INFO-VAX Mon, 18 Jun 2007 Volume 2007 : Issue 330 Contents: Re: 8086 vs patches Re: 8086 vs patches Re: 8086 vs patches Re: 8086 vs patches Re: 8086 vs patches Re: 8086 vs patches Re: Anyone know why the Alpha market is so so quiet? Anyone using HDS XP Series Arrays? Re: Anyone using HDS XP Series Arrays? Re: CDC software (formerly known as Ross Systems) to drop Gembase VMS support Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: How will VMS be killed ? Re: Hubble/OpenVMS to continue thru at least 2013 - 23 years! Re: Hubble/OpenVMS to continue thru at least 2013 - 23 years! Re: Hubble/OpenVMS to continue thru at least 2013 - 23 years! Re: issue with cpu usage on lock and unlock of system Re: issue with cpu usage on lock and unlock of system Re: OpenVMS hobbyist license woes Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: PLUG: PMAS Re: Proof that, at least once, DEC had a marketing budget Question about TCPIP$ftp - copy taking a long time Re: Question about TCPIP$ftp - copy taking a long time Re: Question for the Group Re: Question for the Group Re: Question for the Group Re: Question for the Group Re: Question for the Group Re: Question for the Group Re: Question for the Group Re: Question for the Group Re: Question for the Group Re: VMS analogue of FBSD and linux hier(7) man pages Re: VMS analogue of FBSD and linux hier(7) man pages VMS set Audit/disable command Re: VMS set Audit/disable command Re: VMS set Audit/disable command Re: VMS set Audit/disable command Re: VMS set Audit/disable command Re: VMS set Audit/disable command Why is SMTP still relevant? Re: Why is SMTP still relevant? Re: Why is SMTP still relevant? Re: Why is SMTP still relevant? Re: Why is SMTP still relevant? Re: Why is SMTP still relevant? ---------------------------------------------------------------------- Date: 18 Jun 2007 07:38:52 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: 8086 vs patches Message-ID: In article <1181752997.374696.216590@x35g2000prf.googlegroups.com>, etmsreec@yahoo.co.uk writes: > A few years ago (maybe four, maybe five) NASA, it was claimed, were > having problems with the Space shuttle as it was still dependant in > some way on 486 processors. This would make sense given the time that > the shuttle was designed I guess? The critical computers on the Space Shuttle are far older and far more reliable than 486. The first shuttle launch predates the original 808x based PC, for example. These computers have not been the source of much trouble. One launch was delayed when they went into a known low-likelyhood race condition that a different architecture might eliminate. That was much more than a few years ago. ------------------------------ Date: 18 Jun 2007 07:40:18 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: 8086 vs patches Message-ID: <7BpXwnlbXtJ7@eisner.encompasserve.org> In article , Ron Johnson writes: > > Even the 80486 is surely fast enough to do railway switching. > There's no GUI involved, just a lot of bytes to read and process. > I knew somebody who worked in that business. She never saw a PDP-11 that was too slow for railway switching. ------------------------------ Date: Mon, 18 Jun 2007 13:07:16 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: 8086 vs patches Message-ID: In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <1181752997.374696.216590@x35g2000prf.googlegroups.com>, etmsreec@yahoo.co.uk writes: > > A few years ago (maybe four, maybe five) NASA, it was claimed, were > > having problems with the Space shuttle as it was still dependant in > > some way on 486 processors. This would make sense given the time that > > the shuttle was designed I guess? > > The critical computers on the Space Shuttle are far older and far > more reliable than 486. The first shuttle launch predates the > original 808x based PC, for example. I know that at one time the shuttle had computers (5 of them, all identical, I believe) with core memory (i.e. the tiny metal rings with wires running through them). Until when was that the case? Due to certification etc most space-based computing is years "out of date" by the time it is launched. ------------------------------ Date: Mon, 18 Jun 2007 09:53:26 -0500 From: Ron Johnson Subject: Re: 8086 vs patches Message-ID: On 06/18/07 08:07, Phillip Helbig---remove CLOTHES to reply wrote: > In article , > koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > >> In article <1181752997.374696.216590@x35g2000prf.googlegroups.com>, etmsreec@yahoo.co.uk writes: >>> A few years ago (maybe four, maybe five) NASA, it was claimed, were >>> having problems with the Space shuttle as it was still dependant in >>> some way on 486 processors. This would make sense given the time that >>> the shuttle was designed I guess? >> The critical computers on the Space Shuttle are far older and far >> more reliable than 486. The first shuttle launch predates the >> original 808x based PC, for example. > > I know that at one time the shuttle had computers (5 of them, all > identical, I believe) with core memory (i.e. the tiny metal rings with > wires running through them). Until when was that the case? > > Due to certification etc most space-based computing is years "out of > date" by the time it is launched. I'm pretty sure that those computers were replaced when the Shuttles got new avionics and glass cockpits. -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! ------------------------------ Date: 18 Jun 2007 12:00:55 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: 8086 vs patches Message-ID: In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > > I know that at one time the shuttle had computers (5 of them, all > identical, I believe) with core memory (i.e. the tiny metal rings with > wires running through them). Until when was that the case? Core memory has a lot of advantages in space flight that are not relavent on the ground. I don't know if the shuttle program ever got rid of thiers. I do know at least one instance of core memory currently in use in space. ------------------------------ Date: 18 Jun 2007 12:01:40 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: 8086 vs patches Message-ID: <41L3js+4zGw5@eisner.encompasserve.org> In article , Ron Johnson writes: > > I'm pretty sure that those computers were replaced when the Shuttles > got new avionics and glass cockpits. There are a lotof computers on each shuttle and many of them have been replaced. Don't know about the primary guidance computers. ------------------------------ Date: 18 Jun 2007 11:33:28 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Anyone know why the Alpha market is so so quiet? Message-ID: <5dn8s8F33k1s4U1@mid.individual.net> In article <4675454d$0$25474$ba620dc5@text.nova.planet.nl>, Wilm Boerhout writes: > on 17-6-2007 14:55 Bill Gunshannon wrote... > [snip] >> It's not "may have to"!! Of all the major computer companies in the >> industry, EDS is the only one I have and would never consider working >> for. > > There is an explicit "I'd never consider working for EDS" here -to which > I happen to agree-, but