Monthly Archives: July 2021

Maschinen

German English
Lineare Führungsschiene Linear Guide Rail
Gleitwagen Sliding carriage
Radialkugellager radial ball bearing
Linearkugellager linear ball bearing
Linearwelle/Linearachse linear shaft
Kugelgewindespindel ballscrew
Kugelumlaufmutter ball nut

FreeBSD 13.0 on on PC Engines APU

dd if=FreeBSD-13.0-RELEASE-amd64-memstick.img of=/dev/da0 bs=1M conv=sync

Use a FreeBSD system (old version) on APU:
1. single user mode: press 2
2. fsck -y
3. mount -u /
4. mount -a
5. passwd
6. reboot

# gpart show
=>      34  31277165  ada0  GPT  (15G)
        34      1024     1  freebsd-boot  (512K)
      1058  29359104     2  freebsd-ufs  (14G)
  29360162   1564672     3  freebsd-swap  (764M)
  30924834    352365        - free -  (172M)

=>       1  15728639  da1  MBR  (7.5G)
         1     66584    1  !239  (33M)
     66585   2064080    2  freebsd  [active]  (1.0G)
   2130665  13597975       - free -  (6.5G)

=>      0  2064080  da1s2  BSD  (1.0G)
        0       16         - free -  (8.0K)
       16  2064064      1  freebsd-ufs  (1.0G)

# mount /dev/da1s2a /mnt
# vi /mnt/boot/loader.conf
vfs.mountroot.timeout="10"
kernels_autodetect="NO"
comconsole_speed="115200"
console="comconsole"

[...]
Please choose the appropriate terminal type for your system.
Common console types are:
   ansi     Standard ANSI terminal
   vt100    VT100 or compatible terminal
   xterm    xterm terminal emulator (or compatible)
   cons25w  cons25w terminal
 
