IRC Logs for #crux Tuesday, 2017-10-10

*** onodera has quit IRC00:35
*** ileach has quit IRC01:07
*** druid_droid has quit IRC01:18
*** druid_droid has joined #crux01:19
*** xcko has joined #crux01:59
*** SiFuh has quit IRC02:07
*** SiFuh has joined #crux02:08
*** xcko_ has joined #crux02:17
*** xcko has quit IRC02:18
prologicI know someone here knows the answer ot this q02:37
prologicQ: What is the process / config needed to actively block inbound mail that forges the From: to appear as if the mail is coming from the target domain? e.g: I run a mail server for and get forged emails from <insert -- I'd like to block these outright / hard as they are 100% invalid02:38
*** _________mavric6 has quit IRC02:50
*** _________mavric6 has joined #crux02:52
xcko_I think procmail or spamassassin can do that, but I don't have experience with either02:55
Worksterspoofed from email field03:03
Worksterthat might help you prologic03:09
ryu0prologic: one option? check SPF records.03:26
ryu0it's a basic anti-spam tool to check that the sender is authorized to send mail for a domain.03:27
prologicryu0: maybe my SPF record is a bit off?03:28
prologicI have SPF and DKIM enabled for my domain03:28
prologicbut maybe its a bit too lax03:28
ryu0prologic: TLD?03:28
ryu0err FQDN?03:28
jaegeryeah, I was gonna suggest postfix can do that trivially but Workster already linked it04:22
*** xcko_ has quit IRC04:25
prologicso what I'm hearing is fix my SPF "somehow" :)04:27
jaegerthere are two parts to that equation... one is making sure your SPF records are correct and the other is enforcing them on the mail server04:35
*** tilman_ has joined #crux04:46
*** tilman has quit IRC04:49
prologiccan't find what ~all means04:51
prologicjaeger: *nods*04:52
prologic99.99% sure my server enforces them (if not I'll file a bug with bug tracker)04:52
prologic0% sure my record is correct :)04:52
SiFuhThis world is weird05:19
jaeger is one tool you can use to check your records05:26
jaeger~ means soft fail which will allow non-compliant mail through but mark them as such usually05:26
jaeger- means strict or hard fail, mail is rejected if it doesn't comply with your record05:27 doesn't have an SPF record, but if you were referring to some other domain, no idea. :)05:29
prologicjaeger: haha :)05:44
prologicthat domain is managed by Google Apps :)05:44
prologicwhich apparently do a better job on filtering out Spam than spamassassin so I've never had the need to have SPF records on the domain :)05:45
prologicthat being said perhaps I should anyway05:45
prologicin any case you are right that's not the domain I'm talking about :D as if I'd post it in a channel I help publicly log :D05:46
prologicjaeger: also I'm still confused about the material I'm reading; are you suggesting changing the ~all to -all would drop a lot of inbound mail on the floor (assuming my mail server -- I think packages up qmail) because the forged sender is not coming from the IPs designated as "allowed" by the SPF record?05:49
prologicthis sort of makes sense05:49
prologicwhich if so; I'm not sure why anyone would use ~ (softfail) or + (pass)?05:50
*** parlos has joined #crux05:53
*** parlos has quit IRC06:20
*** groovy2shoes has quit IRC06:32
*** groovy2shoes has joined #crux06:33
*** groovy2shoes has quit IRC06:36
*** groovy2shoes has joined #crux06:37
*** henesy__ has quit IRC07:10
SiFuhMr Robot on Thursday07:22
*** nwe has quit IRC07:24
*** timcowchip has joined #crux07:32
*** parlos has joined #crux07:35
joacimyou're trying to hack me07:47
timcowchipis you?07:48
timcowchipsomeone at tried to sign in to my timcowchip yahoo account07:49
timcowchipDate and Time: October 9, 2017 10:52:36 PM PDT Location: Sweden (IP Address:
timcowchipwhen I saw Sweden, I thought of you guys07:51
joacimno thats not me07:51
joacim84.214.234.57 is me07:51
*** timcowchip has quit IRC07:54
*** nwe has joined #crux07:58
*** nwe has quit IRC07:58
*** timcowchip has joined #crux08:02
*** timcowchip has left #crux ()08:05
*** SiFuh_ has joined #crux08:12
*** SiFuh_ has quit IRC08:12
*** tilman has joined #crux08:52
frinnstwhat an odd person09:17
*** pejman has quit IRC09:18
*** pejman has joined #crux09:27
*** pejman has quit IRC09:27
*** pejman has joined #crux09:27
joacimonly 4 people have that name in norway. Odd Persson09:35
pedjathank you, joacim, it's been a while since I snorted my coffee laughing09:41
frinnst4 in sweden too10:20
*** john_cephalopoda has joined #crux10:23
*** onodera has joined #crux10:58
*** parlos has quit IRC11:08
*** parlos has joined #crux11:20
SiFuhWow, that machine is pretty awesome.
