Per User Anti-spam Quarantine Reporting/Management

[Tanstaafl]

Ok, a question about anti-spam software...

My new server will be a multi-domain MX gateway/anti-spam system running
postfix with postscreen enabled, and Amavisd-New+SpamAssassin (unless
someone has a better suggestion).

Since it has been a looong time - are there any better options for an
anti-spam solution than just amavisd-new+spamassassin?

I'm specifically interested in adding some kind of per user anti-spam
quarantine+management+reporting capabilities (as opposed to just
tag+deliver), if possible.

Searching online reveals Maia Mailguard, but it seems to be not well
maintained - most importantly, it apparently doesn't work with modern
versions of PHP.

Also, I saw a reference to something called 'SAQ', a 'SpamAssassin
Quarantine system', but it seems to have gone bye bye.

One option is ASSP, which I experimented with a very, very long time
ago, but I never implemented it because I really, really don't want one
big perl script as my primary front line gateway defense.

I may see if I can set up ASSP to just be an after the fact spam filter
rather than the gateway, if the per user Reporting/Quarantine management
will still work properly.

Thanks for any suggestions anyone might have...

-- 

Charles

Re: LTS versions - confusion

[Tanstaafl]

On 9/15/2021 6:45 AM, Brian wrote
> I was also rather hoping Tanstaafl would contribute a few words on how
> the unstable model contrasts with Gentoo's rolling release model.

Well, it's been many years, but basically, you could select what
'branch' you were on using keywords (stable, testing, etc), and could
override at the package level if desired.

It worked really well, and was mostly problem free. Of course there were
a few major changes that caused a bit of pain, but the situations were
well documented, and as long as you were careful, very rarely did
anything actually ever break.

The most pain would happen to those who didn't keep things updated
regularly. I'm probably going to do a clean install of both, and play
around a bit before deciding...

Although, for Debian you've already convinced me not to use SID, and
just go with stable.

Thanks to all who responded!

Re: LTS versions - confusion

[Tanstaafl]

On 9/13/2021 11:02 AM, Brian wrote
> On Mon 13 Sep 2021 at 10:18:54 -0400, Tanstaafl wrote:
>
>> Hello,
>>
>> So, I'm considering Debian for a new homebrew MX gateway I want to set
>> up, but it depends...
>>
>> I'm a former Gentoo user, and really appreciated the rolling release
>> aspect, since it meant no huge jumps between LTS releases with other
>> distros.
> About the closest in Debian to this concept is the unstable
> distribution (sid).

Hmmm... ok, so, I could run sid 'forever', as long as I keep it updated
regularly?

Anyone do this for important (maybe not 'mission critical') servers?

LTS versions - confusion

[Tanstaafl]

Hello,

So, I'm considering Debian for a new homebrew MX gateway I want to set
up, but it depends...

I'm a former Gentoo user, and really appreciated the rolling release
aspect, since it meant no huge jumps between LTS releases with other
distros.

So... what is the current LTS version and when is its EOL, and when will
the next one be released, and what will be its EOL?

Thanks,

-- 

Charles

Re: I support the founder of FreeSoftware

[Tanstaafl]

On 9/20/2019, 10:02:19 AM, Paul Sutton  wrote:
> Donald trump promised to bring jobs back to the US, cut regulation.  He
> has done that,  if people judge him on his performance alone he has done
> pretty much what he said he would.  Not many politicians can boast
> that,.  The problem is it is HOW he is done this and, the cost to the
> environment,

What cost to the environment? It is cleaner now than it ever has been
and getting cleaner as we speak.

> international relations, how the US is viewed in the world, trade etc.

All in much better shape now. We are no longer seen as weak pathetic
imbeciles. He has opened the door to finally putting an end to the
Korean War and bringing peace and prosperity to the North Korean people.
We have a leader who did away with the job killing NAFTA and
renegotiated a much better USMCA (if the dems in congress would get off
their duffs and out it to a vote, it would pass handily with bi-partisan
support), the would-be job killing TPP and Paris Agreements (the Paris
accords benefited China and Europe to our detriment), and is soon to win
again with a new trade deal with China.

> The constant trade wars with China may look big at the political
> level, but I think it is the farmers and consumers who get hit
> hardest.
Temporary, not constant - and yes, a hit, maybe (though that is in
doubt, other markets are opening up) - but they understand that it is
temporary, and in the long run will be much much better for them (no
pain no gain) and for the most part are OK with it.

He is the first president in my memory that has actually made every
effort to fulfill all of his campaign promises - and done so in the face
of the most vile, despicable, never ending and highly illegal attacks on
him and his presidency.

As I said, he will go down in history as one of the greatest presidents
in the last 100 years, maybe more.

Re: I support the founder of FreeSoftware

[Tanstaafl]

On 9/20/2019, 9:48:28 AM, Stefan Monnier  wrote:
>> Donald Trump will go down in history as the greatest President in the
>> last 100 years, maybe more.
> 
> I guess I could live with that, but only if he goes down quickly.

Nice try, epic fail...

Re: I support the founder of FreeSoftware

[Tanstaafl]

On 9/19/2019, 12:05:39 PM, Fred  wrote:
> On 9/19/19 8:40 AM, Default User wrote:
>> We have descended into the new Dark Ages where intellectual discourse, 
>> freedom of speech, and even freedom of thought will not be tolerated.
>>
>> The witch hunts are back.

> Do we have our lying idiot, bag of crap, fake President to thank for 
> making that much worse?

Actually, this situation can be laid plainly at the feet of the lying
idiot, bag of crap fake news Mainstream Media, for spreading lies dis
and mis-information about our duly elected and beloved President, Donald
John Trump.

Donald Trump will go down in history as the greatest President in the
last 100 years, maybe more.

Re: pastebinit

[Tanstaafl]

On Wed Dec 27 2017 13:39:29 GMT-0500 (Eastern Standard Time), Gokan
Atmaca  wrote:
> Hello
> 
> I want to use the "pastebinit" service on the local network. Just for
> my own team. Is there such an application?

Maybe not exactly what you are looking for, but DL-Ticket is excellent:

https://www.thregr.org/~wavexx/software/dl/

Re: odd load patterns - SOLVED

[Tanstaafl]

On 9/14/2016 10:14 AM, Miles Fidelman  wrote:
> Well, I found out where all that load was coming from.
> 
> Looks like a recent Thunderbird update reset its config to "keep all 
> messages for this account on this computer" - for all accounts

The first time this fiasco happened - the update happened that enabled
GLODA for all accounts and reset all individual offline folder settings
for all accounts - was sometime around the TB 3 - 3.1 update. This was
the one time I seriously looked for an alternative to TB, it made me so
furious, as I have many (15+) IMAP accounts, most with a LOT of email
AND a lot of folders, and with very specific OFFLINE settings for
certain folders.

If the devs cause this to happen again, I will be even more furious than
I was then, even if it is an accident.

So, hopefully you are wrong, or it is some obscure bug (maybe triggered
by a misbehaved Addon) that will not hit me (or most users).

> Given that I'm the admin for some servers, and a bunch of email lists, I 
> keep filtered spam and viruses for analysis, and I keep email going back 
> about 30 years  that kind of causes a lot of synchronization traffic 
> - to the point of really bogging down our imap daemon.
> 
> Consider this a friendly warning for those of you who use Thunderbird & 
> IMAP!

Re: Mailing-list configuration

[Tanstaafl]

On 6/16/2016 7:45 AM,  <<to...@tuxteam.de> wrote:
> On Thu, Jun 16, 2016 at 07:26:37AM -0400, Tanstaafl wrote:
>> On 6/15/2016 4:23 PM, Rodary Jacques <roda...@free.fr> wrote:
>>> Mozilla isn't free

>> What a ridiculous claim this has always been by debianites...

> This is an unnecessary slur. Were it not for Hanlon's razor[1], I'd even
> qualify it as malicious.

Really? Whatever... to claim Mozilla was 'not free' based solely on the
one little issue with the trademarked logo was just plain silly.

Call it a minor issue, call it whatever you will, but to take the
extremist position that it made Mozilla 'not free' was ridiculous, and
this position was only amplified by debian zealots.

>> But, the fact is, Debian and Mozilla have buried the hatchet, so even
>> Debian officially recognizes Mozilla as free.
> 
> perhaps that's what you want to imply with "burying the hatchet".

No implication necessary, it is what Debian officially recognizes, and
speaks for itself.

Re: Mailing-list configuration

[Tanstaafl]

My last reply to the spammer aka 'Nicolas George'...

On 6/16/2016 5:28 AM, Nicolas George  wrote:
> With that in mind, you realize that the reply-to-list feature is bad UI
> design:

No, but I did take a minute to test and discovered my MUA of choice
(Thunderbird) does have a bug with respect to it's 'Smart Reply' button
(aka your 'one button to rule them all') that I have now filed - so at
least my interaction with a spammer was not time totally wasted.

Rather than wasting so much bandwidth trying to justify your laziness,
why didn't you just go file a bug for your chosen MUA like I did?

'Smart Reply' should honor explicit 'Reply-To' over 'Reply List':
https://bugzilla.mozilla.org/show_bug.cgi?id=1280424

Maybe you should do the same for Mutt rather than continue violating the
debian list CoC (and spamming debian list users)?

Re: Mailing-list configuration

[Tanstaafl]

On 6/15/2016 4:23 PM, Rodary Jacques  wrote:
> Not using any MUA, just a browser (Opera, which is BTW in the official
> Debian list: https://wiki.debian.org/WebBrowsers, non-free but I don't
> know why as it is a Mozilla clone; Mozilla isn't free

What a ridiculous claim this has always been by debianites...

But, the fact is, Debian and Mozilla have buried the hatchet, so even
Debian officially recognizes Mozilla as free.

Re: Mailing-list configuration

[Tanstaafl]

On 6/13/2016 12:36 PM, Nicolas George  wrote:
> Let me try to re-state it one more time another way:
> 
> A is annoyed by unwanted CCs and wants to make it stop.
> 
> Solution 1: ask every people who reply to A, i.e. people who do not care
> about the unwanted CCs, to make a (moderate) effort without getting any
> benefit for themselves.
> 
> Solution 2: A makes the moderate punctual effort to configure the MUA to set
> the header correctly and directly reaps the benefits.
> 
> Stated like that, it is pretty much a no-brainer.

Except for one little detail...

The list guidelines that govern this very list state very clearly that
you are to engage solution 1.

Re: Mailing-list configuration

[Tanstaafl]

On 6/13/2016 11:42 AM, John Hasler  wrote:
> "Reply to List" needs to be enabled in the mailing list software.

Not precisely right - mailing list software only needs to add the
appropriate list headers defined by the relevant RFCs.

This list does (and so Reply-To-List works as it should).

> Thus those who want it need to take the issue up with the list
> masters.

For lists that do not add the headers, correct.

> In the meantime, it's a feature this list does not have.
> Pretending that it does won't work.

Eh? Been using it since I can remember on this list, works perfectly
fine for me.

> Some MUAs can be configured to it themselves on a case by case basis.

Based on the headers.

Apparently I misunderstood you above.

What you appear to be talking about is called 'Reply-To-Munging', and is
very much frowned upon by most technically inclined.

Reply-To-List is a MUA feature that simply requires the appropriate list
headers be present in the email.