Console type [vt100]: vt100

How To Reset Or Recover Root Password On FreeBSD 10

---<<BOOT>>---
Copyright (c) 1992-2021 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 13.0-RELEASE #0 releng/13.0-n244733-ea31abc261f: Fri Apr  9 04:24:09 UTC 2021
    root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64
FreeBSD clang version 11.0.1 (git@github.com:llvm/llvm-project.git llvmorg-11.0.1-0-g43ff75f2c3fe)
VT(vga): resolution 640x480
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)
  Origin="AuthenticAMD"  Id=0x500f20  Family=0x14  Model=0x2  Stepping=0
  Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x802209<SSE3,MON,SSSE3,CX16,POPCNT>
  AMD Features=0x2e500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM>
  AMD Features2=0x35ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,IBS,SKINIT,WDT>
  SVM: NP,NRIP,NAsids=8
  TSC: P-state invariant, performance statistics
real memory  = 4815060992 (4592 MB)
avail memory = 4086845440 (3897 MB)
Event timer "LAPIC" quality 100
ACPI APIC Table: <CORE   COREBOOT>
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
random: unblocking device.
ioapic0 <Version 2.1> irqs 0-23
Launching APs: 1
Timecounter "TSC" frequency 1000021804 Hz quality 800
KTLS: Initialized 2 threads
random: entropy device external interface
000.000019 [4354] netmap_init               netmap: loaded module
[ath_hal] loaded
WARNING: Device "kbd" is Giant locked and may be deleted before FreeBSD 14.0.
kbd0 at kbdmux0
mlx5en: Mellanox Ethernet driver 3.6.0 (December 2020)
nexus0
vtvga0: <VT VGA driver>
cryptosoft0: <software crypto>
aesni0: No AES or SHA support.
acpi0: <CORE COREBOOT>
acpi0: Power Button (fixed)
cpu0: <ACPI CPU> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 550
Event timer "HPET1" frequency 14318180 Hz quality 450
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <32-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
apei0: <ACPI Platform Error Interface> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 4.0 on pci0
pci1: <ACPI PCI bus> on pcib1
re0: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0x1000-0x10ff mem 0xf7900000-0xf7900fff,0xf7800000-0xf7803fff irq 16 at device 0.0 on pci1
re0: Using 1 MSI-X message
re0: ASPM disabled
re0: Chip rev. 0x2c000000
re0: MAC rev. 0x00200000
miibus0: <MII bus> on re0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0
rgephy0:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re0: Using defaults for TSO: 65518/35/2048
re0: Ethernet address: 00:0d:b9:35:88:b4
re0: netmap queues/slots: TX 1/256, RX 1/256
pcib2: <ACPI PCI-PCI bridge> irq 17 at device 5.0 on pci0
pci2: <ACPI PCI bus> on pcib2
re1: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0x2000-0x20ff mem 0xf7b00000-0xf7b00fff,0xf7a00000-0xf7a03fff irq 17 at device 0.0 on pci2
re1: Using 1 MSI-X message
re1: ASPM disabled
re1: Chip rev. 0x2c000000
re1: MAC rev. 0x00200000
miibus1: <MII bus> on re1
rgephy1: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus1
rgephy1:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re1: Using defaults for TSO: 65518/35/2048
re1: Ethernet address: 00:0d:b9:35:88:b5
re1: netmap queues/slots: TX 1/256, RX 1/256
pcib3: <ACPI PCI-PCI bridge> irq 18 at device 6.0 on pci0
pci3: <ACPI PCI bus> on pcib3
re2: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0x3000-0x30ff mem 0xf7d00000-0xf7d00fff,0xf7c00000-0xf7c03fff irq 18 at device 0.0 on pci3
re2: Using 1 MSI-X message
re2: ASPM disabled
re2: Chip rev. 0x2c000000
re2: MAC rev. 0x00200000
miibus2: <MII bus> on re2
rgephy2: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus2
rgephy2:  none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
re2: Using defaults for TSO: 65518/35/2048
re2: Ethernet address: 00:0d:b9:35:88:b6
re2: netmap queues/slots: TX 1/256, RX 1/256
pcib4: <ACPI PCI-PCI bridge> irq 19 at device 7.0 on pci0
pci4: <ACPI PCI bus> on pcib4
ath0: <Atheros 9280> at device 0.0 on pci4
[ath] enabling AN_TOP2_FIXUP
ath0: [HT] enabling HT modes
ath0: [HT] 1 stream STBC receive enabled
ath0: [HT] 1 stream STBC transmit enabled
ath0: [HT] 2 RX streams; 2 TX streams
ath0: AR9280 mac 128.2 RF5133 phy 13.0
ath0: 2GHz radio: 0x0000; 5GHz radio: 0x00c0
ahci0: <AMD SB7x0/SB8x0/SB9x0 AHCI SATA controller> port 0x4010-0x4017,0x4020-0x4023,0x4018-0x401f,0x4024-0x4027,0x4000-0x400f mem 0xf7f04000-0xf7f043ff irq 19 at device 17.0 on pci0
ahci0: AHCI v1.20 with 6 6Gbps ports, Port Multiplier supported
ahci0: quirks=0x22000<ATI_PMP_BUG,1MSI>
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
ahcich2: <AHCI channel> at channel 2 on ahci0
ahcich3: <AHCI channel> at channel 3 on ahci0
ahcich4: <AHCI channel> at channel 4 on ahci0
ahcich5: <AHCI channel> at channel 5 on ahci0
ohci0: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf7f00000-0xf7f00fff irq 18 at device 18.0 on pci0
usbus0 on ohci0
usbus0: 12Mbps Full Speed USB v1.0
ehci0: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem 0xf7f04400-0xf7f044ff irq 17 at device 18.2 on pci0
usbus1: EHCI version 1.0
usbus1 on ehci0
usbus1: 480Mbps High Speed USB v2.0
ohci1: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf7f01000-0xf7f01fff irq 18 at device 19.0 on pci0
usbus2 on ohci1
usbus2: 12Mbps Full Speed USB v1.0
ehci1: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem 0xf7f04500-0xf7f045ff irq 17 at device 19.2 on pci0
usbus3: EHCI version 1.0
usbus3 on ehci1
usbus3: 480Mbps High Speed USB v2.0
isab0: <PCI-ISA bridge> at device 20.3 on pci0
isa0: <ISA bus> on isab0
pcib5: <ACPI PCI-PCI bridge> at device 20.4 on pci0
pci5: <ACPI PCI bus> on pcib5
ohci2: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf7f02000-0xf7f02fff irq 18 at device 20.5 on pci0
usbus4 on ohci2
usbus4: 12Mbps Full Speed USB v1.0
pcib6: <ACPI PCI-PCI bridge> at device 21.0 on pci0
pci6: <ACPI PCI bus> on pcib6
ohci3: <AMD SB7x0/SB8x0/SB9x0 USB controller> mem 0xf7f03000-0xf7f03fff at device 22.0 on pci0
usbus5 on ohci3
usbus5: 12Mbps Full Speed USB v1.0
ehci2: <AMD SB7x0/SB8x0/SB9x0 USB 2.0 controller> mem 0xf7f04600-0xf7f046ff at device 22.2 on pci0
usbus6: EHCI version 1.0
usbus6 on ehci2
usbus6: 480Mbps High Speed USB v2.0
acpi_button0: <Power Button> on acpi0
orm0: <ISA Option ROM> at iomem 0xee800-0xeffff pnpid ORM0000 on isa0
uart0: <16550 or compatible> at port 0x3f8 irq 4 flags 0x10 on isa0
uart0: console (115200,n,8,1)
uart0: non-PNP ISA device will be removed from GENERIC in FreeBSD 14.
uart1: <16550 or compatible> at port 0x2f8 irq 3 on isa0
uart1: non-PNP ISA device will be removed from GENERIC in FreeBSD 14.
Timecounters tick every 1.000 msec
Trying to mount root from ufs:/dev/ada0a [rw]...
ugen5.1: <ATI OHCI root HUB> at usbus5
ugen6.1: <ATI EHCI root HUB> at usbus6
uhub0 on usbus5
uhub1 on usbus6
uhub0: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5
uhub1: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus6
ugen3.1: <ATI EHCI root HUB> at usbus3
ugen4.1: <ATI OHCI root HUB> at usbus4
uhub2 on usbus3
uhub3 on usbus4
uhub2: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3
uhub3: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4
ugen1.1: <ATI EHCI root HUB> at usbus1
ugen2.1: <ATI OHCI root HUB> at usbus2
uhub4 on usbus1
uhub4: <ATI EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
Root mount waiting for:uhub5 CAM usbus0 on usbus2
 usbus1 usbus2uhub5: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2
 usbus3 usbus4ugen0.1: <ATI OHCI root HUB> at usbus0
 usbus5 usbus6
uhub6ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <SB mSATA SSD S9FM01.8> ACS-3 ATA SATA 3.x device
ada0: Serial Number DDDF074704EE00609569
ada0: 600.000MB/s transfers (SATA 3.x, UDMA6, PIO 8192bytes)
ada0: Command Queueing enabled
ada0: 14318MB (29323728 512 byte sectors)
 on usbus0
uhub6: <ATI OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0
uhub3: 2 ports with 2 removable, self powered
uhub0: 4 ports with 4 removable, self powered
uhub5: 5 ports with 5 removable, self powered
uhub6: 5 ports with 5 removable, self powered
Root mount waiting for: usbus1 usbus3 usbus6
uhub1: 4 ports with 4 removable, self powered
uhub2: 5 ports with 5 removable, self powered
uhub4: 5 ports with 5 removable, self powered
ugen6.2: <Generic Flash Card Reader/Writer> at usbus6
umass0 on uhub1
umass0: <Generic Flash Card Reader/Writer, class 0/0, rev 2.01/1.00, addr 2> on usbus6
umass0:  SCSI over Bulk-Only; quirks = 0x4001
umass0:6:0: Attached to scbus6
Root mount waiting for: CAM
da0 at umass-sim0 bus 0 scbus6 target 0 lun 0
da0: <Multiple Card  Reader 1.00> Removable Direct Access SPC-2 SCSI device
da0: Serial Number 058F63666485
da0: 40.000MB/s transfers
da0: Attempt to query device size failed: NOT READY, Medium not present
da0: quirks=0x2<NO_6_BYTE>
mountroot: waiting for device /dev/ada0a...
Setting hostuuid: e200cc64-e8ce-11eb-bbfd-000db93588b4.
Setting hostid: 0x9649dd3c.
Starting file system checks:
/dev/ada0a: FILE SYSTEM CLEAN; SKIPPING CHECKS
/dev/ada0a: clean, 2807402 free (682 frags, 350840 blocks, 0.0% fragmentation)
Mounting local filesystems:.
ELF ldconfig path: /lib /usr/lib /usr/lib/compat
32-bit compatibility ldconfig path: /usr/lib32
Setting hostname: router.
Setting up harvesting: [UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
Feeding entropy: .
Autoloading module: intpm.ko
intsmb0: <AMD SB600/7xx/8xx/9xx SMBus Controller> at device 20.0 on pci0
smbus0: <System Management Bus> on intsmb0
lo0: link state changed to UP
re0: link state changed to DOWN
Starting Network: lo0 re0 re1 re2.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINre1: link state changed to DOWN
KLOCAL>
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_Hre2: link state changed to DOWN
WTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:0d:b9:35:88:b4
	inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
	media: Ethernet autoselect (none)
	status: no carrier
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
re1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:0d:b9:35:88:b5
	media: Ethernet autoselect (10baseT/UTP <half-duplex>)
	status: no carrier
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
re2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:0d:b9:35:88:b6
	media: Ethernet autoselect (10baseT/UTP <half-duplex>)
	status: no carrier
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Starting devd.
Starting Network: re1.
re1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:0d:b9:35:88:b5
	media: Ethernet autoselect (10baseT/UTP <half-duplex>)
	status: no carrier
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Starting Network: re2.
re2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether 00:0d:b9:35:88:b6
	media: Ethernet autoselect (10baseT/UTP <half-duplex>)
	status: no carrier
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Autoloading module: intpm.ko
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Clearing /tmp (X related).
Creating and/or trimming log files.
Updating motd:.
Updating /var/run/os-release done.
Starting syslogd.
No core dumps found.
Mounting late filesystems:.
Starting sendmail_submit.
Starting sendmail_msp_queue.
Performing sanity check on sshd configuration.
Starting sshd.
Configuring vt: keymap blanktime.
Starting cron.
Starting background file system checks in 60 seconds.

