From owner-freebsd-chat Sun Feb 11 9: 7:43 2001 Delivered-To: freebsd-chat@freebsd.org Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by hub.freebsd.org (Postfix) with ESMTP id 8337337B401 for ; Sun, 11 Feb 2001 09:07:39 -0800 (PST) Received: from xor.obsecurity.org ([63.207.60.67]) by mta6.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0G8L00GJ1RFE10@mta6.snfc21.pbi.net> for chat@freebsd.org; Sun, 11 Feb 2001 09:04:27 -0800 (PST) Received: by xor.obsecurity.org (Postfix, from userid 1000) id 86B4066B00; Sun, 11 Feb 2001 09:07:13 -0800 (PST) Date: Sun, 11 Feb 2001 09:07:13 -0800 From: Kris Kennaway Subject: Re: FreeBSD Postfix and Majordomo security (was FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE) In-reply-to: <009c01c093e5$d1cd7230$94cba8c0@hh.kew.com>; from software@kew.com on Sat, Feb 10, 2001 at 11:48:04PM -0500 To: Drew Derbyshire Cc: chat@freebsd.org Message-id: <20010211090713.B50667@mollari.cthul.hu> MIME-version: 1.0 Content-type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="UHN/qo2QbUvPLonB" Content-disposition: inline User-Agent: Mutt/1.2.5i References: <200102082014.PAA29877@vws3.interlog.com> <009c01c093e5$d1cd7230$94cba8c0@hh.kew.com> Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --UHN/qo2QbUvPLonB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Feb 10, 2001 at 11:48:04PM -0500, Drew Derbyshire wrote: > Since the FreeBSD site runs postfix, the fix to block external postings to > the announce list is a Postfix FAQ, using a regular expression filter. This > would require direct trusted posters to go through a local (or otherwise > trusted IP), and cannot be beaten by forged headers. (Hint, hint!) It was a broken filter rule which allowed the mail in - this has been fixed. > In general, I'm amazed that after all the SPAM on the FreeBSD mailing lists > that they haven't gone to post-only-by subscribers in general -- clearly, > the maintainers don't seem to care about the lists's quality as much as some > of the subscribers do. Yes, yes, I've heard the "but we need to let any one > post ..." argument, and refuse to believe it given hackish nature of the > FreeBSD mailing lists, and general disdain for end-users. This is a blatant troll, IMO, so I'll ignore it. > (Linux will rule the world, because organizations like RedHat support > relatively clean binary patches using up2date between releases -- it makes > me sad when I compare this to FreeBSD securty advisories which offer choices > of source patches or "upgrade to Release 4.x-STABLE after the specified" > date, given that such configurations have a prereq of reading the -stable > mailing list and generally breathing FreeBSD.) Making binary patches is something we'd very much like to do, but it requires significant support and testing infrastructure, which no-one has come forward to provide so far. How sad does it make you? Sad enough to do something about it, or only a little bit sad so that you'll just complain about it but won't bother? Kris --UHN/qo2QbUvPLonB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6hsbAWry0BWjoQKURAoQiAKCaXxtwzSZPTWle/55GVuEkC1vqEgCg+IUB NOREy6BTG7ZXExUUp95UEDs= =G77v -----END PGP SIGNATURE----- --UHN/qo2QbUvPLonB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message