Re: Moderated posts?
Tanstaafl tansta...@libertytrek.org writes: On 10/17/2014 9:24 PM, lee l...@yagibdah.de wrote: You do not accept messages you can not deliver unless you are relaying them. Absolutely wrong, this rule fully applies to relays just as it does final destination servers. I'm not sure what you mean. How will you know whether messages to a particular destination address can be delivered before sending a message to that address so that you can decide whether to accept a message you're relaying to that address? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a94rg3o7@yun.yagibdah.de
Re: Moderated posts?
On Sun, 19 Oct 2014 23:17:28 +0200 lee l...@yagibdah.de wrote: Tanstaafl tansta...@libertytrek.org writes: On 10/17/2014 9:24 PM, lee l...@yagibdah.de wrote: You do not accept messages you can not deliver unless you are relaying them. Absolutely wrong, this rule fully applies to relays just as it does final destination servers. I'm not sure what you mean. How will you know whether messages to a particular destination address can be delivered before sending a message to that address so that you can decide whether to accept a message you're relaying to that address? I think it's generally an admonishment not to get involved in relaying. The point of relaying is that the original sender cannot directly reach the recipient's authoritative mail server, in which case it can't generally query for recipient validity. If a relaying server does not hold a list of valid recipients for the authoritative server, and that's usually difficult to maintain, then it runs the risk of having to pass an NDR back up the relay line, and if the original message was spam, then we have NDR spam. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141020121819.7bd99...@jresid.jretrading.com
Re: Moderated posts?
On 10/20/2014 7:18 AM, Joe j...@jretrading.com wrote: I think it's generally an admonishment not to get involved in relaying. No, it is generally an admonishment not to get involved with relaying if you do not have *access* to validate recipients. There are multiple ways this can be achieved. Easiest is what postfix calls 'recipient verification'. Or you could script a way to get a locally held list. The point of relaying is that the original sender cannot directly reach the recipient's authoritative mail server, in which case it can't generally query for recipient validity. This is only generally true for *outbound* mail. I'm talking mainly about acting as an *inbound* relay, meaning, an inbound MX for any given domain(s). If a relaying server does not hold a list of valid recipients for the authoritative server, and that's usually difficult to maintain, Maybe, but again, you can always just use recipient verification (with permission - this is the postfix term, or use the equiv for whatever SMTP server you are using). If whoever you are acting as MX for won't let you perform recipient verification, then you shouldn't be acting as their MX. Period. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54450d5e.5000...@libertytrek.org
Re: Moderated posts?
Joe wrote: On Sun, 19 Oct 2014 23:17:28 +0200 lee l...@yagibdah.de wrote: Tanstaafl tansta...@libertytrek.org writes: On 10/17/2014 9:24 PM, lee l...@yagibdah.de wrote: You do not accept messages you can not deliver unless you are relaying them. Absolutely wrong, this rule fully applies to relays just as it does final destination servers. I'm not sure what you mean. How will you know whether messages to a particular destination address can be delivered before sending a message to that address so that you can decide whether to accept a message you're relaying to that address? I think it's generally an admonishment not to get involved in relaying. The point of relaying is that the original sender cannot directly reach the recipient's authoritative mail server, in which case it can't generally query for recipient validity. Relaying happens all the time - e.g., when an organization designates a single mail gateway, that then distributes to department-level mail systems. And, in the corporate world, NDRs from down-stream servers are commonplace. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54451358.7030...@meetinghouse.net
Re: Moderated posts?
On Mon, 20 Oct 2014 09:51:20 -0400 Miles Fidelman mfidel...@meetinghouse.net wrote: Joe wrote: On Sun, 19 Oct 2014 23:17:28 +0200 lee l...@yagibdah.de wrote: Tanstaafl tansta...@libertytrek.org writes: On 10/17/2014 9:24 PM, lee l...@yagibdah.de wrote: You do not accept messages you can not deliver unless you are relaying them. Absolutely wrong, this rule fully applies to relays just as it does final destination servers. I'm not sure what you mean. How will you know whether messages to a particular destination address can be delivered before sending a message to that address so that you can decide whether to accept a message you're relaying to that address? I think it's generally an admonishment not to get involved in relaying. The point of relaying is that the original sender cannot directly reach the recipient's authoritative mail server, in which case it can't generally query for recipient validity. Relaying happens all the time - e.g., when an organization designates a single mail gateway, that then distributes to department-level mail systems. Yes, but there's at least a fighting chance in this case that the organisation can configure the gateway server to verify recipients locally. The problems occur where there is no real mail admin, where a small company outsources its spam-cleaning, and nobody in the company even knows what a recipient list is, let alone that their spam-cleaner should have one, kept up to date. Many small and medium businesses collect their main domain-wide by POP3, giving no way of automating recipient verification. And, in the corporate world, NDRs from down-stream servers are commonplace. Which is why the spammers love them. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141020201722.65ee0...@jresid.jretrading.com
Re: Moderated posts?
Chris Bannister cbannis...@slingshot.co.nz writes: On Sat, Oct 18, 2014 at 03:24:32AM +0200, lee wrote: Klensin Standards Track[Page 71] RFC 5321 SMTP October 2008 if this address is null (), the receiver-SMTP MUST NOT send a notification. This clearly tells you that you *must not* drop or otherwise loose a message once you have accepted it and that you *must* send a bounce when the message can not be delivered. Is a bounce not some sort of notification. The above could easily be read as do nothing, don't bother the sender at all. A bounce is a notification. You don't send one when you deny a message. Since your MTA did not accept the message, it remains the responsibility of the MTA or MUA on the sending side to inform the sender of the message. Your MTA is not responsible for this because it did not accept the message. Only when you have accepted a message you can not deliver, you must send a bounce. Please do configure your MTAs accordingly. And that includes whoever runs this mailing list: When you block The MTA accepts them OK, no problem there. messages, the senders must be informed that the delivery to the list has failed. --- I cannot verify whether messages sent to this list have been silently dropped. The policy of MLs or forums has got nothing to do with MTA configuration. The policy is implemented in either the mailing list software (mailman, majordomo, etc) or the forum bulletin board software. Technically, yes. Practically, I'm sending a message which is to be delivered to this mailing list. When the message is not delivered correctly, I must receive a bounce. Whether the MTA processing list-mail sends the bounce or the software that handles the mailing list is irrelevant in this case. If you want a technical argument: The software handling the mailing list becomes part of the (operation of) the MTA and hence falls under the same RFCs as MTAs do. As a sender of a message, I can not know whether the list is handled via entries in /etc/aliases, by an MTA that has special mailing-list features built in, or by some other means. It entirely doesn't matter. I merely expect correct handling of messages, and that includes bounces being sent when delivery fails. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a94tj8oc@yun.yagibdah.de
Re: Moderated posts?
On 10/17/2014 9:24 PM, lee l...@yagibdah.de wrote: You do not accept messages you can not deliver unless you are relaying them. Absolutely wrong, this rule fully applies to relays just as it does final destination servers. Postfix allows you to do this even if you are unable to get/maintain a local list of valid recipients for relay domains using 'recipient_verification'. If a customer wishes you to provide relay services but refuses to either provide an always up to date list of valid recipients, or worst case, to perform recipient verification, then you simply should not perform relay services for them, period. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5443eda2.10...@libertytrek.org
Re: Moderated posts?
On Sat, Oct 18, 2014 at 03:24:32AM +0200, lee wrote: Klensin Standards Track[Page 71] RFC 5321 SMTP October 2008 if this address is null (), the receiver-SMTP MUST NOT send a notification. This clearly tells you that you *must not* drop or otherwise loose a message once you have accepted it and that you *must* send a bounce when the message can not be delivered. Is a bounce not some sort of notification. The above could easily be read as do nothing, don't bother the sender at all. Please do configure your MTAs accordingly. And that includes whoever runs this mailing list: When you block The MTA accepts them OK, no problem there. messages, the senders must be informed that the delivery to the list has failed. --- I cannot verify whether messages sent to this list have been silently dropped. The policy of MLs or forums has got nothing to do with MTA configuration. The policy is implemented in either the mailing list software (mailman, majordomo, etc) or the forum bulletin board software. -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141018065546.GC18928@tal
Re: Moderated posts?
Joel Rees joel.r...@gmail.com writes: On Tue, Oct 14, 2014 at 8:18 AM, lee l...@yagibdah.de wrote: Jerry Stuckle jstuc...@attglobal.net writes: And, in fact, more and more ISPs are just accepting and discarding emails to non-existent users because rejecting such email helps spammers (any non-rejected email must be a valid user). That's totally retarded. When I don't get an error message in return, the message I sent has been delivered. If it hasn't because there's some error, I will not be responsible for any damage that may hit the recipient or myself. Quietly dropping messages is not an option. There is a header for requesting automatic confirmation of delivery, but it tends to be abused by malicious junkmailers (spammers). MUAs are supposed to be able to disable it, but I haven't seen that option in an MUA settings dialog for a long time. You can set it in Seamonkey, and IIRC gnus and mutt ignore it. A MUA that sends out DSNs without asking and no choice is unusable. This is a grey area of the e-mail standard. People want it to be like snail-mail, only automatic, but don't realize that having people in the loop is what provides the desired feature. It depends: When you have a postman involved who carries the letters to their recipients, you still don't know whether your letter arrived or not, despite involving people. Email is not any less reliable than smail in that regard --- and it's technically easier to get a confirmation that your email has arrived than it is with smail. And you get a confirmation when your message could not be delivered, unless someones MTA is broken. Unfortunately, too many people break theirs. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87d29qgqzf@yun.yagibdah.de
Re: Moderated posts?
Joe j...@jretrading.com writes: Yes, although there should still be an audit trail. As I said to Harry the other day, if you have a message ID from the receiving server you (probably) can chase it up, and no reputable anti-spam software will drop a message without keeping a log stating that it has done so. It is generally possible to find out why a legitimate message was dropped, though of course, somewhat after the event. Dropping a message is a malfunction. And... these things ARE covered, at least in part, by RFCs RFC5321 (latest SMTP spec), Section 6.2. (Unwanted, Unsolicited, and Attack Messages) makes for interesting reading. For example: As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice. However, it is extremely dangerous and violates a long tradition and community expectations that mail is either delivered or returned. If silent message-dropping is misused, it could easily undermine confidence in the reliability of the Internet's mail systems. So silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate. There Is No Alternative. If a message is malicious spam, then it is absolutely certain that the 'From:' is forged, and no messages should be sent to it. There is some spam which might be called 'genuine', in that a real business has sent it under the impression that UCE is a legitimate marketing tool. In those cases only, a bounce message would be appropriate, but sometimes even I'm not sure whether a spam falls into this category. You are mistaken. You send a bounce only for messages you accepted and then can not deliver. Such cases are extremely rare, and if it happens, you need to investigate. You do not accept messages you can not deliver unless you are relaying them. If you can not deliver a message you're relaying, it's not only appropriate to send a bounce but a requirement. It's really that simple. Sections 7.8 and 7.9 of RFC5321 do *not* suggest to drop messages. On the contrary, your *only* alternatives are either denying the message if you really have to, or sending a bounce in case you have accepted a message and can not deliver it: 6.2. Unwanted, Unsolicited, and Attack Messages Utility and predictability of the Internet mail system requires that messages that can be delivered should be delivered, regardless of any syntax or other faults associated with those messages and regardless of their content. If they cannot be delivered, and cannot be rejected by the SMTP server during the SMTP transaction, they should be bounced (returned with non-delivery notification messages) as described above. In today's world, in which many SMTP server operators have discovered that the quantity of undesirable bulk email vastly exceeds the quantity of desired mail and in which accepting a message may trigger additional undesirable traffic by providing verification of the address, those principles may not be practical. As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice.[1] Read the following sections the RFC refers to along with the above: 7.8. Resistance to Attacks In recent years, there has been an increase of attacks on SMTP servers, either in conjunction with attempts to discover addresses for sending unsolicited messages or simply to make the servers inaccessible to others (i.e., as an application-level denial of service attack). While the means of doing so are beyond the scope of this Standard, rational operational behavior requires that servers be permitted to detect such attacks and take action to defend themselves. For example, if a server determines that a large number of RCPT TO commands are being sent, most or all with invalid addresses, as part of such an attack, it would be reasonable for the server to close the connection after generating an appropriate number of 5yz (normally 550) replies. 7.9. Scope of Operation of SMTP Servers It is a well-established principle that an SMTP server may refuse to accept mail for any operational or technical reason that makes sense to the site providing the server. However, cooperation among sites and installations makes the Internet possible. If sites take excessive advantage of the right to reject traffic, the ubiquity of email availability (one of the strengths of the Internet) will be threatened; considerable care should be taken and balance maintained if a site decides to be selective about the traffic it will accept and process.[2] What the RFC obviously means by dropping mail without notification of the sender is that you do not need to *bounce* a message and that you are allowed to instead *reject* a message. You may
Re: piece of mind (Re: Moderated posts?)
Steve Litt sl...@troubleshooters.com writes: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. Even though, apparently unlike 80% of today's kernel developers, nobody pays me to do it. You are free to do so in your free time. It would be a more constructive use than trying to annoy other people (who spend their free time on Linux) until they do so for you for free. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw8wfst4@deep-thought.43-1.org
Re: piece of mind (Re: Moderated posts?)
On Thu, 16 Oct 2014 00:54:02 +0100 Jonathan de Boyne Pollard j.deboynepollard-newsgro...@ntlworld.com wrote: wande...@fastmail.fm: I have a similar lack of awareness and/or understanding about all of the *kit packages / projects / tools / what-have-you, actually; I'm not positive I even know how many there are, much less all of their names. This should help: Put yourself in the position of someone writing a desktop system for Linux and the BSDs. You've reached the part where you're writing a control panel gadget for allowing system administrators (and [clip amazingly detailed and helpful summary of the helper daemons and apis] Thank you Jonathan. I have a much better understanding of the situation now. Interestingly, the stuff Jonathan described was part of my reason for migrating from Ubuntu to Debian. I've always felt unease at those GUI admin tools. And also, of course, Plymouth isn't required in Debian (unless you use Xfce, but then you can just disable Plymouth). Let me ask you one more question: Is there any way that I personally could make wicd independent of all of those helper daemons that are now welded to systemd, or would I have to drop all the way back to wpa-supplicant to get rid of the need for those daemons? Thanks, SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016022331.3b692...@mydesq2.domain.cxm
Re: piece of mind (Re: Moderated posts?)
