Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 04:22:49PM -0400, Derek Martin wrote: There are, of course, those viruses which send themselves to everyone in your address book, and use your ISP's servers to send the mail. None of these schemes (including blocking the IP addresses of dynamic customers) do anything to solve that problem. As such, I'll exclude that class of compromises from the rest of the discussion. I'm just concerned that if we settle on SPF/DomainKeys/whatever and it gains wide-spread adoption, then we'll see spammers adopt the technique of utilizing a compromised machine's configuration to send mail. I suppose at least then the spammer will clearly be breaking the law. Unless, I suppose, they try to hide themselves behind a EULA on some time of Adware/Spyware type program. -- Bob ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
Cc: "Steven W. Orr" <[EMAIL PROTECTED]>, gnhlug-discuss@mail.gnhlug.org From: Paul Lussier <[EMAIL PROTECTED]> Date: Fri, 08 Apr 2005 09:49:19 -0400 Sure, because I'm on their wire, they can obviously find out some level of information about me. But by me relaying through their servers, I make it really easy for them. If you're just using their wire, your traffic is going by them at the network level. Using their mailserver, you're "advertising" that traffic up at the protocol level. So, it's more conspicuous to boot. Mail servers are also likely to be configured to log (or even archive) by default. By comparison, it is less likely that an ISP will have a network analyzer or packet logger on your line. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
From: Derek Martin <[EMAIL PROTECTED]> Cc: Bob Bell <[EMAIL PROTECTED]> Date: Fri, 8 Apr 2005 16:22:49 -0400 Ultimately, as I've said many times before, there is no method of fighting spam which will be truly effective. The best you can do is let the client deal with it by running spamassassin or similar. The Just require every inbound message to AUTH with your mail server. When someone spams you, deauth their account. Spam problem solved. :) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 05:47:47PM -0400, Kevin D. Clark wrote: > If I decide to send out bulk email urging people to buy Coca-Cola, who > is at fault, me or the executives at Coke? Let's say that I have > nothing whatsoever to do with Coke. OK I get it... I was being dense bot I got it now. ;-) -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpzXFn5lsIyw.pgp Description: PGP signature
Re: I find this *really* annoying
Derek Martin <[EMAIL PROTECTED]> writes: > Ah, right. THAT's what I meant. ;-) The person who is selling > whatever's being sold in the spam... including figurative uses of the > word "sell" in the case that nothing is directly being sold for > money. If I decide to send out bulk email urging people to buy Coca-Cola, who is at fault, me or the executives at Coke? Let's say that I have nothing whatsoever to do with Coke. Now what happens if it so happens that I work for the PepsiCo? Like I said before, the offender is the group or individual who causes the spam to be sent, not necessarily the company whose products are "advertised". --kevin -- GnuPG ID: B280F24E And the madness of the crowd alumni.unh.edu!kdc Is an epileptic fit -- Tom Waits ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 05:18:07PM -0400, Derek Martin wrote: > On Fri, Apr 08, 2005 at 05:10:17PM -0400, Kevin D. Clark wrote: > > > Note that what I meant to say here was that the OFFENDER should be > > > considered the COMPANY whose PRODUCTS are being advertised. > > > > No, the offender is the group or individual who causes the spam to be > > sent, not necessarily the company whose products are "advertised". > > Ah, right. THAT's what I meant. ;-) The person who is selling > whatever's being sold in the spam... including figurative uses of the > word "sell" in the case that nothing is directly being sold for > money. The person who is selling whatever is being sold in the spam is not neccesarily the one who caused it to be sent: if a law like that passed, competitors would pay spammers to spam the opponents products so they would get in legal trouble. (This may happen now: Spamming companies hardly get the best in public opinion - but I don't know about it personally.) -- Christopher Schmidt signature.asc Description: Digital signature
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 05:10:17PM -0400, Kevin D. Clark wrote: > > Note that what I meant to say here was that the OFFENDER should be > > considered the COMPANY whose PRODUCTS are being advertised. > > No, the offender is the group or individual who causes the spam to be > sent, not necessarily the company whose products are "advertised". Ah, right. THAT's what I meant. ;-) The person who is selling whatever's being sold in the spam... including figurative uses of the word "sell" in the case that nothing is directly being sold for money. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpebH54Z9XEp.pgp Description: PGP signature
Re: I find this *really* annoying
Derek Martin <[EMAIL PROTECTED]> writes: > On Fri, Apr 08, 2005 at 04:22:49PM -0400, Derek Martin wrote: >> only way to put a stop to the spam problem is to make it unprofitable >> for the so-called "advertiser", by fining offenders a substantial amt. >> per individual spam message, and jail time for people who facilitate >> spam. > > Note that what I meant to say here was that the OFFENDER should be > considered the COMPANY whose PRODUCTS are being advertised. No, the offender is the group or individual who causes the spam to be sent, not necessarily the company whose products are "advertised". --kevin -- GnuPG ID: B280F24E And the madness of the crowd alumni.unh.edu!kdc Is an epileptic fit -- Tom Waits ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 04:22:49PM -0400, Derek Martin wrote: > only way to put a stop to the spam problem is to make it unprofitable > for the so-called "advertiser", by fining offenders a substantial amt. > per individual spam message, and jail time for people who facilitate > spam. Note that what I meant to say here was that the OFFENDER should be considered the COMPANY whose PRODUCTS are being advertised. -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpBbFkMBZRtA.pgp Description: PGP signature
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 03:18:23PM -0400, Bob Bell wrote: > Isn't this scheme somewhat similar to SPF or DomainKeys? At least to > the degree that it attempts to validate the domain of the sender? Yes. It's been a while since I looked at either, so I'm not sure about specific similarities and differences, but the ideas are pretty similar. I seem to recall that SPF has some serious limitations, but I can't recall what those might be (though I suspect searching for "problems with spf" or "spf limitations" would turn something useful up). I never really looked into DomainKeys in detail, but it probably works more or less like I described. > How would this work with all the compromised Windows machines out > there? Couldn't a spammer use such a network of compromised > machines to send out emails through Outlook, etc.? (This appears to > be a problem with most anti-spam approaches) There are, of course, those viruses which send themselves to everyone in your address book, and use your ISP's servers to send the mail. None of these schemes (including blocking the IP addresses of dynamic customers) do anything to solve that problem. As such, I'll exclude that class of compromises from the rest of the discussion. Aside from those, AFAIK, compromised windows systems don't generally use Outlook, they usually come with a small, basic smtp engine bundled into the malware. I suspect they do it because sending lots of spam through your ISP's servers is likely to get your account terminated, shutting down that channel for delivering spam. Blocking mail from these nodes might help, but probably not... At least not for long. As more and more ISPs block these addresses, the spammers will simply find other attack vectors. They always do. These could include setting up new, temporary open relays, attacking valid servers, etc. Ultimately, as I've said many times before, there is no method of fighting spam which will be truly effective. The best you can do is let the client deal with it by running spamassassin or similar. The only way to put a stop to the spam problem is to make it unprofitable for the so-called "advertiser", by fining offenders a substantial amt. per individual spam message, and jail time for people who facilitate spam. But GW made sure that'll never happen with the bogus anti-spam bill... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpwkrwEaAtK6.pgp Description: PGP signature
Re: I find this *really* annoying
On Thu, Apr 07, 2005 at 10:53:46PM -0400, Derek Martin wrote: The point is that you can block known spammers based on their domain, without needlessly penalizing the innocent. Reject if: 1) the message is not signed with the domain's published key 2) the signature matches, but the domain is a known spammer 3) there is no published key Otherwise accept. It would work like current RBLs work, except that you have pretty solid proof that the sender is or isn't coming from where they say they are. It adds documentable accountability. Isn't this scheme somewhat similar to SPF or DomainKeys? At least to the degree that it attempts to validate the domain of the sender? How would this work with all the compromised Windows machines out there? Couldn't a spammer use such a network of compromised machines to send out emails through Outlook, etc.? (This appears to be a problem with most anti-spam approaches) -- Bob ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
On Apr 7, 2005, at 22:53, Derek Martin wrote: Reject if: 1) the message is not signed with the domain's published key 2) the signature matches, but the domain is a known spammer 3) there is no published key Otherwise accept. How does this work in a world with $5 domains? If I were a spammer I could probably afford a new one every day. -Bill - Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 [EMAIL PROTECTED] Mobile: 603.252.2606 http://www.bfccomputing.com/Pager: 603.442.1833 AIM: wpmcgonigleSkype: bill_mcgonigle ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dereferencing links
On Friday, Apr 8th 2005 at 10:48 -0400, quoth Jim Kuzdrall: =>Is there a command line function to collapse a group of symbolic =>links, replacing them with the files they reference? => =>I tried: (cd /dir1 ; tar cf - .) | (cd /dir2 ; tar xf -) => =>But, it copied the files as links. It is not too hard to write a =>script to do it, but all too often I discover something already exists. => =>Jim Kuzdrall Not what you're looking for, but this is the exact opposite: find dir1 -print | cpio -pdvlum dir2 This will create hardlinks within a filesystem. -- Time flies like the wind. Fruit flies like a banana. Stranger things have .0. happened but none stranger than this. Does your driver's license say Organ ..0 Donor?Black holes are where God divided by zero. Listen to me! We are all- 000 individuals! What if this weren't a hypothetical question? steveo at syslang.net ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dereferencing links
Sorry, I should have experimented more. cp does what I want done. On Friday 08 April 2005 10:48 am, you wrote: > Is there a command line function to collapse a group of symbolic > links, replacing them with the files they reference? > > I tried: (cd /dir1 ; tar cf - .) | (cd /dir2 ; tar xf -) > > But, it copied the files as links. It is not too hard to write a > script to do it, but all too often I discover something already > exists. > > Jim Kuzdrall > > > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Dereferencing links
Jim Kuzdrall writes:
> Is there a command line function to collapse a group of symbolic
> links, replacing them with the files they reference?
