log permissions
Hi, I have a slink->potato->woody server, and I am a little concerned about the permissions some of the log files in /var/log have. There are too many to list, but here are some: -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire -rw-r--r--1 root root10152 Nov 3 14:49 wdm.log -rw-r--r--1 root root0 Nov 3 06:26 mysql.err -rw-r--r--1 root adm 0 Oct 29 06:47 cfingerd.log -rw-r--r--1 root root 8483 Oct 22 12:42 dmesg -rw-rw-r--1 root utmp 320908 Nov 3 16:43 lastlog -rw-r--r--1 root root 947139 Nov 3 16:36 nmb why are these files read by all? I have "normal" users on my system, and although I trust them, these kinds of permissions make me feel a little paranoid. ie: they could be used by someone to investigate system use, etc.. -- Ian Cumming, [EMAIL PROTECTED] "The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd Edition, June, 1972
Re: I want to try something for freedom.
On Wed, 1 Nov 2000 09:12:34 -0500 (EST) Patrick Maheral <[EMAIL PROTECTED]> wrote: > Isn't there a provision in American (or Canadian) law that allows > reverse engineering (not disassembling code) for interoperability > purposes? Tell that to the DMCA, DeCSS, and the EFF. -- J C Lawrence Home: [EMAIL PROTECTED] -(*) Other: [EMAIL PROTECTED] http://www.kanga.nu/~claw/Keys etc: finger [EMAIL PROTECTED] --=| A man is as sane as he is dangerous to his environment |=--
log permissions
Hi, I have a slink->potato->woody server, and I am a little concerned about the permissions some of the log files in /var/log have. There are too many to list, but here are some: -rw-r--r--1 root root 8232348 Nov 3 06:43 tripwire -rw-r--r--1 root root10152 Nov 3 14:49 wdm.log -rw-r--r--1 root root0 Nov 3 06:26 mysql.err -rw-r--r--1 root adm 0 Oct 29 06:47 cfingerd.log -rw-r--r--1 root root 8483 Oct 22 12:42 dmesg -rw-rw-r--1 root utmp 320908 Nov 3 16:43 lastlog -rw-r--r--1 root root 947139 Nov 3 16:36 nmb why are these files read by all? I have "normal" users on my system, and although I trust them, these kinds of permissions make me feel a little paranoid. ie: they could be used by someone to investigate system use, etc.. -- Ian Cumming, [EMAIL PROTECTED] "The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd Edition, June, 1972 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I want to try something for freedom.
On Wed, 1 Nov 2000 09:12:34 -0500 (EST) Patrick Maheral <[EMAIL PROTECTED]> wrote: > Isn't there a provision in American (or Canadian) law that allows > reverse engineering (not disassembling code) for interoperability > purposes? Tell that to the DMCA, DeCSS, and the EFF. -- J C Lawrence Home: [EMAIL PROTECTED] -(*) Other: [EMAIL PROTECTED] http://www.kanga.nu/~claw/Keys etc: finger [EMAIL PROTECTED] --=| A man is as sane as he is dangerous to his environment |=-- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I want to try something for freedom.
On Thu, Nov 02, 2000 at 07:44:20PM +1100, Paul Haesler wrote: > Microsoft has never sued Tridge and co. over samba which > would seem to be a closer analogy - A reverse engineered > network protocol, as opposed to a cracked encryption > algorithm. The protocol wasn't patented. It is supposedly documented in an RFC about NMB. Microsoft doesn't adhere to that standard, so the challenge is that the protocol is really convoluted and hard to deal with, not that there are any legal obstacles. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > > mail-abuse.org just test relaying...and postfix fails the test, but doesn't > > it fails? since when? or rather what are you defining as failure? in > my tests it refused to relay each and every attempt from them. This might be like what exim does. mail-abuse.org thinks the message to [EMAIL PROTECTED] was accepted, but exim doesn't actually deliver it. It doesn't seem to treat % addresses specially. (This is a good thing, as far as I'm concerned. less code = fewer chances for holes.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 11:49:35AM +0100, Ingemar Fällman typed: } Try this :) } } telnet some.other.host.running.postfix 25 } HELO my.hostname } MAIL FROM:<[EMAIL PROTECTED]> } RCPT TO:<[EMAIL PROTECTED]> } DATA } Testing testing } . } QUIT Hostnames have been changed to protect the innocent (although that's not needed in this case). protected.fake.fake.xxx is a machine I've set up myself that has a default potato debian install, with postfix (default as well). urh1000|someuser> telnet protected.fake.fake.xxx 25 Trying XXX.XXX.XXX.XXX... Connected to protected.fake.fake.xxx (XXX.XXX.XXX.XXX). Escape character is '^]'. 220 protected.fake.fake.xxx ESMTP Postfix HELO urh1000.uiuc.edu 250 protected.fake.fake.xxx MAIL FROM:<[EMAIL PROTECTED]> 250 Ok RCPT TO:<[EMAIL PROTECTED]> 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied -- An Thi-Nguyen Le |The questions remain the same. The answers are eternally variable.
Re: I want to try something for freedom.
On Thu, Nov 02, 2000 at 07:44:20PM +1100, Paul Haesler wrote: > Microsoft has never sued Tridge and co. over samba which > would seem to be a closer analogy - A reverse engineered > network protocol, as opposed to a cracked encryption > algorithm. The protocol wasn't patented. It is supposedly documented in an RFC about NMB. Microsoft doesn't adhere to that standard, so the challenge is that the protocol is really convoluted and hard to deal with, not that there are any legal obstacles. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I want to try something for freedom.