> Perhaps Mr. George should consider using one of them.

Agreed...

Re: Mailing-list configuration

[Tanstaafl]

On 6/13/2016 11:12 AM, Nicolas George <geo...@nsup.org> wrote:
> Le sextidi 26 prairial, an CCXXIV, Tanstaafl a écrit :
>> This is why Reply-To-List is the way to reply when engaged in a mailing
>> list.
>>
>> If your client doesn't have this, then maybe it is time to consider
>> changing.

> I am not sure what you are aiming at. If "Reply-To-List" is supposed to be a
> message header, as the typography, then you can observe that it is not
> present in most of the mails on this mailing-list.
> 
> If you are referring to a MUA command, then first let me remind you that MUA
> commands are not standardized,

Actually, this one pretty much is - it bases its action (or lack) on the
existence of the standard mail list headers. Very few mail lists do not
have these headers (Yahoo lists are one exception).

> The point is that a procedure that requires a moment of
> thought for each single mail "I am replying to a mailing-list or a simple
> group discussion" is not acceptable. If that is what you are suggesting,
> then consider that I accidentally got it wrong.

Yes, you did, you spammed me too on this response.

If you refuse to engage a few neurons and act in accordance to the list
rules of etiquette, then you will likely be plonked by at least some
list participants, if not a lot.

Re: Mailing-list configuration

[Tanstaafl]

On 6/13/2016 5:57 AM, Nicolas George  wrote:
> Nobody can be expected to remember the personal preferences of each
> mailing-list member,

This is why Reply-To-List is the way to reply when engaged in a mailing
list.

If your client doesn't have this, then maybe it is time to consider
changing.

Re: how to remove libsystemd0 from a live-running debian desktop system

[Tanstaafl]

Honest question...

What exactly is libsystemd0?

Maybe a simple solution would be to just rename it to something less
'offensive' to some, like:

libinit - or libinit0

?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54e37b94.2080...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/22/2014 10:10 AM, Andrei POPESCU andreimpope...@gmail.com wrote:
 On Lu, 10 nov 14, 18:20:37, Tanstaafl wrote:
 On 11/10/2014 6:18 PM, Michael Biebl bi...@debian.org wrote:
 Am 11.11.2014 um 00:14 schrieb Miles Fidelman:

 Ok, then explain to me the procedure for running the installer in such a
 way that systemd is never installed, thus avoiding any potential
 problems that might result from later uninstallation all the
 dependencies that systemd brings in with it.

 Please be specific. What problems of of dependencies are you talking about?

 Objection: relevancy.

 Overruled :p

Exception.

 You made a claim that installing systemd would pull in other packages 
 vie dependencies, that are later difficult to remove.

Incorrect. I never made that claim. Methinks you have me confused with
Miles.

Al I ever claimed was that the one - 'installing systemd, then removing
and installing sysvinit' - was absolutely not and never could be
considered the *equivalent* of doing a *clean install with sysvinit*,
where systemd is never installed in the first place.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54721803.7070...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/23/2014 12:43 PM, Lisi Reisz lisi.re...@gmail.com wrote:
 On Sunday 23 November 2014 17:23:15 Tanstaafl wrote:
 'installing systemd, then removing
 and installing sysvinit' - was absolutely not and never could be
 considered the *equivalent* 
 of doing a *clean install with sysvinit*, 
 where systemd is never installed in the first place.
 
 The equivalent, yes.  Identical, probably no.

sigh

Ignorance reigns supreme.

Lisi - they are purely and simply *not* equivalents, and never can be.

They can result in the same set of files being installed - but that does
not and never will be 'euiqvalent'.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5472272b.2030...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/23/2014 2:09 PM, Brian a...@cityscape.co.uk wrote:
 It would be nice if you regarded the word functionally as an essential
 qualification of equivalent or identical and not dismiss it.

What would be nice is if you (and others) would stop claiming that
'installing systemd, then installing sysvinit-core, then uninstalling
systemd', is *the same* as performing a clean install with sysvinit as
the init system.

I honestly don't care if they are functionally equivalent or not, as it
is beside the point.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54723245.2010...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/10/2014 6:18 PM, Michael Biebl bi...@debian.org wrote:
 Am 11.11.2014 um 00:14 schrieb Miles Fidelman:
 
 Ok, then explain to me the procedure for running the installer in such a
 way that systemd is never installed, thus avoiding any potential
 problems that might result from later uninstallation all the
 dependencies that systemd brings in with it.

 Please be specific. What problems of of dependencies are you talking about?

Objection: relevancy.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54614845.4030...@libertytrek.org

Re: Valuing non-code contributions -- was Re: systemd - so much energy wasted in quarreling

[Tanstaafl]

On 11/17/2014 6:10 AM, Chris Bannister cbannis...@slingshot.co.nz wrote:
 Excuse me, but some people think anatomy jokes are distasteful.

Some people think sex should only be for procreation...

PC police get sooo tiring...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5469dcdb.2090...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 11/16/2014 6:40 AM, Klistvud klist...@gmail.com wrote:
 As a further example, the former udev (prior to being merged into
 systemd) has already been forked and could/will serve us well for
 years to come. And so on.

Is eudev in the debian sources?

Or do you mean another fork?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546903b1.7060...@libertytrek.org

Re: engineering management practices and systemd (Re: Installing an Alternative Init?)

[Tanstaafl]

On 11/15/2014 7:20 AM, Andrei POPESCU andreimpope...@gmail.com wrote:
 On Vi, 14 nov 14, 08:55:47, Tanstaafl wrote:
 On 11/14/2014 5:26 AM, Andrei POPESCU andreimpope...@gmail.com wrote:
 It was claimed that sysvinit was the default *and only* (emphasis not 
 mine) init, and therefore no selection was needed, but now that there 
 are several a selection suddenly is needed.

 I don't recall claiming that sysvinit was the *only* init, nor do I
 recall anyone else making such a claim.
 
 https://lists.debian.org/debian-user/2014/11/msg00814.html
 Maybe a language issue? (I'm not a native speaker).

Nope, that was me and I actually did say it... weird that I didn't
remember saying that... but it doesn't really change anything...

Just because other init systems exist doesn't mean they were actually
being used, other than maybe just someone toying around.

Are you seriously suggesting that anything other than a tiny and
insignificant fraction were using anything other than sysvinit (until
systemd came along at least)?

 For fresh installs, given that there is a suitable[1] workaround

sigh

how many times does it  have to be said - that is not a workaround for a
CLEAN INSTALL.

 For dist-upgrades, even assuming systems will be switched automatically 
 (which is still undecided):
 
 - one can prevent switching by installing sysvinit-core before the 
   dist-upgrade step
 - the sysvinit package contains the binary /lib/sysvinit/init which can 
   be used with the init= kernel parameter
 - there is a grub patch[3] pending integration[4] to offer an 
   alternative sysvinit boot option

Yes, and how long after upgrading to jessie staying with sysvinit until
things start breaking (most likely subtle breakage, which is the least
desirable on a server).

 [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757298
 [4] https://lists.debian.org/debian-ctte/2014/10/msg00057.html 
 
 The transition plan[5] has been posted on -devel since July with no 
 objections.

Maybe because most debian *users* don't follow the dev list because they
aren't devs...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5467bafc.9030...@libertytrek.org

Re: engineering management practices and systemd (Re: Installing an Alternative Init?)

[Tanstaafl]

On 11/14/2014 5:26 AM, Andrei POPESCU andreimpope...@gmail.com wrote:
 It was claimed that sysvinit was the default *and only* (emphasis not 
 mine) init, and therefore no selection was needed, but now that there 
 are several a selection suddenly is needed.

I don't recall claiming that sysvinit was the *only* init, nor do I
recall anyone else making such a claim.

I merely pointed out that it was the *default* for many, many years
(actual time unknown and googling didn't easily reveal it).

 I was just pointing out that alternatives were indeed available, for 
 quite some time,

Yes, but obviously no one was switching often enough for any bugs to
allow for easy switching to be opened/scratched.

My very simple point is and has been that, *because* the *default* init
system for debian has been sysvinit since anyone can apparently
remember, the very act of even *suggesting* that it be switched in
jessie to not only a *different*, but a (relatively) *very new* one,
should have invoked a very simple requirement - for which the
responsibility for implementation and maintenance would be on those
calling for the switch - to provide a means for easily switching back
and forth so that everyone else could easily test things, and
ultimately, after the release of jessie with the new default, provide a
means to easily choose the previous default installer at both update
*and* install time, and maintain such at *least* during the life of the
jessie (if not jessie+1).

 it's just that maintainers and users of alternate inits did not yell
 at the sysvinit maintainers to implement the choice for them.

And I would argue that the number of people who did switch was probably
miniscule, with respect to the entire debian user base.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546609e3.6000...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/12/2014 5:18 PM, Andrei POPESCU andreimpope...@gmail.com wrote:
 On Mi, 12 nov 14, 15:43:09, Tanstaafl wrote:

 Sounds good to me, but in reality, since the default *and only* init
 system for the last very many years was Sysvinit (this extremely salient
 point seems to be completely and totally lost on the systemd
 proponents), I think only systemd and sysvinit need to be there... but
 allowing for additions once required bugs implementing them are resolved
 as fixed.
 
 You're forgetting about:

It doesn't matter Andrei...

1. The *default* is what we are discussing.

The *default* for Debian has been sysvinit since - forever?

2. The systemd proponents pushed to make systemd the *new* default - a
massively major change from *all* previous releases since... forever?

3. A bug was opened to allow for the ability to allow a clean install to
be performed with systemd on wheezy, while sysvinit was still the default.

It should have been made mandatory that the systemd folks get this bug
fully resolved and functional *on wheezy*, *and* commit to maintaining
this ability in jessie, as a pre-condition to even getting the question
of a change of the default init system for jessi on the ballot.

Anything else, as I said, makes no sense.

It is *the systemd proponents* that wanted this change, so it should be
*on them* to do the work. Period.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5464ba82.2020...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 11/13/2014 10:53 AM, Lisi Reisz lisi.re...@gmail.com wrote:
 On Saturday 08 November 2014 15:31:02 Jonathan de Boyne Pollard wrote:
 Andrei Popescu:
 Quote from above, with added  emphasis:
   Upstart was the only *real* contender to systemd *at the time* of
   the evaluation for the Technical Committee, [...]

 Yes, that's exactly where you were dismissive.  It ill behove you, and
 you were wrong.
 
 No, the final vote was between upstart and systemd.

Yes, apparently because someone actively sabotaged any possibility of
OpenRC being considered by giving improper bad information on how to use
it...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5464dc49.20...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 11/13/2014 3:42 PM, Andrei POPESCU andreimpope...@gmail.com wrote:
 On Jo, 13 nov 14, 11:28:57, Tanstaafl wrote:

 Yes, apparently because someone actively sabotaged any possibility of
 OpenRC being considered by giving improper bad information on how to use
 it...
 
 OpenRC was represented by its Maintainer in the init debate (Thomas 
 Goirand). Are you saying he intentionally sabotaged it to not be 
 considered?

I'm not, but that seemed to be what someone else said - although when I
asked for clarification, none was forthcoming:

On 10/24/2014 7:07 AM, Tanstaafl tansta...@libertytrek.org wrote: On
10/24/2014 4:49 AM, Jonathan de Boyne Pollard
 j.deboynepollard-newsgro...@ntlworld.com wrote:
 Tanstaafl:
 And why was OpenRC not a  contender?