On Thu, Oct 16, 2014 at 01:12:51AM -0400, Steve Litt wrote: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. You're being completely ludicrous, Steve. The extent of your sense of entitlement is breathtaking. Here you are on a list dedicated to an OS built almost entirely by volunteers and you're not prepared to roll your sleeves up, but you're more than happy to tell everyone how they should do it, and what they should do. I'm not going to engage with you any more on this list. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016063338.ga10...@chew.redmars.org
Re: piece of mind (Re: Moderated posts?)
On Thu, 16 Oct 2014 08:10:47 +0200 Ansgar Burchardt ans...@debian.org wrote: Steve Litt sl...@troubleshooters.com writes: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. Even though, apparently unlike 80% of today's kernel developers, nobody pays me to do it. You are free to do so in your free time. It would be a more constructive use than trying to annoy other people (who spend their free time on Linux) until they do so for you for free. So, reading between the lines, you find my saying don't break Linux annoying. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016023029.531bd...@mydesq2.domain.cxm
Re: piece of mind (Re: Moderated posts?)
2014/10/16 15:34 Jonathan Dowland j...@debian.org: On Thu, Oct 16, 2014 at 01:12:51AM -0400, Steve Litt wrote: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. You're being completely ludicrous, Steve. The extent of your sense of entitlement is breathtaking. Here you are on a list dedicated to an OS built almost entirely by volunteers and you're not prepared to roll your sleeves up, but you're more than happy to tell everyone how they should do it, and what they should do. I'm not going to engage with you any more on this list. I think it would help if we wouldn't assume the other guy is freeloading, just because he seems to have time to be looking places we not to, or because he shares his work in different ways. FWIW, I've been getting three or four hours of sleep at night for the last month, and I haven't touched any of my personal projects since before summer, including one that should have been making my day job significantly easier by now. Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.
Re: piece of mind (Re: Moderated posts?)
Steve Litt sl...@troubleshooters.com writes: Ansgar Burchardt ans...@debian.org wrote: Steve Litt sl...@troubleshooters.com writes: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. Even though, apparently unlike 80% of today's kernel developers, nobody pays me to do it. You are free to do so in your free time. It would be a more constructive use than trying to annoy other people (who spend their free time on Linux) until they do so for you for free. So, reading between the lines, you find my saying don't break Linux annoying. No, what I find annoying is telling volunteer what they have to do without doing anything yourself on the issues you raise and repeating don't break Linux endlessly. I think everybody knows by now you believe that, there's no (constructive) use in further repeating it. As a comparison: I don't go to the PHP mailing lists and tell them that they have to fix their namespace operator (\) or rewrite software I might want to use in a sane[1] language. I think the current systemd threads here are pretty much that. In fact, I've become annoyed enough by these threads that I won't bother to look at sysvinit support in my packages any longer -- if it breaks I won't look at it myself. I won't spend my free time on fixing things for people who annoy me. Ansgar [1] According to my view of the world ;) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87h9z4a3oi@deep-thought.43-1.org
Re: piece of mind (Re: Moderated posts?)
On Thu, 16 Oct 2014 00:54:02 +0100 Jonathan de Boyne Pollard j.deboynepollard-newsgro...@ntlworld.com wrote: wande...@fastmail.fm: I have a similar lack of awareness and/or understanding about all of the *kit packages / projects / tools / what-have-you, actually; I'm not positive I even know how many there are, much less all of their names. This should help: Another vote of thanks. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016085859.2bc1f...@jresid.jretrading.com
Re: Recipient validation - WAS: Re: Moderated posts?
On Wed, 15 Oct 2014 22:12:41 +0100 Brad Rogers b...@fineby.me.uk wrote: On Wed, 15 Oct 2014 21:44:30 +0100 Joe j...@jretrading.com wrote: Hello Joe, It is *not* OK to silently delete an already accepted email, it does Unfortunately, it happens; Send an email with a large attachment(1) and there are quite a few servers that will silently drop it. The worst of it is you can never know for certain if you're going to get bitten because routing can vary. (1) 4Meg or so used to do the trick. Things might be different now as more and more messages contain massive amounts of HTML and imagery. Possibly so, but in every case somebody has messed up. Firstly an MTA trying to send a large file should query whether the receiving server is happy with that. There will be receive limits on email size directly, but also the recipient's mailbox may not have enough spare space, and policy may be to refuse the large email rather than quarantine it somewhere else. If the receiving server isn't happy, the transaction is aborted and the sender told. If the sending server sends more than the receiver is happy with, even if no protest was raised earlier, or no warning of the size was given, the receiver can simply not acknowledge receipt, or indeed just terminate the TCP session, and again the sending server notifies the email sender, possibly after a couple of re-tries if it has not been explicitly told that the message isn't welcome. If a large email is accepted, but only later it is found that it cannot be delivered by reason of some policy, then it's up to the receiving server to tell the recipient. I'm not for a moment doubting that it happens as you say, but there's no need for it in the case of a legitimate email, it is always possible either for the receiving server to fail to complete the SMTP transaction, or for recipient-end processing to inform the recipient of any post-acceptance delivery problems. Either the sender or the recipient *can* be told. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016092302.67e8c...@jresid.jretrading.com
Re: piece of mind (Re: Moderated posts?)
On Thu, 16 Oct 2014 07:33:38 +0100 Jonathan Dowland j...@debian.org wrote: On Thu, Oct 16, 2014 at 01:12:51AM -0400, Steve Litt wrote: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. You're being completely ludicrous, Steve. The extent of your sense of entitlement is breathtaking. I've asked for two software changes in my life: 1) Add character styles to LyX 2) Add real ePub export to LyX Every other need I had, I either wrote software for it, or worked around it. Several of the softwares I wrote for it I released as Free Software, one of which is in the Debian repositories right now. I'm not asking anyone to change Debian. I'm asking them *not* to change it. Leave well enough alone. It's not too late. Here you are on a list dedicated to an OS built almost entirely by volunteers and you're not prepared to roll your sleeves up, but you're more than happy to tell everyone how they should do it, and what they should do. You used the word ludicrous. I'll tell you what's ludicrous. Implying that if I don't roll up my sleeve and make alternatives for everything that systemd welded together, but instead say don't weld it, I'm entitled. It took a lot of people to do this damage to Linux, many of them paid handsomely for their damage: One guy, or even a few guys, aren't going to undo it. You state that Linux is built almost entirely by volunteers. Do you have a reference for that? If the whole OS is anything like the kernel, a heck of a lot of those volunteers get a paycheck for their volunteerism. http://spectrum.ieee.org/computing/software/whos-writing-linux Then there's this idea that if you're not writing C code, you're not doing anything for Linux. I'm actually going to write an entire article on that, but suffice it to say a lot of people have done a lot of different things to make Linux succeed, and a lot of those things weren't writing code. And very few of those things have anything to do with writing systemd related code. I'm not going to engage with you any more on this list. That's your choice. Believe me, I don't like it either, and if there were any reasonable low maintenance desktop Linux distros, I'd have simply migrated and wouldn't be on this list. I didn't yell on the Ubuntu list about Plymouth, I just moved. The problem is, this systemd thing is a concerted effort to change to all major distros to what Leonnart Poettering calls a real OS and I call fewer interchangeable parts. You can't escape it by switching major desktop distros. The one hope is to keep talking it up on the one major distro that might have the guts to defy Red Hat. Actually, I take it all back: I *do* have a sense of entitlement. I feel entitled to use a reasonable facimile of the same OS that, for thirteen years, I've used, written about, created software for, created user groups for, and recruited others to use. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016042029.72620...@mydesq2.domain.cxm
Re: piece of mind (Re: Moderated posts?)
On Jo, 16 oct 14, 07:31:56, Joel Rees wrote: 2014/10/16 5:59 Andrei POPESCU andreimpope...@gmail.com: The problem with this approach is that it's not fine-grained enough, i.e. it can't distinguish between users logged in locally or via ssh. This means Mallory could easily spy on Alice remotely, just by being a member of 'audio' and 'video'. Two thoughts that this problem brings to mind -- (1) Why should it matter? Local? Remote? A hole is a hole. It doesn't. Mallory could as well just set up a program to record from the audio/video devices. (1.5) How does ssh deal with making connections private? Any clues there? I don't know what you mean by this. (2) There are times when I don't want to have to be logged in as an admin user to be able to make an ephemeral group. I've understood that for ten years. When am I going to make the time to construct the package to manage it within the standard unix permissions model? Same here. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Recipient validation - WAS: Re: Moderated posts?
On Thu, 16 Oct 2014 09:23:02 +0100 Joe j...@jretrading.com wrote: Hello Joe, {snipped explanations} All very useful info, thanks; Cleared up a few things for me. I'm not for a moment doubting that it happens as you say, but there's no need for it in the case of a legitimate email, it is always possible I suspect that it happens as part of a mis-guided (or ill-conceived) anti-spam policy (any attachment that large *must* have a nasty payload, etc, etc.) To be fair, I've not fallen foul of the problem for some time. Having said that, there's been little need for me to send or receive large files for some time. These days, if I do need to transmit or receive large files, I upload them to a file-space somewhere and ask the intended recipient to download them, and ask them to do the same, so I can download. This has the (minor) bonus that people's mailboxes don't get clogged, and they can download at a time that's convenient to them, rather than when it's handy for me to send it. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent I'm spending all my money and it's going up my nose Teenage Depression - Eddie The Hot Rods pgpdhk939z72Z.pgp Description: OpenPGP digital signature
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 3:13 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Tanstaafl wrote: 1. email to invalid recipients should be rejected at the RCPT-TO stage, Easier said then done - at least when a server does relaying, but clearly ideal when possible. No, it is 100% easily done. For servers under your control, you just do it. If you don't know how and are unwilling or unable to learn how, then you have no business running a mail server. For servers not under your direct control, but for whom your server is the official relay for final delivery (which means you need the current list o valid recipients), you either require them to allow you to perform recipient verification, or to provide you with a constantly up to date list of valid recpients, or you don't act as their relay. snip Generally agree with you in principle. And that's certainly the standards-compliant policy. In practice I support a few dozen mailing lists - operational necessity dictates dropping a lot of stuff silently. Lists are different, and definitely fall into the category of 'best effort, but no promises'... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543f9df8.3080...@libertytrek.org
Re: Recipient validation - WAS: Re: Moderated posts?
Please do not send to me directly, I am on the list. On 10/15/2014 3:15 PM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/15/2014 12:40 PM, Tanstaafl wrote: Easy enough to prove. By all means, quote the actual text of me saying this was 'OK'... You said: However, once a message has been accepted - ie, *after* the DATA phase is complete, it should never be bounced, it should be delivered - or, worse, quarantined, or worst case, deleted (ie, if it is later found to contain a malicious payload). And nowhere do you see the word 'OK'. As I said, please do NOT put words in my mouth. It is either OK to delete an email or it is not. You can't have it both ways. If, as according to your other statements, it is not OK to delete emails, then you are violating your own rules by deleting mails - for ANY reason. If you are unable to see the difference between a rare, extreme worst case scenario of having discovered an email that you accepted for delivery contains a malicious payload, and deleting an email for no other reason than the recipient has a typo in it, then you have no business running a mail server. Your reason is i.e. if it is later found to contain a malicious payload. My reason is It is addressed to a non-existent user. Either both are OK or neither is OK. So, you obviously have no business running a mail server. you keep saying that the RECEIVING server 'sends a message back to the originator' - unless maybe you simply have a hard time saying what you really mean, which always causes confusion. it does send a message back to the originator - it may only be a status code, but it is still a message. The status code is not *sent* anywhere - it is a response directly to the connecting machine. Then how does it get back to the sending server? Magic? Can you not read? The CONNECTING MACHINE - the one that was directly talking to YOUR server - is responmsible for that part of the transaction. Spambots DO NOT DO THIS. It is then the responsibility of that machine that was talking to your server to pass the response code back to the originating *server* (not the sender of the email - there is a difference). I didn't say the sender of the email. Maybe not, but I have no desire to go back through this thread to see whether you ever did or not. You are apparently incapable of communicating with semantic precision, so this time I'm really done. Respond if you like, I won't see it. And you still can't quote an RFC which indicates what I am doing breaks SMTP. That's because there isn't one and I am NOT breaking SMTP. As I said, there is no rule that says that you have to violate an RFC to break SMTP. Accepting invalid recipients then silently deleting them breaks SMTP for the vast majority of internet email users. You are free to break it all you want... on your server. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543f9ffc.6030...@libertytrek.org
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 4:44 PM, Joe j...@jretrading.com wrote: However, if the Reply-To: is forged, i.e. if it is spam, the alternative is considerably less OK. Bouncing a spam message simply delivers *the* *entire* *message* to an innocent third party, having been laundered through your (presumably legitimate and respectable) mail server. So it isn't OK, but there's no alternative to doing it. That's how you have it both ways. Spam doesn't have to be deleted, it can be quarantined. That is the best way to handle spam once it has been accepted. I don't even delete the malicious stuff, although I don't deliver it to the recipient. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fa10c.6010...@libertytrek.org
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 4:58 PM, Joe j...@jretrading.com wrote: It's worth some effort, at the moment it is the single most effective anti-spam measure. If you outsource your mail, it's worth going to some trouble to find a hosting company who will hold and accept updates for a list of valid recipients. Or even easier, just get them to agree to let you perform recipient verification in realtime. if it is spam, there's nobody to tell, and you don't want to send a copy of the spam to the forged Reply-To: address. Of course not - which is why you REJECT it instead of ACCEPT+BOUNCE.. 3. once an email has been accepted for final delivery, every effort should be taken to deliver the message to the recipient, whether to their Inbox clean or tagged as spam (if a spam threshhold is met), or to a spam quarantine, Which shouldn't be a problem if there's a valid recipient. Well, since everything I'm talking about is not accepting mail for invalid recipients, not sure why you felt the need to say that. Yes, and a log kept. Anyone who runs a mail server and doesn't keep logs shouldn't be running a mail server. *And* the postmaster address monitored, Anyone who runs a mail server and doesn't monitor the postmaster address shouldn't be running a mail server. and a request to know the disposition of a vanished email should be answered, along with the reason. Especially if the request is accompanied by one of your message IDs... Absolutely... Of course. Already-accepted spam *must* be silently dropped. Absolutely NOT! It should be *delivered*, either tagged as spam to the Inbox, or to a quarantine, but it should be delivered. I only allow tagged delivery for more sophisticated users. Normal users have to check their quarantine. The only exception on my system is anything with a verified malicious payload, which is delivered to an admin mailbox, not to the intended recipient/victim. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fa2d9.1080...@libertytrek.org
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 5:12 PM, Brad Rogers b...@fineby.me.uk wrote: Send an email with a large attachment(1) and there are quite a few servers that will silently drop it. Anyone who does that is breaking SMTP. If you don't want messages over a certain size, REJECT them, but absolutely do not EVER accept then silently delete them, that is just plain stupid. The worst of it is you can never know for certain if you're going to get bitten because routing can vary. It isn't about routing problems, it is about properly configuring your toolset. (1) 4Meg or so used to do the trick. Things might be different now as more and more messages contain massive amounts of HTML and imagery. Google accepts 25MB+, as does Outlook.com and most other freemailers now. That is our limit here too. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fa3d1.9030...@libertytrek.org
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 8:37 PM, Jerry Stuckle jstuc...@attglobal.net wrote: Tanstaafl couldn't answer it, and you can't either, because it's not violating any. I did answer it, you just ignored it or don't understand it. Quote: You do not have to violate an RFC to break SMTP. Here is a real world example: Improperly configured TCP filtering features on firewalls and routers don't violate any specific RFC, but they certainly can break SMTP (and other things too). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fa4cd.8010...@libertytrek.org
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On Thu, Oct 16, 2014 at 06:50:01AM -0400, Tanstaafl wrote: Anyone who runs a mail server and doesn't keep logs shouldn't be running a mail server. *And* the postmaster address monitored, Anyone who runs a mail server and doesn't monitor the postmaster address shouldn't be running a mail server. Tell that to yahoo, they *don't seem* to have a postmaster address nor an abuse address. :( -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016113134.GB9534@tal
Re: Recipient validation - WAS: Re: Moderated posts?
