Feb 2007 22:01:12 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1.sentex.ca [64.7.153.18]) by mx1.freebsd.org (Postfix) with ESMTP id 9B92213C46B for ; Sat, 17 Feb 2007 22:01:12 +0000 (UTC) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.13.6/8.13.6) with ESMTP id l1HM1Cj9018780; Sat, 17 Feb 2007 17:01:12 -0500 (EST) (envelope-from mike@sentex.net) Received: from mdt-xp.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.6/8.13.3) with ESMTP id l1HM1BnR009915 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 17 Feb 2007 17:01:11 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <200702172201.l1HM1BnR009915@lava.sentex.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sat, 17 Feb 2007 16:59:16 -0500 To: Francisco Reyes From: Mike Tancsa In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: freebsd-isp@freebsd.org Subject: Re: Clamav replacement for FreeBSD+postfix? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Feb 2007 22:01:12 -0000 At 03:25 PM 2/17/2007, Francisco Reyes wrote: >Mike Tancsa writes: > >>We found changing the threading lib helped a lot with stability. (ie >>clamd would be locking up throughout the day under load without the >>change). Its been stable for over a month this way on our boxes (well >>over 100K emails daily) > >Great. That sound promissing. >Is this with i386 or amd64? i386. clamav, spamassassin/mimedefang are all slower on amd64 >>However, in the last day we have seen the daemon exiting with a sig6 >>using the default clamav-devel port. > >So it has been dying alltogether? I think 2 separate things were going on. First, the daemon would hang without switching to the alternate threading lib. e.g. if you connect to port 3310 and issue a PING, it would just stall and never return a PONG. The other issue only cropped up a few days ago with certain crafted messages (we are speculating here) causing the daemon to exit on sig 6. >Which version are you currently running? >I had tried the very latest experimental port (as of 2/13) and had >to revert back to a package I had saved from mid 2006. We were using the dev version and prev release version out of the ports and have now switched to .90. The problem of the daemon getting stuck was still there with the default threading lib with .90. Changing to libthr makes it work just fine. ---Mike