SiFuhWonder if the operator would be a challenge in the game of descent?11:38
onoderaHi, is for anyone else fontconfig not "listening" to files in /etc/fonts/conf.d11:49
onoderafor example 10-sub-pixel-rgb.conf@ is in there but subpixel renderning is not being used11:50
*** onodera has quit IRC11:57
*** onodera has joined #crux11:58
*** parlos has quit IRC12:08
*** nwe has joined #crux12:14
ryu0teK__: +112:37
*** g0relike has joined #crux12:46
*** pyuuun has quit IRC12:50
jaegerprologic: when you configured an SPF record for your domain, you're instructing OTHER mail servers what to do with mail that claims to be from your domain13:32
jaegerWhether your mail server checks SPF records for domains sending you mail is different :)13:32
jaegersame with DMARC/DKIM13:33
jaegerSPF records on your domain won't reduce incoming spam except maybe some bounce messages13:34
*** chinarulezzz has quit IRC13:36
*** onodera has quit IRC13:42
*** onodera has joined #crux13:42
*** SiFuh_ has joined #crux13:59
*** SiFuh has quit IRC14:00
*** chinarulezzz has joined #crux14:48
*** TheCephalopod has joined #crux15:35
*** TheCephalopod has quit IRC15:35
*** heroux has quit IRC15:36
*** heroux has joined #crux15:44
*** nogagplz_ has quit IRC16:15
*** nogagplz has joined #crux16:16
frinnstfuck ipv4 with all of its ugly NAT crap16:20
frinnstsoftfail and the like is just if you dont care about spf16:21
frinnstlast I checked libspf was pretty dead16:22
jaegerNo idea about libspf but if you want to make postfix check SPF records there's
jaegeras well as a perl version16:31
frinnstI dont have a big spam-problem on my domain. maybe one per month slips through so I never bothered.
frinnstJune 10th, 2013: libspf2 version 1.2.10 has beeen released16:41
jaegervery silly, I approve16:51
*** tsaop has joined #crux16:59
*** henesy__ has joined #crux17:13
*** parlos has joined #crux18:04
*** parlos has quit IRC18:08
*** tsaop has quit IRC19:50
john_cephalopodaryu0: :D20:57
*** Lukc has quit IRC21:22
*** Lukc has joined #crux21:22
*** john_cephalopoda has quit IRC22:27
*** john_cephalopoda has joined #crux22:28
*** timcowchip has joined #crux22:29
timcowchipanyone use lxqt?22:30
timcowchipare you still hosting
john_cephalopodatimcowchip: Was it the thing that was called RazorQT once?22:38
timcowchipI had a crux port for that once22:39
john_cephalopodaI did German tranlsations on transifex for razor-qt once and used it, but that was back in my arch times.22:40
timcowchipnobody used it either22:40
timcowchipback when arch was systemd-free22:40
*** john_cephalopoda has quit IRC22:41
*** john_cephalopoda has joined #crux22:41
timcowchipI as I rebuild qt5 on crux in a vm22:43
timcowchipthen its on to qtwebengine22:44
timcowchipQupZilla, and basically everything in my repo22:45
timcowchipI tried making new signatures for a few ports; extra-cmake-modules, kidletime and tea, none of them worked when I went update them22:49
pekka_10I just finished building qt5, it took over 4 hours22:49
timcowchiphad to prt-get update -is22:50
timcowchipI have intel I5 will it take me as long or longer?22:50
pekka_10I had to change the Pkgfile to enabe an successful compile of QT522:51
pekka_10enabe = enable..22:51
*** onodera has quit IRC22:51
pekka_10Im on a chromebook, using Exynos soc, using 4 cores22:52
pekka_10I guess a I5 will use less time22:54
timcowchipok thanks pekka22:55
pekka_10if you have a SSD it will also help..22:56
pekka_10Its the largest package I ever compiled22:57
timcowchipits a monster22:57
pekka_10I usually use a 2GB tmps for compiling, but it was not big enough22:58
pekka_10I had to add an external HD, just to have enough space22:58
timcowchipI have 16Gb of ram23:01
pekka_10should be enough23:01
pekka_10but linux kernel has a hardlimit of how big tmpfs you can make.23:01
pekka_10only half of your physical memory, unless you specified something else at compile time23:02
pekka_10This was new to me, learned the hard way today..23:02
timcowchipmy mb is expandable to 64Gb of ram23:03
pekka_10in the Pkgfile, there is a flag: -reduce-relocations \23:05
pekka_10The process stopped with an error complaininig about this23:06
timcowchipthat sux23:07
pekka_10Im learning..23:07
pedjahalf of RAM is not the limit for tmpfs, iirc, it's the default23:07
pedjayou can set it higher, but the machine might hardlock under heavy load23:08
timcowchipmine is using 8Gb right now23:10
pedjatimcowchip, you can use Romster's qt5 package, if you don't rely on any qt5 extra stuff (CUPS support?)23:10
timcowchipunfortunately I do rely on the extra stuff23:11
pedjawell, happy compiling, then :)23:11
timcowchipof course I don't really use crux, but rathher maintain ports for crux in a vm23:12
pedjawhat do you run?23:12
timcowchipactually its revenge OS23:15
timcowchipI'm too lazy to install just arch23:16
pedjawhy arch?23:16
timcowchipthe number of packages available exceeds just about anything else23:17
pedjaDebian, Fedora, openSUSE?23:18
timcowchipand its easy enough to make your own package23:18
john_cephalopodatimcowchip: That can be changed. Make more crux packages! ;)23:18
pedjamaking them is easy. maintaining them, otoh23:19
joacimbeen thinking about trying out freebsd some more myself23:19
john_cephalopodatimcowchip: I switched to crux from arch. I miss the many packages and the AUR with all its stuff.23:19
john_cephalopodaImo, having an AUR equivalent for crux would be beneficial. Way too much work is done again and again, just because people don't want their repos to rely on other people's repos.23:22
pedjajoacim, it's pretty cool. in some aspects ahead of Linux, and in some lagging behind23:22
timcowchipalmost all the ports I made for crux, I used the PKGBUILDS from arch to start with23:22
joacimbeen testing it on my laptop for a while now. i really like freebsd, but the battery life isn't as good as it should be23:23
joacimhibernate and suspend works better on gnu/linux systems too23:24
pedjaThinkpad's work pretty well, the earlier models, iirc23:24
joacimi have it installed on my t42023:25
john_cephalopodaMy laptop needs a blob for wifi, else I'd consider BSD.23:26
pedjaI guess openBSD?23:26
john_cephalopodaIt's hard to use more and more rare OS or distros, when everybody expects standard Ubuntu GNU/Linux or Windows.23:27
john_cephalopodaIt took me 4 hours or so, to get the dependencies packaged, that I needed for a program for university.23:28
john_cephalopodaAnd there was some unhealthy cyclic dependency between openBLAS and lapack.23:29
pedjaI love CRUX, but I use Leap on my netbook :)23:29
timcowchipI like Leap23:30
pedjajohn_cephalopoda, which program?23:30
joacimi've mostly just used crux on my home server23:30
joacimdue to the simple setup, i've been very happy with it23:30
joacimhasnt been much effort at all23:30
joacimthe effort is greater on my laptop tho23:30
john_cephalopodapedja: slam6d, a program suite for point cloud stuff.23:30
john_cephalopodaI packed ann, lapack, openblas and suitesparse for it. Never uploaded those anywhere though.23:32
john_cephalopodaRight, an AUR-like system would have the problem, that there would be a lot of signatures by different people.23:40
jaegersignatures wouldn't be maintainable on a system like that23:43
jaegerat least not as they're currently implemented23:44
*** TheCephalopod has joined #crux23:46
TheCephalopod<john_cephalopoda> The pkgmk utility would have to be able to check if the signing was done with a key present in a key list in the repo.23:47
TheCephalopodIt would require a change in the system.23:47
*** john_cephalopoda has quit IRC23:47
jaegersomething along those lines23:47
john_cephalopodaAdd a .signatures folder on top level and drop in all signatures that belong to that repo, then sign that list with the repo main key.23:49
john_cephalopodaUntil that is standard, a temporary solution would be, to run a server-side git post-commit hook, that checks if the one who committed is the one who they claims to be and then automatically signs that package.23:50
pedjawith which key?23:56
john_cephalopodaWith the repo key.23:58

Generated by 2.14.0 by Marius Gedminas - find it at!