On Thu, 2 Nov 2000, Robert Varga wrote: > > Yes, but it is in every aspect similar to what the person who wrote the > first letter in this thread wants to do or is advised to do, namely to > reverse-engineer the operation of a working system which is developed only > for win* and based on proprietary algorithms. That's exactly the same what > the person writing the DeCSS has done. Hence the company creating the > authentication software would probably sue the person writing the first > letter and could expect that the result would be the same as the DeCSS > lawsuit, and it is currently lost. If this happens before the DeCSS > lawsuit is finished in the Supreme Court, then the result will be likely > the same as the first stages of the DeCSS lawsuit, meaning probably lost. > > This is only my two-pence of course, but I could not stand not to point > out the similarities between the two situation. I'm not even sure this will get into the lists... The main reason that DeCSS has not been defendable as reverse engineering for sake of compatibility is that the program has a clear purpose that is not compatibility. It is a windows program that decodes a dvd movie and writes it to another file. Key points here: 1. it only runs on windows, thus no compatibility. 2. it doesn't actually play anything, only copy it. there are seperate protections for *copying* works than for access to works. If it had never been released for windows, and only released once it worked on linux, the lawsuit might never have happened. (although there has been interesting discussion surrounding the difference between obtaining access to a work being protected, and creating a device to obtain access to a work not being protected) In this situation, there doesn't seem to be a copyrighted work being protected, which means most of the more often debated parts of the DMCA do not apply. In any case, here's what I'd do: *most likely* that "proprietary authenticatioin client" isn't very proprietary. I would be very surprised if they had actually done anything creative in simply authenticating someone. *much* more likely, is that they simply packaged known algorithms as a client and a server that worked together. They wrote it, yes, but the probably used some 3rd party component to do the real work. (i.e. encryption) The only 'proprietary' piece you would have to worry about would be the patents on those encryption algorithms. (like RSA) Technically: - look at the product. find the vendor. go to their website read up. it might just tell you right off what you are looking for. - look at the installation package for the client software. what does it install? is there something like RSAlib.dll? or ssl*.dll? or blowfish.dll? (etc.) heck, do symbol dumps of all the dlls it installed. - look at the server. (if you can) find someone who administers it (the techie, not the librarian) and have a friendly discussion about it. - nmap the server (this is possibly not a good idea, depending on how paranoid the admins are. - set up a dummy server and tell a windows box to try to connect to it. forwarding both request and response while logging. look for the the 'authentication' and for well known things like ssl session startups. be careful not to sniff anyones elses password. You haven't done anything illegal, yet (although be careful about the nmap) and you haven't even written anything, but you might know exactly what you would need to do to write a linux client.
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > > mail-abuse.org just test relaying...and postfix fails the test, but doesn't > > it fails? since when? or rather what are you defining as failure? in > my tests it refused to relay each and every attempt from them. This might be like what exim does. mail-abuse.org thinks the message to [EMAIL PROTECTED] was accepted, but exim doesn't actually deliver it. It doesn't seem to treat % addresses specially. (This is a good thing, as far as I'm concerned. less code = fewer chances for holes.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 11:49:35AM +0100, Ingemar Fällman typed: } Try this :) } } telnet some.other.host.running.postfix 25 } HELO my.hostname } MAIL FROM:<[EMAIL PROTECTED]> } RCPT TO:<[EMAIL PROTECTED]> } DATA } Testing testing } . } QUIT Hostnames have been changed to protect the innocent (although that's not needed in this case). protected.fake.fake.xxx is a machine I've set up myself that has a default potato debian install, with postfix (default as well). urh1000|someuser> telnet protected.fake.fake.xxx 25 Trying XXX.XXX.XXX.XXX... Connected to protected.fake.fake.xxx (XXX.XXX.XXX.XXX). Escape character is '^]'. 220 protected.fake.fake.xxx ESMTP Postfix HELO urh1000.uiuc.edu 250 protected.fake.fake.xxx MAIL FROM:<[EMAIL PROTECTED]> 250 Ok RCPT TO:<[EMAIL PROTECTED]> 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied -- An Thi-Nguyen Le |The questions remain the same. The answers are eternally variable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
Hi Ethan! On Thu, 02 Nov 2000, Ethan Benson wrote: > > If you do not set mynetworks postfix guesses it from the interfaces and > > allows > > all hosts on the classful subnets of those interfaces to relay through you. > > ah! i see didn't think of that one... so you need to specify > mynetworks with the correct subnet. Yes. yours, peter -- PGP encrypted messages preferred. http://www.palfrader.org/
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote: > Hi! > > On Thu, 02 Nov 2000, Borut Mrak wrote: > > > On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > > so my question now is postfix a open relay by default or not? > > > > No. > > It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you > will be an open relay for the entire _class_A_ net 62. > > If you do not set mynetworks postfix guesses it from the interfaces and allows > all hosts on the classful subnets of those interfaces to relay through you. ah! i see didn't think of that one... so you need to specify mynetworks with the correct subnet. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpXEhVIGWmDI.pgp Description: PGP signature
Re: I want to try something for freedom.
