| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | schmir has joined #arpnetworks | [01:16] |
| schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks LT has joined #arpnetworks | [01:22] | |
| ................. (idle for 1h21mn) | ||
| schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks | [02:47] | |
| .......... (idle for 47mn) | ||
| nuke` has quit IRC (Ping timeout: 240 seconds) | [03:34] | |
| Zahran has joined #arpnetworks
nuke` has joined #arpnetworks | [03:48] | |
| ziyourenxiang has joined #arpnetworks | [04:03] | |
| ............ (idle for 55mn) | ||
| hiro_dSn_ has joined #arpnetworks
hiro_dSn has quit IRC (Ping timeout: 248 seconds) | [04:58] | |
| ............................ (idle for 2h17mn) | ||
| Ehtyar has joined #arpnetworks | [07:18] | |
| nerdd has joined #arpnetworks
Zahran has quit IRC () nerdd_ has quit IRC (Ping timeout: 276 seconds) __Ehtyar has quit IRC (Remote host closed the connection) | [07:30] | |
| .... (idle for 15mn) | ||
| nerdd_ has joined #arpnetworks
nerdd has quit IRC (Ping timeout: 252 seconds) cmeiklejohn has quit IRC (Quit: leaving) nerdd has joined #arpnetworks nerdd_ has quit IRC (Ping timeout: 264 seconds) nerdd has quit IRC (Ping timeout: 252 seconds) nerdd has joined #arpnetworks | [07:51] | |
| ..... (idle for 21mn) | ||
| nerdd_ has joined #arpnetworks
nerdd has quit IRC (Ping timeout: 260 seconds) LT has quit IRC (Quit: Leaving) | [08:24] | |
| ........ (idle for 35mn) | ||
| ziyourenxiang has quit IRC (Quit: ziyourenxiang)
schmir has quit IRC (Remote host closed the connection) epid_ has left | [09:03] | |
| lll_ has quit IRC (Quit: leaving)
lll_ has joined #arpnetworks lll_ has quit IRC (Client Quit) lll_ has joined #arpnetworks lll_ has quit IRC (Client Quit) lll_ has joined #arpnetworks lll_ has quit IRC (Client Quit) Lucas__ has joined #arpnetworks Lucas__ has quit IRC (Client Quit) lcw has joined #arpnetworks lcw has quit IRC (Client Quit) LucasWilcox has joined #arpnetworks LucasWilcox has quit IRC (Client Quit) LucasWilcox has joined #arpnetworks LucasWilcox has quit IRC (Client Quit) LucasWilcox has joined #arpnetworks | [09:13] | |
| .... (idle for 18mn) | ||
| cedwards | I'm really getting the urge to move away from BIND. | [09:42] |
| jdoe | why?
re: jail, presumably rsync should be enough? | [09:52] |
| ................... (idle for 1h32mn) | ||
| awyeah | from bind to what? | [11:24] |
| up_the_irons | cedwards: nsd is your best bet | [11:25] |
| .................. (idle for 1h26mn) | ||
| *** | schmir has joined #arpnetworks
schmir has quit IRC (Ping timeout: 265 seconds) | [12:51] |
| ............... (idle for 1h11mn) | ||
| schmir has joined #arpnetworks | [14:06] | |
| schmir has quit IRC (Ping timeout: 265 seconds) | [14:15] | |
| AndrewBC has quit IRC (Quit: Bye!) | [14:24] | |
| AndrewBC has joined #arpnetworks | [14:37] | |
| .... (idle for 16mn) | ||
| visinin has joined #arpnetworks | [14:53] | |
| heavysixer has quit IRC (Quit: BAMPF!) | [15:05] | |
| .......... (idle for 49mn) | ||
| visinin has quit IRC (Quit: leaving) | [15:54] | |
| ............. (idle for 1h1mn) | ||
| cedwards | up_the_irons: does nsd handle zone files the same way BIND does? | [16:55] |
| bob^^ | i've had powerdns recommended | [16:55] |
| up_the_irons | cedwards: yes, same format (it's an RFC somewhere) | [16:55] |
| cedwards | I learned on BIND, so it makes sense to me, but I had a discussion with a tiny fan the other day and he pointed out some things I never considered.. | [16:56] |
| bob^^ | (particular for our recursives)
same with me cedwards - i think most people who learn dns properly start on bind | [16:56] |
| cedwards | for one, maintaining forward and reverse in seperate files. doesn't make sense when the information is technically already in one file | [16:56] |
| bob^^ | my biggest issue with bind is the stupid /24 stuff for reversing
i know you can do it differently but it's a pain in the ass we got a new /16 last year, i generated individual /24 reverse files for it :/ plus i prefer seperate forward/reverse files you may want different data in each | [16:57] |
| cedwards | forward and reverse should usually match, but I suppose there are exceptions. | [16:58] |
| bob^^ | indeed
they don't *have* to match | [16:59] |
| up_the_irons | cedwards: i just can't stand making certain records in tinydns. try srv records. you need a generator
