Re: Procmail Vulnerabilities check

December 11, 2017 7:39 PM, "Kurt Jaeger" wrote: > The argument is: The update process for base is more complex > than for packages, and we've come a long way to have a very > nice pkg-system, in general. The mid-term plan is thus to package base, too. The non-packaged base is

Re: Procmail Vulnerabilities check

> On Dec 13, 2017, at 12:27 PM, Christoph Brinkhaus > wrote: > > On Wed, Dec 13, 2017 at 11:35:55AM +0100, Jos Chrispijn wrote: >> On 8-12-2017 17:58, Warren Block wrote: >>> procmail is ancient, and has had known quality issues for much of the >>> time. Consider

Re: Procmail Vulnerabilities check

On Wed, Dec 13, 2017 at 11:35:55AM +0100, Jos Chrispijn wrote: > On 8-12-2017 17:58, Warren Block wrote: > > procmail is ancient, and has had known quality issues for much of the > > time.  Consider maildrop as a more powerful and more maintained > > replacement that is pretty easy to implement:

Re: Procmail Vulnerabilities check

On Wed, 13 Dec 2017 11:35:55 +0100, Jos Chrispijn stated: >On 8-12-2017 17:58, Warren Block wrote: >> procmail is ancient, and has had known quality issues for much of the >> time.  Consider maildrop as a more powerful and more maintained >> replacement that is pretty easy to implement: >I

Re: Procmail Vulnerabilities check

On 8-12-2017 19:11, Kurt Jaeger wrote: We'll work the patch in, it just takes a little time 8-( Thanks for this - everything is fine now. Keep up the good work, Jos ___ freebsd-ports@freebsd.org mailing list

Re: Procmail Vulnerabilities check

On 8-12-2017 17:58, Warren Block wrote: procmail is ancient, and has had known quality issues for much of the time.  Consider maildrop as a more powerful and more maintained replacement that is pretty easy to implement: I know - but I can remember that procmail should be installed also when

Re: Procmail Vulnerabilities check

On Tue, 12 Dec 2017 09:23:55 +0100 "Kurt Jaeger" said Hi! > > With transparency, I mean: > > - reverse dns is set > > - scan from the same IP all the time > They don't. For the sake of argument, I'll name showdan; they use (off > the top of my head) some 9 to 12 addresses.

Re: Procmail Vulnerabilities check

On Tue, 12 Dec 2017 08:59:04 +0100 "Guido Falsi" said On 12/09/2017 01:34, Chris H wrote: > On Sat, 9 Dec 2017 10:16:54 +1100 (EST) "Dave Horsfall" > said > >> On Fri, 8 Dec 2017, Steve Kargl wrote: >> >> > First, there is movement afoot to remove

Re: Procmail Vulnerabilities check

Hi! > > With transparency, I mean: > > - reverse dns is set > > - scan from the same IP all the time > They don't. For the sake of argument, I'll name showdan; they use (off > the top of my head) some 9 to 12 addresses. Addresses the move, also. :( If their IPs are published somewhere in a

Re: Procmail Vulnerabilities check

On 12/09/2017 01:34, Chris H wrote: > On Sat, 9 Dec 2017 10:16:54 +1100 (EST) "Dave Horsfall" > said > >> On Fri, 8 Dec 2017, Steve Kargl wrote: >> >> > First, there is movement afoot to remove sendmail from FreeBSD and > >> replace it with dma(1). >> >> There is?  Is there

Re: Procmail Vulnerabilities check

On Tue, 12 Dec 2017 08:54:26 +1100 (EST) "Dave Horsfall" said On Mon, 11 Dec 2017, Chris H wrote: > pf(4) has dropped any/all communication from the showdan "project" > *long* ago for all the systems I'm responsible for, and along with all > the myriad of other "like"

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017, Chris H wrote: pf(4) has dropped any/all communication from the showdan "project" *long* ago for all the systems I'm responsible for, and along with all the myriad of other "like" projects. They all have the policy backward; ask *before* not *after*. I'd love to do

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017 20:45:11 +0100 "Kurt Jaeger" said Hi! > Let me attempt to make my point another way (and stay closer to topic). > A user is able to accomplish more from sendmail in base, than with any > other MX port in base alone. [list of sendmail features shortend for

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017 19:46:55 +0100 "Kurt Jaeger" said Hi! > If you, as an administrator of a/your system(s), see no problem with > (port) scanners, and take no action to thwart such activity. You are > more than likely to encounter trouble(s) down the road. Right,