On Thu, 2 Nov 2000, Robert Varga wrote: > > Yes, but it is in every aspect similar to what the person who wrote the > first letter in this thread wants to do or is advised to do, namely to > reverse-engineer the operation of a working system which is developed only > for win* and based on proprietary algorithms. That's exactly the same what > the person writing the DeCSS has done. Hence the company creating the > authentication software would probably sue the person writing the first > letter and could expect that the result would be the same as the DeCSS > lawsuit, and it is currently lost. If this happens before the DeCSS > lawsuit is finished in the Supreme Court, then the result will be likely > the same as the first stages of the DeCSS lawsuit, meaning probably lost. > > This is only my two-pence of course, but I could not stand not to point > out the similarities between the two situation. I'm not even sure this will get into the lists... The main reason that DeCSS has not been defendable as reverse engineering for sake of compatibility is that the program has a clear purpose that is not compatibility. It is a windows program that decodes a dvd movie and writes it to another file. Key points here: 1. it only runs on windows, thus no compatibility. 2. it doesn't actually play anything, only copy it. there are seperate protections for *copying* works than for access to works. If it had never been released for windows, and only released once it worked on linux, the lawsuit might never have happened. (although there has been interesting discussion surrounding the difference between obtaining access to a work being protected, and creating a device to obtain access to a work not being protected) In this situation, there doesn't seem to be a copyrighted work being protected, which means most of the more often debated parts of the DMCA do not apply. In any case, here's what I'd do: *most likely* that "proprietary authenticatioin client" isn't very proprietary. I would be very surprised if they had actually done anything creative in simply authenticating someone. *much* more likely, is that they simply packaged known algorithms as a client and a server that worked together. They wrote it, yes, but the probably used some 3rd party component to do the real work. (i.e. encryption) The only 'proprietary' piece you would have to worry about would be the patents on those encryption algorithms. (like RSA) Technically: - look at the product. find the vendor. go to their website read up. it might just tell you right off what you are looking for. - look at the installation package for the client software. what does it install? is there something like RSAlib.dll? or ssl*.dll? or blowfish.dll? (etc.) heck, do symbol dumps of all the dlls it installed. - look at the server. (if you can) find someone who administers it (the techie, not the librarian) and have a friendly discussion about it. - nmap the server (this is possibly not a good idea, depending on how paranoid the admins are. - set up a dummy server and tell a windows box to try to connect to it. forwarding both request and response while logging. look for the the 'authentication' and for well known things like ssl session startups. be careful not to sniff anyones elses password. You haven't done anything illegal, yet (although be careful about the nmap) and you haven't even written anything, but you might know exactly what you would need to do to write a linux client. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
Hi! On Thu, 02 Nov 2000, Borut Mrak wrote: > On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > so my question now is postfix a open relay by default or not? > > No. It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you will be an open relay for the entire _class_A_ net 62. If you do not set mynetworks postfix guesses it from the interfaces and allows all hosts on the classful subnets of those interfaces to relay through you. Two bugs have been files against postfix (one normal[0] and one wishlist[2]) and one wishlist against postfix-tls wich was closed by the maintainer: On Mon, 09 Oct 2000, Craig Sanders wrote: | 2. sorry, if you have special and unusual needs you're going to have | to configure it yourself - you already know what you need to | do, it's in your proposed "solution". for most people, relaying for | their own network(s) is the correct thing to do. yours, peter 0. #72744: postfix: Bizarre relaying defaults http://bugs.debian.org/72744 1. #74288: postfix: please add mynetworks=127.0.0.1/8 to main.cf http://bugs.debian.org/74288 2. #74289: postfix: please add mynetworks=127.0.0.1/8 to main.cf http://bugs.debian.org/74289 -- PGP encrypted messages preferred. http://www.palfrader.org/
Re: Postfix is spammer-friendly by default on potato and woody
> So, Postfix appears to be an open relay to the stupid mail-abuse.org > test, because the test does not confirm the relay when it receives its > message back, but right after it gives it away. This is also the case for Exim, I believe, with a standard configuration (percent_hack_domains commented out): $ telnet mail.math-hat.com 25 Trying 216.254.75.142... Connected to zukerman-1.dsl.speakeasy.net. Escape character is '^]'. 220 zukerman-1.dsl.speakeasy.net ESMTP Exim 3.12 #1 Thu, 02 Nov 2000 06:53:53 -0500 HELO foo 250 zukerman-1.dsl.speakeasy.net Hello foo [x.x.x.x] MAIL FROM: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct RCPT TO: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct DATA 354 Enter message, ending with "." on a line by itself testing... . 250 OK id=13rIxD-0002aC-00 quit >From /var/log/exim/mainlog: 2000-11-02 06:54:50 13rIxD-0002aC-00 <= [EMAIL PROTECTED] H=(localhost) [x.x.x.x] P=smtp S=308 2000-11-02 06:54:50 13rIxD-0002aC-00 ** [EMAIL PROTECTED]: unknown local-part "foo%bar.com" in domain "math-hat.com" 2000-11-02 06:54:50 13rIxG-0002aI-00 <= <> R=13rIxD-0002aC-00 U=mail P=local S=1120 2000-11-02 06:54:50 13rIxD-0002aC-00 Error message sent to [EMAIL PROTECTED] 2000-11-02 06:54:50 13rIxD-0002aC-00 Completed -itai
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > mail-abuse.org just test relaying...and postfix fails the test, but doesn't > > it fails? since when? or rather what are you defining as failure? in > my tests it refused to relay each and every attempt from them. The default (not only Debian, but also Postfix default) configuration accpets something like this: rcpt to: <[EMAIL PROTECTED]>, but throws it away later, because there is no local user nobody%mail-abuse.org But I might be wrong by now...my main.cf is very personalized for quite a long time now and I haven't tested the defaults lately. So, Postfix appears to be an open relay to the stupid mail-abuse.org test, because the test does not confirm the relay when it receives its message back, but right after it gives it away. > yes, those option then only protect local users from receiving crap, > but has nothing to do with relaying spam. > > so my question now is postfix a open relay by default or not? No. HTH, -- Borut [EMAIL PROTECTED] - Floppy now, hard later.
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 12:05:00PM +0100, Borut Mrak wrote: > > Hmm...wise decision ;-] indeed... > mail-abuse.org just test relaying...and postfix fails the test, but doesn't it fails? since when? or rather what are you defining as failure? in my tests it refused to relay each and every attempt from them. > relay anyway... In our case, the mail is not going to be relayed but > delivered localy. It's the responsibility of the admin to decide what > envelope From (and other stuff) he is going to accept. The default should > stay open. OK, yes thats what i thought those options did, restrict what mail postfix will accept to itself, not anything to do with actual relaying to elsewhere. > > can someone else running a production postfix server comment on this? > > Well...let's just say that if your DNS is flaky, this wouldn't be a good > option to add. The message will be rejected with a 4xx code, meaning the > sending host will try for a few days and then stop. > It catches some spam, though. yes, those option then only protect local users from receiving crap, but has nothing to do with relaying spam. so my question now is postfix a open relay by default or not? > IMO, if the volume of spam is of concern to an admin, he should read the > docs and fix it himself. yes. i am forwarding this back to the list. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp2qfkh5IjQe.pgp Description: PGP signature
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 01:58:52AM -0900, Ethan Benson wrote: > > MAIL FROM:<[EMAIL PROTECTED]> > > RCPT TO:<[EMAIL PROTECTED]> > > well i don't know anyone running postfix who i can ask to test this > with... im certainly not going to go try it without asking ! bad karma > ;-) Hmm...wise decision ;-] > but i really recall that kind of test being included in the > mail-abuse.org suite. unfortuantly im not running a mailserver > anymore. so i cannot really do much real testing.. my fake DNSless lan > would not be very accurate ;-) mail-abuse.org just test relaying...and postfix fails the test, but doesn't relay anyway... In our case, the mail is not going to be relayed but delivered localy. It's the responsibility of the admin to decide what envelope From (and other stuff) he is going to accept. The default should stay open. > can someone else running a production postfix server comment on this? Well...let's just say that if your DNS is flaky, this wouldn't be a good option to add. The message will be rejected with a 4xx code, meaning the sending host will try for a few days and then stop. It catches some spam, though. IMO, if the volume of spam is of concern to an admin, he should read the docs and fix it himself. bye, -- Borut [EMAIL PROTECTED] - Always remember you're unique, just like everyone else.
