From d08a68991a61f69d680af86ae52cbe3591c2f691 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 18 Feb 2003 23:14:23 +0000 Subject: [PATCH] Remove mailing list problem report git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@454 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- STABLE/documentation/errata.htm | 832 +++++++++--------- STABLE/documentation/mailing_list.htm | 400 ++++----- .../documentation/mailing_list_problems.htm | 49 -- 3 files changed, 633 insertions(+), 648 deletions(-) delete mode 100644 STABLE/documentation/mailing_list_problems.htm diff --git a/STABLE/documentation/errata.htm b/STABLE/documentation/errata.htm index 604c1a5a4..5853a15cb 100644 --- a/STABLE/documentation/errata.htm +++ b/STABLE/documentation/errata.htm @@ -2,63 +2,66 @@ - + Shorewall 1.3 Errata - + - + - + - + - - - + + - + + - - + +
+
- +

Shorewall Errata/Upgrade Issues

-
- +

IMPORTANT

- +
    -
  1. - +
  2. + +

    If you use a Windows system to download - a corrected script, be sure to run the script through - + dos2unix after you have moved - it to your Linux system.

    -
    3. -
  3. - + it to your Linux system.

    +
    4. +
  4. + +

    If you are installing Shorewall for the first time and plan to use the .tgz and install.sh script, you can untar the archive, replace the 'firewall' script in the untarred directory - with the one you downloaded below, and then run install.sh.

    -
    5. -
  5. - + with the one you downloaded below, and then run install.sh.

    +
    6. +
  6. + +

    If you are running a Shorewall version earlier - than 1.3.11, when the instructions say to install a corrected firewall - script in /etc/shorewall/firewall, /usr/lib/shorewall/firewall - or /var/lib/shorewall/firewall, use the 'cp' (or 'scp') utility to overwrite + than 1.3.11, when the instructions say to install a corrected firewall + script in /etc/shorewall/firewall, /usr/lib/shorewall/firewall + or /var/lib/shorewall/firewall, use the 'cp' (or 'scp') utility to overwrite the existing file. DO NOT REMOVE OR RENAME THE OLD /etc/shorewall/firewall or /var/lib/shorewall/firewall before you do that. /etc/shorewall/firewall and /var/lib/shorewall/firewall are symbolic links that point @@ -66,229 +69,240 @@ the archive, replace the 'firewall' script in the untarred directory to start Shorewall during boot. It is that file that must be overwritten with the corrected script. Beginning with Shorewall 1.3.11, you may rename the existing file before copying in the new file.

    -
    7. -
  7. - +
    8. +
  8. +

    DO NOT INSTALL CORRECTED COMPONENTS - ON A RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER BELOW. -For example, do NOT install the 1.3.9a firewall script if you are running - 1.3.7c.
    -

    -
    9. - + ON A RELEASE EARLIER THAN THE ONE THAT THEY ARE LISTED UNDER BELOW. + For example, do NOT install the 1.3.9a firewall script if you are running + 1.3.7c.
    +

    + +
- + - -
+ +

Problems in Version 1.3

- +

Version 1.3.14

+ +
    +
  • The documentation for the routestopped file claimed that a comma-separated + list could appear in the second column while the code only supported a single + host or network address.
    • +
  • Log messages produced by 'logunclean' and 'dropunclean' were not rate-limited.
    • + +
+ Both problems have been corrected in this -firewall script which may be installed in /usr/lib/shorewall as described -above.
- - + firewall script which may be installed in /usr/lib/shorewall as described + above.
+

Version 1.3.13

- +
    -
  • The 'shorewall add' command produces an error message referring -to 'find_interfaces_by_maclist'.
    • -
  • The 'shorewall delete' command can leave behind undeleted rules.
    • -
  • The 'shorewall add' command can fail with "iptables: Index of insertion -too big".
    -
    • - -
- All three problems are corrected by this - firewall script which may be installed in /usr/lib/shorewall as described - above.
- -
    -
  • VLAN interface names of the form "ethn.m" (e.g., eth0.1) - are not supported in this version or in 1.3.12. If you need such support, - post on the users list and I can provide you with a patched version.
    -
    • - -
- -

