x/kernel/git/torvalds/linux.git/commit/?id=083ae308280d13d187512b9babe3454342a7987e)
toward that end has been merged as well.
The fix has not made it to the stable kernels yet [...].
--
Cheers, Grossman's Law: "In time of crisis, people do not rise to
Rick Moen the occasion. They fall
well...
> seriously?
The Internet famously contains people who, um, think different. Have a
look at this gentleman's Twitter stream, for context.
https://twitter.com/cvaillance
--
Cheers,"Why struggle to open a door between us,
Rick Moen
Quoting E Frank Ball III (fra...@efball.com):
> Last fall there was a debian 64-bit / nginx rootkit going around,
> now I've been hit with what sounds similar but on 32-bit wheezy.
I hope you're aware that -- at least in the standard usage of the word
'rootkit' -- a rootkit doesn't 'go around', b
bnotes:
http://lwn.net/Articles/282038/
http://www.links.org/?p=327
http://www.links.org/?p=328
--
Cheers, Actually, time flies hate a banana.
Rick Moen-- Micah Joel
r...@linuxmafia.com
McQ! (4x80)
--
T
Quoting Volker Birk (v...@pibit.ch):
> Really?
>
> How do you detect, if maintainer's patches contain backdoors? If I would
> want to attack Debian, I would try to become the maintainer of one of
> the most harmless, most used packages. And believe me, you wouldn't see
> at the first glance, that
Quoting Jutta Zalud (j...@netzwerklabor.at):
> Sounds fine. Was maybe reality ten or fifteen years ago. Nowadays
> ninetysomething percent of all people who are running some kind of *ix
> have just downloaded and installed Ubuntu or Mint or Debian or some
> other easy to install distribution (myse
Quoting Laurentiu Pancescu (lpance...@googlemail.com):
> I was wondering if we're not losing perspective of what is realistic
> in a certain situation, especially for people without previous
> experience in handling such attacks and whose job is not necessarily
> a full-time system administrator.
Quoting Naja Melan (najame...@gmail.com):
> Some weeks ago I decided to have a look at debian and quite soon ran into
> questions and problems considering the security of debian. I would like to
> share some of those questions, remarks in this mail in the hope of
> stimulating a discussion[...]
I
Quoting john (lists.j...@gmail.com):
> I see that there is another null pointer dereference flaw being talked about.
> http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/
>
> It looks like we can take step in Debian 5.0 to mitigate this threat by
> setting
> echvm.mmap_min_addr =
Quoting Mark (m...@freedomisnothingtofear.com):
> Have a look at anything that uses OTR:
>
> [m...@resolve ~]% apt-cache search Off-The-Record
> irssi-plugin-otr - Off-the-Record Messaging Plugin for Irssi
> libotr2 - Off-the-Record Messaging library
> libotr2-bin - toolkit for Off-the-Record Me
al poster is seeking.)
--
Cheers, Notice: The value of your Hofstadter's Constant
Rick Moen(the average amount of time you spend each month
r...@linuxmafia.com thinking about Hofstadter's Constant) has just
McQ! (4x80)
earch/comedy -- yes, it really was both at the same time -- on this
subject: http://www.linux.com/articles/42031
--
Cheers, Crypto lets someone say "Hi! I absolutely definitely have
Rick Moena name somewhat like the name of a large familiar
r...@linuxmafia.com
Quoting Vincent Deffontaines ([EMAIL PROTECTED]):
> No I confirm NAT source port randomization was included in 2.6.21 as far
> as Netfilter NAT is concerned.
> Commit is :
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=41f4689a7c8cd76b77864461b3c58fde8f322b2c
>
> Th
Quoting Vincent Deffontaines ([EMAIL PROTECTED]):
> And the Linux kernel (Netfilter) implements NAT source port randomization
> since 2.6.21, which can make it a conveninent way to protect your natted
> hosts without any patching.