Re: Procmail Vulnerabilities check

Michelle Sullivan wrote: Personally I think if you remove Sendmail you should not replace it with something else... but then FreeBSD is not about what I want or what the users want anymore. I thought there already was a viable replacement in OpenSMTPD? The fact that OpenBSD migrated 3 years

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017 19:36:49 +0100 "Kurt Jaeger" said Hi! > if the majority of people install their systems via packages, that makes for > a fairly common FreeBSD base across all users. Why would a system installed via packaged be more homogenous than one installed as base,

Re: Procmail Vulnerabilities check

Hi! > Let me attempt to make my point another way (and stay closer to topic). > A user is able to accomplish more from sendmail in base, than with any > other MX port in base alone. [list of sendmail features shortend for brevity] > Many of the other MX software in the ports tree provide a

Re: Procmail Vulnerabilities check

El día lunes, diciembre 11, 2017 a las 11:26:44a. m. -0700, Warren Block escribió: > > Warren, you have not got my point: Why specfying '-d ${USER}' is required > > in > > a per user file in its HOME? The maildrop is started as the user 'foo' by a line in a file ~foo/.forward, as you say:

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017 08:39:02 -0800 said On Mon, 11 Dec 2017 11:10:32 + "Matt Smith" said > On Dec 10 14:58, Chris H wrote: >>OK I'm puzzled a bit. FreeBSD' motto has always been: >>FreeBSD >>The power to serve! > > >>but many of the proposed,

Re: Procmail Vulnerabilities check

Hi! > If you, as an administrator of a/your system(s), see no problem with > (port) scanners, and take no action to thwart such activity. You are > more than likely to encounter trouble(s) down the road. Right, portscanning is bad, if not done in a transparent way, so as sys-admin I have to

Re: Procmail Vulnerabilities check

Hi! > if the majority of people install their systems via packages, that makes for > a fairly common FreeBSD base across all users. Why would a system installed via packaged be more homogenous than one installed as base, and updated via freebsd-update ? I don't understand this -- can you

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017, Matthias Apitz wrote: On Monday, 11 December 2017 04:56:04 CET, Warren Block wrote: On Fri, 8 Dec 2017, Matthias Apitz wrote: El día viernes, diciembre 08, 2017 a las 03:13:02p. m. -0700, Warren Block escribió: Hmm, why -d ${USER} if this is

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017 16:42:57 +0100 "Kurt Jaeger" said Hi! > > On Sun, Dec 10, 2017 at 02:58:29PM -0800, Chris H wrote: > > > OK I'm puzzled a bit. FreeBSD' motto has always been: > > > FreeBSD > > > The power to serve! > > > > > > but many of the proposed, and recent

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017 11:10:32 + "Matt Smith" said On Dec 10 14:58, Chris H wrote: >OK I'm puzzled a bit. FreeBSD' motto has always been: >FreeBSD >The power to serve! > >but many of the proposed, and recent changes/removals end up more like: >FreeBSD >I's castrated!

Re: Procmail Vulnerabilities check

Hi! > > On Sun, Dec 10, 2017 at 02:58:29PM -0800, Chris H wrote: > > > OK I'm puzzled a bit. FreeBSD' motto has always been: > > > FreeBSD > > > The power to serve! > > > > > > but many of the proposed, and recent changes/removals end up more like: > > > FreeBSD > > > I's castrated! > > So,

Re: Procmail Vulnerabilities check

On Mon, 11 Dec 2017 11:49:06 +0100 "Lars Engels" said On Sun, Dec 10, 2017 at 02:58:29PM -0800, Chris H wrote: > OK I'm puzzled a bit. FreeBSD' motto has always been: > FreeBSD > The power to serve! > > but many of the proposed, and recent changes/removals end up more

Re: Procmail Vulnerabilities check

Lars Engels wrote: On Mon, Dec 11, 2017 at 09:09:39AM +1100, Dave Horsfall wrote: On Sun, 10 Dec 2017, Adam Weinberger wrote: DMA is a phenomenal program and is totally sufficient for a large percentage of our user-base. I wasn’t aware of the lack of .forward support, and I completely agree

Re: Procmail Vulnerabilities check

On Sun, Dec 10, 2017 at 02:58:29PM -0800, Chris H wrote: > OK I'm puzzled a bit. FreeBSD' motto has always been: > FreeBSD > The power to serve! > > but many of the proposed, and recent changes/removals end up more like: > FreeBSD > I's castrated! > So, then we should add a web server into our