Version 1.3.12

- -
    -
  • If RFC_1918_LOG_LEVEL is set to anything but ULOG, the effect -is the same as if RFC_1918_LOG_LEVEL=info had been specified. The problem -is corrected by this - firewall script which may be installed in /usr/lib/shorewall as described - above.
    • -
  • VLAN interface names of the form "ethn.m" (e.g., eth0.1) - are not supported in this version or in 1.3.13. If you need such support, - post on the users list and I can provide you with a patched version.
    +
  • The 'shorewall add' command produces an error message referring + to 'find_interfaces_by_maclist'.
    • +
  • The 'shorewall delete' command can leave behind undeleted rules.
    • +
  • The 'shorewall add' command can fail with "iptables: Index of insertion + too big".
    • - +
- + All three problems are corrected by this + firewall script which may be installed in /usr/lib/shorewall as described + above.
+ +
    +
  • VLAN interface names of the form "ethn.m" (e.g., +eth0.1) are not supported in this version or in 1.3.12. If you need such +support, post on the users list and I can provide you with a patched version.
    +
    • + +
+ +

Version 1.3.12

+ +
    +
  • If RFC_1918_LOG_LEVEL is set to anything but ULOG, the effect + is the same as if RFC_1918_LOG_LEVEL=info had been specified. The problem + is corrected by this + firewall script which may be installed in /usr/lib/shorewall as described + above.
    • +
  • VLAN interface names of the form "ethn.m" (e.g., +eth0.1) are not supported in this version or in 1.3.13. If you need such +support, post on the users list and I can provide you with a patched version.
    +
    • + +
+

Version 1.3.12 LRP

- +
    -
  • The .lrp was missing the /etc/shorewall/routestopped file -- -a new lrp (shorwall-1.3.12a.lrp) has been released which corrects this -problem.
    -
    • - +
  • The .lrp was missing the /etc/shorewall/routestopped file -- + a new lrp (shorwall-1.3.12a.lrp) has been released which corrects this + problem.
    +
    • +
- +

Version 1.3.11a

- + - -

Version 1.3.11

- -
    -
  • When installing/upgrading using the .rpm, you may receive -the following warnings:
    -
    -      user teastep does not exist - using root
    -      group teastep does not exist - using root
    -
    - These warnings are harmless and may be ignored. Users downloading - the .rpm from shorewall.net or mirrors should no longer see these warnings - as the .rpm you will get from there has been corrected.
    • -
  • DNAT rules that exclude a source subzone (SOURCE column contains - ! followed by a sub-zone list) result in an error message and Shorewall - fails to start.
    -
    - Install this - corrected script in /usr/lib/shorewall/firewall to correct this problem. - Thanks go to Roger Aich who analyzed this problem and provided a fix.
    -
    - This problem is corrected in version 1.3.11a.
    + copy of /etc/shorewall/rfc1918 reflects the recent allocation of 82.0.0.0/8.
    • - +
- + +

Version 1.3.11

+ +
    +
  • When installing/upgrading using the .rpm, you may receive + the following warnings:
    +
    +      user teastep does not exist - using root
    +      group teastep does not exist - using root
    +
    + These warnings are harmless and may be ignored. Users downloading + the .rpm from shorewall.net or mirrors should no longer see these warnings + as the .rpm you will get from there has been corrected.
    • +
  • DNAT rules that exclude a source subzone (SOURCE column +contains ! followed by a sub-zone list) result in an error message and +Shorewall fails to start.
    +
    + Install this + corrected script in /usr/lib/shorewall/firewall to correct this problem. + Thanks go to Roger Aich who analyzed this problem and provided a fix.
    +
    + This problem is corrected in version 1.3.11a.
    +
    • + +
+

Version 1.3.10

- +
    -
  • If you experience problems connecting to a PPTP server -running on your firewall and you have a 'pptpserver' entry in /etc/shorewall/tunnels, - If you experience problems connecting to a PPTP server + running on your firewall and you have a 'pptpserver' entry in /etc/shorewall/tunnels, + this - version of the firewall script may help. Please report any cases -where installing this script in /usr/lib/shorewall/firewall solved your -connection problems. Beginning with version 1.3.10, it is safe to save -the old version of /usr/lib/shorewall/firewall before copying in the new -one since /usr/lib/shorewall/firewall is the real script now and not + version of the firewall script may help. Please report any cases + where installing this script in /usr/lib/shorewall/firewall solved your + connection problems. Beginning with version 1.3.10, it is safe to save + the old version of /usr/lib/shorewall/firewall before copying in the +new one since /usr/lib/shorewall/firewall is the real script now and not just a symbolic link to the real script.
    -
    • - -
- -

Version 1.3.9a

- -
    -
  • If entries are used in /etc/shorewall/hosts and MERGE_HOSTS=No - then the following message appears during "shorewall [re]start":
    • - + +
+

