Re: TLS1.0 and 1.1 with Cyrus (Debian Buster)
Hi, It's probably due to new defaults in libssl. Try adding: MinProtocol = None CipherString = DEFAULT To: /etc/ssl/openssl.cnf Regards, Alberto On Fri, May 08, 2020 at 09:07:31PM +0200, Roman Medina-Heigl Hernandez wrote: > Hi, > > I upgraded from Jessie to Buster (thru Stretch) and noticed that Cyrus > (imaps & pop3s) stopped negotiating TLS 1.0 and 1.1 protocols (I know > they're not recommended but I need them for older clients). I tried > several combinations of tls_ciphers and tls_versions in /etc/imapd.conf > (even very permisive combinations) with no success. > > Any idea what's happening? > > I'm not sure whether it's really a Cyrus issue or some other kind of > hardening feature in Buster. In that last regard, I also modified > /etc/ssl/openssl and set MinProtocol = TLSv1.0 (just in case), although > I think this setting is only for client programs like Curl. But seeing > that config I tend to think that Buster may have other tweaks against > older protocols like TLSv1.{0,1} and one of them may be impacting my setup. > > Cheers, > > -r > -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Re: ModSecurity Debian 8
On Mon, Mar 20, 2017 at 07:52:56PM +0100, lann...@runbox.com wrote: > Hi, > I have spent about 2 days trying to understand how to setup mod-security on > my web server. > > I choose to rely on packages in the official repo, so if possible I will > not compile packages. > > Is correct to say that I can't have mod-security in nginx? > Is mod-security only available in apache2? > > Then I'm looking for some instruction about installing. There are a lot of > outdated material and is difficult to learn the right stuff. > > > Here is what I have typed: > > > apt-get install libcurl3-gnutls liblua5.1-0 libxml2 > apt-get install libapache2-mod-security2 > apt-get install modsecuriy-crs > sudo mv /etc/modsecurity/modsecurity.conf-recommended > /etc/modsecurity/modsecurity.conf > sudo nano /etc/modsecurity/modsecurity.conf > > > I have turned on the option SecRuleEngine > > git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git > > > Now... my questions are: > > 1) Where I have to put the rules > 2) Which other config files I have to edit > 3) How I enable modsecurity on my website > 4) Do you have sample config file to share? > Hi there, Debian's modsecurity packages will only work with Apache. In order to get modsecurity to work with nginx you'll have to re-compile nginx and modsecurity. This may help you: https://www.howtoforge.com/tutorial/install-nginx-with-mod_security-on-ubuntu-15-04/ Regards, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Re: OpenVPN DDoS Fix
On Mon, Dec 01, 2014 at 04:17:50PM +, Denny Bortfeldt wrote: > Hello everyone! > > Is anyone in touch with the new openvpn update 2.6.3 and know when it will be > released in debian repo? > Read more at https://forums.openvpn.net/topic17625.html > The update in on the works. Since the test certs used to test the package build expired last week (...), new certs have to be generated, which makes the upgrade a bit more messy. Regards, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141201163203.ga2...@bin.inittab.org
Re: about bash and Debian Lenny
On Wed, Oct 01, 2014 at 02:28:17PM +0300, Nikolay Hristov wrote: > Hello there, > > I know that this is outdated debian release and it is in the archives but I > still have 6 servers running Lenny and I don't want to upgrade them to newer > versions for several reasons. > Any chance that we will get official debian package for Lenny? I'm sure that > I'm not the only one with such problem. I don't want to use deb packages > from different sources because I cannot trust them. > > Shellshock has such big impact on the internet so please give us Lenny > package. Not "official", but from know source: http://ftp.linux.it/pub/People/md/bash/ -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141001113619.gl31...@bin.inittab.org
Re: integrity checks and inodes
On Sat, Jan 22, 2011 at 12:38:37PM +0100, Hannes von Haugwitz wrote: > On Fri, Jan 21, 2011 at 06:13:07PM +0100, Pascal Weller wrote: > > Background is that I move vserver from host to host with rsync and don't > > like to get a report that all the inodes have changed. > > At least with aide you can specify attributes which shall be ignored > from the final report (see ignore_list in aide.conf(5)). So can you with tripwire, and probably any other integrity checker. Otherwise they would be quite useless (warning you about any normal file activity). -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110122165408.ga7...@lib.inittab.org
Re: Mod-security status in Lenny / New bug...
On Fri, Mar 20, 2009 at 09:21:20AM +0100, Roman Medina-Heigl Hernandez wrote: > Hello, > > Have you seen this? > http://seclists.org/bugtraq/2009/Mar/0187.html Hiya, > I'm wondering: > 1) Is Alberto going to release updated (no official) packages? > (http://etc.inittab.org/~agi/debian/libapache-mod-security2) Yes, probably next week. > 2) When will mod-security be re-incorporated to Debian? ETA? I think It is now. > license issues were solved but it didn't get in time before Lenny freeze. > Perhaps in next update for Lenny? (which will be aprox. on... ?) I don't think so. Lenny won't have official Debian packages apart from those on my site. Cheers, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: mod_security (was: Apache "DDOS" with random number request)
On Mon, Sep 22, 2008 at 08:16:01AM +0200, Stefan Fritsch wrote: > On Monday 22 September 2008, Felipe Figueiredo wrote: > > > Try modsecurity, it should block invalid URI > > > > Speaking of which, shouldn't it be re-included in Debian now that > > the licensing issue[1] is supposed to be over[2]? > > There is already an ITP bug, but I don't know the current status. > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487431 > > Coming soon (tm) -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Find installed contrib and non-free packages
On Thu, Jun 12, 2008 at 11:02:29AM +0200, Martin Bartenberger wrote: > Hi, > > just a few days ago I've read at > http://www.debian.org/security/faq.en.html#contrib that contrib and > non-free packages are not supported by the Debian security team. > > Now I want to find out which contrib and non-free packages are installed > on my servers. Is there any special command or script for this or do I > have to write one? > > Looking forward to your ideas and Greetings from Vienna, Hi Martin, You may want to install vrms. Description: virtual Richard M. Stallman The vrms program will analyze the set of currently-installed packages on a Debian-based system, and report all of the packages from the non-free and contrib trees which are currently installed. Regards, Alberto -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 20, 2008 at 04:48:43PM +0200, Christoph Martin wrote: > Hi Alberto, > > Alberto Gonzalez Iniesta schrieb: > > On Mon, May 19, 2008 at 01:13:46PM +0200, Christoph Martin wrote: > >> The Ubuntu openssl maintainers released a openssl-blacklist equivalent > >> to the openssh-blacklist package. It includes a blacklist with > >> compromised openssl key hashes and a program with a openssl-vulnkey > >> program suitable to test your openssl key files. > >> > >> I think it would be a good think to coordinate the work between debian > >> and ubuntu and to incorporate this package into debian main. > > > > The coordination has already started and the package will be in Debian > > soon. > > I am somewhat irritated. Who is building the package and who is > coordinating with whom? I am on the > [EMAIL PROTECTED] list (and one of the > Maintainers of Debian openssl) and did not get any message about this. > > So please coordinate with the Debian openssl maintainers. The package is being build by its original author (Jamie) and everything got started when the OpenVPN maintainer (me) decided to add secret/key file validation like the one on the Ubuntu package. Since those validations required open(ssl|vpn)-blacklist packages, I contacted with Jamie and Kees from Ubuntu and Debian's Security Team. -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Plans to deploy openssl-blacklist in Debian? (was: Re: ssh-vulnkey and authorized_keys)
On Thu, May 15, 2008 at 09:31:25PM -0300, Felipe Augusto van de Wiel (faw) wrote: > On 15-05-2008 20:43, Chris Adams wrote: > > > > On May 15, 2008, at 6:25 PM, Alex Samad wrote: > >> is there away to check x509 certs with these tools ? > > > > Yes - the wiki has one (http://wiki.debian.org/SSLkeys) but you might > > prefer the openssl-blacklist package which Ubuntu prepared: > > > > https://launchpad.net/ubuntu/+source/openssl-blacklist/ > > > > It runs out of the box on Debian and if you edit debian/control to > > change the openssl dependency from the Ubuntu version > > (0.9.8g-4ubuntu3.1) to the Debian version (0.9.8c-4etch3) you can > > dpkg-buildpackage it and deploy it to multiple systems. I used it like > > this to flush out Apache keys: > > > > sudo find /etc/ -xdev -type f -name \*.key -exec openssl-vulnkey {} \; > > Speaking about that, are there plans to deploy > openssl-blacklist in Debian as an official package? Yes, I'll do that as part of the changes required in OpenVPN due to the OpenSSL bug. Coming shortly. -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: password managers
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote: > Hello! > > andrew lattis <[EMAIL PROTECTED]> schrieb: > > what does everyone else use to keep track of all there passwords? > > Following an article of Martin Joey Schulze in a german magazine i send > a mail with the password encryted for myself to me and use it via mutt. > I used gringotts, that someone mentioned. Some of the applications I run use kwallet, that seems similar to what Russell Cooker described for OS X. But I use vim (+gpg, that is). Which is a solution similar to the one Stephan talks about, but without having to mail yourself every password. I took it from somewhere I can't remember so credit goes to whoever wrote it. What this does is: - If the file extension is .gpg or .asc, call gpg --decrypt to get the real contents - Edit the file - Call gpg --encrypt before writing to disk. So you keep everything encrypted with your GPG key. >From my .vimrc: - cut augroup encrypted au! " First make sure nothing is written to ~/.viminfo while editing " an encrypted file. autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo= " We don't want a swap file, as it writes unencrypted data to disk. autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile " Switch to binary mode to read the encrypted file. autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg,*.asc let ch_save = &ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg,*.asc \ '[,']!sh -c 'gpg --decrypt 2> /dev/null' " Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg,*.asc let &ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg,*.asc \ execute ":doautocmd BufReadPost " . expand("%:r") " Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg \ '[,']!sh -c 'gpg --default-recipient-self -e 2>/dev/null' autocmd BufWritePre,FileWritePre*.gpg set bin autocmd BufWritePre,FileWritePre*.asc \ '[,']!sh -c 'gpg --default-recipient-self -e -a 2>/dev/null' " Undo the encryption so we are back in the normal text, directly " after the file has been written. autocmd BufWritePost,FileWritePost *.gpg,*.asc u autocmd BufWritePost,FileWritePost *.gpg set nobin augroup END --- cut -- Alberto Gonzalez Iniesta | BOFH excuse #399: agi@(agi.as|debian.org)| We are a 100% Microsoft Shop. Encrypted mail preferred | Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
Re: password managers
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote: > Hello! > > andrew lattis <[EMAIL PROTECTED]> schrieb: > > what does everyone else use to keep track of all there passwords? > > Following an article of Martin Joey Schulze in a german magazine i send > a mail with the password encryted for myself to me and use it via mutt. > I used gringotts, that someone mentioned. Some of the applications I run use kwallet, that seems similar to what Russell Cooker described for OS X. But I use vim (+gpg, that is). Which is a solution similar to the one Stephan talks about, but without having to mail yourself every password. I took it from somewhere I can't remember so credit goes to whoever wrote it. What this does is: - If the file extension is .gpg or .asc, call gpg --decrypt to get the real contents - Edit the file - Call gpg --encrypt before writing to disk. So you keep everything encrypted with your GPG key. >From my .vimrc: - cut augroup encrypted au! " First make sure nothing is written to ~/.viminfo while editing " an encrypted file. autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo= " We don't want a swap file, as it writes unencrypted data to disk. autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile " Switch to binary mode to read the encrypted file. autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg,*.asc let ch_save = &ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg,*.asc \ '[,']!sh -c 'gpg --decrypt 2> /dev/null' " Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg,*.asc let &ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg,*.asc \ execute ":doautocmd BufReadPost " . expand("%:r") " Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg \ '[,']!sh -c 'gpg --default-recipient-self -e 2>/dev/null' autocmd BufWritePre,FileWritePre*.gpg set bin autocmd BufWritePre,FileWritePre*.asc \ '[,']!sh -c 'gpg --default-recipient-self -e -a 2>/dev/null' " Undo the encryption so we are back in the normal text, directly " after the file has been written. autocmd BufWritePost,FileWritePost *.gpg,*.asc u autocmd BufWritePost,FileWritePost *.gpg set nobin augroup END --- cut -- Alberto Gonzalez Iniesta | BOFH excuse #399: agi@(agi.as|debian.org)| We are a 100% Microsoft Shop. Encrypted mail preferred | Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: restricting process limit
On Wed, Apr 28, 2004 at 11:00:11AM -0400, Dan Christensen wrote: > George Georgalis <[EMAIL PROTECTED]> writes: > > > SA seems the only real choice for an OSS spam filter > > I've heard really good things about crm114: > > http://crm114.sourceforge.net/ > > It's faster than spamassassin and more accurate than spamassassin or > the author. Licensed under the GPL. It only does Bayesian learning > (no hard coded rules like SA), but it ends up doing better than SA > after moderate training. I use it at home. It's way better that spamassassin, but requires some training. What I don't really know is how effective it'll be on technical mailing lists (which receive mails with dumps, kernel confs, and other 'strange' content that may appear like anything but a 'normal' mail). -- Alberto Gonzalez Iniesta | BOFH excuse #93: agi@(agi.as|debian.org)| Feature not yet implemented Encrypted mail preferred | Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
Re: restricting process limit
On Wed, Apr 28, 2004 at 11:00:11AM -0400, Dan Christensen wrote: > George Georgalis <[EMAIL PROTECTED]> writes: > > > SA seems the only real choice for an OSS spam filter > > I've heard really good things about crm114: > > http://crm114.sourceforge.net/ > > It's faster than spamassassin and more accurate than spamassassin or > the author. Licensed under the GPL. It only does Bayesian learning > (no hard coded rules like SA), but it ends up doing better than SA > after moderate training. I use it at home. It's way better that spamassassin, but requires some training. What I don't really know is how effective it'll be on technical mailing lists (which receive mails with dumps, kernel confs, and other 'strange' content that may appear like anything but a 'normal' mail). -- Alberto Gonzalez Iniesta | BOFH excuse #93: agi@(agi.as|debian.org)| Feature not yet implemented Encrypted mail preferred | Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mailserver HDD organization
On Sun, Nov 25, 2001 at 11:04:45PM +0100, [EMAIL PROTECTED] wrote: > > please use qmail, its really the securest MTA you can get. > please use postfix, since it's as secure as qmail and has a better license -- Alberto Gonzalez Iniesta | They that give up essential liberty [EMAIL PROTECTED] | to obtain a little temporary safety Encrypted mail preferred | deserve neither liberty nor safety. Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
Re: Mailserver HDD organization
On Sun, Nov 25, 2001 at 11:04:45PM +0100, [EMAIL PROTECTED] wrote: > > please use qmail, its really the securest MTA you can get. > please use postfix, since it's as secure as qmail and has a better license -- Alberto Gonzalez Iniesta | They that give up essential liberty [EMAIL PROTECTED] | to obtain a little temporary safety Encrypted mail preferred | deserve neither liberty nor safety. Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: your mail
On Sat, Sep 15, 2001 at 12:51:26PM -0400, Russell Speed wrote: > Should I remove /bin/sh for something less obvious as a general > protection from buffer overflows? > Most shell scripts running on your server call #!/bin/sh, so removing it will get you in lots of trouble ;-) Just try: $ grep "\/bin\/sh" /etc/init.d/* If your software is up-to-date buffer overflows shouldn't be a problem. If you're running Potato, make sure you've this line in /etc/apt/sources.list: deb http://security.debian.org stable/updates main contrib non-free And keep it updated & upgraded Also, if you think your machine was compromised, check for backdoors, modified binaries, etc... Changing passwords may not be enough -- Alberto Gonzalez Iniesta [EMAIL PROTECTED] Give Me Liberty or Give Me Death (Patrick Henry)
Re: your mail
On Sat, Sep 15, 2001 at 12:51:26PM -0400, Russell Speed wrote: > Should I remove /bin/sh for something less obvious as a general > protection from buffer overflows? > Most shell scripts running on your server call #!/bin/sh, so removing it will get you in lots of trouble ;-) Just try: $ grep "\/bin\/sh" /etc/init.d/* If your software is up-to-date buffer overflows shouldn't be a problem. If you're running Potato, make sure you've this line in /etc/apt/sources.list: deb http://security.debian.org stable/updates main contrib non-free And keep it updated & upgraded Also, if you think your machine was compromised, check for backdoors, modified binaries, etc... Changing passwords may not be enough -- Alberto Gonzalez Iniesta [EMAIL PROTECTED] Give Me Liberty or Give Me Death (Patrick Henry) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Virtual Networking between Debian and Microsoft Windows systems
I'll go for IPSec too (freeswan), but maybe PPTP is easier to configure. Have a look at: pptp-linux - PPTP Microsoft Compatible Tunneling Protocol pptpd - PoPToP Point to Point Tunneling Server Client and server for PPTP VPNs. Regards, Alberto -- Alberto Gonzalez Iniesta [EMAIL PROTECTED] Give Me Liberty or Give Me Death (Patrick Henry)
Re: Virtual Networking between Debian and Microsoft Windows systems
I'll go for IPSec too (freeswan), but maybe PPTP is easier to configure. Have a look at: pptp-linux - PPTP Microsoft Compatible Tunneling Protocol pptpd - PoPToP Point to Point Tunneling Server Client and server for PPTP VPNs. Regards, Alberto -- Alberto Gonzalez Iniesta [EMAIL PROTECTED] Give Me Liberty or Give Me Death (Patrick Henry) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]