[Tutor] Ethics in programming

dman dsh8290@rit.edu
Thu, 17 Jan 2002 16:00:08 -0500 

(oops, missed the in-line part of the post)

On Thu, Jan 17, 2002 at 02:51:01PM -0500, kirk Bailey wrote:
| dman wrote:

| > Why not have TinyList itself manage the subscriber list, instead of
| > sendmail.  No aliases are needed then, you just stick all the
| > addresses on the sendmail command line.  Something like :
|
| Actually, as of now, it does. It uses the smtplib functions to talk to
| sendmail and send one envlope per recipient. this is GOOD, there is no
| unsecured alias sitting there waiting to be found like there is with
| majordomo.

Oh, I thought you were using an alias since you talk about it in every
post.

| Also, someone could use TLwebmanager to manage SENDMAIL lists. Would
| never reccomend it, as sendmail lists are not secure at all. But they
| could. Such a subscriber list is a simple flat text file, samo as used
| by TL. Just write a .info file for it and it shows up on the menu!
| 
| You DID know that majordomo uses a unguarded unfiltered outbound alias
| for EVERY list used,

I know it only because you say it in every post :-).

| The technique to discover prime read meat is simple: Subscribe to a
| list there, any list.

No need.  Just find out what the list's address is and send mail to
there!

| Send a test message to
| 'listname'-outgoing@thatplace.foo; see if you get it. This is a
| postmaster psycology test to see if they used a random name or went
| with the forms used in the manuals as examples- which it then tells
| you not to do. Well, people are creatures of habit. Many still went
| and built majordomo lists with the -outgoing part as per example. if
| would be spam artist gets that letter, that site's lists are his to
| spam; just email listname-ouotgoing and all them folk are going to get
| a letter. NO WAY TO STOP IT.

Yeah, put spamassassin in the middle and drop (not relay) spam.

| By chance, do you host any lists?

Not yet.

| Try that on TL, abject failure. TL is SECURE. I am loathe to abandon
| that.

Why do you say it is secure?  Nothing is secure.  Even ssh isn't
secure.  So far no one has cracked ssh2, but the key word is "so far".

Are you identifying all spam messages automatically in TL?  If not,
then I can send spam to the list's address and it will get sent to all
the subscribers.

-D

-- 

Whoever gives heed to instruction prospers,
and blessed is he who trusts in the Lord.
        Proverbs 16:20