Version 1.3.9a

+ +
    +
  • If entries are used in /etc/shorewall/hosts and MERGE_HOSTS=No + then the following message appears during "shorewall [re]start":
    • + +
+ 
          recalculate_interfacess: command not found
- +
The updated firewall script at ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall - corrects this problem.Copy the script to /usr/lib/shorewall/firewall - as described above.
-
- + corrects this problem.Copy the script to /usr/lib/shorewall/firewall + as described above.
+ +
Alternatively, edit /usr/lob/shorewall/firewall and change the - single occurence (line 483 in version 1.3.9a) of 'recalculate_interefacess' - to 'recalculate_interface'.
-
- + single occurence (line 483 in version 1.3.9a) of 'recalculate_interefacess' + to 'recalculate_interface'.
+ + - +

Version 1.3.9

- TUNNELS Broken in 1.3.9!!! There is an updated firewall - script at TUNNELS Broken in 1.3.9!!! There is an updated firewall + script at ftp://www.shorewall.net/pub/shorewall/errata/1.3.9/firewall - -- copy that file to /usr/lib/shorewall/firewall as described above.
-
- Version 1.3.8 + -- copy that file to /usr/lib/shorewall/firewall as described above.
+
+ Version 1.3.8
    -
  • Use of shell variables in the LOG LEVEL or SYNPARMS - columns of the policy file doesn't work.
    • -
  • A DNAT rule with the same original and new IP addresses - but with different port numbers doesn't work (e.g., "DNAT loc dmz:10.1.1.1:24 - tcp 25 - 10.1.1.1")
    -
    • - +
  • Use of shell variables in the LOG LEVEL or SYNPARMS + columns of the policy file doesn't work.
    • +
  • A DNAT rule with the same original and new IP addresses + but with different port numbers doesn't work (e.g., "DNAT loc dmz:10.1.1.1:24 + tcp 25 - 10.1.1.1")
    +
    • +
- Installing this corrected firewall script in /var/lib/shorewall/firewall - as described above corrects these -problems. + as described above corrects these + problems.

Version 1.3.7b

- + +

DNAT rules where the source zone is 'fw' ($FW) result in an error message. Installing this corrected firewall script in /var/lib/shorewall/firewall - as described above corrects this problem.

- + as described above corrects this +problem.

+ +

Version 1.3.7a

- + +

"shorewall refresh" is not creating the proper rule for FORWARDPING=Yes. Consequently, after "shorewall refresh", the firewall will not forward @@ -296,367 +310,385 @@ problems. this corrected firewall script in /var/lib/shorewall/firewall - as described above corrects this problem.

- + as described above corrects this +problem.

+ +

Version <= 1.3.7a

- + +

If "norfc1918" and "dhcp" are both specified as options on a given interface then RFC 1918 checking is occurring before DHCP checking. This means that if a DHCP client broadcasts using an RFC 1918 source address, then the firewall will reject the broadcast (usually logging it). This - has two problems:

- + has two problems:

+ +
    -
  1. If the firewall is - running a DHCP server, the client - won't be able to obtain an IP address - lease from that server.
    2. -
  2. With this order of - checking, the "dhcp" option cannot +
  3. If the firewall +is running a DHCP server, the client + won't be able to obtain an IP address + lease from that server.
    4. +
  4. With this order +of checking, the "dhcp" option cannot be used as a noise-reduction measure where there are both dynamic and static clients on a LAN segment.
    5. - +
- +

This version of the 1.3.7a firewall script - corrects the problem. It must be + corrects the problem. It must be installed in /var/lib/shorewall as described above.

- + +

Version 1.3.7

- + +

Version 1.3.7 dead on arrival -- please use version 1.3.7a and check your version against these md5sums -- if there's a difference, please download again.

- + + 
	d2fffb7fb99bcc6cb047ea34db1df10 shorewall-1.3.7a.tgz
	6a7fd284c8685b2b471a2f47b469fb94 shorewall-1.3.7a-1.noarch.rpm
	3decd14296effcff16853106771f7035 shorwall-1.3.7a.lrp
- +

In other words, type "md5sum <whatever package you downloaded> - and compare the result with what you see above.

- + and compare the result with what you see above.

+

I'm embarrassed to report that 1.2.7 was also DOA -- maybe I'll skip the - .7 version in each sequence from now on.

- + .7 version in each sequence from now on.

+

Version 1.3.6

- +
    -
  • +
  • - +

    If ADD_SNAT_ALIASES=Yes is specified in /etc/shorewall/shorewall.conf, - an error occurs when the firewall script attempts to add - an SNAT alias.

    -
    • -
  • + an error occurs when the firewall script attempts to +add an SNAT alias.

    +
    • +
  • - +

    The logunclean and dropunclean options cause errors during startup when Shorewall is run with iptables - 1.2.7.

    -
    • - + 1.2.7.

