Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 10:26:34PM +0100, Florian Weimer wrote: * Paul Waring: I've seen a lot of announcement/verification emails (such as Amazon orders) which go out from an address that does not exist - In the SMTP envelope? I strongly doubt that. Oh yeah, I have seen that rather often. Alioth did that for a rather long time. The french ANPE (agency that handles unemployment benefit payments and helps you find a new job) did and maybe still does. Some announcement-only mailing lists with a default Exim installation are sending with an non-existing envelope sender, but an existing header From:, because exim would force the envelope sender to be [EMAIL PROTECTED] and ${HOSTNAME} is not in DNS, or there is nothing listening on port 25 on that host or ... You then typically see senders like [EMAIL PROTECTED] or [EMAIL PROTECTED] It is also semi-widespread to send messages with something like [EMAIL PROTECTED] as sender, where this address naturally does not exist. Typically in large organisations when the big boss sends an all-around announcement. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sun, Dec 31, 2006 at 01:16:24PM +0100, Amaya wrote: Nicolas Boullis wrote: What about gender? How is it specified? Currently it is a drop down that allows you to choose: - unspecified - male - female Which in my opinion reflects sex and not gender. And if it wants to cover the sexes possible for human beings, forgets hermaphrodite. -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
kudos, Re: db.debian.org (and related infrastructure) updates
hi I keep statistics of my email before I activated greylisting and sender verification callouts, my average was ~200 spam/day (with peaks of ~400) ; after that, it is ~40 spam/day (and most do not pass thru debian.org, but are delivered directly at my account) so I want to kudo all people who made this possible a. signature.asc Description: OpenPGP digital signature
Re: db.debian.org (and related infrastructure) updates
--- Kevin Mark [EMAIL PROTECTED] escribió: I found a document for DICOM that includes more options cheers, Kev [0] http://medical.nema.org/Dicom/CP/CPack_23/cp373_lb.pdf Thanks a lot for the reference, it's a good one :) Anyway, I don't think that classification will fit Debian's needs. It's self described as sex of a subject for clinical purposes, such as the selection of sex-based grown metrics. To start with, it talks about sex, and not gender. Even more, I don't think medical or clinical data should go into Debian's LDAP. Miry __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.es __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Thu, 4 Jan 2007 10:02:16 +0100 (CET), Miriam Ruiz [EMAIL PROTECTED] said: Anyway, I don't think that classification will fit Debian's needs. It's self described as sex of a subject for clinical purposes, such as the selection of sex-based grown metrics. To start with, it talks about sex, and not gender. Even more, I don't think medical or clinical data should go into Debian's LDAP. Err, so now the specification of a binary gender field is unacceptable and confidential medical information that should be expunged from db.d.o? manoj incredulous -- How much does she love you? Less than you'll ever know. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/~srivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
--- Manoj Srivastava [EMAIL PROTECTED] escribió: On Thu, 4 Jan 2007 10:02:16 +0100 (CET), Miriam Ruiz [EMAIL PROTECTED] said: Anyway, I don't think that classification will fit Debian's needs. It's self described as sex of a subject for clinical purposes, such as the selection of sex-based grown metrics. To start with, it talks about sex, and not gender. Even more, I don't think medical or clinical data should go into Debian's LDAP. Err, so now the specification of a binary gender field is unacceptable and confidential medical information that should be expunged from db.d.o? Sorry? I guess you misundestood my mail. I was answering kev's suggestion about the standard described at http://medical.nema.org/Dicom/CP/CPack_23/cp373_lb.pdf Miry __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.es __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Steve Langasek wrote: But if all of our Japanese, Chinese, Greek Orthodox, Muslim, and French Revolutionary developers can tolerate having to enter their birthdates using the Gregorian calendar, I think we'll be able to make do with an opt-in binary gender classification too. ROTFL You are so damn right! I will shut up now! :* -- ·''`. If I can't dance to it, it's not my revolution : :' :-- Emma Goldman `. `' Proudly running Debian GNU/Linux (unstable) `- www.amayita.com www.malapecora.com www.chicasduras.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Tue, Jan 02, 2007 at 06:32:10PM -0800, Steve Langasek wrote: On Wed, Jan 03, 2007 at 12:50:27AM +0100, Wouter Verhelst wrote: breaking that would break software that expects this particular field to be in that particular syntax. That's not completely true; you could have an attribute type named 'gender' with a different OID and different syntax/semantics, you just wouldn't be able to use it on an LDAP server which also needed the use of the ISO attribute type or of any object classes that are defined to use the ISO attribute. Yes; hence the quoted bit of my above paragraph. But if all of our Japanese, Chinese, Greek Orthodox, Muslim, and French Revolutionary developers can tolerate having to enter their birthdates using the Gregorian calendar, I think we'll be able to make do with an opt-in binary gender classification too. Ack. -- Lo-lan-do Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Santiago Vila [EMAIL PROTECTED] writes: If your SMTP server is listed in a DNSBL which I told db.debian.org to use for my debian.org email and you try to send me a message, then master will say I don't accept this message to your SMTP server, and your SMTP server, in turn, will send you the usual mailer-daemon message saying Undelivered Mail Returned to Sender. This sounds much better. I was just thinking of occasional emails I get saying: Your email sent to address I have never known of before was classified as spam. ... I was comparing the previous scenario with the current one. The risk of missing an email because of it being lost inside a very big spam folder is now very low. This is one of the reasons rejecting a lot of email at SMTP time and filtering the rest (what we can do now) is usually better than not rejecting anything at all and trying to filter everything afterwards. I agree. Matthias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Monday 01 January 2007 22:20, Josselin Mouette wrote: Le lundi 01 janvier 2007 à 17:51 +0100, Marco d'Itri a écrit : On Jan 01, Josselin Mouette [EMAIL PROTECTED] wrote: rejecting email blindly based on data as reliable as RBLs is likely to give tons of false positives. This can be easily disproven by anybody who does this... Of course. I'm pretty sure that nobody on this list has ever got emails rejected because of broken RBLs. And of course having one or two mails (that I can remember) rejected because of borked RBLs is tons of false positives? Besides: Linux has tons of bugs. It still solves many of my computing problems. RBLs are probably not the golden bullet either, but they're an important part of my spam prevention measures, and I could even remove the send spam (as per spamassassin) to [EMAIL PROTECTED] to devnull hack, which is much more prone to false positives, and where the false positives are much, much worse (senders get no indication at all) than with RBLs, where the sender get a bounce. Greylisting and callout verfication are to other pieces in the puzzle, the latter being the one I find the most controversial, the first one being the one that spammers are slowly getting the hang of. (But if the RBL get fast enough so that a spam sender is in the RBL by the time the sender tries to send the spam the 2nd time, I still have won :-) All of these are much, much more preferrable to all measures that can only be used when the mail body is on my server, because (i) sending mailservers often don't deal properly with rejections at the DATA stage and (ii) if rejection is not an option, and dropping is IMHO not a good option either, I'll still have to look through my spam folder. cheers -- vbi -- Shutting down networkservers reguarly during worktime prevents RSI and develops social contacts at work. pgpAQ6YrZupH4.pgp Description: PGP signature
Re: db.debian.org (and related infrastructure) updates
On Tue, Jan 02, 2007 at 06:32:10PM -0800, Steve Langasek wrote: On Wed, Jan 03, 2007 at 12:50:27AM +0100, Wouter Verhelst wrote: [EMAIL PROTECTED]:~$ ldapsearch -h 'db.debian.org' -b'cn=Subschema' -x -s base '(objectClass=*)' attributeTypes | grep gender attributeTypes: ( 1.3.6.1.4.1.9586.100.4.2.30 NAME 'gender' DESC 'ISO 5218 rep resentation of human gender' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 In other words, if you want to see that changed, take it up with ISO. No, changing it unilaterally in Debian won't help, either; In LDAP, a field of a specific name always (*always*) has a certain syntax; breaking that would break software that expects this particular field to be in that particular syntax. That's not completely true; you could have an attribute type named 'gender' with a different OID and different syntax/semantics, you just wouldn't be able to use it on an LDAP server which also needed the use of the ISO attribute type or of any object classes that are defined to use the ISO attribute. But if all of our Japanese, Chinese, Greek Orthodox, Muslim, and French Revolutionary developers can tolerate having to enter their birthdates using the Gregorian calendar, I think we'll be able to make do with an opt-in binary gender classification too. Hi Steve, I have yet to see a use case for this LDAP item. Is it strictly for a male/femaie survey that other FLOSS projects will join? Does this mean that people who dont self-identify as male or female are just not counted? According to some stats that could be 100 people. Is there any ISO standard that is inclusive of those uncounted people? cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