there is also an implicit "Employers should > never issue contracts that cause employees to pay a refund for education > fees when they leave". No, employers are free to require any contract they want. But potential employees are also free to just say, "No". > Please elaborate why this is such a horrible concept. As many here have said, education is a necessary cost of doing business. The cost should not be borne by the employee. I am sure others will disagree with me on this, expecially as I actually know people who work for EDS, but that is my opinion. T me, this is just a way to try to force a "loyalty" that the company has failed to earn. Heck, I have worked for companies that paid for college courses. These are seldom directly related to your everyday work. And yet, they never required repayment when you left the company. Most companies I have worked for used education as an added benefit making the job look more valuable. EDS uses it as a threat of retribution. (Let me add the caveat that I have not looked at EDS in almost 2 decades and don't know that they still do this, but I suspect they do.) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 12:33:07 -0400 From: "Hal Kuff" Subject: Anyone using HDS XP Series Arrays? Message-ID: <7tydi.4492$a84.109@newsfe21.lga> Hi, anyone out there using XP Series Arrays can lend a hand understanding why we can present storage but the show dev/multipath command yields nothing on either 7.3-2 Alpha or 8.3 Itanium? If you can assist please send conact info to kuff at tessco dot com ------------------------------ Date: 18 Jun 2007 12:56:38 -0500 From: brooks@cuebid.zko.hp.nospam (Rob Brooks) Subject: Re: Anyone using HDS XP Series Arrays? Message-ID: "Hal Kuff" writes: > Hi, anyone out there using XP Series Arrays can lend a hand understanding > why we can present storage but the show dev/multipath command yields nothing > on either 7.3-2 Alpha or 8.3 Itanium? I assume you've veried the standard physical layer components (HBA, cabling, switches, etc . . .) are all in working order. Someone mistakenly set MPDEV_ENABLE = 0? -- Rob Brooks MSL -- Nashua brooks!cuebid.zko.hp.com ------------------------------ Date: Mon, 18 Jun 2007 08:52:22 -0400 From: "Syltrem" Subject: Re: CDC software (formerly known as Ross Systems) to drop Gembase VMS support Message-ID: <137d008a1deq3a2@corp.supernews.com> "Tom Linden" wrote in message news:op.ttytaj068vlggw@murphus... > Does GEMBASE have any connection or dependence on PL/I? > Tom afaik, it's all written in C. Syltrem ------------------------------ Date: 18 Jun 2007 11:51:03 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: How will VMS be killed ? Message-ID: <5dn9t7F33k1s4U3@mid.individual.net> In article , Michael Kraemer writes: > Marc Van Dyck schrieb: > >> >> Didn't H.P. (or Compaq, I don't remenber) sign an agreement with the >> U.S. D.O.D. stipulating that they would maintain OpenVMS alive for >> 15 years or so ? > > depends what "alive" means in this context. > They could withdraw it from market or stop development > and keep 3 support engineers just to serve the contract > with the military. What contract would that be? The DOD, just like the rest of the government does not and can not have any "contract" that goes beyond the end of the next fiscal year. That is a fact of the governemnt contracting business and is one of the major contributing factors to the prices that often seem absurd when viewed by outsiders. So this supposed "15 year commitment" is just another urban legend. The government can't commit funds for 15 years and HP is not going to agree to anything for which they have no reasonable expectaion of remuneration. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 12:11:11 +0000 (UTC) From: m.kraemer@gsi.de (Michael Kraemer) Subject: Re: How will VMS be killed ? Message-ID: In article <5dn9t7F33k1s4U3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > What contract would that be? The DOD, just like the rest of the > government does not and can not have any "contract" that goes > beyond the end of the next fiscal year. That is a fact of the > governemnt contracting business and is one of the major contributing > factors to the prices that often seem absurd when viewed by outsiders. > So this supposed "15 year commitment" is just another urban legend. > The government can't commit funds for 15 years and HP is not going > to agree to anything for which they have no reasonable expectaion > of remuneration. So this basically menas that VMS' future is not "secured" for "the next 15 years" but just for the current year and might go away the next year ? ------------------------------ Date: Mon, 18 Jun 2007 05:42:13 -0700 From: yyyc186 Subject: Re: How will VMS be killed ? Message-ID: <1182170533.376310.240370@m36g2000hse.googlegroups.com> > > Would HP kill VMS before IA64 in the hopes of getting customers to move > > to HP-UX ? (and when IA64 is killed, HP-US might have enough customers > > to pwarrant a port to the 8086). HP-UX has absolutely nothing to offer. It is, after all, the OS which got HP the very accurate nickname "Hourly Patches". The other long running industry joke has been when HP finishes that operating system they will put the rest of the letters in its name. Initially, I suspect most would move to SuSE, but now that MS has their grubby mitts into it, most will probably do what Dell did and move to Ubuntu. If you are going to walk backwards into feeble you might as well walk backwards into "free" feeble. No version of Linux/Unix I have ever looked at has an OS Kernel level concept of a record. This means you cannot ever cluster. Without the concept of a record, you cannot have a lock manager. Without a lock manager, you cannot have a distributed transaction manager. Don't go pointing at Tuxedo or those other "transaction managers" for various flavors of Linux and Unix. They are not integrated with the OS and do not work correctly. Without a fully clustered platform you are simply lieing to yourself and everyone else claiming to have transaction management. Remember back to when they tried to get True-64 to cluster. It never actually worked. You cannot be faithful to any portion of the Unix core/herritage and add in clustering. The current slaughter which occurred at OpenVMS Engineering, and elsewhere in the company, purging anyone who ever worked on OpenVMS, pretty much spells out HP has no intention of honoring its obligation to the industry. It has been a sad sad year. The I64 was a chip the industry never needed, and now they are trying to recoupe the vast amounts of money whizzed down the drain on it. It has been a sad sad decade. ------------------------------ Date: Mon, 18 Jun 2007 13:03:47 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: How will VMS be killed ? Message-ID: In article <5dn9t7F33k1s4U3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > What contract would that be? The DOD, just like the rest of the > government does not and can not have any "contract" that goes > beyond the end of the next fiscal year. Maybe not a contract