Spamassassin (was Re: off topic: quoting (was Re: html spam))
> On Fri, 10 May 2002 08:53:29 -0700, Christian G Warden > <[EMAIL PROTECTED]> was runoured to have said: > On Fri, May 10, 2002 at 01:04:40PM +0300, Jussi Ekholm wrote: >> Christian G. Warden <[EMAIL PROTECTED]> wrote: >> >> (Could you please post your reply *below* the quoted text? Top-posting >> is quite irritating, IMHO) >> >> > i just want to add a warning about spamassassin. i had it setup for >> > about a week and it was very good at catching spam, but occasionally it >> > would drive the cpu load into the 20s. >> >> Yes, I can say this, as well. My computer swapped twice (so much, that I >> had to hit MSysRq and boot) because of SA started to investigate pretty >> big binary mails. Although, "fixing" the problem is pretty easy; just >> add 'required_hits = x' in ~/.spamassassin/user_prefs, where 'x' is >> maybe 5 or something else. This makes SA to stop processing mails >> further than hits you just specified. > i tend to prefer top-posting except when responding point by point > between paragraphs. admittedly, it's lazy and encourages excessive > quoting, but this just feels awkward. i'll try it out for a few days. > maybe it'll grow on me. > thanks for the required_hits tip. next time i try SA, i'll read through > the docs more thoroughly. You can also run SA in a "client-server" mode. Basically your procmail recipe uses spamc to connect to a spamd daemon that does the checking. There's a discussion in the SA docs on why this more efficient; it solved the high system load problem for me... > xn Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Spamassassin (was Re: off topic: quoting (was Re: html spam))
> On Fri, 10 May 2002 08:53:29 -0700, Christian G Warden > <[EMAIL PROTECTED]> was runoured to have said: > On Fri, May 10, 2002 at 01:04:40PM +0300, Jussi Ekholm wrote: >> Christian G. Warden <[EMAIL PROTECTED]> wrote: >> >> (Could you please post your reply *below* the quoted text? Top-posting >> is quite irritating, IMHO) >> >> > i just want to add a warning about spamassassin. i had it setup for >> > about a week and it was very good at catching spam, but occasionally it >> > would drive the cpu load into the 20s. >> >> Yes, I can say this, as well. My computer swapped twice (so much, that I >> had to hit MSysRq and boot) because of SA started to investigate pretty >> big binary mails. Although, "fixing" the problem is pretty easy; just >> add 'required_hits = x' in ~/.spamassassin/user_prefs, where 'x' is >> maybe 5 or something else. This makes SA to stop processing mails >> further than hits you just specified. > i tend to prefer top-posting except when responding point by point > between paragraphs. admittedly, it's lazy and encourages excessive > quoting, but this just feels awkward. i'll try it out for a few days. > maybe it'll grow on me. > thanks for the required_hits tip. next time i try SA, i'll read through > the docs more thoroughly. You can also run SA in a "client-server" mode. Basically your procmail recipe uses spamc to connect to a spamd daemon that does the checking. There's a discussion in the SA docs on why this more efficient; it solved the high system load problem for me... > xn Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
> On Mon, 01 Apr 2002 10:35:35 -0500, Jon McCain > <[EMAIL PROTECTED]> was runoured to have said: > All of this has gotten me to thinking about another flaw in the way I > have things set up. I'm preventing users from getting to a $ by running > a menu from their profile. > exec /usr/bin/menu > This works fine since the exec causes menu to become their shell > process. > But some smart user could get around this by using pscp to upload their > own .bash_profile. Even if I fix it so I have them chroot'd on their > home would not prevent this since this file is in their home. Their shell will already be chrooted by the time .bash_profile is run, so I don't see the problem here... Unless you don't want to give them a shell at all, for some reason? > But changing permissions on the .bash_profile so they don't own it (and > not in their group) should take care of that problem. They can read it > all they want, just not change it. But they can remove and replace it with something else, since they own the parent dir. You'd have to turn on the sticky bit of their home dir and take away the ownership, e.g. ownership root. and permissions 1770. This way they get a nice EPERM if they try to mess with anything they don't own in their home directory. Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: scp and sftp
> On Mon, 01 Apr 2002 10:35:35 -0500, Jon McCain > <[EMAIL PROTECTED]> was runoured to have said: > All of this has gotten me to thinking about another flaw in the way I > have things set up. I'm preventing users from getting to a $ by running > a menu from their profile. > exec /usr/bin/menu > This works fine since the exec causes menu to become their shell > process. > But some smart user could get around this by using pscp to upload their > own .bash_profile. Even if I fix it so I have them chroot'd on their > home would not prevent this since this file is in their home. Their shell will already be chrooted by the time .bash_profile is run, so I don't see the problem here... Unless you don't want to give them a shell at all, for some reason? > But changing permissions on the .bash_profile so they don't own it (and > not in their group) should take care of that problem. They can read it > all they want, just not change it. But they can remove and replace it with something else, since they own the parent dir. You'd have to turn on the sticky bit of their home dir and take away the ownership, e.g. ownership root. and permissions 1770. This way they get a nice EPERM if they try to mess with anything they don't own in their home directory. Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: (A little OT) Introduction to cryptography
> On Fri, 23 Mar 2001 13:50:54 +0100, Philippe Seidel > <[EMAIL PROTECTED]> was runoured to have said: > Hi all, > As you are the only security-related list I'm subscribed to and > cryptography has something to do with security, I'm directing this > question to this list. > I want to inform myself about the internal workings of some simple > cryptographic algorithm. Now, there's the problem that when I look on > the internet I either get introductions to some cryptosystems > (PGP/X.509) or mathematic describtions that go beyond my mathematic > knowledge (especially as I'm German and know these mathematical terms > only in German). So I wanted to ask if anyone of you knows an > easy-to-understand and yet complete explanation of a cryptographic > algorithm. Hi, there were a couple of similar thread on linux-crypto some time ago, archived here: http://mail.nl.linux.org/linux-crypto/ Have a look at the December 2001 archives, threads like the "crypto basics" and "question about ciphers" should have some useful meta-info... HTH. > I already thought of looking into the libssl-sources, but I don't think > I will understand them either without knowing about the algorithms. > Thanks for your help in advance, > Philippe Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: (A little OT) Introduction to cryptography
> On Fri, 23 Mar 2001 13:50:54 +0100, Philippe Seidel > <[EMAIL PROTECTED]> was runoured to have said: > Hi all, > As you are the only security-related list I'm subscribed to and > cryptography has something to do with security, I'm directing this > question to this list. > I want to inform myself about the internal workings of some simple > cryptographic algorithm. Now, there's the problem that when I look on > the internet I either get introductions to some cryptosystems > (PGP/X.509) or mathematic describtions that go beyond my mathematic > knowledge (especially as I'm German and know these mathematical terms > only in German). So I wanted to ask if anyone of you knows an > easy-to-understand and yet complete explanation of a cryptographic > algorithm. Hi, there were a couple of similar thread on linux-crypto some time ago, archived here: http://mail.nl.linux.org/linux-crypto/ Have a look at the December 2001 archives, threads like the "crypto basics" and "question about ciphers" should have some useful meta-info... HTH. > I already thought of looking into the libssl-sources, but I don't think > I will understand them either without knowing about the algorithms. > Thanks for your help in advance, > Philippe Rgds, /-sb. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Say, wheres 2.2.20?
>>>>> On Fri, 8 Mar 2002 08:43:31 + (GMT), Martin Orr >>>>> <[EMAIL PROTECTED]> was runoured to have said: [snip snip] > Personally, I compile and install kernels by hand (i.e. make > menuconfig; make bzImage; make install) What's the advantage of using > make-kpkg? I use stable/2.2.20 on my servers and testing/2.4 or 2.5 on > development boxes. I used to do the same. Well, for one, make-kpkg is less error-prone (who has never forgotten to run lilo after installing a new image? :) It will even make a backup lilo entry for the previous kernel. But the biggest plus for me is that ``make-kpkg modules_image'' will build debs for _all_ kernel modules that have been installed from *-source packages (e.g. alsa, lm-sensors). That makes kernel upgrades a simple matter of make oldconfig; make-kpkg clean && make --revision=custom.1.0 kernel_image && make-kpkg modules_image && dpkg -i ../. Oh, and it can apply patches too (although not port them to newer kernel versions ;) > -- > Martin Orr "Cogitavi ergo fui." > Linux Administrator, > Methodist College Belfast > The opinions expressed in this e-mail are mine personally, and should not > be interpreted as representing those of the College or the CCC unless > explicitly stated otherwise. Rgds, /-sb -- Stelios Bounanos <[EMAIL PROTECTED]> /*\ ..750 years later: \ / ASCII Ribbon Campaign The Ultimate Answer is 42. X No HTML in mail or news! (next mail will give the Question) / \
Re: Say, wheres 2.2.20?
>>>>> On Fri, 8 Mar 2002 08:43:31 + (GMT), Martin Orr >>>>> <[EMAIL PROTECTED]> was runoured to have said: [snip snip] > Personally, I compile and install kernels by hand (i.e. make > menuconfig; make bzImage; make install) What's the advantage of using > make-kpkg? I use stable/2.2.20 on my servers and testing/2.4 or 2.5 on > development boxes. I used to do the same. Well, for one, make-kpkg is less error-prone (who has never forgotten to run lilo after installing a new image? :) It will even make a backup lilo entry for the previous kernel. But the biggest plus for me is that ``make-kpkg modules_image'' will build debs for _all_ kernel modules that have been installed from *-source packages (e.g. alsa, lm-sensors). That makes kernel upgrades a simple matter of make oldconfig; make-kpkg clean && make --revision=custom.1.0 kernel_image && make-kpkg modules_image && dpkg -i ../. Oh, and it can apply patches too (although not port them to newer kernel versions ;) > -- > Martin Orr "Cogitavi ergo fui." > Linux Administrator, > Methodist College Belfast > The opinions expressed in this e-mail are mine personally, and should not > be interpreted as representing those of the College or the CCC unless > explicitly stated otherwise. Rgds, /-sb -- Stelios Bounanos <[EMAIL PROTECTED]> /*\ ..750 years later: \ / ASCII Ribbon Campaign The Ultimate Answer is 42. X No HTML in mail or news! (next mail will give the Question) / \ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
