From owner-freebsd-current@freebsd.org  Mon Jan  8 00:51:54 2018
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1B7FE6AAFD
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Mon,  8 Jan 2018 00:51:54 +0000 (UTC)
 (envelope-from bsd-lists@BSDforge.com)
Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com
 [24.113.41.81])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A38D0812DC
 for <freebsd-current@freebsd.org>; Mon,  8 Jan 2018 00:51:54 +0000 (UTC)
 (envelope-from bsd-lists@BSDforge.com)
Received: from udns.ultimatedns.net (localhost [127.0.0.1])
 by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id w080pvA2066104;
 Sun, 7 Jan 2018 16:52:03 -0800 (PST)
 (envelope-from bsd-lists@BSDforge.com)
X-Mailer: UDNSMS
MIME-Version: 1.0
Cc: "FreeBSD Current" <freebsd-current@freebsd.org>
In-Reply-To: <op.zcg2z4dhkndu52@joepie>
From: "Chris H" <bsd-lists@BSDforge.com>
Reply-To: bsd-lists@BSDforge.com
To: "Ronald Klop" <ronald-lists@klop.ws>
Subject: Re: status-mail-rejects: appears to be broken
Date: Sun, 07 Jan 2018 16:52:03 -0800
Message-Id: <b8d27b6eb04049a465e4d862cb8ae892@udns.ultimatedns.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2018 00:51:54 -0000

On Sun, 07 Jan 2018 14:13:01 +0100 "Ronald Klop" <ronald-lists@klop=2Ews> sai=
d

> On Sun, 17 Dec 2017 20:50:23 +0100, Chris H <bsd-lists@bsdforge=2Ecom> wrot=
e:
>=20
> > I'm running on r326056, and periodic(8) doesn't seem to be working
> > as expected;
> > mail rejects:
> >
> > Checking for rejected mail hosts:
> > usage: fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=3Dhost]
> >        [--ca-cert=3Dfile] [--ca-path=3Ddir] [--cert=3Dfile] [--crl=3Dfi=
le]
> >        [-i file] [--key=3Dfile] [-N file] [--no-passive] [--no-proxy=3D=
list]
> >        [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] =20
> > [--no-verify-peer]
> >        [-o file] [--referer=3DURL] [-S bytes] [-T seconds]
> >        [--user-agent=3Dagent-string] [-w seconds] URL =2E=2E=2E
> >        fetch [-146AadFlMmnPpqRrsUv] [-B bytes] [--bind-address=3Dhost]
> >        [--ca-cert=3Dfile] [--ca-path=3Ddir] [--cert=3Dfile] [--crl=3Dfi=
le]
> >        [-i file] [--key=3Dfile] [-N file] [--no-passive] [--no-proxy=3D=
list]
> >        [--no-sslv3] [--no-tlsv1] [--no-verify-hostname] =20
> > [--no-verify-peer]
> >        [-o file] [--referer=3DURL] [-S bytes] [-T seconds]
> >        [--user-agent=3Dagent-string] [-w seconds] -h host -f file [-c d=
ir]
> >
> > Also, 520=2Epfdenied doesn't produce any output=2E In fact, it doesn't appe=
ar
> > to be run at all=2E
> >
> > Any thoughts, or advice on how to best proceed?
> >
> > Thanks!
> >
> > --Chris
>=20
> This looks the same as what I experienced=2E It will be fixed by upgrading =
=20
> until at least this commit:
>=20
> http://www=2Esecnetix=2Ede/olli/FreeBSD/svnews/index=2Epy?r=3D326343
It appears that you indicate anything past, or including r326343 resolves t=
his
I'll look into it=2E
But FWIW I was able to get etc/periodic/security/520=2Epfdenied output workin=
g
with the following diff(1):
--- /etc/periodic/security/520=2Epfdenied=2Eorig=092017-11-21 06:57:04=2E00000000=
0 -0800
+++ /etc/periodic/security/520=2Epfdenied=092017-03-29 16:22:50=2E000000000 -07=
00
@@ -24,7 +24,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE=2E
 #
-# $FreeBSD: head/etc/periodic/security/520=2Epfdenied 306696 2016-10-04 23:1=
2:35Z lidl $
+# $FreeBSD: head/etc/periodic/security/520=2Epfdenied 290405 2015-11-05 17:3=
7:14Z lidl $
 #
=20
 # If there is a global system configuration file, suck it in=2E
@@ -44,13 +44,8 @@
 if check_yesno_period security_status_pfdenied_enable
 then
 =09TMP=3D`mktemp -t security`
-=09for _a in "" $(pfctl -a "blacklistd" -sA 2>/dev/null)
-=09do
-=09=09pfctl -a ${_a} -sr -v -z 2>/dev/null | \
-=09=09nawk '{if (/^block/) {buf=3D$0; getline; gsub(" +"," ",$0); if ($5 >=
 0) print buf$0;} }' >> ${TMP}
-=09done
-=09if [ -s ${TMP} ]; then
-=09=09check_diff new_only pf ${TMP} "${host} pf denied packets:"
+=09if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=3D$0; getline; =
gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then
+=09  check_diff new_only pf ${TMP} "${host} pf denied packets:"
 =09fi
 =09rc=3D$?
 =09rm -f ${TMP}

Thanks for taking the time to reply, Ronald!
>=20
> Ronald=2E
>=20
>=20
--Chris