 Your question takes a falsehood as its premise. It actually was, 
 contrary to what M. Popescu dismissively stated. Several members of
 the technical committee took it and tried to use it themselves,
 just as they did the other systems; and it was included on the
 formal ballots and in the votes.

 I actually do remember reading a fleeting mention of it somewhere in
 the vast sea of stuff I read when trying to catch up on this issue...

 Contrastingly, the people who were propounding OpenRC at the
 time provided a good example of how NOT to go about doing so.  Their
 several mistakes are worth learning from.

 Not sure I understand what you are saying here...

 Are you saying that some of the people who suggested OpenRC actually
 provided BAD examples - meaning, examples that were destined to result
 in problems - of how to use it in Debian? If so, maybe that was on
 purpose, to decrease the chances of OpenRC being a real contender?

 The fact is, OpenRC has been the default init system on gentoo since I
 don't know when, and I have *never* had an init problem on any of my
 gentoo systems - although I admittedly never use unstable/testing for
 system-critical packages either...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54652207.7050...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/11/2014 3:33 PM, Miles Fidelman mfidel...@meetinghouse.net wrote:
 Actually, there's a patch (thank you Kenshi).  It has not been applied.  
 Hence, to use it right now, one has to build a custom version of the 
 installer.  I hope, that post the initial Jessie release, the deboostrap 
 and installer maintainers will apply the patch.

Since the bug is so old (dates back to wheezy), and a patch exists and
still hasn't been applied, I think it is likely that they simply don't
*want* to fix this bug, since that would negatively impact the desire to
get as many people using systemd as possible, so they can be counted in
the stats of 'satisfied systemd users', even if many/most don't even
*know* they're running a different init system.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5463403f.2010...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/11/2014 2:16 PM, Brian a...@cityscape.co.uk wrote:
 New users do not need to be be aware of all the background to the
 choosing of a default init. No advertisement is needed. By definition,
 they do not care. They want Debian. Please let them have it.

Wow... what arrogance...

That is tantamount to treating the debian userbase as lost little
children who need to have all of the important decisions made for them.

 What choice have they lost? Whatever it was, it didn't exist as you imply
 in Wheezy.

Ahem... it didn't exist because it didn't *need* to exist, because
debian hasn't changed its default init system since... when?

Interesting... googling, I couldn't even find out when debian first
started using sysvinit, so I guess it has been for a very long time.

In my opinion, the systemd proponents should have been required to fix
the bug allowing users to easily select the init system at install time
*in wheezy* - *and* commit to keeping it working in jessie - as a
pre-condition of even getting the question of switching to it as the
default for jessie *on the ballot*.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5463443c.3040...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/12/2014 9:02 AM, Laurent Bigonville bi...@debian.org wrote:
 So like Michael said, Jessie will indeed be the first
 version that allows you to have an alternate init without modifying the
 kernel cmdline.

Which is precisely *why* the systemd proponents should have been
required to fix that bug and get the ability to switch to a different
init system *in wheezy*, along with a reasonable amount of time to flesh
out any corner-case bugs, long before consideration would be given to
switching to systemd as the default init system in jessie.

Meaning - the approval to switch was *incredibly* premature.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54636a9c.7030...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/12/2014 10:13 AM, Didier 'OdyX' Raboud o...@debian.org wrote:
 Le mercredi, 12 novembre 2014, 09.11:40 Tanstaafl a écrit :
 Which is precisely *why* (people) should have been required to fix
 that bug (…)
 
 This is simply not how Debian works.

If Debian works in such a way that the Tech Committee can *dictate* a
major change to what is agreed upon by most as a critical piece of the
operating system (in this case the init system) - especially one that
has gone unchanged for as long as anyone can remember - then I submit to
you that indeed they *can* require that as a part of such a change,
certain minimal requirements be met.

Anything else just makes no sense.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54637dc0.1090...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/12/2014 10:40 AM, Didier 'OdyX' Raboud o...@debian.org wrote:
 I can't insist enough on this: the Debian procedures have been correctly 
 followed; the TC took a decision which could be challenged by a simple 
 majority GR [0]. This GR has never been called by anyone with voting 
 rights, or hasn't gathered enough seconds to get to a vote. The TC 
 decision stays in force as a decision to have systemd as default init 
 system for jessie.

Which sounds like it could be things like this in the Debian
Constitution that Joey had problems with...

Yes, the procedures may have been correctly followed... but apparently
it took something as major as forcing a major change (init system) to
reveal the flaws in the procedures.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54638835.5090...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/12/2014 3:10 PM, Brian a...@cityscape.co.uk wrote:
 On Wed 12 Nov 2014 at 06:27:56 -0500, Tanstaafl wrote:
 
 On 11/11/2014 2:16 PM, Brian a...@cityscape.co.uk wrote:
 New users do not need to be be aware of all the background to the
 choosing of a default init. No advertisement is needed. By definition,
 they do not care. They want Debian. Please let them have it.

 Wow... what arrogance...
 
 Sorry to shock you. A cup of tea works wonders in such situations.

Not shocked, not at all - which is sad, really.

 That is tantamount to treating the debian userbase as lost little
 children who need to have all of the important decisions made for them.

 Sounds like, doesn't it?

Yep... thanks for admitting you're an arrogant... 'member'... lol

 Let's be practical and see how how a screen in d-i could present an
 init system choice to a user, particularly having a new user in mind.
 
 Here is my first suggestion:
 
You are about to install an init system. Please choose
 
   1. Systemd
   2. Sysvinit
   3. Upstart
   4. A. N. Other
 
   1, 2, 3, 4?
 
 Feel free to criticise and improve on it.

Sounds good to me, but in reality, since the default *and only* init
system for the last very many years was Sysvinit (this extremely salient
point seems to be completely and totally lost on the systemd
proponents), I think only systemd and sysvinit need to be there... but
allowing for additions once required bugs implementing them are resolved
as fixed.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5463c65d.8060...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/10/2014 6:18 PM, Michael Biebl bi...@debian.org wrote:
 Am 11.11.2014 um 00:14 schrieb Miles Fidelman:
 Ok, then explain to me the procedure for running the installer in such a
 way that systemd is never installed, thus avoiding any potential
 problems that might result from later uninstallation all the
 dependencies that systemd brings in with it.

 Please be specific. What problems of of dependencies are you talking about?

Please stop bring up irrelevant questions and address the question being
asked.

This does require you to at least understand and acknowledge the
difference between a *clean* install, and installing something one way,
then having to uninstall a primary piece and replace it with something else.

The two are not the same, and no amount of you trying to act as if they
are will change the fact that they are not.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54620439.50...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/10/2014 6:32 PM, Michael Biebl bi...@debian.org wrote:
 Am 11.11.2014 um 00:23 schrieb Patrick Bartek:
 Optional?  Yes.  A lot (most) of systemd is optional.  (So, I've read.)
 But isn't a lot of that optional stuff installed by default?

 It is, yes. We decided to not split up a 10M package into 20something
 binary packages with complicated inter package dependencies for
 basically no gain.

You mean like how you split dovecot into 19 different packages?

Sorry, couldn't resist. That is one of the first things that really
threw me. Coming from gentoo, where there is generally only one package,
but differently USE (compile) options... I understand the argument, but
I prefer gentoo's way (which obviously won't work for binary distros
like debian)...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54620650.30...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/10/2014 6:23 PM, Patrick Bartek nemomm...@gmail.com wrote:
 On Mon, 10 Nov 2014, Michael Biebl wrote:
 systemd-networkd is an entirely optional component, you don't have to
 use it.
 systemd-udevd is also an individual component, which btw is also used
 under sysvinit (or upstart). You don't get really without a device
 manager nowadays.

 Optional?  Yes.  A lot (most) of systemd is optional.  (So, I've read.)
 But isn't a lot of that optional stuff installed by default?

But more importantly... how long before all that 'optional' stuff
becomes no longer 'optional'?

And before you call me a conspiracy theorist, please read and review
Lennarts postings about long range goals with systemd... he makes his
intentions plain as day. Maybe he is waiting for the day that Linus
retires before the big push though, because I don't think Linus will let
him get away with it...

This is what concerns me the most about systemd.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54620689.6030...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/11/2014 11:38 AM, The Wanderer wande...@fastmail.fm wrote:
 Other people subscribe to a meaning of default which, e.g., assumes
 only that systemd will get installed as PID 1 unless some action is
 taken to prevent it from getting so installed. That seems like an
 entirely reasonable interpretation, at least to me.

Absolutely correct. The concept 'Default' implies that there are
*alternatives*.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546240a7.6060...@libertytrek.org

Re: systemd - so much energy wasted in quarreling

[Tanstaafl]

On 11/11/2014 9:26 AM, Didier 'OdyX' Raboud o...@debian.org wrote:
 Blaming the Debian project for letting the Debian distribution evolve in 
 ways defined by its volunteers is unfair.

Eh? My understanding is that this systemd mess is due to a vote of the
technical committee, a vote that was in fact tied and the chair had to
cast the tie-breaker.

Hardly waht I would call an 'evolution defined by its volunteers'...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54624039.8030...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/11/2014 12:07 PM, Laurent Bigonville bi...@debian.org wrote:
 There are no functional differences between an installation with
 sysvinit-core out of the box or an install where sysvinit-core is
 installed later, this is a fact.

Irrelevant.

 Allowing the user to choose this at install time from the interface is
 a nice to have feature (wishlist bug) not a RC bug like you were
 claiming earlier.

Opinion...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546251e8.7090...@libertytrek.org

Re: Joey Hess is out?

[Tanstaafl]

On 11/8/2014 10:03 AM, Mart van de Wege mvdw...@gmail.com wrote:
 Quite frankly, I'm disgusted. A developer with a lot of contributions is
 chased away by the noise made by a bunch of whiners who can't even be
 bothered to set up a test server.

Obviously you didn't bother to read his posts.

His problem was not directly about anti-systemd people (whiners as you
call them).

 And because some devs want to placate those whiners, we get interminable
 political games and good people quitting the project.
 
 Why don't the anti-systemd people do what they've been threatening the
 whole time and fuck off to another distro or to FreeBSD?

Wow. Just wow.

Yes, there is a lot of FUD spread by anti-systemd people - just as there
is by the systemd proponents.

But lumping everyone who has serious questions about the direction
systemd is going - as well as the main drivers of it - in with the
'whiners' is just plain wrong, especially ending with a 'fuck off'
comment like that.

I thought this list had some minimal etiquette requirements? Do the list
moms really allow comments like the above to stand? If so, I guess
Debian has fallen farther than I thought, and maybe it *is* time to look
elsewhere - even though I just got here...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546086d4.2010...@libertytrek.org

Re: Lennart Poettering Linux -- some real eye openers here ... don't be blindsided!

[Tanstaafl]

On 11/10/2014 2:01 AM, Matthias Urlichs matth...@urlichs.de wrote:
 Sorry, but requiring an up-to-date kernel (or any other infrastructure you
 rely on) instead of maintaining workarounds and compatibility code in
 perpetuity makes perfect sense.

It amazes me the depths that some systemd proponents obfuscate and ignore.

Did you miss the part about 'no more udev without systemd'?

Lennart said:
 Also note that at that point we intend to move udev onto kdbus as
 transport, and get rid of the userspace-to-userspace netlink-based
 tranport udev used so far. Unless the systemd-haters prepare another
 kdbus userspace until then this will effectively also mean that we will
 not support non-systemd systems with udev anymore starting at that
 point. Gentoo folks, this is your wakeup call.

One thing that 'anti-systemd whiners' (many systemd proponents like to
lump those of us who have legitimate, serious design and implementation
questions about systemd in with those who just spew FUD about 'binary
logs, ignoring that you don't have to enable or use them) - have been
questioning was whether or not udev would always work without systemd,
and the systemd proponents - while calling us 'whiners' - would always
say 'of course it will you silly whiner, we only moved the code into the
systemd repo for convenience, why don't you eat some systemd cake and be
happy'...

Well, now we see that, as suspected, that is simply not true, and now,
motives and intentions of the systemd drivers (maybe not so much the
fanbois) are more suspect than ever.

Off to post this reference to the gentoo list.

I'd love to see some collaboration between Debian devs that aren't happy
about the state of affairs) and the eudev guy(s?) at gentoo, to get
eudev into the main Debian repo to head this off at the pass.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/546096d7.2010...@libertytrek.org

Re: Joey Hess is out?

[Tanstaafl]

On 11/10/2014 8:47 AM, Joel Rees joel.r...@gmail.com wrote:
 If systemd can stand on its own, it doesn't have to be defended
 against every whinger that comes along.
 
 (And I'll have you know that many, probably most of those you accuse
 of being whiners are very busy working out alternatives. And part of
 the reason we are not happy with the creeping dependency on systemd is
 that we had other plans for our spare time, useful projects that got
 pushed to the back burner so that we can keep applications we need
 running in spite of upstream.)

What Joel said...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5460c954@libertytrek.org

Re: systemd - so much energy wasted in quarreling

[Tanstaafl]

On 11/10/2014 2:01 PM, st s...@kem.ru wrote:
 Hans wrote:
 
 And at the beginning things never work perfect
 
 That's why they shouldn't make it into Stable as defaults,
 now should they?

Exactly, it should remain in unstable unless/until it can be released
*perfectly* stable, so if that means it stays in unstable for 5 years,
so be it.

And again - the fact that a *clean* install cannot be done without
systemd should be enough, in my book, to prevent this from being
released stable.

Btu, again, it is all moot now... it just means I'll be skipping Jessie
in the hopes that sanity returns with the next stable...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5461116f.9000...@libertytrek.org

Re: systemd - so much energy wasted in quarreling

[Tanstaafl]

On 11/10/2014 2:08 PM, Andrew McGlashan
andrew.mcglas...@affinityvision.com.au wrote:
 On 11/11/2014 5:46 AM, Hans wrote:
 Sorry for that, I hope he will not blame me for that. However, I
 intended not to tark part on any side! Neither Lennarts nor the
 systemd-haters.

 It's not about haters ... necessarily, what about those that simply
 DO NOT WANT systemd on any systems they manage AND also DO NOT WANT to
 see Linux destroyed for the interests of Lennart and his [lovers?] /
 supporters?

Exactly. I for one am getting sick and tired of being called names on
this list like 'hater' and 'whiner' because I have *legitimate* concerns
about systemd...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54611244.7030...@libertytrek.org

Re: Installing an Alternative Init?

[Tanstaafl]

On 11/10/2014 2:44 PM, Miles Fidelman mfidel...@meetinghouse.net wrote:
 Michael Biebl wrote:
 Am 10.11.2014 um 19:26 schrieb Patrick Bartek:
 Maybe, the release after Jessie will include an init choice.
 Ironically, jessie is the first release where you can actually install
 an alternative init.
 Up until now you were forced to use sysvinit.

 People seem to forget that.

 By the way, the bug that prevents pre-seeding a clean systemv 
 installation, originally dates to problems pre-seeding a clean systemd 
 install in Wheezy.  Kind of ironic.

Not ironic... telling...

This proves that the bug has been known for plenty long enough to have
gotten fixed... obviously someone didn't want to...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5461167f.6040...@libertytrek.org

Re: systemd - so much energy wasted in quarreling

[Tanstaafl]

On 11/10/2014 2:50 PM, Martin Read zen75...@zen.co.uk wrote:
 On 10/11/14 19:26, Tanstaafl wrote:
 Exactly, it should remain in unstable unless/until it can be released
 *perfectly* stable, so if that means it stays in unstable for 5 years,
 so be it.
 
 If you want *perfectly* stable software, why are you using software that 
 isn't formally proven?

'Perfect' was obviously a bad choice of word... but systemd is hardly
close to 'stable', in so much as 'Debian stable' is concerned...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54611b90.7090...@libertytrek.org

Re: Perfect Jessie is something like this...

[Tanstaafl]

An opinion from a very new debian user...

On 11/4/2014 5:09 PM, Laurent Bigonville bi...@debian.org wrote:
 http://debianfork.org/:
 
 If systemd will be substituting sysvinit in Debian, we will fork the
 project and create a new distro. We hope this won't be necessary, but
 we are well prepared for it.
 
 I call that a threat. And the same kind of message are all around the
 debian mailing lists and other social media.

It isn't a threat, it is a simple declaration of intent.

Personally I think the biggest issue with Jessie at present is the
inability to do a clean install with sysvinit rather than systemd as the
init system.

Seems to me like an underhanded back-door way to *force* people into at
least trying it, as I imagine most regular users will do that rather
than immediately go through the pain of switching to sysvinit and
purging systemd.

If that one thing is fixed before Jessie hist release status, then I
would say it would eliminate pretty much all of the major (relevant)
arguments against this experiment...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/545a2a9b.1090...@libertytrek.org

Re: Perfect Jessie is something like this...

[Tanstaafl]

Sorry friend, like I said, I'm a new user.

This is on the Debian devs.

And if they choose NOT to do this, then ALL of the resulting (and
continuing/ongoing) systemd noise is ON THEM.

PERIOD.

Such a major change without classifying a bug like this as a SHOWSTOPPER
speaks volumes.

On 11/5/2014 1:03 PM, Don Armstrong d...@debian.org wrote:
 Quoting myself from
 http://lists.debian.org/msgid-search/20141021184619.gq28...@teltox.donarmstrong.com
 with modifications.
 
 On Wed, 05 Nov 2014, Tanstaafl wrote:
 Personally I think the biggest issue with Jessie at present is the
 inability to do a clean install with sysvinit rather than systemd as
 the init system.
 
 That preseeding doesn't do this is a bug, it's filed (#668001), and the
 patch for it was just written on October 17th. Because Debian is going
 to freeze for Jessie in under 7 *hours*, the maintainers aren't going to
 apply this patch this close to release without extensive testing.
 
 Furthermore, the effect of this patch is trivially obtained by using a
 late_command to remove systemd-sysv and install sysvinit-core.
 
 If you actually want to see this patch applied to the version of the
 Debian installer that Jessie will release with, you should coordinate
 with the nice people in #debian-boot to see what type of testing they
 would want to see before they are willing to vet the patch.
 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/545a68cf.20...@libertytrek.org

Re: Perfect Jessie is something like this...

[Tanstaafl]

On 11/5/2014 1:35 PM, Don Armstrong d...@debian.org wrote:
 It's not an RC bug because it's easy to overcome with a late command.

Not understanding this reference - so, you're saying you *can* perform a
clean install of Jessie using sysvinit for the init system, just using a
special command during the install process?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/545a70d0.6080...@libertytrek.org

Re: Perfect Jessie is something like this...

[Tanstaafl]

On 11/5/2014 1:57 PM, Don Armstrong d...@debian.org wrote:
 On Wed, 05 Nov 2014, Tanstaafl wrote:
 Not understanding this reference - so, you're saying you *can* perform
 a clean install of Jessie using sysvinit for the init system, just
 using a special command during the install process?
 
 Yes, FSVO clean. You'll have installed systemd-sysv at some point, but
 the in the late command you will purge it and install sysvinit-core
 instead.

Sorry, that is *not* the definition of 'clean' in my or anyone I know's
vocabulary.

 The reason you can't do this at debootstrap time and have to use the
 late command is because of #668001, which is due to the lack of proper
 dependency handling when given --exclude and --include options in cases
 which involve alternative dependencies.

and again, this should absolutely be a showstopper bug. And again, the
fact that it is not speaks volumes.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/545a74a5.1060...@libertytrek.org

Re: Thinking about preserving freedom of choice of init systems and future of udev...

[Tanstaafl]

On 10/28/2014 8:45 PM, Miles Fidelman mfidel...@meetinghouse.net wrote:
 John Hasler wrote:
 Martinx writes:
 I'm wondering here about this subject and what it means...
 So, what if `udev` becomes useless without `systemd` as PID1?

 The someone will fork it.  But it won't happen, partly for that reason.

 I believe it's called eudev - http://www.gentoo.org/proj/en/eudev/

Right. eudev was forked by some gentoo devs when systemd consumed udev.

The biggest problem (actually, it is more like snarky criticisms from
systemd fanbois) I've heard about it right now is that because it only
has one or two maintainers, that it doesn't keep up with
changes/improvements (especially security related things) with current udev.

So, please, by all means, if you are a developer, please go talk to the
eudev guys and see about helping with keeping eudev updated with the
*good* things in udev development...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5450cd88.3010...@libertytrek.org

Re: Lets make `eudev + uselessd` Debian packages?

[Tanstaafl]

On 10/27/2014 10:20 PM, Martinx - ジェームズ thiagocmarti...@gmail.com
wrote:
 Hey guys,
 
  I would like to evaluate both `eudev` (or any other *udev), plus
 `uselessd`, on Debian sid/testing.
 
  Lets do it?!
 
  I' m planning to achieve, at least, CGroups Process with `uselessd`
 (no init scripts).

I would strongly encourage you to get in touch with the eudev
maintainers and offer to help.

The biggest criticism I heard on the gentoo list when eudev was forked
from udev (by a couple of gentoo devs a long time ago when systemd
consumed udev) - by systemd proponents - and actually, it was more
snarky derisive remarks - was that eudev was not keeping up with all of
the 'improvements' that were being pushed into udev by the systemd devs,
and so the systems of anyone using eudev were somehow less secure and/or
at risk...

So, the first thing to do is start helping out the eudev devs to get it
fully up to date with the current state (non-systemd-related) of the
mainline udev, and see what can be done about keeping it there (at least
with respect to anything critical/important)...

Who knows, uselessd+eudev may become the new default gentoo init system,
and alternative init system for anyone wanting a systemd-less system.

I imagine there would at the very least have to also be maintained
something like the systemd-shim, that would act as the interface for
programs that require systemd, to provide an alternate means of
accomplishing whatever is needed by the dependency.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5450d393.1070...@libertytrek.org

Re: reInstalling my laptop

[Tanstaafl]

On 10/26/2014 3:17 PM, Jean-Marc jean-m...@6jf.be wrote:
 Thank so much for your answers.
 After reading them in the list archives, I think I will go for:
 - no dedicated partition for /boot;

For my new debian groupware server (sogo, working great so far), I just
installed with the defaults, which apparently is no separate /boot...

On gentoo at least, a separate /boot is recommended (or at least
provided in the example) in the handbook, for one security reason...

It is also auto-unmounted after booting (at least I know I didn't do
anything myself to configure that), and it does make sense that it is
kind of impossible for anything to modify an unmounted filesystem...

Now, whether or not that actually provides any real security buffer, or
it falls into the category of feel-good 'security-through-obscurity' is
beyond me to answer definitively... I've actually always wondered about
this, so I think I'll go ask on the gentoo list.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544e2997.2020...@libertytrek.org

Question re: updating debain stable kernels...

[Tanstaafl]

Hello,

Googling didn't seem to reveal a definitive answer...

I'm still very new to the debian world, so... anyway...

I just updated my wheezy install from 7.5 to 7.7, but I'm surprised that
I wasn't prompted to reboot, as the kernel image was updated:

   linux-headers-3.2.0-4-amd64 (3.2.57-3+deb7u2 = 3.2.63-2)
   linux-headers-3.2.0-4-common (3.2.57-3+deb7u2 = 3.2.63-2)
   linux-image-3.2.0-4-amd64 (3.2.57-3+deb7u2 = 3.2.63-2)

I found this: https://wiki.debian.org/HowToUpgradeKernel

But it doesn't really say anything about it.

I just checked after the upgrade, and uname -a still shows:

3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u2 x86_64 GNU/Linux

So apparently I need to reboot to be on the new kernel image... but,
since I wasn't prompted, it apparently isn't important to do so right away?

Just trying to get my head around this.

Thanks


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544ba0ac@libertytrek.org

Re: Question re: updating debain stable kernels...

[Tanstaafl]

On 10/25/2014 10:41 AM, Andrei POPESCU andreimpope...@gmail.com wrote:
 On Sb, 25 oct 14, 09:07:56, Tanstaafl wrote:

 I just updated my wheezy install from 7.5 to 7.7, but I'm surprised that
 I wasn't prompted to reboot, as the kernel image was updated:
 
 As of Jessie there is 'needrestart', which integrates with apt/dpkg. 
 Other than that some of the DE package managers did some notifications 
 when a restart was needed.

Ok, thanks, but that didn't answer my question...

So apparently I need to reboot to be on the new kernel image... but,
since I wasn't prompted, it apparently isn't important to do so right away?

Just trying to get my head around this.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544bb81f.5070...@libertytrek.org

Re: Question re: updating debain stable kernels...

[Tanstaafl]

On 10/25/2014 11:35 AM, Sven Hartge s...@svenhartge.de wrote:
 Tanstaafl tansta...@libertytrek.org wrote:
 So apparently I need to reboot to be on the new kernel image... but,
 since I wasn't prompted, it apparently isn't important to do so right
 away?
 
 Just trying to get my head around this.

 You won't get a prompt ever. Debian expects the admin to know what he is
 doing and act accordingly.

Well, as I said, I'm new to debian. On gentoo, I have always manually
updated my kernels - so all an OS update does is download the kernel
sources. I then have to manually compile the new kernel, mount /boot, cp
the kernel image file, manually update grub to point to it, then, I can
either reboot, or wait until later.

But being new to debian, I'm also new to the idea of the OS update
process automagically handling kernel updates.

 You can install apt-listchanges to get an output of the most recent
 changelogs of a package and then decide for yourself if you need to
 reboot.
 
 Or you can install the needrestart package (from Jessie, should install
 cleanly on Wheezy) and get a notification that way.

Which still doesn't answer the question.

I ran apt-get update, then apt-get upgrade.

The kernel image was updated.

Is the system in some kind of fragile limbo that means I need to reboot
asap?

Or is everything fine, but the next time I reboot, I'll automatically be
on the new kernel?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544bced4.2090...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 10/23/2014 4:10 PM, koanhead koanh...@riseup.net wrote:
 I propose OpenRC, having recently tried it. So far I'm liking how it
 works, and it solves most of the problems I had with sysvinit. It's not
 a replacement for PID1, and is supposed to be compatible with arbitrary
 PID1 programs (sysvinit, sytemd, runit, etc.) I expect to test it with
 other PID1 programs at some point, but for now I'm still learning it.
 There's also runit, which I haven't tried yet but about which I've heard
 good things; and daemontools, which has already been talked up on this
 list. All these are already in Debian's repositories.

Seconded...

OpenRC has also been the default init system for gentoo for as long as I
can remember knowing what init system I was running on my gentoo server
(I had help setting up the first one ten years ago, so I don't know if
it was the default then)...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544a2f86.2070...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 10/24/2014 4:49 AM, Jonathan de Boyne Pollard
j.deboynepollard-newsgro...@ntlworld.com wrote:
 Tanstaafl:
 And why was OPenRC not a  contender?

 Your question takes a falsehood as its premise.  It actually was, 
 contrary to what M. Popescu dismissively stated.  Several members of the 
 technical committee took it and tried to use it themselves, just as they 
 did the other systems; and it was included on the formal ballots and in 
 the votes.

I actually do remember reading a fleeting mention of it somewhere in
the vast sea of stuff I read when trying to catch up on this issue...

 Contrastingly, the people who were propounding OpenRC at the 
 time provided a good example of how NOT to go about doing so.  Their 
 several mistakes are worth learning from.

Not sure I understand what you are saying here...

Are you saying that some of the people who suggested OpenRC actually
provided BAD examples - meaning, examples that were destined to result
in problems - of how to use it in Debian? If so, maybe that was on
purpose, to decrease the chances of OpenRC being a real contender?

The fact is, OpenRC has been the default init system on gentoo since I
don't know when, and I have *never* had an init problem on any of my
gentoo systems - although I admittedly never use unstable/testing for
system-critical packages either...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544a32ef.3090...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 10/21/2014 4:21 PM, Andrei POPESCU andreimpope...@gmail.com wrote:
 Upstart was the only real contender to systemd at the time of the 
 evaluation by the Technical Committee, but it has or is being replaced 
 by systemd everywhere.

And why was OPenRC not a contender?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5447a692.1060...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 10/20/2014 3:45 PM, Patrick Bartek nemomm...@gmail.com wrote:
 After much vitriolic gnashing of teeth from those opposed to systemd,
 I wonder...  What is a better alternative?  And it can't be sysvinit.
 
 Yes.  Syvinit still works, but it is after all 20 years old. It's been
 patched and bolted onto and jury-rigged to get it to do things that
 weren't even around (or dreamt of) at its inception.  It's long past
 due for a contemporary replacement.  Whatever that may be.
 
 So, what would you all propose?  For a server?  Or for a user desktop?
 Or something that fulfills both scenarios?  And why?

OpenRC has been working just fine on my Gentoo server for many years.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54463621.3010...@libertytrek.org

Re: If Not Systemd, then What?

[Tanstaafl]

On 10/20/2014 10:36 PM, Martinx - ジェームズ thiagocmarti...@gmail.com
wrote:
 1- Fork udev (out from systemd's tree or before it got merged / engulfed);

Maybe Gentoo's eudev would be a good place to start with that.

I also don't see why OpenRC isn't on the list of obvious choices. It is
the default in Gentoo and has been for ages, and it 'just works'.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544638ab.4010...@libertytrek.org

Re: Refracta systemd-free progress

[Tanstaafl]

On 10/21/2014 1:08 AM, Steve Litt sl...@troubleshooters.com wrote:
 Jonathan de Boyne Pollard, what's your impression of the relative boot
 time of nosh vs systemd?

The *only* real world scenario that I can see where the boot speed
difference is only really meaningful in the world of cloud based VM
server farms, and I recall reading an article from Poettering or someone
way back when that actually stated that this was one of the primary
motivators for systemd and why Redhat was pushing it so hard.

In my opinion, systemd is probably ideal for this use case.

What I (and others) have a problem with is the potential for systemd
resulting in an 'embrace and extinguish' of any/all other init systems,
thereby becoming the new and *only* init system+ for linux, like it or
not. Whether or not this will actually happen is the question, but I for
one can see the very real possibility of it.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54464d3e.1010...@libertytrek.org

Re: Avoiding SystemD isn't hard

[Tanstaafl]

On 10/21/2014 11:19 AM, Liam Proven lpro...@gmail.com wrote:
 A blog post explaining why it isn't mandatory, the utter futility of
 the fork and more besides, clearly and simply.
 
 http://www.vitavonni.de/blog/201410/2014102101-avoiding-systemd.html

Doesn't address - and nothing can satisfactorily address (imo) - the
issue of feature creep, and that it is very possible (even likely based
on past 'performance'?) that feature creep will indeed eventually result
in a *defacto* inability to remove it and have a functional system (that
does what you want it to do).


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54468d18.30...@libertytrek.org

Re: Moderated posts?

[Tanstaafl]

On 10/20/2014 7:18 AM, Joe j...@jretrading.com wrote:
 I think it's generally an admonishment not to get involved in relaying.

No, it is generally an admonishment not to get involved with relaying if
you do not have *access* to validate recipients.

There are multiple ways this can be achieved.

Easiest is what postfix calls 'recipient verification'.

Or you could script a way to get a locally held list.

 The point of relaying is that the original sender cannot directly reach
 the recipient's authoritative mail server, in which case it can't
 generally query for recipient validity.

This is only generally true for *outbound* mail.

I'm talking mainly about acting as an *inbound* relay, meaning, an
inbound MX for any given domain(s).

 If a relaying server does not hold a list of valid recipients for the
 authoritative server, and that's usually difficult to maintain,

Maybe, but again, you can always just use recipient verification (with
permission - this is the postfix term, or use the equiv for whatever
SMTP server you are using).

If whoever you are acting as MX for won't let you perform recipient
verification, then you shouldn't be acting as their MX. Period.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54450d5e.5000...@libertytrek.org

Re: Problem with quotatool

[Tanstaafl]

On 10/20/2014 6:58 AM, Peter Buzanits buzan...@gmail.com wrote:
 VMware ESX 4.0.0 Build 236512

That is really old...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54450b4f.5070...@libertytrek.org

Re: Problem with quotatool

[Tanstaafl]

On 10/20/2014 9:39 AM, Peter Buzanits buzan...@gmail.com wrote:
 Am 2014-10-20 um 15:17 schrieb Tanstaafl:
 On 10/20/2014 6:58 AM, Peter Buzanits buzan...@gmail.com wrote:
 VMware ESX 4.0.0 Build 236512

 That is really old...
 
 You think that the hypervisor could cause problems in the kernel? Are
 there any known issues with old VMware and new Linux kernels?

I was simply pointing out that that version od ESX is really old.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54451311.90...@libertytrek.org

Re: Moderated posts?

[Tanstaafl]

On 10/17/2014 9:24 PM, lee l...@yagibdah.de wrote:
 You do not accept messages you can not deliver unless you are relaying
 them.

Absolutely wrong, this rule fully applies to relays just as it does
final destination servers.

Postfix allows you to do this even if you are unable to get/maintain a
local list of valid recipients for relay domains using
'recipient_verification'.

If a customer wishes you to provide relay services but refuses to either
provide an always up to date list of valid recipients, or worst case, to
perform recipient verification, then you simply should not perform relay
services for them, period.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443eda2.10...@libertytrek.org

Re: GR proposed re: choice of init systems

[Tanstaafl]

On 10/17/2014 3:42 PM, Ric Moore wayward4...@gmail.com wrote:
 The fun part will be to see who actually steps up to the plate to do all 
 of the extra work. Especially amongst all of those pledged seconds. I 
 hope someone is keeping a list. :) Ric

From what I read, it will be one all debian devs (package maintainers)
to fully support all supported init systems in debian in any packages
that they maintain.

