lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk)
Subject: Apparently the practice was prevalent

> -----Original Message-----
> From: Martin Macok [mailto:martin.macok@...erground.cz]
> Sent: 10 February 2004 23:53
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Apparently the practice was prevalent
> 
> 
> On Tue, Feb 10, 2004 at 08:20:00PM -0000, 
> John.Airey@...b.org.uk wrote:
> 
> > >> format of the email you are reading, RFC 822. It's worth pointing
> > >> out that anyone who does not have an "open" email relay is in
> > >> breach of this RFC
> > 
> > >Not true.
> > 
> > At the risk of descending into a playground argument, 'tis true.
> > Sections 4.3.2, 6.2.2 and 6.2.6 imply that you have an open relay.
> 
> Which RFC ???
822.
> 
> > In fact, RFC 2822 which obsoletes RFC 822 doesn't even mention
> > relays.
> 
> Of course. It also doesn't mention space ships. It's just about
> something else. It has not anything to do with "email relaying".
> 
What do space ships have to do with this discussion? There's no mention of
them in RFC 822, so this is hardly relevant.
> The right one is RFC 2821. See the quote of "Relaying" part from my
> previous post.
> 
Is it? Only 2822 supersedes 822. 2821 supersedes 821, which also implies you
should have open relays. It states that you should have EXPN enabled. Both
were a bad idea even before April 2001, yet they had remained the "standard"
for almost 20 years.

> > Is there any RFC that specifies that open relays are a bad idea?
> 
> Do not expect that there is an RFC for every bad idea around ...
> 
Which basically means that anything not strictly allowed isn't. My point
exactly...
> > I can't find one.
> 
> I can.
> 
> RFC 2505         Anti-Spam Recommendations       February 1999

No you can't. I also found RFC 2505 after sending my mail, however it still
mentions nothing about open relays. It talks about "Non-Relay" and
"unauthorised relaying" (an oxymoron?). These indeed mean the same thing,
just like "no username and password" with http means that Microsoft
shouldn't have made this "feature" available. It's been abused, granted not
in the way that was first envisaged in the RFC, but abused nonetheless.

This goes to prove that you can't have your cake and eat it. 

Bottom line:

Microsoft made a mistake in not adhering to the standards.
Microsoft have now fixed their mistake, and given the option to restore the
broken behaviour.
Users still complain.

- 
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk 

According to the book of Acts, Eutychus was the first man to suffer from a
General Protection Fault with Windows.

- 
DISCLAIMER: 

NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 

Website: http://www.rnib.org.uk 


Powered by blists - more mailing lists