On 6/17/05, Eli <[EMAIL PROTECTED]> wrote: > Greg wrote: > > > There's giving a guy some rope -- and then there's rope that's fashioned > > into a hangman's noose, and strung up over a high branch, forced over > > the user's head, and a swat given to the hind end of the horse he's > > sitting on. This issue is like the latter, not the former. > > That analogy is flawed unfortunately. Exim is the rope, and the default > configuration supplied is no worse than just another piece of rope. Quite > obviously these admins have taken these two pieces of rope and made a noose > with it. If they're going around hanging people, just don't go play with > them - that's the fix. Many of us are well aware of your position on > accepting email, so I highly doubt that blacklisting a few more "RFC > ignorant" domains is against any policy you hold dear. > > As someone else similarily stated, my computer and OS allow me to delete > itself from the system (at least key files/components) while it's running. > It lets me install viruses, and even lets me compile viruses. Those are for > sure things that we wouldn't want to happen - do you blame my Intel CPU > chip, or my operating system for allowing such things?
Yes, but there are rules so you can't delete locked/system/other peoples files. Any delete command is usually not going to let you do a lot of bad things (like delete locked files or ignore permissions unless you're logged on as root) and then is going to prompt you Y/N. What some of us are asking for is not to remove the delete/rmdir/format commands in Exim but to at least do things so they are used appropriately and with moderation. There should be prompting (whatever is a system file or whatever is locked) and big warnings in all caps and stuff before you format a drive. If the delete command ignores permissions or can delete files that are in use then perhaps it shouldn't. I think what we have here is a delete command that ignores permissions, locked files, system files, and files in use. RFC's don't give Exim any permission do ignore key aspects of the SMTP protocol and I don't want any guest the ability to ignore root permissions and delete rename and move stuff. If I have an open system and someone goes around doing bad things, they should be punted. How is that for an appropriate analogy? You have absolute control over your machine and you should be perfectly able to open all your ports and create viruses and delete and format anything you want. On the other hand when a user takes their fully patched Windows computer and hooks it up to the internet and wants to share files with another computer and uses weak passwords so their kids/parents don't have any problems only to have it turned into a zombie a few hours later, Microsoft didn't need to fix or improve anything. Microsoft never needed to improve and start incorporating their dinky firewall in XP. That stupid warning all the time saying the firewall is turned off is annoying for us good users that have routers and stuff and who know what we're doing. We only need to train the users in the case of Windows and postmasters in the case of Exim so they don't do anything stupid. Meanwhile there are millions of zombies still out there spewing viruses and spam out there and it isn't Microsoft fault just like it isn't Exims fault. I'm not talking about bugs or holes here as all the patches and security fixes are quickly made available. Microsoft crap, I mean stuff, is just as good as Exim. Microsoft isn't not at all responsible after all any good user should get a router and antivirus software and apply all the security patches Microsoft has released. Gee, I accept <postmaster> or <[EMAIL PROTECTED]> (and similar with abuse) as exceptions to my default policy. I refuse <> to multiple recipients and to alias (that wouldn't send mail) and I do put them through special filters to prune bogus virus warnings and such. I'll punish systems that use IP addresses in their helo (also violating RFCs) or that try to forge my IP or my domains while I carefully examine helo strings. I use proper reverse dns entries and all my machines have and use good resolvable names. I do all this without using Exim and that's probably more than I can say for 99.9% of postmasters/systems/domains out there, Exim or otherwise. I think RFCs are important unlike Exim, and I don't think there is anything you can do ignoring RFCs that you couldn't do better by following the rules. If cPanel fixed the problem where they ignored 550 errors when sending <> (they also use auto_thaw to configure Exim to ignore 550 errors when sending <> -- think about that) perhaps they wouldn't be so quick or even need to refuse <>. I mean really, first they send <> ignoring 550 errors then refuse <> using 550 responses!! Exim made this possible and easy. "Exim is easily misconfigured" is not a good motto although it does seems to be too true. One quickfix forces another. "Exim, if you want to do it quick and not properly?", another bad motto. Thinking you're cripping Exim by forcing it to follow the rules is wrong. You're taking the easy way out and not fixing the real cause of the problem... so rather than block all dsn you should upgrade your filtering configuration, filter those accounts that don't send mail and don't respond with 550 We don't relay <> but 550 Original Message was forged. By installing special filters for <>, rather than arbitrarily refusing all of them, I was able to filter out all the bogus dsn for users were refusing them all wasn't an option. I was also able to extend them to examine bogus dsns where they used <postmaster/mail-daemon/[EMAIL PROTECTED]> instead of just <>. Big improvements. Necessity is the mother of invention and the easy quickfixes Exim allows are not condusive to this mentality. Solutions involving a little more work usually solve bigger problems. Any good postmaster wouldn't have any problem if Exim was neutered a bit to protect idiots from themselves, because a good postmaster isn't an idiot and they would still be able to do everything they wanted to do before. Meanwhile, I think if we stopped talking about features in general and talked about specific options we might make more head way. So if we did get rid of feature X (refuse all bounces) couldn't we just start using/create/learn how to configure feature Q (filter bounces to mailbox aliases) instead? or how about option K (create a filter that rejects dsn created by stupid virus software). Getting rid of an option doesn't mean you can't choose, and if we start providing specific solutions to specific problems people wouldn't use or miss (if we did get rid of them) these quickfixes and hacks that Exim seems to have incorporated. So log in as a guest and then try to format all the drives... if you can then say goodbye to Windows 9x. Is that a product you want to be using? Is there something you want to pass along to the owner of that machine and to other owners or the software maker? I would like it if perhaps another software maker would listen to our concerns and not arbitrarily say we don't want to cripple the software by removing or restricting some infrequently (or in some cases never used and depreciated) feature. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
