On Thu, Dec 05, 2002 at 10:09:31AM +1100, Brian May wrote:
> On Wed, Dec 04, 2002 at 11:57:05PM +0100, Oliver Kurth wrote:
> > MAIL FROM: <[EMAIL PROTECTED]>
> > RCPT TO: <[EMAIL PROTECTED]>
>
> Would this work? Or would you need to be authenticated first?
$ telnet mx0.gmx.net 25
Trying 213.165.6
On Wed, Dec 04, 2002 at 11:57:05PM +0100, Oliver Kurth wrote:
> MAIL FROM: <[EMAIL PROTECTED]>
> RCPT TO: <[EMAIL PROTECTED]>
Would this work? Or would you need to be authenticated first?
(ie. I thought we were discussing checking purely based on
the MAIL FROM address, not checking for relaying).
On Thu, Dec 05, 2002 at 09:20:47AM +1100, Brian May wrote:
> On Wed, Dec 04, 2002 at 12:48:14AM +, Darren Salt wrote:
> > see if you still don't have a problem. Or try giving the server a local (to
> > it) address after MAIL FROM: the server should complain unless you're on a
> > network which
On Thu, Dec 05, 2002 at 09:20:47AM +1100, Brian May wrote:
> On Wed, Dec 04, 2002 at 12:48:14AM +, Darren Salt wrote:
> > see if you still don't have a problem. Or try giving the server a local (to
> > it) address after MAIL FROM: the server should complain unless you're on a
> > network which
On Tue, Dec 03, 2002 at 03:12:37PM -0800, Adam McKenna wrote:
> But to be sure you're not getting any false positives, you cruise through
> your "spam" mailbox every now and then, right?
I generally try to (although I know one site that receives so much SPAM
that this is simply not feasible).
How
On Wed, Dec 04, 2002 at 12:48:14AM +, Darren Salt wrote:
> see if you still don't have a problem. Or try giving the server a local (to
> it) address after MAIL FROM: the server should complain unless you're on a
> network which it considers to be local.
Tried that with both qmail and postfix,
On Wed, Dec 04, 2002 at 09:22:35AM +0100, Andreas Fuchs wrote:
> On 2002-12-03, Adam McKenna <[EMAIL PROTECTED]> wrote:
> >> Please enlighten me, anyway: Why is bouncing the full body of the
> >> mail you received from a person who claims to be Adam back to Adam a
> >> good idea?
> >
> > This is a
On 2002-12-03, Adam McKenna <[EMAIL PROTECTED]> wrote:
>> Please enlighten me, anyway: Why is bouncing the full body of the
>> mail you received from a person who claims to be Adam back to Adam a
>> good idea?
>
> This is an implementation issue, not a philosophical issue.
This is correct. The
I demand that Adam McKenna may or may not have written...
> On Wed, Dec 04, 2002 at 09:47:05AM +1100, Brian May wrote:
>> On Tue, Dec 03, 2002 at 11:09:02AM +0100, Gerrit Pape wrote:
>>> Autoresponders, bouncers, and other mail handling programs use the
>>> envelope sender address, not an address
On Tue, Dec 03, 2002 at 11:52:38PM +0100, Andreas Fuchs wrote:
> Today, Adam McKenna <[EMAIL PROTECTED]> wrote:
> > On Mon, Dec 02, 2002 at 11:49:09PM +0100, Andreas Fuchs wrote:
> >> Right. I just thought up a scheme to exploit this, based on the fake
> >> source-IP address approach you find in de
On Wed, Dec 04, 2002 at 09:58:28AM +1100, Brian May wrote:
> On Tue, Dec 03, 2002 at 09:55:34AM -0800, Adam McKenna wrote:
> > The key issue here is that the mail isn't blocked. It's simply held in
> > another place until confirmed. It doesn't become a "false positive" until
> > it
> > is delete
On Tue, Dec 03, 2002 at 09:55:34AM -0800, Adam McKenna wrote:
> The key issue here is that the mail isn't blocked. It's simply held in
> another place until confirmed. It doesn't become a "false positive" until it
> is deleted without being read.
It depends how you define the SPAM checking proce
On Wed, Dec 04, 2002 at 09:47:05AM +1100, Brian May wrote:
> On Tue, Dec 03, 2002 at 11:09:02AM +0100, Gerrit Pape wrote:
> > Autoresponders, bouncers, and other mail handling programs use the
> > envelope sender address, not an address found in any header of the mail.