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 01:43:11AM -0900, Ethan Benson wrote: > > did you run a test to see if this was really the case? such as telnet > mail-abuse.org > I didn't find this test very accurate. Look this log : = $ telnet mail-abuse.org Trying 204.152.184.74... Connected to mail-abuse.org. Escape character is '^]'. <<< 220 xx.xx.xx ESMTP >>> HELO mail-abuse.org <<< 250-xx.xx.xx :Relay test: #Test 1 >>> mail from: <[EMAIL PROTECTED]> <<< 250-PIPELINING >>> rcpt to: <[EMAIL PROTECTED]> <<< 250 8BITMIME >>> QUIT <<< 250 ok Tested host banner: 220 xx.xx.xx ESMTP System appeared to accept 1 relay attempts = Do you see answers on MAIL FROM and RCPT TO ? I don't (because I have tried manually). 250 Lines that mail-abuse asumes as answers are in buffer from first command-HELO. Maybe it is not correct to send 3-line response but when you try same commands manualy, you will get totaly different story. Regards, Ivo.
Re: Postfix is spammer-friendly by default on potato and woody
Hi Ethan! On Thu, 02 Nov 2000, Ethan Benson wrote: > > If you do not set mynetworks postfix guesses it from the interfaces and allows > > all hosts on the classful subnets of those interfaces to relay through you. > > ah! i see didn't think of that one... so you need to specify > mynetworks with the correct subnet. Yes. yours, peter -- PGP encrypted messages preferred. http://www.palfrader.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 11:49:35AM +0100, Ingemar Fällman wrote: > Try this :) > > telnet some.other.host.running.postfix 25 > HELO my.hostname > MAIL FROM:<[EMAIL PROTECTED]> > RCPT TO:<[EMAIL PROTECTED]> > DATA > Testing testing > . > QUIT well i don't know anyone running postfix who i can ask to test this with... im certainly not going to go try it without asking ! bad karma ;-) but i really recall that kind of test being included in the mail-abuse.org suite. unfortuantly im not running a mailserver anymore. so i cannot really do much real testing.. my fake DNSless lan would not be very accurate ;-) can someone else running a production postfix server comment on this? -- Ethan Benson http://www.alaska.net/~erbenson/ pgpxL604fg4sj.pgp Description: PGP signature
Re: Postfix is spammer-friendly by default on potato and woody
Try this :) telnet some.other.host.running.postfix 25 HELO my.hostname MAIL FROM:<[EMAIL PROTECTED]> RCPT TO:<[EMAIL PROTECTED]> DATA Testing testing . QUIT Ethan Benson wrote: > > On Thu, Nov 02, 2000 at 10:42:38AM +0100, Ingemar Fällman wrote: > > Hi > > > > When i was looking trough my logs tody i found that my host had been > > used > > as a relay host... I changed from sendmail to postfix because everyone > > told > > me that postfix was more secure. > > > > When looking at the default configurationfiles installed by debian there > > was > > nothing that prevents unauthorized users to send mail to anyone. > > did you run a test to see if this was really the case? such as telnet > mail-abuse.org > > i have run such a test on a default potato postfix setup and it passed > all those tests, is there some other relay method that it does not > catch? > > > By adding this line to main.cf you can make sure that only your host can > > send mail to users outside your system: > > > > smtpd_sender_restrictions = check_relay_domains, > > from the smtpd man page: > >smtpd_sender_restrictions > Restrict what sender addresses are allowed in MAIL > FROM commands. > > it is true that postfix does not tend to care what you put in a FROM > but that does not mean it allows relay (just watch the mail-abuse.org > tests) > > what postfix does is check to see whether the TO address is local, and > if not it checks whether the connecting user is within the allowed > relay domain (which is by default only the domain of the mailhost) if > not it refuses the message. > > > reject_unknown_sender_domain > > didn't find this one.. (didnt search through all the man pages) > > > Is this someting that should be added by default?? I think so > > no MTA should ever be a open relay much less by default, but from my > testing postfix is not. are you sure your using the debian current > packages and not some old ones? there was an old broken version of > postfix way back when that was a open relay, it was a bug long ago > fixed. (its in the FAQ) > > but then i could be missing something, im tired ;-) > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ > > >Part 1.2Type: application/pgp-signature -- Ingemar Fällman Phone: +46(0)90 786 9335 UMDAC, Umeå University Fax: +46(0)90 786 6762 S-901 87 UMEÅ, SWEDENMailTo:[EMAIL PROTECTED] $_ = "I'n Jvtu bopuifs Pfsm ibdlfs,"; y/a-z/za-y/; print "$_\n";
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 10:42:38AM +0100, Ingemar Fällman wrote: > Hi > > When i was looking trough my logs tody i found that my host had been > used > as a relay host... I changed from sendmail to postfix because everyone > told > me that postfix was more secure. > > When looking at the default configurationfiles installed by debian there > was > nothing that prevents unauthorized users to send mail to anyone. did you run a test to see if this was really the case? such as telnet mail-abuse.org i have run such a test on a default potato postfix setup and it passed all those tests, is there some other relay method that it does not catch? > By adding this line to main.cf you can make sure that only your host can > send mail to users outside your system: > > smtpd_sender_restrictions = check_relay_domains, from the smtpd man page: smtpd_sender_restrictions Restrict what sender addresses are allowed in MAIL FROM commands. it is true that postfix does not tend to care what you put in a FROM but that does not mean it allows relay (just watch the mail-abuse.org tests) what postfix does is check to see whether the TO address is local, and if not it checks whether the connecting user is within the allowed relay domain (which is by default only the domain of the mailhost) if not it refuses the message. > reject_unknown_sender_domain didn't find this one.. (didnt search through all the man pages) > Is this someting that should be added by default?? I think so no MTA should ever be a open relay much less by default, but from my testing postfix is not. are you sure your using the debian current packages and not some old ones? there was an old broken version of postfix way back when that was a open relay, it was a bug long ago fixed. (its in the FAQ) but then i could be missing something, im tired ;-) -- Ethan Benson http://www.alaska.net/~erbenson/ pgpHP4efrsvcD.pgp Description: PGP signature