On ke, 2007-01-03 at 13:47 -0500, Kevin Mark wrote: I have yet to see a use case for this LDAP item. Is it strictly for a male/femaie survey that other FLOSS projects will join? Does this mean that people who dont self-identify as male or female are just not counted? According to some stats that could be 100 people. Is there any ISO standard that is inclusive of those uncounted people? You have reached the Debian Oracle. Please allow the Oracle to translate Steve's message to plain English. Steve is a great guy, but he occasionally uses difficult words and constructs of grammar, and those can sometimes confuse the rest of us. He is the victim of a childhood spent in a Catholic orphanage run by Latin-speaking priests, so he grew up thinking alea iacta est was a normal way of saying yes, sir, I will fix a release critical bug at once, sir, thank you sir. The key phrase in Steve's verbiage is I think we'll be able to make do with an opt-in binary gender classification. I think is a pair of words that is often used to indicate personal opinion, so Steve uses it to say that what he says next is what the project should do as far as he is concerned, but that it isn't official Debian policy. Make do is another important word pair, which means manage to suffer without excessive or undue pain. Here Steve indicates that although the solution chosen is not perfect, it is good enough at least for now, and gives the implication that we have more important things to worry about. The third really significant part is opt-in binary gender classification. Binary gender classification is Steve's Latinesque way of saying there are two genders to choose from. In this case, there's two choices; by implication, they are male and female rather than C and C++. With opt-in Steve means that Debian developers may opt, er, in, into telling everyone whether they're male or female. That means they can do it if they want to, or not do it if they don't want to. In some cases, if the other available choices are inappropriate for them, the might not be able to fill it in, but opt-in covers that, too. So those who want to, and are able to, to choose from the two gender options can do so, and everyone else can choose neither. So actually there are three values: male, female, and unspecified. This should cover the central part of your message: people who do not identify themselves as male or female can choose unspecified. From a vast experience in dealing with humankind, the Debian Oracle further provides the following statements to further respond to your question: The use case for this field is purely statistical, but it is in no way tied to any existing or planned FLOSS surveys or other projects than Debian. The ISO does not have a non-binary gender classification system that Debian could use. If we want to make the statistics classify every person's gender exactly, the field needs to be free-form text. I hope that this explains everything, Kev. You owe the Oracle an e-mail quotation trimming device. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Wed, Jan 03, 2007 at 01:47:48PM -0500, Kevin Mark wrote: On Tue, Jan 02, 2007 at 06:32:10PM -0800, Steve Langasek wrote: On Wed, Jan 03, 2007 at 12:50:27AM +0100, Wouter Verhelst wrote: [EMAIL PROTECTED]:~$ ldapsearch -h 'db.debian.org' -b'cn=Subschema' -x -s base '(objectClass=*)' attributeTypes | grep gender attributeTypes: ( 1.3.6.1.4.1.9586.100.4.2.30 NAME 'gender' DESC 'ISO 5218 rep resentation of human gender' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 In other words, if you want to see that changed, take it up with ISO. No, changing it unilaterally in Debian won't help, either; In LDAP, a field of a specific name always (*always*) has a certain syntax; breaking that would break software that expects this particular field to be in that particular syntax. That's not completely true; you could have an attribute type named 'gender' with a different OID and different syntax/semantics, you just wouldn't be able to use it on an LDAP server which also needed the use of the ISO attribute type or of any object classes that are defined to use the ISO attribute. But if all of our Japanese, Chinese, Greek Orthodox, Muslim, and French Revolutionary developers can tolerate having to enter their birthdates using the Gregorian calendar, I think we'll be able to make do with an opt-in binary gender classification too. Hi Steve, I have yet to see a use case for this LDAP item. Is it strictly for a male/femaie survey that other FLOSS projects will join? Does this mean that people who dont self-identify as male or female are just not counted? According to some stats that could be 100 people. Is there any ISO standard that is inclusive of those uncounted people? cheers, I found a document for DICOM that includes more options cheers, Kev [0] http://medical.nema.org/Dicom/CP/CPack_23/cp373_lb.pdf -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
On Wed, Jan 03, 2007 at 09:31:26PM +0200, Debian Oracle wrote: I hope that this explains everything, Kev. You owe the Oracle an e-mail quotation trimming device. Greetings O great Oracle, I did manage to extract most of the meaning out of the consise phrases electronically transmitted by the mystic vorlon into the great internet tubes. I just have expectations that if there is going to be progress in the recognition of the multitude of human natures by which people define themselves, that the 'Free' software world would be at the forefront of that effort. ISO is a 'standard'. Google shows a few threads about the inadequet nature of this standard. I just sent an email about a DICOM document that includes more options. If its 'just' a field for our use, why does it need to use a 'standard' that excludes. If there needs to be some interchange of data in the future, we can certainly deal with this. cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
On Wed, 3 Jan 2007, Kevin Mark wrote: On Wed, Jan 03, 2007 at 09:31:26PM +0200, Debian Oracle wrote: I hope that this explains everything, Kev. You owe the Oracle an e-mail quotation trimming device. ... more options. If its 'just' a field for our use, why does it need to use a 'standard' that excludes. If there needs to be some interchange of data in the future, we can certainly deal with this. If I understand the great Debian Oracle right (BTW, for the moment the funniest posting for this year on Debian lists - keep on the good work ;-) ), every DD who is uncertain how to specify the own gender LDAP field is invited to ask the Oracle for help which would be the right choice (for the moment and in future). Unfortunately I fail to see in how far the definition of a gender field in db.debian.org would bring us closer or farer to our goal to release the best operating system. So I would like to suggest to move this thread to debian-curiosa. Happy new year to all list members Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Mon, 1 Jan 2007, Josselin Mouette wrote: Thanks for the explanations. Unfortunately that doesn't make these measures really useful, as rejecting email blindly based on data as reliable as RBLs is likely to give tons of false positives. I prefer to call them DNSBLs, as RBL is a proper name (of MAPS RBL). For those of you who are afraid about reliability of a DNSBL, I can highly recommend cbl.abuseat.org as the absolute minimum. This list (called CBL for short) has the following properties: * Takes its data from very large spamtraps. * Only lists IPs which are open-proxy-like. * Only lists individual IPs, never lists IP ranges. * It's completely automated to prevent human error. * Tries very hard not to list real SMTP servers. * Everybody can remove any IP from the list without any questions at all. and last, but not least important: * You can avoid approximately 50% of all the spam just by using this list. So I would call the CBL a very useful list. BTW: I'd like to thank Ryan for the db.debian.org stuff and share my happiness with everybody here: I enabled zen.spamhaus.org and greylisting on 2006-12-31. Now I receive just three spams a day instead of 150 spams a day. Hurrah! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Tue, Jan 02, 2007 at 01:12:56PM +0100, Santiago Vila wrote: For those of you who are afraid about reliability of a DNSBL, I can highly recommend cbl.abuseat.org as the absolute minimum. This list (called CBL for short) has the following properties: * Takes its data from very large spamtraps. * Only lists IPs which are open-proxy-like. * Only lists individual IPs, never lists IP ranges. * It's completely automated to prevent human error. * Tries very hard not to list real SMTP servers. * Everybody can remove any IP from the list without any questions at all. Well, let's not get too ahead of ourselves praising CBL. I've recently experienced the situation where the CBL people were way too trigger-happy in listing IPs in their blacklist. I happen to have one group of users whose traffic is routed through a server that I run, and I block their outgoing SMTP traffic and route their outgoing HTTP traffic transparently through a Squid proxy. At one point, half a dozen machines (out of around two hundred) contracted some sort of a worm-virus which wanted to send spam. The problem was the fact that the same worm-virus was trying to be a bit too shrewd for its own good, and before trying to actually send spam, it went and preemptively sent a HTTP request to the CBL web site in order to de-list itself from that blacklist. The CBL folks experienced a DDoS due to the sheer volume of these requests, and decided to automatically list all IPs that sent them those HTTP requests in the blacklist. Unfortunately, they did not check for X-Forwarded-For headers (or whatsitcalled) to see whether the queries were actually proxied, nor did they cross-reference the list of those IPs with their actual spamtraps to see whether they actually sent any spam. This resulted in my gateway IP address being banned, because of two dozen HTTP requests of clients behind it. There was no notification to hostmaster, postmaster, nothing (admin contacts readily available via WHOIS and/or DNS). Because the same IP also happened to run a (legitimate) mail server, it caused other mail servers which check on SBL-XBL (which includes CBL) to reject our (legitimate) mails. (I later separated these two functions to different IPs in order to avoid this kind of nonsense in the future.) I had to send several e-mails to CBL people and it took us two days before we finally cleared up the situation. The first operator that I talked to didn't really understand what was going on, until I managed to guess what they were doing and then another person finally started talking in real technical terms to me and then we wrapped it up nicely (based on information that that person gave me, I was able to ban rogue HTTP requests and isolate infected machines). Hence, I must disagree with the blanket assessment that they try very hard not to list real servers. I know getting DoSed is a pain in the ass, and I know that my users need to be shot for running Windows^W^W letting viruses abuse their machines. Yet, reacting to such things with knee-jerk measures is not really trying very hard. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Hi On Tue, 2 Jan 2007 13:12:56 +0100 (CET) Santiago Vila [EMAIL PROTECTED] wrote: For those of you who are afraid about reliability of a DNSBL, I can highly recommend cbl.abuseat.org as the absolute minimum. This list (called CBL for short) has the following properties: * Takes its data from very large spamtraps. * Only lists IPs which are open-proxy-like. * Only lists individual IPs, never lists IP ranges. * It's completely automated to prevent human error. * Tries very hard not to list real SMTP servers. * Everybody can remove any IP from the list without any questions at all. * Almost every time there is at least one SMTP server from each freemail (this is especially true for Czech ones, you won't get mail from them if using blacklists if you don't whitelist them). and last, but not least important: * You can avoid approximately 50% of all the spam just by using this list. And you don't know how much legitimate mail you lost... So I would call the CBL a very useful list. I thought the same ... before I actually started to use it for testing on my server. -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: db.debian.org (and related infrastructure) updates
On Tue, 2 Jan 2007, Michal iha wrote: Santiago Vila [EMAIL PROTECTED] wrote: This list (called CBL for short) has the following properties: [...] * Tries very hard not to list real SMTP servers. [...] * Almost every time there is at least one SMTP server from each freemail (this is especially true for Czech ones, you won't get mail from them if using blacklists if you don't whitelist them). As if those smtp servers were completely innocent. Most probably, they are sending spam to CBL spamtrap addresses to begin with. I don't know the algorithm they use to determine that a mail server is a real mail server, but if it has a bug, maybe they would be willing to know about it. In the end, this DNSBL issue is something like a compromise between sender and recipient: If you send me email and try not to use a SMTP server which is listed in a commonly used DNSBL, then I, in return, will try to read messages arriving at my spam folder (now that there are so few of them that I'm able to do that). Moreover, if you send a message using a real smtp server, and its IP is listed in a DNSBL I use, you will receive a message from mailer-daemon saying so. This may and will surely happen, hopefully not often, but IMHO it's better than the message arriving to a spam folder which is so big that it will never be read. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Hi On Tue, 2 Jan 2007 20:59:09 +0100 (CET) Santiago Vila [EMAIL PROTECTED] wrote: As if those smtp servers were completely innocent. Most probably, they are sending spam to CBL spamtrap addresses to begin with. Yes, most likely they send spam to spamtrap. You can not 100% filter spam on freemail. I don't know the algorithm they use to determine that a mail server is a real mail server, but if it has a bug, maybe they would be willing to know about it. At least one of those servers tried to achieve not to be blacklisted, but AFAIK they were not successful... -- Michal Čihař | http://cihar.com | http://blog.cihar.com signature.asc Description: PGP signature
Re: db.debian.org (and related infrastructure) updates
Santiago Vila [EMAIL PROTECTED] writes: Moreover, if you send a message using a real smtp server, and its IP is listed in a DNSBL I use, you will receive a message from mailer-daemon saying so. This may and will surely happen, hopefully not often, but IMHO it's better than the message arriving to a spam folder which is so big that it will never be read. Are you saying, that your server is sending a notification mail to the From address of mails that have been classified as spam? I think people whose email addresses have been abused by spammers really appreciate those messages. Nowadays a large percentage of SMTP traffic on the internet is spam. I wonder how much of the rest are those notification mails, bounces and so on caused by spam. Matthias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sun, Dec 31, 2006 at 01:16:24PM +0100, Amaya wrote: Nicolas Boullis wrote: What about gender? How is it specified? Currently it is a drop down that allows you to choose: - unspecified - male - female Which in my opinion reflects sex and not gender. I would rather have it as an input field where people can express their gender in the way they want to, as gender has little to do with biological sex, and there's more than two options for it. Except that we're talking about LDAP here, not SQL. For those not familiar with LDAP: [EMAIL PROTECTED]:~$ ldapsearch -h 'db.debian.org' -b'cn=Subschema' -x -s base '(objectClass=*)' attributeTypes | grep gender attributeTypes: ( 1.3.6.1.4.1.9586.100.4.2.30 NAME 'gender' DESC 'ISO 5218 rep resentation of human gender' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 In other words, if you want to see that changed, take it up with ISO. No, changing it unilaterally in Debian won't help, either; In LDAP, a field of a specific name always (*always*) has a certain syntax; breaking that would break software that expects this particular field to be in that particular syntax. -- Lo-lan-do Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Tue, 2 Jan 2007, Matthias Julius wrote: Santiago Vila [EMAIL PROTECTED] writes: Moreover, if you send a message using a real smtp server, and its IP is listed in a DNSBL I use, you will receive a message from mailer-daemon saying so. This may and will surely happen, hopefully not often, but IMHO it's better than the message arriving to a spam folder which is so big that it will never be read. Are you saying, that your server is sending a notification mail to the From address of mails that have been classified as spam? A notification is sent, but it's not master.debian.org who sends it but your SMTP server. If your SMTP server is listed in a DNSBL which I told db.debian.org to use for my debian.org email and you try to send me a message, then master will say I don't accept this message to your SMTP server, and your SMTP server, in turn, will send you the usual mailer-daemon message saying Undelivered Mail Returned to Sender. I was comparing the previous scenario with the current one. The risk of missing an email because of it being lost inside a very big spam folder is now very low. This is one of the reasons rejecting a lot of email at SMTP time and filtering the rest (what we can do now) is usually better than not rejecting anything at all and trying to filter everything afterwards. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Wed, Jan 03, 2007 at 12:50:27AM +0100, Wouter Verhelst wrote: [EMAIL PROTECTED]:~$ ldapsearch -h 'db.debian.org' -b'cn=Subschema' -x -s base '(objectClass=*)' attributeTypes | grep gender attributeTypes: ( 1.3.6.1.4.1.9586.100.4.2.30 NAME 'gender' DESC 'ISO 5218 rep resentation of human gender' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11 In other words, if you want to see that changed, take it up with ISO. No, changing it unilaterally in Debian won't help, either; In LDAP, a field of a specific name always (*always*) has a certain syntax; breaking that would break software that expects this particular field to be in that particular syntax. That's not completely true; you could have an attribute type named 'gender' with a different OID and different syntax/semantics, you just wouldn't be able to use it on an LDAP server which also needed the use of the ISO attribute type or of any object classes that are defined to use the ISO attribute. But if all of our Japanese, Chinese, Greek Orthodox, Muslim, and French Revolutionary developers can tolerate having to enter their birthdates using the Gregorian calendar, I think we'll be able to make do with an opt-in binary gender classification too. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Jan 02, Santiago Vila [EMAIL PROTECTED] wrote: As if those smtp servers were completely innocent. Most probably, they are sending spam to CBL spamtrap addresses to begin with. CBL would not list these servers. The person you are replying to is just confused. -- ciao, Marco signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