Older editions of the _Programming Perl_ book come with the program
"sl" (for "show links"). Either this does what you want or else it
should be easy to modify this to get what you want.
$ sl /dev/mouse
/dev/mouse:
/dev/mouse -> input/mice
input/mice
Regards,
--kevin
--
GnuPG ID: B280F24E And the madness of the crowd
alumni.unh.edu!kdc Is an epileptic fit
-- Tom Waits
#!/usr/bin/perl
die "Usage: sl [filenames]\n" unless @ARGV;
# Preliminaries.
$| = 1;
chop($cwd = `pwd`) || die "Can't find current directory: $!\n"
if @ARGV > 1;
print "\n";
# Do each name.
foreach $name (@ARGV) {
@indent = ();
print "$name:\n";
@path = split(m;/;, $name);
# Make an absolute path relative to /.
if (@path && $path[0] eq '') {
chdir '/';
shift @path;
print '/';
$indent = 1;
}
# Now follow the subdirectories and links.
while (@path) {
$elem = shift @path;
$new = readlink($elem);
if (defined $new) { # A symbolic link.
print "$elem -> $new\n";
$new =~ s!^\./!!;
# Prepend symbolic link to rest of path.
unshift(@path,split(m;/;, $new));
# Deal with special cases.
if (@path && $path[0] eq '') {
# Absolute path starts over.
chdir '/';
shift @path;
print '/';
$indent = 1;
@indents = ();
next;
}
# Back up the tree as necessary.
while (@indents && $path[0] eq '..') {
$indent = pop(@indents);
chdir '..'
|| die "\n\nCan't cd to ..: $!\n";
shift @path;
}
print "\t" x ($indent / 8), ' ' x ($indent % 8);
}
else { # An ordinary directory.
print $elem;
push(@indents,$indent);
$indent += length($elem) + 1;
if (@path) {
print '/';
chdir $elem
|| die "\n\nCan't cd to $elem: $!\n";
}
}
}
print "\n\n";
$indent = 0;
chdir $cwd || die "Can't cd back: $!\n" if $cwd ne '';
}
Re: Dereferencing links
On Fri, Apr 08, 2005 at 10:48:50AM -0400, Jim Kuzdrall wrote: > Is there a command line function to collapse a group of symbolic > links, replacing them with the files they reference? > > I tried: (cd /dir1 ; tar cf - .) | (cd /dir2 ; tar xf -) You need the -h option to tar. See the man page... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpQ7bSOTZC4z.pgp Description: PGP signature
Re: Dereferencing links
When you say this: tar --help ...it tells you about --dereference (and a lot of other stuff, too) ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Dereferencing links
Is there a command line function to collapse a group of symbolic links, replacing them with the files they reference? I tried: (cd /dir1 ; tar cf - .) | (cd /dir2 ; tar xf -) But, it copied the files as links. It is not too hard to write a script to do it, but all too often I discover something already exists. Jim Kuzdrall ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
Travis Roy wrote: Where did he say that he did not have business class? I had business class DSL and my IP range was still considered within a "dynamic" pool. One of my clients has a T1, with a bunch of static IPs. They sublet their connection to building tenants. They've had it for some years. RCN considers all of them dynamic IPs. Despite letters from the ISP providing the T1 that these are static IPs, they refuse to change the designation, nor to even explain it, other than "all these IPs are dynamic and we block all dynamic IPs." They also classify one colo server I administer as dynamic too. -- Dan Jenkins ([EMAIL PROTECTED]) Rastech Inc. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
On Fri, Apr 08, 2005 at 09:25:58AM -0400, Travis Roy wrote: > Since you are sending your email through their network, couldn't they > find out this information anyway? How does not using their mail server > prevent them from seeing the info you listed there? Not necessarily. Paul and I both run Sendmail, which is capable of doing all its transactions in an encrypted session via SSL (or TLS, or whatever it's called today)... -- Derek D. Martinhttp://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers. pgpqCdHO9xLjl.pgp Description: PGP signature
Re: I find this *really* annoying
Travis Roy <[EMAIL PROTECTED]> writes: >>But they have no need to know: >> >> - to whom I send e-mail >> - when I send e-mail >> - from where I send e-mail > > Since you are sending your email through their network, couldn't they > find out this information anyway? How does not using their mail server > prevent them from seeing the info you listed there? I didn't say they couldn't find out, but it's a lot harder for them to sniff the network and separate my traffic from everyone elses just to discern this information. Contrast this amount of effort with some random ISP employee who for some reason comes across my name, figures out I'm a customer of theirs, and then decides to "browse" mail server logs where every transaction is logged. Or, say the marketing/sales group who wants to gather customer stats by culling their mail server logs for "interesting" data and trends. Sure, because I'm on their wire, they can obviously find out some level of information about me. But by me relaying through their servers, I make it really easy for them. Btw, by NOT relaying through their servers, I'm saving them money, they ought to thank me for that, all of their customers should be so accomodating :) -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Duplicate/unique SSH key-pairs for multiple clients?