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 01:17:21PM +0100, Peter Palfrader wrote: > Hi! > > On Thu, 02 Nov 2000, Borut Mrak wrote: > > > On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > > so my question now is postfix a open relay by default or not? > > > > No. > > It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you > will be an open relay for the entire _class_A_ net 62. > > If you do not set mynetworks postfix guesses it from the interfaces and allows > all hosts on the classful subnets of those interfaces to relay through you. ah! i see didn't think of that one... so you need to specify mynetworks with the correct subnet. -- Ethan Benson http://www.alaska.net/~erbenson/ PGP signature
Re: Postfix is spammer-friendly by default on potato and woody
Hi! On Thu, 02 Nov 2000, Borut Mrak wrote: > On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > so my question now is postfix a open relay by default or not? > > No. It is. For a (not so) small set of hosts. Assuming your box is 62.1.2.3 you will be an open relay for the entire _class_A_ net 62. If you do not set mynetworks postfix guesses it from the interfaces and allows all hosts on the classful subnets of those interfaces to relay through you. Two bugs have been files against postfix (one normal[0] and one wishlist[2]) and one wishlist against postfix-tls wich was closed by the maintainer: On Mon, 09 Oct 2000, Craig Sanders wrote: | 2. sorry, if you have special and unusual needs you're going to have | to configure it yourself - you already know what you need to | do, it's in your proposed "solution". for most people, relaying for | their own network(s) is the correct thing to do. yours, peter 0. #72744: postfix: Bizarre relaying defaults http://bugs.debian.org/72744 1. #74288: postfix: please add mynetworks=127.0.0.1/8 to main.cf http://bugs.debian.org/74288 2. #74289: postfix: please add mynetworks=127.0.0.1/8 to main.cf http://bugs.debian.org/74289 -- PGP encrypted messages preferred. http://www.palfrader.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
> So, Postfix appears to be an open relay to the stupid mail-abuse.org > test, because the test does not confirm the relay when it receives its > message back, but right after it gives it away. This is also the case for Exim, I believe, with a standard configuration (percent_hack_domains commented out): $ telnet mail.math-hat.com 25 Trying 216.254.75.142... Connected to zukerman-1.dsl.speakeasy.net. Escape character is '^]'. 220 zukerman-1.dsl.speakeasy.net ESMTP Exim 3.12 #1 Thu, 02 Nov 2000 06:53:53 -0500 HELO foo 250 zukerman-1.dsl.speakeasy.net Hello foo [x.x.x.x] MAIL FROM: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct RCPT TO: <[EMAIL PROTECTED]> 250 <[EMAIL PROTECTED]> is syntactically correct DATA 354 Enter message, ending with "." on a line by itself testing... . 250 OK id=13rIxD-0002aC-00 quit >From /var/log/exim/mainlog: 2000-11-02 06:54:50 13rIxD-0002aC-00 <= [EMAIL PROTECTED] H=(localhost) [x.x.x.x] P=smtp S=308 2000-11-02 06:54:50 13rIxD-0002aC-00 ** [EMAIL PROTECTED]: unknown local-part "foo%bar.com" in domain "math-hat.com" 2000-11-02 06:54:50 13rIxG-0002aI-00 <= <> R=13rIxD-0002aC-00 U=mail P=local S=1120 2000-11-02 06:54:50 13rIxD-0002aC-00 Error message sent to [EMAIL PROTECTED] 2000-11-02 06:54:50 13rIxD-0002aC-00 Completed -itai -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Postfix is spammer-friendly by default on potato and woody
Hi When i was looking trough my logs tody i found that my host had been used as a relay host... I changed from sendmail to postfix because everyone told me that postfix was more secure. When looking at the default configurationfiles installed by debian there was nothing that prevents unauthorized users to send mail to anyone. By adding this line to main.cf you can make sure that only your host can send mail to users outside your system: smtpd_sender_restrictions = check_relay_domains, reject_unknown_sender_domain Is this someting that should be added by default?? I think so /I
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 02:24:36AM -0900, Ethan Benson wrote: > > mail-abuse.org just test relaying...and postfix fails the test, but doesn't > > it fails? since when? or rather what are you defining as failure? in > my tests it refused to relay each and every attempt from them. The default (not only Debian, but also Postfix default) configuration accpets something like this: rcpt to: , but throws it away later, because there is no local user nobody%mail-abuse.org But I might be wrong by now...my main.cf is very personalized for quite a long time now and I haven't tested the defaults lately. So, Postfix appears to be an open relay to the stupid mail-abuse.org test, because the test does not confirm the relay when it receives its message back, but right after it gives it away. > yes, those option then only protect local users from receiving crap, > but has nothing to do with relaying spam. > > so my question now is postfix a open relay by default or not? No. HTH, -- Borut [EMAIL PROTECTED] - Floppy now, hard later. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 12:05:00PM +0100, Borut Mrak wrote: > > Hmm...wise decision ;-] indeed... > mail-abuse.org just test relaying...and postfix fails the test, but doesn't it fails? since when? or rather what are you defining as failure? in my tests it refused to relay each and every attempt from them. > relay anyway... In our case, the mail is not going to be relayed but > delivered localy. It's the responsibility of the admin to decide what > envelope From (and other stuff) he is going to accept. The default should > stay open. OK, yes thats what i thought those options did, restrict what mail postfix will accept to itself, not anything to do with actual relaying to elsewhere. > > can someone else running a production postfix server comment on this? > > Well...let's just say that if your DNS is flaky, this wouldn't be a good > option to add. The message will be rejected with a 4xx code, meaning the > sending host will try for a few days and then stop. > It catches some spam, though. yes, those option then only protect local users from receiving crap, but has nothing to do with relaying spam. so my question now is postfix a open relay by default or not? > IMO, if the volume of spam is of concern to an admin, he should read the > docs and fix it himself. yes. i am forwarding this back to the list. -- Ethan Benson http://www.alaska.net/~erbenson/ PGP signature
