In article <87593.990543718(a)ma-1.rootsweb.com>,
Charlie Summers <charlie(a)lofcom.com> writes:
> At 9:51 AM -0400 5/22/01, Tim Pierce is rumored to have typed:
>
>> Among other reasons, because giving shell access to relative randoms
>> a recipe for disaster. You might as well hand out the root password
>> while you're at it.
>
> It's hardly the same thing, and you certainly know it; you're throwing up
> a smoke screen.
It's almost exactly the same thing.
> If you lease virtual domains, the user should have FTP and
> shell/SSH access - that's what they're paying you for.
We do virtual domains and give the users FTP access. We do mailing
lists and let the users administer lists via the Web. We don't
provide shell access for anyone under any circumstances. They don't
pay us for that and we don't offer it.
> To equate being a user
> on a machine to running root is asinine, unless of course the root user
> doesn't have the ability to set up his machine correctly.
A knowledgable cracker who can get shell access on a machine can
typically get to root inside of about ten minutes. It is *extremely*
difficult to secure a general-use box against every possible attack,
especially with the rate at which new exploits get discovered. I know
I am not capable of it, and I strongly doubt that you are either.
In article <87593.990543718(a)ma-1.rootsweb.com>,
Charlie Summers <charlie(a)lofcom.com> writes:
> At 9:51 AM -0400 5/22/01, Tim Pierce is rumored to have typed:
>
>> Among other reasons, because giving shell access to relative randoms
>> a recipe for disaster. You might as well hand out the root password
>> while you're at it.
>
> It's hardly the same thing, and you certainly know it; you're throwing up
> a smoke screen.
It's almost exactly the same thing.
> If you lease virtual domains, the user should have FTP and
> shell/SSH access - that's what they're paying you for.
We do virtual domains and give the users FTP access. We do mailing
lists and let the users administer lists via the Web. We don't
provide shell access for anyone under any circumstances. They don't
pay us for that and we don't offer it.
> To equate being a user
> on a machine to running root is asinine, unless of course the root user
> doesn't have the ability to set up his machine correctly.
A knowledgable cracker who can get shell access on a machine can
typically get to root inside of about ten minutes. It is *extremely*
difficult to secure a general-use box against every possible attack,
especially with the rate at which new exploits get discovered. I know
I am not capable of it, and I strongly doubt that you are either.
In article <79831.990491531(a)ma-1.rootsweb.com>,
Charlie Summers <charlie(a)lofcom.com> writes:
> At 7:12 PM -0400 5/21/01, David Bovill is rumored to have typed:
>
>> 2) Also are there any remote tools for editing rc.Custom?
>
> If you are asking, "Are there any web-based text file editors," the answer
> is, of course, yes, although why a telnet/SSH session and pico, joe, or vi
> won't do I couldn't imagine.
Among other reasons, because giving shell access to relative randoms
a recipe for disaster. You might as well hand out the root password
while you're at it.
Hello everyone, a rather unexpected thing happened the other day, someone
subscribed to a list of ours with an address that uses an autoresponder,
which of course creates a perpetual loop...he recieves a message from the
list...autoresponds to the sender (list address)...recieves his own message
and autoresponds again.
I had thought that this was a very unlikely thing to happen...but its
happened, luckily I caught the situation early, but even so, we still jammed
200 useless messages down everyones throat which caused a large number of
unsubscriptions and complaints.
Does anyone have a good way of dealing with this problem....I know it will
raise the usual furor about munging the reply-to header .... but forcing the
reply to go to the sender and not to the list is an option that I already
know...are there any more please?
All the best
David Kelly
3 quick questions if anyone can help:
1) Is there any way to add a standard header of footer to a message
posted to a list?
2) Also are there any remote tools for editing rc.Custom? If not I think
I'd like to write one...
3) rc.Custom format
Smartlist is installed as part of my ISP service, and I am not sure if the
default rc.Custom files have been edited - but I have a problem
understanding it...
#reply_to
reply_to = "Reply-To: $listaddr" # uncomment (and perhaps change
# it to "Reply-To") to force replies
# to go to the list (discouraged)
# why discouraged? see:
# http://garcon.unicom.com/FAQ/reply-to-harmful.html
In the above I take it that the first "#reply_to" is just an informative
header? And that the second "reply_to = "Reply-To: $listaddr"" is the
line which has been uncommented and should therefore allow "reply-to-list"
functionality?
Now in this case:
#foreign_submit = yes
##foreign_submit # uncomment this line if you
is the second line just explanation? What are the options for the first line
"yes/no"?
Thanks for the help,
David
In article <18516.990142668(a)ma-1.rootsweb.com>,
Charlie Summers <charlie(a)lofcom.com> writes:
> At 11:28 AM -0400 5/17/01, segura(a)attcanada.ca is rumored to have typed:
>
>> How can I filter out the "out-of office" replies?