per se, but there are certainly lots of other agreements. What about all the government employees? Are they all on fixed-term contracts until the end of the fiscal year? I think not. > So this supposed "15 year commitment" is just another urban legend. > The government can't commit funds for 15 years and HP is not going > to agree to anything for which they have no reasonable expectaion > of remuneration. HP itself (or was it Compaq, or DEC) used this agreement (whether or not it was a "contract" in some stricter sense) in advertising. Since I'm sure that the government would mind if one misrepresented them, I'm certain this is more than just an urban legend. ------------------------------ Date: 18 Jun 2007 08:07:24 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: How will VMS be killed ? Message-ID: <3rGkrsi$Vad0@eisner.encompasserve.org> In article <5dn9t7F33k1s4U3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > So this supposed "15 year commitment" is just another urban legend. Just because the government can't commit to you for anything beyond one fiscal year does not mean that they can't do the opposite: get you to commit to them for longer. ------------------------------ Date: 18 Jun 2007 15:39:11 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: How will VMS be killed ? Message-ID: <5dnn8vF34qmc8U2@mid.individual.net> In article , m.kraemer@gsi.de (Michael Kraemer) writes: > In article <5dn9t7F33k1s4U3@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> What contract would that be? The DOD, just like the rest of the >> government does not and can not have any "contract" that goes >> beyond the end of the next fiscal year. That is a fact of the >> governemnt contracting business and is one of the major contributing >> factors to the prices that often seem absurd when viewed by outsiders. >> So this supposed "15 year commitment" is just another urban legend. >> The government can't commit funds for 15 years and HP is not going >> to agree to anything for which they have no reasonable expectaion >> of remuneration. > > So this basically menas that VMS' future is not "secured" > for "the next 15 years" but just for the current year > and might go away the next year ? If VMS future relies on some commitment from the DOD, yes. I remember when I worked for TRW there was a lot of press about a big Air Force contract that was going to let all of DOD buy from the same pricelist and was worth millions upon millions of dollars and was scheduled to last for 10 years. The government opted to not renew after the second year. Total profits were less than 10% of what the original projections had been. Thus goes the fickleness of contracting with the government. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 15:46:06 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: How will VMS be killed ? Message-ID: <5dnnluF34qmc8U3@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dn9t7F33k1s4U3@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> What contract would that be? The DOD, just like the rest of the >> government does not and can not have any "contract" that goes >> beyond the end of the next fiscal year. > > Maybe not a contract per se, but there are certainly lots of other > agreements. What about all the government employees? Are they all on > fixed-term contracts until the end of the fiscal year? I think not. Of course not. They are not contract employees at all. And, as has happened at least once that I know of in my lifetime, if the government fails to pass a budget to cover it by the ned of September, employees are told to stay home because they can not be paid. > >> So this supposed "15 year commitment" is just another urban legend. >> The government can't commit funds for 15 years and HP is not going >> to agree to anything for which they have no reasonable expectaion >> of remuneration. > > HP itself (or was it Compaq, or DEC) used this agreement (whether or not > it was a "contract" in some stricter sense) in advertising. That's called marketing. It has no basis in reality. Remember the big Air Force contract I mentioned in an earlier message? TRW used this in advertising all the time. Didn't mean a thing. Hmmm..... Come to think of it, wasn't Alpha busy advertising anf pushing Alpha the day before they announced it was dead? > Since I'm > sure that the government would mind if one misrepresented them, I'm > certain this is more than just an urban legend. If it isn't in writting it doesn't exist. And the governemnt can not commit beyond the availability of funding which is the end of the fiscal year. Or do you believe that HP would be willing to absorb any costs of maintining these supposed systems themselves? Do you also believe in the Easter Bunny and the Tooth Fairy? bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 15:48:05 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: How will VMS be killed ? Message-ID: <5dnnplF34qmc8U4@mid.individual.net> In article <3rGkrsi$Vad0@eisner.encompasserve.org>, koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article <5dn9t7F33k1s4U3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > >> So this supposed "15 year commitment" is just another urban legend. > > Just because the government can't commit to you for anything beyond > one fiscal year does not mean that they can't do the opposite: get > you to commit to them for longer. And do you really think HP is stupid enough to do someting like that? I'll admit the company appearst o be run by idiots, but not the kind who would throw that kind of money away. They have been in the business long enough to know what dealing with the government is all about. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 10:58:51 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: How will VMS be killed ? Message-ID: In article <5dnnluF34qmc8U3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > And the governemnt can not > commit beyond the availability of funding which is the end of the fiscal > year. Some agencies of the US federal government can sign multi-year contracts and pay in advance for the whole thing. ------------------------------ Date: 18 Jun 2007 12:03:22 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: How will VMS be killed ? Message-ID: In article <5dnnplF34qmc8U4@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > > And do you really think HP is stupid enough to do someting like that? > I'll admit the company appearst o be run by idiots, but not the kind > who would throw that kind of money away. They have been in the business > long enough to know what dealing with the government is all about. The agreement being referenced was entered into by DEC. HP had no say. Since it was a contract requirement DEC has little say. ------------------------------ Date: 18 Jun 2007 12:06:19 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: How will VMS be killed ? Message-ID: In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article <5dnnluF34qmc8U3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > >> And the governemnt