To have a secure mail server, I have configured my postfix to work with:

  • amavisd-new (with av-scanner and SpamAssassin)
  • TLS
  • SASL

amavisd-new is a high-performance interface between mailer (MTA) and content checkers such as virus scanners and SpamAssassin. Transport layer security (TLS) provides authenticated and encrypted sessions. SASL is a framework for secure authentication.

In the following, I want to give you a short overview how to enable these features in the postfix mail daemon. However, you will not find any information here, e.g. how to to configure amavisd-new.



To connect amavisd-new with postifx, you need to add the following in the file "main.cf" (/etc/postfix/main.cf)


content_filter = amavisfeed:[]:10024


In the file "master.cf", add: inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o local_header_rewrite_clients=


However, you need to be aware that amavisd-new itself needs configuration, and has some requirements such as perl modules to be installed first.



Add the following in "main.cf":


smtpd_tls_cert_file = /etc/ssl/misc/postfixcert.pem
smtpd_tls_key_file = /etc/ssl/misc/postfixkey.pem
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may


The first two options are for the certificate and key to use with TLS. If you want to use a self signed certificate, refer to my article "OpenSSL CA". The last option defines that a connection may use, but is not forced TLS.

Note: You should ensure that the issuing CA certificate(s) are installed in your mail client in order to avoid SSL warning messages when sending e-mails.



Add the following in "main.cf":


smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth


Find the file etc/dovecot.conf

In the authentication section, add or enable:


# It's possible to export the authentication interface to other programs:
socket listen {
#master {
# Master socket provides access to userdb information. It's typically
# used to give Dovecot's local delivery agent access to userdb so it
# can find mailbox locations.
#path = /var/run/dovecot/auth-master
#mode = 0600
# Default user/group is the one who started dovecot-auth (root)
#user =
#group =
client {
# The client socket is generally safe to export to everyone. Typical use
# is to export it to your SMTP server so it can do SMTP AUTH lookups
# using it.
path = /var/spool/postfix/private/auth
mode = 0666
user = postfix
group = postfix

OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. In addition it provides a cryptography library. One of the interesting features beside the already mentioned is the ability to use it as a Certificate Authority (CA). By doing so you can create your own self signed certificates which you could use i.e. to encrypt sessions and authenticate entities such as web servers or real users.

However, you should be aware that the purpose of self signed certificates is limited in such case that certificate validation for outside entities is not that easy as when using certificates that had been issued by official certificate authorities. Official certificates can easily be validated by applying the public CA key (the public certificate) of the issuing CA. Fortunately, a variety of applications such as web browsers or e-clients have a built-in CA root store, containing the public certificates of authorized certificate issuers. Below the picture of the Firefox CA root store.


certificate root store


The drawback of using self signed certificates is the limited range and the fact that the public part of your own issuing CA is not known to anybody. However, self signed certificates are an excellent and cheap method for personal use. Moreover, the application range can even go beyond organization boundaries by having proper distribution und supporting processes for outside entities.

Fortunately, OpenSSL provides a tool for establishing / using the certificate authority - it is called “CA.pl”, in Slackware you will find it in /etc/ssl/misc. Before you use this tool you might want to have a look at and adapt the file “openssl.cnf” in /etc/ssl. This file holds and stores a bunch of certificate specific settings, such as default certificate validity period and many more. Adapt it to your needs – see picture below.


openssl configuration


First, you must create the CA hierarchy (in /etc/ssl/misc):


./CA.pl -newca


Then, issue:


./CA.pl –newreq


In short, this creates the private key and generates a certificate request. In doing so, you have to answer a number of questions. Default answers are derived from the file “openssl.cnf”.

Third, type:


CA.pl –signreq


This creates the certificate by using the public key and the certificate request. The resulting file is PEM formatted, if you have an application that prefers PKCS12 formatted certificates, issue something like:


CA.pl -pkcs12 "My Test Certificate"


The “CA.pl” interface eases the process of creating OpenSSL certificates. However, in some cases it might be required to do some stuff manually. One example is the remove the password from a private key, e.g. when using it with a web server for encryption and authentication. Note: Do this only if you know what you do, leaving a private key unencrypted is a major security risk.

