| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk) Subject: Apparently the practice was prevalent > -----Original Message----- > From: Martin Macok [mailto:martin.macok@...erground.cz] > Sent: 10 February 2004 23:53 > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Apparently the practice was prevalent > > > On Tue, Feb 10, 2004 at 08:20:00PM -0000, > John.Airey@...b.org.uk wrote: > > > >> format of the email you are reading, RFC 822. It's worth pointing > > >> out that anyone who does not have an "open" email relay is in > > >> breach of this RFC > > > > >Not true. > > > > At the risk of descending into a playground argument, 'tis true. > > Sections 4.3.2, 6.2.2 and 6.2.6 imply that you have an open relay. > > Which RFC ??? 822. > > > In fact, RFC 2822 which obsoletes RFC 822 doesn't even mention > > relays. > > Of course. It also doesn't mention space ships. It's just about > something else. It has not anything to do with "email relaying". > What do space ships have to do with this discussion? There's no mention of them in RFC 822, so this is hardly relevant. > The right one is RFC 2821. See the quote of "Relaying" part from my > previous post. > Is it? Only 2822 supersedes 822. 2821 supersedes 821, which also implies you should have open relays. It states that you should have EXPN enabled. Both were a bad idea even before April 2001, yet they had remained the "standard" for almost 20 years. > > Is there any RFC that specifies that open relays are a bad idea? > > Do not expect that there is an RFC for every bad idea around ... > Which basically means that anything not strictly allowed isn't. My point exactly... > > I can't find one. > > I can. > > RFC 2505 Anti-Spam Recommendations February 1999 No you can't. I also found RFC 2505 after sending my mail, however it still mentions nothing about open relays. It talks about "Non-Relay" and "unauthorised relaying" (an oxymoron?). These indeed mean the same thing, just like "no username and password" with http means that Microsoft shouldn't have made this "feature" available. It's been abused, granted not in the way that was first envisaged in the RFC, but abused nonetheless. This goes to prove that you can't have your cake and eat it. Bottom line: Microsoft made a mistake in not adhering to the standards. Microsoft have now fixed their mistake, and given the option to restore the broken behaviour. Users still complain. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk According to the book of Acts, Eutychus was the first man to suffer from a General Protection Fault with Windows. - DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk
Powered by blists - more mailing lists