can not >> commit beyond the availability of funding which is the end of the fiscal >> year. > > Some agencies of the US federal government can sign multi-year contracts > and pay in advance for the whole thing. Ohter agencies enter into multi year contracts and know that if Congress passes a funding bill that doesn't pay for it, then that bill specifically overrides the contract law under which the contract was signed. (Now you know why the budget is law.) I am on a multi year contract, have been on many in the past, and expect to be on many in the future. I've also had a customer who's five year contract ended after one year because the budget bill said "don't pay for that". Such is life in government contracting. ------------------------------ Date: 18 Jun 2007 17:08:33 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: How will VMS be killed ? Message-ID: <5dnsghF32rpkjU3@mid.individual.net> In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article <5dnnluF34qmc8U3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > >> And the governemnt can not >> commit beyond the availability of funding which is the end of the fiscal >> year. > > Some agencies of the US federal government can sign multi-year contracts > and pay in advance for the whole thing. Yes, if they can convince congrees to commit the funds. Other wise we would never have a B-1 or a Space Shuttle or a Hubble. But the over- sight on projects like that is pretty tight and a simple software deal like this is not likely to meet the requirements. Are you going to try and say somehow the government got funding to support VMS for 15 years in under the radar? Even Martin Marietta couldn't have pulled of a coup like that and I'll bet they have a lot more contracting experience than HP. I would say the biggest threat to VMS in DOD in particular and ther government in general is the strong move towards COTS. Can't buy VMS off any shelf I am aware of. And for those who are still watching, after more than three years of searching I have yet to find any place in The Department of The Army that will even admit to needing someone with VMS skills. And in this respect, I am an insider, not an outsider. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 07:59:55 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Hubble/OpenVMS to continue thru at least 2013 - 23 years! Message-ID: In article <1181924443.013467.207410@q75g2000hsh.googlegroups.com>, sean@obanion.us writes: > Considering that Hubble converted to UNIX by 2000, there wonldn't seem > to be much point. VAXen and Alphas running VMS are alive and well on the Hubble program. ------------------------------ Date: Mon, 18 Jun 2007 07:09:59 -0700 From: "Tom Linden" Subject: Re: Hubble/OpenVMS to continue thru at least 2013 - 23 years! Message-ID: On Mon, 18 Jun 2007 05:59:55 -0700, Bob Koehler wrote: > In article <1181924443.013467.207410@q75g2000hsh.googlegroups.com>, > sean@obanion.us writes: > >> Considering that Hubble converted to UNIX by 2000, there wonldn't seem >> to be much point. > > VAXen and Alphas running VMS are alive and well on the Hubble > program. > In part thanks to PL/I -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ------------------------------ Date: 18 Jun 2007 12:07:40 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Hubble/OpenVMS to continue thru at least 2013 - 23 years! Message-ID: In article , "Tom Linden" writes: > On Mon, 18 Jun 2007 05:59:55 -0700, Bob Koehler > wrote: > >> In article <1181924443.013467.207410@q75g2000hsh.googlegroups.com>, >> sean@obanion.us writes: >> >>> Considering that Hubble converted to UNIX by 2000, there wonldn't seem >>> to be much point. >> >> VAXen and Alphas running VMS are alive and well on the Hubble >> program. >> > > In part thanks to PL/I I wasn't aware of that, but now I'm windering what happened to the Pascal. I suspect UNIX vendors have sufficiently good enough Pascal compilers for most needs. ------------------------------ Date: 18 Jun 2007 07:12:08 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: issue with cpu usage on lock and unlock of system Message-ID: In article <1182143024.615752.100020@z28g2000prd.googlegroups.com>, sowmya.rangineni@gmail.com writes: > Ours is a windows based application. > Can anybody let me know the reason for the increase in CPU usage and > how I can overcome this. A person who can answer that would be more likely to be hanging out in a Windows newsgroup than in one for VMS. If a person who can answer that were hanging out here in comp.os.vms, I hope that peer pressure would keep them from perpetuating an off-topic discussion here, as we have enough of those already. ------------------------------ Date: Mon, 18 Jun 2007 09:22:46 -0500 From: Ron Johnson Subject: Re: issue with cpu usage on lock and unlock of system Message-ID: On 06/18/07 07:12, Larry Kilgallen wrote: > In article <1182143024.615752.100020@z28g2000prd.googlegroups.com>, sowmya.rangineni@gmail.com writes: > >> Ours is a windows based application. > >> Can anybody let me know the reason for the increase in CPU usage and >> how I can overcome this. > > A person who can answer that would be more likely to be hanging out in > a Windows newsgroup than in one for VMS. > > If a person who can answer that were hanging out here in comp.os.vms, > I hope that peer pressure would keep them from perpetuating an off-topic > discussion here, as we have enough of those already. But all the world is Windows. Right? Right?????? -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! ------------------------------ Date: Mon, 18 Jun 2007 16:52:41 GMT From: Rob Brown Subject: Re: OpenVMS hobbyist license woes Message-ID: On Sun, 17 Jun 2007, David J Dachtera wrote: > rtk wrote: > >> 2. I added a new user per instructions above, got no error >> messages, but it won't let me logon as that user. I seriously >> doubt that I need to restart the machine or anything like that to >> get a new user recognized. I haven't really looked into it much >> yet, just a comment. > > When adding a new user, you're actually COPYing from the record > called DEFAULT. If you do SHOW DEFAULT within AUTHORIZE, you may > notice that in the "Flags:" line it probably shows DISUSER; that is, > that specific record is disabled from any logins. The (inobviously > documented) syntax to enable your new user record would be "SET > username/FLAG=NODISUSER". If correcting the DISUSER problem does not solve the problem, perhaps this will help. IF you are logging in at the DECwindows login screen, the login will silently fail and you will be returned to the login screen if the user's login directory is not accessible. Did you create a login directory for the the new user? Does the user have access to it? Try a test login by $ SET HOST 0 Username: etc. from an open (logged in) decterm and make sure that the user can read and write files in "his" login directory. Then retry the DECWindows login. hth -- Rob Brown b r o w n a t g m c l d o t c o m G. Michaels Consulting Ltd. (780)438-9343 (voice) Edmonton (780)437-3367 (FAX) http://gmcl.com/ ------------------------------ Date: Mon, 18 Jun 2007 08:48:12 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <3f119ada0706171352o747f7c10n4b67ab50262039b8@mail.gmail.com>, DeanW writes: > 1) Delaying- the first time it sees a message from IP, from USER, to > RECIPIENT, it returns a "temporary failure" and logs the triplet. If > that triplet comes up again in < 5 minutes, it gets rejected again and > logged as a spammer. If more than 5 minutes, then it's considered a > valid sender, and logged as such; future messages are not delayed > (unless it fails one of the subsequent spam checks). If it doesn't > come back in 24 hours, the entry is purged. This is known as greylisting. > 2) Max errors: To defeat dictionary attacks, after 3 invalid > recipients, the connection is dropped. Presumably from the same IP address within a certain time. I think this would be relatively easy to implement in HP TCPIP. I just had a look at my current TCPIP$SMTP_RECV_RUN.LOG;* (I'm up to ;382 within the last 7 hours. 1000 a day is possible. I now renumber them starting with 0 every night. In one of them, I have: check_user: User malcsue is apparently a username but has no account: FAIL check_user: User boomail is apparently a username but has no account: FAIL check_user: User hatnboots is apparently a username but has no account: FAIL check_user: User donnasn is apparently a username but has no account: FAIL check_user: User asktonya is apparently a username but has no account: FAIL check_user: User morty is apparently a username but has no account: FAIL check_user: User hammerlord is apparently a username but has no account: FAIL check_user: User xaqj is apparently a username but has no account: FAIL check_user: User empirekb is apparently a username but has no account: FAIL check_user: User iaiio is apparently a username but has no account: FAIL check_user: User ibizajmari is apparently a username but has no account: FAIL check_user: User dsdmi is apparently a username but has no account: FAIL check_user: User cityofch is apparently a username but has no account: FAIL check_user: User chroobs is apparently a username but has no account: FAIL check_user: User eyeish is apparently a username but has no account: FAIL Unfortunately, the IP address is not in this file, and the error message is not in the operator log. Otherwise, it would be relatively easy to extract the IP address and add it to the local Bad-Clients list. > Those two block 87% of inbound spam before the message body even > begins to be transmitted; RBLs and a Bayesian filter catch almost all > the rest. Each user here sees 1-2 spam messages a day. I can live with > it. Presumably, there is some overlap between your techniques and RBLs, i.e. RBLs alone would block more than 13%. ------------------------------ Date: Mon, 18 Jun 2007 08:52:42 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article , david20@alpha2.mdx.ac.uk writes: > The point I was making is that the DNSBL just supplies the IP address and > hence any action taken is just based upon the fact that the email came from > that IP address. The MTA using the DNSBL cannot distinguish between legitimate > mail coming from that IP address and Spam mail coming from that IP address > without passing that mail message through some other check - such as a content > scanner. Hence once the address is listed because of some misuse then all > legitimate as well as spam mail from that address is affected until the > address is delisted. > To some extent this is a good thing since it means that the legitimate users > put pressure on any ISP getting itself on a blacklist to clean up it's act. In practice, this is rarely necessary. Anyone running such an SMTP relay server probably has his own methods of stopping spam (such as blocking access from any IP address which sends more than x emails in a certain time) and if he does get listed, he's probably aware of it before any user and takes steps to get de-listed. After all, he makes money from providing a white-hat SMTP relay server to others. (Most probably have in their terms and conditions that such action is charged to the guilty party.) ------------------------------ Date: Mon, 18 Jun 2007 10:36:17 +0000 (UTC) From: david20@alpha1.mdx.ac.uk Subject: Re: PLUG: PMAS Message-ID: In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >In article , david20@alpha2.mdx.ac.uk >writes: > >> The point I was making is that the DNSBL just supplies the IP address and >> hence any action taken is just based upon the fact that the email came from >> that IP address. The MTA using the DNSBL cannot distinguish between legitimate >> mail coming from that IP address and Spam mail coming from that IP address >> without passing that mail message through some other check - such as a content >> scanner. Hence once the address is listed because of some misuse then all >> legitimate as well as spam mail from that address is affected until the >> address is delisted. >> To some extent this is a good thing since it means that the legitimate users >> put pressure on any ISP getting itself on a blacklist to clean up it's act. > >In practice, this is rarely necessary. Anyone running such an SMTP >relay server probably has his own methods of stopping spam (such as >blocking access from any IP address which sends more than x emails in a >certain time) and if he does get listed, he's probably aware of it >before any user and takes steps to get de-listed. After all, he makes >money from providing a white-hat SMTP relay server to others. (Most >probably have in their terms and conditions that such action is charged >to the guilty party.) > The calibre of ISPs varies considerably. Many are totally clueless and some just don't seem to care until they get a large number of complaints. David Webb Security team leader CCSS Middlesex University ------------------------------ Date: 18 Jun 2007 11:57:30 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dna9aF33k1s4U4@mid.individual.net> In article , david20@alpha2.mdx.ac.uk writes: > In article <5dkpsmF350el9U2@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >>In article , >> "P. Sture" writes: >>> In article <5dj9m5F347nggU1@mid.individual.net>, >>> bill@cs.uofs.edu (Bill Gunshannon) wrote: >>> >>>> In article <46745B94.3050108@comcast.net>, >>>> "Richard B. Gilbert" writes: >>>> > Bill Gunshannon wrote: >>>> >> In article , >>>> >> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to >>>> >> reply) writes: >>>> >> >>>> >>>In article <1378bo75v2pl6a1@corp.supernews.com>, Mark Daniel >>>> >>> writes: >>>> >>> >>>> >>> >>>> >>>>And I thought the SPAM load was moderating (silly me). >>>> >>>> >>>> >>>>Looking for a specific e-mail I thought I should have received, I just >>>> >>>>opened my PreciseMail Anti-SPAM quarrantined messages page to search for >>>> >>>>it (without success). I don't do this often and haven't for a while >>>> >>>>(obviously not since the last upgrade). Towards the top of the >>>> >>>>2,967,263 byte report page is a (new to me) item "(Messages: 4605)". >>>> >>>>That's four and one half thousand quarrantined SPAM in the past 14 days! >>>> >>>> This is something like 328 per day!! >>>> >>> >>>> >>>That seems about average. I've resorted to using ZEN.SPAMHAUS.ORG as an >>>> >>>RBL. That gets rid of the lion's share. >>>> >> >>>> >> >>>> >> So, how bad does it have to get before I can expect people to start >>>> >> looking at my suggestion for a social solution rather than technical >>>> >> solutions that may hide the problem but certainly don't reduce it or >>>> >> the load it puts on the system? >>>> >> >>>> > >>>> > Several years ago, I read that fewer than 200 men were responsible for >>>> > 90% of the spam. If this is true, perhaps the solution is to ask the >>>> > Mafia to deal with the problem, pro bono publico! Even if we had to >>>> > take up a collection to pay them, it would be worth it. >>>> >>>> Considering that I get SPAM from more than 200 locations and there are >>>> probably more SPAM businesses than that I think it is a rather dubious >>>> statistic. >>>> > >>> >>> Eh? Think zombies around the world controlled by the few. >> >>My point exactly. If we were talking "200 people" it would be trivial >>to stop, but we are not. We are talking thousands upon thousands. >>Which is why my suggestion is to establish a network of "trusted" email >>sites. Once you have most of your serious email coming from sites you >>know you can trust it becomes much easier (and safer) to aggressively >>filter the masses. Eventually, there would be two distinct email networks >>(think of it like INTERNET and INTERNET-II) one for people who want to >>do serious work and one for the common man to play on. >> > Nowadays serious work with email is business and a large part of it is dealing > with first-time customers. This even applies to academia where universities > deal with questions from potential students - from all over the world - by > email. Which makes it all the more important to find ways to cut down on the noise in the s/n ratio. Remember, when you loose a contact due to a false positive or the s/n ratio you just never know it. That means it is pretty much impossible to guage your loss. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 12:10:32 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnb1oF33k1s4U5@mid.individual.net> In article <46755c79$1@news.langstoeger.at>, peter@langstoeger.at (Peter 'EPLAN' LANGSTOeGER) writes: > In article <5dkqn3F350el9U5@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >>In article , >> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >>> In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill >>> Gunshannon) writes: >>> >>>> So, what is the technological solution? >>> >>> ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of >>> version 5.4). >> >>And how much legitimate business have you lost because someone who >>wanted to contact you had their email bounced because of an RBL for >>reasons totally out of their control? It may stop some SPAM, but >>it also stops some legitimate traffic. And you will never know you >>lost that sale!! > > I don't know how much likely is such a scenario for you, but for me > it IS DEFINITELY not worth the hassle with more SPAM. > So, I've more than one RBL in use on my private (VMS MX) mailservers... But that just increases the likelihood of a false positive. I have people who contact me who get bounces every once in a while. When asked, I usually look at the logs to see why. You would be amazed (well, maybe not) at the number of places, like comcast, that have multiple MTA machines, which seem to get selected at randow when a user sends an email, where one or two of them are RBLed. Result: most messages go thru but every once in a while one gets rejected. And I can assure you even when the retune messages says it was rejected because of an RBL the user doesn't understand. All he knows is he couldn't send email to that address. At that point, most users just give up. > >>Realize, with my suggestion you can turn this whole thing around. >>Once you have all your regular business on a trusted network you >>can reverse the logic of your SPAM filtering. > > Not really. Eg. I never had by company mailaddress posted on USENET > and I don't use it for out of the company communication. > Nevertheless, after 5 years of silence, I now get at least 10 SPAM mails > per day on my company mail address (almost only recommendations for > specific 'penny' shares). So, most likely, someone PC at my company seems > to got infected and sent an address list out. And this is a umpteen > thousand heads (financial) group with very restrictive rules for computers. But which is easier and more likely to succeed? Trying to guess a "keyword" that appears in all this SPAM or searching for keywords that are relevant to your business? > > For me that means, you'll never really have a 2nd Internet you can trust. Why? All you need is a different Email transport method that can not be entered without permission (we already have that) and establish your trusts with the sites on it. > > -EPLAN > > PS: Signed mails are another trust attempt, but STILL future for most of us And, put a greater burden on users who may not understand the technology at all. Once again, punish the victim. In order to work, the system has to be transparent tot he user and totally in the hands of competent sys admins. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 12:20:12 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnbjsF33k1s4U6@mid.individual.net> In article , david20@alpha2.mdx.ac.uk writes: > In article <5dkqn3F350el9U5@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >>In article , >> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >>> In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill >>> Gunshannon) writes: >>> >>>> So, what is the technological solution? >>> >>> ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of >>> version 5.4). >> >>And how much legitimate business have you lost because someone who >>wanted to contact you had their email bounced because of an RBL for >>reasons totally out of their control? It may stop some SPAM, but >>it also stops some legitimate traffic. And you will never know you >>lost that sale!! >> > However if things are setup correctly the sender should get back a message > saying that they have been blocked because they are on that particular RBL. And do you really think my father would have understood that message? :-) I work in the Computer Science Department of University and I doubt that half the faculty or one tenth of our students would. > The idea is that the legitimate user can then complain to their ISP and > persuade them to take action to make sure they are not on such RBLs. Been there, done that, got the tee-shirt. Most ISP's who have been stupid enough to get on an RBL either don't know what it means or just don't care. I have dealt with real businesses (think "The Office") who's emails get rejected here because of deliberate misconfigurations of their MTA (having the box use some cutesy name in the HELO instead of their legitimate name). My