Remove the pass phrase on an RSA private key:


openssl rsa -in key.pem -out keyout.pem


To encrypt a private key using triple DES:


openssl rsa -in key.pem -des3 -out keyout.pem


To convert a private key from PEM to DER format:


openssl rsa -in key.pem -outform DER -out keyout.der


To print out the components of a private key to standard output:


openssl rsa -in key.pem -text -noout


To just output the public part of a private key:


openssl rsa -in key.pem -pubout -out pubkey.pem


The manual way from key to certificate

The command “./CA.pl –newreq” implies the creation of a RSA key. The manual command for a 2048 bit long key would be:


openssl genrsa -des3 –out mykey.pem 2048


To create a certificate request, type:


openssl req -new -key mykey.pem -out cert.csr


To create a self signed certificate with a validity of 365 days


openssl req -new -x509 -key mykey.pem -out mycert.pem -days 365


To convert a certificate in PEM format to pkcs12 format


openssl pkcs12 -export -out mycert.p12 -inkey ./mykey.pem -in ./mycert.pem


Finally, the following command shows one of my certificates:


openssl x509 -in piircert.pem -text -noout



This article covers two things:

  1. How to utilize the package management tools supplied with Slackware (pkgtool, upgradepkg, installpkg, removepkg)
  2. How to keep your Slackware box current by utilizing "slackpkg" and how to get important security patches



Pkgtool is the one used during setup. You can call it any time after setup with the command "pkgtool". Pkgtool provides only basic functions, as a consequence I have no use for it. Its main advantage is the ability to run setup scripts again.




This is the tool I use quite often. I also recommend to use "upgradepkg" to upgrade to a new release. From the help:

Usage: upgradepkg newpackage [newpackage2 ... ]
upgradepkg oldpackage%newpackage [oldpackage2%newpackage2 ... ]

Upgradepkg upgrades a Slackware .tgz package from an older version to a newer one. It does this by INSTALLING the new package onto the system, and then REMOVING any files from the old package that aren't in the new package. If the old and new packages have the same name, a single argument is all that is required. If the packages have different names, supply the name of the old package followed by a percent symbol (%), then the name of the new package. Do not add any extra whitespace between pairs of old/new package names.


upgradepkg [ --dry-run ] [ --install-new ] [ --reinstall ] [ --verbose ] newpackagename




Output a report about which packages would be installed or upgraded but don't actually perform the upgrades.


Normally upgradepkg only upgrades packages that are already installed on the system, and will skip any packages that do not already have a version installed. If --install-new is specified, the behavior is modified to install new packages in addition to upgrading existing ones.


Upgradepkg usually skips packages if the exact same package (matching name, version, arch, and build number) is already installed on the system. Use the --reinstall option if you want to upgrade all packages even if the same version is already installed.


Show all the gory details of the upgrade.



Installpkg installs single or multiple *.tgz binary packages.


installpkg [ -warn ] [ -root /otherroot ] [ -infobox ] [ -menu ] [ -ask ] [ -priority ADD|REC|OPT|SKP ] [-tagfile /somedir/tagfile ] packagename [ packagename2 ... ]



From the man page:

Removepkg removes a previously installed Slackware package, while writing a progress report to the standard output. A package may be specified either by the full package name (as you'd see listed in /var/log/packages/), or by the base package name. For example, the package foo-1.0-i386-1.tgz may be removed with any of the following commands:

When deleting files, removepkg will analyze the contents of the other packages installed on your system, and will only delete the files that are unique to the package being removed. Similarly, the installation scripts for all the other packages will be considered when deciding whether or not to delete symbolic links from the package.

Removing a package (as well as installing one) can be a dangerous undertaking. For this reason, there is the -warn option available. When you use this, removepkg will not actually remove any files or links, but will output a detailed report of what it would do if you actually did remove the package. It's suggested that you do this (and maybe pipe the output to less ) before removing packages to make sure you've backed up anything that might be important.