Re: Procmail Vulnerabilities check

On Mon, Dec 11, 2017 at 09:09:39AM +1100, Dave Horsfall wrote: > On Sun, 10 Dec 2017, Adam Weinberger wrote: > > > DMA is a phenomenal program and is totally sufficient for a large > > percentage of our user-base. I wasn’t aware of the lack of .forward > > support, and I completely agree that

Re: Procmail Vulnerabilities check

On Monday, 11 December 2017 04:56:04 CET, Warren Block wrote: On Fri, 8 Dec 2017, Matthias Apitz wrote: El día viernes, diciembre 08, 2017 a las 03:13:02p. m. -0700, Warren Block escribió: Hmm, why -d ${USER} if this is already known who I am from the ~/.forward file

Re: Procmail Vulnerabilities check

On Fri, 8 Dec 2017, Matthias Apitz wrote: El día viernes, diciembre 08, 2017 a las 03:13:02p. m. -0700, Warren Block escribió: Hmm, why -d ${USER} if this is already known who I am from the ~/.forward file location? Because as a sysadmin, then you can copy it to another user without having

RE: Procmail Vulnerabilities check

from Carmel NY: > On Sunday, December 10, 2017 4:18 PM, RW wrote: > > On Sun, 10 Dec 2017 10:10:30 -0800, Kevin Oberman wrote: > > > Strongly agree! Support ofr some basics like .forward is really a > > > requirement. It is used for too many "normal" mail operations > > > including private

Re: Procmail Vulnerabilities check

On Sun, 10 Dec 2017 14:54:54 -0700 "Adam Weinberger" said > On 8 Dec, 2017, at 20:11, Chris H wrote: > > On Sat, 9 Dec 2017 02:59:28 +0100 "Kurt Jaeger" said > >> Hi! >> > > > First, there is movement afoot to remove sendmail from

Re: Procmail Vulnerabilities check

On Sun, 10 Dec 2017 14:49:02 -0700 "Adam Weinberger" said > On 10 Dec, 2017, at 10:11, Steve Kargl > wrote: > > On Sun, Dec 10, 2017 at 01:21:13PM +, Matthew Seaman wrote: >> Hence the current sendmail in base is neither fish nor fowl:

Re: Procmail Vulnerabilities check

On Sun, 10 Dec 2017, Adam Weinberger wrote: DMA is a phenomenal program and is totally sufficient for a large percentage of our user-base. I wasn’t aware of the lack of .forward support, and I completely agree that that’s a very detrimental omission. What about its spam filtering, such as

Re: Procmail Vulnerabilities check

On 8 Dec, 2017, at 20:11, Chris H wrote: On Sat, 9 Dec 2017 02:59:28 +0100 "Kurt Jaeger" said Hi! > > > First, there is movement afoot to remove sendmail from FreeBSD and > > > replace it with dma(1). > Hmm. This does not come as good news to me.

Re: Procmail Vulnerabilities check

On 10 Dec, 2017, at 10:11, Steve Kargl wrote: On Sun, Dec 10, 2017 at 01:21:13PM +, Matthew Seaman wrote: Hence the current sendmail in base is neither fish nor fowl: way overpowered for almost all installations, but with significant limitations for a

RE: Procmail Vulnerabilities check

On Sunday, December 10, 2017 4:18 PM, RW wrote: > On Sun, 10 Dec 2017 10:10:30 -0800, Kevin Oberman wrote: > > Strongly agree! Support ofr some basics like .forward is really a > > requirement. It is used for too many "normal" mail operations > > including private dropmail or procmail setups as

Re: Procmail Vulnerabilities check

On Sun, 10 Dec 2017 10:10:30 -0800 Kevin Oberman wrote: > Strongly agree! Support ofr some basics like .forward is really a > requirement. It is used for too many "normal" mail operations > including private dropmail or procmail setups as well as forwarding > to a smartmail system. This is

Re: Procmail Vulnerabilities check

On Sun, Dec 10, 2017 at 9:11 AM, Steve Kargl < s...@troutmask.apl.washington.edu> wrote: > On Sun, Dec 10, 2017 at 01:21:13PM +, Matthew Seaman wrote: > > > > Hence the current sendmail in base is neither fish nor fowl: way > > overpowered for almost all installations, but with significant >

Re: Procmail Vulnerabilities check

On Sun, Dec 10, 2017 at 01:21:13PM +, Matthew Seaman wrote: > > Hence the current sendmail in base is neither fish nor fowl: way > overpowered for almost all installations, but with significant > limitations for a machine providing a full-blown mail service. > Personally I agree with his

