[00:05] lucky: i'll be ordering a new server in beginning of June, putting it together, and popping it online; i will have slots open up before then, most likely, and preorder@arpnetworks.com is your friend [01:29] *** schmir has joined #arpnetworks [01:53] *** dxtr_ has quit IRC (Read error: Operation timed out) [01:53] *** nakano_` has quit IRC (Read error: Operation timed out) [01:53] *** nuke- has quit IRC (Read error: Operation timed out) [01:53] *** Jestre_ has quit IRC (Read error: Connection reset by peer) [01:53] *** Jestre has joined #arpnetworks [01:54] *** nakano_ has joined #arpnetworks [01:55] *** j3m has quit IRC (Read error: Operation timed out) [01:58] *** nukeAFK has joined #arpnetworks [02:00] *** dxtr has joined #arpnetworks [02:00] *** dxtr has quit IRC (Changing host) [02:00] *** dxtr has joined #arpnetworks [02:02] *** j3m has joined #arpnetworks [04:01] *** ziyourenxiang has joined #arpnetworks [04:18] [6~ [04:18] Opps [04:21] fail [04:23] :( [04:47] *** Yamazaki-kun has quit IRC (*.net *.split) [04:47] *** leander has quit IRC (*.net *.split) [04:55] *** leander has joined #arpnetworks [04:55] *** Yamazaki-kun has joined #arpnetworks [06:02] *** vtoms has joined #arpnetworks [06:10] *** hsbt has quit IRC (Quit: Tiarra 0.1: SIGTERM received; exit) [06:12] *** hsbt has joined #arpnetworks [06:35] RandalSchwartz: well, we all know perl sucks :p [06:44] thems fightin words [06:46] up_the_irons: aye, I sent an email there about a week ago [06:46] up_the_irons: to which I received a reply this morning :) [07:08] uhh.. I may have just fixed my issue with ccache on amd64. [07:09] blame it on me installing 'minimal' and missing the lib32 libraries :( [08:08] *** schmir has quit IRC (Remote host closed the connection) [08:40] Hmm.. How would one easily manage nsd and/or outbound? If I, for example, want to put them in separate jails [08:45] how do you mean manage? [08:45] s/outbound/unbound/ [08:45] cedwards: Zone files for nsd :) [08:45] I guess there's not that much administration with unbound once you get it up and running [08:46] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang) [08:47] i run bind in a jail at home... [08:48] just point my client(s) to the jail IP, and ezjail-admin console jailname to get in and update things. [08:48] Right [08:48] But I thought it would be cool with some kind of interface for it :) [08:59] nice. with my distcc/ccache setup (all P4 machines), my buildworld is down to about 4min and my buildkernel is under 1min [09:14] Cool [09:15] I'm still amazed that I have less ping to the vps over ipv6 than ipv4 [09:35] routing is fun ;) [10:22] hehe [10:22] bob^^: The thing is I don't even have native ipv6 at home .D [10:22] Got it through sixxs [10:22] (Wich btw I think is awesome) [10:23] yeah, i still haven't bothered with ipv6 at home either [10:24] I can't get ipv6 (tunneled) at home because my router sucks. [10:24] i think it's time to get a new one. [10:24] cedwards: What connection do you have? [10:25] dxtr: DSL at home. leasing the crappy router they had. [10:25] I've got a wrt54gl flashed with Tomato if you wanna buy it :D [10:25] dxtr: my ISP doesn't support ipv6 either, so I'd _have_ to tunnel, but I need a new router first. [10:25] Ofcourse I live in Sweden. If you come get it in person I'll buy you a beer [10:26] You'll the the router for $30, the trip might cost $1000 (+/- some).. But you'll save in $4 by getting a beer for free [10:26] You'll get the* [10:26] Sounds like a decent deal [10:27] That's better than the deal JetBlue was offering! [10:27] Vacation is priceless :D [10:27] mike-burns: Hm? [10:27] or perhaps you deliver it personally and I'll buy you a beer [10:27] cedwards: Unfortunately I don't do home deliveries [10:28] ... But if I did it would probably be the best home deliveries in the world [10:28] dxtr: JetBlue was offering $10 plane tickets the other day. US-only I think, and no router or beer. [10:28] mike-burns: well that sucks [10:29] it sucks that I'm the only Swede here (And one of few europeans.. Or am I wrong?) [10:30] I rarely meet people in my area on IRC. Would be awesome to go to Waynes, drink some coffee and IRC [10:30] \o/ [10:40] i'm in the UK [10:40] but yeah, i think most in