or txt records, or spf basically anything here: http://www.anders.com/projects/sysadmin/djbdnsRecordBuilder it's f'in ridiculous | [16:59] |
| cedwards | that's.. strange. | [17:00] |
| bob^^ | ugh, djb
bob^^ isn't a fan | [17:01] |
| up_the_irons | cedwards: here's an actual SRV record for an example domain:
:_sip._tcp.example.com:33:000012000144023304003pbx007example003com000:86400 that's what you actually put in your zone file for tinydns THAT'S F'IN RIDICULOUS | [17:01] |
| bob^^ | messed up :/ | [17:01] |
| up_the_irons | therefore, no tinydns for me | [17:02] |
| bob^^ | at the moment i still use bind purely because i'm familiar with it and i know it's stable
for some reason i trust it plus of course, having read DNS and BIND cover to cover several times, it just fits ;/ | [17:02] |
| up_the_irons | yeah i read the 2nd edition cover to cover | [17:03] |
| bob^^ | 4th here :)
just got 5th in work, doesn't seem to be much different - just more on DNSSec, as you'd expect i guess excellent book though | [17:03] |
| cedwards | As I understand it, nsd/unbound is to bind as postfix is to sendmail? | [17:04] |
| up_the_irons | cedwards: i've heard that analogy before, yes | [17:04] |
| cedwards | how is spamd working for you? | [17:10] |
| .... (idle for 18mn) | ||
| I've got really good filtering just via postfix at this point, but I do like the idea of tying it into the firewall. | [17:28] | |
| up_the_irons | cedwards: i haven't got to the spamd part yet; postfix and dovecot are done and golden. I also made a lot of postfix tweaks wrt spam and so far, it has worked out well on 2 test accounts that get nothing but spam
after i migrate some real users, then i want to play with spamd | [17:32] |
| cedwards | some say my smtpd_*_restrictions are too tight, but I've not had problems and I get zero spam. | [17:34] |
| up_the_irons | cedwards: nice
care to share? | [17:34] |
| cedwards | I implemented it at work and I've actually had users jokingly complain about the lack of spam. | [17:34] |
| up_the_irons | LOL | [17:34] |
| cedwards | http://pastebin.com/sCkXCYN7
I like filtering at every step of the SMTP handshake/communication. I filter a bunch just at HELO also use postgrey, zen.spamhaus.org and spf policy. | [17:35] |
| up_the_irons | cedwards: nice, this looks similar to mine, but i don't have postgrey or spf policy stuff going yet | [17:37] |
| cedwards | i _highly_ recommend postgrey | [17:37] |
| up_the_irons | cedwards: with spamd, postgrey-like functionality is already provided | [17:38] |
| cedwards | I was just reading about spamd and that's what it sounded like.. | [17:39] |
| up_the_irons | yeah | [17:39] |
| cedwards | up_the_irons: how difficult is it to mount a different image on one of my hosts?
up_the_irons: I'm interested in trying something else on my second box. | [17:42] |
| up_the_irons | cedwards: define "mount a different image" | [17:42] |
| cedwards | up_the_irons: mount/attach a different .iso to the drive so I could reinstall something different over VNC. | [17:44] |
| up_the_irons | cedwards: if it is within the same "class" (Linux vs. FreeBSD vs. OpenBSD), it is easy. If you want to switch class, then I need to also change VM parameters. | [17:45] |
| cedwards | I was just thinking of switching one of my boxes from FreeBSD to a Linux distro (yet undecided). | [17:47] |
| up_the_irons | roger | [17:48] |
| Nat_UB | cedwards: Resist the urge, fight the temptations :) | [17:52] |
| cedwards | Nat_UB: I know I should. Sometimes I just get restless. | [17:52] |
| Nat_UB | Hehehehehe....enjoy | [17:54] |
| *** | ziyourenxiang has joined #arpnetworks | [18:05] |
| cedwards | hmm. trying to install spamd in a jail. how do I allow the additional mount in fstab? | [18:06] |
| *** | LucasWilcox has quit IRC (Ping timeout: 248 seconds)
LucasWilcox has joined #arpnetworks | [18:14] |
| cedwards | n/m | [18:23] |
| *** | ziyourenxiang has quit IRC (Ping timeout: 240 seconds)
cedwards has quit IRC (Ping timeout: 240 seconds) ziyourenxiang has joined #arpnetworks | [18:37] |
| jdoe | up_the_irons: don't do it. Just say no to greylisting! | [18:52] |
| up_the_irons | jdoe: heh, why | [18:52] |
| jdoe | delay, dropped mail from smtp farms. | [18:52] |
| up_the_irons | i figure you could white list those | [18:53] |
| jdoe | you can, but you have to know about them first.