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 01:58:52AM -0900, Ethan Benson wrote: > > MAIL FROM:<[EMAIL PROTECTED]> > > RCPT TO:<[EMAIL PROTECTED]> > > well i don't know anyone running postfix who i can ask to test this > with... im certainly not going to go try it without asking ! bad karma > ;-) Hmm...wise decision ;-] > but i really recall that kind of test being included in the > mail-abuse.org suite. unfortuantly im not running a mailserver > anymore. so i cannot really do much real testing.. my fake DNSless lan > would not be very accurate ;-) mail-abuse.org just test relaying...and postfix fails the test, but doesn't relay anyway... In our case, the mail is not going to be relayed but delivered localy. It's the responsibility of the admin to decide what envelope From (and other stuff) he is going to accept. The default should stay open. > can someone else running a production postfix server comment on this? Well...let's just say that if your DNS is flaky, this wouldn't be a good option to add. The message will be rejected with a 4xx code, meaning the sending host will try for a few days and then stop. It catches some spam, though. IMO, if the volume of spam is of concern to an admin, he should read the docs and fix it himself. bye, -- Borut [EMAIL PROTECTED] - Always remember you're unique, just like everyone else. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 01:43:11AM -0900, Ethan Benson wrote: > > did you run a test to see if this was really the case? such as telnet mail-abuse.org > I didn't find this test very accurate. Look this log : = $ telnet mail-abuse.org Trying 204.152.184.74... Connected to mail-abuse.org. Escape character is '^]'. <<< 220 xx.xx.xx ESMTP >>> HELO mail-abuse.org <<< 250-xx.xx.xx :Relay test: #Test 1 >>> mail from: <[EMAIL PROTECTED]> <<< 250-PIPELINING >>> rcpt to: <[EMAIL PROTECTED]> <<< 250 8BITMIME >>> QUIT <<< 250 ok Tested host banner: 220 xx.xx.xx ESMTP System appeared to accept 1 relay attempts = Do you see answers on MAIL FROM and RCPT TO ? I don't (because I have tried manually). 250 Lines that mail-abuse asumes as answers are in buffer from first command-HELO. Maybe it is not correct to send 3-line response but when you try same commands manualy, you will get totaly different story. Regards, Ivo. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 11:49:35AM +0100, Ingemar Fällman wrote: > Try this :) > > telnet some.other.host.running.postfix 25 > HELO my.hostname > MAIL FROM:<[EMAIL PROTECTED]> > RCPT TO:<[EMAIL PROTECTED]> > DATA > Testing testing > . > QUIT well i don't know anyone running postfix who i can ask to test this with... im certainly not going to go try it without asking ! bad karma ;-) but i really recall that kind of test being included in the mail-abuse.org suite. unfortuantly im not running a mailserver anymore. so i cannot really do much real testing.. my fake DNSless lan would not be very accurate ;-) can someone else running a production postfix server comment on this? -- Ethan Benson http://www.alaska.net/~erbenson/ PGP signature
Re: I want to try something for freedom.
Microsoft has never sued Tridge and co. over samba which would seem to be a closer analogy - A reverse engineered network protocol, as opposed to a cracked encryption algorithm. Mind you, I'm not a lawyer. (Mind you, I don't think anybody else who has contributed to date is either) > Yes, but it is in every aspect similar to what the person who wrote > the first letter in this thread wants to do or is advised to do, > namely to reverse-engineer the operation of a working system which is > developed only for win* and based on proprietary algorithms. That's > exactly the same what the person writing the DeCSS has done. Hence the > company creating the authentication software would probably sue the > person writing the first letter and could expect that the result would > be the same as the DeCSS lawsuit, and it is currently lost. If this > happens before the DeCSS lawsuit is finished in the Supreme Court, > then the result will be likely the same as the first stages of the > DeCSS lawsuit, meaning probably lost. > > This is only my two-pence of course, but I could not stand not to > point out the similarities between the two situation. > > Regards, > > Robert Varga > > > On Thu, 2 Nov 2000, Alexander Hvostov wrote: > > > Robert, > > > > Keep in mind that case is in appeal, and is quite likely to wind up > > in the Supreme Court. It is, in every way I can imagine, a > > Constitutional case, and has every reason to be heard by the Supreme > > Court. I hope the Supreme Court Justices agree... > > > > Regards, > > > > Alex. -- Paul Haesler[EMAIL PROTECTED] Quidquid latine dictum sit, altum viditur
Re: Postfix is spammer-friendly by default on potato and woody