    + +
- +

These problems are fixed in this correct firewall script which must be installed in /var/lib/shorewall/ as described above. These problems are also corrected in version 1.3.7.

- +

Two-interface Samples 1.3.6 (file two-interfaces.tgz)

- +

A line was inadvertently deleted from the "interfaces file" -- this line should be added back in if the version that you - downloaded is missing it:

- + downloaded is missing it:

+

net    eth0    detect    routefilter,dhcp,norfc1918

- +

If you downloaded two-interfaces-a.tgz then the above line should already be in the file.

- +

Version 1.3.5-1.3.5b

- +

The new 'proxyarp' interface option doesn't work :-( This is fixed in this corrected firewall script which must be installed in /var/lib/shorewall/ as described above.

- +

Versions 1.3.4-1.3.5a

- +

Prior to version 1.3.4, host file entries such as the following were allowed:

- -
+ +
	adm	eth0:1.2.4.5,eth0:5.6.7.8
-
- -
+
+ +

That capability was lost in version 1.3.4 so that it is only - possible to  include a single host specification on each line. - This problem is corrected by this - modified 1.3.5a firewall script. Install the script in /var/lib/pub/shorewall/firewall - as instructed above.

-
- -
+ modified 1.3.5a firewall script. Install the script in /var/lib/pub/shorewall/firewall + as instructed above.

+
+ +

This problem is corrected in version 1.3.5b.

-
- +
+

Version 1.3.5

- +

REDIRECT rules are broken in this version. Install this corrected firewall script in /var/lib/pub/shorewall/firewall - as instructed above. This problem is corrected in version - 1.3.5a.

- + as instructed above. This problem is corrected in version + 1.3.5a.

+

Version 1.3.n, n < 4

- +

The "shorewall start" and "shorewall restart" commands to not verify that the zones named in the /etc/shorewall/policy file have been previously defined in the /etc/shorewall/zones file. The "shorewall check" command does perform this verification so it's a good idea to run that command after you have made configuration - changes.

- + changes.

+

Version 1.3.n, n < 3

- +

If you have upgraded from Shorewall 1.2 and after "Activating rules..." you see the message: "iptables: No chains/target/match - by that name" then you probably have an entry in /etc/shorewall/hosts - that specifies an interface that you didn't include in - /etc/shorewall/interfaces. To correct this problem, you - must add an entry to /etc/shorewall/interfaces. Shorewall 1.3.3 and - later versions produce a clearer error message in this case.

- + by that name" then you probably have an entry in /etc/shorewall/hosts + that specifies an interface that you didn't include in + /etc/shorewall/interfaces. To correct this problem, you + must add an entry to /etc/shorewall/interfaces. Shorewall 1.3.3 +and later versions produce a clearer error message in this +case.

+

Version 1.3.2

- +

Until approximately 2130 GMT on 17 June 2002, the download sites contained an incorrect version of the .lrp file. That file can be identified by its size (56284 bytes). The correct version has a size of 38126 bytes.

- +
    -
  • The code to detect a duplicate interface - entry in /etc/shorewall/interfaces contained a typo that -prevented it from working correctly.
    • -
  • "NAT_BEFORE_RULES=No" was broken; it -behaved just like "NAT_BEFORE_RULES=Yes".
    • - +
  • The code to detect a duplicate interface + entry in /etc/shorewall/interfaces contained a typo that + prevented it from working correctly.
    • +
  • "NAT_BEFORE_RULES=No" was broken; it + behaved just like "NAT_BEFORE_RULES=Yes".
    • +
- +

Both problems are corrected in this script which should be installed in /var/lib/shorewall - as described above.

- + as described above.

+
    -
  • +
  • - +

    The IANA have just announced the allocation of subnet - 221.0.0.0/8. This updated rfc1918 file reflects that allocation.