Re: Procmail Vulnerabilities check

On 09/12/2017 04:12, Dave Horsfall wrote: > On Fri, 8 Dec 2017, Steve Kargl wrote: > >> https://lists.freebsd.org/pipermail/freebsd-arch/2017-December/018712.html >> > > Well, I saw no reason to subscribe to freebsd-arch (I'm on enough lists > as it is)...  Are there any other lists that we

Re: Procmail Vulnerabilities check

On 12/09/17 00:42, Chris H wrote: > [...] So I'd like to respectfully request that Sendmail stays. > All those in favor, say aye! > [...] A Y Y E ! A A Y Y E ! A Y EEE ! A A Y E A A Y E ! -- George signature.asc

Re: Procmail Vulnerabilities check

Chris H wrote: P.S. Please try to keep it civil. Ok.. . Michelle :) ___ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: Procmail Vulnerabilities check

On Sat, 9 Dec 2017 15:12:12 +1100 (EST) "Dave Horsfall" said On Fri, 8 Dec 2017, Steve Kargl wrote: > https://lists.freebsd.org/pipermail/freebsd-arch/2017-December/018712.html Well, I saw no reason to subscribe to freebsd-arch (I'm on enough lists as it is)... Are there

Re: Procmail Vulnerabilities check

On Fri, 8 Dec 2017, Steve Kargl wrote: https://lists.freebsd.org/pipermail/freebsd-arch/2017-December/018712.html Well, I saw no reason to subscribe to freebsd-arch (I'm on enough lists as it is)... Are there any other lists that we should be following? I guess a suit and tie will be

Re: Procmail Vulnerabilities check

On Sat, 9 Dec 2017 02:59:28 +0100 "Kurt Jaeger" said Hi! > > > First, there is movement afoot to remove sendmail from FreeBSD and > > > replace it with dma(1). > Hmm. This does not come as good news to me. I've been working on an antispam > system that targets the use of

Re: Procmail Vulnerabilities check

On Fri, 8 Dec 2017 17:25:22 -0800 said On Sat, Dec 09, 2017 at 10:16:54AM +1100, Dave Horsfall wrote: > On Fri, 8 Dec 2017, Steve Kargl wrote: > > > First, there is movement afoot to remove sendmail from FreeBSD and > > replace it with dma(1). > > There

Re: Procmail Vulnerabilities check

On Sat, 9 Dec 2017, Kurt Jaeger wrote: [ On removing Sendmail from FreeBSD ] If sendmail is available via ports, wouldn't that be enough ? It better be in ports (but don't look at me; I have my hands full with my Mac & iPad with possibly an iPhone and an Android thrown in, and two

Re: Procmail Vulnerabilities check

Hi! > > > First, there is movement afoot to remove sendmail from FreeBSD and > > > replace it with dma(1). > Hmm. This does not come as good news to me. I've been working on an antispam > system that targets the use of Sendmail, If sendmail is available via ports, wouldn't that be enough ? --

Re: Procmail Vulnerabilities check

On Sat, Dec 09, 2017 at 10:16:54AM +1100, Dave Horsfall wrote: > On Fri, 8 Dec 2017, Steve Kargl wrote: > > > First, there is movement afoot to remove sendmail from FreeBSD and > > replace it with dma(1). > > There is? Is there anything else that they're going to spring on us? >

Re: Procmail Vulnerabilities check

On Sat, 9 Dec 2017 10:16:54 +1100 (EST) "Dave Horsfall" said On Fri, 8 Dec 2017, Steve Kargl wrote: > First, there is movement afoot to remove sendmail from FreeBSD and > replace it with dma(1). There is? Is there anything else that they're going to spring on us? (I'm

Re: Procmail Vulnerabilities check

On Fri, 8 Dec 2017, Steve Kargl wrote: First, there is movement afoot to remove sendmail from FreeBSD and replace it with dma(1). There is? Is there anything else that they're going to spring on us? (I'm still annoyed that they removed "jive" because it upset someone's delicate

Re: Procmail Vulnerabilities check

El día viernes, diciembre 08, 2017 a las 03:13:02p. m. -0700, Warren Block escribió: > > Hmm, why -d ${USER} if this is already known who I am from the > > ~/.forward file location? > > Because as a sysadmin, then you can copy it to another user without > having to edit it each time. Hmm, and

Re: Procmail Vulnerabilities check

On Fri, 8 Dec 2017, Matthias Apitz wrote: El día viernes, diciembre 08, 2017 a las 11:19:03a. m. -0700, Warren Block escribió: I do, and invoke procmail from a .forward file. % cat ~/.forward "|exec /usr/local/bin/procmail -f-" Do you know if maildrop can be used in a similar way? I

Re: Procmail Vulnerabilities check

On Fri, Dec 08, 2017 at 11:19:03AM -0700, Warren Block wrote: > On Fri, 8 Dec 2017, Steve Kargl wrote: > > On Fri, Dec 08, 2017 at 09:58:55AM -0700, Warren Block wrote: > >> > >> procmail is ancient, and has had known quality issues for much of the > >> time. Consider maildrop as a more powerful

Re: Procmail Vulnerabilities check

El día viernes, diciembre 08, 2017 a las 11:19:03a. m. -0700, Warren Block escribió: > > I do, and invoke procmail from a .forward file. > > > > % cat ~/.forward > > "|exec /usr/local/bin/procmail -f-" > > > > Do you know if maildrop can be used in a similar way? I > > suppose I have some

Re: Procmail Vulnerabilities check

On Fri, 8 Dec 2017, Steve Kargl wrote: On Fri, Dec 08, 2017 at 09:58:55AM -0700, Warren Block wrote: On Fri, 8 Dec 2017, Jos Chrispijn wrote: A little concernedthat I got no response to this. Is Procmail dead for most of you guys(ducking) procmail is ancient, and has had known quality

Re: Procmail Vulnerabilities check

Hi! > A little concerned that I got no response to this. > Is Procmail dead for most of you guys(ducking) We'll work the patch in, it just takes a little time 8-( -- p...@opsec.eu+49 171 3101372 3 years to go ! ___

Re: Procmail Vulnerabilities check

On Fri, Dec 08, 2017 at 09:58:55AM -0700, Warren Block wrote: > On Fri, 8 Dec 2017, Jos Chrispijn wrote: > > > A little concernedthat I got no response to this. > > Is Procmail dead for most of you guys(ducking) > > procmail is ancient, and has had known quality issues for much of the > time.

Re: Procmail Vulnerabilities check

On Fri, 8 Dec 2017, Jos Chrispijn wrote: A little concernedthat I got no response to this. Is Procmail dead for most of you guys(ducking) procmail is ancient, and has had known quality issues for much of the time. Consider maildrop as a more powerful and more maintained replacement that is

Re: Procmail Vulnerabilities check

Nick, Op 8-12-2017 om 17:32 schreef N.J. Mann: See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223777 specifically the patch in "Comment 2". I have been using this patch for a few days without problems. Sadly the vulnerability check still fails. Unfortunatly I am neither that of a

Re: Procmail Vulnerabilities check

Hi, On Friday, December 08, 2017 17:12:45 +0100 Jos Chrispijn wrote: > A little concernedthat I got no response to this. > Is Procmail dead for most of you guys(ducking) See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223777 specifically the patch in "Comment

Re: Procmail Vulnerabilities check

A little concernedthat I got no response to this. Is Procmail dead for most of you guys(ducking) Best regards, Jos Chrispijn Op 24-11-2017 om 13:32 schreef Jos Chrispijn: Dear sunpoet, Noticed this week following issue on procmail. Vulnerabilities check vulnxml file up-to-date

Re: Procmail Vulnerabilities check

> On 26 Nov, 2017, at 6:25, andrew clarke wrote: > > On Sat 2017-11-25 22:20:13 UTC-0500, Kevin P. Neal (k...@neutralgood.org) > wrote: > >> Is that the consensus to replace use of procmail with maildrop? >> >> A little googling makes it look like maildrop has the easy

Re: Procmail Vulnerabilities check

On Sat 2017-11-25 22:20:13 UTC-0500, Kevin P. Neal (k...@neutralgood.org) wrote: > Is that the consensus to replace use of procmail with maildrop? > > A little googling makes it look like maildrop has the easy integration > with sendmail just like procmail. But is maildrop going to be around for

Re: Procmail Vulnerabilities check

On 11/25/17 17:59, Roger Marquis wrote: Jos Chrispijn wrote: Dear sunpoet, Noticed this week following issue on procmail. ... procmail -- Heap-based buffer overflow https://vuxml.FreeBSD.org/freebsd/288f7cee-ced6-11e7-8ae9-0050569f0b83.html Whether mail/procmail is patched or deprecated

Re: Procmail Vulnerabilities check

Jos Chrispijn wrote: Dear sunpoet, Noticed this week following issue on procmail. ... procmail -- Heap-based buffer overflow https://vuxml.FreeBSD.org/freebsd/288f7cee-ced6-11e7-8ae9-0050569f0b83.html Whether mail/procmail is patched or deprecated standard practice has been to upgrade to