Try this :) telnet some.other.host.running.postfix 25 HELO my.hostname MAIL FROM:<[EMAIL PROTECTED]> RCPT TO:<[EMAIL PROTECTED]> DATA Testing testing . QUIT Ethan Benson wrote: > > On Thu, Nov 02, 2000 at 10:42:38AM +0100, Ingemar Fällman wrote: > > Hi > > > > When i was looking trough my logs tody i found that my host had been > > used > > as a relay host... I changed from sendmail to postfix because everyone > > told > > me that postfix was more secure. > > > > When looking at the default configurationfiles installed by debian there > > was > > nothing that prevents unauthorized users to send mail to anyone. > > did you run a test to see if this was really the case? such as telnet mail-abuse.org > > i have run such a test on a default potato postfix setup and it passed > all those tests, is there some other relay method that it does not > catch? > > > By adding this line to main.cf you can make sure that only your host can > > send mail to users outside your system: > > > > smtpd_sender_restrictions = check_relay_domains, > > from the smtpd man page: > >smtpd_sender_restrictions > Restrict what sender addresses are allowed in MAIL > FROM commands. > > it is true that postfix does not tend to care what you put in a FROM > but that does not mean it allows relay (just watch the mail-abuse.org > tests) > > what postfix does is check to see whether the TO address is local, and > if not it checks whether the connecting user is within the allowed > relay domain (which is by default only the domain of the mailhost) if > not it refuses the message. > > > reject_unknown_sender_domain > > didn't find this one.. (didnt search through all the man pages) > > > Is this someting that should be added by default?? I think so > > no MTA should ever be a open relay much less by default, but from my > testing postfix is not. are you sure your using the debian current > packages and not some old ones? there was an old broken version of > postfix way back when that was a open relay, it was a bug long ago > fixed. (its in the FAQ) > > but then i could be missing something, im tired ;-) > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ > > >Part 1.2Type: application/pgp-signature -- Ingemar Fällman Phone: +46(0)90 786 9335 UMDAC, Umeå University Fax: +46(0)90 786 6762 S-901 87 UMEÅ, SWEDENMailTo:[EMAIL PROTECTED] $_ = "I'n Jvtu bopuifs Pfsm ibdlfs,"; y/a-z/za-y/; print "$_\n"; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix is spammer-friendly by default on potato and woody
On Thu, Nov 02, 2000 at 10:42:38AM +0100, Ingemar Fällman wrote: > Hi > > When i was looking trough my logs tody i found that my host had been > used > as a relay host... I changed from sendmail to postfix because everyone > told > me that postfix was more secure. > > When looking at the default configurationfiles installed by debian there > was > nothing that prevents unauthorized users to send mail to anyone. did you run a test to see if this was really the case? such as telnet mail-abuse.org i have run such a test on a default potato postfix setup and it passed all those tests, is there some other relay method that it does not catch? > By adding this line to main.cf you can make sure that only your host can > send mail to users outside your system: > > smtpd_sender_restrictions = check_relay_domains, from the smtpd man page: smtpd_sender_restrictions Restrict what sender addresses are allowed in MAIL FROM commands. it is true that postfix does not tend to care what you put in a FROM but that does not mean it allows relay (just watch the mail-abuse.org tests) what postfix does is check to see whether the TO address is local, and if not it checks whether the connecting user is within the allowed relay domain (which is by default only the domain of the mailhost) if not it refuses the message. > reject_unknown_sender_domain didn't find this one.. (didnt search through all the man pages) > Is this someting that should be added by default?? I think so no MTA should ever be a open relay much less by default, but from my testing postfix is not. are you sure your using the debian current packages and not some old ones? there was an old broken version of postfix way back when that was a open relay, it was a bug long ago fixed. (its in the FAQ) but then i could be missing something, im tired ;-) -- Ethan Benson http://www.alaska.net/~erbenson/ PGP signature
Re: I want to try something for freedom.
Yes, but it is in every aspect similar to what the person who wrote the first letter in this thread wants to do or is advised to do, namely to reverse-engineer the operation of a working system which is developed only for win* and based on proprietary algorithms. That's exactly the same what the person writing the DeCSS has done. Hence the company creating the authentication software would probably sue the person writing the first letter and could expect that the result would be the same as the DeCSS lawsuit, and it is currently lost. If this happens before the DeCSS lawsuit is finished in the Supreme Court, then the result will be likely the same as the first stages of the DeCSS lawsuit, meaning probably lost. This is only my two-pence of course, but I could not stand not to point out the similarities between the two situation. Regards, Robert Varga On Thu, 2 Nov 2000, Alexander Hvostov wrote: > Robert, > > Keep in mind that case is in appeal, and is quite likely to wind up in the > Supreme Court. It is, in every way I can imagine, a Constitutional case, > and has every reason to be heard by the Supreme Court. I hope the Supreme > Court Justices agree... > > Regards, > > Alex. > > --- > PGP/GPG Fingerprint: > EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9 > > -BEGIN GEEK CODE BLOCK- > Version: 3.12 > GCS/CM>CC/IT d- s:+ a16 C++()>$ UL>$ P--- L++>++$ E+ W+(-) N+ o? K? > w---() > !O !M !V PS+(++)>+ PE-(--) Y+>+ PGP t+>++ !5 X-- R>++ tv(+) b+(++) DI(+) D++ > G>+++ e--> h! !r y>+++ > --END GEEK CODE BLOCK-- > > On Thu, 2 Nov 2000, Robert Varga wrote: > > > > > > > On Wed, 1 Nov 2000, Patrick Maheral wrote: > > > > > On Wed, 1 Nov 2000, Alexander Hvostov wrote: > > > > Penguin, > > > > > > > > Because the patents and IP on your radio expired a long time ago. The > > > > ones > > > > on the algorithms haven't. :) > > > > > > > > Regards, > > > > > > Isn't there a provision in American (or Canadian) law that allows reverse > > > engineering (not disassembling code) for interoperability purposes? > > > > > > Patrick > > > > In the DeCSS (2600.org vs. MPAA) lawsuit this law did not protect the > > author of DeCSS and 2600.org from losing the suit, no matter that they > > tried to defend referring on this law. > > > > Regards, > > > > Robert Varga > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > >
Re: I want to try something for freedom.