    -
    • - + +
- +

Version 1.3.1

- +
    -
  • TCP SYN packets may be double counted -when LIMIT:BURST is included in a CONTINUE or ACCEPT policy -(i.e., each packet is sent through the limit chain twice).
    • -
  • An unnecessary jump to the policy chain - is sometimes generated for a CONTINUE policy.
    • -
  • When an option is given for more than -one interface in /etc/shorewall/interfaces then depending - on the option, Shorewall may ignore all but the first -appearence of the option. For example:
    -
    - net    eth0    dhcp
    - loc    eth1    dhcp
    -
    - Shorewall will ignore the 'dhcp' on eth1.
    • -
  • Update 17 June 2002 - The bug described - in the prior bullet affects the following options: dhcp, +
  • TCP SYN packets may be double counted + when LIMIT:BURST is included in a CONTINUE or ACCEPT policy + (i.e., each packet is sent through the limit chain twice).
    • +
  • An unnecessary jump to the policy chain + is sometimes generated for a CONTINUE policy.
    • +
  • When an option is given for more than + one interface in /etc/shorewall/interfaces then depending + on the option, Shorewall may ignore all but the first + appearence of the option. For example:
    +
    + net    eth0    dhcp
    + loc    eth1    dhcp
    +
    + Shorewall will ignore the 'dhcp' on eth1.
    • +
  • Update 17 June 2002 - The bug described + in the prior bullet affects the following options: dhcp, dropunclean, logunclean, norfc1918, routefilter, multi, filterping and noping. An additional bug has been found that affects only the 'routestopped' option.
    -
    - Users who downloaded the corrected script -prior to 1850 GMT today should download and install the -corrected script again to ensure that this second problem -is corrected.
    • - +
    + Users who downloaded the corrected script + prior to 1850 GMT today should download and install +the corrected script again to ensure that this second +problem is corrected. +
- +

These problems are corrected in this firewall script which should be installed in /etc/shorewall/firewall - as described above.

- + as described above.

+

Version 1.3.0

- + - -
+ +

Upgrade Issues

- +

The upgrade issues have moved to a separate page.

- -
+ +

Problem with - iptables version 1.2.3

- + iptables version 1.2.3 +
- +

There are a couple of serious bugs in iptables 1.2.3 that - prevent it from working with Shorewall. Regrettably, RedHat - released this buggy iptables in RedHat 7.2. 

+ prevent it from working with Shorewall. Regrettably, +RedHat released this buggy iptables in RedHat 7.2. 

- +

I have built a - corrected 1.2.3 rpm which you can download here  and I have - also built an   and I have + also built an iptables-1.2.4 rpm which you can download here. If you are currently - running RedHat 7.1, you can install either of these RPMs - before you upgrade to RedHat 7.2.

- - -

Update 11/9/2001: RedHat - has released an iptables-1.2.4 RPM of their own which you can download - from http://www.redhat.com/support/errata/RHSA-2001-144.html. - I have installed this RPM on my firewall and it works - fine.

- - -

If you would like to patch iptables 1.2.3 yourself, - the patches are available for download. This patch - which corrects a problem with parsing of the --log-level specification - while this patch - corrects a problem in handling the  TOS target.

+ running RedHat 7.1, you can install either of these RPMs + before you upgrade to RedHat 7.2.

+

Update 11/9/2001: RedHat + has released an iptables-1.2.4 RPM of their own which you can +download from http://www.redhat.com/support/errata/RHSA-2001-144.html. + I have installed this RPM on my firewall and it works + fine.

+ + +

If you would like to patch iptables 1.2.3 yourself, + the patches are available for download. This patch + which corrects a problem with parsing of the --log-level specification + while this patch + corrects a problem in handling the  TOS target.

+ +

To install one of the above patches:

- +
    -
  • cd iptables-1.2.3/extensions
    • -
  • patch -p0 < the-patch-file
    • +
  • cd iptables-1.2.3/extensions
    • +
  • patch -p0 < the-patch-file
    • - +
-
+ - +

Problems with kernels >= 2.4.18 and RedHat iptables

- +
+

Users who use RedHat iptables RPMs and who upgrade to kernel 2.4.18/19 - may experience the following:

+ may experience the following:

- +
- + 
# shorewall start
Processing /etc/shorewall/shorewall.conf ...
Processing /etc/shorewall/params ...
Starting Shorewall...
Loading Modules...
Initializing...
Determining Zones...
Zones: net
Validating interfaces file...
Validating hosts file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
iptables: libiptc/libip4tc.c:380: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
Aborted (core dumped)
iptables: libiptc/libip4tc.c:380: do_check: Assertion
`h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
Aborted (core dumped)
-
+
- +

The RedHat iptables RPM is compiled with debugging enabled but the user-space debugging code was not updated to reflect recent changes in - the Netfilter 'mangle' table. You can correct the problem by -installing - this iptables RPM. If you are already running a 1.2.5 version - of iptables, you will need to specify the --oldpackage option + this iptables RPM. If you are already running a 1.2.5 version + of iptables, you will need to specify the --oldpackage option to rpm (e.g., "iptables -Uvh --oldpackage iptables-1.2.5-1.i386.rpm").

- + - +

Problems installing/upgrading - RPM on SuSE

- + RPM on SuSE + +

If you find that rpm complains about a conflict with kernel <= 2.2 yet you have a 2.4 kernel installed, simply use the "--nodeps" option to rpm.

- + +

Installing: rpm -ivh --nodeps <shorewall rpm>

- + +

Upgrading: rpm -Uvh --nodeps <shorewall rpm>

- + +

Problems with iptables version 1.2.7 and MULTIPORT=Yes

- + +

The iptables 1.2.7 release of iptables has made an incompatible change to the syntax used to specify multiport match rules; as a consequence, if you install iptables 1.2.7 you must be running Shorewall 1.3.7a or later or:

- + + - +

Problems with RH Kernel 2.4.18-10 and NAT
-

- /etc/shorewall/nat entries of the following form will result - in Shorewall being unable to start:
-
- + + /etc/shorewall/nat entries of the following form will result + in Shorewall being unable to start:
+
+ 
#EXTERNAL       INTERFACE       INTERNAL        ALL INTERFACES          LOCAL
192.0.2.22      eth0            192.168.9.22    yes                     yes
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
- Error message is:
- + Error message is:
+ 
Setting up NAT...
iptables: Invalid argument
Terminated

- The solution is to put "no" in the LOCAL column. Kernel support - for LOCAL=yes has never worked properly and 2.4.18-10 has disabled -it. The 2.4.19 kernel contains corrected support under a new kernel -configuraiton option; see http://www.shorewall.net/Documentation.htm#NAT
- -

Last updated 2/17/2003 - + The solution is to put "no" in the LOCAL column. Kernel +support for LOCAL=yes has never worked properly and 2.4.18-10 has +disabled it. The 2.4.19 kernel contains corrected support under a new +kernel configuraiton option; see http://www.shorewall.net/Documentation.htm#NAT
+ +

Last updated 2/18/2003 - Tom Eastep

- +

Copyright © 2001, 2002, 2003 Thomas M. Eastep.
-

+

+
+



diff --git a/STABLE/documentation/mailing_list.htm b/STABLE/documentation/mailing_list.htm index 8fd3276af..094d29e17 100644 --- a/STABLE/documentation/mailing_list.htm +++ b/STABLE/documentation/mailing_list.htm @@ -2,152 +2,152 @@ - + - + - + - + Shorewall Mailing Lists - + + - + - - - + + - + - - +
+ Powered by Postfix    
+ + + - - + +
+
- + +

Vexira Logo -

+ - - - + +

 

- 		- + +

Shorewall Mailing Lists

- 		+ (Postfix Logo) -
- +
+ -
- + +
+

-
- Powered by Postfix    
-
-
- -

Not getting List Mail? -- Check Here

- -

If you experience problems with any of these lists, please - let me know

- + + +

If you experience problems with any of these lists, please + let me know

+

Not able to Post Mail to shorewall.net?

- -

You can report such problems by sending mail to tom dot eastep + +

You can report such problems by sending mail to tom dot eastep at hp dot com.

- +

A Word about SPAM Filters 

- -

Before subscribing please read my policy - about list traffic that bounces. Also please note that the mail server + +

Before subscribing please read my policy + about list traffic that bounces. Also please note that the mail server at shorewall.net checks incoming mail:
-

- +

+
    -
  1. against Spamassassin +
  2. against Spamassassin (including Vipul's Razor).
    -
    3. -
  3. to ensure that the sender address is fully qualified.
    4. -
  4. to verify that the sender's domain has an A or MX record - in DNS.
    5. -
  5. to ensure that the host name in the HELO/EHLO command - is a valid fully-qualified DNS name that resolves.
    6. - + +
  6. to ensure that the sender address is fully qualified.
    7. +
  7. to verify that the sender's domain has an A or MX +record in DNS.
    8. +
  8. to ensure that the host name in the HELO/EHLO command + is a valid fully-qualified DNS name that resolves.
    9. +
- +

Please post in plain text

- A growing number of MTAs serving list subscribers are rejecting -all HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net - "for continuous abuse" because it has been my policy to allow HTML in list - posts!!
-
- I think that blocking all HTML is a Draconian way to control spam - and that the ultimate losers here are not the spammers but the list subscribers - whose MTAs are bouncing all shorewall.net mail. As one list subscriber - wrote to me privately "These e-mail admin's need to get a (explitive - deleted) life instead of trying to rid the planet of HTML based e-mail". - Nevertheless, to allow subscribers to receive list posts as must as possible, - I have now configured the list server at shorewall.net to strip all HTML - from outgoing posts. This means that HTML-only posts will be bounced by + A growing number of MTAs serving list subscribers are rejecting + all HTML traffic. At least one MTA has gone so far as to blacklist shorewall.net + "for continuous abuse" because it has been my policy to allow HTML in +list posts!!
+
+ I think that blocking all HTML is a Draconian way to control spam + and that the ultimate losers here are not the spammers but the list +subscribers whose MTAs are bouncing all shorewall.net mail. As one list +subscriber wrote to me privately "These e-mail admin's need to get a (explitive + deleted) life instead of trying to rid the planet of HTML based e-mail". + Nevertheless, to allow subscribers to receive list posts as must as possible, + I have now configured the list server at shorewall.net to strip all HTML + from outgoing posts. This means that HTML-only posts will be bounced by the list server.
- -

