NYLXS - Free Software Events

Sun Nov 24 15:41:45 2024

EVENTS

FREE
SOFTWARE
INSTITUTE

POLITICS

JOBS

MEMBERS'
CORNER

MAILING
LIST

NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2015-03-01

HANGOUT

2024-11-24 | 2024-10-24 | 2024-09-24 | 2024-08-24 | 2024-07-24 | 2024-06-24 | 2024-05-24 | 2024-04-24 | 2024-03-24 | 2024-02-24 | 2024-01-24 | 2023-12-24 | 2023-11-24 | 2023-10-24 | 2023-09-24 | 2023-08-24 | 2023-07-24 | 2023-06-24 | 2023-05-24 | 2023-04-24 | 2023-03-24 | 2023-02-24 | 2023-01-24 | 2022-12-24 | 2022-11-24 | 2022-10-24 | 2022-09-24 | 2022-08-24 | 2022-07-24 | 2022-06-24 | 2022-05-24 | 2022-04-24 | 2022-03-24 | 2022-02-24 | 2022-01-24 | 2021-12-24 | 2021-11-24 | 2021-10-24 | 2021-09-24 | 2021-08-24 | 2021-07-24 | 2021-06-24 | 2021-05-24 | 2021-04-24 | 2021-03-24 | 2021-02-24 | 2021-01-24 | 2020-12-24 | 2020-11-24 | 2020-10-24 | 2020-09-24 | 2020-08-24 | 2020-07-24 | 2020-06-24 | 2020-05-24 | 2020-04-24 | 2020-03-24 | 2020-02-24 | 2020-01-24 | 2019-12-24 | 2019-11-24 | 2019-10-24 | 2019-09-24 | 2019-08-24 | 2019-07-24 | 2019-06-24 | 2019-05-24 | 2019-04-24 | 2019-03-24 | 2019-02-24 | 2019-01-24 | 2018-12-24 | 2018-11-24 | 2018-10-24 | 2018-09-24 | 2018-08-24 | 2018-07-24 | 2018-06-24 | 2018-05-24 | 2018-04-24 | 2018-03-24 | 2018-02-24 | 2018-01-24 | 2017-12-24 | 2017-11-24 | 2017-10-24 | 2017-09-24 | 2017-08-24 | 2017-07-24 | 2017-06-24 | 2017-05-24 | 2017-04-24 | 2017-03-24 | 2017-02-24 | 2017-01-24 | 2016-12-24 | 2016-11-24 | 2016-10-24 | 2016-09-24 | 2016-08-24 | 2016-07-24 | 2016-06-24 | 2016-05-24 | 2016-04-24 | 2016-03-24 | 2016-02-24 | 2016-01-24 | 2015-12-24 | 2015-11-24 | 2015-10-24 | 2015-09-24 | 2015-08-24 | 2015-07-24 | 2015-06-24 | 2015-05-24 | 2015-04-24 | 2015-03-24 | 2015-02-24 | 2015-01-24 | 2014-12-24 | 2014-11-24 | 2014-10-24 | 2014-09-24 | 2014-08-24 | 2014-07-24 | 2014-06-24 | 2014-05-24 | 2014-04-24 | 2014-03-24 | 2014-02-24 | 2014-01-24 | 2013-12-24 | 2013-11-24 | 2013-10-24 | 2013-09-24 | 2013-08-24 | 2013-07-24 | 2013-06-24 | 2013-05-24 | 2013-04-24 | 2013-03-24 | 2013-02-24 | 2013-01-24 | 2012-12-24 | 2012-11-24 | 2012-10-24 | 2012-09-24 | 2012-08-24 | 2012-07-24 | 2012-06-24 | 2012-05-24 | 2012-04-24 | 2012-03-24 | 2012-02-24 | 2012-01-24 | 2011-12-24 | 2011-11-24 | 2011-10-24 | 2011-09-24 | 2011-08-24 | 2011-07-24 | 2011-06-24 | 2011-05-24 | 2011-04-24 | 2011-03-24 | 2011-02-24 | 2011-01-24 | 2010-12-24 | 2010-11-24 | 2010-10-24 | 2010-09-24 | 2010-08-24 | 2010-07-24 | 2010-06-24 | 2010-05-24 | 2010-04-24 | 2010-03-24 | 2010-02-24 | 2010-01-24 | 2009-12-24 | 2009-11-24 | 2009-10-24 | 2009-09-24 | 2009-08-24 | 2009-07-24 | 2009-06-24 | 2009-05-24 | 2009-04-24 | 2009-03-24 | 2009-02-24 | 2009-01-24 | 2008-12-24 | 2008-11-24 | 2008-10-24 | 2008-09-24 | 2008-08-24 | 2008-07-24 | 2008-06-24 | 2008-05-24 | 2008-04-24 | 2008-03-24 | 2008-02-24 | 2008-01-24 | 2007-12-24 | 2007-11-24 | 2007-10-24 | 2007-09-24 | 2007-08-24 | 2007-07-24 | 2007-06-24 | 2007-05-24 | 2007-04-24 | 2007-03-24 | 2007-02-24 | 2007-01-24 | 2006-12-24 | 2006-11-24 | 2006-10-24 | 2006-09-24 | 2006-08-24 | 2006-07-24 | 2006-06-24 | 2006-05-24 | 2006-04-24 | 2006-03-24 | 2006-02-24 | 2006-01-24 | 2005-12-24 | 2005-11-24 | 2005-10-24 | 2005-09-24 | 2005-08-24 | 2005-07-24 | 2005-06-24 | 2005-05-24 | 2005-04-24 | 2005-03-24 | 2005-02-24 | 2005-01-24 | 2004-12-24 | 2004-11-24 | 2004-10-24 | 2004-09-24 | 2004-08-24 | 2004-07-24 | 2004-06-24 | 2004-05-24 | 2004-04-24 | 2004-03-24 | 2004-02-24 | 2004-01-24 | 2003-12-24 | 2003-11-24 | 2003-10-24 | 2003-09-24 | 2003-08-24 | 2003-07-24 | 2003-06-24 | 2003-05-24 | 2003-04-24 | 2003-03-24 | 2003-02-24 | 2003-01-24 | 2002-12-24 | 2002-11-24 | 2002-10-24 | 2002-09-24 | 2002-08-24 | 2002-07-24 | 2002-06-24 | 2002-05-24 | 2002-04-24 | 2002-03-24 | 2002-02-24 | 2002-01-24 | 2001-12-24 | 2001-11-24 | 2001-10-24 | 2001-09-24 | 2001-08-24 | 2001-07-24 | 2001-06-24 | 2001-05-24 | 2001-04-24 | 2001-03-24 | 2001-02-24 | 2001-01-24 | 2000-12-24 | 2000-11-24 | 2000-10-24 | 2000-09-24 | 2000-08-24 | 2000-07-24 | 2000-06-24 | 2000-05-24 | 2000-04-24 | 2000-03-24 | 2000-02-24 | 2000-01-24 | 1999-12-24