On Thu, Oct 16, 2014 at 7:58 PM, Tanstaafl tansta...@libertytrek.org wrote: On 10/15/2014 8:37 PM, Jerry Stuckle jstuc...@attglobal.net wrote: Tanstaafl couldn't answer it, and you can't either, because it's not violating any. I did answer it, you just ignored it or don't understand it. Quote: You do not have to violate an RFC to break SMTP. Here is a real world example: Improperly configured TCP filtering features on firewalls and routers don't violate any specific RFC, but they certainly can break SMTP (and other things too). Thus, we can understand that you are an idealist that would rather see your version of SMTP rules be followed by everyone than try to follow the RFC yourself. Where are your SMTP rules spelled out, by the way? -- Joel Rees Be careful when you see conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAr43iMhgnbTZiDfiG=yyV8cC5O+=-pttkhdaxemzqub6x3...@mail.gmail.com
Re: Recipient validation - WAS: Re: Moderated posts?
On Thu, 16 Oct 2014 06:54:09 -0400 Tanstaafl tansta...@libertytrek.org wrote: Hello Tanstaafl, On 10/15/2014 5:12 PM, Brad Rogers b...@fineby.me.uk wrote: Send an email with a large attachment(1) and there are quite a few servers that will silently drop it. Anyone who does that is breaking SMTP. If you don't want messages over Yes, that's the point. certain size, REJECT them, but absolutely do not EVER accept then silently delete them, that is just plain stupid. Oh I agree, wholeheartedly. As I said in my reply to Joe, I suspect it's part of a misguided anti-malware program. The worst of it is you can never know for certain if you're going to get bitten because routing can vary. It isn't about routing problems, it is about properly configuring your toolset. What I meant was that, since at any given time a route from A-B can vary due to, for example a server being down, you can't be sure which route the mail will take and therefore, which server(s) it'll pass through and what their reject/drop rules are. So, not routing per se, but unpredictable consequences of passing through certain servers. (1) 4Meg or so used to do the trick. Things might be different now s Google accepts 25MB+, as does Outlook.com and most other freemailers now. That is our limit here too. Things are much better than I hoped then. I'll keep that in mind for future use. Thanks. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent I must be hallucinating, watching angels celebrating There Must Be An Angel (Playing With My Heart) - Eurythmics pgpXoM5d0tsJX.pgp Description: OpenPGP digital signature
Re: piece of mind (Re: Moderated posts?)
Ansgar Burchardt wrote: Steve Litt sl...@troubleshooters.com writes: Ansgar Burchardt ans...@debian.org wrote: Steve Litt sl...@troubleshooters.com writes: OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. Even though, apparently unlike 80% of today's kernel developers, nobody pays me to do it. You are free to do so in your free time. It would be a more constructive use than trying to annoy other people (who spend their free time on Linux) until they do so for you for free. So, reading between the lines, you find my saying don't break Linux annoying. No, what I find annoying is telling volunteer what they have to do without doing anything yourself on the issues you raise and repeating don't break Linux endlessly. I think everybody knows by now you believe that, there's no (constructive) use in further repeating it. So, by your logic, if a horde of volunteers blow into town after a crisis - then proceed to muck things up, all in the name of helping - nobody has a right to complain? And, it's worth noting that, given how many people working on Linux (and other open source projects) are paid by their employers to do so, this is not about the actions of volunteers. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fb518.8050...@meetinghouse.net
Re: Recipient validation - WAS: Re: Moderated posts?
Guys - Please take this off-list. Things have gone way, way past the point where this is of an interest or relevance to anyone else on this list. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016121446.ga20...@chew.redmars.org
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On 16/10/14 22:31, Chris Bannister wrote: On Thu, Oct 16, 2014 at 06:50:01AM -0400, Tanstaafl wrote: Anyone who runs a mail server and doesn't keep logs shouldn't be running a mail server. *And* the postmaster address monitored, Anyone who runs a mail server and doesn't monitor the postmaster address shouldn't be running a mail server. Tell that to yahoo, they *don't seem* to have a postmaster address nor an abuse address. :( ab...@yahoo-inc.com domainad...@yahoo-inc.com abuse-cen...@yahoo-inc.com mail-ab...@yahoo-inc.com domain.t...@yahoo-inc.com NOTE: I haven't tried them, but they're valid email addresses (don't ask). If you are having problems lately (last six months) it's likely that you haven't deployed SPF and DKIM - contentious issues for, um, the more conservative mail admin. I like SPF and DKIM - guess I'm not that conservative. Increasingly you'll find you'll need it - more of us, less conservative mail admin are deploying it and slowly switching to dumping mail that doesn't. Without SPF DKIM it's usually trivial to spoof a sender, one day spammers might work that out. SMTP Error codes:- https://help.yahoo.com/kb/postmaster/smtp-error-codes-sln23996.html?impressions=true You'll find other related links on the same page. Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fa87b.5060...@gmail.com
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On 10/16/2014 7:31 AM, Chris Bannister cbannis...@slingshot.co.nz wrote: On Thu, Oct 16, 2014 at 06:50:01AM -0400, Tanstaafl wrote: Anyone who runs a mail server and doesn't monitor the postmaster address shouldn't be running a mail server. Tell that to yahoo, they *don't seem* to have a postmaster address nor an abuse address. :( Then they shouldn't be running a mail server... ;) And they are in violation of the RFC that mandates that these two addresses always be available and monitored. But I'm sure they couldn't care less... ;) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fb99b.1080...@libertytrek.org
Re: piece of mind (Re: Moderated posts?)
On 10/16/2014 14:07, Miles Fidelman wrote: Ansgar Burchardt wrote: No, what I find annoying is telling volunteer what they have to do without doing anything yourself on the issues you raise and repeating don't break Linux endlessly. I think everybody knows by now you believe that, there's no (constructive) use in further repeating it. So, by your logic, if a horde of volunteers blow into town after a crisis - then proceed to muck things up, all in the name of helping - nobody has a right to complain? No, I'm complaining exactly about that: there's a nice town and some guests have decided to rampage through town because they don't like what the people building the town do. The guests also use megaphones during the night hours when people would like to sleep to point out how wrong the people building the town are. Ansgar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fba93.8090...@debian.org
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/16/2014 7:40 AM, Joel Rees joel.r...@gmail.com wrote: On Thu, Oct 16, 2014 at 7:58 PM, Tanstaafl tansta...@libertytrek.org wrote: On 10/15/2014 8:37 PM, Jerry Stuckle jstuc...@attglobal.net wrote: Tanstaafl couldn't answer it, and you can't either, because it's not violating any. I did answer it, you just ignored it or don't understand it. Quote: You do not have to violate an RFC to break SMTP. Here is a real world example: Improperly configured TCP filtering features on firewalls and routers don't violate any specific RFC, but they certainly can break SMTP (and other things too). Thus, we can understand that you are an idealist that would rather see your version of SMTP rules be followed by everyone than try to follow the RFC yourself. Where are your SMTP rules spelled out, by the way? Ok, I just went and looked it up, and lo and behold... RFC 2821 is the controlling RFC if I'm not mistaken... https://tools.ietf.org/html/rfc2821 In there you'll find this: The second step in the procedure is the RCPT command. RCPT TO:forward-path [ SP rcpt-parameters ] CRLF The first or only argument to this command includes a forward-path (normally a mailbox and domain, always surrounded by and brackets) identifying one recipient. If accepted, the SMTP server returns a 250 OK reply and stores the forward-path. If the recipient is known not to be a deliverable address, the SMTP server returns a 550 reply, typically with a string such as no such user - and the mailbox name (other circumstances and reply codes are possible). This step of the procedure can be repeated any number of times. So, how do you 'interpret' the pertinent part: If the recipient is known not to be a deliverable address, the SMTP server returns a 550 reply, typically with a string such as no such user - and the mailbox name (other circumstances and reply codes are possible). ? Sounds to me like a mandate to reject invalid recipients at the RCPT-TO stage. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543fbb6b.4000...@libertytrek.org
Re: piece of mind (Re: Moderated posts?)
On Thu, Oct 16, 2014 at 02:31:15PM +0200, Ansgar Burchardt wrote: On 10/16/2014 14:07, Miles Fidelman wrote: Ansgar Burchardt wrote: No, what I find annoying is telling volunteer what they have to do without doing anything yourself on the issues you raise and repeating don't break Linux endlessly. I think everybody knows by now you believe that, there's no (constructive) use in further repeating it. So, by your logic, if a horde of volunteers blow into town after a crisis - then proceed to muck things up, all in the name of helping - nobody has a right to complain? No, I'm complaining exactly about that: there's a nice town and some guests have decided to rampage through town because they don't like what the people building the town do. The guests also use megaphones during the night hours when people would like to sleep to point out how wrong the people building the town are. And the people who are trying to sleep in their comfy bachelor luxury condos get abused when they tell them to keep the noise down. -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016132414.GB11617@tal
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/16/2014 at 06:37 AM, Tanstaafl wrote: Please do not send to me directly, I am on the list. On 10/15/2014 3:15 PM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/15/2014 12:40 PM, Tanstaafl wrote: The status code is not *sent* anywhere - it is a response directly to the connecting machine. Then how does it get back to the sending server? Magic? Can you not read? The CONNECTING MACHINE - the one that was directly talking to YOUR server - is responmsible for that part of the transaction. Spambots DO NOT DO THIS. I think there's a miscommunication here. I think that what you are calling the connecting machine is the same thing as what he is calling the sending server. In both cases, I believe what is being referred to is the machine to which the 'status code' will be sent. And I believe he's trying to (implicitly and passive-aggressively) point out is that the status code itself A: is a message, however tiny, and B: is sent from your receiving server to the sending server/connecting machine - and that, thus, a message is sent back. There are so many terms in this which appear to be being defined differently by the two sides of the discussion, it's no surprise that there's been so little real communication here; it's almost more surprising that there's been as much as there has. It is then the responsibility of that machine that was talking to your server to pass the response code back to the originating *server* (not the sender of the email - there is a difference). I didn't say the sender of the email. Maybe not, but I have no desire to go back through this thread to see whether you ever did or not. You are apparently incapable of communicating with semantic precision, so this time I'm really done. I don't think he's incapable of it; I think he's trying to browbeat you into accepting his terminology, by intentionally refusing to explain his meaning rather than simply point out where you didn't match it, so that you have to figure out for yourself what that meaning is - probably because figuring something out for yourself tends to lead to a deeper and more personally acceptable understanding. Which is fine enough up to a point, but past that point becomes a form of bad argument, and IMO we are very much past that point. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Recipient validation - WAS: Re: Moderated posts?
On Thu, Oct 16, 2014 at 9:34 PM, Tanstaafl tansta...@libertytrek.org wrote: On 10/16/2014 7:40 AM, Joel Rees joel.r...@gmail.com wrote: On Thu, Oct 16, 2014 at 7:58 PM, Tanstaafl tansta...@libertytrek.org wrote: On 10/15/2014 8:37 PM, Jerry Stuckle jstuc...@attglobal.net wrote: Tanstaafl couldn't answer it, and you can't either, because it's not violating any. I did answer it, you just ignored it or don't understand it. Quote: You do not have to violate an RFC to break SMTP. Here is a real world example: Improperly configured TCP filtering features on firewalls and routers don't violate any specific RFC, but they certainly can break SMTP (and other things too). Thus, we can understand that you are an idealist that would rather see your version of SMTP rules be followed by everyone than try to follow the RFC yourself. Where are your SMTP rules spelled out, by the way? Ok, I just went and looked it up, and lo and behold... RFC 2821 is the controlling RFC if I'm not mistaken... https://tools.ietf.org/html/rfc2821 In there you'll find this: The second step in the procedure is the RCPT command. RCPT TO:forward-path [ SP rcpt-parameters ] CRLF The first or only argument to this command includes a forward-path (normally a mailbox and domain, always surrounded by and brackets) identifying one recipient. If accepted, the SMTP server returns a 250 OK reply and stores the forward-path. If the recipient is known not to be a deliverable address, the SMTP server returns a 550 reply, typically with a string such as no such user - and the mailbox name (other circumstances and reply codes are possible). This step of the procedure can be repeated any number of times. So, how do you 'interpret' the pertinent part: If the recipient is known not to be a deliverable address, the SMTP server returns a 550 reply, typically with a string such as no such user - and the mailbox name (other circumstances and reply codes are possible). ? Sounds to me like a mandate to reject invalid recipients at the RCPT-TO stage. Well, I'll tell you what. Before I try to engage with you on this, I'm going to do my part and re-read RFCs 5321, 5322, 4409, and BCP 14 and several others referred to therein, completely, and make sure I understand them. I strongly encourage you to do the same. -- Joel Rees Be careful when you see conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caar43ip5ymnc3zvqsvyqwo3bgabwseaf1djcxif_lmsqsou...@mail.gmail.com
Re: piece of mind (Re: Moderated posts?)
On Ma, 14 oct 14, 17:56:58, Steve Litt wrote: Because you don't want to inextricably drag a giant monolith into your Desktop Environment just to do a few things. If you compare systemd with a Desktop Environment I'm not quite sure who's the giant ;) And how were they handling this task before systemd? It's not like Desktops, Window Managers and whatever things like lightdm are called didn't exist before systemd. ConsoleKit, unmaintained. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: piece of mind (Re: Moderated posts?)