On Apr 7, 2005, at 4:17 PM, Cole Tuininga wrote: I'm just looking for a little bit of clarification here. Are the laptops being used as clients to connect to remote systems? Hi, Cole: To clarify: when I am logged in to my machine at home, I use ssh-agent to load my keypairs into memory so I don't have to use individual passwords with each remote machine I log into. Loading the keys into memory requires a passphrase. One it is loaded, typing ssh [EMAIL PROTECTED] will connect me to their site without requiring me to provide an additional password. The advantage of this is obvious for cron jobs that have no user input. In other words, you're logging in to servers from the laptop(s) without requiring keyboard input (specifically, passwords)? You know, when you put it that way, it doesn't sound quite as sensible. Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
But they have no need to know: - to whom I send e-mail - when I send e-mail - from where I send e-mail Since you are sending your email through their network, couldn't they find out this information anyway? How does not using their mail server prevent them from seeing the info you listed there? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: I find this *really* annoying
"Steven W. Orr" <[EMAIL PROTECTED]> writes: > I just read your message and all the other replys that sprang forth. > > I am running a sendmail server off my cablemodem as well. Anytime I get a > message delivery failure because of reason of coming from a dynamic > address pool, I just add them to my mailertable and rebuild. Here's my > mailertable: Of course I can do that. The point is *I DON'T WANT TO HAVE TO!*. I don't want my mail getting relayed through my ISP. My e-mail is none of their business (unless, perhaps, it negatively impacts their business:) But they have no need to know: - to whom I send e-mail - when I send e-mail - from where I send e-mail Or any of the other things one can discern simply by watching mail traffic logs (not to mention what they could learn by actually reading the mail content itself!) If I want to send e-mail to Derek, and I know he runs his own domain, why should my e-mail go from my mail server, through who knows how many other relays, and eventually to Derek's, when my mail server can speak directly with his? Replace Derek with any one else who runs a domain and mail server for it. For example, GNHLUG? I don't want to have to: - watch for bounces for every e-mail I sent - update my mailertable for every freaking domain I attempt to send to - restart my MTA (or at least have re-read the mailertable) after updating it - re-send my e-mail for every freaking domain I attempt to send to but which bounced, and for which I just updated my mailertable - and hope I don't have to go back to step one because somethiing else is now wrong. I have 2 choices, I can "suck it up" and play that game, or I can just not send e-mail to those domains blocking me due to stupidity. In *nost cases* I've found that I really don't care enough about those people for which my mail bounces to play that game. Ben happens to fall into that category. Not that I don't care about Ben, but almost no mail I have ever sent, or will ever send to Ben is that important. Therefore, I'll likely see the bounce, get annoyed, and move on with my life. Fortunately, most of the mail lists I'm on are run by admins who seem to either have a clue, or at least have not yet decided to implement RBLs like SORBS :) -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Duplicate/unique SSH key-pairs for multiple clients?
On Apr 7, 2005 3:05 PM, Ted Roche <[EMAIL PROTECTED]> wrote: > question: should I copy my public/private key-pair from the desktop to > matching directories on the laptops? I'm not inclined to, because of > the greater risk of the laptops being stolen while I'm on the road. > Physical possession of the device would let anyone with Knoppix read > the directories and lift my keys. So, I'm thinking that I need separate > sets of keys on each machine so that if one is lost, I can remove the > public key from all of the remote machines. > > It seems that I have to duplicate my work on each machine, a fairly > trivial task of key generation and then distribution to each server. Is > there a better way? Encrypted filesystems can help. A long passphrase will provide better protection (you are using a passphrase in this case?). If you don't want to encrypt your whole $HOME, how about a floppy or USB key that you carry with you and keep encrypted with the keys on it? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: Need help with PHP
On Thursday 07 April 2005 06:24 am, Neil Joseph Schelly wrote: >> What type of database are you using? Did you give that user permissions to >> use that database? If using MySQL, let me suggest installing phpmysql for >> administering it. It will make this stuff a lot easier if you're not too >Where do I get phpmysql? >I can't find a single reference to it. My mistake - I was referring to phpMyAdmin. -N ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
