[Tutor] ethics in programming

kirk Bailey idiot1@netzero.net
Sat, 12 Jan 2002 17:37:24 -0500


dman wrote:
> 
> On Sat, Jan 12, 2002 at 05:01:33PM -0500, kirk Bailey wrote:
> | dman wrote:
> | >
> | > On Fri, Jan 11, 2002 at 11:29:59AM -0500, kirk Bailey wrote:
> | > | Working on TinyList, I realized that for security reasons I am using
> | > | TL's ability to talk to the smtp engine to send out the email, one
> | > | envlope per recipient.
> | >
> | > I think it is better to pipe the message to the mail system (eg exim,
> | > postfix, or sendmail).  Are you prepared to properly handle all error
> | > repsones from the SMTP server and retry delivery or return a bounce
> | > message as appropriate?  SMTP seems trivial, but there are many things
> | > to get right for a robust system.  Piping _is_ quite trivial and it
> | > gets the message off of your hands quickly.
> |
> | Not familiar with the concept as you use it, possibly this is a
> | linguistics issue, and I already use it by another name.
> 
> Are you familiar with Unix?
> 
some, I blush to admit some, but always somethign new to learn.



> $ sendmail idiot1@netzero.net << EOF
> From: dman <dsh8290@rit.edu>
> Subject: Hi Kirk.
> Date: today (obviously this is syntactically incorrect)
> To: Kirk <idiot1@netzero.net>
> 
> Hi Kirk.  This is the body of a message.  This message was not created
> with a a MUA :-).
> 
> EOF
> 
> $
> 
Just tried it, worked fine.