On Ma, 14 oct 14, 22:56:15, The Wanderer wrote: Not to mention that just offhand I'm not sure I'd even know how to turn off basic tab completion - whereas turning off programmable tab completion is pretty much just a matter of not sourcing the tab-completion files in the effective bash environment, IIRC. (Though I always have to look up where to do it, every time I build a new system.) Removing the package bash-completion (package name verified by courtesy of programmable tab completion) should do it ;) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: piece of mind (Re: Moderated posts?)
On 14/10/14 22:56, Steve Litt wrote: On Wed, 15 Oct 2014 00:15:40 +0300 Andrei POPESCU andreimpope...@gmail.com wrote: As far as I understand none of the upstreams are actually requiring systemd itself (or more accurately systemd-logind), but the interfaces it is providing. I fail to see the distinction. As long as the interface is there (and works), they don't care how it's implemented. The interface is defined, and it certainly *looks* externally reimplementable. And it also seems to make sense (why should every Desktop Environment implement it's own solution for this?). Because you don't want to inextricably drag a giant monolith into your Desktop Environment just to do a few things. If I have seen further than other men, it is by standing on the shoulders of giants. The alleged monolith does a bunch of (probably mostly neither interesting nor trivial) stuff for me. That means I don't have to do that stuff myself, and can concentrate on doing the things that are either interesting or trivial. Besides, the average DE is pretty beefy itself. And how were they handling this task before systemd? They were using ConsoleKit, which was orphaned upstream some time after systemd-logind came along. It's not like Desktops, Window Managers and whatever things like lightdm are called didn't exist before systemd. (For reference: things like lightdm, xdm, slim, gdm3, etc. are called display managers, and have been since 1988.) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e2b7a.50...@zen.co.uk
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On 10/14/2014 1:58 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Well, this really is OT for debian-users, but Turns out that SMTP WAS/IS intended to be reliable. Reliable, absolutely. 100% reliable? That simply isn't possible when people are involved in the equation (people mis-configure servers - whether accidentally, through ignorance, or intentionally (just because that is the way they want it). I'd always lumped SMTP in the category of unreliable protocols, w/o guaranteed delivery The protocol itself is extremely reliable. It is what people *do* with it that can cause it to become less reliable/resilient. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e4da8.2060...@libertytrek.org
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/14/2014 12:03 PM, Tanstaafl tansta...@libertytrek.org wrote: The 'silly statements' reference was about your suggestion that it is in any way shape or form 'ok' to *accept* mail to invalid recipients then send it to dev/null. Incidentally, yes there may be some circumstances where this could be considered ok... a hobby server, or your own, personal server. Your server, your rules. But I'm talking about mail servers with lots of users who expect to be able to communicate via email effectively and reliably with others on the internet. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e4ec5.2000...@libertytrek.org
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
Tanstaafl wrote: On 10/14/2014 1:58 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Well, this really is OT for debian-users, but Turns out that SMTP WAS/IS intended to be reliable. Reliable, absolutely. 100% reliable? That simply isn't possible when people are involved in the equation (people mis-configure servers - whether accidentally, through ignorance, or intentionally (just because that is the way they want it). I'd always lumped SMTP in the category of unreliable protocols, w/o guaranteed delivery The protocol itself is extremely reliable. It is what people *do* with it that can cause it to become less reliable/resilient. There is a technical distinction between best efforts (unreliable) protocols, such as IP ('fire and forget' if you will), and reliable protocols, such as TCP (with explicit acks and retransmits). At least in the technical circles I run in (BBN - you know, we built the ARPANET; Ray Tomlinson, who coined use of the @ sign in email nominally worked for me, for a short period - in a matrixy version of worked for), SMTP is usually discussed as providing a best efforts (unreliable) service -- which, in reality, it is (particularly in real world configurations where mail often gets relayed through multiple servers). So.. I was just a bit surprised to go back and read the RFC and discover that SMTP is explicitly intended to provide a reliable service. As to 100% reliable - nothing is 100% reliable. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e6219.6030...@meetinghouse.net
Re: piece of mind (Re: Moderated posts?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15/10/2014 6:02 PM, Andrei POPESCU wrote: ConsoleKit, unmaintained. But fixed, for kFreeBSD A. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlQ+ZOQACgkQqBZry7fv4vtv5gEAqxefTmCV1PLqwNWgJOGeFwGD zc00RNvDgol9E3waTeUA/3VV1gqBmLnO2dYcydok6SlSN2S53dQGK+IEpSn3kRpg =Q1fk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e64e7.8060...@affinityvision.com.au
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/14/2014 12:03 PM, Tanstaafl wrote: On 10/14/2014 11:17 AM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/14/2014 8:05 AM, Tanstaafl wrote: If you think I'm kidding, please by all means go make these silly statements on the postfix list and I'll just sit and watch the fun. You don't read very well. This has nothing to do with emails to a valid address. A large amount of that spam goes to invalid addresses. I see them go through the logs regularly. I read fine. The 'silly statements' reference was about your suggestion that it is in any way shape or form 'ok' to *accept* mail to invalid recipients then send it to dev/null. But you just said it was OK to delete emails. Please don't misquote me. I said it was the *worst case*, meaning, only marginally better than *bouncing* them, which you should never do. I certainly did not say it was 'OK'. Wrong. Rejecting garbage sends a message back to the originator, No, it doesn't. It closes the connection with a response code. snip I know how it works. Apparently not, since you keep saying that the RECEIVING server 'sends a message back to the originator' - unless maybe you simply have a hard time saying what you really mean, which always causes confusion. Now how often do you get an email of 1MB? Like a large percentage of businesses, we get mail *all the time* that is many MB's in size. Even all of the freemailers have very large max sizes they accept now (I think gmail is up to 25MB or 30MB?). But, I'd say 10-15% of our email traffic consists of messages that are 1MB+ And yes, even lots of spam now has larger attachments (even seen them over 2MB, though not very often). If I reject the mail at the RCPT-TO stage, then I only accepted a few bytes of traffic before terminating the connection with an SMTP response (error) code. The connecting machine then decides whether to pass the response back or not (again, a few bytes at most). That's your option. No, it is the right thing to do. If you *accept* the mail, then you accepted the entire 1MB of traffic. So, who is responsible for more traffic in such a case? Sure. Thank you for acknowledging that at least this argument in support of breaking recipient validation (that rejecting emails results in more traffic than accepting/deleting them) is wrong. We're making progress. But spammers don't know whether it is a good address or not. Nor do they if I reject the transaction way before the RCPT-TO stage, which postscreen does *very* well, which is what happens most of the time. Also, my understanding is that there the vast majority of spammers no longer engage in dictionary attacks to harvest valid email addresses. I said NOTHING about security. I just don't want them to know what the valid email addresses are. In my mind saying 'I am doing this because I don't want them to know what the valid email addresses are' is the exact same thing as saying 'I am doing this for security purposes.'. That way they don't send more SPAM to the good addresses. It isn't about how much spam is targeted at your users, it is about how much gets through, and an effective anti-spam solution block 99+% of it - *without* breaking SMTP. And again, my understanding is that there the vast majority of spammers no longer engage in dictionary attacks to harvest valid email addresses, so you are continuing to break smtp for your users and getting very little to no real world value out of it. Passwords, by their very nature, are intended to be difficult/impossible to 'guess'. To suggest that this is even in the same universe as 'security through obscurity' is ludicrous. Then what is that if it isn't obscurity? I didn't say it wasn't 'obscurity', I said it wasn't *security through obscurity*. The first is a simple word that has a very broad and general meaning. The second has a very specific and limited meaning. You don't necessarily need to explictly violate any give RFC to 'break SMTP', Jerry. Breaking recipient validation defacto breaks SMTP. It tells the sending server that everything is OK, when it isn't. It allows someone who Tell me what RFC I am violating. Unless I am violating an RFC, there is no breaking of SMTP. Objection: asked and answered (see directly above). No one should. What I do care about is if the President of NBC typos an email address to our President when sending an important email, I want him to know the email didn't make it. And what if he sends a letter, but misaddresses the letter? He'll (hopefully) know about it when it gets returned, because his secretary (hopefully) isn't stupid and puts the correct return address on it. Please explain what is *Seriously Fraudulent* or *otherwise inappropriate* about a typo in the recipient address of an otherwise perfectly legitimate email, Jerry. How many valid emails do you get to a bad email address? Please answer the
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/14/2014 3:20 PM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/14/2014 11:24 AM, Tanstaafl wrote: However, once a message has been accepted - ie, *after* the DATA phase is complete, it should never be bounced, it should be delivered - or, worse, quarantined, or worst case, deleted (ie, itf it is later found to contain a malicious payload). But I was speaking mainly toward the botnet junk that postscreen is so good at rejecting now, and that is the vast majority... And that is exactly what I do - I delete the email. Right... the 'worst case' (with the exception of bouncing) I mentioned above. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e6611.9040...@libertytrek.org
Re: piece of mind (Re: Moderated posts?)
On 10/15/2014 at 04:08 AM, Martin Read wrote: On 14/10/14 22:56, Steve Litt wrote: On Wed, 15 Oct 2014 00:15:40 +0300 Andrei POPESCU andreimpope...@gmail.com wrote: And it also seems to make sense (why should every Desktop Environment implement it's own solution for this?). And how were they handling this task before systemd? They were using ConsoleKit, which was orphaned upstream some time after systemd-logind came along. And how were they handling it (or an analogous / equivalent task) before ConsoleKit, and the other *kit thingies, became a thing? I suspect that the answer is they just didn't provide the functionality which ConsoleKit, and later systemd-logind, now enable them to provide, but I'm not aware - in a clear-understanding, defined-boundaries sense - of exactly what that functionality is, or of why it would be necessary or otherwise valuable, or of what the problem is which that functionality was intended to address. I have a similar lack of awareness and/or understanding about all of the *kit packages / projects / tools / what-have-you, actually; I'm not positive I even know how many there are, much less all of their names. This has probably contributed to the lack of that awareness / understanding, since any partial explanation I see for one of them gets partly conflated with and/or applied to the other(s?), and the whole thing gets muddied by that mire. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: piece of mind (Re: Moderated posts?)