Robert, Keep in mind that case is in appeal, and is quite likely to wind up in the Supreme Court. It is, in every way I can imagine, a Constitutional case, and has every reason to be heard by the Supreme Court. I hope the Supreme Court Justices agree... Regards, Alex. --- PGP/GPG Fingerprint: EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9 -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS/CM>CC/IT d- s:+ a16 C++()>$ UL>$ P--- L++>++$ E+ W+(-) N+ o? K? w---() !O !M !V PS+(++)>+ PE-(--) Y+>+ PGP t+>++ !5 X-- R>++ tv(+) b+(++) DI(+) D++ G>+++ e--> h! !r y>+++ --END GEEK CODE BLOCK-- On Thu, 2 Nov 2000, Robert Varga wrote: > > > On Wed, 1 Nov 2000, Patrick Maheral wrote: > > > On Wed, 1 Nov 2000, Alexander Hvostov wrote: > > > Penguin, > > > > > > Because the patents and IP on your radio expired a long time ago. The ones > > > on the algorithms haven't. :) > > > > > > Regards, > > > > Isn't there a provision in American (or Canadian) law that allows reverse > > engineering (not disassembling code) for interoperability purposes? > > > > Patrick > > In the DeCSS (2600.org vs. MPAA) lawsuit this law did not protect the > author of DeCSS and 2600.org from losing the suit, no matter that they > tried to defend referring on this law. > > Regards, > > Robert Varga > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: I want to try something for freedom.
On Wed, 1 Nov 2000, Patrick Maheral wrote: > On Wed, 1 Nov 2000, Alexander Hvostov wrote: > > Penguin, > > > > Because the patents and IP on your radio expired a long time ago. The ones > > on the algorithms haven't. :) > > > > Regards, > > Isn't there a provision in American (or Canadian) law that allows reverse > engineering (not disassembling code) for interoperability purposes? > > Patrick In the DeCSS (2600.org vs. MPAA) lawsuit this law did not protect the author of DeCSS and 2600.org from losing the suit, no matter that they tried to defend referring on this law. Regards, Robert Varga
Postfix is spammer-friendly by default on potato and woody
Hi When i was looking trough my logs tody i found that my host had been used as a relay host... I changed from sendmail to postfix because everyone told me that postfix was more secure. When looking at the default configurationfiles installed by debian there was nothing that prevents unauthorized users to send mail to anyone. By adding this line to main.cf you can make sure that only your host can send mail to users outside your system: smtpd_sender_restrictions = check_relay_domains, reject_unknown_sender_domain Is this someting that should be added by default?? I think so /I -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I want to try something for freedom.
Microsoft has never sued Tridge and co. over samba which would seem to be a closer analogy - A reverse engineered network protocol, as opposed to a cracked encryption algorithm. Mind you, I'm not a lawyer. (Mind you, I don't think anybody else who has contributed to date is either) > Yes, but it is in every aspect similar to what the person who wrote > the first letter in this thread wants to do or is advised to do, > namely to reverse-engineer the operation of a working system which is > developed only for win* and based on proprietary algorithms. That's > exactly the same what the person writing the DeCSS has done. Hence the > company creating the authentication software would probably sue the > person writing the first letter and could expect that the result would > be the same as the DeCSS lawsuit, and it is currently lost. If this > happens before the DeCSS lawsuit is finished in the Supreme Court, > then the result will be likely the same as the first stages of the > DeCSS lawsuit, meaning probably lost. > > This is only my two-pence of course, but I could not stand not to > point out the similarities between the two situation. > > Regards, > > Robert Varga > > > On Thu, 2 Nov 2000, Alexander Hvostov wrote: > > > Robert, > > > > Keep in mind that case is in appeal, and is quite likely to wind up > > in the Supreme Court. It is, in every way I can imagine, a > > Constitutional case, and has every reason to be heard by the Supreme > > Court. I hope the Supreme Court Justices agree... > > > > Regards, > > > > Alex. -- Paul Haesler[EMAIL PROTECTED] Quidquid latine dictum sit, altum viditur -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I want to try something for freedom.
Yes, but it is in every aspect similar to what the person who wrote the first letter in this thread wants to do or is advised to do, namely to reverse-engineer the operation of a working system which is developed only for win* and based on proprietary algorithms. That's exactly the same what the person writing the DeCSS has done. Hence the company creating the authentication software would probably sue the person writing the first letter and could expect that the result would be the same as the DeCSS lawsuit, and it is currently lost. If this happens before the DeCSS lawsuit is finished in the Supreme Court, then the result will be likely the same as the first stages of the DeCSS lawsuit, meaning probably lost. This is only my two-pence of course, but I could not stand not to point out the similarities between the two situation. Regards, Robert Varga On Thu, 2 Nov 2000, Alexander Hvostov wrote: > Robert, > > Keep in mind that case is in appeal, and is quite likely to wind up in the > Supreme Court. It is, in every way I can imagine, a Constitutional case, > and has every reason to be heard by the Supreme Court. I hope the Supreme > Court Justices agree... > > Regards, > > Alex. > > --- > PGP/GPG Fingerprint: > EFD1 AC6C 7ED5 E453 C367 AC7A B474 16E0 758D 7ED9 > > -BEGIN GEEK CODE BLOCK- > Version: 3.12 > GCS/CM>CC/IT d- s:+ a16 C++()>$ UL>$ P--- L++>++$ E+ W+(-) N+ o? K? w---() > !O !M !V PS+(++)>+ PE-(--) Y+>+ PGP t+>++ !5 X-- R>++ tv(+) b+(++) DI(+) D++ > G>+++ e--> h! !r y>+++ > --END GEEK CODE BLOCK-- > > On Thu, 2 Nov 2000, Robert Varga wrote: > > > > > > > On Wed, 1 Nov 2000, Patrick Maheral wrote: > > > > > On Wed, 1 Nov 2000, Alexander Hvostov wrote: > > > > Penguin, > > > > > > > > Because the patents and IP on your radio expired a long time ago. The ones > > > > on the algorithms haven't. :) > > > > > > > > Regards, > > > > > > Isn't there a provision in American (or Canadian) law that allows reverse > > > engineering (not disassembling code) for interoperability purposes? > > > > > > Patrick > > > > In the DeCSS (2600.org vs. MPAA) lawsuit this law did not protect the > > author of DeCSS and 2600.org from losing the suit, no matter that they > > tried to defend referring on this law. > > > > Regards, > > > > Robert Varga > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