and I like my email relatively maintenance free, personally. his smtp*_*_restrictions are too tight too. he'll lose mail if he ever has a dns failure among other things. | [18:53] |
| up_the_irons | mail is always maintenance
the script presented here: http://home.xnet.com/~ansible/openbsd_spamd_conf.html makes a pretty good whitelist based off spf records | [18:54] |
| jdoe | usually not "scouring mail logs looking for rejected mail that shouldn't be" maintenance
using spf is probably fine as long as the other side actually publishes the, them from what I hear gmail requires more maintenance than just that. and facebook is a PITA as are some airlines, I think a couple are listed in that list, I've seen it before. ymmv, but still. I'd rather pass spam in than accidentally lose a legit mail | [18:56] |
| up_the_irons | given i've had to scour quarantined messages for possible false positives, it's all just maintenance in the end
just depends where you're looking | [18:57] |
| jdoe | I don't. I think I sent you my config, I reject on spamhaus/spamcop or on an obscene spamd score at session time.
everything else gets passed through (but tagged in headers) regardless of score. Users can sort as they please. the greylisting thing is just personal preference. My only two legit beefs with his config are rfc-ignorant and the dns tests. | [18:58] |
| up_the_irons | jdoe: oh yeah, you sent me stuff, but i think you forgot to attach the actual config; sorry i didn't have time to reply yet | [18:59] |
| jdoe | ... seriously?
that's embarrassing. haha. | [19:00] |
| up_the_irons | i forget attachments all the time...
;) | [19:00] |
| jdoe | yeah. I had something setup to try to prevent that though, scanning email for things that implied there might be one.
... guess that was on the old system :( | [19:01] |
| up_the_irons | the dns checks (like no reverse dns entry) tend to block a lot of spam though, i kinda like that one | [19:02] |
| jdoe | well, sent again, with the attachment this time :P | [19:04] |
| up_the_irons | tnx! | [19:04] |
| jdoe | I think I actually do use dns checks, just ... not so many. | [19:04] |
| up_the_irons | i c | [19:05] |
| jdoe | you could also try something I did a while ago. Basically I wrote a postfix policy server that I could call from the *_restrictions blocks
it would check against a massive list of rbls and if it found any hits I could then greylist that host. | [19:09] |
| up_the_irons | ah | [19:09] |
| jdoe | it had some p0f integration, but presumably you could do that with pf already if you really wanted.
jdoe is/was a bit of an email nerd. | [19:09] |
| up_the_irons | cool | [19:11] |
| jdoe | if you're using postfix you may want to give http://www.postfix.org/postscreen.8.html a look too. It's... let's call it "volatile" right now, but it looks like it'll be a nice new toy.
although personally what I want is some way to glue rbls and (openbsd's) spamd together. ... I'll shut up about mail now ;) | [19:16] |
| ....................... (idle for 1h52mn) | ||
| *** | heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [21:09] |
| ........ (idle for 38mn) | ||
| ziyourenxiang has quit IRC (Quit: ziyourenxiang) | [21:47] | |
| ................ (idle for 1h18mn) | ||
| homosaur has quit IRC (Quit: pocketful of goat cheese, ready to party)
Elem[e]nt has quit IRC (Read error: No route to host) | [23:05] | |
| .... (idle for 19mn) | ||
| homosaur has joined #arpnetworks | [23:26] | |
| homosaur | what would you guys suggest for lightweight ftp? i only need to use it myself and maybe for users, no public access required | [23:27] |
| *** | homosaur has quit IRC (Quit: pocketful of goat cheese, ready to party) | [23:41] |
| Ehtyar has quit IRC (Remote host closed the connection)
Ehtyar has joined #arpnetworks | [23:54] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |