May 2001 - Smartlist - lists.rwth-aachen.de

Re: Headers and footers...
by Tim Pierce 23 May '01

23 May '01

In article <87593.990543718(a)ma-1.rootsweb.com>, Charlie Summers <charlie(a)lofcom.com> writes: > At 9:51 AM -0400 5/22/01, Tim Pierce is rumored to have typed: > >> Among other reasons, because giving shell access to relative randoms >> a recipe for disaster. You might as well hand out the root password >> while you're at it. > > It's hardly the same thing, and you certainly know it; you're throwing up > a smoke screen. It's almost exactly the same thing. > If you lease virtual domains, the user should have FTP and > shell/SSH access - that's what they're paying you for. We do virtual domains and give the users FTP access. We do mailing lists and let the users administer lists via the Web. We don't provide shell access for anyone under any circumstances. They don't pay us for that and we don't offer it. > To equate being a user > on a machine to running root is asinine, unless of course the root user > doesn't have the ability to set up his machine correctly. A knowledgable cracker who can get shell access on a machine can typically get to root inside of about ten minutes. It is *extremely* difficult to secure a general-use box against every possible attack, especially with the rate at which new exploits get discovered. I know I am not capable of it, and I strongly doubt that you are either.

2 1

Re: Headers and footers...
by Tim Pierce 22 May '01

22 May '01

In article <87593.990543718(a)ma-1.rootsweb.com>, Charlie Summers <charlie(a)lofcom.com> writes: > At 9:51 AM -0400 5/22/01, Tim Pierce is rumored to have typed: > >> Among other reasons, because giving shell access to relative randoms >> a recipe for disaster. You might as well hand out the root password >> while you're at it. > > It's hardly the same thing, and you certainly know it; you're throwing up > a smoke screen. It's almost exactly the same thing. > If you lease virtual domains, the user should have FTP and > shell/SSH access - that's what they're paying you for. We do virtual domains and give the users FTP access. We do mailing lists and let the users administer lists via the Web. We don't provide shell access for anyone under any circumstances. They don't pay us for that and we don't offer it. > To equate being a user > on a machine to running root is asinine, unless of course the root user > doesn't have the ability to set up his machine correctly. A knowledgable cracker who can get shell access on a machine can typically get to root inside of about ten minutes. It is *extremely* difficult to secure a general-use box against every possible attack, especially with the rate at which new exploits get discovered. I know I am not capable of it, and I strongly doubt that you are either.

1 0

Re: Headers and footers...
by Tim Pierce 22 May '01

22 May '01

In article <79831.990491531(a)ma-1.rootsweb.com>, Charlie Summers <charlie(a)lofcom.com> writes: > At 7:12 PM -0400 5/21/01, David Bovill is rumored to have typed: > >> 2) Also are there any remote tools for editing rc.Custom? > > If you are asking, "Are there any web-based text file editors," the answer > is, of course, yes, although why a telnet/SSH session and pico, joe, or vi > won't do I couldn't imagine. Among other reasons, because giving shell access to relative randoms a recipe for disaster. You might as well hand out the root password while you're at it.

2 1

subscriber address with autoresponder
by David Kelly 22 May '01

22 May '01

Hello everyone, a rather unexpected thing happened the other day, someone subscribed to a list of ours with an address that uses an autoresponder, which of course creates a perpetual loop...he recieves a message from the list...autoresponds to the sender (list address)...recieves his own message and autoresponds again. I had thought that this was a very unlikely thing to happen...but its happened, luckily I caught the situation early, but even so, we still jammed 200 useless messages down everyones throat which caused a large number of unsubscriptions and complaints. Does anyone have a good way of dealing with this problem....I know it will raise the usual furor about munging the reply-to header .... but forcing the reply to go to the sender and not to the list is an option that I already know...are there any more please? All the best David Kelly

2 2

Headers and footers...
by David Bovill 22 May '01

22 May '01

3 quick questions if anyone can help: 1) Is there any way to add a standard header of footer to a message posted to a list? 2) Also are there any remote tools for editing rc.Custom? If not I think I'd like to write one... 3) rc.Custom format Smartlist is installed as part of my ISP service, and I am not sure if the default rc.Custom files have been edited - but I have a problem understanding it... #reply_to reply_to = "Reply-To: $listaddr" # uncomment (and perhaps change # it to "Reply-To") to force replies # to go to the list (discouraged) # why discouraged? see: # http://garcon.unicom.com/FAQ/reply-to-harmful.html In the above I take it that the first "#reply_to" is just an informative header? And that the second "reply_to = "Reply-To: $listaddr"" is the line which has been uncommented and should therefore allow "reply-to-list" functionality? Now in this case: #foreign_submit = yes ##foreign_submit # uncomment this line if you is the second line just explanation? What are the options for the first line "yes/no"? Thanks for the help, David

3 2

Re: Filtering on Vacation mesages
by Tim Pierce 18 May '01

18 May '01

In article <18516.990142668(a)ma-1.rootsweb.com>, Charlie Summers <charlie(a)lofcom.com> writes: > At 11:28 AM -0400 5/17/01, segura(a)attcanada.ca is rumored to have typed: > >> How can I filter out the "out-of office" replies? > > I've found no real good way of handling brain-damaged "vacation" > responses...I've taken he tact of IMMEDIATELY unsubscribing the person, and > telling them with a canned response they will be welcomed back only when > their "vacation" responder properly discriminates against mailing lists...but > that's primarily because I haven't come up with a better system. > > I'd be _really_ interested in hearing how other folks on the list handle > these annoying things. We updated rc.submit like so: # # The following recipe makes sure that: # The mail has a sane size (i.e. it is not inordinately big) # It does not look like an administrative request. # It wasn't sent by this list itself. # It wasn't sent by a daemon (misdirected bounce message perhaps). # :0 * < $size_limit * !$^($X_COMMAND:|X-Loop: $\listaddr) * !^Subject: Yahoo! Mail Auto-Reply * ! B ?? $^^$X_COMMAND: * $$daemon_bias * -100^0 ^FROM_MAILER|\ ^(((Resent-)?(From|Sender)|X-Envelope-From):|>?From )\ ([^>]*[^(.%@a-z0-9])?(\ LIST(SERV|proc)|NETSERV|bounce|autoanswer|echo|mirror\ |Out_Of_Office\ )(([^).!:a-z0-9][-_a-z0-9]*)?[%@> ][^<)]*($.*$.*)?)?$([^>]|$) Note the addition of the "Out_Of_Office" tag, which works well to catch that particular autoresponse. We added some other recipes to rc.request, right after checking for "queue warnings" and before passing mail off to procbounce: :0 AhD * ^Subject: Message status - opened * ^X-Mailer: Novell GroupWise /dev/null :0 Ah * ^From: mailer-daemon(a)prodigy\.net * ^Subject: Message Rejected$ /dev/null :0 Ah * ^From: NTMail * ^Subject: Warning - delayed mail /dev/null :0 Ah * ^From: .*(a)bigfoot\.com * ^Subject: Autoresponse /dev/null I haven't seen a problem with vacation messages or DSN notices in quite some time.

1 0

web hosting and smartlist
by Cindy 18 May '01

18 May '01

Dear list members, Do any of you on this list offer web hosting services? I need to be able to run smartlist, or something like it and MhonArc, and I would like to run the web based admin for both of these programs. Also, does anyone know how to set it so that the accept list and the distribution list is not mutually dependent? If you do, will you email me privately? Thank you! Cindy

1 0

Filtering on Vacation mesages
by segura＠attcanada.ca 18 May '01

18 May '01

Hi, How can I filter out the "out-of office" replies? Or, are they already filtered? TIA Joe

3 2

smartlist hypersensitive about hello
by Greg Matheson 16 May '01

16 May '01

I have a front end for smartlist lists for penpals of my students. They introduce themselves, a list is created for them, and their first messages are piped to flist. Smartlist however, no doubt because hello messages in the traditional type of list are not welcome, puts messages like the following in the request file, with the X-Diagnostic header, Unprocessed. > From: "alvinhsu99"<alvinhsu99(a)kimo.com.tw> > Reply-To: "alvinhsu99"<alvinhsu99(a)kimo.com.tw> > Subject: ^_^......!!! > MIME-Version: 1.0 > Content-Type: text/plain; charset="Big5" > Message-Id: <20010503084935.ITJK22916.n16-svc.kimo.com(a)k15.svc.kimo.com.tw> > Date: Thu, 3 May 2001 16:49:35 +0800 > X-Diagnostic: Unprocessed > X-Envelope-To: lealv > Status: RO > Content-Length: 442 > Lines: 6 > > hello....... > I am 180cm tall and 83 kg......a little bit fat ....right???I was living by > +myself in the school but I go home every weekend on friday and go to school on > +Sunday.....I like hip hop music too.....also Rap and > +blue......^^....alright.....c ya later...... Or, if they are very short, the X-Diagnostic message is, Already on list. How can I turn this hypersensitivity off. I have 70 lists so doing them all by hand is too much. -- Greg Matheson Practitioners just do it. Chinmin College, Reflective Practitioners just think they Taiwan did it.

4 6

RE: qmail, relaying,outlook2k and smartlist
by Munday, Merrick 16 May '01

16 May '01

> Anyone either 1) send successful X-Commands in outlook 2000 to smartlist? Here's a couple things to check in Outlook: * Check your mail sending format under Tools|Options|Mail Format. Use plain text, not rich text or HTML, to send to SmartList. * When Outlook is installed as a corporate/workgroup installation, there is no control for line wrapping -- it automatically wraps at 80. This means that a long X-Command will exceed the line length and something will be wrapped. Outlook does not wrap by character, it wraps the last "word" -- the last group of contiguous characters with no spaces. For example, this could be an entire email address at the end of a subscribe command. If you have Outlook, you probably also have Outlook Express. You can beat this problem by using Outlook Express to manage SmartList. For simplicity, in OE, enter the SmartList server as the outgoing mail server, although of course one could enter any mail server that will relay your mail. Since we don't intend to use OE to recieve mail, enter anything you want for the incoming mail server. Under Tools|Options|Send, set the Mail Sending Format radio button to plain text. Under Plain Text Settings, set the line wrap to 132, which is the maximum. --Merrick Munday

1 0