Note: The list server limits posts to 120kb.
-

+

Note: The list server limits posts to 120kb.
+

+

Other Mail Delivery Problems

- If you find that you are missing an occasional list post, your e-mail - admin may be blocking mail whose Received: headers contain the names - of certain ISPs. Again, I believe that such policies hurt more than they - help but I'm not prepared to go so far as to start stripping Received: + If you find that you are missing an occasional list post, your e-mail + admin may be blocking mail whose Received: headers contain the +names of certain ISPs. Again, I believe that such policies hurt more than +they help but I'm not prepared to go so far as to start stripping Received: headers to circumvent those policies.
- +

Mailing Lists Archive Search

- -
- -

Match: - + + + +

Match: + - Format: - + Format: + - Sort by: - + Sort by: + -
- Search:

- + -

Please do not try to download the entire -Archive -- it is 75MB (and growing daily) and my slow DSL line simply won't -stand the traffic. If I catch you, you will be blacklisted.
-

- + +

Please do not try to download the +entire Archive -- it is 75MB (and growing daily) and my slow DSL line simply +won't stand the traffic. If I catch you, you will be blacklisted.
+

+

Shorewall CA Certificate

- If you want to trust X.509 certificates issued by Shoreline - Firewall (such as the one used on my web site), you may download and install my CA certificate - in your browser. If you don't wish to trust my certificates then -you can either use unencrypted access when subscribing to Shorewall -mailing lists or you can use secure access (SSL) and accept the server's + If you want to trust X.509 certificates issued by Shoreline + Firewall (such as the one used on my web site), you may download and install my CA certificate + in your browser. If you don't wish to trust my certificates then +you can either use unencrypted access when subscribing to Shorewall +mailing lists or you can use secure access (SSL) and accept the server's certificate when prompted by your browser.
- +

Shorewall Users Mailing List

- -

The Shorewall Users Mailing list provides a way for users - to get answers to questions and to report problems. Information -of general interest to the Shorewall user community is also posted + +

The Shorewall Users Mailing list provides a way for users + to get answers to questions and to report problems. Information +of general interest to the Shorewall user community is also posted to this list.

- -

Before posting a problem report to this list, please see - the problem reporting + +

Before posting a problem report to this list, please see + the problem reporting guidelines.

- -

To subscribe to the mailing list:
-

- - - -

To post to the list, post to shorewall-users@lists.shorewall.net.

- -

The list archives are at http://lists.shorewall.net/pipermail/shorewall-users.

- -

Note that prior to 1/1/2002, the mailing list was hosted -at Sourceforge. The archives from that -list may be found at www.geocrawler.com/lists/3/Sourceforge/9327/0/.

- -

Shorewall Announce Mailing List

- -

This list is for announcements of general interest to the - Shorewall community. To subscribe:
-

- -

- - - -


- The list archives are at http://lists.shorewall.net/pipermail/shorewall-announce.

- -

Shorewall Development Mailing List

- -

The Shorewall Development Mailing list provides a forum for - the exchange of ideas about the future of Shorewall and for coordinating - ongoing Shorewall Development.

- +

To subscribe to the mailing list:

- + + +

To post to the list, post to shorewall-users@lists.shorewall.net.

+ +

The list archives are at http://lists.shorewall.net/pipermail/shorewall-users.

+ +

Note that prior to 1/1/2002, the mailing list was hosted at +Sourceforge. The archives from that list +may be found at www.geocrawler.com/lists/3/Sourceforge/9327/0/.

+ +

Shorewall Announce Mailing List

+ +

This list is for announcements of general interest to the + Shorewall community. To subscribe:
+

+ +

+ + + +


+ The list archives are at http://lists.shorewall.net/pipermail/shorewall-announce.

+ +

Shorewall Development Mailing List

+ +

The Shorewall Development Mailing list provides a forum for + the exchange of ideas about the future of Shorewall and for coordinating + ongoing Shorewall Development.

+ +

To subscribe to the mailing list:
+

+ + - +

To post to the list, post to shorewall-devel@lists.shorewall.net

- +

The list archives are at http://lists.shorewall.net/pipermail/shorewall-devel.