this channel are US-based [10:49] I think I need more coffee [10:50] i know plenty of swedes who use irc though - they're all over on quakenet :) [10:52] Yeah, I know loads of swedes both on Quakenet and EFNet :p [10:52] But Sweden is huge [10:52] dxtr: and ircnet. [11:01] Gah. I want a job! [11:30] beh [11:30] *** awyeah_ is now known as awyeah [11:31] hrm wtf is my nickserv password. [11:35] hunter2 is my guess [11:43] heh. [11:44] *** awyeah has quit IRC (Quit: Reconnecting) [11:44] *** awyeah has joined #arpnetworks [11:44] ohh. their DNS resolution isn't working ;) [11:57] ? [11:58] *** schmir has joined #arpnetworks [12:13] *** schmir has quit IRC (Ping timeout: 265 seconds) [12:17] *** Wraithan has left "WeeChat 0.3.3-dev" [12:53] *** leander has quit IRC (Remote host closed the connection) [13:11] Say something fun one can do with a freebsd box and a openbsd box [13:12] Preferrably connecting them together somehow :) [13:24] use either as a network gateway and use pf to route to the second for a set of services in jails? [13:25] Actually the openbsd is a router [13:26] But with a little more capacity than my router needs [13:26] Dual-core atom 330 [13:26] 1GB RAM [13:26] 300GB hdd [13:26] Etc, :P [13:26] torrent seed box? :) [13:27] I've thought the thought so to speak [13:28] But that's not cool enough :P [13:28] create your own private tracker? ..i dunno. [13:28] I've got rtadvd, ntpd, unbound, nsd, dhcpd and an httpd running on it [13:28] *** leander has joined #arpnetworks [13:29] Oh yeah... rtorrent too :D [13:30] i still need to try unbound/nsd. [13:30] They are just plain awesome [13:31] I can honestly say I don't regret throwing out bind :) [13:31] By the way, what I'd like to do with the boxes are somehow distributing the resources (distcc would be awesome for my ports needs!) [13:33] I setup ccache/distcc over the last two days. my builds are fast now. [13:33] Cool :) [13:33] which reminds me I need to submit my port for ccache-3.0pre1. [13:34] Oh yeah, cedwards [13:34] I'm having problems with openvpn. I'm guessing it's a firewall problem. [13:34] Do you have any experience with ip forwarding in freebsd? [13:35] I've not used openvpn before.. another one on my list. [13:35] do you have the net.ipv4.forward (or whatever) set to 1 in sysctl? [13:35] net.inet.ip.forwarding = 1 [13:35] And I've got a NAT rule in pf [13:35] http://www.dxtr.cc/~dexter/pf.conf [13:35] That's my pf rules [13:37] tail the pflog while you try to connect to verify if it is a firewall issue.. [13:39] Right :) [13:39] I'll do that [13:39] or tcpdump and make sure it is actually hitting the interface [13:40] Yeah, I've tcpdumped [13:40] I makes it from tun0 to em0 [13:40] But stops there [13:41] *** coil-desktoppcwi is now known as scort [13:41] And I've pinged another server of mine, tcpdumped there and got nothing [13:41] So the packets definitly gets lost at em0 [13:43] Any ideas? [13:43] I've got gateway_enable="YES" in rc.conf too - but that won't do anything until I reboot [13:43] maybe you need to reboot [13:44] YOu just have to run /etc/rc.d/routing to activate that thing. [13:44] mike-burns: Right [13:46] No luck :/ [14:04] *** dxtr has quit IRC (Read error: Operation timed out) [14:07] btw. pkg_cutleaves > * [14:07] *** schmir has joined #arpnetworks [14:08] useful :D [14:08] not seen pkg_cutleaves before [14:09] It really helps you clean up when you delete packages. [14:15] *** dxtr has joined #arpnetworks [14:15] *** dxtr has quit IRC (Changing host) [14:15] *** dxtr has joined #arpnetworks [14:22] pf syntax is quite readable [14:25] Hmm... STILL no luck [14:25] Rebooted the vps (For several reason) [14:25] What's funny is that I can't even access the ip addresses on em0 (Ping them that is) [14:25] So... what could be the problem? :P [14:26] freebsd? [14:26] Yeah [14:27] can you pastebin your /etc/rc.conf section? [14:28] or if it's really short, just add it here? :) [14:29] What section of it? :) [14:30] the part related to em0 [14:30] you said you're having problems with ping, right? [14:30] or is it a pf problem? [14:30] It's a pf and openvpn problem :P [14:30] ahh [14:31] yeah - I have openvpn and pf too [14:31] So... How'd you do it? :D [14:31] what have you tried? [14:31] What haven't I tried? [14:31] ... vpn_net = "10.77.77.0/24" [14:31] ... nat on $ext_if from $vpn_net to any -> ($ext_if:0) [14:32] ext_if = "em0" [14:32] Yeah, I'm familiar with pf and nat [14:32] that's the essentials [14:32] nat on em0 from 10/8 to any -> dxtr.cc [14:32] what is the meaning of "->" in pf? [14:32] * up_the_irons is a pf noob [14:32] Thats how mine looks [14:32] up_the_irons: It kinda means "read the man page" ;) [14:32] it's just that part of the nat syntax [14:32] it could probably be left out. mostly syntax sugar I think [14:32] * up_the_irons hits dxtr with a large trout [14:33] ok [14:33] might be that you can put more things after "any" [14:33] and it needs to know when you're done :) [14:33] No, but seriously up_the_irons, I think '-> addr' generally means "translate to this address" [14:33] dxtr: ok [14:34] Massivel simplified, etc. [14:34] Massively* [14:34] I've never really given it a thought. It's so obvious to me [14:34] I just cut-n-paste it [14:34] so what's the problem? Does the link come up? [14:35] RandalSchwartz: I can connnect, I can access the vpn server (10.9.8.1)... but that's it [14:35] I can't access anything outside tun0 [14:35] Holy shit I know what it is [14:35] what does your openvpn conf have? [14:35] heh [14:36] always helps to describe it [14:38] *** dxtr has quit IRC (Read error: Connection reset by peer) [14:38] * RandalSchwartz waits for the suspense [14:38] oops - he's gone [14:38] must've worked :) [14:42] Ok. I am total fail at CVS, yet I'm trying to submit a port update. [14:42] I've downloaded the original tarball from cvsweb. [14:43] what I need to do is create a cvs diff of the original and my version. any suggestions? [14:43] (note: I've lightly used svn, but mostly used git, so cvs seems.. strange to me) [14:44] *** dxtr has joined #arpnetworks [14:44] *** dxtr has quit IRC (Changing host) [14:44] *** dxtr has joined #arpnetworks [14:49] *** vtoms has quit IRC (Quit: Leaving.) [14:53] *** heavysixer has quit IRC (Quit: heavysixer) [14:54] *** dxtr has quit IRC (Read error: Operation timed out) [14:54] heh [14:54] if you can't see the other side of the vpn it means your routing and/or forwarding on the other side is fucked up. [14:55] if he ever comes back he needs to post vpn configs as well as the pf config. [15:01] *** vtoms has joined #arpnetworks [15:09] *** vtoms has quit IRC (Quit: Leaving.) [15:12] *** dxtr has joined #arpnetworks [15:12] *** dxtr has quit IRC (Changing host) [15:12] *** dxtr has joined #arpnetworks [15:16] *** schmir has quit IRC (Remote host closed the connection) [15:20] *** dxtr has quit IRC (Quit: I'm outta here) [15:23] *** visinin has joined #arpnetworks [15:24] *** dxtr has joined #arpnetworks [15:24] *** dxtr has quit IRC (Changing host) [15:24] *** dxtr has joined #arpnetworks [15:24] Okay [15:24] Got it working! [15:24] :D [15:34] what was the problem? [15:42] erg! [15:43] pebkac ;) [15:47] I can't get this send-pr to go through because it's coming from username@hostname.domain.tld, and hostname isn't resolvable/valid. [15:52] freakin' sendmail [15:57] thinking of redoing my mail server. Right now I use qmail, dspam, and some rbls. Suggestions on software? (postfix, exim, dovecot, etc...) I'm looking for something well documented, simple, and good on spam :) [15:57] I haven't gone down this road in a long time... [15:57] postfix + dovecot + amavisd-new + postgrey [15:58] I've set that up repeatedly now [15:58] could even help out if you got stuck [15:58] postfix is the state of the art in mail delivery [15:58] all the right knobs, but mostly correct in defaults [15:58] I setup a slick postfix + dovecot + postgresql + webmail + amavis + postgrey + rbl/xbl + strict postfix filtering +... [15:59] yeah - I use zen rbl [15:59] zen.spamhaus.org helps quite a bit, as does postgrey [15:59] nice [15:59] postgrey actually helps a ton. [15:59] yup, until you can't get mail from a multi-outbound host :) [15:59] so the whitelists unfortunately have to be applied to the big ones [16:00] and those are also a big source of spam [16:00] postgrey doesn't implement mapping, sadly [16:00] just whitelist [16:00] ok. I don't know how I'm supposed to submit this freebsd PR if I can't get stinking