I see nothing wrong with this. It isn't forcing anything on anyone, in
that any debian package maintainer is free to step down (stop
maintaining debian packages) any time they want.

It is simply a rule of being a debian package maintainer.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5443f422.5050...@libertytrek.org

Re: MTAs denying messages

[Tanstaafl]

On 10/13/2014 4:21 AM, Joe j...@jretrading.com wrote:
 The intention is that the spam emails be accepted by a catch-all
 domain-wide mail server, then later bounced by the one that holds the
 mailboxes and knows the addresses are invalid.

And that, by definition, is backscatter, which will quickly (and
deservedly so) get you blacklisted if your mail server handles even a
moderate volume of mail, and eventually in any case.

 If the authoritative mail server for the domain knows the genuine
 recipients, it doesn't work, and that's the biggest single anti-spam
 measure possible.

No, that is one of many big mistakes that people new to administering
mail servers make.

Professional mail admins will virtually never, under any circumstances,
accept mail then later bounce it. I use the 'virtually' qualifier
because there may be some experienced admins who have tools that give
them a high level of confidence and they may bounce certain emails that
they know are legitimate, but for policy reason, they decide, after
having accepted it, that they do not want to deliver it - but they will
(and should) only do this for mail that they have as close to a 100%
certainty that the sender is legitimate (not forged), and this is very
hard to do, which is why 99+% simply won't do this.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5440f73e.1060...@libertytrek.org

Re: GR proposed re: choice of init systems

[Tanstaafl]

On 10/17/2014 12:21 PM, Steve Litt sl...@troubleshooters.com wrote:
 On Fri, 17 Oct 2014 07:54:06 -0700 (PDT)
 Rusi Mody rustompm...@gmail.com wrote:
 
 On Friday, October 17, 2014 8:00:02 PM UTC+5:30, Rob Owens wrote:
 - Original Message -

 Now let's see what happens with this!
 https://lists.debian.org/debian-vote/2014/10/msg1.html

 Very interesting discussion there.  Thanks for posting.

 Thank you Ian, and the seconders, and everyone who is speaking up for
 (what I call) sanity.

Still only 4 seconds though...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544145f4.4090...@libertytrek.org

Re: MTAs denying messages

[Tanstaafl]

On 10/17/2014 12:03 PM, Joe j...@jretrading.com wrote:
 My point is that a mail server which is accepting mail for a domain
 needs to know the valid recipient list, and to *reject*, not bounce,
 mail for non-existent users during the SMTP transaction. Not
 controversial at all.

Ok, then no, you weren't clear at all, my apologies for mis-reading.

This is what I've been saying all along, and what Jerry is against.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54414647.6060...@libertytrek.org

Re: GR proposed re: choice of init systems

[Tanstaafl]

On 10/17/2014 1:01 PM, The Wanderer wande...@fastmail.fm wrote:
 On 10/17/2014 at 12:38 PM, Tanstaafl wrote:
 
 On 10/17/2014 12:21 PM, Steve Litt sl...@troubleshooters.com
 wrote:
 
 Thank you Ian, and the seconders, and everyone who is speaking up
 for (what I call) sanity.

 Still only 4 seconds though...
 
 Eh?
 
 I see at least 8 seconds so far,

I finished the thread right before I posted, and there were only 4 seconds.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54415214.7040...@libertytrek.org

Re: GR proposed re: choice of init systems

[Tanstaafl]

On 10/17/2014 1:29 PM, Tanstaafl tansta...@libertytrek.org wrote:
 I finished the thread right before I posted, and there were only 4 seconds.

Guess I missed some sub threads or something...

Oh well, glad to see it will get a vote...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/544152b1.30...@libertytrek.org

Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 3:13 PM, Miles Fidelman mfidel...@meetinghouse.net wrote:
 Tanstaafl wrote:
 1. email to invalid recipients should be rejected at the RCPT-TO stage,

 Easier said then done - at least when a server does relaying, but 
 clearly ideal when possible.

No, it is 100% easily done.

For servers under your control, you just do it. If you don't know how
and are unwilling or unable to learn how, then you have no business
running a mail server.

For servers not under your direct control, but for whom your server is
the official relay for final delivery (which means you need the current
list o valid recipients), you either require them to allow you to
perform recipient verification, or to provide you with a constantly up
to date list of valid recpients, or you don't act as their relay.

snip

 Generally agree with you in principle.  And that's certainly the 
 standards-compliant policy.
 
 In practice I support a few dozen mailing lists - operational 
 necessity dictates dropping a lot of stuff silently.

Lists are different, and definitely fall into the category of 'best
effort, but no promises'...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543f9df8.3080...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

Please do not send to me directly, I am on the list.

On 10/15/2014 3:15 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
 On 10/15/2014 12:40 PM, Tanstaafl wrote:
 Easy enough to prove. By all means, quote the actual text of me saying
 this was 'OK'...

 You said:
 
 However, once a message has been accepted - ie, *after* the DATA phase
 is complete, it should never be bounced, it should be delivered - or,
 worse, quarantined, or worst case, deleted (ie, if it is later found to
 contain a malicious payload).

And nowhere do you see the word 'OK'. As I said, please do NOT put words
in my mouth.

 It is either OK to delete an email or it is not.  You can't have it both
 ways.  If, as according to your other statements, it is not OK to delete
 emails, then you are violating your own rules by deleting mails - for
 ANY reason.

If you are unable to see the difference between a rare, extreme worst
case scenario of having discovered an email that you accepted for
delivery contains a malicious payload, and deleting an email for no
other reason than the recipient has a typo in it, then you have no
business running a mail server.

 Your reason is i.e. if it is later found to contain a malicious
 payload.  My reason is It is addressed to a non-existent user.
 Either both are OK or neither is OK.

So, you obviously have no business running a mail server.

 you keep saying that the RECEIVING server 'sends a message back to
 the originator' - unless maybe you simply have a hard time saying
 what you really mean, which always causes confusion.

 it does send a message back to the originator - it may only be a
 status code, but it is still a message.

 The status code is not *sent* anywhere - it is a response directly to
 the connecting machine.

 Then how does it get back to the sending server?  Magic?

Can you not read? The CONNECTING MACHINE - the one that was directly
talking to YOUR server - is responmsible for that part of the
transaction. Spambots DO NOT DO THIS.

 It is then the responsibility of that machine that was talking to your
 server to pass the response code back to the originating *server* (not
 the sender of the email - there is a difference).

 I didn't say the sender of the email.

Maybe not, but I have no desire to go back through this thread to see
whether you ever did or not. You are apparently incapable of
communicating with semantic precision, so this time I'm really done.

Respond if you like, I won't see it.

 And you still can't quote an RFC which indicates what I am doing breaks
 SMTP.  That's because there isn't one and I am NOT breaking SMTP.

As I said, there is no rule that says that you have to violate an RFC to
break SMTP.

Accepting invalid recipients then silently deleting them breaks SMTP for
the vast majority of internet email users.

You are free to break it all you want... on your server.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543f9ffc.6030...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 4:44 PM, Joe j...@jretrading.com wrote:
 However, if the Reply-To: is forged, i.e. if it is spam, the
 alternative is considerably less OK. Bouncing a spam message simply
 delivers *the* *entire* *message* to an innocent third party, having
 been laundered through your (presumably legitimate and respectable) mail
 server.
 
 So it isn't OK, but there's no alternative to doing it. That's how you
 have it both ways.

Spam doesn't have to be deleted, it can be quarantined. That is the best
way to handle spam once it has been accepted.

I don't even delete the malicious stuff, although I don't deliver it to
the recipient.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543fa10c.6010...@libertytrek.org

Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 4:58 PM, Joe j...@jretrading.com wrote:
 It's worth some effort, at the moment it is the single most effective
 anti-spam measure. If you outsource your mail, it's worth going to some
 trouble to find a hosting company who will hold and accept updates for
 a list of valid recipients.

Or even easier, just get them to agree to let you perform recipient
verification in realtime.

 if it is spam, there's nobody to tell, and you don't want to send a
 copy of the spam to the forged Reply-To: address.

Of course not - which is why you REJECT it instead of ACCEPT+BOUNCE..

 3. once an email has been accepted for final delivery, every effort
 should be taken to deliver the message to the recipient, whether to
 their Inbox clean or tagged as spam (if a spam threshhold is met),
 or to a spam quarantine,

 Which shouldn't be a problem if there's a valid recipient.

Well, since everything I'm talking about is not accepting mail for
invalid recipients, not sure why you felt the need to say that.

 Yes, and a log kept.

Anyone who runs a mail server and doesn't keep logs shouldn't be running
a mail server.

 *And* the postmaster address monitored,

Anyone who runs a mail server and doesn't monitor the postmaster address
shouldn't be running a mail server.

 and a request to know the disposition of a vanished email should be 
 answered, along with the reason. Especially if the request is 
 accompanied by one of your message IDs...

Absolutely...

 Of course. Already-accepted spam *must* be silently dropped.

Absolutely NOT!

It should be *delivered*, either tagged as spam to the Inbox, or to a
quarantine, but it should be delivered. I only allow tagged delivery for
more sophisticated users. Normal users have to check their quarantine.

The only exception on my system is anything with a verified malicious
payload, which is delivered to an admin mailbox, not to the intended
recipient/victim.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543fa2d9.1080...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 5:12 PM, Brad Rogers b...@fineby.me.uk wrote:
 Send an email with a large attachment(1) and there are quite a few
 servers that will silently drop it.

Anyone who does that is breaking SMTP. If you don't want messages over a
certain size, REJECT them, but absolutely do not EVER accept then
silently delete them, that is just plain stupid.

 The worst of it is you can never know for certain if you're going to
 get bitten because routing can vary.

It isn't about routing problems, it is about properly configuring your
toolset.

 (1) 4Meg or so used to do the trick.  Things might be different now as
 more and more messages contain massive amounts of HTML and imagery.

Google accepts 25MB+, as does Outlook.com and most other freemailers
now. That is our limit here too.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543fa3d1.9030...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 8:37 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
 Tanstaafl couldn't answer it, and you can't either, because it's not
 violating any.

I did answer it, you just ignored it or don't understand it.

Quote:

You do not have to violate an RFC to break SMTP.

Here is a real world example:

Improperly configured TCP filtering features on firewalls and routers
don't violate any specific RFC, but they certainly can break SMTP (and
other things too).


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543fa4cd.8010...@libertytrek.org

Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/16/2014 7:31 AM, Chris Bannister cbannis...@slingshot.co.nz wrote:
 On Thu, Oct 16, 2014 at 06:50:01AM -0400, Tanstaafl wrote:
 Anyone who runs a mail server and doesn't monitor the postmaster address
 shouldn't be running a mail server.

 Tell that to yahoo, they *don't seem* to have a postmaster address nor an
 abuse address. :(

Then they shouldn't be running a mail server... ;)

And they are in violation of the RFC that mandates that these two
addresses always be available and monitored.