1) I don't see any relevance in having a gender field. The only exception I might find is for genderifying the texts in web pages and mails, or maybe for statistics. I see some relevance, speaking for myself. I *do* behave differently with men and women. This is a social issue I fully accept and therefore having this information if the person in question agreed to give it is useful for me, in terms of social behaviour. When it comes at gender, sex or whatever else, this is probably up to each perspon to give this the definition (s)he wants in order to fill in that filed (or decide not to fill it). So, actually, I filled that field for myself...:) signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
Le samedi 30 décembre 2006 à 05:34 -0800, Ryan Murray a écrit : Here's some news on recent db.debian.org changes that are now available: The LDAP schema has been updated to include several new fields: * Date of Birth (developer-only visible) * Gender (world visible) * Mail disable message * Mail greylisting * Mail sender verification callouts * Mail whitelist * Mail RBL list * Mail RHSBL list The exim4 config has been updated to make use of these new fields, giving developers the ability to: * disable their @debian.org email address entirely with a message of their choosing at SMTP reject time * specify a whitelist that will be immune to the newly added checks * enable greylisting and sender verification callouts * specify RBL and RHSBL lists to be checked at SMTP time How are RBL/RHSBL handled? Is a host rejected once it matches one of several RBLs, or all of them? Same question for greylisting: is it enabled unconditionally, or only for mails for which callout fails or hosts belonging to RBLs? -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Re: db.debian.org (and related infrastructure) updates
Josselin Mouette [EMAIL PROTECTED] wrote: Le samedi 30 décembre 2006 à 05:34 -0800, Ryan Murray a écrit : [...] The exim4 config has been updated to make use of these new fields, giving developers the ability to: * disable their @debian.org email address entirely with a message of their choosing at SMTP reject time * specify a whitelist that will be immune to the newly added checks * enable greylisting and sender verification callouts * specify RBL and RHSBL lists to be checked at SMTP time How are RBL/RHSBL handled? Is a host rejected once it matches one of several RBLs, or all of them? One match is sufficient for a deny, afaiui you end up with two colon delimited lists (one for rbl, one of rhbl) like in like http://www.exim.org/exim-html-4.63/doc/html/spec_html/index.html#toc0325 Same question for greylisting: is it enabled unconditionally, or only for mails for which callout fails or hosts belonging to RBLs? Unconditional greylisting. cu andreas -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken.(c) Jasper Ffforde -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Le lundi 01 janvier 2007 à 16:11 +0100, Andreas Metzler a écrit : One match is sufficient for a deny, afaiui you end up with two colon delimited lists (one for rbl, one of rhbl) like in like http://www.exim.org/exim-html-4.63/doc/html/spec_html/index.html#toc0325 Unconditional greylisting. Thanks for the explanations. Unfortunately that doesn't make these measures really useful, as rejecting email blindly based on data as reliable as RBLs is likely to give tons of false positives. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Re: db.debian.org (and related infrastructure) updates
On Jan 01, Josselin Mouette [EMAIL PROTECTED] wrote: Thanks for the explanations. Unfortunately that doesn't make these measures really useful, as rejecting email blindly based on data as reliable as RBLs is likely to give tons of false positives. This can be easily disproven by anybody who does this... -- ciao, Marco signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
Le lundi 01 janvier 2007 à 17:51 +0100, Marco d'Itri a écrit : On Jan 01, Josselin Mouette [EMAIL PROTECTED] wrote: Thanks for the explanations. Unfortunately that doesn't make these measures really useful, as rejecting email blindly based on data as reliable as RBLs is likely to give tons of false positives. This can be easily disproven by anybody who does this... Of course. I'm pretty sure that nobody on this list has ever got emails rejected because of broken RBLs. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Re: db.debian.org (and related infrastructure) updates
On Mon, Jan 01, 2007 at 10:20:32PM +0100, Josselin Mouette wrote: Le lundi 01 janvier 2007 à 17:51 +0100, Marco d'Itri a écrit : On Jan 01, Josselin Mouette [EMAIL PROTECTED] wrote: Thanks for the explanations. Unfortunately that doesn't make these measures really useful, as rejecting email blindly based on data as reliable as RBLs is likely to give tons of false positives. This can be easily disproven by anybody who does this... Of course. I'm pretty sure that nobody on this list has ever got emails rejected because of broken RBLs. Only by Spamcop. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 05:14:30PM +0100, Francois Petillon wrote: Marco d'Itri wrote: For a start that sites performing sender verification will partecipate in a DDoS on the mail infrastructure of domains forged by spammers. [...] There are two things I really dislike in sender verification. First, you are using someone else ressources to fight spam. Second, spammers may adapt in an annoying way (either they will use domains who always answer a 2xx to rcpt to, or they will use verified emails). that's true, and IMHO the real reason why sender verify is harmful (the latter, not the former). Also, sender verification when seen from the side of the victims is indistinguishable from a dictionary attack, and may cause deliverability issues to the hosts attempting it. I confirm it : we already have blacklisted IPs as they were issuing too many rcpt-to on not existing emails. These were dued to sender verifications... yeah, I know, you're very keen on blacklisting the whole earth :] On Sun, Dec 31, 2006 at 03:44:40AM +0100, Francois Petillon wrote: Josip Rodin wrote: Yes. Just like any other large amount of traffic could be harmful on big domains. I will be more precise. Answering a rcpt-to is, in my case, around 20 to 30% of the job of the storage cluster to deliver a mail (I am not talking about CPU, just disks IOs). If the number of mails sent as from our domains is equivalent to the number of mails we receive and if everybody use sender verify, it would mean we have to increase our IOs capacity by 20 to 30% (I know, there is 2 if and it is a very rough figure). Then honestly, you have a big problem. On the mail servers I co-administrate, the database lookups that are performed at rcpt-to time are far less CPU-intensive than the clamav check, and the bayesian filter check that are done before our redirection service is activated. If your system is correctly sized, your recipients database should fit in RAM, and rcpt-to lookups costs 0 IO. So that argument is IMHO pointless. I guess the counter-argument could be - all those services are explicitly created in order to voluntarily serve requests, but nobody volunteered their server to answer sender verification requests. Yet, a sender verification request is nothing but a three-command SMTP conversation. If someone puts an SMTP server online, and connects it via DNS, it's not exactly strange that other people talk to it. No, a rcpt-to is not intended to verify an email but to deliver an mail. You may use VRFY if you want to 1) verify an email and 2) check if you are allowed to verify... :-) bwahahaha, I suppose you know the amount of bad faith in such an argument. Every serious SMTP server disables VRFY for obvious reasons. And technically, I don't see which specifical task RCPT-TO should do on your mail server than VRFY would not do. IMHO, using rcpt-to to verify sender is just like using resume download to do segmented/parallel downloads. It works but you are using the command in an perverted/antisocial way. True, that's a perversion of the protocol. Though, you know, a lot of antispam measures are protocol perversions, and should not be used if you are so pure. For example, blacklisting someone because you /think/ he relays more than some fraction of spam[0], by shutting every connection attempt with a 500 error is a very bad RFC violation, specifically prohibited in the rfc 2821, whereas it's completely allowed to issue a QUIT at any point of the SMTP dialog. So sender verifying is at least 100% compatible with the RFC, even if diverting a command[1]. So if you see what I'm alluding to, maybe you should avoid to serve us the SMTP white knight's arguments, from you that seems quite beyond belief. [0] obviously without trying to reach their abuse@ or postmaster@ address before, that would not be enough fun else. [1] For the record, I don't like Sender Verify either, it has very poor properties, but the sole argument against it, that has some kind of value is that spammers can use it the same way to validate their databases. Hence it can make genuine hosts be considered as spammers, and that's A Bad Thing ™. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpEJhQcGOu1n.pgp Description: PGP signature
Re: db.debian.org (and related infrastructure) updates
