From owner-freebsd-ports@freebsd.org Mon Dec 11 17:32:48 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 64815E9854D for ; Mon, 11 Dec 2017 17:32:48 +0000 (UTC) (envelope-from portmaster@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 417F16FA89 for ; Mon, 11 Dec 2017 17:32:47 +0000 (UTC) (envelope-from portmaster@BSDforge.com) Received: from udns.ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id vBBHY4Yp012781; Mon, 11 Dec 2017 09:34:10 -0800 (PST) (envelope-from portmaster@BSDforge.com) X-Mailer: UDNSMS MIME-Version: 1.0 Cc: In-Reply-To: <20171211154257.GA2827@home.opsec.eu> From: "Chris H" Reply-To: portmaster@BSDforge.com To: "Kurt Jaeger" Subject: Re: Procmail Vulnerabilities check Date: Mon, 11 Dec 2017 09:34:10 -0800 Message-Id: <64e65ab97f9c2b086ed8c13620f06546@udns.ultimatedns.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Dec 2017 17:32:48 -0000 On Mon, 11 Dec 2017 16:42:57 +0100 "Kurt Jaeger" said > Hi! >=20 > > > On Sun, Dec 10, 2017 at 02:58:29PM -0800, Chris H wrote: > > > > OK I'm puzzled a bit=2E FreeBSD' motto has always been: > > > > FreeBSD > > > > The power to serve! > > > >=20 > > > > but many of the proposed, and recent changes/removals end up more l= ike: > > > > FreeBSD > > > > I's castrated! >=20 > > > So, then we should add a web server into our base! Apache? NGINX? Bot= h? > > > But then, what about PHP? MySQL? PostgreSQL? We want to serve website= s, > > > after all! Let's talk about fileservers=2E Samba! I could go on=2E=2E=2E > > OK=2E That's simply an irrelevant argument=2E I never advocated for the > > *addition* of anything=2E Only against the *removal* of something most us= ers > > have come to expect with the installation of FreeBSD=2E >=20 > The argument was made to show the general idea, not to nit-pick 8-} >=20 > As packaging base is also on the horizon, see >=20 > https://www=2Eyoutube=2Ecom/watch?v=3DBr6izhH5P1I >=20 > and >=20 > https://www=2Eyoutube=2Ecom/watch?v=3Dv7px6ktoDAI >=20 > the debate will pop up in any case=2E >=20 > > > FreeBSD's power to serve slogan is about delivering the platform to > > > serve, not all possible server software=2E [=2E=2E=2E] >=20 > > In all fairness, that's just pure supposition=2E I would suggest that it = is > > more probable that more users use Sendmail 1) because it came with the > > FreeBSD install, and 2) as such, makes it easier to implement=2E >=20 > Then it's time to start some research, if this hypothesis really holds=2E Thanks for the links, and the thoughtful reply, Kurt! In all fairness, your right=2E *actual* numbers *do* apply=2E :-) >=20 > I know that the folks at dovecot=2Efi did this in February for dovecot, see >=20 > openemailsurvey=2Eorg >=20 > It was made using shodan, maybe it's time to do the same for port 25 > via shodan ? LOL, showdan=2Eio! Hah! I'm *more* than a little irritated by this sort of th= ing=2E *Sure* it can provide some useful data=2E But the part that really irritates me, is that anyone think it's OK to probe my ports w/o asking=2E It's akin to saying; we initiated a study to determine how many people were using the LG model XYZ refrigerator=2E In that study, we peered into all the windows of as many houses, in as many neighborhoods as possible=2E But please, do not feel violated=2E We made every effort to look away, if we encountered anyone naked, or in an otherwise compromising situation=2E If you still find this method too intrusive=2E You need only tell us so=2E Simply come, and try to find the link to request exclusion=2E Err=2E=2E=2E what?!?! If you, as an administrator of a/your system(s), see no problem with (port) scanners, and take no action to thwart such activity=2E You are more than likely to encounter trouble(s) down the road=2E Even those that take preemptive action ahead of time, to close all unused ports=2E History already *proves* this fact, time, and time again=2E :-) pf(4) has dropped any/all communication from the showdan "project" *long* ago for all the systems I'm responsible for, and along with all the myriad of other "like" projects=2E They all have the policy backward; ask *before* not *after*=2E In short; I see them all as "black hats"=2E Honestly=2E Can you *really* determine good intentions from bad intentions on an incoming port scan? Still=2E Your point is well taken, and your point is not on the top of your head=2E ;-) ;-) We really *do* need corroborating evidence=2E :-) Thanks again, all the best to you, Kurt! --Chris >=20 > --=20 > pi@opsec=2Eeu +49 171 3101372 3 years to= go > !