Mon Jul 19 22:23
FreeBSD/amd64 (router) (ttyu0)
# vi /etc/motd.template
# service motd restart
# vi /etc/wpa_supplicant.conf
network={
        ssid="BACHI.NET"
        psk="<PASSWORD>"
}

# vi /etc/rc.conf
wlans_ath0="wlan0"
ifconfig_wlan0="WPA SYNCDHCP"

# service netif restart
Stopping Network: lo0 re0 re1 re2.
[...]
Created wlan(4) interfaces: wlan0.
Starting wpa_supplicant.
Jul 20 09:46:34 router wpa_supplicant[1350]: ioctl[SIOCS80211, op=20, val=0, arg_len=7]: Invalid argument
Starting dhclient.
wlan0: no link .............. giving up
/etc/rc.d/dhclient: WARNING: failed to start dhclient
Starting Network: lo0 re0 re1 re2 wlan0.
[...]
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 04:f0:21:0c:2b:a6
        groups: wlan
        ssid "" channel 165 (5825 MHz 11a)
        regdomain FCC country US ecm authmode WPA1+WPA2/802.11i privacy MIXED
        deftxkey UNDEF txpower 23 bmiss 7 mcastrate 6 mgmtrate 6 scanvalid 60
        wme burst roaming MANUAL bintval 0
        parent interface: ath0
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

$ ifconfig wlan create wlandev ath0 up
$ wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf

# ifconfig wlan0 up list scan
SSID/MESH ID                      BSSID              CHAN RATE    S:N     INT CAPS
Mrvica                            5c:dc:96:97:fb:30    1   54M  -80:-96   100 EP   RSN BSSLOAD HTCAP WPS WME
LOBModem.speed                    b8:ec:a3:d6:73:1d   48   54M  -85:-96   100 EP   HTCAP VHTCAP VHTOPMODE VHTPWRENV WME ATH RSN WPS
LOBModem                          b8:ec:a3:d6:73:1c    5   54M  -77:-96   100 EPS  HTCAP VHTCAP VHTOPMODE WME ATH RSN WPS
apk-66626                         18:d6:c7:cc:3d:90    1   54M  -84:-96   100 EP   HTCAP WPA RSN WME BSSLOAD
UPC Wi-Free                       e6:57:40:fe:5d:93    6   54M  -85:-96   100 EPS  RSN HTCAP WME
Mrvica                            5c:dc:96:97:fb:35   36   54M  -88:-96   100 EP   RSN BSSLOAD HTCAP VHTCAP VHTOPMODE VHTPWRENV WPS WME
UPC1185780                        e4:57:40:fe:5d:c3    6   54M  -84:-96   100 EPS  RSN HTCAP WME WPS
UPC736594E                        ac:22:05:2e:9a:ca   44   54M  -88:-96   100 EPS  RSN HTCAP VHTCAP VHTOPMODE VHTPWRENV WPA WME WPS
Demiri 2.4 GhZ                    e8:df:70:73:09:0a    4   54M  -83:-96   100 EPS  BSSLOAD HTCAP VHTCAP VHTOPMODE WME ATH WPS RSN
0x000000000000                    6a:6c:9a:62:dc:41   11   54M  -90:-96   100 EP   RSN BSSLOAD HTCAP WME

BACHI.NET not in the list...

Linux:
# sudo iwlist scan
wlp2s0    Scan completed :
          Cell 01 - Address: E8:DE:27:90:22:15
                    Channel:12
                    Frequency:2.467 GHz (Channel 12)
                    Quality=58/70  Signal level=-52 dBm  
                    Encryption key:on
                    ESSID:"BACHI.NET"
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 9 Mb/s
                              18 Mb/s; 36 Mb/s; 54 Mb/s
                    Bit Rates:6 Mb/s; 12 Mb/s; 24 Mb/s; 48 Mb/s
                    Mode:Master
                    Extra:tsf=00000035e90e7b2b
                    Extra: Last beacon: 156ms ago
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK

# ifconfig wlan0 list regdomain
:regdomain FCC country US anywhere ecm
Channel   1 : 2412      MHz 11b          Channel   9 : 2452      MHz 11g         
[...]

So the regdomain has to be changed!!
From: regdomain FCC country US ecm authmode WPA1+WPA2/802.11i privacy MIXED
To:   regdomain ETSI country CH ecm authmode WPA1+WPA2/802.11i

# vi /etc/regdomain.xml
<country id="CH">
  <isocc>756</isocc> <name>Switzerland</name> <rd ref="etsi"/>
</country>

# vi /etc/rc.conf
create_args_wlan0="country CH regdomain etsi ssid BACHI.NET"
wlans_ath0="wlan0"
ifconfig_wlan0="WPA SYNCDHCP"

# vi /etc/wpa_supplicant.conf
network={
        ssid="BACHI.NET"
        scan_ssid=1
        proto=WPA RSN
        key_mgmt=WPA-PSK
        pairwise=CCMP
        psk="<PASSWORD>"
}

Jul 20 10:25:29 router wpa_supplicant[3265]: Failed to add supported operating classes IE

# ifconfig wlan0 up list scan
SSID/MESH ID                      BSSID              CHAN RATE    S:N     INT CAPS
UPC736594E                        ac:22:05:2e:9a:d9    1   54M  -80:-96   100 EP   APCHANREP APCHANREP WPA RSN WPS HTCAP WME BSSLOAD
Mrvica                            5c:dc:96:97:fb:30    1   54M  -72:-96   100 EP   RSN BSSLOAD HTCAP WPS WME
UPC Wi-Free                       e6:57:40:fe:5d:93    6   54M  -73:-96   100 EPS  RSN HTCAP WME
UPC1185780                        e4:57:40:fe:5d:c3    6   54M  -74:-96   100 EPS  RSN HTCAP WME WPS
LOBModem.speed                    b8:ec:a3:d6:73:1d   48   54M  -86:-96   100 EP   HTCAP VHTCAP VHTOPMODE VHTPWRENV WME ATH RSN WPS
LOBModem                          b8:ec:a3:d6:73:1c    5   54M  -80:-96   100 EPS  HTCAP VHTCAP VHTOPMODE WME ATH RSN WPS
Drucker                           a0:04:60:e0:3e:fc    8   54M  -79:-96   100 EP   RSN HTCAP WPS WME
BACHI.NET                         e8:de:27:90:22:15   12   54M  -76:-96   100 EP   HTCAP RSN WME BSSLOAD WPS

# service netif restart
Stopping wpa_supplicant.
Waiting for PIDS: 3265Jul 20 10:27:29 router wpa_supplicant[3265]: ioctl[SIOCS80211, op=20, val=0, arg_len=7]: Can't assign requested address
Stopping Network: lo0 re0 re1 re2 wlan0.
[...]
wlan0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 04:f0:21:0c:2b:a6
        groups: wlan
        ssid "" channel 12 (2467 MHz 11g ht/20)
        regdomain ETSI country CH ecm authmode OPEN privacy OFF txpower 30
        bmiss 7 scanvalid 60 protmode CTS ampdulimit 64k ampdudensity 8
        shortgi -ldpc -uapsd wme burst
        parent interface: ath0
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Destroyed wlan(4) interfaces: wlan0.
Created wlan(4) interfaces: wlan0.
Starting wpa_supplicant.
Jul 20 10:27:30 router wpa_supplicant[3659]: ioctl[SIOCS80211, op=20, val=0, arg_len=7]: Invalid argument
Starting dhclient.
wlan0: no link ........Jul 20 10:27:30 router syslogd: last message repeated 1 times
Jul 20 10:27:36 router wpa_supplicant[3660]: Failed to add supported operating classes IE
 got link
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
Jul 20 10:27:37 router dhclient[3678]: send_packet: No buffer space available
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 16
DHCPOFFER from 10.0.0.1
DHCPREQUEST on wlan0 to 255.255.255.255 port 67
DHCPACK from 10.0.0.1
bound to 10.0.0.201 -- renewal in 300 seconds.
Starting Network: lo0 re0 re1 re2 wlan0.
[...]
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 04:f0:21:0c:2b:a6
        inet 10.0.0.201 netmask 0xff000000 broadcast 10.255.255.255
        groups: wlan
        ssid BACHI.NET channel 12 (2467 MHz 11g ht/20) bssid e8:de:27:90:22:15
        regdomain ETSI country CH ecm authmode WPA2/802.11i privacy ON
        deftxkey UNDEF AES-CCM 3:128-bit txpower 30 bmiss 7 scanvalid 60
        protmode CTS ampdulimit 64k ampdudensity 4 shortgi -ldpc -uapsd wme
        burst roaming MANUAL
        parent interface: ath0
        media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
        status: associated
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Atheros AR9280 WIFI not working (wrong regdomain!)
What is the correct Regdomain code?
FreeBSD WLAN und der Ländercode