mail to work right :( [16:00] I've seen others that say "if you see it from any of 3.4/16, that's the same as any other 3.4/16" [16:01] is the PR about mail? :) [16:01] if so, ho ho the irony [16:01] RandalSchwartz: ha ha. it's a port update, but as I said it's showing it's coming from my unresolvable internal hostname so freebsd.org rejects it. [16:02] ssh machine.that.is.properlyconfigured.net sendmail -t I use OpenBSD spamd for greylisting, and whitelist with dnswl.org [16:02] I've done that before [16:02] i forget, in sendmail, how to make it strip the hostname and just come from user@domain [16:02] in fact, for a while, I had a local sendmail script that just ssh'ed every message like that :) [16:03] simpler than setting up local sendmail [16:03] i've got SMARTHOST setup to relay through my mail server, but it's still not working. [16:04] ..and I don't feel like installing postfix for this one-off. [16:06] I tell ya. ssh it over :) [16:08] *** heavysixer has joined #arpnetworks [16:08] *** ChanServ sets mode: +o heavysixer [16:10] RandalSchwartz: do you have any build log of your "postfix + dovecot + amavisd-new + postgrey" setup? [16:10] no - I most spent time getting everything just right on the old machine [16:10] and then carefully copied it to the new machine [16:10] I'd be happy to go over all the moving parts though [16:11] also involved in moving from old to new was moving insightcruises.com one way, and the other domains the other [16:11] so that also made it tricky [16:11] yeah [16:11] i may play around with it some tonight [16:11] I also got rid of a pre-queue amavis-d filter, and replaced it with a postgrey and a post-queue amavis-d [16:11] that was the new advice [16:11] from the docs [16:12] ah [16:13] up_the_irons: i have pretty detailed docs on my setup, if you want [16:13] up_the_irons: i designed it for work, so it's really scalable and managable. [16:13] the tricky part for me was getting the dovecot set up just right to use my password file even after being chrooted [16:13] up_the_irons: I can give you a postfix+dovecot config [16:14] RandalSchwartz: funny, I just switched to pre-queue SA [16:14] * jdoe would rather reject than accept and drop [16:14] yeah - that generates more blowback thoguh [16:14] too many bystandards [16:14] bystanders [16:15] nah [16:15] if it's crap, just absorb it [16:15] you're rejecting while the session is still open [16:15] no innocent bystanders [16:15] yes, but it often gets relayed before that [16:15] cedwards: sure, if you don't mind, send it over :) gdolley@arpnetworks.com [16:15] so the upstream has no option but to blow it to me [16:15] as soon as I get this stupid PR submitted.. [16:16] jdoe: sure, i'll take your config too :) [16:24] RandalSchwartz: here's my take on it... assume the mail is 100% spam: if it comes directly to me from the spammer, I reject it during the session. No collateral damage, reject goes right to them. If they proxied through a legit mail server, that mail server should get the rejects, otherwise they might never know they had a problem. [16:24] RandalSchwartz: on the other hand, if it's a legit email that's flagged incorrectly, I *want* the sender to get a bounce, otherwise they might never know what happened to it, and that's annoying. [16:24] .... also, note that at no point does the email ever make it to someone not directly involved in it coming to me. [16:24] which all seems reasonable, I think. [16:25] http://www.youtube.com/watch?v=UO2zrCExdrU [16:25] although I guess it sounded more pompous than I'd intended it to ;) [16:25] Hmm [16:25] jdoe - that's not how it happens [16:26] evil guy -> middlehost -> me [16:26] who is middlehost? [16:26] RandalSchwartz: Probably some firewall rules .) [16:26] an egress mailer, for example [16:26] for a large corp [16:26] alright, so where's the problem? large corp sends you an email, you reject it. [16:26] what they do with the bounce is their problem. [16:27] right, and egressmailer then bounces it to... "From:" [16:27] and the "From:" guy gets a blowback [16:27] I don't want to blowback [16:27] that's a problem with egressmailer though, not you. [16:27] Yeah - but it's still Very Real [16:27] I know, I get a lot of blowback like that [16:27] keep