Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, Sep 06, 2003 at 11:32:04PM +1000, Russell Coker wrote: > DNSBL's and spamassasin seem quite good at dealing with spam and are much > less annoying. That combined with some new laws that are being enacted to > combat spam should keep it to a managable level. oh, please tell me that these new laws are going to be the replacement of Duck Season with Spammer Season (Jan to Dec in any year). that'll work. i sometimes think that it's the ONLY thing that will really work. craig
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, Sep 06, 2003 at 06:02:07PM -0500, david nicol wrote: > Don't hate spammers, figure out a way to bill them. They are in > business, they pay for things, they expect to be billed. Everyone > who has considered sender-pays agrees that it provides a better solution > than legislation. Again with the "It's better than impaling yourself upon an iron spike" rationale. Cut it out. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- | pgpr8s7Uvjw8r.pgp Description: PGP signature
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, 2003-09-06 at 08:32, Russell Coker wrote: > Here's how it works. Spammer creates account [EMAIL PROTECTED] and sends > their first spam to a C-R system, when the challenge comes in they > acknowledge it and from then on the C-R system does not bother them because > they keep using the same small range of IP addresses. Hotmail cancels their > account pretty quickly, but as the C-R system does not send any changes > unless they change their IP address (and they don't change their IP address > to avoid C-R systems) then it's not a problem for them. Spammer pays the pay2send infrastructure ten thousand dollars in advance to send from the return address [EMAIL PROTECTED], and all participating mail gateways bill out of the payment made in advance, and when the ten thousand runs out, the mail from [EMAIL PROTECTED] is no longer relayed. The C-R system prevents someone who is not using spammer's IP address from forging [EMAIL PROTECTED] as a return address and stealing part of spammer's postage budget. Don't hate spammers, figure out a way to bill them. They are in business, they pay for things, they expect to be billed. Everyone who has considered sender-pays agrees that it provides a better solution than legislation.
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Sat, 6 Sep 2003 06:56, david nicol wrote: > > > Unlike TMDA's distributed profusion of extended addresses, a > > > central RAPNAP (return address, peer network address pair) database > > > only needs to send out a challenge when you change your outgoing > > > SMTP server. In effect, a central server caches challenge responses, > > > so individual challenges are no required all the time. > > > > Interesting idea. A spammer then only has to respond to a challenge once > > and they can then spam thousands of people. > > But only from an account which is really theirs. > RAPNAP provides a working minimal verification on > the return address for sender-pays systems. Sure you can forge > an e-mail with my return address, but you can't forge an e-mail > with both my return address and the peer network address of the > machine I generally send e-mail through, from your connection in > Australia. Here's how it works. Spammer creates account [EMAIL PROTECTED] and sends their first spam to a C-R system, when the challenge comes in they acknowledge it and from then on the C-R system does not bother them because they keep using the same small range of IP addresses. Hotmail cancels their account pretty quickly, but as the C-R system does not send any changes unless they change their IP address (and they don't change their IP address to avoid C-R systems) then it's not a problem for them. > > For challenge response to work it has to be annoying to lots of people. > > Anything that stops it being annoying will stop it working. That's why > > it is broken. > > Challenge-response, BY ITSELF ONLY, suffers from that problem. When > combined with other methods, CR is useful, and is _less annoying_ > then alternatives, such as requiring all correspondents to install PGP > for instance. DNSBL's and spamassasin seem quite good at dealing with spam and are much less annoying. That combined with some new laws that are being enacted to combat spam should keep it to a managable level. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Fri, Sep 05, 2003 at 03:56:16PM -0500, david nicol wrote: > > For challenge response to work it has to be annoying to lots of people. > > Anything that stops it being annoying will stop it working. That's why > > it is broken. > > Challenge-response, BY ITSELF ONLY, suffers from that problem. When > combined with other methods, CR is useful, and is _less annoying_ > then alternatives, such as requiring all correspondents to install PGP > for instance. Every single one of these alternatives is dangerously insane. I don't think "It's better than hurling yourself into a meat grinder" is a good rationale for doing something. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- | pgpQtgmPSBi9N.pgp Description: PGP signature