Chapter 32. Advanced Networking
Kapitel 31. Weiterführende Netzwerkthemen

# pkg install bash
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.16.3...
Extracting pkg-1.16.3: 100%
Updating FreeBSD repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
Fetching packagesite.txz: 100%    6 MiB   1.7MB/s    00:04    
Processing entries: 100%
FreeBSD repository update completed. 30722 packages processed.
All repositories are up to date.
Updating database digests format: 100%
# pkg install bash

The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        bash: 5.1.8
        gettext-runtime: 0.21
        indexinfo: 0.3.1
        readline: 8.1.1

Number of packages to be installed: 4

The process will require 11 MiB more space.
2 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/4] Fetching bash-5.1.8.txz: 100%    1 MiB   1.5MB/s    00:01    
[2/4] Fetching indexinfo-0.3.1.txz: 100%    6 KiB   5.7kB/s    00:01    
[3/4] Fetching readline-8.1.1.txz: 100%  361 KiB 369.2kB/s    00:01    
[4/4] Fetching gettext-runtime-0.21.txz: 100%  166 KiB 169.9kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/4] Installing indexinfo-0.3.1...
[1/4] Extracting indexinfo-0.3.1: 100%
[2/4] Installing readline-8.1.1...
[2/4] Extracting readline-8.1.1: 100%
[3/4] Installing gettext-runtime-0.21...
[3/4] Extracting gettext-runtime-0.21: 100%
[4/4] Installing bash-5.1.8...
[4/4] Extracting bash-5.1.8: 100%

# pw user mod andreas -s /usr/local/bin/bash
# pw user mod root -s /usr/local/bin/bash

Bridging
Bridge ethernet and wifi
How do I create a network bridge between WLAN and Ethernet on FreeBSD?
Four layer-2 addresses in 802.11 frame header
pf and bridge(4)

Not Related (AP-Mode)
Routing between bridged interfaces
FreeBSD WiFi and Ethernet Bridging and Aggregation
freebsd: wired and wireless router with transparent bridge

# ifconfig bridge create
bridge0

# ifconfig bridge0
bridge0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 96:3d:4b:f1:79:7a
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0

# ifconfig bridge0 addm fxp0 addm fxp1 up
# ifconfig fxp0 up
# ifconfig fxp1 up

# ifconfig bridge0 inet 192.168.0.1/24

oder

cloned_interfaces="bridge0"
ifconfig_bridge0="addm fxp0 addm fxp1 up"
ifconfig_fxp0="up"
ifconfig_fxp1="up"

Löschen
# ifconfig bridge0 deletem fxp0
# ifconfig bridge0 destroy




# sysctl net.link.bridge.pfil_member=1 net.link.bridge.pfil_bridge=1 net.link.bridge.pfil_onlyip=1
net.link.bridge.pfil_member: 0 -> 1
net.link.bridge.pfil_bridge: 0 -> 1
net.link.bridge.pfil_onlyip: 0 -> 1

# sysctl net.link.bridge.pfil_member=0 net.link.bridge.pfil_bridge=0 net.link.bridge.pfil_onlyip=0
net.link.bridge.pfil_member: 1 -> 0
net.link.bridge.pfil_bridge: 1 -> 0
net.link.bridge.pfil_onlyip: 1 -> 0

# tcpdump -i bridge0 arp or port bootps
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bridge0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:39:46.825905 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from f4:6d:04:9a:35:90 (oui Unknown), length 300
10:39:47.373132 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from f4:6d:04:9a:35:90 (oui Unknown), length 300
10:39:50.699967 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from f4:6d:04:9a:35:90 (oui Unknown), length 300
10:39:51.131570 ARP, Request who-has 10.0.0.1 tell 169.254.27.2, length 46
10:39:51.894754 ARP, Request who-has 10.0.0.1 tell 169.254.27.2, length 46

# tcpdump -i wlan0 arp or port bootps
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:40:31.225506 ARP, Request who-has 10.0.0.1 tell 169.254.27.2, length 46
10:40:31.477946 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from f4:6d:04:9a:35:90 (oui Unknown), length 300
10:40:31.890022 ARP, Request who-has 10.0.0.1 tell 169.254.27.2, length 46
10:40:32.886135 ARP, Request who-has 10.0.0.1 tell 169.254.27.2, length 46

How to permanently remove default routing rule for secondary network interface from window’s IP routing table in C#




# pkg install isc-dhcp44-server
Updating FreeBSD repository catalogue...
Fetching packagesite.txz: 100%    6 MiB 824.4kB/s    00:08
Processing entries: 100%
FreeBSD repository update completed. 30726 packages processed.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        isc-dhcp44-server: 4.4.2P1_1

Number of packages to be installed: 1

The process will require 6 MiB more space.
1 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching isc-dhcp44-server-4.4.2P1_1.txz: 100%    1 MiB 371.0kB/s    00:04
Checking integrity... done (0 conflicting)
[1/1] Installing isc-dhcp44-server-4.4.2P1_1...
===> Creating groups.
Creating group 'dhcpd' with gid '136'.
===> Creating users
Creating user 'dhcpd' with uid '136'.
[1/1] Extracting isc-dhcp44-server-4.4.2P1_1: 100%
=====
Message from isc-dhcp44-server-4.4.2P1_1:

--
****  To setup dhcpd, please edit /usr/local/etc/dhcpd.conf.

****  This port installs the dhcp daemon, but doesn't invoke dhcpd by default.
      If you want to invoke dhcpd at startup, add these lines to /etc/rc.conf:

            dhcpd_enable="YES"                          # dhcpd enabled?
            dhcpd_flags="-q"                            # command option(s)
            dhcpd_conf="/usr/local/etc/dhcpd.conf"      # configuration file
            dhcpd_ifaces=""                             # ethernet interface(s)
            dhcpd_withumask="022"                       # file creation mask

****  If compiled with paranoia support (the default), the following rc.conf
      options are also supported:

            dhcpd_chuser_enable="YES"           # runs w/o privileges?
            dhcpd_withuser="dhcpd"              # user name to run as
            dhcpd_withgroup="dhcpd"             # group name to run as
            dhcpd_chroot_enable="YES"           # runs chrooted?
            dhcpd_devfs_enable="YES"            # use devfs if available?
            dhcpd_rootdir="/var/db/dhcpd"       # directory to run in
            dhcpd_includedir="<some_dir>"       # directory with config-
                                                  files to include

****  WARNING: never edit the chrooted or jailed dhcpd.conf file but
      /usr/local/etc/dhcpd.conf instead which is always copied where
      needed upon startup.