On 10/14/2014 at 04:15 PM, Olav Vitters wrote: On Sun, Oct 12, 2014 at 06:18:01PM +0200, lee wrote: Considering that the users are Debians' priority, couldn't this issue be a case in which significant concerns from/of the users about an issue might initiate a GR? Wouldn't it speak loudly for Debian and its ways and for what it stands for, or used to stand for, if it was established procedure that issues arising significant concerns amongst the users can lead to a GR? I'm sure we could find quite a few supporters for having a GR amongst the users (here). And after all, we're all kinda stuck in the same boat. A GR might have the potential to make the gap between users and devs/maintainers a lot smaller. Otherwise, this gap will only continue to become wider and wider. Debian is known for focussing a lot on focussing on quality. Upgrading from one version to the next is expected to be utterly smooth. Any bug encountered is exceptional. Definitions of what constitutes utterly smooth may vary, however. The should upgrading from wheezy to jessie automatically switch the init system to systemd, unless the admin has taken some sufficiently clear action to prevent it? question is one possible example. One side of that debate seems to think that a properly smooth upgrade requires that such an automatic switch take place (because otherwise the init system doesn't get upgraded to what would be put in place by a new install, so the upgrade can't be said to have actually completed); another seems to think that a properly smooth upgrade requires that such an automatic switch *not* take place (because of the chance of breaking existing local configuration, among possibly other things). For another example: some time ago, on debian-devel, the question arose of whether it's reasonable to expect people to reboot promptly after installing e.g. a new kernel, or a new init system. While of course you can't expect to gain any functionality advantage from the newly-installed software until the reboot in those cases, it still seems reasonable to me to expect that no previously-existing functionality will be *lost* in the window between such an upgrade and the next reboot. However, at least one of the systemd Debian maintainers stated in that discussion that while having a keep going as normal and reboot at leisure scenario work smoothly would be nice, he does not consider it a hard requirement. (The functionality at hand apparently included, but was not necessarily limited to, power-management functionality - such as the reboot button. I think that particular piece of functionality may have been addressed since then, but the larger principle still exists.) I think that for such a scenario to not work would place the upgrade outside the bounds of what constitutes utterly smooth, and I would consider any such functionality loss to be a bug - quite possibly an RC bug. The maintainer in question, at least, does not appear to think that; he does appear to agree that it would be a bug, but a minor one at best. Thus, definitions vary, Q.E.D.. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/14/2014 at 03:28 PM, Jerry Stuckle wrote: On 10/14/2014 12:03 PM, Tanstaafl wrote: On 10/14/2014 11:17 AM, Jerry Stuckle jstuc...@attglobal.net wrote: Wrong on two counts. First of all, the false notion Security through obscurity *never* works. This has nothing to do with security. And BTW, that statement is also wrong - why do you think people are encouraged to use obscure passwords if it doesn't work? But that's another subject. Lol! Not even in the same ballpark, Jerry. Passwords, by their very nature, are intended to be difficult/impossible to 'guess'. To suggest that this is even in the same universe as 'security through obscurity' is ludicrous. Then what is that if it isn't obscurity? Security by obscurity isn't no one knows the password or no one knows the account name; it's something more like no one knows there's a place to enter an account name or a password. It isn't no one knows how to unlock the door; it's no one knows where the door is, or even closer, no one knows that there even is a door. (There's a mall near where I live which has an out-of-the-way door which is never locked at any hour, and which does not appear to be covered by security cameras. As far as I can tell, the after-hours security there relies entirely on the fact that the general public does not know the door exists. That's security by obscurity.) I'm not entirely positive on which side of that distinction this situation falls, overall. Keeping passwords secret is definitely not security by obscurity, but concealing the fact that a given account exists may arguably be. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On Wed, Oct 15, 2014 at 9:01 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Tanstaafl wrote: On 10/14/2014 1:58 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Well, this really is OT for debian-users, but Turns out that SMTP WAS/IS intended to be reliable. Reliable, absolutely. 100% reliable? That simply isn't possible when people are involved in the equation (people mis-configure servers - whether accidentally, through ignorance, or intentionally (just because that is the way they want it). I'd always lumped SMTP in the category of unreliable protocols, w/o guaranteed delivery The protocol itself is extremely reliable. It is what people *do* with it that can cause it to become less reliable/resilient. There are three ways in which machines can be unreliable. One, they can break. Two, they can do what they are told to do, but what they are told to do can be wrong. Three, they can operate in a context in which they were not designed to operate. Unfortunately, most machines operated outside the context in which they were designed to operate. It's a limitation of design. We are the designers, and we can't think of everything, therefore we cannot really design for a real context. Put another way, any context we can design for is necessarily more constrained than reality. Fortunately, most of the contexts we design for are close enough to be useful under many real contexts. But we have to quit being taken by surprise when our machines hit corner cases, or we end up wasting our energy being surprised. That's one of the reasons the Requests For Comments were RFCs and not standards dictated from on high (like many of the earlier network definitions that ended up too inflexible). There is a technical distinction between best efforts (unreliable) protocols, such as IP ('fire and forget' if you will), and reliable protocols, such as TCP (with explicit acks and retransmits). At least in the technical circles I run in (BBN - you know, we built the ARPANET; Ray Tomlinson, who coined use of the @ sign in email nominally worked for me, for a short period - in a matrixy version of worked for), SMTP is usually discussed as providing a best efforts (unreliable) service -- which, in reality, it is (particularly in real world configurations where mail often gets relayed through multiple servers). So.. I was just a bit surprised to go back and read the RFC and discover that SMTP is explicitly intended to provide a reliable service. If it is, that has changed. Elsewhere from the part you quoted, there used to be an explanation of the self-contradictory nature of the requirements. Specifically, machines cannot actually (the illusions of PKI becoming widely accepted notwithstanding) certify delivery. That requires a human at both ends of the chain, in addition to the possibly human sender and recipient. RFC 821 messages were intended not to require any human in the chain. If that has changed, it would be the unreasoning demands of people who want e-mail to perfect in ways snail mail only almost could be in the best of times: people who want to be able to do things like sue other people for not complying with obscure rules when informed of those rules by e-mail. As to 100% reliable - nothing is 100% reliable. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- Joel Rees Be careful when you see conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAAr43iP9t8iJYmPNLkVw_Pg8UAJYHHZeacftZ=fm_rt2cr1...@mail.gmail.com
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 8:14 AM, Tanstaafl wrote: On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/14/2014 12:03 PM, Tanstaafl wrote: On 10/14/2014 11:17 AM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/14/2014 8:05 AM, Tanstaafl wrote: If you think I'm kidding, please by all means go make these silly statements on the postfix list and I'll just sit and watch the fun. You don't read very well. This has nothing to do with emails to a valid address. A large amount of that spam goes to invalid addresses. I see them go through the logs regularly. I read fine. The 'silly statements' reference was about your suggestion that it is in any way shape or form 'ok' to *accept* mail to invalid recipients then send it to dev/null. But you just said it was OK to delete emails. Please don't misquote me. I said it was the *worst case*, meaning, only marginally better than *bouncing* them, which you should never do. I certainly did not say it was 'OK'. You said it was OK. You may try to attack conditions to it - but you still said it was OK. Wrong. Rejecting garbage sends a message back to the originator, No, it doesn't. It closes the connection with a response code. snip I know how it works. Apparently not, since you keep saying that the RECEIVING server 'sends a message back to the originator' - unless maybe you simply have a hard time saying what you really mean, which always causes confusion. Yes, I do. And it does send a message back to the originator - it may only be a status code, but it is still a message. Now how often do you get an email of 1MB? Like a large percentage of businesses, we get mail *all the time* that is many MB's in size. Even all of the freemailers have very large max sizes they accept now (I think gmail is up to 25MB or 30MB?). Provide figures for your claim of a large percentage of businesses. Seldom do I see messages that big on ANY of my systems. Additionally, often times ISPs will limit the size of messages users can send. And many systems have limits on how much storage email can take up. Just because a couple of free email services accept larger messages does not mean EVERYONE does. But, I'd say 10-15% of our email traffic consists of messages that are 1MB+ For my systems, it is 1%. And the average email size is around 20-30K. And yes, even lots of spam now has larger attachments (even seen them over 2MB, though not very often). Yes, spam with trojans and viruses often have large attachments. But those are quickly taken care of by the antivirus routines. If I reject the mail at the RCPT-TO stage, then I only accepted a few bytes of traffic before terminating the connection with an SMTP response (error) code. The connecting machine then decides whether to pass the response back or not (again, a few bytes at most). That's your option. No, it is the right thing to do. According to which RFC? Until you can point me to what RFC I am violating, it is just your opinion. If you *accept* the mail, then you accepted the entire 1MB of traffic. So, who is responsible for more traffic in such a case? Sure. Thank you for acknowledging that at least this argument in support of breaking recipient validation (that rejecting emails results in more traffic than accepting/deleting them) is wrong. We're making progress. You don't recognize sarcasm very well. But spammers don't know whether it is a good address or not. Nor do they if I reject the transaction way before the RCPT-TO stage, which postscreen does *very* well, which is what happens most of the time. Sure they do. They get a status message back indicating the message was rejected and why it was rejected. The fact they DON'T get that message indicates they have found a valid EMAIL address. And validated EMAIL addresses are a spammer's dream. Also, my understanding is that there the vast majority of spammers no longer engage in dictionary attacks to harvest valid email addresses. Your understanding is incorrect. I see it regularly. I said NOTHING about security. I just don't want them to know what the valid email addresses are. In my mind saying 'I am doing this because I don't want them to know what the valid email addresses are' is the exact same thing as saying 'I am doing this for security purposes.'. It has nothing to do with security, no matter is in your mind. That way they don't send more SPAM to the good addresses. It isn't about how much spam is targeted at your users, it is about how much gets through, and an effective anti-spam solution block 99+% of it - *without* breaking SMTP. And again, my understanding is that there the vast majority of spammers no longer engage in dictionary attacks to harvest valid email addresses, so you are continuing to break smtp for your users and getting very little to no real world value out of it. It's also about how much is targeted at my
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 10:17 AM, The Wanderer wrote: On 10/14/2014 at 03:28 PM, Jerry Stuckle wrote: On 10/14/2014 12:03 PM, Tanstaafl wrote: On 10/14/2014 11:17 AM, Jerry Stuckle jstuc...@attglobal.net wrote: Wrong on two counts. First of all, the false notion Security through obscurity *never* works. This has nothing to do with security. And BTW, that statement is also wrong - why do you think people are encouraged to use obscure passwords if it doesn't work? But that's another subject. Lol! Not even in the same ballpark, Jerry. Passwords, by their very nature, are intended to be difficult/impossible to 'guess'. To suggest that this is even in the same universe as 'security through obscurity' is ludicrous. Then what is that if it isn't obscurity? Security by obscurity isn't no one knows the password or no one knows the account name; it's something more like no one knows there's a place to enter an account name or a password. You're limiting it too much. From Dictionary.com: obscurity noun, plural obscurities. 1. the state or quality of being obscure. 2. the condition of being unknown: ... A complex password is, by definition, obscure according to #2. And easily guessable password is not obscure, nor is it secure. It isn't no one knows how to unlock the door; it's no one knows where the door is, or even closer, no one knows that there even is a door. See above. (There's a mall near where I live which has an out-of-the-way door which is never locked at any hour, and which does not appear to be covered by security cameras. As far as I can tell, the after-hours security there relies entirely on the fact that the general public does not know the door exists. That's security by obscurity.) That's one example. I'm not entirely positive on which side of that distinction this situation falls, overall. Keeping passwords secret is definitely not security by obscurity, but concealing the fact that a given account exists may arguably be. See above. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543e9cb5.9020...@attglobal.net
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 at 12:11 PM, Jerry Stuckle wrote: On 10/15/2014 10:17 AM, The Wanderer wrote: On 10/14/2014 at 03:28 PM, Jerry Stuckle wrote: Then what is that if it isn't obscurity? Security by obscurity isn't no one knows the password or no one knows the account name; it's something more like no one knows there's a place to enter an account name or a password. You're limiting it too much. From Dictionary.com: obscurity noun, plural obscurities. 1. the state or quality of being obscure. 2. the condition of being unknown: ... That's a definition of obscurity, which is indeed fairly broad. It's not a definition of security by obscurity, which is considerably more narrow than the generic definition of obscurity would indicate. In many contexts, the use of the jargon phrase security by obscurity occurs specifically in order to draw on that more narrow definition. I believe that this is one such context. (I think that I also believe that using security by obscurity with a broader sense than that narrow one is inappropriate, because it introduces ambiguity as to which meaning is intended, and is therefore likely to be confusing to a potential reader. But that's a bit of a tangent.) Invoking the generic definition of obscurity in the face of a use of the jargon phrase security by obscurity is completely missing the intent, and the sense of that phrase. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: piece of mind (Re: Moderated posts?)
On Wed, 15 Oct 2014 10:02:03 +0300 Andrei POPESCU andreimpope...@gmail.com wrote: On Ma, 14 oct 14, 17:56:58, Steve Litt wrote: Because you don't want to inextricably drag a giant monolith into your Desktop Environment just to do a few things. If you compare systemd with a Desktop Environment I'm not quite sure who's the giant ;) Yeah, I wasn't clear. I meant giant relative to what needed to be done. In other words, you need to verify passwords, so you bring in the entirety of systemd to do it, instead of just writing the code yourself. I completely understand not reinventing the wheel, but if all you need is a spoke, you don't construct an interface to a whole wheel just to get your spoke. And how were they handling this task before systemd? It's not like Desktops, Window Managers and whatever things like lightdm are called didn't exist before systemd. ConsoleKit, unmaintained. Pre-cisely. I see Red Hat's fingerprints all over that unmaintained status. If not for Red Hat, somebody would have picked up ConsoleKit. After all, as shown in http://spectrum.ieee.org/computing/software/whos-writing-linux , there's plenty of money floating around to pay for free software development. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015123026.5f396...@mydesq2.domain.cxm
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 at 12:06 PM, Jerry Stuckle wrote: On 10/15/2014 8:14 AM, Tanstaafl wrote: On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote: But you just said it was OK to delete emails. Please don't misquote me. I said it was the *worst case*, meaning, only marginally better than *bouncing* them, which you should never do. I certainly did not say it was 'OK'. You said it was OK. You may try to attack conditions to it - but you still said it was OK. In a quick search, I haven't been able to find a mail from him which uses the term OK, prior to the quoted one which is responding to your use of that term. He did say (in close paraphrase) that there are circumstances in which silently deleting received mails can be barely acceptable. That's a far cry from saying that it's OK, either in the modern colloquial sense or in the literal original sense of all correct. I said NOTHING about security. I just don't want them to know what the valid email addresses are. In my mind saying 'I am doing this because I don't want them to know what the valid email addresses are' is the exact same thing as saying 'I am doing this for security purposes.'. It has nothing to do with security, no matter is in your mind. What is the non-security-related reason why you don't want them to know what the valid E-mail addresses are? I suspect that the reason is something which Tanstaafl would classify as falling under security purposes. Even if you don't come to agreement on whether that reason is a security reason, it might still be easier to agree to disagree if there's a clear understanding about exactly what you're disagreeing over, rather than just conflicting assertions about some consequence of that underlying point. Please explain what is *Seriously Fraudulent* or *otherwise inappropriate* about a typo in the recipient address of an otherwise perfectly legitimate email, Jerry. How many valid emails do you get to a bad email address? Please answer the question. Any email to a bad email address is fraudulent and/or inappropriate. That's just repeating the assertion, not answering the question. It does not provide the requested explanation. What is fraudulent about a typo? What is inappropriate about a typo? -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 12:25 PM, The Wanderer wande...@fastmail.fm wrote: On 10/15/2014 at 12:11 PM, Jerry Stuckle wrote: You're limiting it too much. From Dictionary.com: obscurity noun, plural obscurities. 1. the state or quality of being obscure. 2. the condition of being unknown: ... That's a definition of obscurity, which is indeed fairly broad. Thanks, saved me the trouble - although I don't expect Jerry to 'get it', so this is probably a waste of everyones time to pursue. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ea18f.9050...@libertytrek.org
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 12:06 PM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/15/2014 8:14 AM, Tanstaafl wrote: On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote: But you just said it was OK to delete emails. Please don't misquote me. I said it was the *worst case*, meaning, only marginally better than *bouncing* them, which you should never do. I certainly did not say it was 'OK'. You said it was OK. You may try to attack conditions to it - but you still said it was OK. Easy enough to prove. By all means, quote the actual text of me saying this was 'OK'... you keep saying that the RECEIVING server 'sends a message back to the originator' - unless maybe you simply have a hard time saying what you really mean, which always causes confusion. it does send a message back to the originator - it may only be a status code, but it is still a message. The status code is not *sent* anywhere - it is a response directly to the connecting machine. It is then the responsibility of that machine that was talking to your server to pass the response code back to the originating *server* (not the sender of the email - there is a difference). It is then the responsibility of the 'originating server' to generate the NDR (non-delivery response) email that the sender then receives in their Inbox. So, again, no, *your* server doesn't 'send anything back to the originating server'. I'm done with this thread, since Jerry is free to believe whatever he wants and run his servers however he wants. Thankfully the vast majority of other mail admins use best practices... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ea368.8000...@libertytrek.org
Re: piece of mind (Re: Moderated posts?)
On Wed, 15 Oct 2014 09:08:26 +0100 Martin Read zen75...@zen.co.uk wrote: On 14/10/14 22:56, Steve Litt wrote: And how were they handling this task before systemd? They were using ConsoleKit, which was orphaned upstream some time after systemd-logind came along. I rest my case. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015124258.53bd8...@mydesq2.domain.cxm
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
Joel Rees wrote: On Wed, Oct 15, 2014 at 9:01 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Tanstaafl wrote: On 10/14/2014 1:58 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: Well, this really is OT for debian-users, but Turns out that SMTP WAS/IS intended to be reliable. Reliable, absolutely. 100% reliable? That simply isn't possible when people are involved in the equation (people mis-configure servers - whether accidentally, through ignorance, or intentionally (just because that is the way they want it). I'd always lumped SMTP in the category of unreliable protocols, w/o guaranteed delivery The protocol itself is extremely reliable. It is what people *do* with it that can cause it to become less reliable/resilient. There are three ways in which machines can be unreliable. One, they can break. Two, they can do what they are told to do, but what they are told to do can be wrong. Three, they can operate in a context in which they were not designed to operate. Oh come on, there are lots more ways that PROTOCOLS can be unreliable. We're talking about an environment plagued with noise, congestion, bit errors, routing errors, filtering - all kinds of things that are probabilistic in nature. Unreliable protocols are generally 'fire-and-forget' in nature (e.g., UDP) and promise, at most, best efforts. Reliable protocols are those that include end-to-end (or, more accurately, peer-to-peer) error checking, ACKs and NACKs, retransmission, and so forth. In a protocol context, reliable means, essentially, 'once I get an ACK, I can assume that my PDU has been delivered to my peer' - and has nothing to do with what happens beyond that. That's one of the reasons the Requests For Comments were RFCs and not standards dictated from on high (like many of the earlier network definitions that ended up too inflexible). Ummm no. RFCs were RFCs because that's how the early ARPANET RD community, and its leadership decided to conduct their business, and the model stuck. There is a technical distinction between best efforts (unreliable) protocols, such as IP ('fire and forget' if you will), and reliable protocols, such as TCP (with explicit acks and retransmits). At least in the technical circles I run in (BBN - you know, we built the ARPANET; Ray Tomlinson, who coined use of the @ sign in email nominally worked for me, for a short period - in a matrixy version of worked for), SMTP is usually discussed as providing a best efforts (unreliable) service -- which, in reality, it is (particularly in real world configurations where mail often gets relayed through multiple servers). So.. I was just a bit surprised to go back and read the RFC and discover that SMTP is explicitly intended to provide a reliable service. If it is, that has changed. Umm no. The goal statement hasn't changed. Limitations to that goal have been elaborated on - i.e., specific limits and exceptions to that reliability have been elaborated on. But, on the whole, the notion of peer-to-peer transmission of email, as a reliable service, with acks/nacks/retransmission/error messages/etc/, remains unchanged. Elsewhere from the part you quoted, there used to be an explanation of the self-contradictory nature of the requirements. Specifically, machines cannot actually (the illusions of PKI becoming widely accepted notwithstanding) certify delivery. That requires a human at both ends of the chain, in addition to the possibly human sender and recipient. RFC 821 messages were intended not to require any human in the chain. If that has changed, it would be the unreasoning demands of people who want e-mail to perfect in ways snail mail only almost could be in the best of times: people who want to be able to do things like sue other people for not complying with obscure rules when informed of those rules by e-mail. Exactly. RFC 821 and its successors do not address human-to-human communications, they specify a reliable protocol for MTA-to-MTA communication. Period. I'll close by noting that this branch of discussion started with a focus on silently dropping spam, and whether that's a violation of standards. It used to be a clear violation of the various MUST statements re. sending non-delivery messages. It looks like more recent standards now allow for dropping spam as a specific exception case. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ea5ea.1030...@meetinghouse.net
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 12:50 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: I'll close by noting that this branch of discussion started with a focus on silently dropping spam, and whether that's a violation of standards. Actually, no, this branch started with a focus on whether or not it is a good idea to break SMTP by accepting email from *invalid recipients* then silently deleting them, as opposed to rejecting them at the RCPT-TO stage. It used to be a clear violation of the various MUST statements re. sending non-delivery messages. It looks like more recent standards now allow for dropping spam as a specific exception case. My position is that: 1. email to invalid recipients should be rejected at the RCPT-TO stage, 2. under *no* circumstances should mail to invalid recipients be accepted for delivery then silently deleted based solely on that one criteria, and 3. once an email has been accepted for final delivery, every effort should be taken to deliver the message to the recipient, whether to their Inbox clean or tagged as spam (if a spam threshhold is met), or to a spam quarantine, I allow for the very rare 'clear-and-present-danger' exceptional circumstance that, if an after-queue content scanner determines with a very high probability that something contains a malicious payload, an admin might want to not deliver it to the recipient. But, I would also argue that it should go into a quarantine that only the admin has access to, and never just silently deleted. But, as Jerry says, that is just my opinion... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543eb3f3.6050...@libertytrek.org
Re: piece of mind (Re: Moderated posts?)
On Wed, Oct 15, 2014 at 12:42:58PM -0400, Steve Litt wrote: They were using ConsoleKit, which was orphaned upstream some time after systemd-logind came along. I rest my case. There's nothing at all (not even Red Hat) preventing anyone (even you!) from stepping up and taking over development of ConsoleKit. It's a considerably smaller proposition than taking over GNOME 2, a vastly more complex suite of software and libraries, and that actually did happen (http://mate-desktop.org). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015182720.ga32...@chew.redmars.org
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 12:34 PM, The Wanderer wrote: On 10/15/2014 at 12:06 PM, Jerry Stuckle wrote: On 10/15/2014 8:14 AM, Tanstaafl wrote: On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote: But you just said it was OK to delete emails. Please don't misquote me. I said it was the *worst case*, meaning, only marginally better than *bouncing* them, which you should never do. I certainly did not say it was 'OK'. You said it was OK. You may try to attack conditions to it - but you still said it was OK. In a quick search, I haven't been able to find a mail from him which uses the term OK, prior to the quoted one which is responding to your use of that term. He did say (in close paraphrase) that there are circumstances in which silently deleting received mails can be barely acceptable. That's a far cry from saying that it's OK, either in the modern colloquial sense or in the literal original sense of all correct. I said NOTHING about security. I just don't want them to know what the valid email addresses are. In my mind saying 'I am doing this because I don't want them to know what the valid email addresses are' is the exact same thing as saying 'I am doing this for security purposes.'. It has nothing to do with security, no matter is in your mind. What is the non-security-related reason why you don't want them to know what the valid E-mail addresses are? Spammers buy and sell lists of email addresses. Clean lists - that is, ones with few invalid email addresses, are worth more and are used more than dirty lists. Spammers often test email servers by sending email to garbage addresses, to see if they get a bounce. If they don't, they know the server does not drop emails, and any address in that domain is suspect. So the domain doesn't make a lot of the clean lists. I suspect that the reason is something which Tanstaafl would classify as falling under security purposes. There is no security involved here. Simply another means of discouraging SPAM. Even if you don't come to agreement on whether that reason is a security reason, it might still be easier to agree to disagree if there's a clear understanding about exactly what you're disagreeing over, rather than just conflicting assertions about some consequence of that underlying point. He thinks what I am doing breaks SMTP - but he can't point to any RFC I am violating. Please explain what is *Seriously Fraudulent* or *otherwise inappropriate* about a typo in the recipient address of an otherwise perfectly legitimate email, Jerry. How many valid emails do you get to a bad email address? Please answer the question. Any email to a bad email address is fraudulent and/or inappropriate. That's just repeating the assertion, not answering the question. It does not provide the requested explanation. What is fraudulent about a typo? What is inappropriate about a typo? Nothing. But if you get a lot of typos, then you should be looking for better quality customers. I don't see that at all in our logs. All I see are fraudulent and/or inappropriate emails to addresses which aren't even close to the ones on the servers. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ec5fc.20...@attglobal.net
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
Tanstaafl wrote: On 10/15/2014 12:50 PM, Miles Fidelman mfidel...@meetinghouse.net wrote: I'll close by noting that this branch of discussion started with a focus on silently dropping spam, and whether that's a violation of standards. Actually, no, this branch started with a focus on whether or not it is a good idea to break SMTP by accepting email from *invalid recipients* then silently deleting them, as opposed to rejecting them at the RCPT-TO stage. It used to be a clear violation of the various MUST statements re. sending non-delivery messages. It looks like more recent standards now allow for dropping spam as a specific exception case. My position is that: 1. email to invalid recipients should be rejected at the RCPT-TO stage, Easier said then done - at least when a server does relaying, but clearly ideal when possible. 2. under *no* circumstances should mail to invalid recipients be accepted for delivery then silently deleted based solely on that one criteria, and 3. once an email has been accepted for final delivery, every effort should be taken to deliver the message to the recipient, whether to their Inbox clean or tagged as spam (if a spam threshhold is met), or to a spam quarantine, I allow for the very rare 'clear-and-present-danger' exceptional circumstance that, if an after-queue content scanner determines with a very high probability that something contains a malicious payload, an admin might want to not deliver it to the recipient. But, I would also argue that it should go into a quarantine that only the admin has access to, and never just silently deleted. But, as Jerry says, that is just my opinion... Generally agree with you in principle. And that's certainly the standards-compliant policy. In practice I support a few dozen mailing lists - operational necessity dictates dropping a lot of stuff silently. Cheers -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ec757.80...@meetinghouse.net
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 12:40 PM, Tanstaafl wrote: On 10/15/2014 12:06 PM, Jerry Stuckle jstuc...@attglobal.net wrote: On 10/15/2014 8:14 AM, Tanstaafl wrote: On 10/14/2014 3:28 PM, Jerry Stuckle jstuc...@attglobal.net wrote: But you just said it was OK to delete emails. Please don't misquote me. I said it was the *worst case*, meaning, only marginally better than *bouncing* them, which you should never do. I certainly did not say it was 'OK'. You said it was OK. You may try to attack conditions to it - but you still said it was OK. Easy enough to prove. By all means, quote the actual text of me saying this was 'OK'... You said: However, once a message has been accepted - ie, *after* the DATA phase is complete, it should never be bounced, it should be delivered - or, worse, quarantined, or worst case, deleted (ie, itf it is later found to contain a malicious payload). It is either OK to delete an email or it is not. You can't have it both ways. If, as according to your other statements, it is not OK to delete emails, then you are violating your own rules by deleting mails - for ANY reason. Your reason is i.e. if it is later found to contain a malicious payload. My reason is It is addressed to a non-existent user. Either both are OK or neither is OK. you keep saying that the RECEIVING server 'sends a message back to the originator' - unless maybe you simply have a hard time saying what you really mean, which always causes confusion. it does send a message back to the originator - it may only be a status code, but it is still a message. The status code is not *sent* anywhere - it is a response directly to the connecting machine. Then how does it get back to the sending server? Magic? It is then the responsibility of that machine that was talking to your server to pass the response code back to the originating *server* (not the sender of the email - there is a difference). I didn't say the sender of the email. It is then the responsibility of the 'originating server' to generate the NDR (non-delivery response) email that the sender then receives in their Inbox. I never said otherwise. So, again, no, *your* server doesn't 'send anything back to the originating server'. So how does it get back to the sending server? Magic? I'm done with this thread, since Jerry is free to believe whatever he wants and run his servers however he wants. Thankfully the vast majority of other mail admins use best practices... And you still can't quote an RFC which indicates what I am doing breaks SMTP. That's because there isn't one and I am NOT breaking SMTP. Properly addressed email still gets to its destination. BTW - what happened to all those statistics you quoted? Where are your references for them? Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ec7cc.3030...@attglobal.net
Re: piece of mind (Re: Moderated posts?)
Jonathan Dowland wrote: On Wed, Oct 15, 2014 at 12:42:58PM -0400, Steve Litt wrote: They were using ConsoleKit, which was orphaned upstream some time after systemd-logind came along. I rest my case. There's nothing at all (not even Red Hat) preventing anyone (even you!) from stepping up and taking over development of ConsoleKit. It's a considerably smaller proposition than taking over GNOME 2, a vastly more complex suite of software and libraries, and that actually did happen (http://mate-desktop.org). In theory. But in practice, folks make practical decisions as to expenditure of time and resources. For example, once Debian committed to systemd, Ubuntu followed suit - I expect that upstart will promptly whither and die. Whether a conspiracy or not, decisions by big players (in this case the Debian TC), can have serious and widespread impacts. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ec816.5020...@meetinghouse.net
Re: piece of mind (Re: Moderated posts?)
On 15/10/14 17:30, Steve Litt wrote: Pre-cisely. I see Red Hat's fingerprints all over that unmaintained status. If not for Red Hat, somebody would have picked up ConsoleKit. After all, as shown in http://spectrum.ieee.org/computing/software/whos-writing-linux , there's plenty of money floating around to pay for free software development. A question for you: Which funder of free software development do you believe would realistically stand to make a measurably-greater-than-unity return on investment (either in reasonably foreseeable losses averted or reasonably foreseeable new profits obtained) by choosing to underwrite (or assign employees to) resumed development of ConsoleKit? I have a couple of observations which I think may be relevant: * The set of people hostile to systemd seems to include a lot of people who don't see much need for the likes of ConsoleKit either. * ConsoleKit isn't, in terms of its size, particularly intimidating; the actual C source code is only about 20% larger than the autotools-associated shell scripts. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ecad3.8020...@zen.co.uk
Re: piece of mind (Re: Moderated posts?)
On Wed, Oct 15, 2014 at 03:16:38PM -0400, Miles Fidelman wrote: In theory. But in practice, folks make practical decisions as to expenditure of time and resources. For example, once Debian committed to systemd, Ubuntu followed suit - I expect that upstart will promptly whither and die. You're right (and I agree re upstart. Having said that I really resent having to fix upstart bugs at work, now, and it will live on a while in LTS Ubuntu releases. I'm starting to think that reported bugs will get less attention nowtoo). But the consolekit deprecation happened a long time before the tech-ctte decision about systemd. Some one/people could have picked it up long ago. If they had, the context in which the tech-ctte decision was made could have been very different. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015194937.gc...@chew.redmars.org
Re: piece of mind (Re: Moderated posts?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 16/10/2014 6:49 AM, Jonathan Dowland wrote: reported bugs will get less attention nowtoo). But the consolekit deprecation happened a long time before the tech-ctte decision about systemd. Some one/people could have picked it up long ago. If they had, the context in which the tech-ctte decision was made could have been very different. ConsoleKit has been fixed for kFreeBSD build, I expect fixing it in normal Debian/GNU wouldn't have been harder than choosing systemd. A. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iF4EAREIAAYFAlQ+154ACgkQqBZry7fv4vuDTAD+PgRuxA+5/DfsI+VGk3rwyw/f 6UEzhSHpuYMhXin2YqoA+gMV12rwbI4llFwLlf43QwhurpmS6ltjhHESYAOIUDwW =Ik37 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543ed79f.4080...@affinityvision.com.au
Re: piece of mind (Re: Moderated posts?)
On Thu, Oct 16, 2014 at 07:22:55AM +1100, Andrew McGlashan wrote: ConsoleKit has been fixed for kFreeBSD build, I expect fixing it in normal Debian/GNU wouldn't have been harder than choosing systemd. It really needs (needed) adopting upstream, not just in Debian, because it's upstream where people make decisions about what their software will support; so that's where people have made the move to systemd, and that's the context which I'm talking about. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015203813.gc1...@chew.redmars.org
Re: piece of mind (Re: Moderated posts?)
Martin Read zen75...@zen.co.uk writes: (snip) * The set of people hostile to systemd seems to include a lot of people who don't see much need for the likes of ConsoleKit either. (snip) This is actually a rather good point. The machines I am most conservative about, and wanting to make sure that they boot well and can easily be repaired when not, are pretty much exactly those I wouldn't exactly have a heavyweight desktop environment on either. And, indeed, even on the laptop from which I'm writing this message, there's no consolekit or policykit or suchlike. So long as I can keep it minimal and tractable, I'm happy: what I like about Linux is getting to understand and control much of what goes on under the hood, and with luck I'll get to continue being able to do exactly that. (This is one nice thing about init systems that make heavy use of shell scripts: at least I can easily read and understand and adjust them!) I assume others have different desires, and in its present form systemd may well support them better, with apparently having been designed with different goals in mind. -- Mark -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87a94xoyii@ixod.org
Re: Recipient validation - WAS: Re: Moderated posts?
On Wed, 15 Oct 2014 15:15:24 -0400 Jerry Stuckle jstuc...@attglobal.net wrote: It is either OK to delete an email or it is not. You can't have it both ways. It is *not* OK to silently delete an already accepted email, it does indeed break SMTP as a reliable protocol ('reliable' as in: 'either we deliver it or we tell you we didn't'). However, if the Reply-To: is forged, i.e. if it is spam, the alternative is considerably less OK. Bouncing a spam message simply delivers *the* *entire* *message* to an innocent third party, having been laundered through your (presumably legitimate and respectable) mail server. So it isn't OK, but there's no alternative to doing it. That's how you have it both ways. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015214430.2eb6a...@jresid.jretrading.com
Re: OT: Re: Recipient validation - WAS: Re: Moderated posts?
On Wed, 15 Oct 2014 15:13:27 -0400 Miles Fidelman mfidel...@meetinghouse.net wrote: Tanstaafl wrote: My position is that: 1. email to invalid recipients should be rejected at the RCPT-TO stage, Easier said then done - at least when a server does relaying, but clearly ideal when possible. It's worth some effort, at the moment it is the single most effective anti-spam measure. If you outsource your mail, it's worth going to some trouble to find a hosting company who will hold and accept updates for a list of valid recipients. 2. under *no* circumstances should mail to invalid recipients be accepted for delivery then silently deleted based solely on that one criteria, Not on that alone, no, it could be a typo, in which case the sender needs to be informed. But if it is spam, there's nobody to tell, and you don't want to send a copy of the spam to the forged Reply-To: address. and 3. once an email has been accepted for final delivery, every effort should be taken to deliver the message to the recipient, whether to their Inbox clean or tagged as spam (if a spam threshhold is met), or to a spam quarantine, Which shouldn't be a problem if there's a valid recipient. I allow for the very rare 'clear-and-present-danger' exceptional circumstance that, if an after-queue content scanner determines with a very high probability that something contains a malicious payload, an admin might want to not deliver it to the recipient. But, I would also argue that it should go into a quarantine that only the admin has access to, and never just silently deleted. Yes, and a log kept. *And* the postmaster address monitored, and a request to know the disposition of a vanished email should be answered, along with the reason. Especially if the request is accompanied by one of your message IDs... But, as Jerry says, that is just my opinion... Indeed. Within his domain, the email admin is king... Generally agree with you in principle. And that's certainly the standards-compliant policy. In practice I support a few dozen mailing lists - operational necessity dictates dropping a lot of stuff silently. Of course. Already-accepted spam *must* be silently dropped. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015215812.021c2...@jresid.jretrading.com
Re: piece of mind (Re: Moderated posts?)
On Mi, 15 oct 14, 09:46:47, The Wanderer wrote: I suspect that the answer is they just didn't provide the functionality which ConsoleKit, and later systemd-logind, now enable them to provide, but I'm not aware - in a clear-understanding, defined-boundaries sense - of exactly what that functionality is, or of why it would be necessary or otherwise valuable, or of what the problem is which that functionality was intended to address. A problem that ConsoleKit and logind is trying to address is handling permissions to access devices. Traditionally on *nix machines this was done with user groups, e.g. members of 'audio' would have full (read/write) access to all audio devices and members of 'video' would have full access to video cards or web-cams. The problem with this approach is that it's not fine-grained enough, i.e. it can't distinguish between users logged in locally or via ssh. This means Mallory could easily spy on Alice remotely, just by being a member of 'audio' and 'video'. Hope this explains, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Recipient validation - WAS: Re: Moderated posts?
On Wed, 15 Oct 2014 21:44:30 +0100 Joe j...@jretrading.com wrote: Hello Joe, It is *not* OK to silently delete an already accepted email, it does Unfortunately, it happens; Send an email with a large attachment(1) and there are quite a few servers that will silently drop it. The worst of it is you can never know for certain if you're going to get bitten because routing can vary. (1) 4Meg or so used to do the trick. Things might be different now as more and more messages contain massive amounts of HTML and imagery. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent You destroyed my confidence, you broke my nerve Nervous Wreck - Radio Stars pgp_apVXIOFzl.pgp Description: OpenPGP digital signature
Re: piece of mind (Re: Moderated posts?)
On Wed, Oct 15, 2014 at 12:42:58PM -0400, Steve Litt wrote: On Wed, 15 Oct 2014 09:08:26 +0100 Martin Read zen75...@zen.co.uk wrote: On 14/10/14 22:56, Steve Litt wrote: And how were they handling this task before systemd? They were using ConsoleKit, which was orphaned upstream some time after systemd-logind came along. I rest my case. That's along the lines of what I was wondering, re: the sysv option being maintained for more than a short period. -- Bob Holtzman Giant intergalactic brain-sucking hyperbacteria came to Earth to rape our women and create a race of mindless zombies. Look! It's working! signature.asc Description: Digital signature
Re: piece of mind (Re: Moderated posts?)
2014/10/16 5:59 Andrei POPESCU andreimpope...@gmail.com: On Mi, 15 oct 14, 09:46:47, The Wanderer wrote: I suspect that the answer is they just didn't provide the functionality which ConsoleKit, and later systemd-logind, now enable them to provide, but I'm not aware - in a clear-understanding, defined-boundaries sense - of exactly what that functionality is, or of why it would be necessary or otherwise valuable, or of what the problem is which that functionality was intended to address. A problem that ConsoleKit and logind is trying to address is handling permissions to access devices. Traditionally on *nix machines this was done with user groups, e.g. members of 'audio' would have full (read/write) access to all audio devices and members of 'video' would have full access to video cards or web-cams. The problem with this approach is that it's not fine-grained enough, i.e. it can't distinguish between users logged in locally or via ssh. This means Mallory could easily spy on Alice remotely, just by being a member of 'audio' and 'video'. Hope this explains, Andrei Two thoughts that this problem brings to mind -- (1) Why should it matter? Local? Remote? A hole is a hole. (1.5) How does ssh deal with making connections private? Any clues there? (2) There are times when I don't want to have to be logged in as an admin user to be able to make an ephemeral group. I've understood that for ten years. When am I going to make the time to construct the package to manage it within the standard unix permissions model? :-( Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.
Re: piece of mind (Re: Moderated posts?)
On Wed, Oct 15, 2014 at 12:30:26PM -0400, Steve Litt wrote: I completely understand not reinventing the wheel, but if all you need is a spoke, you don't construct an interface to a whole wheel just to get your spoke. A wise old owl lived in an oak The more he saw the less he spoke The less he spoke the more he heard. Why can't we all be like that wise old bird? -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141015231334.GG27779@tal
Re: piece of mind (Re: Moderated posts?)
2014/10/16 8:14 Chris Bannister cbannis...@slingshot.co.nz: On Wed, Oct 15, 2014 at 12:30:26PM -0400, Steve Litt wrote: I completely understand not reinventing the wheel, but if all you need is a spoke, you don't construct an interface to a whole wheel just to get your spoke. A wise old owl lived in an oak The more he saw the less he spoke The less he spoke the more he heard. Why can't we all be like that wise old bird? There are generalisms like monolithic is a problem. And then there are generalisms like Engage brain, then engage mouth. I might wonder which is more on-topic here. -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- Joel Rees
Re: piece of mind (Re: Moderated posts?)
wande...@fastmail.fm: I have a similar lack of awareness and/or understanding about all of the *kit packages / projects / tools / what-have-you, actually; I'm not positive I even know how many there are, much less all of their names. This should help: Put yourself in the position of someone writing a desktop system for Linux and the BSDs. You've reached the part where you're writing a control panel gadget for allowing system administrators (and appropriately privileged users) to manage things like the system time, the hostname, the default locale, and so forth; and another computer management gadget for letting the desktop user see who is logged on where and suchlike. It's a right old mess. You have to determine not only what kernel you are running on but what distribution you are running on, and access different things in different places. You could find yourself variously having to make your programs read and parse /etc/locale.conf, /etc/default/locale, /etc/sysconfig/i18n, /etc/sysconfig/language, or /etc/sysconf/i18n, for just one example. Then there are things like fundamental differences in the utmpx binary logs (The BSDs have revamped theirs and got rid of some stuff.), the system account database (It's an actual database on most BSDs.), the naming systems for virtual console devices, subtle differences in configuration file syntax (to some, a configuration file may be a shell script that sets shell variables, to others, it's a list of key=value pairs), ... Enter the kits, twice since renamed. Skipping a lot of history, such as where ConsoleKit begat systemd-logind became logind for one, what we have now is a suite of remote procedure calls that your gadgets can call. There's a hostname API, a timedate API, a locale API, and a login API. They're a whole bunch of RPC calls that are made using an inter-process communication system known as the desktop bus, D-Bus. (D-Bus, in its turn, is built on top of sockets. It has all of the usual RPC stuff that has been done several times before, such as marshalling and unmarshalling, mechanisms for rendezvous between clients and servers, and API definitions. It incorporates a security system to allow servers to restrict access to certain RPC functions to only suitably privileged clients.) * http://freedesktop.org/wiki/Software/systemd/hostnamed/ * http://freedesktop.org/wiki/Software/systemd/timedated/ * http://freedesktop.org/wiki/Software/systemd/localed/ * http://freedesktop.org/wiki/Software/systemd/logind/ These RPCs are supplied by server daemons, that communicate with client programs (e.g. the aforementioned gadgets) over D-Bus. The operating system specific stuff, such as exactly what configuration file contains the static hostname on the system, is intended to be contained within these server daemons. All that a client knows is that it makes the set the static hostname RPC call, and some server does the necessary work whatever that is. The Debian systemd package comes with its own implementation of these server daemons. Contrary to the recommendation of the GNOME people almost three years ago, but in line with what the systemd people prefer, on Debian they aren't packaged separately and are indivisible from the remainder of the package. * https://mail.gnome.org/archives/distributor-list/2012-January/msg3.html This is what three years' worth of hoo-hah has, at its root, all been about: a packaging decision. I'm not going to summarize or re-hash the hoo-hah here. Suffice it to say that there are both engineering rationales and socio-political rationales for the decision, and the major problem is logind, the systemd server daemon that provides the login API. Even though the other three somewhat are (modulo the fact that they all pick the particular choices of configuration file locations that match what other programs in the systemd package, such as systemd-machine-id-setup, use), logind is not at all severable from the rest of the systemd package, because the operating-system specific underpinnings of it (These daemons are intended to be abstracting a whole bunch of operating-system-specific non-portable stuff, remember.) target a Linux system that is running the systemd daemon and its ancillary daemons and utilities. Naturally enough. The systemd versions of these daemons are not the only ones in existence. A chap with the unlikely name of Ian Kremlin, for one, is in the process of writing his own implementations of these four daemons, speaking the same RPC APIs over D-Bus but having the operating-system specific underpinnings that are suitable for the BSDs. This a good thing from the point of view of keeping the protocol specifications honest (as a heterogeneous set of implementations often does), and it is an example of what the GNOME people and the systemd people expected: a separate suite of operating-system-specific daemon programs for each
Re: Moderated posts?
Andrei POPESCU andreimpope...@gmail.com writes: On Du, 12 oct 14, 18:47:09, lee wrote: Andrei POPESCU andreimpope...@gmail.com writes: On Mi, 08 oct 14, 16:01:37, Jonathan Dowland wrote: The tech-ctte exploration was extremely thorough, entirely transparent and I In addition, the tech-ctte took special precautions to make sure their decision is over-ridable by simple majority (50% + 1), despite the Constitution requiring a 2:1 majority. So they weren't entirely sure about their decision? It's all in the debate, but I'll spare you reading it all just for this: they wanted to avoid a situation where more than half of the developers might vote against their decision (whatever it would be), but not enough to reach the majority required by the constitution. Thank you. And why did they want this? -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871tq8zzc9@yun.yagibdah.de
Re: Moderated posts?
On Thu, 16 Oct 2014, lee wrote: Thank you. And why did they want this? If the CTTE had chosen a solution which was unacceptable to the majority of the project, we wanted that majority to be able to override us even if it wasn't a 2:1 majority. You can see this discussion in the bug too, and in the IRC logs where we were drafting the options. -- Don Armstrong http://www.donarmstrong.com nothing except the impossible shall occur -- e.e. cummings XLII _1 x 1_ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016003424.gn4...@teltox.donarmstrong.com
Re: Recipient validation - WAS: Re: Moderated posts?
On 10/15/2014 4:44 PM, Joe wrote: On Wed, 15 Oct 2014 15:15:24 -0400 Jerry Stuckle jstuc...@attglobal.net wrote: It is either OK to delete an email or it is not. You can't have it both ways. It is *not* OK to silently delete an already accepted email, it does indeed break SMTP as a reliable protocol ('reliable' as in: 'either we deliver it or we tell you we didn't'). However, if the Reply-To: is forged, i.e. if it is spam, the alternative is considerably less OK. Bouncing a spam message simply delivers *the* *entire* *message* to an innocent third party, having been laundered through your (presumably legitimate and respectable) mail server. So it isn't OK, but there's no alternative to doing it. That's how you have it both ways. OK, then the same question as I had for Tanstaafl - exactly WHICH RFC is it in violation of? Tanstaafl couldn't answer it, and you can't either, because it's not violating any. So, it's only your opinion. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543f1347.2060...@attglobal.net
Re: piece of mind (Re: Moderated posts?)
On Thu, Oct 16, 2014 at 08:53:36AM +0900, Joel Rees wrote: 2014/10/16 8:14 Chris Bannister cbannis...@slingshot.co.nz: On Wed, Oct 15, 2014 at 12:30:26PM -0400, Steve Litt wrote: I completely understand not reinventing the wheel, but if all you need is a spoke, you don't construct an interface to a whole wheel just to get your spoke. A wise old owl lived in an oak The more he saw the less he spoke The less he spoke the more he heard. Why can't we all be like that wise old bird? There are generalisms like monolithic is a problem. And then there are generalisms like Engage brain, then engage mouth. I might wonder which is more on-topic here. Neither? -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016004207.GC30943@tal
Re: piece of mind (Re: Moderated posts?)
On 10/15/2014 07:54 PM, Jonathan de Boyne Pollard wrote: snip * http://freedesktop.org/wiki/Software/systemd/hostnamed/ * http://freedesktop.org/wiki/Software/systemd/timedated/ * http://freedesktop.org/wiki/Software/systemd/localed/ * http://freedesktop.org/wiki/Software/systemd/logind/ These RPCs are supplied by server daemons, that communicate with client programs (e.g. the aforementioned gadgets) over D-Bus. The operating system specific stuff, such as exactly what configuration file contains the static hostname on the system, is intended to be contained within these server daemons. All that a client knows is that it makes the set the static hostname RPC call, and some server does the necessary work whatever that is. The Debian systemd package comes with its own implementation of these server daemons. Contrary to the recommendation of the GNOME people almost three years ago, but in line with what the systemd people prefer, on Debian they aren't packaged separately and are indivisible from the remainder of the package. Did their interdependence not prevent them from being packaged separately or at least make it pointless? * https://mail.gnome.org/archives/distributor-list/2012-January/msg3.html This is what three years' worth of hoo-hah has, at its root, all been about: a packaging decision. I'm not going to summarize or re-hash the hoo-hah here. I would read it, but I think it will all be re-hashed again anyway, in one way or another, and I don't think that's a necessarily a bad thing. I thought I was keeping up with the news, but I missed most of this. Suffice it to say that there are both engineering rationales and socio-political rationales for the decision, and the major problem is logind, the systemd server daemon that provides the login API. Even though the other three somewhat are (modulo the fact that they all pick the particular choices of configuration file locations that match what other programs in the systemd package, such as systemd-machine-id-setup, use), logind is not at all severable from the rest of the systemd package, because the operating-system specific underpinnings of it (These daemons are intended to be abstracting a whole bunch of operating-system-specific non-portable stuff, remember.) target a Linux system that is running the systemd daemon and its ancillary daemons and utilities. Naturally enough snip When I remove systemd and replace it with sysvinit, it still seems to work. Can that part which is still working be refactored and turned back into a modular login package? Is this the main problem of maintaining a modular system? (It seems too simple.) Or is it likely that the main problem is (what you call) socio-political. Thanks for the summary. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543f3a86.1060...@ix.netcom.com
Re: piece of mind (Re: Moderated posts?)
On Wed, 15 Oct 2014 19:27:20 +0100 Jonathan Dowland j...@debian.org wrote: On Wed, Oct 15, 2014 at 12:42:58PM -0400, Steve Litt wrote: They were using ConsoleKit, which was orphaned upstream some time after systemd-logind came along. I rest my case. There's nothing at all (not even Red Hat) preventing anyone (even you!) from stepping up and taking over development of ConsoleKit. It's a considerably smaller proposition than taking over GNOME 2, a vastly more complex suite of software and libraries, and that actually did happen (http://mate-desktop.org). OK, I'll be the first to admit that after Red Hat caused the demise of ConsoleKit (and probably lots more important software), I am free to take significant time out of my day job (that feeds my family) and rescue all sorts of software that Red Hat deliberately scuttled. Even though, apparently unlike 80% of today's kernel developers, nobody pays me to do it. http://spectrum.ieee.org/computing/software/whos-writing-linux But that has nothing to do with my I rest my case statement. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141016011251.530d0...@mydesq2.domain.cxm
Re: piece of mind (Re: Moderated posts?)
On Mon, Oct 13, 2014 at 07:46:11PM -0400, Miles Fidelman wrote: I assume you find it more productive to bury your head in the sand about potential impacts of really major changes to the plumbing of a platform, and wait for things to break after-the-fact? I suspect Steve will continue to work hard on CD image generation, as he has done for many years, so you have media from which to install Debian from, rather than burying his head in the sand. You are still writing as if you are going to be forced to run systemd, despite being repeatedly told that multiple init systems will be supported. I'm really struggling to continue to presume good faith on your part now. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141014065617.ga20...@chew.redmars.org
Re: Moderated posts?
On Mon, 13 Oct 2014 20:33:11 -0400 Miles Fidelman mfidel...@meetinghouse.net wrote: Jerry Stuckle wrote: On 10/13/2014 7:10 PM, lee wrote: Brian a...@cityscape.co.uk writes: The mail is accepted. What the recipient does with the mail after that is outside the scope of an RFC. There is no obligation on the recipient to inform the sender that he has ripped up the mail and junked it. When the MTA delivers the mail it accepted correctly, then there is no problem. What whoever receives the mail does with it is an entirely different question. Incorrect. All the MTA does is receive the mail. It is then free to queue it up to the user, send it to a SPAM folder or delete it. None of these options is covered by the RFCs. Well, yes and no. Reporting message accepted for delivery as a status code, then silently dropping it, or otherwise sending inaccurate status codes, is kind of questionable. Yes, although there should still be an audit trail. As I said to Harry the other day, if you have a message ID from the receiving server you (probably) can chase it up, and no reputable anti-spam software will drop a message without keeping a log stating that it has done so. It is generally possible to find out why a legitimate message was dropped, though of course, somewhat after the event. And... these things ARE covered, at least in part, by RFCs RFC5321 (latest SMTP spec), Section 6.2. (Unwanted, Unsolicited, and Attack Messages) makes for interesting reading. For example: As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice. However, it is extremely dangerous and violates a long tradition and community expectations that mail is either delivered or returned. If silent message-dropping is misused, it could easily undermine confidence in the reliability of the Internet's mail systems. So silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate. There Is No Alternative. If a message is malicious spam, then it is absolutely certain that the 'From:' is forged, and no messages should be sent to it. There is some spam which might be called 'genuine', in that a real business has sent it under the impression that UCE is a legitimate marketing tool. In those cases only, a bounce message would be appropriate, but sometimes even I'm not sure whether a spam falls into this category. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141014080829.3c130...@jresid.jretrading.com
Re: piece of mind (Re: Moderated posts?)
Hi, Ian Jackson: You put me in an awkward position. My email was an attempt to get this discussion shut down on -devel, where it is off-topic and a total waste of energy. In that case, you did a poor job of getting this point across. (I misinterpreted it too.) But your response, using phrases like `dead horse', I agree that this response was not appropriate. Burying this hatchet is not going to happen as long as both sides just dig it up again and again. I daresay we have better things to do than that. -- -- Matthias Urlichs signature.asc Description: Digital signature
Re: Moderated posts?
On 14/10/14 00:47, Joel Rees wrote: There is a header for requesting automatic confirmation of delivery, but it tends to be abused by malicious junkmailers (spammers). MUAs are supposed to be able to disable it, but I haven't seen that option in an MUA settings dialog for a long time. I'm looking at a configuration dialog for handling emission of return receipts in Icedove right now (offering an option of absolutely never, or alternatively a three-way distinction between categories of messages which can be set to never, ask me every time, and always). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543cddee.1090...@zen.co.uk
Re: piece of mind (Re: Moderated posts?)
On Lu, 13 oct 14, 18:30:41, Miles Fidelman wrote: Gee assuming that you don't run anything that has systemd dependencies and/or systemd-shim is actually maintained and kept up-to-date. Have you actually looked into what depends on systemd? Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: piece of mind (Re: Moderated posts?)
Miles Fidelman mfidel...@meetinghouse.net writes: Joey Hess wrote: (snip) A reasonably proactive admin would probably want to try out systemd (on eg, a test server) and if it causes problems for their deployment, they then have at least the year or two from when Debian jessie is released until the *next* release to file bug reports and follow up on them. Of course, it's not just a case of does it cause problems -- that's the easy one -- it's also, if there are problems in the future (maybe not with systemd as the root cause, maybe with some failure elsewhere that affects its behavior), is it all simple and transparent enough that I will be able to figure out what's going on and adjust things accordingly and quickly repair my system? systemd is different enough that I am going to have to find the time to sit down and do a good bunch of reading first about the nuts and bolts of what it does, how it does it, and how one works with it. But, yes, absolutely, this is what test servers are for, and these days there are very easy to spin up. The only real cost is time. Upgrades tend to swallow time for various things, we are used to that. For instance, for past upgrades, we had to do things like rewrite our ipchains rules for ipfwadm, then rewrite them again for iptables, but that's been stable for a while now: at least with jessie not mandating systemd, we do have plenty of time to try things out. After all, for instance, with the forced move to udev, devfs support rotted and then vanished from the kernel, I can't really blame some Debian conspiracy for that! (-: Too early to say what will happen in Debian 9, but https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746715#278 is not going to be overturned without a GR either. Thank you very much for this link -- Ok... for others who are concerned, this is the punch-line from that bug report: and for the quote from it. (snip) For the record, the TC expects maintainers to continue to support the multiple available init systems in Debian. That includes merging reasonable contributions, and not reverting existing support without a compelling reason. (snip) That is certainly encouraging for those of us fearing atrophy of non-systemd support. As things are, I'm happy to wait and see, no need anytime soon to flee to CRUX or suchlike. I can appreciate that it is difficult, extra work to offer a distribution that does a good job of supporting everybody from server admins to naive desktop users, and I am grateful for Debian's intentions to keep giving us plenty of choice. -- Mark -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87r3ybkqbs@ixod.org
Re: piece of mind (Re: Moderated posts?)
On Lu, 13 oct 14, 19:46:11, Miles Fidelman wrote: Of course Joey is correct regarding trying out systemd on a test server. Personally, though, I find it a lot MORE productive to keep track of other people's experience in testing things, and deploy after a release is really, really stable... and STILL do a lot of testing. I have much more faith in my own tests than people's experiences on -user (with a few notable exceptions). Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: piece of mind (Re: Moderated posts?)
On Ma, 14 oct 14, 10:40:34, Andrew McGlashan wrote: On 14/10/2014 9:50 AM, Joey Hess wrote: Sysvinit will continue to be supported on servers in Debian 8 (jessie) release of Debian. So you can continue to boot your production servers with sysvinit. Okay, for now, that is until more packages decide that they can't do without systemd. Debian testing (Jessie) will freeze on 5. November. That's about three weeks from now. No serious package maintainer is going to introduce major changes now. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Moderated posts?
On 10/13/2014 7:47 PM, Joel Rees joel.r...@gmail.com wrote: There is a header for requesting automatic confirmation of delivery, but it tends to be abused by malicious junkmailers (spammers). MUAs are supposed to be able to disable it, but I haven't seen that option in an MUA settings dialog for a long time. You mean like Thunderbird has in: Tools Account Settings Return Receipts ? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543d0d82.6070...@libertytrek.org
Recipient validation - WAS: Re: Moderated posts?
On 10/13/2014 9:53 PM, Jerry Stuckle jstuc...@attglobal.net wrote: Not a grey area at all. ...dropping mail without notification of the sender is permitted As for the ...long tradition and community expectations... - that's nice, but according to some estimates, spammers now account for over 90% of the email traffic on the internet. And there are very simple ways to eliminate 90+% of that very simply (postfix+postscreen, without any additional tools), without risk of rejecting *any* legitimate email, and without *breaking SMTP*, which is what you are advocating. By adding a few simple additional tools (amavisd-new+spamassassin), you can easily deal with the remaining 9.9%... If you think I'm kidding, please by all means go make these silly statements on the postfix list and I'll just sit and watch the fun. To bounce all of those invalid addresses not only would further increase the amount of junk on the internet, That is pure and absolute nonsense. The vast majority of spam comes from botnets, and *rejecting* garbage from these results in ZERO additional smtp traffic. but by not replying, servers tell the spammers what are valid email addresses. More nonsense. Security through obscurity *never* works, and only, in this case totally breaks SMTP. Finally, as for ...undermine confidence in the reliability of the Internet's mail systems... - it hasn't been reliable since spammers virtually took over the email. And even when emails were rejected, it still was no indication the recipient got the message. Of course it wasn't, but it was certainly a positive indication that the recipient did *not* receive it (as long as the sending server is properly configured). There is, and never has been a reliable end-to-end verification of email messages. Well, that at least is true. BTW - by definition, any messages to any of the domains I manage without a valid email address are seriously fraudulent or otherwise inappropriate. Really? So when the President/CEO of XYZ Corporation, who does business with a customer whose domain happens to be managed by you, accidentally typos an email address, you consider that a 'seriously fraudulent or otherwise inappropriate' email? You must not have any real commercial customers, because I would imagine you would be a prime target for lawsuits for losing emails like this, as it would only be a matter of time before it was something important sent by someone important to someone else important. That said, I do have an email template I send to our users regularly explaining why/how email should never be considered 100% reliable, and if they ever send an email that has money riding on it being received, they should follow it up with a phone call to make sure it actually was received. I guess people like you are one of the reasons I have that template and need to send it out on occasion. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543d116c.6020...@libertytrek.org
Re: Moderated posts?
Tanstaafl wrote: On 10/13/2014 7:47 PM, Joel Rees joel.r...@gmail.com wrote: There is a header for requesting automatic confirmation of delivery, but it tends to be abused by malicious junkmailers (spammers). MUAs are supposed to be able to disable it, but I haven't seen that option in an MUA settings dialog for a long time. You mean like Thunderbird has in: Tools Account Settings Return Receipts Or SeaMonkey optionsReturn Receipt -- use it all the time for business related correspondence, generally works just fine. Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543d1c01.5090...@meetinghouse.net
Re: piece of mind (Re: Moderated posts?)
Andrei POPESCU wrote: On Lu, 13 oct 14, 18:30:41, Miles Fidelman wrote: Gee assuming that you don't run anything that has systemd dependencies and/or systemd-shim is actually maintained and kept up-to-date. Have you actually looked into what depends on systemd? Trying to. As a start - anything that depends on udev and logging come to mind; all services that require startup (hmm... I run a server, not a desktop - so that would be pretty much everything). Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/543d1ce8.4080...@meetinghouse.net
Re: piece of mind (Re: Moderated posts?)
On 10/13/2014 at 01:01 PM, Henrique de Moraes Holschuh wrote: On Mon, 13 Oct 2014, Matthias Urlichs wrote: In any case, users _do_ have a say. They can force their systems to remain on sys5 init, or switch to a different distro if that should also turn out Which, I should add, is something we measure if the user installs popularity-contest and opts-in to its measurements. http://popcon.debian.org/ Unfortunately, not everyone - or even everyone who would be willing to provide such feedback, or even actively interested in doing so - is going to install that. In my case, I don't install popcon because it pollutes the tab-completion namespace for 'popd' in a root shell. That interferes with my workflow to the point that I've reluctantly decided to just not install popcon - with the unfortunate side effect that my package preferences don't get counted in this kind of statistics. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature