[Tutor] ethics in programming

[dman]

On Sat, Jan 12, 2002 at 05:01:33PM -0500, kirk Bailey wrote:
| dman wrote:
| > 
| > On Fri, Jan 11, 2002 at 11:29:59AM -0500, kirk Bailey wrote:
| > | Working on TinyList, I realized that for security reasons I am using
| > | TL's ability to talk to the smtp engine to send out the email, one
| > | envlope per recipient.
| > 
| > I think it is better to pipe the message to the mail system (eg exim,
| > postfix, or sendmail).  Are you prepared to properly handle all error
| > repsones from the SMTP server and retry delivery or return a bounce
| > message as appropriate?  SMTP seems trivial, but there are many things
| > to get right for a robust system.  Piping _is_ quite trivial and it
| > gets the message off of your hands quickly.
| 
| Not familiar with the concept as you use it, possibly this is a
| linguistics issue, and I already use it by another name.

Are you familiar with Unix? 

$ sendmail idiot1@netzero.net << EOF
From: dman <dsh8290@rit.edu>
Subject: Hi Kirk.
Date: today (obviously this is syntactically incorrect)
To: Kirk <idiot1@netzero.net>

Hi Kirk.  This is the body of a message.  This message was not created
with a a MUA :-).

EOF

$


There is no SMTP involved in what I did.  I ran exim, gave it the
recipients on the command line and gave it the message itself (not
quite conforming to RFC2822 but you get the idea) on stdin.  I don't
need to worry about SMTP errors or networking or anything.  The only
two possible errors is that the pipe is closed before I'm done writing
or that exim returns non-zero exit status.

Your TinyList program would use
    f = os.popen( "sendmail %s" % recipients )
    f.write( message )
    f.close()

(BTW exim answers to the name sendmail if you make a symlink to the
binary.  It also behaves very compatibly, a drop-in replacement.)

| > | Good, avoids security issues with many recipients per envlope. But
| > | this does slow down transmisson a little, mabe more than a little
| > | when we are talking LARGE lists.
| > 
| > Right -- you need to send the DATA section once for each recipient.
| 
| Well, another program (minorfish) does exactly that! But we limit
| max recipients per envlope to 10 to make spam more difficult, so
| that immediately encounters a security precaution conflict. But this
| itself is a by the aay, not the REAL major problem.

I was explicitly giving the reason for the performance degradation.

| > If you pipe it to exim I believe you will be able to specify all
| > recipients at once and let exim deal with delivering it to the
| > destination.  I do know for a fact that if I put 2 addresses in To: or
| > Cc: headers (using my mua) then exim makes two separate passes over
| > the "routers" and delivers the message separately for each
| > destination.
| > 
| > | A way used in majordomo to send lists is to feed ONE copy of the
| > | letter to a special alias and take advantage of the :include: command
| > | to invoke the subscriber file. such a list alias looks like:
| > |
| > | listname-outgoing::include:/path/subscriberfilename # no spaces in the
| > | definition PLEASE!
| > |
| > | And the Mail Transmission Agent(hereafter MTA, usually sendmail) reads
| > | that file and sends a copy of the letter to each person on it. THERE
| > | IS NO OTHER SERVICE. *ANY* letter landing on that email alais goes
| > | out. Very spam friendly alas. And this is a Very Bad Thing.
| > |
| > | Of course, the idea is the name of alias is a secret,
| > 
| > Security through obscurity doesn't work.  Look at what happens with MS
| > systems as opposed to Linux or *BSD systems.  One is obscure (no
| > source available) the other isn't.
| 
| True, once someone figures out the nam of the outbound alias on a
| majordomo list system, they can spam it at convience, and there is
| NOT ONE DAMN THING YOU CAN DO TO STOP THEM except change the name of
| the outbound alias. If they discovered it once, they can discover it
| again.
| 
| I blush to admit that I can TELL YOU the aliases for every list in
| tinylist, and it will avail you NOTHING.
| THIS is a much more secure setup, and does not conflict with other
| security precautions. SO until I throughly understand other methods
| and can implement them reliably in MANY servers, without requiring
| special transmission agents, I think I will retain it. But if the list
| is LARGE, it calls for a helper program. considering this issue, I
| began to realize that such a program could offer security holes, and
| be vulnerable to being spammed; also, it made it practical to send
| spam in and of itself, for free, whereas current spambots cost LONG
| BUCK$. so having written a program I think will handle the task, I
| buried it.
|
| > | and is fed by a
| > | program, in this case majordomo. The manual uses listname-outgoing as
| > | an example, but you are supposed to pick some random name so as to
| > | safeguard the list. THAT alias may be made public, as it feeds into
| > | some kind of security program.
| > 
| > I haven't read the mailing list part of the exim manual yet, and I
| > haven't read any manuals on MailMan.  However I do know a bit about
| > receiving mail (with exim as the MTA) and how it can be run through
| > several different layers and forms of spam detection and rejection.
| 
| That's good.
| 
| Now what if a would be spamhouse get's their hands on some FREE
| software to do this sort of thing?
| 
| So far, software to handle sending out bulk mail costs som bucks.

Umm, try this.  Put an RFC2822 conformant message in
my_spam_message.txt.  Now use this shell script, feed it a list of
addresses in the argument list.

#!/bin/sh

for ADDR in "$@" ;
do
    cat my_spam_message.txt | sendmail $ADDR
done


Who charges big bucks for this?  This technique will get past your 10
recipient check since it only has one recipient.  It wouldn't be hard
to add a little sed to make the To: header match the RCPT TO: command
and pass a few more spam checks.

Ok, so writing a bot to crawl through USENET and mailing list archives
to harvest the addresses may not be trivial.  The other problem is
that your IP gets added to the RBL and many sites will reject it then.
The only remaining technique that one needs is locating the open
relays out there to bypass RBL checks.

| If I start writing and releasing GNU GPL software to do so, LOTS of
| woodbe spamhauses will suddenly have the CAPITAL barrier removed.
| You think spam is bad now? THIS is the ethics issue this thread is
| about. That other stuff is a TECHNIQUE issue, this is an ETHICS
| issue I am raising.

Yeah, spam is an ethics issue, but so is licenses and just about every
other law and policy in this world.  Only two laws are necessary, if
people would actually follow them

    1)  Love the Lord your God with all your heart, mind, and soul,
    and
    2)  love your neighbor as yourself.

If people followed these commands, then there would be no spam or
stealing or ...
 
| > When someone posts a message to the list address you will (should) run
| > it through some checks (I've heard good things about "spamassassin"
| > and "vipul's razor") to determine whether or not to accept or reject
| > it.  If it is accepted as not being spam you will then rewrite the
| > envelope recipient to be all the list members and continue processing
| > (send it to the new recipients).  The list->subscribers expansion can
| > be done by exim itself (without creating new, unchecked, aliases as it
| > sounds like majordomo wants) or by an external program (such as
| > MailMan) and the recipients list specified as the message is handed
| > back to the MTA (this still works without an new alias).
| 
| I must admit exim sounds like a MTA worth examining in greater detail.

It is :-).  It is easy to configure too.

-D

-- 

Micros~1 :  
 For when quality, reliability 
  and security just aren't
   that important!