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Fri, 2003-09-05 at 00:16, Russell Coker wrote: > On Thu, 4 Sep 2003 18:32, david nicol wrote: > > I've been trying to popularize a centralized challenge-response > > database since last fall. It seems to me that becoming a debian > > package maintainer for the software to use it would make sense. > > > > Unlike TMDA's distributed profusion of extended addresses, a > > central RAPNAP (return address, peer network address pair) database > > only needs to send out a challenge when you change your outgoing > > SMTP server. In effect, a central server caches challenge responses, > > so individual challenges are no required all the time. > > Interesting idea. A spammer then only has to respond to a challenge once and > they can then spam thousands of people. But only from an account which is really theirs. RAPNAP provides a working minimal verification on the return address for sender-pays systems. Sure you can forge an e-mail with my return address, but you can't forge an e-mail with both my return address and the peer network address of the machine I generally send e-mail through, from your connection in Australia. And there is an adoption lag, which we are currently in, between when people start checking return addresses against the RAPNAP database and when spammers start bothering to return the challenges, which may appear to automated list software as bounces. The accounts (such as [EMAIL PROTECTED]) which I have set up which use the RAPNAP system exclusively to filter incoming messages receive no spam, yet. Incorporating a RAPNAP listing into spamassassin as something with a postive weight would be most effective IMO. > For challenge response to work it has to be annoying to lots of people. > Anything that stops it being annoying will stop it working. That's why > it is broken. Challenge-response, BY ITSELF ONLY, suffers from that problem. When combined with other methods, CR is useful, and is _less annoying_ then alternatives, such as requiring all correspondents to install PGP for instance.
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
On Thu, 4 Sep 2003 18:32, david nicol wrote: > I've been trying to popularize a centralized challenge-response > database since last fall. It seems to me that becoming a debian > package maintainer for the software to use it would make sense. > > Unlike TMDA's distributed profusion of extended addresses, a > central RAPNAP (return address, peer network address pair) database > only needs to send out a challenge when you change your outgoing > SMTP server. In effect, a central server caches challenge responses, > so individual challenges are no required all the time. Interesting idea. A spammer then only has to respond to a challenge once and they can then spam thousands of people. For challenge response to work it has to be annoying to lots of people. Anything that stops it being annoying will stop it working. That's why it is broken. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: tmda: Challenge-response is fundamentally broken (RAPNAP)
Hello I've been trying to popularize a centralized challenge-response database since last fall. It seems to me that becoming a debian package maintainer for the software to use it would make sense. Unlike TMDA's distributed profusion of extended addresses, a central RAPNAP (return address, peer network address pair) database only needs to send out a challenge when you change your outgoing SMTP server. In effect, a central server caches challenge responses, so individual challenges are no required all the time. I suppose a RAPNAP patch for Mailman would be a good thing to write... David Nicol
Re: tmda: Challenge-response is fundamentally broken
* Kalle Kivimaa | And yes, I'm actually considering filing grave bugs against each | such list software package (I'm willing to live with such behaviour | being optional with the default being no response, if the | documentation says "beware SPAM worms if you enable autoresponse). Please file a wishlist bug against mailman to change the default for sending a response when holding a message. (The feature is there, it's optional, but after seeing your argument, I agree that the default should be changed.) -- Tollef Fog Heen,''`. UNIX is user friendly, it's just picky about who its friends are : :' : `. `' `-
Re: tmda: Challenge-response is fundamentally broken
On Wed, 27 Aug 2003 11:44:34 +0100 Stephen Stafford <[EMAIL PROTECTED]> wrote: > Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best). I tend to agree with the grave aspect. > YOU might not agree that C-R systems are good (personally I detest them), > but that does NOT mean that we shouldn't release one. If the package is in > good shape and functions as advertised, then it IS fit for release. > Hey, how about if I decide that emacs is a huge bloaded piece of shit? Does > that mean we shouldn't release it? > Or if I decide that CUPS is rubbish and lprng is the One True Printer > Daemon? > Or that Gnome is a steaming pimple on the arse of desktop managers? > As long as SOME users like it, and find it useful and it fits THEIR needs, > then we should not be removing it from Debian (as long as it meets DFSG). > tmda appears to meet those criteria. It is NOT your place to decide what > software our users can and can't use. Fine. Some users like to send spam should Debian then package all spam producing software? Just because some users want the software is not enough of a reason to package and distribute it when there is a clear and demonstrable bad behavior inherent to the design and implementation of the software in question. Karsten's original filing proves there is a clear and demonstrable bad behavior inherent in *ALL* C-R systems. While I dislike Emacs and Gnome one would be hard pressed to demonstrate how they or their design are inherently exhibiting bad behavior. > This is NOT a grave bug. You have given NO reasons why the package does not > work as advertised, or fails to build, or fails to install or causes major > breakage to significant numbers of systems. Yes, Karsten did. Did you skip over the entire report or should we start packaging viruses now, too, since they perform as expected regardless of their effect on the larger picture? IE, it is possible for a package to "work as advertised" and still be wrong. > All you have is an opinion that C-R systems are bad. I share that opinion, > but that does NOT make this a grave bug. I await your spam and virus packages with earnest. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. ---+- pgpdq0VGTDBnL.pgp Description: PGP signature
Re: tmda: Challenge-response is fundamentally broken
Mark Brown <[EMAIL PROTECTED]> writes: > The part where SMTP is completely unauthenticated means that this > doesn't help - the SMTP envelope sender can be forged just as easily as > the From: inside the message. You're right, I forgot to say that the idea only applies to non-relayed mail where the other end is the originator. Forging the TCP connection is more difficult than simple header forgery. -- *A man's only as old as the woman he feels. (Groucho Marx)* * PGP public key available @ http://www.iki.fi/killer *
Re: tmda: Challenge-response is fundamentally broken
* Mark Brown > You do realise that all parts of SMTP are generally completely > unauthenticated and can be trivially forged? Yes. It's indeed very sad that it is so. However, my main issue still remains -- the difference (for the user) between «I'm installing this package and accept that my correspondents must jump through a few hoops to get in touch with me» and «I'm installing this package and accept that my correspondends must jump through a few hoops to get in touch with me -and- that it is overwhelmingly likely that I will send unsolicited junk mail to third parties so that they will have to deal with the problem instead of myself» is, in my opinion, vast. If TMDA warned the user that it'll take the latter approach, I'd probably be happy with that. (It would have been even better if there were some tutorial included, that could give a crash course in how to make TMDA -not- send challenges to e-mail SpamAssassin and/or ClamAV classified as junk mail.) -- Tore Anderson
Re: tmda: Challenge-response is fundamentally broken
Mark Brown <[EMAIL PROTECTED]> writes: >> Why cannot the C-R system issue the challenge during the SMTP session >> (respond with a reject containing the challenge)? With the latest >> Sobig flood I've begun to consider all list software sending back > > The part where SMTP is completely unauthenticated means that this > doesn't help - the SMTP envelope sender can be forged just as easily as > the From: inside the message. *You* don't generate a bounce in this case. Others might do, but in the case of Sobig.F and a sizeable chunk of spamming operations, no bounces at all are sent.
Re: tmda: Challenge-response is fundamentally broken
Tore Anderson <[EMAIL PROTECTED]> writes: > severity 207300 grave > quit > > * Karsten M. Self > > > Briefly: challenge-response (C-R) spam fighting systems are > > fundamentally broken by design. > > > I am recommending that TMDA be dropped from Debian. I use tmda, but not in challenge-response mode. I find it useful for its cryptographic hash-address system and the autowhitelisting code. -Brian -- Brian T. Sniffen[EMAIL PROTECTED] http://www.evenmere.org/~bts/
Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 04:07:58PM +0300, Kalle Kivimaa wrote: > Mark Brown <[EMAIL PROTECTED]> writes: > > You do realise that all parts of SMTP are generally completely > > unauthenticated and can be trivially forged? A system like this has no > > option but to work with unauthenticated data. > > Why cannot the C-R system issue the challenge during the SMTP session > (respond with a reject containing the challenge)? Read SMTP 2821, and find out for yourself. Hint: SMTP is intended to be noninteractive, while this thing tries to get confirmation from a human being. -- Wouter Verhelst Debian GNU/Linux -- http://www.debian.org Nederlandstalige Linux-documentatie -- http://nl.linux.org "Stop breathing down my neck." "My breathing is merely a simulation." "So is my neck, stop it anyway!" -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.
Re: tmda: Challenge-response is fundamentally broken
Bernd Eckenfels <[EMAIL PROTECTED]> writes: > Every MTA is sending bounces to mails with forged headers. The MXes I'm responsible for don't do this (even the secondary MXes handle such cases gracefully). They just refuse messages with unknown destinations at the SMTP level. AFAIK, all MTAs which are part of Debian can do this. You need some extra configuration to cover the secondaries, too, but that's usually worth the trouble.
Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 04:07:58PM +0300, Kalle Kivimaa wrote: > Mark Brown <[EMAIL PROTECTED]> writes: > > You do realise that all parts of SMTP are generally completely > > unauthenticated and can be trivially forged? A system like this has no > > option but to work with unauthenticated data. > Why cannot the C-R system issue the challenge during the SMTP session > (respond with a reject containing the challenge)? With the latest > Sobig flood I've begun to consider all list software sending back The part where SMTP is completely unauthenticated means that this doesn't help - the SMTP envelope sender can be forged just as easily as the From: inside the message. -- "You grabbed my hand and we fell into it, like a daydream - or a fever."
Re: tmda: Challenge-response is fundamentally broken
Mark Brown <[EMAIL PROTECTED]> writes: > You do realise that all parts of SMTP are generally completely > unauthenticated and can be trivially forged? A system like this has no > option but to work with unauthenticated data. Why cannot the C-R system issue the challenge during the SMTP session (respond with a reject containing the challenge)? With the latest Sobig flood I've begun to consider all list software sending back "your message is waiting for moderation" messages broken, let alone a software package designed to reduce SPAM (or virus checkers responding to a completely wrong person warning about infected system). And yes, I'm actually considering filing grave bugs against each such list software package (I'm willing to live with such behaviour being optional with the default being no response, if the documentation says "beware SPAM worms if you enable autoresponse). -- * Outside of a dog, a book is man's best friend. Inside of a dog, it's * *too dark to read. (Groucho Marx) * * PGP public key available @ http://www.iki.fi/killer *
Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 01:35:12PM +0200, Tore Anderson wrote: > [ Please do not send me CC's, as I have not explicitly asked for them. ] Apologies. > > * Stephen Stafford > > > Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best). > > > > YOU might not agree that C-R systems are good (personally I detest them), > > but that does NOT mean that we shouldn't release one. If the package is in > > good shape and functions as advertised, then it IS fit for release. > > I do not have anything against C-R systems per se, and I do not care if > others use them, or if we distribute them. What I -do- have a problem > with is that the C-R system in question ignores the fact that SMTP > headers are trivially (and regulary) forged. I believe this is deliberate, > and that TMDA does not attempt to verify that the recipient of the > challenge truly was the sender of the original e-mail. (If it did, I > would have no problem with it at all.) > > Therefore third-party users, who had nothing to do with the original > sending of the mail, will receive unsolicited e-mail, and that even > from a program which is designed to stop such junk. > > > Hey, how about if I decide that emacs is a huge bloaded piece of shit? > > Does that mean we shouldn't release it? > > > > Or if I decide that CUPS is rubbish and lprng is the One True Printer > > Daemon? > > > > Or that Gnome is a steaming pimple on the arse of desktop managers? > > None of these are comparable - that one user installs Gnome on his > system does not hurt you in any way. You can simply ignore it and > go on with your life. You do not even have to know -- Gnome will not > send you unsolicited junk mail, regardless of it being a 'steaming > pimple' or no. The original submitter was NOT compaining that the package was badly implemented, he was complaining that C-R systems are bad (okay, he has lots of reasons why he thinks they are bad, but it's all opinion in the end) and should not be released. The TMDA package is not broken with respect to what it is meant to do. It does exactly what it is meant to do. The fact that you don't like it is neitehr here nor there. My examples of Gnome, emacs and CUPs were just that...examples. They are designs which some people like and some people don't. The variety that says we can have different designs is a good thing. Personally I do not like C-R systems. In general if I get a challenge from one, I ignore it. This does not mean that the tmda package is buggy. All it means is that you don't like what it does. That being the case, it is exactly comparable to someone deciding that because they don't like emacs, or Gnome or whatever that we should file a RC bug on it to prevent it being released. The only thing that isn't comparable WHY you don't like it. Sorry, but from where I sit, it's not a good enough reason to remove it from the archive, or to prevent it being released. I dislike C-R based anti-spam measures, and I will tell anyone who asks me WHY I don't like them. Someone who likes vi and detests emacs will tell anyone why he dislikes emacs. I don't see why this should be a good reason for removal from the archive, or why this is a release critical bug. Stephen pgpugmGC7ruZW.pgp Description: PGP signature
Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 11:08:23AM +0200, Tore Anderson wrote: [snip... oh my!] How amusing to see Sobig.F cited as the reason for reassigning grave severity to a bug! Looks to me as if you just didn't find a sobig-f package to file the bug against, so something else had to be the culprit. In the long run, it would be nice to have a special mail header used by all auto-responders - bounces, virus alerts, out-of-office, maybe even a variant for challenge-response systems -, to allow these mails to be filtered. A good (temporary) solution for people who use c-r systems is to filter Sobig.F, like so (.procmailrc): :0 * ^Subject: (Re: That movie|Re: Wicked screensaver|Re: Your application|Re: Approved|Re: Re: My details|Re: Details|Your details|Thank you!)$ * ^X-MailScanner: Found to be clean Mail/spam Challenge-response antispam systems are considered useful by enough users to be included in the archive. IMHO it must be left to the user to decide whether they're worth the trouble or not - Debian has no business making such decisions on behalf of the user. Cheers, Richard (who, also hates c-r systems, but that's irrelevant) -- __ _ |_) /| Richard Atterer | GnuPG key: | \/¯| http://atterer.net | 0x888354F7 ¯ '` ¯
Re: tmda: Challenge-response is fundamentally broken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 27 August 2003 11:08, Tore Anderson wrote: > > I do not intend to play BTS games here; if you change the severity back > > to grave, or to any other RC state, I will consider it to be abuse of > > the BTS and report your actions to the BTS maintainer, and your ability > > to use the BTS will be taken away. > I'm Cc'ing debian-devel for comments, as you do not seem to be > interested in having any sensible discussion regarding this issue, > and amazingly enough instead go on threatening the submitter that you > will go to the BTS guys and have him blacklisted from the BTS. Not > very polite to one of our users, I'd say. Feel free to attempt having > me blacklisted, though. Reread that. All he says is that the BTS is not the right place to settle %DISPUTE% and that he will try to prevent its abuse. Without even looking at what %DISPUTE% really is, he is right in that. That is what (in this case) debian-devel is good for. Just wondering, is a keyring not also some kind of C-R system ? clam down, Uli -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/TKbuwVdGSYi8Mq8RAiRKAJ9pNH8svNS07wX+bhzJMDwR5DCeAwCgleWP GXWsDGm8hpxuKYvxyae7LH0= =BCQ3 -END PGP SIGNATURE-
Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 02:54:43PM +0300, Lars Wirzenius wrote: > TDMA seems to hurt innocent outsiders by sending them mail (e.g., in > response to garbage sent by viruses or spammers). The other examples you > gave (Emacs, Gnome, CUPS) don't do that, as far as I know. The > difference is important, I think. Every MTA is sending bounces to mails with forged headers. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (OO) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Re: tmda: Challenge-response is fundamentally broken
On Wed, Aug 27, 2003 at 01:35:12PM +0200, Tore Anderson wrote: > with is that the C-R system in question ignores the fact that SMTP > headers are trivially (and regulary) forged. I believe this is deliberate, > and that TMDA does not attempt to verify that the recipient of the > challenge truly was the sender of the original e-mail. (If it did, I > would have no problem with it at all.) You do realise that all parts of SMTP are generally completely unauthenticated and can be trivially forged? A system like this has no option but to work with unauthenticated data. -- "You grabbed my hand and we fell into it, like a daydream - or a fever."
Re: tmda: Challenge-response is fundamentally broken
severity 207300 wishlist thanks On Wed, Aug 27, 2003 at 11:08:23AM +0200, Tore Anderson wrote: > severity 207300 grave > quit Sorry, Tore, but this is not a grave bug. The package does what it says on the tin, even if you think that its goals are broken in the wider picture (and I'd happen to agree there, personally, especially in light of the recent Sobig.F fiasco; but that's neither here nor there as far as bug severities go). I express no opinion about whether the bug is wishlist, minor, normal, or important; but it doesn't qualify for release-critical. > * Karsten M. Self > > > Briefly: challenge-response (C-R) spam fighting systems are > > fundamentally broken by design. > > > I am recommending that TMDA be dropped from Debian. > > * Adam McKenna > > > I will not respond to this bug other than to state that I don't > > believe it meets the requirements for filing a grave bug, and I > > will not remove TMDA from Debian just because you and a few others > > don't like it, or don't like this particular class of software. > > > > I do not intend to play BTS games here; if you change the severity > > back to grave, or to any other RC state, I will consider it to be > > abuse of the BTS and report your actions to the BTS maintainer, and > > your ability to use the BTS will be taken away. Speaking as a BTS maintainer, that seems unlikely to happen. We have a high threshold for banning people, and it does not include isolated arguments. If it did, very few people would be able to use the BTS any more! Please don't deliberately escalate this argument. > Therefore I join the original submitter in the recommendation that > TMDA should be removed from Debian, or failing that, it should carry > a prominent notice in the description that it will send junk mail to > random third parties and will thus not remove the junk mail problem, > but simply transfer it (very rudely, I might add) to someone else. Perhaps some compromise could be found here to improve the package's description. Adam, I also think it would be helpful if you could respond to at least some points from the original bug report. I do believe that Karsten has thought about this in some thoroughness and is not simply trying to antagonize you. Cheers, -- Colin Watson [EMAIL PROTECTED]
Re: tmda: Challenge-response is fundamentally broken
[ Please do not send me CC's, as I have not explicitly asked for them. ] * Stephen Stafford > Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best). > > YOU might not agree that C-R systems are good (personally I detest them), > but that does NOT mean that we shouldn't release one. If the package is in > good shape and functions as advertised, then it IS fit for release. I do not have anything against C-R systems per se, and I do not care if others use them, or if we distribute them. What I -do- have a problem with is that the C-R system in question ignores the fact that SMTP headers are trivially (and regulary) forged. I believe this is deliberate, and that TMDA does not attempt to verify that the recipient of the challenge truly was the sender of the original e-mail. (If it did, I would have no problem with it at all.) Therefore third-party users, who had nothing to do with the original sending of the mail, will receive unsolicited e-mail, and that even from a program which is designed to stop such junk. > Hey, how about if I decide that emacs is a huge bloaded piece of shit? > Does that mean we shouldn't release it? > > Or if I decide that CUPS is rubbish and lprng is the One True Printer > Daemon? > > Or that Gnome is a steaming pimple on the arse of desktop managers? None of these are comparable - that one user installs Gnome on his system does not hurt you in any way. You can simply ignore it and go on with your life. You do not even have to know -- Gnome will not send you unsolicited junk mail, regardless of it being a 'steaming pimple' or no. -- Tore Anderson
Re: tmda: Challenge-response is fundamentally broken
On ke, 2003-08-27 at 13:44, Stephen Stafford wrote: > YOU might not agree that C-R systems are good (personally I detest them), > but that does NOT mean that we shouldn't release one. If the package is in > good shape and functions as advertised, then it IS fit for release. TDMA seems to hurt innocent outsiders by sending them mail (e.g., in response to garbage sent by viruses or spammers). The other examples you gave (Emacs, Gnome, CUPS) don't do that, as far as I know. The difference is important, I think. Whether TDMA's behavior is bad enough to warrant removal from Debian I don't know. (It is an issue I find it hard to be objective about.) -- http://liw.iki.fi/liw/photos/swordmaiden/
Re: tmda: Challenge-response is fundamentally broken
[enormous snippage] Sorry, but I do NOT see how this is a grave bug. It's wishlist (at best). YOU might not agree that C-R systems are good (personally I detest them), but that does NOT mean that we shouldn't release one. If the package is in good shape and functions as advertised, then it IS fit for release. Hey, how about if I decide that emacs is a huge bloaded piece of shit? Does that mean we shouldn't release it? Or if I decide that CUPS is rubbish and lprng is the One True Printer Daemon? Or that Gnome is a steaming pimple on the arse of desktop managers? As long as SOME users like it, and find it useful and it fits THEIR needs, then we should not be removing it from Debian (as long as it meets DFSG). tmda appears to meet those criteria. It is NOT your place to decide what software our users can and can't use. This is NOT a grave bug. You have given NO reasons why the package does not work as advertised, or fails to build, or fails to install or causes major breakage to significant numbers of systems. All you have is an opinion that C-R systems are bad. I share that opinion, but that does NOT make this a grave bug. Stephen pgpngUSCQUk8G.pgp Description: PGP signature
Re: tmda: Challenge-response is fundamentally broken
severity 207300 grave quit * Karsten M. Self > Briefly: challenge-response (C-R) spam fighting systems are > fundamentally broken by design. > I am recommending that TMDA be dropped from Debian. * Adam McKenna > I will not respond to this bug other than to state that I don't believe it > meets the requirements for filing a grave bug, and I will not remove TMDA > from Debian just because you and a few others don't like it, or don't > like this particular class of software. > > I do not intend to play BTS games here; if you change the severity back to > grave, or to any other RC state, I will consider it to be abuse of the BTS > and report your actions to the BTS maintainer, and your ability to use the > BTS will be taken away. > > Before you respond to this I suggest you re-read Debian's Social Contract > and the section of the Maintainer's Guide pertinent to bug severities. You just spammed me with one of your "challenges", Adam. I do not think I have ever before sent you an e-mail, and I am 100% certain I have never sent you any trojan horse designed to break Microsoft Outlook. Upon inspection of the headers, I see you did so even after the message scored >10 in your SpamAssassin filter. Surely you are aware of the fact that such junk mail tend to have forged From: headers? How many other innocent third parties have you spammed through the use of this broken program? How many of these are Debian users, do you think? How many Debian users have installed this package, and has as a result begun sending junk mail to innocent third parties, without even being aware of it? Think about it for a while, then you go read up on the Social contract, more specifically the clause stating what our priorities are. This program is no better than the brain-damaged content filters that has plauged debian-devel and countless mailboxes with the idiotic "you have attempted to send [EMAIL PROTECTED] a virus!"-allegations. Although it may relieve the junk mail flow to your and other TMDA/content filter users' mailboxes, it does nothing but add to the problem for other e-mail users around the globe. In fact, I find the use of this program about as disgusting as the sending of the original unsolicited message -- in both cases you send other e-mail users junk mail for your own personal benefit. Therefore I join the original submitter in the recommendation that TMDA should be removed from Debian, or failing that, it should carry a prominent notice in the description that it will send junk mail to random third parties and will thus not remove the junk mail problem, but simply transfer it (very rudely, I might add) to someone else. I'm Cc'ing debian-devel for comments, as you do not seem to be interested in having any sensible discussion regarding this issue, and amazingly enough instead go on threatening the submitter that you will go to the BTS guys and have him blacklisted from the BTS. Not very polite to one of our users, I'd say. Feel free to attempt having me blacklisted, though. -- Tore Anderson