When removing a package, it's original file index will be moved from /var/log/packages to /var/log/removed_packages. Likewise, it's installation script will be moved from /var/log/scripts to /var/log/removed_scripts.


removepkg [ -copy ] [ -keep ] [ -preserve ] [ -warn ] packagename



Slackpkg is part of the /extra folder. It is an excellent tool I use to watch for certain current software packages, but it can much more. From the descriptive file:

slackpkg: slackpkg
slackpkg: Slackpkg is a package manager for Slackware. It can download,
slackpkg: upgrade, install and remove selected packages. With it, you
slackpkg: can search in the Slackware Package database and find which
slackpkg: package has the selected file.
slackpkg: Slackpkg DOESN'T replace pkgtool. Actually, Slackpkg uses pkgtool
slackpkg: for all install|upgrade|remove functions.

Slackpkg can install, remove, upgrade, reinstall, download, search for info and even clean your system. From the help:


slackpkg help

Pay attention to the "clean-system" switch, which allows you to remove all packages which are not present in the official Slackware set.


Configure slackpkg

After you have installed it, you must configure it for the first use. Change to /etc/slackpkg

  1. There is a file called mirrors. Edit it an define just one mirror that is close to you. Be aware that the file is divided into several sections (Releases and the "current" tree), so be sure to do this in the right section
  2. slackpkg.conf is the configuration file. Make yourself familiar with the various options. You can go with the default values, if that's ok for you, but you should always know what it means


Watch for certain packages

As I mentioned before, I use slackpkg to watch for certain packages, amongst other things. To do so I modified "slackpkg.conf" slightly:


# The lines below will set the download priority.
# Default values: /patches /slackware /extra /pasture /testing


Furthermore I created a file "monitoring" with all the packages I like to watch:


# list all packages here to monitor and downlaod with slackpkg
cd /etc/slackpkg;/usr/sbin/slackpkg download openssl
cd /etc/slackpkg;/usr/sbin/slackpkg download openssh
cd /etc/slackpkg;/usr/sbin/slackpkg download httpd
cd /etc/slackpkg;/usr/sbin/slackpkg download mozilla-firefox
cd /etc/slackpkg;/usr/sbin/slackpkg download mozilla-thunderbird
cd /etc/slackpkg;/usr/sbin/slackpkg download seamonkey
cd /etc/slackpkg;/usr/sbin/slackpkg download bind
cd /etc/slackpkg;/usr/sbin/slackpkg download iptables
cd /etc/slackpkg;/usr/sbin/slackpkg download mysql
cd /etc/slackpkg;/usr/sbin/slackpkg download php
cd /etc/slackpkg;/usr/sbin/slackpkg download gxine
cd /etc/slackpkg;/usr/sbin/slackpkg download xine-ui
cd /etc/slackpkg;/usr/sbin/slackpkg download xine-lib
cd /etc/slackpkg;/usr/sbin/slackpkg download gkrellm
cd /etc/slackpkg;/usr/sbin/slackpkg download slackpkg
cd /etc/slackpkg;/usr/sbin/slackpkg download slacktrack


FIle permissions of "monitoring": 744

I use "crontab" to execute the file each night:


# Download selected Slackware-Current packages to /var/tmp/slackpkg-current
55 1 * * * /usr/sbin/slackpkg update
00 2 * * * /etc/slackpkg/monitoring


Get security patches

Needless to say that it is important to patch your box. It is such an easy task:

  • Go to Slackware's Homepage and subscribe to the Slackware security mailing list
  • You could use "slackpkg" to get patches. Since I already use it for an other purpose, I use "ncftpget". Create a crontab entry similar to the one below


# Download Slackware patches with ncftpget to /var/tmp/slackpkg-current/patches
10 2 * * * /usr/bin/ncftpget mirror.switch.ch /var/tmp/slackpkg-current/patches /mirror/slackware/slackware-12.0/patches/packages/


  • Check the mail if there are new packages. If so, install them with "upgradepkg"


That's it!

