Look at these update from M$ Corporation.

[Greg Folkert]

This is FOUL... FOUL>>> FOUL!!!

The uuencoded piece ==
******** Network Associates GroupShield Exchange **********
******** Alert generated at: Thursday, July 31, 2003 08:25:16 AM
Pacific Daylight Time
************************************************** ********************


The file q395149.zip has been replaced as it contains the New Worm
virus.
Please consult your administrator for further help quoting your ticket
no. OA57_1059665116_MAIL_SERVER2

Please fix this most hastily.

On Thu, 2003-07-31 at 17:25, Pankaj Mehndiratta wrote:

> begin 600 alert.txt
> M*BHJ*BHJ*BH@("!.971W;W)K($%S<V]C:6%T97,@1W)O=7!3:&EE;&0@17AC
> M:&%N9V4@("`@("`@("`@*BHJ*BHJ*BHJ*@T**BHJ*BHJ*BH@( $%L97)T(&=E
> M;F5R871E9"!A=#H@5&AU<G-D87DL($IU;'D@,S$L(#(P,#,@,#@Z,C4Z,38@
> M04T@4&%C:69I8R!$87EL:6=H="!4:6UE#0HJ*BHJ*BHJ*BHJ* BHJ*BHJ*BHJ
> M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ* BHJ*BHJ*BHJ
> M*BHJ*BHJ#0H-"@T*5&AE(&9I;&4@<3,Y-3$T.2YZ:7`@:&%S(&)E96X@<F5P
> M;&%C960@87,@:70@8V]N=&%I;G,@=&AE($YE=R!7;W)M('9I<G5S+@T*(%!L
> M96%S92!C;VYS=6QT('EO=7(@861M:6YI<W1R871O<B!F;W(@9 G5R=&AE<B!H
> M96QP('%U;W1I;F<@>6]U<B!T:6-K970@;F\N($]!-3=?,3`U.38V-3$Q-E]-
> ,04E,7U-%4E9%4C(N
> `
> end

--
Greg Folkert <greg@gregfolkert.net>


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]greg@gregfolkert.net[/email] Thu Jul 31 11:47:57 2003

>
>
> This is FOUL... FOUL>>> FOUL!!!
>
> The uuencoded piece ==
> ******** Network Associates GroupShield Exchange **********
> ******** Alert generated at: Thursday, July 31, 2003 08:25:16 AM
> Pacific Daylight Time
> ************************************************** ********************
>
>
> The file q395149.zip has been replaced as it contains the New Worm
> virus.
> Please consult your administrator for further help quoting your ticket
> no. OA57_1059665116_MAIL_SERVER2
>
> Please fix this most hastily.
>
> On Thu, 2003-07-31 at 17:25, Pankaj Mehndiratta wrote:

> > begin 600 alert.txt
> > M*BHJ*BHJ*BH@("!.971W;W)K($%S<V]C:6%T97,@1W)O=7!3:&EE;&0@17AC
> > M:&%N9V4@("`@("`@("`@*BHJ*BHJ*BHJ*@T**BHJ*BHJ*BH@( $%L97)T(&=E
> > M;F5R871E9"!A=#H@5&AU<G-D87DL($IU;'D@,S$L(#(P,#,@,#@Z,C4Z,38@
> > M04T@4&%C:69I8R!$87EL:6=H="!4:6UE#0HJ*BHJ*BHJ*BHJ* BHJ*BHJ*BHJ
> > M*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ*BHJ* BHJ*BHJ*BHJ
> > M*BHJ*BHJ#0H-"@T*5&AE(&9I;&4@<3,Y-3$T.2YZ:7`@:&%S(&)E96X@<F5P
> > M;&%C960@87,@:70@8V]N=&%I;G,@=&AE($YE=R!7;W)M('9I<G5S+@T*(%!L
> > M96%S92!C;VYS=6QT('EO=7(@861M:6YI<W1R871O<B!F;W(@9 G5R=&AE<B!H
> > M96QP('%U;W1I;F<@>6]U<B!T:6-K970@;F\N($]!-3=?,3`U.38V-3$Q-E]-
> > ,04E,7U-%4E9%4C(N
> > `
> > end

> --
> Greg Folkert <greg@gregfolkert.net>
>
>

I get about 3 a day of those, the full file at 200+ kb. Like all spam that
comes to my box, it goes directly to /dev/null with no stops in between.

Only a couple of lines in the log file stay behind.

If you are running a windoze box, better make sure that your mail program is
not set to automatically open attachments, because it will trash your OS in
a blink. You don't have to open it....Happened to a friend.


Alan



--

For Linux/Bash users: Eliminate spam with
the Mailbox-Sentry-Program. See the thread
MSP (v2) on comp.mail.misc for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]aaron@core-dev.com[/email] Thu Jul 31 16:34:18 2003

>
>
> On -5925-Thu, Jul 31, 2003 at 11:52:39AM -0700, Alan Connor <alanconnor@earthlink.net> spake thus,

> > I get about 3 a day of those, the full file at 200+ kb. Like all spam that
> > comes to my box, it goes directly to /dev/null with no stops in between.
> >
> > Only a couple of lines in the log file stay behind.
> >
> > If you are running a windoze box, better make sure that your mail program is
> > not set to automatically open attachments, because it will trash your OS in
> > a blink. You don't have to open it....Happened to a friend.
> >
> >
> > Alan

>
> Part of me is satisfied by the destruction this idea has caused so
> many people with little common sense. Every single spam mail that
> escapes SpamAssassin surprises me with new ideas to take advantage of
> the intellectually challenged.
>
> At my previous workplace, after the second trojan invasion caused by
> mindless drones in the sales or accounting departments opening "Anna
> Kournikova Naked Pics" attachments without checking the sender or file
> type first, I suggested to our sysadmin that he send out an email that
> would say "This is a virus, do not open the attachment under any
> circumstances" and attach a simple VB script that would send an e-mail
> to him. I instructed him to fire those who opened the attachment in
> the name of intellectual Darwinism. He never did it, unfortunately.
>

That is a BRILLIANT idea! But here you are dealing with the with the fact
that though people SAY they want to stop spam, they are lying to themselves
and others.

They are saying, in effect " I don't want any strangers to walk in my door
without knocking, except for SOME strangers."

Doesn't make any sense.


Spam is UCE (unsolicited commercial email) and stopping it can only be done
with a Challenge-Response mail program, such as the one I put together.
There isn't ANY other approach that works.

What people mean when they say they are fed up with spam, is that they are
fed up with SOME spam, but want to get the others.

There simply is no way that a "negative" approach will work. The "don't pass"
list is infinite and its characteristics are ever-changing.

So they end up spending good money on programs that kill things they would
like to see, and don't kill things they find objectionable, because these
programs are obsolete a week after they are released.

To stop spam you have to decide who you WANT to hear from, and dump EVERYTHING
else.

You cannot accept any mail that doesn't have a valid return address.

> I can't say any of those have landed in my inbox, though ;-) Straight
> to ~/mail/spam with no stops in between.
>

See? You aren't blocking spam, you are saving mail that MIGHT be spam
to a directory and then reading through it.

Why? Because SpamAssasin doesn't work, and will never work.


If any mail comes to me from an email address or domain that isn't on my
pass list, it goes to /dev/null and an auto-response is sent to whatever
return address the sender supplied.

It asks them to re-send the mail including a password on the subject line
and insists that they use it with the same address used to acquire it.

Obviously, if the address is invalid, they never get the reply.

If the headers have been monkeyed with to the point that procmail can't
process it, it goes to /dev/null. Non-conforming headers are a SURE sign
that a mail is spam, because they are trying to get past your filters.

Which they do, with programs like SpamAssasin.