> > I doubt that any abuse@ a
Today, Adam McKenna <[EMAIL PROTECTED]> wrote:
> On Mon, Dec 02, 2002 at 11:49:09PM +0100, Andreas Fuchs wrote:
>> Right. I just thought up a scheme to exploit this, based on the fake
>> source-IP address approach you find in descriptions of ping-floods.
>
> Wow, you're pretty smart. Nobody has t
On Tue, Dec 03, 2002 at 11:09:02AM +0100, Gerrit Pape wrote:
> Autoresponders, bouncers, and other mail handling programs use the
> envelope sender address, not an address found in any header of the mail.
> I doubt that any abuse@ address replies to a bounce message. This is no
> problem.
You see
In chiark.mail.debian.devel, you wrote:
>Autoresponders, bouncers, and other mail handling programs use the
>envelope sender address, not an address found in any header of the mail.
>I doubt that any abuse@ address replies to a bounce message. This is no
>problem.
Having received one of the thin
On Tue, 3 Dec 2002 18:55, Adam McKenna wrote:
> As a side note, I am pretty amused by the people in this thread who say
> "don't use these systems, they're antisocial", and then follow that up with
> "I'm going to blacklist anyone who uses these systems".. I guess their
> definition of antisocial
On Tue, Dec 03, 2002 at 06:16:48PM +, Colin Watson wrote:
> On Tue, Dec 03, 2002 at 09:55:34AM -0800, Adam McKenna wrote:
> > BTW, anyone who e-mails you and then asks you to confirm your reply is
> > either using broken software, or doesn't have their outgoing mail
> > headers set up properly.
On Tue, Dec 03, 2002 at 09:55:34AM -0800, Adam McKenna wrote:
> BTW, anyone who e-mails you and then asks you to confirm your reply is
> either using broken software, or doesn't have their outgoing mail
> headers set up properly.
So people who e-mail [EMAIL PROTECTED] and then ask for
confirmation
On Tue, Dec 03, 2002 at 11:09:02AM +0100, Gerrit Pape wrote:
> Autoresponders, bouncers, and other mail handling programs use the
> envelope sender address, not an address found in any header of the mail.
> I doubt that any abuse@ address replies to a bounce message. This is no
> problem.
Practic
On Wed, Dec 04, 2002 at 03:40:53AM +1000, Anthony Towns wrote:
> On Tue, Dec 03, 2002 at 09:26:34AM -0800, Adam McKenna wrote:
> > > It's easy to be effective if you don't care about false positives.
> > Yes, and unless you consider people who either:
> > 1) are too lazy to confirm
> > 2) have a ph
On Tue, Dec 03, 2002 at 09:26:34AM -0800, Adam McKenna wrote:
> On Tue, Dec 03, 2002 at 05:13:42PM +, Colin Watson wrote:
> > /dev/null is the most effective filtering solution at present, and these
> > days happens to be equivalent to these filters when applied to mail from
> > me.
> >
> > It
On Tue, Dec 03, 2002 at 09:26:34AM -0800, Adam McKenna wrote:
> > It's easy to be effective if you don't care about false positives.
> Yes, and unless you consider people who either:
> 1) are too lazy to confirm
> 2) have a philosophical objection to confirming
> false positives, then there are no
On Tue, Dec 03, 2002 at 05:13:42PM +, Colin Watson wrote:
> On Tue, Dec 03, 2002 at 08:56:10AM -0800, Adam McKenna wrote:
> > On Mon, Dec 02, 2002 at 11:49:09PM +0100, Andreas Fuchs wrote:
> > > Thus, my conclusion: These things are evil. Don't use them or somebody
> > > might use them against
On Tue, Dec 03, 2002 at 08:56:10AM -0800, Adam McKenna wrote:
> On Mon, Dec 02, 2002 at 11:49:09PM +0100, Andreas Fuchs wrote:
> > Thus, my conclusion: These things are evil. Don't use them or somebody
> > might use them against you, eventually.
>
> This sounds vaguely like religion -- you haven't
On Mon, Dec 02, 2002 at 11:49:09PM +0100, Andreas Fuchs wrote:
> Right. I just thought up a scheme to exploit this, based on the fake
> source-IP address approach you find in descriptions of ping-floods.