VMware Workstation in my opinion is one the reasonable tools I ever get to know and use. I use it for many reasons like testing, P2P downloading or sometimes even for surfing on the Internet (on the bad ones, you know ;-)

Porting VMware Workstation on Slackware is not that complicated, although Slackware is not (yet) officially supported by VMware. One pitfall is that the VMware installer assumes a “System V” environment, Slackware on the other hand uses a BSD oriented approach. This is still true with Slackware 12, even though Slackware now supports parts of the Sys V environment such as the directory structure in /etc and can even make use of them :-)

In Slackware 12, during boot time, scripts are still called from within /etc/rc.d, but additional scripts like the VMware start script can now either be launched using the Sys V approach or the accustomed BSD oriented.

As a result of the changes introduced with Slackware 12, the install procedure with older Slackware versions is slightly different and will take a little more time. Proceed to the proper section depending on your Slackware version.


VMware on Slackware 12

Well, this is quite easy since Slackware 12 is “ready” for VMware.


Step 1:

Ectract the VMware installer tarball in a directory of your choice and change into it. Execute installer


cd vmware-distrib


Step 2:

VMware installs by default in /usr/local – I changed it accordingly to be Slackware style compliant.


Step 3:

When the setup script asks for the location of the start up scripts you might want to tell it that /etc is the directory. Answer the next few questions according to your preferences, until you get to the point where the installer asks you whether it should invoke “vmware-config.pl” – answer the question with “no”.


Step 4:

Instead we choose to run vmware-config with a little extra switch, causing vmware-config to compile new modules suitable for your box.


/usr/bin/vmware-config.pl --compile


Make sure you provide the path to your kernel header files – normally the path suggested by the config script is just fine.


Step 5:

After setup has finished you are free to leave the VMware start up scripts where setup has placed them or change to the old style, as described in the chapter “VMware on Slackware <12”.


Step 6:

Make sure you have appropriate rights on VMware executable binaries in /usr/bin (e.g. 550) and the directory holding your virtual machines (I assume you do not work under root rights). You might want to authorize your primary user group on these files / directories or incorporate a dedicated group, e.g. a “vmware” group.


Step 7:

Place a shortcut pointing to /usr/bin/vmware on your desktop. You are required to enter license details when starting VMware for the first time.


Step 8:

Install VMware tools inside your guest system.


VMware on Slackware <12

Step 1:

As I mentioned in the outset, Slackware is missing the necessary Sys V setup in /etc. So the first step would be to create the necessary setup – if you fail to do so, setup will complain and give up.


cd /etc
mkdir init.d
for i in {0,1,2,3,4,5,6}; do mkdir rc$i.d; done


Step 2:

Ectract the VMware installer tarball in a directory of your choice and change into it. Execute the installer


cd vmware-distrib


Step 3:

VMware installs in /usr/local – I changed it accordingly to be Slackware style compliant.


Step 4:

When the setup script asks for the location of the start up scripts you might want to tell it that /etc is the directory. Answer the next few questions according to your preferences, until you get to the point where the installer asks you whether it should invoke “vmware-config.pl” – answer the question with “no”.


Step 5:

Instead we choose to run vmware-config with a little extra switch, causing vmware-config to compile new modules suitable for your box.


/usr/bin/vmware-config.pl --compile


Make sure you provide the path to your kernel header files – normally the path suggested by the config script is just fine.


Step 6:

After setup has finished, we need to make some changes in order to get VMware up and running. First would be, to copy the VMware script in /etc/init.d to /etc/rc.d/rc.vmware and make it executable.


cp /etc/init.d/vmware /etc/rc.d/rc.vmware
chmod +x /etc/rc.d/rc.vmware


Step 7:

Now we need a few lines in /etc/rc.d/rc.local to fire up VMware when booting the computer


if [ -x /etc/rc.d/rc.vmware ]; then
/etc/rc.d/rc.vmware start


Step 8:

Now we could get rid of the Sys V setup structure in /etc. Nevertheless, I recommend to keep them as you would need it in case of reinstallation, version upgrade or new module compilation after a Linux kernel upgrade.


rm -rf /etc/init.d
for i in {0,1,2,3,4,5,6}; do rm -rf /etc/rc$i.d; done


Step 9:

Make sure you have appropriate rights on VMware executable binaries in /usr/bin (e.g. 550) and the directory holding your virtual machines (I assume you do not work under root rights). You might want to authorize your primary user group on these files / directories or incorporate a dedicated group, e.g. a “vmware” group.