- -

How to Unsubscribe from one of + +

How to Unsubscribe from one of the Mailing Lists

- -

There seems to be near-universal confusion about unsubscribing - from Mailman-managed lists although Mailman 2.1 has attempted -to make this less confusing. To unsubscribe:

- + +

There seems to be near-universal confusion about unsubscribing + from Mailman-managed lists although Mailman 2.1 has attempted to + make this less confusing. To unsubscribe:

+
    -
  • - -

    Follow the same link above that you used to subscribe +

  • + +

    Follow the same link above that you used to subscribe to the list.

    -
    • -
  • - -

    Down at the bottom of that page is the following text: - " To unsubscribe from <list name>, get a password - reminder, or change your subscription options enter your subscription - email address:". Enter your email address in the box and click - on the "Unsubscribe or edit options" button.

    -
    • -
  • - -

    There will now be a box where you can enter your password - and click on "Unsubscribe"; if you have forgotten your password, - there is another button that will cause your password to be emailed +

    • +
  • + +

    Down at the bottom of that page is the following text: + " To unsubscribe from <list name>, get a password + reminder, or change your subscription options enter your subscription + email address:". Enter your email address in the box and +click on the "Unsubscribe or edit options" button.

    +
    • +
  • + +

    There will now be a box where you can enter your password + and click on "Unsubscribe"; if you have forgotten your password, + there is another button that will cause your password to be emailed to you.

    -
    • - + +
- -
+ +

Frustrated by having to Rebuild Mailman to use it with Postfix?

- +

Check out these instructions

- -

Last updated 2/3/2003 - Last updated 2/18/2003 - Tom Eastep

- -

Copyright © -2001, 2002, 2003 Thomas M. Eastep.
-

+ +

Copyright2001, 2002, 2003 Thomas M. Eastep.
+

+

diff --git a/STABLE/documentation/mailing_list_problems.htm b/STABLE/documentation/mailing_list_problems.htm deleted file mode 100644 index f9fdde6c7..000000000 --- a/STABLE/documentation/mailing_list_problems.htm +++ /dev/null @@ -1,49 +0,0 @@ - - - - - - - - - - - - Mailing List Problems - - - - - - - - - - -
- -

Mailing List Problems

-
- -

Shorewall.net is currently experiencing mail delivery problems - to at least one address in each of the following domains:

- -
-
- 
2020ca - delivery to this domain has been disabled (cause unknown)
arosy.de - delivery to this domain has been disabled (Relay access denied)
arundel.homelinux.org - delivery to this domain has been disabled (connection timed out, connection refused)
asurfer.com - (Mailbox full)
bol.com.br - delivery to this domain has been disabled (Mailbox Full)
cuscominc.com - delivery to this domain has been disabled (bouncing mail from all sources with "Mail rejected because the server you are sending to is misconfigured").
cvnet.psi.br - (DNS configuration error -- MX is cvn-srv1.cvnet.psi.br.cvnet.psi.br)
datakota.com - (DNS Timeouts)
excite.com - delivery to this domain has been disabled (cause unknown)
epacificglobal.com - delivery to this domain has been disabled (no MX record for domain)
freefish.dyndns.org - delivery to this domain has been disabled (Name Server Problem -- Host not found)
gmx.net - delivery to this domain has been disabled (cause unknown)
hotmail.com - delivery to this domain has been disabled (Mailbox over quota)
intercom.net - delivery to this domain has been disabled (cause unknown)
nitialcs.com - delivery to this domain has been disabled (cause unknown)
intelligents.2y.net - delivery to this domain has been disabled (Name Service Problem -- Host not Found).
khp-inc.com - delivery to this domain has been disabled (anti-virus problems)
kieninger.de - delivery to this domain has been disabled (relaying to <xxxxx@kieninger.de> prohibited by administrator)
lariera.com - delivery to this domain has been disabled (Unknown User)
mfocus.com.my - delivery to this domain has been disabled (MTA at mailx.mfocus.com.my not delivering and not giving a reason)
navair.navy.mil - delivery to this domain has been disabled (A restriction in the system prevented delivery of the message)
opermail.net - delivery to this domain has been disabled (cause unknown)
penquindevelopment.com - delivery to this domain has been disabled (connection timed out)
scip-online.de - delivery to this domain has been disabled (cause unknown)
spctnet.com - connection timed out - delivery to this domain has been disabled
telusplanet.net - delivery to this domain has been disabled (cause unknown)
the-techy.com - delivery to this domain has been disabled  (clueless administrator - continuous DNS problems) 
yahoo.com - delivery to this domain has been disabled (Mailbox over quota)
-
-
- -

Last updated 12/17/2002 02:51 GMT - Tom Eastep

- -

Copyright © 2002 Thomas M. Eastep.

- -

 

-
- -