>
> See http://software.inl.fr/trac/wiki/contribs/RandomSkype for
Quoting Hideki Yamane ([EMAIL PROTECTED]):
> I want to know that, too.
> Should ALL systems (servers or desktops/laptops) need to be installed
> and configure bind9 (or something) package, or need to wait for update?
My own preference is, indeed, to have one of the following as a local
recursi
Quoting Stephen Vaughan ([EMAIL PROTECTED]):
> Does anyone know if TinyDNS is vulnerable to the dns cache poisoning
> exploit?
The Kaminsky-publicised attack method applies _only_ to caching
recursive-resolver nameservers: tinydns is an authoritative-only DNS
daemon, not a recursive resolver.
Quoting Richard Hartmann ([EMAIL PROTECTED]):
> http://www.unicom.com/pw/reply-to-harmful.html vs
> http://www.metasystema.net/essays/reply-to.mhtml
...was obsoleted by RFCs 2822 and 2369: Munging lost.
http://linuxmafia.com/~rick/faq/index.php?page=netiquette#replyto
--
To UNSUBSCRIBE, email
Quoting Florian Weimer ([EMAIL PROTECTED]):
> lwresd is far less-tested than BIND, and tweaking the NSS configuration
> is something few people like to do.
Incidentally, the documentation for nss_lwres suggests the following
entry in /etc/nsswitch.conf, for Linux systems installing lwresd:
"hosts
Quoting Hubert Chathi ([EMAIL PROTECTED]):
> I'm really more concerned about the fact that it's orphaned. And it
> appears to be unmaintained upstream (last release in 2001, and
> upstream moved it from the "releases" directory to the "old-releases"
> directory).
Point taken. I assume you are r
Quoting Hubert Chathi ([EMAIL PROTECTED]):
> Hmm... libnss-lwres is orphaned (#475089), and is uninstallable on sid.
I'll bet the version of the missing dependency package (liblwres30) in
lenny would suffice.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Troubl
Quoting Wolfgang Jeltsch ([EMAIL PROTECTED]):
> Am Mittwoch, 9. Juli 2008 20:51 schrieb Noah Meyerhans:
>
> > > I suggest that you install bind9,
>
> How do I tell bind9 what DNS servers to ask? Is this also done by
> resolv.conf? If yes, named would ask itself if 127.0.0.1 is the first entry.
Quoting Josip Rodin ([EMAIL PROTECTED]):
> Why is this phrased in a way that it prefers BIND as a recursive resolver,
> when that same software was *only just* patched to be acceptable for the
> same purpose?
Although I'm not much of a BIND9 fan -- it remains RAM-hogging, slow,
overfeatured, and
t /etc/{issue|issue.net} to make the system
claim to be a Super Nintendo, just for laughs.
--
Cheers, "Entia non sunt multiplicanta praeter necessitatem."
Rick Moen -- William of Ockham (attr.)
[EMAIL PROTECTED]
--
To UNSUBSCRIBE,
Quoting Yves-Alexis Perez ([EMAIL PROTECTED]):
> But CC-BY-NC is not considered
> DFSG-free so it may be an issue (see
> http://people.debian.org/~evan/ccsummary.html)
It is considered DFSG-non-free by some number of (not identified) members
of the public mailing list debian-legal, as summarised
= On
error_log = syslog
display_errors = Off
--
Cheers, I have /usr/sbin/coffee mounted from /dev/mug right now,
Rick Moen and you can't have it. Oh no, I just tried to seek past
[EMAIL PROTECTED] end-of-beverage. *sigh* -- Graham Reed, in The Monastery
--
T
Quoting Raphael Geissert ([EMAIL PROTECTED]):
> include()? I don't want to imagine how many scripts will break.
Good catch. (It was very late in my time zone. I need to review that
list.)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL P
Quoting Javier Fernandez-Sanguino ([EMAIL PROTECTED]):
> Even better: /usr/share/doc/php5-common/examples/php.ini-paranoid
> (it includes some more functions in that definition)
Excellent. Amended to:
disable_functions = dl, phpinfo, system, mail, include, shell_exec, exec,
escapeshellarg, esc
Quoting Luis Mondesi ([EMAIL PROTECTED]):
> It's time to tell PHP (via php.ini) not to allow any of those
> functions that allow executing stuff from the system (system,
> passthru, whatever).