Nicolas Boullis wrote: What about gender? How is it specified? Currently it is a drop down that allows you to choose: - unspecified - male - female Which in my opinion reflects sex and not gender. I would rather have it as an input field where people can express their gender in the way they want to, as gender has little to do with biological sex, and there's more than two options for it. Please correct me if I am wrong. -- ·''`. If I can't dance to it, it's not my revolution : :' :-- Emma Goldman `. `' Proudly running Debian GNU/Linux (unstable) `- www.amayita.com www.malapecora.com www.chicasduras.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
El sábado, 30 de diciembre de 2006 a las 15:42:33 +, Nicolas Boullis escribía: - the birthDate field isn't currently available via the mail daemon, this will be fixed soon. What about gender? How is it specified? with a ldapsearch, I can find 1, 2 and 9... It appears to be 1 = male, 2 = female, 9 = unspecified. -- Jacobo Tarrío | http://jacobo.tarrio.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 02:19:02PM -0800, Steve Langasek wrote: I figure it's a consequence of the ldapmodify default changetype being 'replace'. I suppose that's a sane default, but it could still be a bit confusing to people who don't know/notice. Nothing new here, this is how the mail gateway has handled debian.net DNS entries for years. (If it didn't do it this way, how would you have the gateway *delete* old entries?) Yes, as I said, it's probably a sane default. However, it's far from impossible to handle deletions if the default is changed, because that same gateway has functionality for that, cf. 'del field' in doc-mail.html. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sunday 31 December 2006 05:16, Amaya wrote: Nicolas Boullis wrote: What about gender? How is it specified? Currently it is a drop down that allows you to choose: - unspecified - male - female Which in my opinion reflects sex and not gender. I would rather have it as an input field where people can express their gender in the way they want to, as gender has little to do with biological sex, and there's more than two options for it. I think if someone *really* doesn't want to put male or female they can just put unspecified. -- Wesley J. Landaker [EMAIL PROTECTED] xmpp:[EMAIL PROTECTED] OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 pgpYjofJccq4i.pgp Description: PGP signature
Re: db.debian.org (and related infrastructure) updates
On Sun, 31 Dec 2006 13:16:24 +0100, Amaya [EMAIL PROTECTED] wrote: Currently it is a drop down that allows you to choose: - unspecified - male - female Which in my opinion reflects sex and not gender. I would rather have it as an input field where people can express their gender in the way they want to, as gender has little to do with biological sex, and there's more than two options for it. What other kinds of gender are there? It would be interesting to see some examples. -- Alexey Feldgendler [EMAIL PROTECTED] [ICQ: 115226275] http://feldgendler.livejournal.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Le dimanche 31 décembre 2006 à 07:29 -0700, Wesley J. Landaker a écrit : I would rather have it as an input field where people can express their gender in the way they want to, as gender has little to do with biological sex, and there's more than two options for it. I think if someone *really* doesn't want to put male or female they can just put unspecified. What should Overfiend do then? It's neither male nor female, and its sex is surely not unspecified. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `-our own. Resistance is futile. signature.asc Description: Ceci est une partie de message numériquement signée
Re: db.debian.org (and related infrastructure) updates
On Dec 31, Alexey Feldgendler [EMAIL PROTECTED] wrote: What other kinds of gender are there? It would be interesting to see some examples. Or maybe not. Who cares? -- ciao, Marco signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
Alexey Feldgendler wrote: What other kinds of gender are there? It would be interesting to see some examples. I paste some email I already privately answered. Someone wrote: Wildly OT, but don't people generally self identify more with one gender or the other? If generally equals white and rich (as in clean tab water), yes. http://en.wikipedia.org/wiki/Gender#Sex Gender can refer to the (biological) condition of being male or female, or less commonly hermaphrodite or neuter, which are missing. Not everywhere else: http://en.wikipedia.org/wiki/Third_gender Then you have - Queer (term used to describe a sexual orientation and/or gender identity or gender expression that does not conform to heteronormative society). - Gender bender (informal term used to refer to a person who actively transgresses, or bends, expected gender roles) - Transgender (individuals, behaviors, and groups involving tendencies that diverge from the normative gender role (woman or man) commonly, but not always, assigned at birth, as well as the role traditionally held by society) - Postgenderism (Advocates of postgenderism argue that the presence of gender roles, social stratification, and sexual dimorphisms are generally to the detriment of individuals and society, arguing that masculinity and femininity are oppressive social constructs) - Genderfuck is a gender performance which fucks with or plays with traditional gender identities, gender roles, and gender presentation. - Genderqueer (someone who identifies as a gender other than man or woman, or someone who identifies as neither, both, or some combination thereof) [I really don't knwo what the proper terms would be that didn't conflate both gender and phenotypic sex (which of course, is distinct from genetic sex.)] Me neither, that's why an input field feels less strict to me, and more welcoming to all individuals. -- ·''`. If I can't dance to it, it's not my revolution : :' :-- Emma Goldman `. `' Proudly running Debian GNU/Linux (unstable) `- www.amayita.com www.malapecora.com www.chicasduras.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 31, 2006 at 06:40:46PM +0100, Amaya wrote: Alexey Feldgendler wrote: What other kinds of gender are there? It would be interesting to see some examples. I paste some email I already privately answered. Someone wrote: Wildly OT, but don't people generally self identify more with one gender or the other? If generally equals white and rich (as in clean tab water), yes. http://en.wikipedia.org/wiki/Gender#Sex Gender can refer to the (biological) condition of being male or female, or less commonly hermaphrodite or neuter, which are missing. Not everywhere else: http://en.wikipedia.org/wiki/Third_gender Then you have - Queer (term used to describe a sexual orientation and/or gender identity or gender expression that does not conform to heteronormative society). - Gender bender (informal term used to refer to a person who actively transgresses, or bends, expected gender roles) - Transgender (individuals, behaviors, and groups involving tendencies that diverge from the normative gender role (woman or man) commonly, but not always, assigned at birth, as well as the role traditionally held by society) - Postgenderism (Advocates of postgenderism argue that the presence of gender roles, social stratification, and sexual dimorphisms are generally to the detriment of individuals and society, arguing that masculinity and femininity are oppressive social constructs) - Genderfuck is a gender performance which fucks with or plays with traditional gender identities, gender roles, and gender presentation. - Genderqueer (someone who identifies as a gender other than man or woman, or someone who identifies as neither, both, or some combination thereof) [I really don't knwo what the proper terms would be that didn't conflate both gender and phenotypic sex (which of course, is distinct from genetic sex.)] Me neither, that's why an input field feels less strict to me, and more welcoming to all individuals. Whats the use for such data? for postal mail? For gift giving? I've yet to see anyone in cyberspace address someone as 'genderqueer' or 'male',YMMV. feliz ano nuevo, Kev - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFl/yIv8UcC1qRZVMRAt6EAJ0XRHihaG+UqBmd9qXzxpzV44lBeQCdHOUj Heo+qYW6CBJA9YPbqX2T6dE= =Ayi8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
--- Kevin Mark [EMAIL PROTECTED] escribió: Whats the use for such data? for postal mail? For gift giving? I've yet to see anyone in cyberspace address someone as 'genderqueer' or 'male',YMMV. feliz ano nuevo, Kev Maybe that question would be a good starting point: What's the use for a gender field there? If you are able to answer that question, and depending on what the purpose of adding a gender field is, then maybe we could know if it's relevant or not. Greetings and Happy New Year, Miry __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Kevin Mark [EMAIL PROTECTED] writes: [gender entry in db.debian.org] Whats the use for such data? for postal mail? For gift giving? I've yet to see anyone in cyberspace address someone as 'genderqueer' or 'male',YMMV. Preferred pronouns is the reason I've usually heard. Although the field as constructed currently doesn't help for people who prefer zie/zir or sie/sir. (Since this sometimes sparks a long debate and as this is drifting off-topic, I won't respond to any discussion of alternative third-person pronouns on the mailing list, but I'm happy to discuss the topic privately with anyone who had never heard of such things before and is curious.) -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Kevin Mark wrote: Whats the use for such data? for postal mail? For gift giving? I've yet to see anyone in cyberspace address someone as 'genderqueer' or 'male',YMMV. Yeah, I also wonder what this LDAP field is good for, but if we are going to have it, let's make it, at least, accurate. -- ·''`. If I can't dance to it, it's not my revolution : :' :-- Emma Goldman `. `' Proudly running Debian GNU/Linux (unstable) `- www.amayita.com www.malapecora.com www.chicasduras.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Dec 31, Miriam Ruiz [EMAIL PROTECTED] wrote: Maybe that question would be a good starting point: What's the use for a gender field there? Stalking. -- ciao, Marco signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