Step 10:

Place a shortcut pointing to /usr/bin/vmware on your desktop. You are required to enter license details when starting VMware for the first time.


Step 11:

Install VMware tools inside your guest system.


After a Kernel Upgrade

Since we decided to use self compiled modules , we have to redo this step every time after a Linux kernel upgrade. No big issue, this will take only a few seconds.


/usr/bin/vmware-config.pl --compile


Make sure you provide the path to your kernel header files – normally the path suggested by the config script is just fine.


VMware Workstation Patches

Petr Vandrovec provides compatibility and functional updates for VMware Workstation between the release of new VMware Workstation versions. Try “vmware any any” in the search engine of your choice. To install, follow the enclosed instructions in the tarball.

These are the useful things I usually do (or part of) after a full Slackware install in order to give Slackware a individual flavor ;-)


Remove unused packages

If you have done a full install, you may want to remove some packages, depending on what you plan to do with your box. You can do this with the "pkgtool" command. You can also have a look at /var/log/packages and remove unwanted packages with "removepkg".

Packages I always remove after a full install is the KDE language blast from the KDEI series.



If you ever want to rerun setup to change settings you made during initial setup, just call "pkgtool"


If you want enable or disable scripts, do this in /etc/rc.d. To have a service executed a start time set mode 755. To disable it just remove the x-flag (mode 644)


Speed up booting

Two things extremely slow down boot sequence in Slackware:

  • ldconfig
  • fc-cache

ldconfig only needs to be run after installing a new library, fc-cache after installing new fonts. Disable them (comment out) in /etc/rc.d/rc.M:


#if [ -x /sbin/ldconfig ]; then
# echo "Updating shared library links: /sbin/ldconfig"
# /sbin/ldconfig


#if [ -x /usr/bin/fc-cache ]; then
# echo "Updating X font indexes: /usr/bin/fc-cache -f"
# /usr/bin/fc-cache -f


Framebuffer with a nifty penguin

I like to have framebuffer support during boot with a nifty penguin.



Framebuffer support has to be enabled in the kernel:


make menuconfig


>> Device Drivers >> Graphics support


>> Console display driver support


>> Bootup logo



You need to seta proper VESA mode in your boot loader. Which one you need really depends on the type of VESA 2.0 compliant graphic card that you have in your system, and the amount of video memory available. I use the "0x307" mode. Adjust your /boot/grub/menu.ls or /etc/lilo.conf file for this:


title Linux with FB 1280x1024 (0x307)
kernel (hd0,0)/boot/vmlinuz_2.6.23.16 root=/dev/sda1 vga=0x307 dev=/dev/hda=ide-cd acpi=off


The following table shows the mode numbers:


vga modes


Address your CD / DVD burner with ide-cd

If you still use "SCSI emulation support" in the kernel + the ide-scsi option, there is a much better way!

Ide-scsi is no longer needed for cd writing applications! The 2.6 kernel supports direct writing to ide-cd, which eliminates the need for ide-scsi + the entire scsi stack just for writing a cd. The new method is more efficient in every way. Just apply:




in your boot loader config file. Replace the "x" with whatever is appropriate for your drive.


Adjust rights of user accounts

To make things easier, you might want to add your user account(s) to some groups:

  • disk
  • audio
  • video
  • cdrom
  • scsi

Be cautious! As a rule of thumb, only apply rights to your user account(s) on a "need to have" principle.


Setup BashRC

The two concerning files are:

  • ~/.bash_profile: Gets read when you start bash as a login shell
  • ~/.bashrc: Gets read when you launch bash as a non-login shell

Due to this, it will not work when you put user-specific startup commands in ~/.bashrc. To have this work, edit ~/.bash_profile and add the following at the top:


if [ -f ~/.bashrc ]; then
source ~/.bashrc


Utilize aliases

Defining an alias is a excellent way to minimize your work at the keyboard, and you can also eliminate the need to remember long, awkward commands by creating synonyms that are more meaningful to you. You can define global aliases in /etc/profile or your specific aliases in ~/.bashrc. Here are some examples:


alias tmess="tail -n 300 /var/log/messages | more"
alias tsys="tail -n 100 /var/log/syslog | more"
alias www="cd /var/www"
alias tmail="tail -n 100 /var/log/maillog | more"
alias linux="cd /usr/src/linux"
alias l="ls -l"
alias la="ls -la"
alias chownr="chown -R root.root"
alias rmmailq="postsuper -d ALL deferred"
alias cl="clear"
alias Mount="sudo /bin/mount"
alias Umount="sudo /bin/umount"


Customize the kernel

see related article in the "Slackware Linux" section.


(Unicode UTF-8 support)

see related article in the "Slackware Linux" section.


Setup X

You can use two commands to setup X:

  • xorgsetup (might work fine)
  • xorgconfig (you need detailed knowledge about your graphic card)

Some graphic cards require vendor drivers in order to support high resolution or 3D features. If so visit your vendors website.


Install VMware

see related article in the "Slackware Linux" section.


Setup sudo

see related article in the "Slackware Linux" section.


Change the boot loader

see related article in the "Slackware Linux" section.


Install Webmin

Webmin is a web-based interface for system administration for Unix. Get it from www.webmin.com.

Extract it and run the "setup.pl" script. Webmin uses port 10000 by default. If you want to use SSL, let webmin create a certificate for you. Webmin displays the access link at the end of setup, e.g.:




Setup NTP

There is quite a bunch of reasons to have accurate time. Since Slackware 12 this is a easy task:


change /etc/rc.d
chmod 755 rc.ntpd


Adjust your ntp.conf in /etc. You must at least define a time source. There is a ntp.conf exampe in /etc, but I prefer to use a plain one. The server below is the time source of the University of Zurich. Have a look on the Internet for a list of time sources.



driftfile /etc/ntp/drift
logfile /var/log/ntp.log


Before Slackware 12 there was no startup script for ntpd. So I put the ntpd start sequence in /etc/rc.d/rc.local:


# Start NTP daemon
#echo "Starting ntpd ..."
/usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ntpd.pid


The ntp.conf file was no different.


Setup BackupPC

see related article in the "Slackware Linux" section.


Setup FWBuilder

see related article in the "Slackware Linux" section.


Sound setup

First, make the alsa start script executable, if not already so.


change /etc/rc.d
chmod 755 rc.alsa


Run "alsaconf"





In the next screen (not shown here), alsconfig identifies your sound card.


I prefer to say no here. Just make sure that your kernel has module support for the identified sound card. If so the kernel will load the proper module for your sound card and you don't need modprobe settings.


Next, run "alsamixer"




Exit alsamixer and save settings


alsactl store


Install codecs

To have support for the various formats, you should consider to install a codec pack.

  1. Get a binary codec package from the Internet (e.g. mplayerhq or so)
  2. Extract the codec package to /usr/lib/codec
  3. Create a symlink pointing to /usr/lib/win32 (ln -s /usr/lib/codec /usr/lib/win32)
  4. Make sure your player uses the above path. Most players use /usr/lib/win32 by default


(Enable OpenGL)

You have to edit the file /etc/X11/xorg.conf. For your own safety make a copy of it first. Look for the settings below and uncomment them to activate. If they don't exist, you have to add them manually.


# Loads the GLX module
# Load "glx"
# Loads the DRI module
# Load "dri"
# Section "DRI"
# Mode 0666
# EndSection


If you want MS Vista transparency windows, go to end and add:


Section "Extensions"
Option "Composite" "Enable"


The KDE and Xfce versions that come with Slackware 12 are ready for the transpareny feature. Nevertheless, be aware that you should own a powerful graphic card. Be also aware that some graphic chips (e.g. Nvidia) will require further configuration. Refer the vendors website. Finally, as soon as you are in X, check for direct rendering support:


glxinfo | grep direct


It should say: "direct rendering: yes"

Page 1 of 2