Amen to that. Good starting point:
disable_functions = system, exec, passthru, popen, escapeshellcmd,
Quoting Michelle Konzack ([EMAIL PROTECTED]):
> How can this happen?
> I was never hacked since 1999-03...
One way:
"Break-in without Remote Exploit" on http://linuxmafia.com/kb/Security
(***cough*** shells.sourceforge.net ***cough***)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subj
Quoting Russ Allbery ([EMAIL PROTECTED]):
> Yup. IDS systems are wonderful. But they do require discipline.
Indeed. I'd still like to see a trial project, to see _if_ a default IDS
setup (Samhain, AIDE, or Prelude-IDS) can be made to be generally useful.
(Yeah, I know: "Sooner if you help."
ian-relevant way. All hail to the Debian Project's sysadmins, who
in November 2003 showed everyone how to do it right:
http://linuxgazette.net/issue98/moen.html
--
Cheers,English is essentially a text parser's way of getting
Rick Moen faster processors built.
[E
al extremities
with those, without any idea what they're doing, is a leading cause of
networking problems.
--
Cheers, English is essentially Plattdeutsch as spoken
Rick Moenby a Frisian pretending to be French.
[EMAIL PROTECTED] -- Andreas Johansson, http://c
ogies for my misrecollection.
--
Cheers,
Rick Moen "Anger makes dull men witty, but it keeps them poor."
[EMAIL PROTECTED] -- Elizabeth Tudor
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubs
Quoting aliban ([EMAIL PROTECTED]):
> MS Blaster infected many million system within seconds...
Relying on the vulnerable MSDE embedded SQL database engine being
embedded into a large number of consumer software products, and
irresponsibly left bound to all network ports, not just loopback.
Don'
Quoting kevin bailey ([EMAIL PROTECTED]):
> } 21/tcp open ftp
>
> Off. Security hole if passwords are sent, they aren't encrypted.
Even in deployments where the only login supported is "anonymous"? ;->
P.S.: http://linuxmafia.com/faq/Network_Other/ftp-justification.html
--
To UNSUBSCR
and on a dedicated filesystem, on the backup target host.)
Details:
"SSH Public-key Process" on http://linuxmafia.com/kb/Security/
--
Cheers,
Rick Moen "Anger makes dull men witty, but it keeps them poor."
[EMAIL PROTECTED]
Quoting Geoff Crompton ([EMAIL PROTECTED]):
> The most recent vulnerability that I was aware of in Awstats can still
> work even in static mode. http://www.securityfocus.com/bid/14525. The
> referrer in the log file is not sanity checked.
Hmm. I note: "It should be noted this vulnerability is o
nly run required services - and check them closely - and don't
> rely on your distro to incorporate every single security patch required for
> your server.
Right, and remember that the health inspectors can't guarantee every
oyster -- and that fugu from a reputable restaurant can stil
ious.
That would probably be Ramen, a January 2001 worm that attacks an
rpc.statd bug fixed in summer 2000, plus attacking input validation
bugs in wu-ftpd v. 2.6 and earlier and LPRng versions earlier than Aug.
2000.
--
Cheers,
Rick Moen Support your local medical examine
Quoting George P Boutwell ([EMAIL PROTECTED]):
> The Security Debian How-To mentions Tripwire. Looking at AIDE and
> Tripwire in the debian packages repositories it's hard to tell the
> difference. I'm sure they both do the job, anyone with experience
> with both these packages can describe some
Quoting Edward Faulkner ([EMAIL PROTECTED]):
> I do the same thing with my passwords, but that doesn't quite answer
> the question. Radu wants a place to keep GPG keys safe - not just
> their passwords.