>
> I've found no real good way of handling brain-damaged "vacation"
> responses...I've taken he tact of IMMEDIATELY unsubscribing the person, and
> telling them with a canned response they will be welcomed back only when
> their "vacation" responder properly discriminates against mailing lists...but
> that's primarily because I haven't come up with a better system.
>
> I'd be _really_ interested in hearing how other folks on the list handle
> these annoying things.
We updated rc.submit like so:
#
# The following recipe makes sure that:
# The mail has a sane size (i.e. it is not inordinately big)
# It does not look like an administrative request.
# It wasn't sent by this list itself.
# It wasn't sent by a daemon (misdirected bounce message perhaps).
#
:0
* < $size_limit
* !$^($X_COMMAND:|X-Loop: $\listaddr)
* !^Subject: Yahoo! Mail Auto-Reply
* ! B ?? $^^$X_COMMAND:
* $$daemon_bias
* -100^0 ^FROM_MAILER|\
^(((Resent-)?(From|Sender)|X-Envelope-From):|>?From )\
([^>]*[^(.%@a-z0-9])?(\
LIST(SERV|proc)|NETSERV|bounce|autoanswer|echo|mirror\
|Out_Of_Office\
)(([^).!:a-z0-9][-_a-z0-9]*)?[%@> ][^<)]*(\(.*\).*)?)?$([^>]|$)
Note the addition of the "Out_Of_Office" tag, which works well to
catch that particular autoresponse.
We added some other recipes to rc.request, right after checking for
"queue warnings" and before passing mail off to procbounce:
:0 AhD
* ^Subject: Message status - opened
* ^X-Mailer: Novell GroupWise
/dev/null
:0 Ah
* ^From: mailer-daemon(a)prodigy\.net
* ^Subject: Message Rejected$
/dev/null
:0 Ah
* ^From: NTMail
* ^Subject: Warning - delayed mail
/dev/null
:0 Ah
* ^From: .*(a)bigfoot\.com
* ^Subject: Autoresponse
/dev/null
I haven't seen a problem with vacation messages or DSN notices in
quite some time.
Dear list members,
Do any of you on this list offer web hosting services?
I need to be able to run smartlist, or something like it and MhonArc, and I
would like to run the web based admin for both of these programs.
Also, does anyone know how to set it so that the accept list and the
distribution list is not mutually dependent?
If you do, will you email me privately?
Thank you!
Cindy
I have a front end for smartlist lists for penpals of my
students. They introduce themselves, a list is created for them,
and their first messages are piped to flist.
Smartlist however,
no doubt because hello messages in the traditional type of list
are not welcome, puts messages like the following in the request
file, with the X-Diagnostic header, Unprocessed.
> From: "alvinhsu99"<alvinhsu99(a)kimo.com.tw>
> Reply-To: "alvinhsu99"<alvinhsu99(a)kimo.com.tw>
> Subject: ^_^......!!!
> MIME-Version: 1.0
> Content-Type: text/plain; charset="Big5"
> Message-Id: <20010503084935.ITJK22916.n16-svc.kimo.com(a)k15.svc.kimo.com.tw>
> Date: Thu, 3 May 2001 16:49:35 +0800
> X-Diagnostic: Unprocessed
> X-Envelope-To: lealv
> Status: RO
> Content-Length: 442
> Lines: 6
>
> hello.......
> I am 180cm tall and 83 kg......a little bit fat ....right???I was living by
> +myself in the school but I go home every weekend on friday and go to school on
> +Sunday.....I like hip hop music too.....also Rap and
> +blue......^^....alright.....c ya later......
Or, if they are very short, the X-Diagnostic message is, Already
on list.
How can I turn this hypersensitivity off. I have 70 lists so
doing them all by hand is too much.
--
Greg Matheson Practitioners just do it.
Chinmin College, Reflective Practitioners just think they
Taiwan did it.
> Anyone either 1) send successful X-Commands in outlook 2000 to
smartlist?
Here's a couple things to check in Outlook:
* Check your mail sending format under Tools|Options|Mail Format. Use plain
text, not rich text or HTML, to send to SmartList.
* When Outlook is installed as a corporate/workgroup installation, there is
no control for line wrapping -- it automatically wraps at 80. This means
that a long X-Command will exceed the line length and something will be
wrapped. Outlook does not wrap by character, it wraps the last "word" --
the last group of contiguous characters with no spaces. For example, this
could be an entire email address at the end of a subscribe command.
If you have Outlook, you probably also have Outlook Express. You can beat
this problem by using Outlook Express to manage SmartList. For simplicity,
in OE, enter the SmartList server as the outgoing mail server, although of
course one could enter any mail server that will relay your mail. Since we
don't intend to use OE to recieve mail, enter anything you want for the
incoming mail server. Under Tools|Options|Send, set the Mail Sending Format
radio button to plain text. Under Plain Text Settings, set the line wrap to
132, which is the maximum.
--Merrick Munday