On Sun, 31 Dec 2006 13:16:24 +0100, Amaya [EMAIL PROTECTED] wrote: Nicolas Boullis wrote: What about gender? How is it specified? Currently it is a drop down that allows you to choose: - unspecified - male - female Which in my opinion reflects sex and not gender. Would it not therefore be simpler to just rename the option as 'sex' instead of 'gender'? That would solve the argument about what options there should be (presumably the selected option can be changed at a later date if you want to argue that someone can biologically change from one sex to another). Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 31, 2006 at 07:18:36PM +0100, Amaya wrote: Kevin Mark wrote: Whats the use for such data? for postal mail? For gift giving? I've yet to see anyone in cyberspace address someone as 'genderqueer' or 'male',YMMV. Yeah, I also wonder what this LDAP field is good for, but if we are going to have it, let's make it, at least, accurate. Hi Amaya, I was considering: sex gender options and realized that the only reasonably non-changing question would be 'sex chromosomes'[0] which can be XX or XY (unless gravity or any person with relevant info can add to this). 'Men' can add and remove 'parts' as 'women' can, so 'organs' are not fixed in this age, unless you count 'original parts' and some folks like to use 'temporary' parts. cherio, Kev [0] http://biology.about.com/library/weekly/aa091103a.htm - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFmBs9v8UcC1qRZVMRAs/0AKCZwmtuVSFXdjVCf5ITTcEPsyGlngCeJrPm iO34mz9uHL0Hv7/8qD9+4Mk= =d2Hq -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
--- Kevin Mark [EMAIL PROTECTED] escribió: Hi Amaya, I was considering: sex gender options and realized that the only reasonably non-changing question would be 'sex chromosomes'[0] which can be XX or XY (unless gravity or any person with relevant info can add to this). 'Men' can add and remove 'parts' as 'women' can, so 'organs' are not fixed in this age, unless you count 'original parts' and some folks like to use 'temporary' parts. cherio, Kev [0] http://biology.about.com/library/weekly/aa091103a.htm I don't think neither genotype nor which parts you have or not can be relevant in any way for DD database. The only important thing could be the social relevance of it, and that means gender. Any other solution seems more trying to justify that field than anything really useful. Greetings, Miry __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 31, 2006 at 09:57:31PM +0100, Miriam Ruiz wrote: --- Kevin Mark [EMAIL PROTECTED] escribió: Hi Amaya, I was considering: sex gender options and realized that the only reasonably non-changing question would be 'sex chromosomes'[0] which can be XX or XY (unless gravity or any person with relevant info can add to this). 'Men' can add and remove 'parts' as 'women' can, so 'organs' are not fixed in this age, unless you count 'original parts' and some folks like to use 'temporary' parts. cherio, Kev [0] http://biology.about.com/library/weekly/aa091103a.htm Hi Miry, social relevance of it, and that means gender. Any other solution seems more trying to justify that field than anything really useful. When you specify 'social' relevance, does that mean 'the larger society' or 'the Debian society'? And relevant to what? Dancing partners at Debconf? Free software has both social and technical elements. The techincal bits have no gender, AFIACT. In regards to the social bits, I see FLOSS as moving towards a sphere where people define who and what they are, regardless of their XX or XY bits. The distinction is made when interfacing with the outside world when folks need insurance, health care, or drivers license and must check a box.YMMV. feliz ano nuevo! Kev ps. that does not mean that peoples attributes should be forgotten, for the world would be boring otherwise. - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFmD9Cv8UcC1qRZVMRAkOkAJ9NAksSP6ub1TdgtNb0Ly+IuIF6agCZAVNL BMkTpdzqHikmc+Y1ORTAIsY= =sAfv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
--- Kevin Mark [EMAIL PROTECTED] escribió: Hi Miry, social relevance of it, and that means gender. Any other solution seems more trying to justify that field than anything really useful. When you specify 'social' relevance, does that mean 'the larger society' or 'the Debian society'? And relevant to what? Dancing partners at Debconf? Free software has both social and technical elements. The techincal bits have no gender, AFIACT. In regards to the social bits, I see FLOSS as moving towards a sphere where people define who and what they are, regardless of their XX or XY bits. The distinction is made when interfacing with the outside world when folks need insurance, health care, or drivers license and must check a box.YMMV. feliz ano nuevo! Kev ps. that does not mean that peoples attributes should be forgotten, for the world would be boring otherwise. I'm sorry I haven't explained myself more clearly. I'll try to make my point a bit more explicit: 1) I don't see any relevance in having a gender field. The only exception I might find is for genderifying the texts in web pages and mails, or maybe for statistics. 2) I see even less relevance in having medical data, such as the genotype (XX, XY or whatever), genital data, etc. Miry __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.yahoo.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Kevin Mark [EMAIL PROTECTED] writes: I was considering: sex gender options and realized that the only reasonably non-changing question would be 'sex chromosomes'[0] which can be XX or XY (unless gravity or any person with relevant info can add to this). Sex chromosones in humans can, indeed, be found in several combinations other than XX or XY (XO, XXX, XXY, XYY, XO/XY, XX male, and XY female at the least), and we don't even know for sure that the full set of possibilities is enumerable. Also, sex chromosones aren't the same thing as gender. Generally speaking, and this is a difficult area of language in which all generalizations are suspect, sex is a statement about a biological property and gender is a statement about a social property. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Jan 01, 2007 at 12:06:55AM +0100, Miriam Ruiz wrote: 1) I don't see any relevance in having a gender field. The only exception I might find is for genderifying the texts in web pages and mails, or maybe for statistics. 2) I see even less relevance in having medical data, such as the genotype (XX, XY or whatever), genital data, etc. Miry That certainly clears things up. I was just reading a post of 'princess leia'(on live.linuxchix.org) about the irc habit of joining a forum with 'hi guys!' when there ARE women present. So she expect folks to not address a crowd as all male when there may not be in fact all men and how some men object to her voicing her displeasure with their lack of awareness. And then you bring up the idea that you find a 'gender' field not relevent to LDAP developer data. Do you think it relevent to keep stats of 'women', do you want to keep a field that states the desired way you want to be addressed in email, mail or irc? or other situation-specific ways? These are certainly unclear issue for me. Cheers, Kev - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFmFQ+v8UcC1qRZVMRAgwOAJ4zryQT69sanELhK+jXbAC4zTZl6gCgjO5v AL6bcS9VGkONfVkX4iNWchI= =bpl1 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 31, 2006 at 04:15:53PM -0800, Russ Allbery wrote: Kevin Mark [EMAIL PROTECTED] writes: I was considering: sex gender options and realized that the only reasonably non-changing question would be 'sex chromosomes'[0] which can be XX or XY (unless gravity or any person with relevant info can add to this). Sex chromosones in humans can, indeed, be found in several combinations other than XX or XY (XO, XXX, XXY, XYY, XO/XY, XX male, and XY female at the least), and we don't even know for sure that the full set of possibilities is enumerable. Also, sex chromosones aren't the same thing as gender. Generally speaking, and this is a difficult area of language in which all generalizations are suspect, sex is a statement about a biological property and gender is a statement about a social property. Hi Russ, thats for the elucidation... Now I'm even more confused x-) I'm blinded by science!(thanks to thomas dolby). More to ponder in the comming year. cheers, Kev - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | 'under construction' | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFmFWav8UcC1qRZVMRAlS1AKCPkR/lhUvBjzaA27InfSMshFB4WQCghUBG E7pXwQ3z6UYWbVDNTh9vzJM= =L+NL -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Dec 30, Ryan Murray [EMAIL PROTECTED] wrote: * Mail sender verification callouts It's sad to see Debian promoting and supporting use of antisocial software. -- ciao, Marco signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 02:49:20PM +0100, Marco d'Itri wrote: * Mail sender verification callouts It's sad to see Debian promoting and supporting use of antisocial software. There's nothing more anti-social in sender verification than in any other similar check - if someone sends mail from an address that cannot be delivered to, I don't want to accept it, because I can't deliver a reply to them. If they want to talk to me, but won't accept replies from me, who exactly is antisocial there? There are valid technical arguments against sender callout verification, but what you said is just nonsensical. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Josip Rodin wrote: There's nothing more anti-social in sender verification than in any other similar check - if someone sends mail from an address that cannot be delivered to, I don't want to accept it, because I can't deliver a reply to them. If they want to talk to me, but won't accept replies from me, who exactly is antisocial there? I've seen a lot of announcement/verification emails (such as Amazon orders) which go out from an address that does not exist - presumably such emails would be blocked by sender verification? You could argue perhaps that the people sending out these emails shouldn't be doing this, or that developers shouldn't be using @debian.org addresses for that purpose, but it's not quite as clear cut as not being able to reply means that you don't want to receive an email. Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 05:34:28AM -0800, Ryan Murray wrote: [...] The mail gateway, web scripts, and userdir-ldap command line interface have all been updated to deal with the new fields. Thanks Ryan. As usual, you do the right thing. I'm still sad that we all have to wait for you to get sufficient free time slots to do these kinds of things, but hey. I should note that the mail bot is a wee bit too simple when processing the new mailRBL field; I did this: % echo mailrbl sbl.spamhaus.org | gpg --clearsign | mail -s mailrbl [EMAIL PROTECTED] % echo mailrbl list.dsbl.org | gpg --clearsign | mail -s mailrbl [EMAIL PROTECTED] which resulted in only the latter being in the mailRBL field in the LDAP database. It works when both settings are specified in a single batch. I figure it's a consequence of the ldapmodify default changetype being 'replace'. I suppose that's a sane default, but it could still be a bit confusing to people who don't know/notice. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On 10884 March 1977, Marco d'Itri wrote: * Mail sender verification callouts It's sad to see Debian promoting and supporting use of antisocial software. And if you would simply read the mail you would understand that this is a per-user setting. If you dont like it - dont use it. -- bye Joerg Getty LOL die Telefonnummer vom Arbeitsamt Mönchengladbach ist echt 404-0? Getty Soll das nen schlechter Scherz sein? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
hi [ thanks Ryan for the work] Ryan Murray ha scritto: The mail gateway, web scripts, and userdir-ldap command line interface have all been updated to deal with the new fields. I connected to the web interface at https://db.debian.org/update.cgi?id=mennucc1 I found fields for birthdate and Greylisting and Callout, but no fields for RBL and RHSBL and whitelisting a. signature.asc Description: OpenPGP digital signature
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 02:10:14PM +, Paul Waring wrote: I've seen a lot of announcement/verification emails (such as Amazon orders) which go out from an address that does not exist - presumably such emails would be blocked by sender verification? Yes. Sender callout verification is basically this: % swaks -q RCPT -f '' -t [EMAIL PROTECTED] === Trying master.debian.org:25... === Connected to master.debian.org. - 220 master.debian.org ESMTP Exim 4.50 Sat, 30 Dec 2006 14:22:32 + - EHLO keid.carnet.hr - 250-master.debian.org Hello keid.carnet.hr [161.53.160.10] - 250-SIZE 62914560 - 250-PIPELINING - 250 HELP - MAIL FROM: - 250 OK - RCPT TO:[EMAIL PROTECTED] ** 550 unknown user - QUIT - 221 master.debian.org closing connection % swaks -q RCPT -f '' -t [EMAIL PROTECTED] === Trying master.debian.org:25... === Connected to master.debian.org. - 220 master.debian.org ESMTP Exim 4.50 Sat, 30 Dec 2006 14:22:49 + - EHLO keid.carnet.hr - 250-master.debian.org Hello keid.carnet.hr [161.53.160.10] - 250-SIZE 62914560 - 250-PIPELINING - 250 HELP - MAIL FROM: - 250 OK - RCPT TO:[EMAIL PROTECTED] - 250 Accepted - QUIT - 221 master.debian.org closing connection Based on (an integrated implementation of) that behaviour, Exim makes it possible to reject mails (at SMTP time, not via a bounce), or put the result of the check in a variable an pass it on in a header (where you can e.g. make SpamAssassin score on it). You could argue perhaps that the people sending out these emails shouldn't be doing this, or that developers shouldn't be using @debian.org addresses for that purpose, but it's not quite as clear cut as not being able to reply means that you don't want to receive an email. Well, as with all automatic anti-spam measures, it's an issue of ratio - whether the number of unverifiable senders that are also spam sufficiently exceeds the number of unverifiable senders that are wanted. For years now, I have observed the latter in negligible ranges. Obviously, YMMV. People who got false positives were instantly notified, and they didn't complain too much. Again, YMMV. BTW, really popular systems that send out gobs of autogenerated legitimate e-mails generally tend to switch to using verifiable addresses because they notice that they can't deliver to people using sender verification. Anyway, the simple fact that this is a matter of choice makes this whole discussion moot - if someone wishes to do it, they can; if they don't, they are perfectly free to avoid it. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 03:27:46PM +0100, Josip Rodin wrote: I've seen a lot of announcement/verification emails (such as Amazon orders) which go out from an address that does not exist - presumably such emails would be blocked by sender verification? Yes. Sender callout verification is basically this: Note that the mail in the From field can be different from the envelope given in the SMTP session (which is where a bounce would go). /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 03:32:02PM +0100, Steinar H. Gunderson wrote: I've seen a lot of announcement/verification emails (such as Amazon orders) which go out from an address that does not exist - presumably such emails would be blocked by sender verification? Yes. Sender callout verification is basically this: Note that the mail in the From field can be different from the envelope given in the SMTP session (which is where a bounce would go). Yes, Exim on master.d.o is currently set up to verify envelope senders. It doesn't verify header senders (although such a thing is also possible). The two addresses may differ. So currently the situation is that if your Amazon order or whathaveyou comes in with a deliverable envelope sender address, but an undeliverable header sender address, it'll go through. (More often than not, however, mails come with both addresses being the same.) -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On 10884 March 1977, Joerg Jaspert wrote: Hehe, reply to myself, but it didnt really fit for d-d-a. - If you whitelist hosts - dont bother to whitelist any .debian.org host, they are automagically whitelisted. I personally would love, if you go and whitelist, that you also whitelist the following set of hosts: smithers.debconf.org cmburns.debconf.org chic.spi-inc.org frida.spi-inc.org That are the main MXs and list servers for DebConf and SPI. (Of course if you don't do stuff with one of that - dont bother). They arent spambots and greylisting wont help you, they will queue and definitely deliver it to you. :) -- bye Joerg elmo I'm James Troup, long term source of all evil in Debian. you may know me from such debian-devel-announce gems as Serious Problems With pgpv12uM2sQeP.pgp Description: PGP signature
Re: db.debian.org (and related infrastructure) updates
Hi, On Sat, Dec 30, 2006 at 04:31:12PM +0100, Joerg Jaspert wrote: - the birthDate field isn't currently available via the mail daemon, this will be fixed soon. What about gender? How is it specified? with a ldapsearch, I can find 1, 2 and 9... Cheers, Nicolas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Dec 30, Josip Rodin [EMAIL PROTECTED] wrote: It's sad to see Debian promoting and supporting use of antisocial software. There's nothing more anti-social in sender verification than in any other similar check - if someone sends mail from an address that cannot be delivered to, I don't want to accept it, because I can't deliver a reply to them. If they want to talk to me, but won't accept replies from me, who exactly is antisocial there? For a start that sites performing sender verification will partecipate in a DDoS on the mail infrastructure of domains forged by spammers. It's just as simple as this. Sender verification is barely less harmful than C/R schemes and antivirus advertisements^Wnotices. Also, sender verification when seen from the side of the victims is indistinguishable from a dictionary attack, and may cause deliverability issues to the hosts attempting it. On Dec 30, Joerg Jaspert [EMAIL PROTECTED] wrote: And if you would simply read the mail you would understand that this is a per-user setting. If you dont like it - dont use it. And if you would simply read the mail you would understand that this is not relevant. -- ciao, Marco signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 04:37:15PM +0100, Joerg Jaspert wrote: I personally would love, if you go and whitelist, that you also whitelist the following set of hosts: Wouldn't this be useful in the greylistd configuration on master, then? -- Daniel Jacobowitz CodeSourcery -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Marco d'Itri wrote: For a start that sites performing sender verification will partecipate in a DDoS on the mail infrastructure of domains forged by spammers. As we have started to collect stats, out of 1K connections, there are from 30 to 50 connections that look like sender verify. This is