Yes, good point.
I don't have a good answer to Radu's situation other than don't use the
pas
Quoting Radu Spineanu ([EMAIL PROTECTED]):
> Has anyone heard of an implementation, or at least a whitepaper related
> to creating some kind of secure zone where i can keep these keys ?
Mine is called a PalmPilot with Keyring (3DES password store) installed,
where I'm careful about what I install
Quoting Harald Krammer ([EMAIL PROTECTED]):
> I saw in Debian the package kernel-patch-grsecurity2. My questions is,
> is this patch always up-to date or is it necessary to track all security
> issue for grsecurity without DSA messages ?
You can check here:
http://packages.qa.debian.org/k/kernel-
Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]):
> I like using non-modular kernels to prevent LKMs
http://www.phrack.org/phrack/58/p58-0x07
In this paper, we will discuss way of abusing the Linux kernel
(syscalls mostly) without help of module support or System.map at all,
so that we assume
Quoting David Mandelberg ([EMAIL PROTECTED]):
> You also asked a question about something I didn't say (I said that
> the person had to open it).
Actually, no, you didn't. (Presumably you intended to, though.)
Your question spoke of "opening" a particularly-named attachment: You
left unstated
Quoting Florian Weimer ([EMAIL PROTECTED]):
> mutt and Gnus are, in typical configurations. Most distributions
> kindly add all these helpful mailcap entries.
Perhaps you need assistance comprehending the word "specific" (used
twice in my question)? I await with interest your achieving that
rar
ain to the original poster, get a better MUA, running on a
> better OS.
Quite.
--
Cheers, Hardware: The part you kick.
Rick MoenSoftware: The part you boot.
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL
lease"
mutt extension. Maybe someone can file an ITP for it, as package mutt-fod
(for Friends of Darwin). ;->
--
Cheers, Hardware: The part you kick.
Rick MoenSoftware: The part you boot.
[EMAIL PROTECTED]
--
T
Quoting David Mandelberg ([EMAIL PROTECTED]):
> Attached.
>
> Save to your GNOME/KDE desktop (like many newbies do) and double click
> the new icon. .desktop files (currently) don't need the x bit set to
> work, so no chmod'ing is necessary.
I'm sorry, but the question was:
Please advise this
Quoting David Mandelberg ([EMAIL PROTECTED]):
> Do you mean to say that opening "message.txt\t\t\t.desktop" which
> happens to be a freedesktop.org compliant launcher for the program "rm
> -rf $HOME" is safe because it's designed for people running one of the
> F/OSS products GNOME or KDE on a F/O
of version numbers, then it is making a common
elementary error.
> At last there was this error messages:
>
> Incorrect MD5 checksums: 6
Which ones? And on what basis is it saying they're incorrect? You
don't say.
--
Cheers, There are 10 kinds of people in the
--
Cheers, The Viking's Reminder:
Rick Moen Pillage first, _then_ burn.
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
g at your own feet.
--
Cheers,
Rick Moen This .signature intentionally left blank.
[EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Quoting Jan Minar ([EMAIL PROTECTED]):
> Unfortunately, scp requires a shell access
http://www.sublimation.org/scponly/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
led with a 23,000 volt line, today. The results
Rick Moen blacked out 1400 homes and, of course, one raccoon."
[EMAIL PROTECTED] -- Steel City News
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Quoting Richard A Nelson ([EMAIL PROTECTED]):
[Snip MVS mainframe priesthood standing in way of OpenSSH installation.]
> I typically use cygwin on *MY* laptop, but when away from that -
> I try not to install random software on other's boxen
The usual remedy is to pull down putty.exe (tiny) and
he cynics among us might say: "We laugh,
Rick Moen monkeyboys -- Linux IS the mainstream UNIX now!
[EMAIL PROTECTED] MuaHaHaHa!" but that would be rude. -- Jim Dennis
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Quoting James Renken ([EMAIL PROTECTED]):
> Agreed - but some of my customers, even after I've pointed out the risks,
> just don't want to go through the trouble of changing from their preferred
> Telnet programs.