FreeBSD 12.0: Ports not working anymore

commit https://reviews.freebsd.org/rP554893 makes all ports not working anymore…
Can’t make any ports – “set: Illegal option -o pipefail”

# make
set: Illegal option -o pipefail
===> Options unchanged

You may use the following build options:

WITH_BIG_CONCURRENCY_PATCH_CONCURRENCY_LIMIT=NUMBER
                                (default NUMBER=)
                                set this to a value reasonable for
                                your system if you use the patch

/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[1]: stopped in /usr/ports/mail/qmail-tls
*** Error code 1

Stop.
make: stopped in /usr/ports/mail/qmail-tls

Solution

Update to 12.2

qmail mit TLS 1.3

qmail variants

s/qmail
qmail-ldap, by André Oppermann (LinkedIn, Xing)
Life With qmail-ldap

freshports.org

qmail
qmail-tls: Secure, reliable, and fast MTA for UNIX systems with TLS support

Repository

https://cgit.freebsd.org/ports/tree/mail/qmail?h=release/12.2.0

FreeBSD 10.2

ZHAW -> tE-Clan Server ==> works
tE-Clan Server -> ZHAW ==> DOESN’T work!!
$ pkg info netqmail-tls
netqmail-tls-1.06.20110119_1
Name           : netqmail-tls
Version        : 1.06.20110119_1
Installed on   : Fri Dec 11 10:59:23 2015 CET
Origin         : mail/qmail-tls
Architecture   : freebsd:10:x86:64
Prefix         : /var/qmail
Categories     : mail
Licenses       :
Maintainer     : erdgeist@erdgeist.org
WWW            : http://inoa.net/qmail-tls/
Comment        : Secure, reliable, and fast MTA for UNIX systems with TLS support
Options        :
        BIG_CONCURRENCY_PATCH: off
        BIG_TODO_PATCH : on
        BLOCKEXEC_PATCH: on
        DISCBOUNCES_PATCH: off
        DNS_CNAME      : on
        DOCS           : on
        EXTTODO_PATCH  : off
        LOCALTIME_PATCH: off
        MAILDIRQUOTA_PATCH: off
        OUTGOINGIP_PATCH: on
        QEXTRA         : off
        QMTPC_PATCH    : off
        RCDLINK        : off
        SMTP_AUTH_PATCH: off
        SPF_PATCH      : off
        TLS_DEBUG      : off
Annotations    :
Flat size      : 1.06MiB
Description    :
What is is: [excerpt taken from tls patch]

Frederik Vermeulen <qmail-tls at inoa.net> 20021228
http://inoa.net/qmail/qmail-1.03-tls.patch

This patch implements RFC2487 in qmail. This means you can
get SSL or TLS encrypted and authenticated SMTP between
the MTAs and between MTA and an MUA like Netscape4.5 TM.
The code is considered experimental.

WWW: http://inoa.net/qmail-tls/

# tail /var/log/qmail/current | tai64nlocal
2021-07-09 16:13:31.006863500 status: local 1/10 remote 0/20
2021-07-09 16:13:31.020170500 delivery 47043: success: did_0+0+1/
2021-07-09 16:13:31.020288500 status: local 0/10 remote 0/20
2021-07-09 16:13:31.020361500 end msg 963489

2021-07-09 16:37:34.013898500 new msg 963470
2021-07-09 16:37:34.013922500 info msg 963470: bytes 2686 from <XXX> qp 17787 uid 89
2021-07-09 16:37:34.398681500 starting delivery 47044: msg 963470 to remote XXX@hotmail.com
2021-07-09 16:37:34.398686500 status: local 0/10 remote 1/20
2021-07-09 16:37:35.411841500 delivery 47044: deferral: TLS_connect_failed;_connected_to_104.47.73.161./
2021-07-09 16:37:35.411846500 status: local 0/10 remote 0/20

2021-07-09 16:44:15.431323500 starting delivery 47045: msg 963470 to remote XXX@hotmail.com
2021-07-09 16:44:15.431328500 status: local 0/10 remote 1/20
2021-07-09 16:44:15.841424500 delivery 47045: deferral: TLS_connect_failed;_connected_to_104.47.17.161./
2021-07-09 16:44:15.841460500 status: local 0/10 remote 0/20

2021-07-09 17:04:15.098384500 starting delivery 47047: msg 963470 to remote XXX@hotmail.com
2021-07-09 17:04:15.098390500 status: local 0/10 remote 1/20
2021-07-09 17:04:15.289859500 delivery 47047: deferral: TLS_connect_failed;_connected_to_104.47.10.33./
2021-07-09 17:04:15.289889500 status: local 0/10 remote 0/20
[root@ns2 /usr/ports/mail/qmail-tls]# make install

You may use the following build options:

WITH_BIG_CONCURRENCY_PATCH_CONCURRENCY_LIMIT=NUMBER
                                (default NUMBER=)
                                set this to a value reasonable for
                                your system if you use the patch

===>  netqmail-tls-1.06.20110119_1 has known vulnerabilities:
netqmail-tls-1.06.20110119_1 is vulnerable:
qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests
CVE: CVE-2005-1515
CVE: CVE-2005-1514
CVE: CVE-2005-1513
WWW: https://vuxml.FreeBSD.org/freebsd/b495af21-9e10-11ea-9e83-0cc47ac16c9d.html

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/mail/qmail-tls
*** Error code 1

Stop.
make: stopped in /usr/ports/mail/qmail-tls
.if defined(SLAVE_LDAP)
PATCH_SITES+=   http://www.nrg4u.com/qmail/:ldap
PATCHFILES+=    qmail-ldap-1.03-${LDAP_PATCH_DATE}.patch.gz:ldap
.elif defined(SLAVE_MYSQL)
PATCH_SITES+=   http://iain.cx/unix/qmail/download/:mysql
PATCHFILES+=    netqmail-mysql-${MYSQL_PATCH_VERSION}.patch:mysql
.elif defined(SLAVE_TLS)
PATCH_SITES+=   http://inoa.net/qmail-tls/:tls
TLS_PATCH_NAME= ${QMAIL_PORTNAME}-${QMAIL_VERSION}-tls-${TLS_PATCH_DATE}.patch
PATCHFILES+=    ${TLS_PATCH_NAME}:tls
.endif
PORTNAME=       qmail
PORTVERSION=    ${QMAIL_VERSION}.${TLS_PATCH_DATE}

PKGNAMESUFFIX=  -tls

SLAVE_TLS=      yes
TLS_PATCH_DATE= 20110119
# where pkg_add records its dirty deeds.
PKG_DBDIR?=		/var/db/pkg

AUDITFILE?=		${PKG_DBDIR}/vuln.xml

check-vulnerable:
.if !defined(DISABLE_VULNERABILITIES) && !defined(PACKAGE_BUILDING)
	[...]
			${ECHO_MSG} "===>  ${PKGNAME} has known vulnerabilities:"; \
			${ECHO_MSG} "$$vlist"; \
			${ECHO_MSG} "=> Please update your ports tree and try again."; \
			${ECHO_MSG} "=> Note: Vulnerable ports are marked as such even if there is no update available."; \
			${ECHO_MSG} "=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'"; \
    <topic>qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests</topic>
        <name>netqmail</name>
        <name>netqmail-tls</name>
        <name>netqmail-mysql</name>

