[free-sklyarov] OT: [postmaster@eth.net: Mail Delivery Status Notification]
---------- Forwarded message ---------- Date: Thu, 15 Nov 2001 17:46:02 -0800 From: Karsten M. Self <kmself@ix.netcom.com> To: Free Sklyarov mailing list <free-sklyarov@zork.net> Subject: [free-sklyarov] OT: [postmaster@eth.net: Mail Delivery Status Notification] --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Would someone please inform the recipient listed in the bounce message below, and his/her postmaster that GPG signatures in RFC 2015 MIME encoded form are not hazardous attachements? --=20 Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html --DocE+STaALJfprDB Content-Type: message/rfc822 Content-Disposition: inline
From karsten Thu Nov 15 17:44:07 2001 Received: from localhost ([127.0.0.1] ident=karsten) by navel with esmtp (Exim 3.32 #1 (Debian)) id 164Y34-0005rI-00 for <karsten@localhost>; Thu, 15 Nov 2001 17:44:06 -0800 Received: from popd.ix.netcom.com [207.217.120.161] by localhost with POP3 (fetchmail-5.9.3) for karsten@localhost (single-drop); Thu, 15 Nov 2001 17:44:06 -0800 (PST) Received: from mail03.eth.net ([202.9.178.25]) by motown (Earthlink/Netcom Mail Service) with ESMTP id tv8rm4.4i0.37tiu50 for <kmself@ix.netcom.com>; Thu, 15 Nov 2001 17:41:23 -0800 (PST) Received: from mail pickup service by mail03.eth.net with Microsoft SMTPSVC; Fri, 16 Nov 2001 07:12:41 +0530 From: Postmaster <postmaster@eth.net> To: kmself@ix.netcom.com Subject: Mail Delivery Status Notification MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----_=_NextPart_1" Message-ID: <MAIL03kqTgtoBjfgBNj00002838@mail03.eth.net> X-OriginalArrivalTime: 16 Nov 2001 01:42:41.0109 (UTC) FILETIME=[FAB2A050:01C16E3F] Date: 16 Nov 2001 07:12:41 +0530 X-Mozilla-Status: 0004
------_=_NextPart_1 Content-Type: multipart/alternative; boundary="----_=_NextPart_2" ------_=_NextPart_2 Content-Type: text/plain; DishnetDSL SENDER NOTIFICATION The following message:
"A. Melon" wrote: [...]
Would someone please inform the recipient listed in the bounce message below, and his/her postmaster that GPG signatures in RFC 2015 MIME encoded form are not hazardous attachements?
And posted a failure message:
has been stripped of all/certain attachments by DishnetDSL Mail server due to security reasons.
DishnetDSL allows only the following attachments:
1. .doc 2. .txt 3. .xls 4. .ppt 5. .pdf 6. .zip
Message contains attachments: ATT
from wonderful Dishnet who don't seem to realise that .doc, .ppt and .xls, being in effect executable code, *are* hazardous attachments. Of course, I strongly support the removal of *all* attachments and the limitation of all email to ASCII text, or just possibly EBCDC between consenting mainframes in private. Eschew all attachments. You know it makes sense. Ken
On Fri, 16 Nov 2001, A. Melon wrote:
Would someone please inform the recipient listed in the bounce message below, and his/her postmaster that GPG signatures in RFC 2015 MIME encoded form are not hazardous attachements?
<snip>
DishnetDSL SENDER NOTIFICATION
<snip>
has been stripped of all/certain attachments by DishnetDSL Mail server due to security reasons.
DishnetDSL allows only the following attachments:
1. .doc ^^^^ Maybe safe, depending on what produced it, and who recieves it. 2. .txt 3. .xls ^^^^ Oh yeah, *thats* secure!
4. .ppt 5. .pdf ^^^^ Usually OK, but...
6. .zip
Message contains attachments: ATT
DishnetDSL ^^^^^^^^^^^^ Obviously clueless...
-- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
on Fri, Nov 16, 2001 at 08:49:47AM -0600, measl@mfn.org (measl@mfn.org) wrote:
On Fri, 16 Nov 2001, A. Melon wrote:
Would someone please inform the recipient listed in the bounce message below, and his/her postmaster that GPG signatures in RFC 2015 MIME encoded form are not hazardous attachements?
Yeah, that's me.
<snip>
DishnetDSL SENDER NOTIFICATION
<snip>
has been stripped of all/certain attachments by DishnetDSL Mail server due to security reasons.
DishnetDSL allows only the following attachments:
1. .doc ^^^^ Maybe safe, depending on what produced it, and who recieves it. 2. .txt 3. .xls ^^^^ Oh yeah, *thats* secure!
4. .ppt 5. .pdf ^^^^ Usually OK, but...
There are some PDF exploits I've heard of, not sure if they're theoretical or not. Postscript itself is not immune, as it's an executable format itself. There's discussion I've heard of Postscript exploits which would be resident in printer networks. Powerpoint's also got its problems. ZIP is a panapoly which encompasses a whole slew of formats. And even good old .TXT is not secure if my understanding of MSFT filehandling is right. Associate .TXT with MS Word, add a .TXT extension to a MS Word file with a macro virus, and you're back to the root problem. A similar issue exists with RTF files if they're opened by MS Word by default -- the extension determines the application, but not the method(s) used for opening the file. I'm of the opinion that MIME has its uses. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html
participants (4)
-
A. Melon -
Karsten M. Self -
Ken Brown -
measl@mfn.org