ObNivenAndPournelle: "Think of it as evolution in action.
Quoting Florian Weimer ([EMAIL PROTECTED]):
> I once worked on an OpenPGP implementation vulnerability matrix, but
> this topic isn't very interesting anymore. For me at least, there's
> just GnuPG.
Just out of curiosity, are there now, or have there been in the past,
any _other_ implementations
Quoting Florian Weimer ([EMAIL PROTECTED]):
> * Henrique de Moraes Holschuh:
>
> >> Why non-free? The code is available under a DFSG-free copyright
> >> license.
> >
> > The one I have here isn't, but if you have one that is entirely DFSG-free,
> > that's much better.
>
> An older version is ava
--
Cheers, Founding member of the Hyphenation Society, a grassroots-based,
Rick Moen not-for-profit, locally-owned-and-operated, cooperatively-managed,
[EMAIL PROTECTED] modern-American-English-usage-improvement association.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
lingering IDEA problem (limiting only compatiblity with
some PGP 2.x users) are all I'm aware of. PGPi, unlike GnuPG, _does_
include IDEA code by default.
--
Cheers,There are only 10 types of people in this world --
Rick Moen those who understand binary arithmetic and
NAI decided they liked Changelogs).
--
Cheers, "That scruffy beard... those suspenders... that smug ex-
Rick Moen pression You're one of those condescending Unix users!"
[EMAIL PROTECTED] "Here's a nickel, kid. Get yourself a real computer."
w if xpdf takes (or can be made to
take) the same sort of precautions? After all, a PDF is basically just
a PS file, so I imagine the same sorts of attack are possible.
A run through the manpage was unenlightening.
(Ah, I see Kevin has the same concern.)
--
Cheers,
Rick Moen
Knoppix at any given point appears to be not-quite-sid, with maybe 10%
stable and 10% Something Else Entirely. (I applaud your enthusiasm, and
don't mean to denigrate what you're using. I'm just trying to describe
it accurately.)
--
Cheers, Founding member of the Hyphena
e oversight works for that sysadmin's local system. Caveat
user.
--
Cheers, "Transported to a surreal landscape, a young girl kills the first
Rick Moen woman she meets, and then teams up with three complete strangers
[EMAIL PROTECTED] to kill again." -- Rick P
Quoting Russell Coker ([EMAIL PROTECTED]):
> Some of the anti-spam people are very enthusiastic about their work. I
> wouldn't be surprised if someone writes a bot to deal with CR systems.
A bot to detect C-R queries and add them to the refused-mail ACL list
would be most useful. ;->
Quoting Russell Coker ([EMAIL PROTECTED]):
> Some of the anti-spam people are very enthusiastic about their work. I
> wouldn't be surprised if someone writes a bot to deal with CR systems.
A bot to detect C-R queries and add them to the refused-mail ACL list
would be most useful. ;->
--
To
Quoting Michael Stone ([EMAIL PROTECTED]):
> You're talking about SPF. That's a concept, not an implementation.
Implementation details have already been posted.
> Effective use of SPF requires widespread adoption. Until/unless
> widespread adoption happens the promises of SPF are vaporware.
Re
Quoting Michael Stone ([EMAIL PROTECTED]):
> You're talking about SPF. That's a concept, not an implementation.
Implementation details have already been posted.
> Effective use of SPF requires widespread adoption. Until/unless
> widespread adoption happens the promises of SPF are vaporware.
Re
Quoting Michael Stone ([EMAIL PROTECTED]):
> No, I'm not.
You _weren't_ ignoring the point I just made and changing the subject?
Then, some villain apparently snuck into your MTA and substituted
different text that did, for the original message you tried to send.
You should sue! ;->
> I'm poin
Quoting Michael Stone ([EMAIL PROTECTED]):
> What name calling? There's a difference.
Cute.
Ah, well.