Key: Value:

MESSAGE

DATE	2015-03-09
FROM	Rick Moen
SUBJECT	Re: [NYLXS - HANGOUT] cable crimping
Quoting Chris Knadle (Chris.Knadle-at-coredump.us): > > On 03/08/2015 01:45 PM, Rick Moen wrote: > > > > Quoting Ruben Safir (mrbrklyn-at-panix.com): > > > >> Robert, do you have the artcile for me, PLEASE > > > > I hope he does _not_ have the 'cheap $5 crimper' for you. Life is too > > short to spend it using crummy tools, like poorly made crimpers (and > > proprietary mailing list managers with designed-in security holes that > > have been unmaintained for a decade and a half). > > If you've managed to set up Mailman such that you're not passing it > the mail via a pipe in /etc/aliases, then from what I'm hearing > you're probably the only one that's gotten that to work. Here's the way to make the Exim4 MTA directly read GNU Mailman conffiles, rather than needing special entries with pipes in /etc/aliases: http://anonscm.debian.org/viewvc/pkg-mailman/trunk/debian/README.Exim4.Debian?view=markup Notice that Exim4 actually uses Mailman's Postfix interface hooks needed to provide the router and transport needed, so I imagine it's less complicated with Postfix (Which I don't run here). I _think_ this doc describes how to do the same sort of thing with Postfix talking directly to the Sympa MLM (but I don't know Sympa very well): http://www.sympa.org/faq/postfix#managing_aliases_directly_in_the_postfix_transport_table (If that's not the doc required, ask the sysadmin team at Linux Users of Victoria. They run Sympa, and I remember them saying they didn't need /etc/aliases entries.) > As I've set up two MLMs in the past year and they both use a pipe in > /etc/aliases, it would be nice to know what security issues you think > this has. You need to be completely sure that whatever's on the right hand side of the pipe can handle any arbitrary public data passed through to it by the MTA, i.e., that it has excellent input validation. There's been such a _very_ bad history of that generally (easist examples for me to recall have involved the old uudecode and decode entries that used to be standard in /etc/aliases) that many modern MTAs disable _all_ processing of /etc/aliases pipes by default. Here's what /usr/share/doc/exim4/README.Debian.html has to say about that, FWIW: 2.9. Using more complex deliveries from alias files Delivery to arbitrary files, directory or to pipes in the /etc/aliases file is disabled by default in the Debian Exim 4 packages. The delivery process including the program being piped to would run as the exim admin-user Debian-exim, which might open up security holes. Invoking pipes from /etc/aliases file is widely considered obsolete and deprecated. The Debian Exim package maintainers would like to suggest using a dedicated router/transport pair to invoke local processes for mail processing. For example, the Debian mailman package contains a /usr/share/doc/mailman/README.Exim4.Debian file that gives a good example how to implement this. Using a dedicated router/transport pair have the following advantages: * The router/transport pair can be put in place by another package, giving a well-defined transaction point between Exim 4 and $PACKAGE. * Not allowing pipe deliveries from alias files makes it harder to accidentally run programs with wrong privileges. * It is possible to run different pipe processes under different accounts. * Even if only invoking a single local program, it is easier to do with your dedicated router/transport since you won't need to change this file, making automatic updates of this file possible for future versions of the Exim 4 packages. If you do local changes here, dpkg conffile handling will bother you on future updates. If you insist on using /etc/aliases in the traditional way, you will need to activate the respective functions by setting the transport options on the system_aliases router appropriately. Macros are defined to make this easier. See /etc/exim4/conf.d/router/400_exim4-config_system_aliases for information about which macros are available. You might find the address_file, address_pipe and/or address_directory transports that are used for the userforward router helpful in writing your own transports for use in the system_aliases router. If any of your aliases expand to pipes or files or directories you should set up a user and a group for these deliveries to run under. You can do this by setting the "user" and - if necessary - a "group" option and adding a "group" option if necessary. Alternatively, you can specify "user" and/or "group" on the transports that are used.