quite low right now but it could be harmful on big domains if more people use it. There are two things I really dislike in sender verification. First, you are using someone else ressources to fight spam. Second, spammers may adapt in an annoying way (either they will use domains who always answer a 2xx to rcpt to, or they will use verified emails). Also, sender verification when seen from the side of the victims is indistinguishable from a dictionary attack, and may cause deliverability issues to the hosts attempting it. I confirm it : we already have blacklisted IPs as they were issuing too many rcpt-to on not existing emails. These were dued to sender verifications... François -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 04:44:06PM +0100, Marco d'Itri wrote: It's sad to see Debian promoting and supporting use of antisocial software. There's nothing more anti-social in sender verification than in any other similar check - if someone sends mail from an address that cannot be delivered to, I don't want to accept it, because I can't deliver a reply to them. If they want to talk to me, but won't accept replies from me, who exactly is antisocial there? For a start that sites performing sender verification will partecipate in a DDoS on the mail infrastructure of domains forged by spammers. It's just as simple as this. Sender verification is barely less harmful than C/R schemes and antivirus advertisements^Wnotices. Um, that happens if your domain is used in spam to so many different mail servers and with so many various local parts (so as to avoid caching), and all that are three-verb SMTP conversations. TBH I've never actually heard of anyone getting DDoS'ed by sender verification attempts, so I can't really imagine that this is terribly likely to happen. Besides, in the core, it's silly to call the idea antisocial just because it can be used in a DDoS. Heck, TCP SYN can be used in a DDoS, and any higher protocol too, but that doesn't mean they're antisocial, only that they are prone to abuse by antisocial people. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 05:34:28AM -0800, Ryan Murray wrote: * Mail greylisting What happens with a mail which is delivered to an user with greylisting enabled and one with it disabled? * Mail whitelist * Mail RBL list * Mail RHSBL list What happens with this lists for mails which is delivered to more than one user? Bastian -- ... freedom ... is a worship word... It is our worship word too. -- Cloud William and Kirk, The Omega Glory, stardate unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Dec 30, Josip Rodin [EMAIL PROTECTED] wrote: Um, that happens if your domain is used in spam to so many different mail servers and with so many various local parts (so as to avoid caching), and all that are three-verb SMTP conversations. TBH I've never actually This happens often indeed. heard of anyone getting DDoS'ed by sender verification attempts, so I can't really imagine that this is terribly likely to happen. I did. Besides, in the core, it's silly to call the idea antisocial just because it can be used in a DDoS. Heck, TCP SYN can be used in a DDoS, and any higher protocol too, but that doesn't mean they're antisocial, only that they are prone to abuse by antisocial people. SYNs are a fundamental protocol element which cannot be replaced easily, sender verification is not. -- ciao, Marco signature.asc Description: Digital signature
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 05:14:30PM +0100, Francois Petillon wrote: As we have started to collect stats, out of 1K connections, there are from 30 to 50 connections that look like sender verify. This is quite low right now but it could be harmful on big domains if more people use it. Yes. Just like any other large amount of traffic could be harmful on big domains. you are using someone else ressources to fight spam. That's certainly true. But, come to think of it, using someone else's resources is not really a taboo on the Internet. We all participate in such things, almost constantly. Whenever I make a connection to a site, that site has to spend resources to answer me (even if the answer is a rejection). If I resolve a domain, this takes a toll on the entire DNS infrastructure leading up to the desired domain. I use a search engine, whose crawler bot most probably spent gobs of resources on countless sites in order to get me search results. I suppose we could just go about being unusually thrifty and use only our own resources in anti-spam, but these days even content filtering from SpamAssassin is fairly inadequate without a number of checks in remote databases. I guess the counter-argument could be - all those services are explicitly created in order to voluntarily serve requests, but nobody volunteered their server to answer sender verification requests. Yet, a sender verification request is nothing but a three-command SMTP conversation. If someone puts an SMTP server online, and connects it via DNS, it's not exactly strange that other people talk to it. Second, spammers may adapt in an annoying way (either they will use domains who always answer a 2xx to rcpt to, or they will use verified emails). Some of them actually already do that, all the time, for years now. Also, sender verification when seen from the side of the victims is indistinguishable from a dictionary attack, and may cause deliverability issues to the hosts attempting it. I confirm it : we already have blacklisted IPs as they were issuing too many rcpt-to on not existing emails. These were dued to sender verifications... You choose to ban those, just like someone else chooses to ban deliveries from unverifiable senders. There's nothing particularly strange there. -- 2. That which causes joy or happiness. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Bastian Blank [EMAIL PROTECTED] wrote: On Sat, Dec 30, 2006 at 05:34:28AM -0800, Ryan Murray wrote: * Mail greylisting What happens with a mail which is delivered to an user with greylisting enabled and one with it disabled? * Mail whitelist * Mail RBL list * Mail RHSBL list What happens with this lists for mails which is delivered to more than one user? Hello, Afaict from reading exim4.conf on master all tests are done after RCPT TO, so for greylisting you get MAIL FROM:[EMAIL PROTECTED] 250 OK RCPT TO:[EMAIL PROTECTED] 451 greylisted RCPT TO:[EMAIL PROTECTED] 250 Accepted DATA [...] and the non-greylist users will usually simply receive the mail immediately. The same thing would apply to DNS-lists tests, rcpt to for enabled acounts is rejected, the others receive the mail. cu andreas -- The 'Galactic Cleaning' policy undertaken by Emperor Zhark is a personal vision of the emperor's, and its inclusion in this work does not constitute tacit approval by the author or the publisher for any such projects, howsoever undertaken.(c) Jasper Ffforde -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
* Paul Waring: I've seen a lot of announcement/verification emails (such as Amazon orders) which go out from an address that does not exist - In the SMTP envelope? I strongly doubt that. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
On Sat, Dec 30, 2006 at 03:14:45PM +0100, Josip Rodin wrote: On Sat, Dec 30, 2006 at 05:34:28AM -0800, Ryan Murray wrote: [...] The mail gateway, web scripts, and userdir-ldap command line interface have all been updated to deal with the new fields. Thanks Ryan. As usual, you do the right thing. I'm still sad that we all have to wait for you to get sufficient free time slots to do these kinds of things, but hey. I should note that the mail bot is a wee bit too simple when processing the new mailRBL field; I did this: % echo mailrbl sbl.spamhaus.org | gpg --clearsign | mail -s mailrbl [EMAIL PROTECTED] % echo mailrbl list.dsbl.org | gpg --clearsign | mail -s mailrbl [EMAIL PROTECTED] which resulted in only the latter being in the mailRBL field in the LDAP database. It works when both settings are specified in a single batch. I figure it's a consequence of the ldapmodify default changetype being 'replace'. I suppose that's a sane default, but it could still be a bit confusing to people who don't know/notice. Nothing new here, this is how the mail gateway has handled debian.net DNS entries for years. (If it didn't do it this way, how would you have the gateway *delete* old entries?) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: db.debian.org (and related infrastructure) updates
Josip Rodin wrote: Yes. Just like any other large amount of traffic could be harmful on big domains. I will be more precise. Answering a rcpt-to is, in my case, around 20 to 30% of the job of the storage cluster to deliver a mail (I am not talking about CPU, just disks IOs). If the number of mails sent as from our domains is equivalent to the number of mails we receive and if everybody use sender verify, it would mean we have to increase our IOs capacity by 20 to 30% (I know, there is 2 if and it is a very rough figure). I guess the counter-argument could be - all those services are explicitly created in order to voluntarily serve requests, but nobody volunteered their server to answer sender verification requests. Yet, a sender verification request is nothing but a three-command SMTP conversation. If someone puts an SMTP server online, and connects it via DNS, it's not exactly strange that other people talk to it. No, a rcpt-to is not intended to verify an email but to deliver an mail. You may use VRFY if you want to 1) verify an email and 2) check if you are allowed to verify... :-) IMHO, using rcpt-to to verify sender is just like using resume download to do segmented/parallel downloads. It works but you are using the command in an perverted/antisocial way. François -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]