Wow, you're pretty smart. Nobody has thought of this before, especially not
the authors of sa
Today, Stephen Zander <[EMAIL PROTECTED]> wrote:
>> "Jan" == Jan Niehusmann <[EMAIL PROTECTED]> writes:
> Jan> Time will tell. I fear that some day, the only way to use
> Jan> email productively is to block all email with invalid sender
> Jan> adresses. And I don't know a way do val
on Sun, Dec 01, 2002 at 07:19:47PM +0100, Gerrit Pape ([EMAIL PROTECTED]) wrote:
> On Sun, Dec 01, 2002 at 02:35:28PM +0100, Russell Coker wrote:
> > The people who run such stupid filters misunderstand the way the
> > Internet works.
>
> Maybe you should do a short research on the user of this ma
In chiark.mail.debian.devel, you wrote:
>Autoresponders, bouncers, and other mail handling programs use the
>envelope sender address, not an address found in any header of the mail.
>I doubt that any abuse@ address replies to a bounce message. This is no
>problem.
I find your faith in mail admin
On Mon, Dec 02, 2002 at 11:01:15AM -0500, H. S. Teoh wrote:
> On Mon, Dec 02, 2002 at 04:39:30PM +0100, Jan Niehusmann wrote:
> > Time will tell. I fear that some day, the only way to use email
> > productively is to block all email with invalid sender adresses. And
> > I don't know a way do valdia
On Mon, Dec 02, 2002 at 06:50:14PM +, Matthew Garrett wrote:
> In order to avoid this, spammers merely have to use a forged from
> address that will generate an automatic response. There's no shortage of
> those. [EMAIL PROTECTED] springs to mind, and I have no doubt that
> there are many other
On Mon, Dec 02, 2002 at 05:31:11PM +0100, Russell Coker wrote:
> On Mon, 2 Dec 2002 17:18, Stephen Zander wrote:
> > The above is based on the false premise that those who send spam are
> > incapable of sending it with (forged) real email addresses. They
> > already have lots of them to choose fro
On Mon, Dec 02, 2002 at 04:58:48PM +0100, Russell Coker wrote:
> Also there's the issue of two people having such filters trying to
> communicate with each other.
This, of course, is taken care of, see the documentation if you are
interested.
> NB You can't just white-list an address when you se
Brian May <[EMAIL PROTECTED]> wrote:
> On Tue, Dec 03, 2002 at 10:22:32AM +1300, Corrin Lakeland wrote:
>> Personally I think bayesian based spam filters are a godsend. They're a bit
>> naive in places such as being unigram or bigram based, but that'll probably
>> get fixed in version two. And
On Tue, Dec 03, 2002 at 09:53:56AM +1100, Brian May wrote:
> On Tue, Dec 03, 2002 at 10:22:32AM +1300, Corrin Lakeland wrote:
> > Personally I think bayesian based spam filters are a godsend. They're a
> > bit
> > naive in places such as being unigram or bigram based, but that'll probably
> > g
Brian May wrote:
> On Tue, Dec 03, 2002 at 10:22:32AM +1300, Corrin Lakeland wrote:
> > Personally I think bayesian based spam filters are a godsend. They're a
> > bit
> > naive in places such as being unigram or bigram based, but that'll probably
> > get fixed in version two. And already the
On Tue, 2002-12-03 at 09:53, Brian May wrote:
> On Tue, Dec 03, 2002 at 10:22:32AM +1300, Corrin Lakeland wrote:
> > Personally I think bayesian based spam filters are a godsend. They're a
> > bit
> > naive in places such as being unigram or bigram based, but that'll probably
> > get fixed in v
On Tue, Dec 03, 2002 at 10:22:32AM +1300, Corrin Lakeland wrote:
> Personally I think bayesian based spam filters are a godsend. They're a bit
> naive in places such as being unigram or bigram based, but that'll probably
> get fixed in version two. And already they are still amazingly good.
Ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 03 Dec 2002 05:12, Jan Niehusmann wrote:
> You are missing the point: That scheme doesn't directly block spam, it
> only assures that a mail has a valid Reply-To:-address. Which may (or
> may not) stop spam. Time will tell.
But if we can work
In chiark.mail.debian.devel, you wrote:
>On Mon, Dec 02, 2002 at 08:18:46AM -0800, Stephen Zander wrote:
>> The above is based on the false premise that those who send spam are
>> incapable of sending it with (forged) real email addresses. They
>> already have lots of them to choose from.
>
>But i
On Mon, 2 Dec 2002 17:18, Stephen Zander wrote:
> > "Jan" == Jan Niehusmann <[EMAIL PROTECTED]> writes:
>
> Jan> Time will tell. I fear that some day, the only way to use
> Jan> email productively is to block all email with invalid sender
> Jan> adresses. And I don't know a way do v
On Mon, Dec 02, 2002 at 08:18:46AM -0800, Stephen Zander wrote:
> The above is based on the false premise that those who send spam are
> incapable of sending it with (forged) real email addresses. They
> already have lots of them to choose from.
But if they send the spam with a forged email addre
> "Jan" == Jan Niehusmann <[EMAIL PROTECTED]> writes:
Jan> Time will tell. I fear that some day, the only way to use
Jan> email productively is to block all email with invalid sender
Jan> adresses. And I don't know a way do valdiate a (not yet
Jan> known) address but to try it a
On Mon, Dec 02, 2002 at 04:58:48PM +0100, Russell Coker wrote:
> On Mon, 2 Dec 2002 16:39, Jan Niehusmann wrote:
> > Time will tell. I fear that some day, the only way to use email
> > productively is to block all email with invalid sender adresses. And I
> If an auto-responder can handle such me
On Mon, 2 Dec 2002 16:39, Jan Niehusmann wrote:
> > It is not suitable for individual email addresses.
>
> Time will tell. I fear that some day, the only way to use email
> productively is to block all email with invalid sender adresses. And I
> don't know a way do valdiate a (not yet known) addres
On Mon, Dec 02, 2002 at 04:39:30PM +0100, Jan Niehusmann wrote:
[snip]
> Time will tell. I fear that some day, the only way to use email
> productively is to block all email with invalid sender adresses. And I
> don't know a way do valdiate a (not yet known) address but to try it
> and send a reply
On Sun, Dec 01, 2002 at 08:43:06PM +0100, Russell Coker wrote:
> When you have a very small number of people doing something totally contrary
> to what everyone else on the Internet is doing, and expecting that everyone
> else should go out of their way to accomodate them, then you don't need to
"Gerrit Pape" <[EMAIL PROTECTED]> writes:
> On Sun, Dec 01, 2002 at 02:35:28PM +0100, Russell Coker wrote:
>> The people who run such stupid filters misunderstand the way the
>> Internet works.
>
> Maybe you should do a short research on the user of this mail handling
> program before saying such.
On Sun, Dec 01, 2002 at 07:19:47PM +0100, Gerrit Pape wrote:
> On Sun, Dec 01, 2002 at 02:35:28PM +0100, Russell Coker wrote:
> > The people who run such stupid filters misunderstand the way the
> > Internet works.
>
> Maybe you should do a short research on the user of this mail handling
> progra
On Sun, 1 Dec 2002 19:19, Gerrit Pape wrote:
> On Sun, Dec 01, 2002 at 02:35:28PM +0100, Russell Coker wrote:
> > The people who run such stupid filters misunderstand the way the
> > Internet works.
>
> Maybe you should do a short research on the user of this mail handling
> program before saying s
On Sun, Dec 01, 2002 at 02:35:28PM +0100, Russell Coker wrote:
> The people who run such stupid filters misunderstand the way the
> Internet works.
Maybe you should do a short research on the user of this mail handling
program before saying such.
> If you have to send an extra confirmation messag
On Sat, Nov 30, 2002 at 10:42:41PM +0100, Ulrich Eckhardt wrote:
You misunderstood the way such things work, you only have to confirm once
that you intended to send a message.
Still too much. If someone initiates a communication, they should make
sure they can get the reply.
Of course, people sho
On Sat, 30 Nov 2002 22:42, Ulrich Eckhardt wrote:
> On Saturday 30 November 2002 16:48, Russell Coker wrote:
> [snipped rant and threats]
>
> > ... if such messages continue.
>
> You misunderstood the way such things work, you only have to confirm once
> that you intended to send a message. Of cour
On Saturday 30 November 2002 16:48, Russell Coker wrote:
[snipped rant and threats]
> ... if such messages continue.
You misunderstood the way such things work, you only have to confirm once
that you intended to send a message. Of course, people should add automated
systems like the BTS to their
I believe that it is inappropriate to use such an email system that does this
when sending messages to the BTS.
Also anyone who wants to use such a system when posting to a popular mailing
list (such as debian-devel) should first put in place a white-list of people
who regularly post to the lis
55 matches
Mail list logo