Chapter 4. Slow Porting: 4.4. Patching

  1. […]
  2. […]
  3. The patch target is run. First, any patches defined in PATCHFILES are applied. Second, if any patch files named patch-* are found in PATCHDIR (defaults to the files subdirectory), they are applied at this time in alphabetical order.
  4. […]
===>   netqmail-tls-1.06.20200107_4 depends on file: /usr/local/sbin/pkg - found
=> qmail-smtpd-auth-0.31.tar.gz doesn't seem to exist in /usr/ports/distfiles/qmail.
=> Attempting to fetch http://tomclegg.net/qmail/qmail-smtpd-auth-0.31.tar.gz
qmail-smtpd-auth-0.31.tar.gz                  100% of 8798  B   27 MBps 00m00s
=> qmail-smtpd-auth-close3.patch doesn't seem to exist in /usr/ports/distfiles/qmail.
=> Attempting to fetch http://tomclegg.net/qmail/qmail-smtpd-auth-close3.patch
qmail-smtpd-auth-close3.patch                 100% of  520  B 2791 kBps 00m00s
=> auth.patch.diff-tls-20110119 doesn't seem to exist in /usr/ports/distfiles/qmail.
=> Attempting to fetch http://tomclegg.net/qmail/auth.patch.diff-tls-20110119
fetch: http://tomclegg.net/qmail/auth.patch.diff-tls-20110119: Not Found
=> Attempting to fetch http://distcache.FreeBSD.org/local-distfiles/bdrewery/qmail/auth.patch.diff-tls-20110119
auth.patch.diff-tls-20110119                  100% of 3170  B   18 MBps 00m00s
=> netqmail-1.06-tls-20200107.patch doesn't seem to exist in /usr/ports/distfiles/qmail.
=> Attempting to fetch http://inoa.net/qmail-tls/netqmail-1.06-tls-20200107.patch
netqmail-1.06-tls-20200107.patch              100% of   50 kB 3567 kBps 00m00s
===> Fetching all distfiles required by netqmail-tls-1.06.20200107_4 for building
===>  Extracting for netqmail-tls-1.06.20200107_4
=> SHA256 Checksum OK for qmail/netqmail-1.06.tar.gz.
=> SHA256 Checksum OK for qmail/qmail-smtpd-auth-0.31.tar.gz.
=> SHA256 Checksum OK for qmail/qmail-smtpd-auth-close3.patch.
=> SHA256 Checksum OK for qmail/auth.patch.diff-tls-20110119.
=> SHA256 Checksum OK for qmail/qmail-103.patch.
=> No SHA256 checksum recorded for qmail/netqmail-1.06-tls-20200107.patch.
=> No suitable checksum found for qmail/netqmail-1.06-tls-20200107.patch.
=> SHA256 Checksum OK for qmail/qmail-block-executables.patch.
=> SHA256 Checksum OK for qmail/big-todo.103.patch.
=> SHA256 Checksum OK for qmail/outgoingip.patch.
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/mail/qmail-tls
*** Error code 1

Stop.
make: stopped in /usr/ports/mail/qmail-tls
# cd /usr/ports/mail/qmail-tls

# make makesum
===>  Found saved configuration for netqmail-tls-1.06.20200107_4
===>   netqmail-tls-1.06.20200107_4 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by netqmail-tls-1.06.20200107_4 for building

# make
===>  Found saved configuration for netqmail-tls-1.06.20200107_4
===>   netqmail-tls-1.06.20200107_4 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by netqmail-tls-1.06.20200107_4 for building
===>  Extracting for netqmail-tls-1.06.20200107_4
=> SHA256 Checksum OK for qmail/netqmail-1.06.tar.gz.
=> SHA256 Checksum OK for qmail/qmail-smtpd-auth-0.31.tar.gz.
=> SHA256 Checksum OK for qmail/qmail-smtpd-auth-close3.patch.
=> SHA256 Checksum OK for qmail/auth.patch.diff-tls-20110119.
=> SHA256 Checksum OK for qmail/qmail-103.patch.
=> SHA256 Checksum OK for qmail/netqmail-1.06-tls-20200107.patch.
=> SHA256 Checksum OK for qmail/qmail-block-executables.patch.
=> SHA256 Checksum OK for qmail/big-todo.103.patch.
=> SHA256 Checksum OK for qmail/outgoingip.patch.
===>  Patching for netqmail-tls-1.06.20200107_4
===>  Applying distribution patches for netqmail-tls-1.06.20200107_4
===>  Applying extra patch /usr/ports/mail/qmail-tls/../qmail/files/extra-patch-amd64
===>  Applying extra patch /usr/ports/mail/qmail-tls/../qmail/files/extra-patch-utmpx
===>  Applying extra patch /usr/ports/mail/qmail-tls/../qmail/files/extra-patch-dns-cname
===>  Applying FreeBSD patches for netqmail-tls-1.06.20200107_4
[...]


# ps auxd
- /usr/local/bin/svscan /var/service
|-- supervise pop3d
| `-- /usr/local/bin/tcpserver -vDHR -l0 -c200 -xtcp.cdb -- 0 110 /var/qmail/bin/qmail-popup ns2.te-clan.ch /usr/local/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir
|-- supervise log
| `-- multilog t ./main
|-- supervise smtpd
| `-- /usr/local/bin/tcpserver -vDUHR -lns2.te-clan.ch -c200 -xtcp.cdb -- 0 25 /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   |-- /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   | `-- /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   |-- /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   | `-- /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   |-- /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   | `-- /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   |-- /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   | `-- /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|   `-- /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|     `-- /var/qmail/bin/qmail-smtpd /usr/local/vpopmail/bin/vchkpw /bin/true
|-- supervise log
| `-- multilog t ./main
|-- supervise qmail
| `-- qmail-send
|   |-- /usr/local/bin/multilog t /var/log/qmail qmaill
|   |-- qmail-lspawn ./Maildir/
|   |-- qmail-rspawn
|   `-- qmail-clean
`-- supervise log
  `-- multilog t ./main


# find work -name qmail-remote
work/netqmail-1.06/qmail-remote
work/stage/var/qmail/bin/qmail-remote

# /usr/local/etc/rc.d/svscan stop
Stopping svscan.
Waiting for PIDS: 731.

# cp /usr/ports/mail/qmail-tls/work/stage/var/qmail/bin/qmail-remote /var/qmail/bin/qmail-remote

# /usr/local/etc/rc.d/svscan start

qmail mit TLS

smtp-auth + qmail-tls + forcetls patch for qmail, May 8, 2020
Patching qmail, June 19, 2021
Installing and configuring vpopmail, April 18, 2021
Installing Dovecot and sieve on a vpopmail + qmail server, June 20, 2021

Was ist TLS

SMTP and Transport Layer Security (TLS) [Tutorial]

Microsoft unterstützt TLS 1.0 nicht mehr!

TLS connect failed
SSL/TLS connection issue troubleshooting test tools
Can’t establish a TLS connection to a remote mail server in Exchange Online or Exchange Server
TLS negotiating failed
Office 365 to enforce TLS 1.2 per October 15, 2020
Checking security protocols and ciphers on your Exchange servers
Rehash: How to Fix the SSL/TLS Handshake Failed Error

SSL/TLS connection issue troubleshooting guide
SSL/TLS connection issue troubleshooting test tools

SMTP MTA STS

SMTP MTA STS (Strict Transport Security)
MTA-STS gestaltet Mail-Versand und -Empfang sicherer
STARTTLS: MTA-STS

OpenSSL

E-Mail-Verschlüsselung austesten
When was TLS 1.2 support added to OpenSSL?

# openssl version
OpenSSL 1.0.1p-freebsd 9 Jul 2015

SSL/TLS Client

From ns3.te-clan.ch
$ openssl s_client -host mail.te-clan.ch -port 25 -starttls smtp
CONNECTED(00000003)
ehlo test
depth=0 C = CH, ST = ZH, L = Winterthur, O = tE-clan Server, CN = Andreas Bachmann, emailAddress = bachi@te-clan.ch
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, ST = ZH, L = Winterthur, O = tE-clan Server, CN = Andreas Bachmann, emailAddress = bachi@te-clan.ch
verify return:1
---
Certificate chain
 0 s:C = CH, ST = ZH, L = Winterthur, O = tE-clan Server, CN = Andreas Bachmann, emailAddress = bachi@te-clan.ch
   i:C = CH, ST = ZH, L = Winterthur, O = tE-clan Server, CN = Andreas Bachmann, emailAddress = bachi@te-clan.ch
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=C = CH, ST = ZH, L = Winterthur, O = tE-clan Server, CN = Andreas Bachmann, emailAddress = bachi@te-clan.ch
issuer=C = CH, ST = ZH, L = Winterthur, O = tE-clan Server, CN = Andreas Bachmann, emailAddress = bachi@te-clan.ch

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 1600 bytes and written 542 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-GCM-SHA384
    Session-ID: [...]
    Session-ID-ctx:
    Master-Key: [...]
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 0b f4 09 ef 02 07 df bc-b9 fa bd d0 f6 21 af 69   .............!.i
    0010 - [...]
    00a0 - ff 5d 6f 73 8d 1b 75 59-bf dd 9b a6 d8 b2 01 71   .]os..uY.......q
    Start Time: 1625840075
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
---
250 8BITMIME
250-ns2.te-clan.ch250-AUTH LOGIN PLAIN CRAM-MD5
250-PIPELINING
250 8BITMIME
read:errno=0
From ns3.te-clan.ch
$ openssl s_client -host 104.47.74.33 -port 25 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = mail.protection.outlook.com
verify return:1
---
Certificate chain
 0 s:C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = mail.protection.outlook.com
   i:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
 1 s:C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = mail.protection.outlook.com

issuer=C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1

---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 3852 bytes and written 519 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: [...]
    Session-ID-ctx:
    Master-Key: [...]
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1625840474
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
250 SMTPUTF8
From ns2.te-clan.ch
$ openssl s_client -host 104.47.74.33 -port 25 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Cloud Services CA-1
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = mail.protection.outlook.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=mail.protection.outlook.com
   i:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=mail.protection.outlook.com
issuer=/C=US/O=DigiCert Inc/CN=DigiCert Cloud Services CA-1
---
No client certificate CA names sent
---
SSL handshake has read 3847 bytes and written 502 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: [...]
    Session-ID-ctx:
    Master-Key: [...]
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1625840680
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
250 SMTPUTF8

OpenSSL Cookbook

Testing Protocols that Upgrade to TLS

When used with HTTP, TLS wraps the entire plain-text communication channel to form HTTPS. Some other protocols start off as plaintext, but then they upgrade to encryption. If you want to test such a protocol, you’ll have to tell OpenSSL which protocol it is so that it can upgrade on your behalf. Provide the protocol information using the -starttls switch. For example:

$ openssl s_client -connect gmail-smtp-in.l.google.com:25 -starttls smtp
At the time of writing, the supported protocols in recent OpenSSL releases are smtp, pop3, imap, ftp, xmpp, xmpp-server, irc, postgres, mysql, lmtp, nntp, sieve, and ldap. There is less choice with OpenSSL 1.0.2g: smtp, pop3, imap, ftp, and xmpp.

Some protocols require the client to provide their names. For example, for SMTP, OpenSSL will use mail.example.com by default, but you can specify the correct value with the -name switch. If you’re testing XMPP, you may need to specify the correct server name; you can do this with the -xmpphost switch.

s/qmail

Linked: Erwin Hoffmann
github.com/wavemechanics/sqmail-port
Installing s/qmail
FreeBSD Port: qmail-spamcontrol-1.03.2731_2

IndiMail

IndiMail is a Secure, Reliable, Efficient Messaging Platform which provides you everything needed in a modern messaging server – ESMTP, IMAP, POP3, QMTP, QMQP and many other features. IndiMail gives you speeds that are faster than most MTAs. The flexibility provided by IndiMail’s authentication methods allow any IMAP/POP3 server to be used with IndiMail. IndiMail is built for speed and flexibility. You can download the source or use the binary RPM generated by openSUSE Build Service.
IndiMail
IndiMail
github.com/mbhangui/indimail-mta

sslscan

github.com/rbsec/sslscan
sslscan Fast SSL port scanner

C:\Users\andreas\Downloads\sslscan-win-2.0.10>sslscan.exe --starttls-smtp mail.xyz.abc:25
Version: 2.0.10 Windows 64-bit (Mingw)
OpenSSL 1.1.1e-dev  xx XXX xxxx

Connected to x.x.x.x

Testing SSL server mail.xyz.abc on port 25 using SNI name mail.xyz.abc

  SSL/TLS Protocols:
SSLv2     enabled
SSLv3     disabled
TLSv1.0   enabled
TLSv1.1   enabled
TLSv1.2   enabled
TLSv1.3   disabled

  TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support

  TLS renegotiation:
Session renegotiation not supported

  TLS Compression:
Compression disabled

  Heartbleed:
TLSv1.2 not vulnerable to heartbleed
TLSv1.1 not vulnerable to heartbleed
TLSv1.0 not vulnerable to heartbleed

  Supported Server Cipher(s):
Preferred TLSv1.2  56 bits   TLS_RSA_WITH_DES_CBC_SHA
Preferred TLSv1.1  56 bits   TLS_RSA_WITH_DES_CBC_SHA
Preferred TLSv1.1  56 bits   TLS_DHE_RSA_WITH_DES_CBC_SHA
Preferred TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 1024 bits
Accepted  TLSv1.0  56 bits   TLS_RSA_WITH_DES_CBC_SHA

  SSL Certificate:
Signature Algorithm: sha1WithRSAEncryption
RSA Key Strength:    1024

Subject:  Andreas Bachmann
Issuer:   Andreas Bachmann

Not valid before: Apr 22 11:27:56 2019 GMT
Not valid after:  Apr 20 11:27:56 2024 GMT

FreeBSD Ports: qmail-tls

# make clean
# make rmconfig
# make patch
[...]
===>  Patching for netqmail-tls-1.06.20200107_4
===>  Applying distribution patches for netqmail-tls-1.06.20200107_4
===>  Applying extra patch /usr/ports/mail/qmail-tls/../qmail/files/extra-patch-amd64
===>  Applying extra patch /usr/ports/mail/qmail-tls/../qmail/files/extra-patch-utmpx
===>  Applying extra patch /usr/ports/mail/qmail-tls/../qmail/files/extra-patch-dns-cname
===>  Applying FreeBSD patches for netqmail-tls-1.06.20200107_4 from /usr/ports/mail/qmail-tls/../qmail/files
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- auth.patch.orig    2002-05-10 00:41:20.000000000 -0500
|+++ auth.patch 2014-06-24 14:30:00.122166435 -0500
--------------------------
Patching file auth.patch using Plan A...
Hunk #1 succeeded at 14.
Hunk #2 succeeded at 176.
done
Hmm...  Looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|*** Makefile.orig      Mon Jun 15 05:53:16 1998
|--- Makefile   Fri May 10 00:31:38 2002
--------------------------
Patching file Makefile using Plan A...
Hunk #1 succeeded at 125 (offset -11 lines).
Hunk #2 succeeded at 1545 (offset 4 lines).
Hunk #3 succeeded at 1548 (offset -9 lines).
Hmm...  The next patch looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|
|
|*** TARGETS.orig       Mon Jun 15 05:53:16 1998
|--- TARGETS    Fri May 10 00:31:38 2002
--------------------------
Patching file TARGETS using Plan A...
Hunk #1 succeeded at 252 (offset 2 lines).
Hmm...  The next patch looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|
|
|*** qmail-smtpd.8.orig Mon Jun 15 05:53:16 1998
|--- qmail-smtpd.8      Fri May 10 00:31:38 2002
--------------------------
Patching file qmail-smtpd.8 using Plan A...
Hunk #1 succeeded at 3.
Hunk #2 succeeded at 37 (offset 9 lines).
Hunk #3 succeeded at 256 (offset 52 lines).
Hmm...  The next patch looks like a new-style context diff to me...
The text leading up to this was:
--------------------------
|
|
|*** qmail-smtpd.c.orig Mon Jun 15 05:53:16 1998
|--- qmail-smtpd.c      Fri May 10 00:33:35 2002
--------------------------
Patching file qmail-smtpd.c using Plan A...
Hunk #1 succeeded at 23.
Hunk #2 succeeded at 89 with fuzz 1 (offset 27 lines).
Hunk #3 succeeded at 254 with fuzz 2 (offset -23 lines).
Hunk #4 succeeded at 852 with fuzz 2 (offset 438 lines).
No such line 845 in input file, ignoring
Hunk #5 succeeded at 624 (offset -20 lines).
done
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- qmail-smtpd.c.orig Sat Jan 18 09:13:50 2003
|+++ qmail-smtpd.c      Sat Jan 18 19:51:09 2003
--------------------------
Patching file qmail-smtpd.c using Plan A...
Hunk #1 succeeded at 883 (offset 424 lines).
done
# make
[...]
===>  Staging for netqmail-tls-1.06.20200107_4
===>   Generating temporary packing list
===> Creating groups.
===> Creating users
install  -s -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/dnsfq /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure
install  -s -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/hostname /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure
install  -s -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/dnsip /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure
install  -s -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/ipmeprint /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure
install  -s -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/dnsptr /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure
install  -s -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/install.nostage /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure/install
install  -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/config /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure
install  -m 555 /usr/ports/mail/qmail-tls/work/netqmail-1.06/config-fast /usr/ports/mail/qmail-tls/work/stage/var/qmail/configure
install  -m 555 /usr/ports/mail/qmail-tls/work/home /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/home+df /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/proc /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/proc+df /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/binm1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/binm1+df /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/binm2 /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/binm2+df /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/binm3 /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/binm3+df /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/maildir /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/qmailsmtpd /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 555 /usr/ports/mail/qmail-tls/work/qmailsend /usr/ports/mail/qmail-tls/work/stage/var/qmail/boot
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/forward.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/condredirect.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/bouncesaying.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/except.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/maildirmake.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/maildir2mbox.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/maildirwatch.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/mailsubj.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qreceipt.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qbiff.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/preline.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/tcp-env.1 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man1
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/addresses.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/envelopes.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/maildir.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/mbox.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/dot-qmail.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-control.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-header.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-log.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-users.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/tcp-environ.5 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man5
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/forgeries.7 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man7
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-limits.7 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man7
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail.7 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man7
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-local.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-lspawn.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-getpw.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-remote.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-rspawn.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-clean.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-send.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-start.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/splogger.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-queue.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-inject.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-showctl.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-newmrh.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-newu.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-pw2u.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-qread.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-qstat.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-tcpok.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-tcpto.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-pop3d.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-popup.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-qmqpc.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-qmqpd.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-qmtpd.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-smtpd.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 444 /usr/ports/mail/qmail-tls/work/netqmail-1.06/qmail-command.8 /usr/ports/mail/qmail-tls/work/stage/var/qmail/man/man8
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/BLURB /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/BLURB2 /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/BLURB3 /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/BLURB4 /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INTERNALS /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/SECURITY /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/THOUGHTS /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/FAQ /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/UPGRADE /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/SENDMAIL /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INSTALL /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INSTALL.alias /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INSTALL.ctl /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INSTALL.ids /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INSTALL.maildir /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INSTALL.mbox /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/INSTALL.vsm /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/TEST.deliver /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/TEST.receive /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/REMOVE.sendmail /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/REMOVE.binmail /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.local2alias /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.local2ext /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.local2local /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.local2rem /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.local2virt /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.nullclient /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.relaybad /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.relaygood /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/netqmail-1.06/PIC.rem2local /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/mailer.conf.sample /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 0644 /usr/ports/mail/qmail-tls/work/TLS.readme /usr/ports/mail/qmail-tls/work/stage/var/qmail/doc
install  -m 555 /usr/ports/mail/qmail-tls/../qmail/files/mkaliasdir /usr/ports/mail/qmail-tls/work/stage/var/qmail/scripts
install  -m 555 /usr/ports/mail/qmail-tls/work/enable-qmail /usr/ports/mail/qmail-tls/work/stage/var/qmail/scripts
=============================================

ATTENTION

Add the following line to your /etc/make.conf
QMAIL_SLAVEPORT=tls

=============================================

install  -m 0644 /usr/ports/mail/qmail-tls/work/qmail.conf /usr/ports/mail/qmail-tls/work/stage/usr/local/etc/man.d/qmail.conf
===> Fixing plist for /var/qmail ownership
/bin/rm -f -r /usr/ports/mail/qmail-tls/work/stage/var/qmail/queue/
====> Compressing man pages (compress-man)
# make install
===>  Installing for netqmail-tls-1.06.20200107_4
===>  Checking if netqmail-tls is already installed
===>   Registering installation for netqmail-tls-1.06.20200107_4
pkg-static: Warning: @unexec is deprecated, please use @[pre|post]unexec
pkg-static: Warning: @exec is deprecated, please use @[pre|post][un]exec
Installing netqmail-tls-1.06.20200107_4...
===> Creating groups.
Using existing group 'qmail'.
Using existing group 'qnofiles'.
===> Creating users
Using existing user 'alias'.
===> Creating homedir(s)
Using existing user 'qmaild'.
===> Creating homedir(s)
Using existing user 'qmaill'.
===> Creating homedir(s)
Using existing user 'qmailp'.
===> Creating homedir(s)
Using existing user 'qmailq'.
===> Creating homedir(s)
Using existing user 'qmailr'.
===> Creating homedir(s)
Using existing user 'qmails'.
===> Creating homedir(s)
Your hostname is ns3.te-clan.ch.
hard error
Sorry, I couldn't find your host's canonical name in DNS.
You will have to set up control/me yourself.
        ATTENTION:

Do not forget to read /var/qmail/doc/TLS.readme. After all,
this is NOT our old stock qmail.

You can enable qmail as your default mailer executing:
> /var/qmail/scripts/enable-qmail

==> As you need to provide a working certificate in /var/qmail/control/cert.pem :

# makes a self-signed certificate
3) do "make certificate"

# makes a certificate request
4) do "make certificate-req"

===> SECURITY REPORT:
      This port has installed the following binaries which execute with
      increased privileges.
/var/qmail/bin/qmail-queue

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage:
http://inoa.net/qmail-tls/