> You're assuming unrestricted outbound connections. Might even be true in
> your environment.
It's true that there will be interim problems with corporate firewalls
(etc.) closing off outb
Quoting Michael Stone ([EMAIL PROTECTED]):
> There's a line between advocacy and zealotry.
Still stuck in name-calling mode? Pity.
> It's fine for a home user to implement it quickly but it's not so easy
> for a lot of large organizations that currently allow people to send
> mail from offsite
Quoting Michael Stone ([EMAIL PROTECTED]):
> yeah, aol's pleased as punch about it. they also don't have much
> interest in customers sending email with @aol from off their own system
> unless they use an obnoxious webmail client. same goes for hotmail.
> anyone with users who isn't aol and whose
Quoting Michael Stone ([EMAIL PROTECTED]):
> Well, it is vaporware. Until it's used by a noticable percentage of
> hosts, it's irrelevant.
(1) Where I come from, the term "vapourware" means software touted far
in advance of its availability. As noted, such is most emphatically not
the case, here
Quoting Michael Stone ([EMAIL PROTECTED]):
> No, I'm not.
You _weren't_ ignoring the point I just made and changing the subject?
Then, some villain apparently snuck into your MTA and substituted
different text that did, for the original message you tried to send.
You should sue! ;->
> I'm poin
Quoting Michael Stone ([EMAIL PROTECTED]):
> What name calling? There's a difference.
Cute.
Ah, well.
> You're assuming unrestricted outbound connections. Might even be true in
> your environment.
It's true that there will be interim problems with corporate firewalls
(etc.) closing off outb
Quoting Michael Stone ([EMAIL PROTECTED]):
> There's a line between advocacy and zealotry.
Still stuck in name-calling mode? Pity.
> It's fine for a home user to implement it quickly but it's not so easy
> for a lot of large organizations that currently allow people to send
> mail from offsite
Quoting Michael Stone ([EMAIL PROTECTED]):
> yeah, aol's pleased as punch about it. they also don't have much
> interest in customers sending email with @aol from off their own system
> unless they use an obnoxious webmail client. same goes for hotmail.
> anyone with users who isn't aol and whose
Quoting Michael Stone ([EMAIL PROTECTED]):
> Well, it is vaporware. Until it's used by a noticable percentage of
> hosts, it's irrelevant.
(1) Where I come from, the term "vapourware" means software touted far
in advance of its availability. As noted, such is most emphatically not
the case, here
Quoting Phillip Hofmeister ([EMAIL PROTECTED]):
> While I am sure finding out whose is bigger is exciting to you. I
> feel comfortable in speaking for the rest of the list when I say this
> thread has become WAY OT.
I'm surprised that an allegation that SPF -- highly relevant to SMTP
security
Quoting Bernd Eckenfels ([EMAIL PROTECTED]):
> If you relay mail from your customers, you have to deliver them their
> bounces if they spam.
Well, that's the trick, isn't it? If they're sending spam (either
deliberately or -- much more likely of late -- because customer hosts have
been zombifi
Quoting Phillip Hofmeister ([EMAIL PROTECTED]):
> While I am sure finding out whose is bigger is exciting to you. I
> feel comfortable in speaking for the rest of the list when I say this
> thread has become WAY OT.
I'm surprised that an allegation that SPF -- highly relevant to SMTP
security
Quoting Bernd Eckenfels ([EMAIL PROTECTED]):
> If you relay mail from your customers, you have to deliver them their
> bounces if they spam.
Well, that's the trick, isn't it? If they're sending spam (either
deliberately or -- much more likely of late -- because customer hosts have
been zombifi
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 05:32:17PM -0700, Rick Moen wrote:
> >Was there a particular part of the immediately preceding reference to
> >SPF that you didn't get, or was it the concept as a whole?
>
> I get the concept of vaporw
Quoting Michael Stone ([EMAIL PROTECTED]):
> The end result is the same in a lot of cases.
I'm sorry, what part of "fixing local problems first, and understanding
the scope of one's responsibility" are you not quite getting?
