Search results

If you read the information on how to use DNSBL's, they *ALL* state not to use public DNS servers to query their services. That's why you have a problem. For further: https://pmg.proxmox.com/wiki/index.php/DNS_server_on_Proxmox_Mail_Gateway

@t.lamprecht Is this expected to work on PMG also? If I attempt to register via pmgconfig, I get the following: # pmgconfig acme account register BuyPass mail@domain.com -directory https://api.buypass.com/acme/directory Attempting to fetch Terms of Service from...

Awesome - that would be great. I found that IPv6 only hosts can't get certs from BuyPass - I've opened a ticket with them to see if they can fix that part.... but other than that, it all seems to work ok :)

Nice! I wasn't aware of this.... I managed to set it up using: pvenode acme account register BuyPass mail@example.invalid -directory https://api.buypass.com/acme/directory Then it appears in the Web UI. I didn't manage to come across this in the documentation... Is it documented?

ping @t.lamprecht / @Stoiko Ivanov - just for visibility....

The BuyPass Go SSL scheme uses the ACME protocol - like LetsEncrypt. They offer free certs with a 180 cert lifetime. Link: https://www.buypass.com/products/tls-ssl-certificates/go-ssl The directory URL is: https://api.buypass.com/acme/directory This should pretty much be a drop-in addition...

Likely not the fixed versions. Follow the instructions from the Intel github link above and see what microcode version you end up with then...

You can also get the microcode directly from: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/

Oh god - I'm a moron hahahaha 9E == 158 - not 9F..... Don't worry about me..... Yeah - that is your CPU hahahah - and no, it will be `0xfa` - which is newer than `0xf4`

Ah - more like upgrade to 8 ;) After a bit of hunting, fixed kernel versions are: * 6.4.9 * 6.1.44 * 5.15.125 * 5.10.189 * 4.19.290, and * 4.14.321 Anything older than these or in a different release branch won't get the kernel patches...

This should translate to 06_9FH - which isn't listed on the Intel site at all. The "Stepping" would be D (in hex = 13 decimal) Thinking further, you might have to wait for a kernel update that adds the path for `/sys/devices/system/cpu/vulnerabilities/gather_data_sampling` to be able to tell...

See the info in post #16 on how to check.... What you've posted isn't enough information.... You should be able to cross reference the info gathered in post #16 to check properly.

For those following along, Intel have updated their vulnerable products list: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html#tab-blade-1-0 If you look at /proc/cpuinfo - look for: cpu family...

Nice, thanks for the cherry picks etc.... Hit me up when its out and I'll try and test it all where I can. It's good that it'll add in `/sys/devices/system/cpu/vulnerabilities/gather_data_sampling` - which afaik, is the only way to easily check if you're vulnerable - and if you are, if the...

Yeah - that's what I'd think too: # dmesg | grep -i microcode [ 4.412471] microcode: Microcode Update Driver: v2.2. # journal -b | grep -i microcode Aug 11 23:32:21 syd-pm kernel: microcode: Microcode Update Driver: v2.2. It did regenerate the initramfs in the package installation - but...

Yeah - correct.... I added the `non-free-firmware` part to each line in /etc/apt/sources.list The debian wiki (https://wiki.debian.org/Microcode) has 3 different ways to check, but none of them return anything - so I'm not sure how to check if the updated microcode was loaded....

Yep, I have: /etc/apt/sources.list deb http://ftp.au.debian.org/debian bookworm main contrib deb http://ftp.au.debian.org/debian bookworm-updates main contrib deb http://security.debian.org bookworm-security main contrib /etc/apt/sources.list.d/pve-no-subscription.list deb...

I still haven't seen the update come through for either kernel or firmware / microcode :|

It's kind of both - from the changelog of kernel 6.4.9 release:

Background: * https://downfall.page/ * https://www.phoronix.com/news/New-Linux-Stable-Downfall * https://www.phoronix.com/news/Intel-20230808-Microcode The new stable point releases this afternoon that pick-up all of these AMD and Intel security fixes are Linux versions 6.4.9, 6.1.44, 5.15.125...