Centroid.EU Blog

(this blog is mostly encrypted - adults only)

Upgrading postfix on OpenBSD 4.8

March 8th, 2011

A plaintext injection attack has become known to exist in old versions of postfix. OpenBSD's postfix in the ports was outdated at version 2.7.1. What I did was I downloaded version 2.7.3 and stuck that into the /usr/ports/distfiles/postfix/ directory. Then I went to work in /usr/ports/mail/postfix/stable editing the Makefile first to say 2.7.3 and not 2.7.1, then I built the new postfix with:

 NO_CHECKSUM=Yes FLAVOR=SASL2 make
 NO_CHECKSUM=Yes FLAVOR=SASL2 make package

So then I had the package. I stopped postfix on uranus and deleted it with a cd /var/db/pkg && pkg_delete postfix-2.7.1-sasl2, then I installed the package with pkg_add postfix-2.7.3-sasl2.tgz and started postfix with /usr/local/sbin/postfix start. It worked and so far no complaints.

It's nice that the port allowed me to do this, had there been many patches that conflict I wouldn't have been able to do this through the ports system. Thanks to arno for coaxing me to do it instead of lazily waiting for a new port.

Eine Luecke in postfix ist beseitigt worden. OpenBSD's postfix von den ports war zu alt bei der version 2.7.1. Was ich getan habe war das ich version 2.7.3 heruntergeladen habe und es in /usr/ports/distfiles/postfix/ gesteckt habe. Dann habe ich angefangen den port Makefile zu editieren in /usr/ports/mail/postfix/stable und es sagte jetzt 2.7.3 und nicht 2.7.1. Dann habe ich denn port gebaut, so:

NO_CHECKSUM=Yes FLAVOR=SASL2 make
NO_CHECKSUM=Yes FLAVOR=SASL2 make package

Dann hatte ich das packet. Ich stoppte postfix auf Uranus und habe es geloescht mit cd /var/db/pkg && pkg_delete postfix-2.7.1-sasl2. Dann habe ich das neue packet eingespielt mit pkg_add postfix-2.7.3-sasl2.tgz und habe postfix gestartet mit /usr/local/sbin/postfix start. Es gelung mir und bis jetzt keine beschwerden.

Es ist schoen das der port das erlaubt hat.

0 comments

A compilation of the great Carl Sagan

March 4th, 2011

I found this video on youtube. It's snippets from Carl Sagan a cosmologer and legend. It's worth being linked from this blog. Originally at youtube.

0 comments

Playing with Constellations

February 27th, 2011

0 comments

Random Hackepedia

February 18th, 2011

The RH for this week is is shared memory.

0 comments

traceroute6 clock.centroid.eu

February 18th, 2011

When I'm awake and my computer is on you can traceroute6 clock.centroid.eu and it'll give you the time of day in GMT. Like so:

13  cl-154.muc-02.de.sixxs.net (2001:a60:f000:99::2)  122.742 ms  121.5[36/1981$
3.863 ms
14  cordelia.centroid.eu (2001:a60:f074:4::2)  127.305 ms  128.850 ms  130.404 m
s
15  xxx.hello.xxx.centroid.eu (2001:a60:f074:ff::1)  123.780 ms  123.610 ms  123
.301 ms
16  xxx.why.xxx.centroid.eu (2001:a60:f074:ff::2)  124.455 ms  126.730 ms  124.9
04 ms
17  xxx.are.xxx.centroid.eu (2001:a60:f074:ff::3)  131.776 ms  128.739 ms  134.4
05 ms
18  xxx.you.xxx.centroid.eu (2001:a60:f074:ff::4)  125.209 ms  133.453 ms  128.6
66 ms
19  xxx.tracerouting6.xxx.centroid.eu (2001:a60:f074:ff::5)  137.000 ms  133.315
 ms  143.594 ms
20  the-time-is-15-41-02-in-gmt.clock.centroid.eu (2001:a60:f074:fe::dc8e)  138.
899 ms  141.519 ms  145.045 ms
21  dione.centroid.eu (2001:a60:f074::30)  123.835 ms  125.093 ms  123.141 ms

The code for this was actually pretty simple, it only required to put in 86400 reverse dns entries into my name server which bloated it by about 60 megabytes, but it's worth it I think. It does not work for traceroutes that work with ICMP nor for traceroutes that require forward and reverse to match.

0 comments

Reading code

February 12th, 2011

Tonight I found myself reading code. The resolver code in OpenBSD to be exact. I do this when I'm looking for something... and by golly I think I've found it...

  if (++loops < 42) /*doug adams*/
                                                 break;

res_send.c lines 799-820/853 byte 21458/22096 97%  (press RETURN)

Heute abend habe ich Code gelesen. Die resolver library in OpenBSD um es genauer auszudruecken. Wenn ich sowas tue, suche ich was... und ich glaube ich habe es gefunden...man muss "per anhalter durch die galaxies" gelesen haben.

0 comments

Random Hackepedia

February 11th, 2011

The RH for this week is Ddos.

0 comments

Changed mailserver

February 6th, 2011

I've switched the MX records for all my domains to uranus.centroid.eu. That's my newly upgraded DSL. The old mail server proteus has almost fulfilled its mission and after four years I'm finally giving it retirement. Proteus will be switched off completely on March 13th and I've already gone through it and deleted enough signs of its use last night. Uranus and goldflipper.net will be my mainstay for the next two years and who knows what will come along by then.

Ich habe die MX records fuer alle meine Domains zu uranus.centroid.eu gesetzt. Das ist mein ueberholtes DSL. Der alte Mail Server proteus hat fast sein mandat vollbracht und wird nach vier Jahren rechenzeit abgeschaltet und in Rente gesetzt. Proteus wird genauergesagt am 13. Maerz abgeschaltet und ich habe schon etwas auf dem Server geloescht gestern abend. Uranus und goldflipper.net werden meine Haupt-Server sein fuer die naechsten zwei Jahre und wer weiss was dann kommt.

0 comments

Blog starts to forget

February 6th, 2011

As indicated a few weeks ago, this blog will start to forget in a FIFO manner.

Wie versprochen vor ein paar Wochen wird dieser Blog anfangen zu vergessen in einer FIFO weise.

www.ipv6.solarscale.de March 7th, 2009
OpenBSD Donation March 1st, 2009
My SSH Tunnel February 25th, 2009
Why I chose static February 25th, 2009
Traceroute February 24th, 2009
The end of flavair.com February 17th, 2009
IPv6.solarscale.de February 12th, 2009
Back on the IPv6 Net!  Mo 2. Feb 14:25:20 CET 2009
A thought on the Economic Crisis Sun Feb 1 18:01:16 CET 2009
A New Beginning Fri Jan 16 19:34:10 CET 2009

0 comments