> The point is that you shouldn't take a holier-than-thou attitude abou
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 04:24:35PM -0700, Rick Moen wrote:
> >One can pretend that the matter's open for debate, but that would be a
> >waste of time: It's happening.
>
> Sure it is. How do you manage to sleep, fixing
Quoting Blu ([EMAIL PROTECTED]):
> If my relay server (not open, but relay for customers) has no means to
> verify recipients, what to do when the destination server rejects that
> mail already accepted by my server?. Bounce.
(Implicit assumption that you have no option but to accept forged-send
Quoting Michael Stone ([EMAIL PROTECTED]):
> I'm sure the guy who got joe jobbed is happy that you can point out the
> source of his misforture. Must be real comforting and all.
Was there a particular part of the immediately preceding reference to
SPF that you didn't get, or was it the concept as
Quoting Blu ([EMAIL PROTECTED]):
> Are you suggesting then, that we should not relay mail at all?, not even
> to/from our customers?
I'm quite non-plussed at this question, since it seems to suggest that you
weren't following the thread.
Earlier, I mentioned (to summarise and review) that I take
Quoting Michael Stone ([EMAIL PROTECTED]):
> Yeah, big difference. If the spam is going through a relay, the relay
> will send the same bounce and the same person will get the bounce
> message.
Oh, oh!
Gee, I guess that relay should have rejected the spam instead of relaying
it, right? Then,
dark overnight because so many
> admins were still running Sendmail versions that had been obsoleted
> years before.
>
> Ah, those were the days. :-P
Yes, indeed!
http://linuxmafia.com/pub/humour/500-mile-e-mail
--
Cheers,Remember: The day after tomorrow is the third day
Rick Moen of the rest of your life.
[EMAIL PROTECTED]
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 05:32:17PM -0700, Rick Moen wrote:
> >Was there a particular part of the immediately preceding reference to
> >SPF that you didn't get, or was it the concept as a whole?
>
> I get the concept of vaporw
Quoting Michael Stone ([EMAIL PROTECTED]):
> The end result is the same in a lot of cases.
I'm sorry, what part of "fixing local problems first, and understanding
the scope of one's responsibility" are you not quite getting?
> The point is that you shouldn't take a holier-than-thou attitude abou
Quoting Michael Stone ([EMAIL PROTECTED]):
> On Thu, Jun 03, 2004 at 04:24:35PM -0700, Rick Moen wrote:
> >One can pretend that the matter's open for debate, but that would be a
> >waste of time: It's happening.
>
> Sure it is. How do you manage to sleep, fixing
Quoting Blu ([EMAIL PROTECTED]):
> If my relay server (not open, but relay for customers) has no means to
> verify recipients, what to do when the destination server rejects that
> mail already accepted by my server?. Bounce.
(Implicit assumption that you have no option but to accept forged-send
Quoting Michael Stone ([EMAIL PROTECTED]):
> I'm sure the guy who got joe jobbed is happy that you can point out the
> source of his misforture. Must be real comforting and all.
Was there a particular part of the immediately preceding reference to
SPF that you didn't get, or was it the concept as
Quoting Blu ([EMAIL PROTECTED]):
> Are you suggesting then, that we should not relay mail at all?, not even
> to/from our customers?
I'm quite non-plussed at this question, since it seems to suggest that you
weren't following the thread.
Earlier, I mentioned (to summarise and review) that I take
lready accepted the mail and
handed it off to an LDA or MDA -- so the opportunity is lost.
--
Cheers,
Rick MoenBu^so^stopu min per kulero.
[EMAIL PROTECTED]
Quoting Michael Stone ([EMAIL PROTECTED]):
> Yeah, big difference. If the spam is going through a relay, the relay
> will send the same bounce and the same person will get the bounce
> message.
Oh, oh!
Gee, I guess that relay should have rejected the spam instead of relaying
it, right? Then,
1 - 100 of 262 matches
Mail list logo