> There is no SMTP involved in what I did.  I ran exim, gave it the
> recipients on the command line and gave it the message itself (not
> quite conforming to RFC2822 but you get the idea) on stdin.  I don't
> need to worry about SMTP errors or networking or anything.  The only
> two possible errors is that the pipe is closed before I'm done writing
> or that exim returns non-zero exit status.
> 
> Your TinyList program would use
>     f = os.popen( "sendmail %s" % recipients )
>     f.write( message )
>     f.close()
> 
> (BTW exim answers to the name sendmail if you make a symlink to the
> binary.  It also behaves very compatibly, a drop-in replacement.)
> 
> | > | Good, avoids security issues with many recipients per envlope. But
> | > | this does slow down transmisson a little, mabe more than a little
> | > | when we are talking LARGE lists.
> | >
> | > Right -- you need to send the DATA section once for each recipient.
> |
> | Well, another program (minorfish) does exactly that! But we limit
> | max recipients per envlope to 10 to make spam more difficult, so
> | that immediately encounters a security precaution conflict. But this
> | itself is a by the aay, not the REAL major problem.
> 
> I was explicitly giving the reason for the performance degradation.
> 
> | > If you pipe it to exim I believe you will be able to specify all
> | > recipients at once and let exim deal with delivering it to the
> | > destination.  I do know for a fact that if I put 2 addresses in To: or
> | > Cc: headers (using my mua) then exim makes two separate passes over
> | > the "routers" and delivers the message separately for each
> | > destination.
> | >
> | > | A way used in majordomo to send lists is to feed ONE copy of the
> | > | letter to a special alias and take advantage of the :include: command
> | > | to invoke the subscriber file. such a list alias looks like:
> | > |
> | > | listname-outgoing::include:/path/subscriberfilename # no spaces in the
> | > | definition PLEASE!
> | > |
> | > | And the Mail Transmission Agent(hereafter MTA, usually sendmail) reads
> | > | that file and sends a copy of the letter to each person on it. THERE
> | > | IS NO OTHER SERVICE. *ANY* letter landing on that email alais goes
> | > | out. Very spam friendly alas. And this is a Very Bad Thing.
> | > |
> | > | Of course, the idea is the name of alias is a secret,
> | >
> | > Security through obscurity doesn't work.  Look at what happens with MS
> | > systems as opposed to Linux or *BSD systems.  One is obscure (no
> | > source available) the other isn't.
> |
> | True, once someone figures out the nam of the outbound alias on a
> | majordomo list system, they can spam it at convience, and there is
> | NOT ONE DAMN THING YOU CAN DO TO STOP THEM except change the name of
> | the outbound alias. If they discovered it once, they can discover it
> | again.
> |
> | I blush to admit that I can TELL YOU the aliases for every list in
> | tinylist, and it will avail you NOTHING.
> | THIS is a much more secure setup, and does not conflict with other
> | security precautions. SO until I throughly understand other methods
> | and can implement them reliably in MANY servers, without requiring
> | special transmission agents, I think I will retain it. But if the list
> | is LARGE, it calls for a helper program. considering this issue, I
> | began to realize that such a program could offer security holes, and
> | be vulnerable to being spammed; also, it made it practical to send
> | spam in and of itself, for free, whereas current spambots cost LONG
> | BUCK$. so having written a program I think will handle the task, I
> | buried it.
> |
> | > | and is fed by a
> | > | program, in this case majordomo. The manual uses listname-outgoing as
> | > | an example, but you are supposed to pick some random name so as to
> | > | safeguard the list. THAT alias may be made public, as it feeds into
> | > | some kind of security program.
> | >
> | > I haven't read the mailing list part of the exim manual yet, and I
> | > haven't read any manuals on MailMan.  However I do know a bit about
> | > receiving mail (with exim as the MTA) and how it can be run through
> | > several different layers and forms of spam detection and rejection.
> |
> | That's good.
> |
> | Now what if a would be spamhouse get's their hands on some FREE
> | software to do this sort of thing?
> |
> | So far, software to handle sending out bulk mail costs som bucks.
> 
> Umm, try this.  Put an RFC2822 conformant message in
> my_spam_message.txt.  Now use this shell script, feed it a list of
> addresses in the argument list.
> 
> #!/bin/sh
> 
> for ADDR in "$@" ;
> do
>     cat my_spam_message.txt | sendmail $ADDR
> done
> 
> Who charges big bucks for this?  This technique will get past your 10
> recipient check since it only has one recipient.  It wouldn't be hard
> to add a little sed to make the To: header match the RCPT TO: command
> and pass a few more spam checks.
> 
> Ok, so writing a bot to crawl through USENET and mailing list archives
> to harvest the addresses may not be trivial.  The other problem is
> that your IP gets added to the RBL and many sites will reject it then.
> The only remaining technique that one needs is locating the open
> relays out there to bypass RBL checks.
> 
> | If I start writing and releasing GNU GPL software to do so, LOTS of
> | woodbe spamhauses will suddenly have the CAPITAL barrier removed.
> | You think spam is bad now? THIS is the ethics issue this thread is
> | about. That other stuff is a TECHNIQUE issue, this is an ETHICS
> | issue I am raising.
> 
> Yeah, spam is an ethics issue, but so is licenses and just about every
> other law and policy in this world.  Only two laws are necessary, if
> people would actually follow them
> 
>     1)  Love the Lord your God with all your heart, mind, and soul,
>     and
>     2)  love your neighbor as yourself.
> 
> If people followed these commands, then there would be no spam or
> stealing or ...
> 
> | > When someone posts a message to the list address you will (should) run
> | > it through some checks (I've heard good things about "spamassassin"
> | > and "vipul's razor") to determine whether or not to accept or reject
> | > it.  If it is accepted as not being spam you will then rewrite the
> | > envelope recipient to be all the list members and continue processing
> | > (send it to the new recipients).  The list->subscribers expansion can
> | > be done by exim itself (without creating new, unchecked, aliases as it
> | > sounds like majordomo wants) or by an external program (such as
> | > MailMan) and the recipients list specified as the message is handed
> | > back to the MTA (this still works without an new alias).
> |
> | I must admit exim sounds like a MTA worth examining in greater detail.
> 
> It is :-).  It is easy to configure too.
> 
> -D
> 

Dman, I must compliment you; You really display a comprehension of the
technical and other issues. Would you like to be added to the
tinylist-devlopers discussion list?


> --
> 
> Micros~1 :
>  For when quality, reliability
>   and security just aren't
>    that important!
> 
> _______________________________________________
> Tutor maillist  -  Tutor@python.org
> http://mail.python.org/mailman/listinfo/tutor

-- 
 

 -Respectfully,
              -Kirk D Bailey 
               Consulting Loose Cannon

end



  www.howlermonkey.net                 highprimate@howlermonkey.net
  www.sacredelectron.org                         idiot1@netzero.net
  www.tinylist.org                              grumpy@tinylist.org
----------------------------------------------------
Sign Up for NetZero Platinum Today
Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97