I don't get ANY spam. It ALL goes straight to /dev/null. If anyone wants me
to read their mail, then they MUST give me their real email address.


Alan


--

For Linux/Bash users: Eliminate spam
with the Mailbox-Sentry-Program.
See: [url]http://tinyurl.com/inpd[/url]
for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Colin Watson]

On Fri, Aug 01, 2003 at 01:36:14AM -0500, Jesse Meyer wrote:

> On Thu, 31 Jul 2003, Alan Connor wrote:

> > Spam is UCE (unsolicited commercial email) and stopping it can only
> > be done with a Challenge-Response mail program, such as the one I
> > put together. There isn't ANY other approach that works.

>
> Spam tends to be an automated, bulk emailing of addresses, but not all
> automated, bulk emailing of addresses are spam.

Yup. For example, I can guarantee you that the people operating the
Debian bug tracking system don't always bother to respond to
"challenges". If people don't want BTS mail, that's their problem; we
don't have time to babysit that sort of thing.

--
Colin Watson [cjwatson@flatline.org.uk]


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]cjwatson@debian.org[/email] Fri Aug 1 02:00:32 2003

>
>
> On Fri, Aug 01, 2003 at 01:36:14AM -0500, Jesse Meyer wrote:

> > On Thu, 31 Jul 2003, Alan Connor wrote:

> > > Spam is UCE (unsolicited commercial email) and stopping it can only
> > > be done with a Challenge-Response mail program, such as the one I
> > > put together. There isn't ANY other approach that works.

> >
> > Spam tends to be an automated, bulk emailing of addresses, but not all

>
> Yup. For example, I can guarantee you that the people operating the
> Debian bug tracking system don't always bother to respond to
> "challenges". If people don't want BTS mail, that's their problem; we
> don't have time to babysit that sort of thing.
>
> --
> Colin Watson [cjwatson@flatline.org.uk]
>
>
>

Anyone with a C-R program would just put the bug-tracking addresses on
their pass list.


That's how C-R programs work. The bug-track folks wouldn't even know it
was operating.


Alan


--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: [url]http://tinyurl.com/inpd[/url] for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]cjwatson@debian.org[/email] Fri Aug 1 02:29:38 2003

>
>
> On Fri, Aug 01, 2003 at 01:36:14AM -0500, Jesse Meyer wrote:

> > On Thu, 31 Jul 2003, Alan Connor wrote:

> > > Spam is UCE (unsolicited commercial email) and stopping it can only
> > > be done with a Challenge-Response mail program, such as the one I
> > > put together. There isn't ANY other approach that works.

> >
> > Spam tends to be an automated, bulk emailing of addresses, but not all
> > automated, bulk emailing of addresses are spam.

>
> Yup. For example, I can guarantee you that the people operating the
> Debian bug tracking system don't always bother to respond to
> "challenges". If people don't want BTS mail, that's their problem; we
> don't have time to babysit that sort of thing.
>
> --
> Colin Watson [cjwatson@flatline.org.uk]
>
>

It's getting late :-)


I should have added that debian.org is on my pass list. The domain name.

Anyone mailing me from any address there wouldn't even know I was running
a C-R system.

I have in fact been mailed several times by various folks at

bugs.debian.org, Rob McQueen <robot101@debian.org> among them.

Alan


--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: [url]http://tinyurl.com/inpd[/url] for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Colin Watson]

On Fri, Aug 01, 2003 at 02:04:28AM -0700, Alan Connor wrote:

> Colin Watson wrote:

> > On Fri, Aug 01, 2003 at 01:36:14AM -0500, Jesse Meyer wrote:

> > > Spam tends to be an automated, bulk emailing of addresses, but not
> > > all

> >
> > Yup. For example, I can guarantee you that the people operating the
> > Debian bug tracking system don't always bother to respond to
> > "challenges". If people don't want BTS mail, that's their problem;
> > we don't have time to babysit that sort of thing.

>
> Anyone with a C-R program would just put the bug-tracking addresses on
> their pass list.
>
>
> That's how C-R programs work. The bug-track folks wouldn't even know
> it was operating.

Speaking as one of the bug tracking system maintainers in question, I
can tell you that this is not universal practice.

--
Colin Watson [cjwatson@flatline.org.uk]


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Colin Watson]

On Fri, Aug 01, 2003 at 02:38:10AM -0700, Alan Connor wrote:

> I should have added that debian.org is on my pass list. The domain name.
>
> Anyone mailing me from any address there wouldn't even know I was running
> a C-R system.

A fair proportion of my spam comes from debian.org addresses; spammers
are becoming more adept at forging sender addresses, frequently by
pulling addresses from e.g. web pages and using one address as the
source and the others as the target, so the recipients are likely to
know the alleged sender.

I predict that challenge-response systems will become increasingly less
useful as time goes on due to this trend.

--
Colin Watson [cjwatson@flatline.org.uk]


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[TR]

On Fri, 01 Aug 2003 11:17:56 +0100
Colin Watson <cjwatson@debian.org> wrote:

> > Anyone with a C-R program would just put the bug-tracking addresses
> > on their pass list.

What does C-R stand for? catch and remove?


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Colin Watson]

On Fri, Aug 01, 2003 at 06:43:55AM -0400, TR wrote:

> On Fri, 01 Aug 2003 11:17:56 +0100
> Colin Watson <cjwatson@debian.org> wrote:

[I didn't write this; Alan Connor did.]

> > > Anyone with a C-R program would just put the bug-tracking addresses
> > > on their pass list.

>
> What does C-R stand for? catch and remove?

Challenge-response.

Cheers,

--
Colin Watson [cjwatson@flatline.org.uk]


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[John Hasler]

Colin Watson writes:

> Yup. For example, I can guarantee you that the people operating the
> Debian bug tracking system don't always bother to respond to
> "challenges".

And I can guarantee you that I will never respond to "challenges".
--
John Hasler
[email]john@dhh.gt.org[/email] (John Hasler)
Dancing Horse Hill
Elmwood, WI


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[David Fokkema]

On Fri, Aug 01, 2003 at 07:48:36AM -0500, John Hasler wrote:

> Colin Watson writes:

> > Yup. For example, I can guarantee you that the people operating the
> > Debian bug tracking system don't always bother to respond to
> > "challenges".

>
> And I can guarantee you that I will never respond to "challenges".

Why?

If you send mail to a list and you get a challenge, sure, ignore it. If
a user of the mailbox-sentry-program or tmda (tmda.sourceforge.net)
fails to place a mailing list on his personal whitelist he's just being
careless or stupid. (Or, he might be still figuring out his setup and
might be neither.)

If you send mail directly to a person, off-list, in private, why not
respond to his challenge? In any decent MUA, you just have to hit 'r'.

David


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]cjwatson@debian.org[/email] Fri Aug 1 10:39:44 2003

>
>
> On Fri, Aug 01, 2003 at 02:04:28AM -0700, Alan Connor wrote:

> > Colin Watson wrote:

> > > On Fri, Aug 01, 2003 at 01:36:14AM -0500, Jesse Meyer wrote:
> > > > Spam tends to be an automated, bulk emailing of addresses, but not
> > > > all
> > >
> > > Yup. For example, I can guarantee you that the people operating the
> > > Debian bug tracking system don't always bother to respond to
> > > "challenges". If people don't want BTS mail, that's their problem;
> > > we don't have time to babysit that sort of thing.

> >
> > Anyone with a C-R program would just put the bug-tracking addresses on
> > their pass list.
> >
> >
> > That's how C-R programs work. The bug-track folks wouldn't even know
> > it was operating.

>
> Speaking as one of the bug tracking system maintainers in question, I
> can tell you that this is not universal practice.
>
> --
> Colin Watson [cjwatson@flatline.org.uk]
>
>

It is the "user" of the C-R program that enters the bug-tracking addresses
(in this case) in their passlist. The C-R program is transparent to the
bug-track folks, in this case.

Please do not expect another response from me on this subject. You either
do not understand C-R programs at all, or are simply prejudiced against
them and are cleverly spreading dis-information.

Alan

--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: [url]http://tinyurl.com/inpd[/url] for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]aaron@core-dev.com[/email] Fri Aug 1 10:55:48 2003

>
>
> On -6007-Thu, Jul 31, 2003 at 04:57:30PM -0700, Alan Connor <alanconnor@earthlink.net> spake thus,

> > What people mean when they say they are fed up with spam, is that they are
> > fed up with SOME spam, but want to get the others.
> >
> > There simply is no way that a "negative" approach will work. The "don't pass"
> > list is infinite and its characteristics are ever-changing.

>
> True, but the approach seems to work for me. I used to have an inbox
> filled daily with 10-20 UCEs, and now I get MAYBE 2.
>

I get none, and I'd be willing to bet that you save that spam and have to
examine at least the headers to make sure the program didn't make any mistakes.
And that you have to spend time updating the filter expressions.

I only have to update my pass list, which is automated, and do NOT save
anything but headers, if that. And this is just for testing. No regular
C-R user has to do even that.

> >
> > So they end up spending good money on programs that kill things they would
> > like to see, and don't kill things they find objectionable, because these
> > programs are obsolete a week after they are released.

>
> SpamAssassin is free, and I wouldn't recommend to anyone that they pay
> for "no-pass" software.
>

Why pay for something that a near-newbie like myself can write in Bash.
I wouldn't either. The most basic form of C-R program is just a procmail
recipe.

> >
> > To stop spam you have to decide who you WANT to hear from, and dump EVERYTHING
> > else.
> >
> > You cannot accept any mail that doesn't have a valid return address.
> >

>
> Fair enough.
>

> >
> >

> > > I can't say any of those have landed in my inbox, though ;-) Straight
> > > to ~/mail/spam with no stops in between.
> > >

> >
> > See? You aren't blocking spam, you are saving mail that MIGHT be spam
> > to a directory and then reading through it.
> >

>
> No, I don't read through it. But if someone says "Hey, did you get
> that e-mail I sent you two days ago that was about free credit card
> long distance porno?" I can be pretty sure where to recover it from.

You still have to save the stuff, some of which is potentially dangerous,
even in Linux, and must read that header to know what it says.

> I still rely on other forms of communication to tip me off to the
> possibility that SpamAssassin marked something it shouldn't have.
>

> > Why? Because SpamAssasin doesn't work, and will never work.
> >

>
> It works well enough for me, and quite a few other people. I realize
> it isn't 100% effective, but I never asked for a magic salve that
> would make all UCEs go away.

Fair enough. But the program uses a LOT (comparitively) of disk space,
CPU time and RAM.

AND a lot of YOUR time (comparitively). This would include installation
and configuration, which takes a minute or so, even with relatively
sophisticated C-R programs like mine. (which you could WRITE in an hour,
at most.)

>

> > If the headers have been monkeyed with to the point that procmail can't
> > process it, it goes to /dev/null. Non-conforming headers are a SURE sign
> > that a mail is spam, because they are trying to get past your filters.
> >
> > Which they do, with programs like SpamAssasin.

>

Glad to hear it.

> Infrequently, but it does happen. Yesterday I discovered a way that I
> can have a THREE FOOT PENIS! That's exciting.
>

Now THAT would be a good way to end your love-life :-)

> --
> Aaron Bieber
> -
> Graphic Design // Web Design
> [url]http://www.core-dev.com/[/url]
> [email]aaron@core-dev.com[/email]
>
>
>

Very good,

Alan

--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: [url]http://tinyurl.com/inpd[/url] for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]meyer@btinet.net[/email] Fri Aug 1 11:10:43 2003

>
>
> On Thu, 31 Jul 2003, Alan Connor wrote:

> >=20
> > Spam is UCE (unsolicited commercial email) and stopping it can only be do=

> ne

> > with a Challenge-Response mail program, such as the one I put together.
> > There isn't ANY other approach that works.

>
> Spam tends to be an automated, bulk emailing of addresses, but not all=20
> automated, bulk emailing of addresses are spam. Therefore, depending on
> the circumstances, Challenge-Response will deep-six valid email
> messages.

No.


Any spam-reduction system will end up doing so.


My version of C-R is not a "spam-reduction system" it is an spam-elimination
system.

>
> Which is why, if you're careful, you'll want to doublecheck the messages
> marked as spam.
>

There are no messages marked as spam.

Please do your homework. You obviously do not understand C-R systems at
all.

Gee, I wonder where you could find information on the subject?

> ~ Jesse Meyer
>

Alan

--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: [url]http://tinyurl.com/inpd[/url] for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Connor]

> From [email]cjwatson@debian.org[/email] Fri Aug 1 11:15:16 2003

>
>
> On Fri, Aug 01, 2003 at 02:38:10AM -0700, Alan Connor wrote:

> > I should have added that debian.org is on my pass list. The domain name.
> >
> > Anyone mailing me from any address there wouldn't even know I was running
> > a C-R system.

>
> A fair proportion of my spam comes from debian.org addresses; spammers
> are becoming more adept at forging sender addresses, frequently by
> pulling addresses from e.g. web pages and using one address as the
> source and the others as the target, so the recipients are likely to
> know the alleged sender.
>
> I predict that challenge-response systems will become increasingly less
> useful as time goes on due to this trend.
>

Once again you demonstrate your ignorance of, or prejudice against C-R systems

Please QUIT mis-informing people.

Mail from debian.org to me must COME from debian.org...

Don't tell me you have never heard of Received: headers? (etc.)

> --
> Colin Watson [cjwatson@flatline.org.uk]
>
>
>

Alan


--
For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
See: [url]http://tinyurl.com/inpd[/url] for the scripts and docs.



--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[David Fokkema]

On Fri, Aug 01, 2003 at 10:46:28AM -0700, Alan Connor wrote:

> > > Anyone with a C-R program would just put the bug-tracking addresses on
> > > their pass list.
> > >
> > >
> > > That's how C-R programs work. The bug-track folks wouldn't even know
> > > it was operating.

> >
> > Speaking as one of the bug tracking system maintainers in question, I
> > can tell you that this is not universal practice.

>
> It is the "user" of the C-R program that enters the bug-tracking addresses
> (in this case) in their passlist. The C-R program is transparent to the
> bug-track folks, in this case.

Er... exactly what relevant information is conveyed here? Colin just
mentions that _some_ people are not entering the addresses in their
passlist.

If you decide to respond please read the post first, before venting your
frustration.

> Please do not expect another response from me on this subject. You either
> do not understand C-R programs at all, or are simply prejudiced against
> them and are cleverly spreading dis-information.

Let me think this out... there must be some logic behind all this... Ah,
yes! It's in your signature! Personally, I think that _you're_ the one
who is prejudiced. In this case not against, but in favour of C-R
programs. I think Colin understands very well. But I guess it's no use
telling you that, you must know, as well. And by the way, falsely
accusing someone of 'cleverly spreading dis-information' in an open
community like this should be grounds to remove you from the list. Oh,
wait, we are an _open_ community. All opinions welcome!

Please, do not respond on this subject. Moreover, if all your posts are
going to be like this, do not respond on anything at all. And please be
so kind to not start threads, either.

> For Linux/Bash users: Eliminate spam with the Mailbox-Sentry-Program.
> See: [url]http://tinyurl.com/inpd[/url] for the scripts and docs.

Maybe you're going to hate me, but if I _do_ decide to start using C-R
based spam filtering (I'm thinking about it for some time now) I will
look into tmda first. And even if that doesn't work for me, I'll
probably not look into the Mailbox-Sentry-Program. Why? Well, I trust
people better if they tell me the pros and cons of their product without
prejudice. Saying things like 'SpamAssassin is outdated the moment it is
released and it will _never_ work, har, har!' just doesn't help you to
make your point. Sorry. Hasn't anyone told you that in normal
person-to-person conversations?

I've been _very_ busy the past week, basically working from 9.00 am to
10.00 pm and last night until 2.00 am. I've had only four hours of sleep
last night and had to give a talk this morning which I 'finished' only
15 minutes before it started, incorporating results from this morning.
Finally, I decided to catch up on debian-user and then I get this.
Great. Why am I using bandwidth telling you this? So you can decide if
it's just my lack of sleep that's making me vent _my_ frustration.

Regards,

David

PS: no GPG, no signature. But I _really_ don't mind if others use them.
Especially the signatures are nice, from time to time, ;-)


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[David Fokkema]

On Fri, Aug 01, 2003 at 11:18:23AM -0700, Alan Connor wrote:

> > From [email]cjwatson@debian.org[/email] Fri Aug 1 11:15:16 2003
> >
> >
> > On Fri, Aug 01, 2003 at 02:38:10AM -0700, Alan Connor wrote:

> > > I should have added that debian.org is on my pass list. The domain name.
> > >
> > > Anyone mailing me from any address there wouldn't even know I was running
> > > a C-R system.

> >
> > A fair proportion of my spam comes from debian.org addresses; spammers
> > are becoming more adept at forging sender addresses, frequently by
> > pulling addresses from e.g. web pages and using one address as the
> > source and the others as the target, so the recipients are likely to
> > know the alleged sender.
> >
> > I predict that challenge-response systems will become increasingly less
> > useful as time goes on due to this trend.
> >

>
> Once again you demonstrate your ignorance of, or prejudice against C-R systems

Ignorance? No...

>
> Please QUIT mis-informing people.

He's just making a prediction. Please point me to the particular piece of mis-information.

>
> Mail from debian.org to me must COME from debian.org...
>
> Don't tell me you have never heard of Received: headers? (etc.)

Don't tell me you have never heard of _forged_ Received: headers? (etc.)

Or does your near-newbie bash within an hour script recognize all forms
of forged Received: headers?

By the way, you said you wouldn't respond again on this subject?

David


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Alan Shutko]

Alan Connor <alanconnor@earthlink.net> writes:

> My version of C-R is not a "spam-reduction system" it is an spam-elimination
> system.

Incidentally, what do you do about spam sent to mailing lists you are on?

--
Alan Shutko <ats@acm.org> - I am the rocks.
What good is make-believe if you don't share it?


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]

[Manoj Srivastava]

On Thu, 31 Jul 2003 16:57:30 -0700, Alan Connor <alanconnor@earthlink.net> said:

> If any mail comes to me from an email address or domain that isn't
> on my pass list, it goes to /dev/null and an auto-response is sent
> to whatever return address the sender supplied.

> It asks them to re-send the mail including a password on the subject
> line and insists that they use it with the same address used to
> acquire it.

> Obviously, if the address is invalid, they never get the reply.

Hopefully, then, you don't need any answers I may send out
privately, since I send all such resent requests to the bit
bucket. _That_ is the problem with this approach -- you are actively
deciding to forego any unexpected email coming from people who are
not on your OK list. Participating on a public forum like this
mailing list or USENET also exposes one to unexpected correspondence
off channel -- and I have had conversation that I would not have
liked to have missed.


If you do not care, then well, only listening to mail from
people you already know is good enough.

For me, that is unacceptable degradation of my online experi

manoj
--
Be security conscious -- National defense is at stake.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C


--
To UNSUBSCRIBE, email to [email]debian-user-request@lists.debian.org[/email]
with a subject of "unsubscribe". Trouble? Contact [email]listmaster@lists.debian.org[/email]