But I'm sure they couldn't care less... ;)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543fb99b.1080...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/16/2014 7:40 AM, Joel Rees joel.r...@gmail.com wrote:
 On Thu, Oct 16, 2014 at 7:58 PM, Tanstaafl tansta...@libertytrek.org wrote:
  On 10/15/2014 8:37 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
  Tanstaafl couldn't answer it, and you can't either, because it's not
  violating any.
 
  I did answer it, you just ignored it or don't understand it.
 
  Quote:
 
  You do not have to violate an RFC to break SMTP.
 
  Here is a real world example:
 
  Improperly configured TCP filtering features on firewalls and routers
  don't violate any specific RFC, but they certainly can break SMTP (and
  other things too).
 Thus, we can understand that you are an idealist that would rather see
 your version of SMTP rules be followed by everyone than try to follow
 the RFC yourself.
 
 Where are your SMTP rules spelled out, by the way?

Ok, I just went and looked it up, and lo and behold...

RFC 2821 is the controlling RFC if I'm not mistaken...

https://tools.ietf.org/html/rfc2821

In there you'll find this:

   The second step in the procedure is the RCPT command.

  RCPT TO:forward-path [ SP rcpt-parameters ] CRLF

   The first or only argument to this command includes a forward-path
   (normally a mailbox and domain, always surrounded by  and 
   brackets) identifying one recipient.  If accepted, the SMTP server
   returns a 250 OK reply and stores the forward-path.  If the recipient
   is known not to be a deliverable address, the SMTP server returns a
   550 reply, typically with a string such as no such user -  and the
   mailbox name (other circumstances and reply codes are possible).
   This step of the procedure can be repeated any number of times.

So, how do you 'interpret' the pertinent part:

If the recipient is known not to be a deliverable address, the SMTP
server returns a 550 reply, typically with a string such as no such
user -  and the mailbox name (other circumstances and reply codes are
possible).

?

Sounds to me like a mandate to reject invalid recipients at the RCPT-TO
stage.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543fbb6b.4000...@libertytrek.org

Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 1:58 PM, Miles Fidelman mfidel...@meetinghouse.net wrote:
 Well, this really is OT for debian-users, but  Turns out that SMTP 
 WAS/IS intended to be reliable.

Reliable, absolutely. 100% reliable? That simply isn't possible when
people are involved in the equation (people mis-configure servers -
whether accidentally, through ignorance, or intentionally (just because
that is the way they want it).

 I'd always lumped SMTP in the category of unreliable protocols, w/o 
 guaranteed delivery

The protocol itself is extremely reliable. It is what people *do* with
it that can cause it to become less reliable/resilient.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543e4da8.2060...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 12:03 PM, Tanstaafl tansta...@libertytrek.org wrote:
 The 'silly statements' reference was about your suggestion
 that it is in any way shape or form 'ok' to *accept* mail to invalid
 recipients then send it to dev/null.

Incidentally, yes there may be some circumstances where this could be
considered ok... a hobby server, or your own, personal server.

Your server, your rules.

But I'm talking about mail servers with lots of users who expect to be
able to communicate via email effectively and reliably with others on
the internet.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543e4ec5.2000...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
 On 10/14/2014 12:03 PM, Tanstaafl wrote:
 On 10/14/2014 11:17 AM, Jerry Stuckle jstuc...@attglobal.net wrote:
 On 10/14/2014 8:05 AM, Tanstaafl wrote:
 If you think I'm kidding, please by all means go make these silly
 statements on the postfix list and I'll just sit and watch the fun.

 You don't read very well.  This has nothing to do with emails to a valid
 address.  A large amount of that spam goes to invalid addresses.  I see
 them go through the logs regularly.

 I read fine. The 'silly statements' reference was about your suggestion
 that it is in any way shape or form 'ok' to *accept* mail to invalid
 recipients then send it to dev/null.

 But you just said it was OK to delete emails.

Please don't misquote me. I said it was the *worst case*, meaning, only
marginally better than *bouncing* them, which you should never do.

I certainly did not say it was 'OK'.

 Wrong.  Rejecting garbage sends a message back to the originator,

 No, it doesn't. It closes the connection with a response code.

snip

 I know how it works.

Apparently not, since you keep saying that the RECEIVING server 'sends a
message back to the originator' - unless maybe you simply have a hard
time saying what you really mean, which always causes confusion.

 Now how often do you get an email of 1MB?

Like a large percentage of businesses, we get mail *all the time* that
is many MB's in size. Even all of the freemailers have very large max
sizes they accept now (I think gmail is up to 25MB or 30MB?).

But, I'd say 10-15% of our email traffic consists of messages that are 1MB+

And yes, even lots of spam now has larger attachments (even seen them
over 2MB, though not very often).

 If I reject the mail at the RCPT-TO stage, then I only accepted a few
 bytes of traffic before terminating the connection with an SMTP response
 (error) code. The connecting machine then decides whether to pass the
 response back or not (again, a few bytes at most).

 That's your option.

No, it is the right thing to do.

 If you *accept* the mail, then you accepted the entire 1MB of traffic.

 So, who is responsible for more traffic in such a case?

 Sure.

Thank you for acknowledging that at least this argument in support of
breaking recipient validation (that rejecting emails results in more
traffic than accepting/deleting them) is wrong. We're making progress.

 But spammers don't know whether it is a good address or not.

Nor do they if I reject the transaction way before the RCPT-TO stage,
which postscreen does *very* well, which is what happens most of the time.

Also, my understanding is that there the vast majority of spammers no
longer engage in dictionary attacks to harvest valid email addresses.

 I said NOTHING about security.  I just don't want them to know what the
 valid email addresses are.

In my mind saying 'I am doing this because I don't want them to know
what the valid email addresses are' is the exact same thing as saying 'I
am doing this for security purposes.'.

 That way they don't send more SPAM to the good addresses.

It isn't about how much spam is targeted at your users, it is about how
much gets through, and an effective anti-spam solution block 99+% of it
- *without* breaking SMTP. And again, my understanding is that there the
vast majority of spammers no longer engage in dictionary attacks to
harvest valid email addresses, so you are continuing to break smtp for
your users and getting very little to no real world value out of it.

 Passwords, by their very nature, are intended to be
 difficult/impossible to 'guess'.

 To suggest that this is even in the same universe as 'security through
 obscurity' is ludicrous.

 Then what is that if it isn't obscurity?

I didn't say it wasn't 'obscurity', I said it wasn't *security through
obscurity*. The first is a simple word that has a very broad and
general meaning. The second has a very specific and limited meaning.

 You don't necessarily need to explictly violate any give RFC to 'break
 SMTP', Jerry.

 Breaking recipient validation defacto breaks SMTP. It tells the sending
 server that everything is OK, when it isn't. It allows someone who

 Tell me what RFC I am violating.  Unless I am violating an RFC, there is
 no breaking of SMTP.

Objection: asked and answered (see directly above).

 No one should. What I do care about is if the President of NBC typos an
 email address to our President when sending an important email, I want
 him to know the email didn't make it.

 And what if he sends a letter, but misaddresses the letter?

He'll (hopefully) know about it when it gets returned, because his
secretary (hopefully) isn't stupid and puts the correct return address
on it.

 Please explain what is *Seriously Fraudulent* or *otherwise
 inappropriate* about a typo in the recipient address of an otherwise
 perfectly legitimate email, Jerry.

 How many valid emails do you get to a bad email address?

Please answer

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 3:20 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
 On 10/14/2014 11:24 AM, Tanstaafl wrote:
 However, once a message has been accepted - ie, *after* the DATA phase
 is complete, it should never be bounced, it should be delivered - or,
 worse, quarantined, or worst case, deleted (ie, itf it is later found to
 contain a malicious payload).
 
 But I was speaking mainly toward the botnet junk that postscreen is so
 good at rejecting now, and that is the vast majority...

 And that is exactly what I do - I delete the email.

Right... the 'worst case' (with the exception of bouncing) I mentioned
above.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543e6611.9040...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 12:25 PM, The Wanderer wande...@fastmail.fm wrote:
 On 10/15/2014 at 12:11 PM, Jerry Stuckle wrote:
 You're limiting it too much.  From Dictionary.com:

 obscurity
 noun, plural obscurities.
 1. the state or quality of being obscure.
 2. the condition of being unknown:
 ...

 That's a definition of obscurity, which is indeed fairly broad.

Thanks, saved me the trouble - although I don't expect Jerry to 'get
it', so this is probably a waste of everyones time to pursue.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543ea18f.9050...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 12:06 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
 On 10/15/2014 8:14 AM, Tanstaafl wrote:
 On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
 But you just said it was OK to delete emails.

 Please don't misquote me. I said it was the *worst case*, meaning, only
 marginally better than *bouncing* them, which you should never do.

 I certainly did not say it was 'OK'.

 You said it was OK.  You may try to attack conditions to it - but you
 still said it was OK.

Easy enough to prove. By all means, quote the actual text of me saying
this was 'OK'...

 you keep saying that the RECEIVING server 'sends a message back to
 the originator' - unless maybe you simply have a hard time saying
 what you really mean, which always causes confusion.

 it does send a message back to the originator - it may only be a
 status code, but it is still a message.

The status code is not *sent* anywhere - it is a response directly to
the connecting machine.

It is then the responsibility of that machine that was talking to your
server to pass the response code back to the originating *server* (not
the sender of the email - there is a difference).

It is then the responsibility of the 'originating server' to generate
the NDR (non-delivery response) email that the sender then receives in
their Inbox.

So, again, no, *your* server doesn't 'send anything back to the
originating server'.

I'm done with this thread, since Jerry is free to believe whatever he
wants and run his servers however he wants.

Thankfully the vast majority of other mail admins use best practices...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543ea368.8000...@libertytrek.org

Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/15/2014 12:50 PM, Miles Fidelman mfidel...@meetinghouse.net wrote:
 I'll close by noting that this branch of discussion started with a focus 
 on silently dropping spam, and whether that's a violation of standards.

Actually, no, this branch started with a focus on whether or not it is a
good idea to break SMTP by accepting email from *invalid recipients*
then silently deleting them, as opposed to rejecting them at the RCPT-TO
stage.

 It used to be a clear violation of the various MUST statements re. 
 sending non-delivery messages.  It looks like more recent standards now 
 allow for dropping spam as a specific exception case.

My position is that:

1. email to invalid recipients should be rejected at the RCPT-TO stage,

2. under *no* circumstances should mail to invalid recipients be
accepted for delivery then silently deleted based solely on that one
criteria,

and

3. once an email has been accepted for final delivery, every effort
should be taken to deliver the message to the recipient, whether to
their Inbox clean or tagged as spam (if a spam threshhold is met), or to
a spam quarantine,

I allow for the very rare 'clear-and-present-danger' exceptional
circumstance that, if an after-queue content scanner determines with a
very high probability that something contains a malicious payload, an
admin might want to not deliver it to the recipient. But, I would also
argue that it should go into a quarantine that only the admin has access
to, and never just silently deleted.

But, as Jerry says, that is just my opinion...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543eb3f3.6050...@libertytrek.org

Re: Moderated posts?

[Tanstaafl]

On 10/13/2014 7:47 PM, Joel Rees joel.r...@gmail.com wrote:
 There is a header for requesting automatic confirmation of delivery,
 but it tends to be abused by malicious junkmailers (spammers). MUAs
 are supposed to be able to disable it, but I haven't seen that option
 in an MUA settings dialog for a long time.

You mean like Thunderbird has in:

Tools  Account Settings  Return Receipts

?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543d0d82.6070...@libertytrek.org

Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/13/2014 9:53 PM, Jerry Stuckle jstuc...@attglobal.net wrote:
 Not a grey area at all.  ...dropping mail  without notification of the
 sender is permitted  As for the ...long tradition and community
 expectations... - that's nice, but according to some estimates,
 spammers now account for over 90% of the email traffic on the internet.

And there are very simple ways to eliminate 90+% of that very simply
(postfix+postscreen, without any additional tools), without risk of
rejecting *any* legitimate email, and without *breaking SMTP*, which is
what you are advocating.

By adding a few simple additional tools (amavisd-new+spamassassin), you
can easily deal with the remaining 9.9%...

If you think I'm kidding, please by all means go make these silly
statements on the postfix list and I'll just sit and watch the fun.

 To bounce all of those invalid addresses not only would further
 increase the amount of junk on the internet,

That is pure and absolute nonsense. The vast majority of spam comes from
botnets, and *rejecting* garbage from these results in ZERO additional
smtp traffic.

 but by not replying, servers tell the spammers what are valid email
 addresses.

More nonsense. Security through obscurity *never* works, and only, in
this case totally breaks SMTP.

 Finally, as for ...undermine confidence in the reliability of the
 Internet's mail systems... - it hasn't been reliable since spammers
 virtually took over the email.  And even when emails were rejected, it
 still was no indication the recipient got the message.

Of course it wasn't, but it was certainly a positive indication that the
recipient did *not* receive it (as long as the sending server is
properly configured).

 There is, and never has been a reliable end-to-end verification of email
 messages.

Well, that at least is true.

 BTW - by definition, any messages to any of the domains I manage without
 a valid email address are seriously fraudulent or otherwise inappropriate.

Really?

So when the President/CEO of XYZ Corporation, who does business with a
customer whose domain happens to be managed by you, accidentally typos
an email address, you consider that a 'seriously fraudulent or otherwise
inappropriate' email?

You must not have any real commercial customers, because I would imagine
you would be a prime target for lawsuits for losing emails like this, as
it would only be a matter of time before it was something important sent
by someone important to someone else important.

That said, I do have an email template I send to our users regularly
explaining why/how email should never be considered 100% reliable, and
if they ever send an email that has money riding on it being received,
they should follow it up with a phone call to make sure it actually was
received. I guess people like you are one of the reasons I have that
template and need to send it out on occasion.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543d116c.6020...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 10:15 AM, Chris Bannister cbannis...@slingshot.co.nz wrote:
 On Tue, Oct 14, 2014 at 08:05:00AM -0400, Tanstaafl wrote:
 To bounce all of those invalid addresses not only would further
 increase the amount of junk on the internet,

 That is pure and absolute nonsense. The vast majority of spam comes from
 botnets, and *rejecting* garbage from these results in ZERO additional
 smtp traffic.

 Are you confusing drop and reject? Doesn't a reject send a response
 back, ie traffic, whereas a drop doesn't?

No. An SMTP REJECT does not 'send' any additional traffic. It simply
closes the connection with the appropriate 'response code', generally a
55# code.

It then falls to the sending server to inform the sender of the 'failure
to communicate' - which, if the sender is a botnet, won't happen.

Rejecting will actually *reduce* traffic, because it doesn't accept the
entire messages, it slams the door at the RCPT-TO stage.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543d37c5.2070...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 10:52 AM, Jonathan Dowland j...@debian.org wrote:
 On Tue, Oct 14, 2014 at 10:48:38AM -0400, Tanstaafl wrote:
 Rejecting will actually *reduce* traffic, because it doesn't accept the
 entire messages, it slams the door at the RCPT-TO stage.

 Rejection can happen after the DATA phase as well. It's better if spam can be
 identified and rejected before this phase, for the reasons you have 
 identified;
 but it isn't always possible.

Well... a message can be rejected up to the END of the data phase - but,
yes, if you have a pre-queue content filer, you can certainly end up
rejecting something after receiving 99% of the data.

However, once a message has been accepted - ie, *after* the DATA phase
is complete, it should never be bounced, it should be delivered - or,
worse, quarantined, or worst case, deleted (ie, itf it is later found to
contain a malicious payload).

But I was speaking mainly toward the botnet junk that postscreen is so
good at rejecting now, and that is the vast majority...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543d4025.2010...@libertytrek.org

Re: piece of mind (Re: Moderated posts?)

[Tanstaafl]

On 10/14/2014 11:09 AM, Ansgar Burchardt ans...@43-1.org wrote:
 In a quest to ensure your personal happiness the systemd maintainers
 took your problem and changed udev to assign predictable names to
 network interfaces.

And which resulted in much wailing and gnashing of teeth.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543d40d2.6010...@libertytrek.org

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 11:17 AM, Jerry Stuckle jstuc...@attglobal.net wrote:
 On 10/14/2014 8:05 AM, Tanstaafl wrote:
 If you think I'm kidding, please by all means go make these silly
 statements on the postfix list and I'll just sit and watch the fun.

 You don't read very well.  This has nothing to do with emails to a valid
 address.  A large amount of that spam goes to invalid addresses.  I see
 them go through the logs regularly.

I read fine. The 'silly statements' reference was about your suggestion
that it is in any way shape or form 'ok' to *accept* mail to invalid
recipients then send it to dev/null.

 To bounce all of those invalid addresses not only would further
 increase the amount of junk on the internet,

 That is pure and absolute nonsense. The vast majority of spam comes from
 botnets, and *rejecting* garbage from these results in ZERO additional
 smtp traffic.

 Wrong.  Rejecting garbage sends a message back to the originator,

No, it doesn't. It closes the connection with a response code.

The system that had opened the connection and was attempting to send the
email is the one responsible for 'sending a message back to the originator'.

Well, *if* the system talking to your server is the originating server,
that is.

If, on the other hand, there were relays involvbed, then it would simply
relay the response code back down the chain until it got to the
originating server.

This is very simple to validate. I suggest you do so before compounding
your error in public.

 increasing the traffic.  Simply dropping them, as I do, does not.

Given an identical mail transaction, with an email with a size of 1MB:

If I reject the mail at the RCPT-TO stage, then I only accepted a few
bytes of traffic before terminating the connection with an SMTP response
(error) code. The connecting machine then decides whether to pass the
response back or not (again, a few bytes at most).

If you *accept* the mail, then you accepted the entire 1MB of traffic.

So, who is responsible for more traffic in such a case?

 but by not replying, servers tell the spammers what are valid email
 addresses.

 More nonsense. Security through obscurity *never* works, and only, in
 this case totally breaks SMTP.

 Wrong on two counts.  First of all, the false notion Security through
 obscurity *never* works.  This has nothing to do with security.

You said you were concerned about telling spammers valid emails. Why are
you concerned about that if not from a security perspective?

 And BTW, that statement is also wrong - why do you think people are 
 encouraged to use obscure passwords if it doesn't work? But that's 
 another subject.

Lol! Not even in the same ballpark, Jerry. Passwords, by their very
nature, are intended to be difficult/impossible to 'guess'.

To suggest that this is even in the same universe as 'security through
obscurity' is ludicrous.

 On the second count - please point out exactly which RFC I am violating
 that breaks SMTP.

You don't necessarily need to explictly violate any give RFC to 'break
SMTP', Jerry.

Breaking recipient validation defacto breaks SMTP. It tells the sending
server that everything is OK, when it isn't. It allows someone who

 Finally, as for ...undermine confidence in the reliability of the
 Internet's mail systems... - it hasn't been reliable since spammers
 virtually took over the email.  And even when emails were rejected, it
 still was no indication the recipient got the message.

 Of course it wasn't, but it was certainly a positive indication that the
 recipient did *not* receive it (as long as the sending server is
 properly configured).

 And why should I care if a bot finds out the message has not been received?

No one should. What I do care about is if the President of NBC typos an
email address to our President when sending an important email, I want
him to know the email didn't make it.

 BTW - by definition, any messages to any of the domains I manage without
 a valid email address are seriously fraudulent or otherwise inappropriate.

 Really?
 
 Yes
 
 So when the President/CEO of XYZ Corporation, who does business with a
 customer whose domain happens to be managed by you, accidentally typos
 an email address, you consider that a 'seriously fraudulent or otherwise
 inappropriate' email?

 Yes.

Please explain what is *Seriously Fraudulent* or *otherwise
inappropriate* about a typo in the recipient address of an otherwise
perfectly legitimate email, Jerry.

 Just like a misaddressed letter at the post office. It will not 
 necessarily be returned.

While not a perfect analogy (big difference between totally automated
systems and systems that have imperfect humans (postoffice workers) in
the mix), it is still generally wrong.

I have had more than one letter/package returned because it was
misaddressed in my lifetime - but of course, this does require that you
actually put a valid return address on it. But I guess maybe you are
against that too?

 You must not have any real

Re: Recipient validation - WAS: Re: Moderated posts?

[Tanstaafl]

On 10/14/2014 1:31 PM, Joel Rees joel.r...@gmail.com wrote:
 You're talking past each other.

No, we're not, Jerry is arguing arguing against recipient validation on
mail servers, and I'm correcting some of the bad/mis-information he is
relying on when trying to support his argument.

 Still, the current standard e-mail protocols were never meant to be
 either reliable or secure, and their is a very good reason for that.
 People may not be as reliable as machines in executing protocols, but
 they cannot be 100% reliable, and only people can certify things.

And since neither of us said anything to the contrary, and in fact
admitted pretty much just that, your 'me too!' is duly noted.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543d6850.6040...@libertytrek.org

Re: question about systemd

[Tanstaafl]

On 10/8/2014 10:36 PM, Steve Litt sl...@troubleshooters.com wrote:
 If what you did works for everybody when Jessie goes stable, you've
 just singlehandedly ended this whole argument.

Not really.

Just because it can be done easily now, doesn't mean it will be as easy
- or even possible - a year or more from now - and I think *that* is the
overriding concern of people who express legitimate concerns.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543698cf.9050...@libertytrek.org

Re: lvm: creating a snapshot

[Tanstaafl]

On 10/7/2014 7:09 PM, John Holland jholl...@vin-dit.org wrote:
 The license of ZFS makes it impossible to be part of
 the kernel per se.

I have read multiple threads that explain why this is not true.

don't understand them, wish I did...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/543519d3.2060...@libertytrek.org

Re: Debian nolonger claims to be the Universal Operating System

[Tanstaafl]

On 10/4/2014 6:44 AM, Tom Collins tomcollins...@mail.com wrote:
 and depreciating (as if they have the right to do that) many 
 programs that rely on gtk2 and non-syst__d.

peeve
It is 'deprecating', not 'depreciating' (an accounting term).
/peeve


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/542febaf.3010...@libertytrek.org

Re: Debian nolonger claims to be the Universal Operating System

[Tanstaafl]

On 10/4/2014 9:33 AM, Jeff Bauer jwba...@charter.net wrote:
 Either could be accurately used. To wit:

Maybe in general/non computer terminology, but not in with respect to
computer software...

http://en.wikipedia.org/wiki/Deprecation

http://english.stackexchange.com/questions/45295/why-is-there-confusion-between-depreciated-and-deprecated

But whatever twists your knickers...


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/542ffe93.9080...@libertytrek.org