in mind, I've been merlyn@stonehenge.com for almost two decades [16:28] no doubt, but... still. You're (hypothetically) bouncing something correctly. Someone else is dropping the ball. [16:28] so I'm in almost every list of "use these million names for fake from" [16:28] they should fix that, it's no reason for you to cripple your setup. [16:28] I'd rather just swallow the virus [16:28] to each their own, I guess :) [16:28] ok - then the equivalent is me doing post-queue [16:28] it's exactly the same setup [16:29] me doing post queue is exactly the same as mail coming through an egress mailer [16:29] both can lead to blow back unless they are set to DISCARD [16:29] there's no way around blowback [16:29] er... that's true, but it's a misleading statement [16:29] both can lead to blowback, but only one is actually your fault. [16:29] fault isn't to be assigned here [16:29] it's part of a larger system [16:30] if you return spam, you risk blowback [16:30] no matter at what level [16:30] well it sort of is, otherwise reductio ad absurdum, I won't deliver to internet hosts because it might lead to blowback [16:30] and as a victim of a lot of blowback, I won't be creating more of that [16:30] fair enough. [16:37] *** fink has joined #arpnetworks [16:46] Hmm [16:47] How would I do in openbsd to route certain IPs (eg 192.168.0.17/28) through a certain interface [16:47] And route the rest through another? [17:06] I know the Linux way. Not sure how similar it is.. [17:07] route add, I think [17:07] as in, it's part of the routing table [17:07] route add 10/8 tun0 [17:14] I think how well that works varies by OS. I know Solaris is a dick about routing subnets [17:20] don't get me started on Slowlaris. I've got a guy at work who swears it was coded by the almighty himself. [17:20] sudo route add -host 192.168.2.4 10.9.8.13 [17:20] That didn't work [17:20] And tun0 instead of 10.9.8.13 didn't work [17:23] My problem is: I want to route some LAN clients through my openvpn interface [17:23] maybe you want to rdr them? [17:24] no - that decides based on outgoing [17:24] you want nat, which rewrites it [17:24] wait. what are you trying to do? [17:25] if you want it to work, you'll need to nat them [17:25] since the packet has to know where to return [17:25] so the outbound IP better be your external IF [17:25] this all gets so much simpler with v6 [17:26] no more nat. thank gawd. [17:26] :d [17:26] So this isn't possible with ipv4? [17:26] it is [17:26] but you have to NAT [17:26] Just nat it to tun0? [17:26] Sounds reasonable [17:26] well - I'm still not getting the topolgy [17:27] can you draw it with "graphviz" for me? :) [17:29] Sure. [17:29] Hold on a minute :) [17:30] *** RandalSchwartz has quit IRC (Remote host closed the connection) [17:31] *** RandalSchwartz has joined #arpnetworks [17:49] RandalSchwartz: [17:49] http://www.dxtr.cc/~dexter/pub/topology.png [17:49] That's kinda what I want to achieve [17:53] I have no idea what net numbers you want there, or why openvpn is in th emix [17:53] or why uroboros has two ways to the internet [17:53] or whether openvpn is running *on* uroboros, in which case, not sure how dir655 gets to it without talking to uroboros [17:54] so I'd say, diagram, mostly fail :( [17:54] anyway, gotta drive. see ya later [17:54] haha, I couldn't come up with a good way to illustrate that I wanted just dir655 to go from uroboros through openvpn [17:54] Alright :) [17:56] layers, man... colored layers [17:56] /me goes [18:01] Yeah, right [18:02] that graph is a nightmare ;) [18:02] I think what you're trying to say [18:02] is that you have a lan on 192.168.2.0/24, of which uroboros is the gateway [18:02] and uroboros and bowser are linked by openvpn on 192.168.3.0/24? [18:03] ... except inexplicably you have a second 192.168.3.0 behind dir655? [18:13] *** visinin has quit IRC (Quit: word) [18:14] jdoe: oh, you saw the second test graph I did :p [18:14] But yeah, I wanna route 192.168.3.0/24 over openvpn [18:15] I can't give any useful suggestions because your graph is crazy-confusing ;) [18:16] Haha, yeah :D [18:17] I've never done any real graphs before.. And I generally suck at making explanatory stuff (Is it called explanatory?) [18:18] But in short: Uroboros is my router, bowser is my vps [18:18] 192.168.3.0/24 is my wlan [18:18] And I want to route 192.168.3.0/24 through tun0 in uroboros (openvpn) [18:19] so what's 192.168.2? [18:20] Those are my own stuff connected with a wire [18:21] And there are no specific reasons for doing this - It's just educational ) [18:21] :) [18:22] there are some reasons not to though, I think having different subnets will fuck up broadcast traffic, for example. [18:22] uh... sec, maybe my openvpn config can be of some assistance... [18:23] In this situation I don't care that much for broadcast traffic between 192.168.2 and 192.168.3 [18:26] http://pastebin.com/Cq0j8Wbp [18:26] if you want it, copy it now because it expires in a day. [18:27] I only have a single subnet at home, but what that does is [18:27] openvpn server on 11.22.33.44 [18:27] openvpn client running on my home gateway. [18:27] gateway's ip is 10.200.0.1 (and as far as the tunnel is concerned, also 10.100.100.2) [18:28] yeah [18:28] when it's running, server is accessible from the lan as 10.100.100.1 and the entire lan is accessible from the server by their real ips. [18:28] (10.200.0.whatever) [18:28] jdoe: any particular reason why you have openvpn in /etc rather than /usr/local/etc? [18:29] fink: because it's linux and that's where it goes on linux [18:29] adjust paths for your os as necessary :) [18:29] oh, sorry i thought you were bsd [18:29] my vps is [18:29] vpn endpoint is another machine, it and the gateway are debian. [18:30] do you find that confusing , switching between setups/ [18:31] no [18:32] I admin linux, solaris, bsd and windows machines on a daily basis. [18:32] you get used to it, I guess. And you make a habit of using things that are the same between oses [18:32] ... like pkill and friends. <3 [18:35] well, and it helps that I'm pretty new with Solaris, stops me from wading in over my head ;) [18:46] hehe [18:49] *** heavysixer has quit IRC (Quit: heavysixer) [18:53] Well, I'm going to bed now [18:56] *** bill``` has joined #arpnetworks [18:56] hi, what should i do if the vnc details provided in my control panel do not actually work? [18:56] tried with three different clients [18:57] bill```: error? [18:58] nothing, the remote just hangs up [18:58] none of the three clients provided an error [18:58] i can telnet to the host/port in question and am able to successfully establish a connection, but no dice when using an actual vnc client [18:59] bill```: what is your VNC host and port [18:59] 1 sec [19:00] up_the_irons: kvr08.arpnetworks.com on port 6029 [19:00] i had asked in a support ticket about this a few days ago, but no reply [19:01] bill```: http://support.arpnetworks.com/faqs/vps/out-of-band-management [19:01] bill```: note the "only one connection" part [19:01] appears you have another connection open somewhere. given you've used three clients, this seems fitting :) [19:01] yes, i had read about that before, but i had never initiated a vps connection the first time and it still failed [19:02] so any infected host on the internet port scanning machines could in theory lock me out from using vnc on my own server? [19:02] :-| [19:02] bill```: right now it is hanging, which usually means it needs to drop whatever it is holding onto. I think I remember your support email, and I replied saying I connected fine :) [19:03] bill```: no, the connection must actually be established. if they don't know your password, it cannot be established [19:03] gotcha [19:03] since it's been days, and you were the first person to successfully connect, shouldn't it have timed out by now? [19:06] *** bill``` has quit IRC (Quit: leaving) [19:06] and he ran... [19:08] *** fink has quit IRC (Ping timeout: 258 seconds) [19:09] bill```: I think there is a bug in the timeout. If the connection is not properly shutdown (you kill your VNC client instead of telling it to end the session), it may hang [19:16] *** fink has joined #arpnetworks [20:17] *** ballen has quit IRC (Ping timeout: 240 seconds) [20:36] *** fink has quit IRC (Quit: fink) [20:45] *** Guest40267 has quit IRC (Quit: Leaving) [21:18] *** infrared has quit IRC (Ping timeout: 246 seconds) [23:47] DaCa: so behind your OpenBSD spamd, what are you running as the MTA?