configuration is not unique. If I reject them, so do a lot of other places. Attempts to point this out were met with a resounding silence!! > Since the rejection is done during the SMTP dialogue rather than after > accepting the mail message the bounce with this reason is much more likely to > get back to the legitimate sender. Who won't understand it. > > However using content scanners rather than RBLs provides it's own problems in > this regard. > The problem with deleting messages after they have been inspected by > anti-spam content scanners is that the mail is silently discarded (since the > scanning is generally done after the message has been accepted). Which is why it would be better to come up with a system where a major part of the legitimate email gets through because it is on a trusted channel. And then, use positive filtering instead of negative filtering. > > A few anti-spam content scanners (including PMAS in pass-through proxy mode) > now allow you to scan the mail and reject it during the SMTP dialogue but > that really does cause problems for the legitimate sender. It is very > difficult to pass back enough information in the rejection message as to why > the mail message failed content scanning. > When examining messages marked as spam by PMAS and looking at the reasons > listed for the rejection in the header lines added by PMAS it is often > difficult to work out precisely what triggered it without resorting to > re-running the message through PMAS with debugging enabled. And how do you scan them on content? How do you know your users aren't interested in Viagra and Cialis? How do you know they didn't ask for those "penny stock" notices? bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 13:33:48 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnftrF35551uU1@mid.individual.net> In article , "John E. Malmberg" writes: > Bill Gunshannon wrote: >> In article , >> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >> >>>In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill >>>Gunshannon) writes: >>> >>> >>>>So, what is the technological solution? >>> >>>ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of >>>version 5.4). >> >> >> And how much legitimate business have you lost because someone who >> wanted to contact you had their email bounced because of an RBL for >> reasons totally out of their control? It may stop some SPAM, but >> it also stops some legitimate traffic. And you will never know you >> lost that sale!! > > With the current state of art of spam filtering, the real state of the > art, not the one promoted by many commercial spam filtering, the error > rate of the most popular and free DNSbls is almost too low to be measured. You are joking, right? I have a number of people I exchange emails with who get false positives all the time. As I think I stated in another message recently, some of the big name ISP's have some of their MTA machines listed causing totally random (int he view of the user) rejections. Just last week I had someone from the PDP-11 list email me and ask why his first message got through, his second did not and then his third did. Reason: The first and third were sent through Gmail the second through google (don't they run Gmail?). The one through google was rejected because of their being RBLed. And this was an experienced IT guy who has been doing this stuff for at least as long as I have. Oh, and as another data point. I just asked the most knowledgable (network/TCPIP wise) faculty member here and he didn't have a clue what an RBL was and if he had received a bounce claiming it as the reason he said it would have meant nothing to him. Tell me again how these messages are going to get normal users to get their ISP's to fix the problem!! > > It is far lower than the rate of human error, or from e-mail lost > through various network and server failures on the Internet. Somehow, I doubt that. Short of leaving the net for more than a week, how does email get lost through mnetwork or server failures? > > Current state of the art for using something like the zen list from > spamhaus has resulted in statistics from multiple sources of from about > 80 to over 90% of spam delivery attempts blocked and no false positives. When your mail server refuses to talk to an incoming server because of a DNSBL how can you possibly know that wasn't a legitimate contact attempt? You never see the message. I have many attempts that are broken a the contact point before any of the SMPTP dialogue beyond HELO have taken place. > > I have been monitoring forums where people complain about incorrect > blocking of DNSbls very loudly for quite a few years now. But the majority won't complain because only geeks know what it is. > > In the past 5 years, I have seen 0 (zero) complaints about an incorrect > listing on a spamhaus list. Just because a site sends spam and gets listed on spamhaus doesn't mean that the same site never sends legitimate email. I have already reported that comcast has servers blocked by DNSBL/RBL sites. Are you saying that there is never a chance that a legitimate message might come from comcast? > > All the ones that I have seen about open relay and open proxy lists have > turned out that there really was a severe problem on the mail server > that the owner refused to admit or fix until they found almost no one > accepting their e-mail. And int he meantime, how much legitimate email did you reject? How much potential business did you loose? > > Even on the aggressive spamcop.net list, in the majority of the cases > where someone complains about an incorrect listing, the investigation > shows that criminals and spammers had more control of the mail server. And that means there is never a legitimate user lost in the shuffle? > > In the past 10 years, I have had only two people claim that their > attempt to e-mail me was blocked because they sent it from a mail server > operating on a DHCP address. And in both cases, their ISPs had publicly > readable TOS that stated that it was prohibited for those I.P. addresses > to be running any servers. And, of course, they could block port 25 and the problem wouldn't exist because the guy running the server would probably notice that his MTA couldn't talk to anyone. But, believe it or not, there are a lot more than just DHCPed servers being blocked. Comcast, Google, Adelphia and the list grows bigger everyday. And, as I have already pointed out, relying ont he user to understand why his email doesn't get thru is guaranteed to fail. In most cases, he will merely go looking for someone else to do business with and you loose that potential customer. And, once again the victim takes the punishment. > > Because other large ISPs are starting to totally block other ISPs that > allow zombies to send spam from their DHCP ranges, most residential ISPs > are planning to implement port 25 blocking for those ranges. And in > many cases such blocks are implemented with out notice to their > customers in order to get a block removed or to prevent a block from > being put in. That's nice to hear, but I would bet it is still a very small percentage (and very likely, only in the US!) > >> Realize, with my suggestion you can turn this whole thing around. >> Once you have all your regular business on a trusted network you >> can reverse the logic of your SPAM filtering. Start looking at >> email that comes in from the unttrusted network (ie. The INTERNET) >> with filters looking for keywords you want to see, like your product >> name or somthing else that doesn't look like "Viagra". :-) And, >> dump the rest. > > Keyword filtering even with Bayesian filtering has been shown to be > totally ineffective at spam filtering at a global basis. Every system > that I have seen implemented, has been totally ineffective at detecting > the majority of spam, including ones that are easily detected because of > header defects that are *NEVER* found in legitimate e-mail. Which is why I recommend a system that allows reversing of the logic. Bayesian requires that there be something common in the SPAMs on which to filter that can be "learned". It didn't take long for the SPAMers to find a way to defeat that. All they have to do is load up their mesages with lot's of random real words and Bayesian filters are beaten. But if you use positive filtering looking for keywords unique to your business what are the chances the SPAMers can dupicate that? And a false poisitive int his case would mean that a SPAM gets thru and not that you miss an opportunity. Manually scanning the SPAMs that get thru would likely be no problem in the long run. > > The only content filtering that I have seen that is 100% accurate in > detecting the presence of spam in a message is the URL lookup, where it > checks to see if a URL resolves to an IP address in a conservative > blocking list. And you only want to do that check if there is a header > defect, the source is a public web-mailer, or the source is on an > aggressive list like a multihop or an aggressive list like spamcop.net. Again, that's the reason why we need to come up with a system that reverses the logic. Search for what you want and reject all the rest rather than trying to search for something un-searchable. > > Combining the URL check on the small percentage of spam that gets > through a good selection of conservative blocking lists can get the spam > leakage down to far less than 1 percent. Again with less risk of > rejecting a real email than human error of just hit delete. > > The thing to remember is that anti-spam systems that are cause detected > spam to be rejected have visible "error" rates, and overwhelmingly those > cases are from severe problems with the sending system. > > Unfortunately what is far more visible than the success stories, mostly > with open source and free products, is products in the commercial sector > that do not work and are fundamentally flawed in their operation. > > Any system that does not issue SMTP rejects for detected spam is flawed, > because it will have silent errors. > > Basically where I see the effort right now in the anti-spam community is > a growing war against "backscatter" where mail servers are sending new > bounce messages for detected spam and viruses instead of SMTP rejects. > This war has been pushed because some of the low end and cheap > commercial mail servers can not do spam and virus filtering properly, > and at least one major "anti-spam/anti-virus" product comes out of the > box configured to send a backscatter message to any thing it detects. > > That an anti-spam product even has that as an option, let alone a > default, means that the author has no clue about how spam and viruses > exploit weaknesses in the SMTP protocol, and you do not want to have > such a thing touching your e-mail if you care about it. > > Many small networks have had their mail servers or other equipment > overloaded from such backscatter, and it is very common for dial up > users to find that they are losing legitimate e-mail because their mail > quota was full of backscatter from a virus or spam. > > The social solution to the spam problem is to expose the bad practices > in mail server operation for what they are and to refuse e-mail from > those networks that permit such things to happen. But by refusing email from entire networks you are once again risking driving legitimate business away. Which is why I am trying to propose/ develop a positive rather than a negative solution. The trick is to do what it takes to increase positives rather than trying to live with increased negatives. It is going to be more work on competent sys admins at first, but that workload will decrease over time (a short time I would expect) and it will decrease workload in other areas almost immediately. Not to mention the ability to decrease over all loading ont he network and server resources which, give the current levels of SPAM and the direction this is moving today, has to be a major plus. > > And this is happening more with large networks and private blacklists > than it is with public ones. But it is happening with both. > > I think that Hunter has posted here that the PMAS as a proxy server > rejects the detected spam before it gets into the mail server. As I do > not operate a mail server (It is prohibited by the class of service I > have from my ISP) I have not actually tried the product. But this once again brings up the question that if you reject the message totally unseen, how do you know you did not reject a legitimate message? How much business can you afford to turn away? bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 06:42:10 -0700 From: "Tom Linden" Subject: Re: PLUG: PMAS Message-ID: On Sun, 17 Jun 2007 02:14:38 -0700, Phillip Helbig---remove CLOTHES to reply wrote: > In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> So, what is the technological solution? > > ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of > version 5.4). > I have following in MX, and I get very little SPAM RBL domains to check: BL.SPAMCOP.NET CBL.ABUSEAT.ORG DNSBL.NJABL.ORG OPM.BLITZED.ORG RELAYS.VISI.COM -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ------------------------------ Date: 18 Jun 2007 13:42:26 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnge1F35551uU2@mid.individual.net> In article , david20@alpha1.mdx.ac.uk writes: > In article , "John E. Malmberg" writes: >>Bill Gunshannon wrote: >>> In article , >>> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >>> >>>>In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill >>>>Gunshannon) writes: >>>> >>>> >>>>>So, what is the technological solution? >>>> >>>>ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of >>>>version 5.4). >>> >>> >>> And how much legitimate business have you lost because someone who >>> wanted to contact you had their email bounced because of an RBL for >>> reasons totally out of their control? It may stop some SPAM, but >>> it also stops some legitimate traffic. And you will never know you >>> lost that sale!! >> >>With the current state of art of spam filtering, the real state of the >>art, not the one promoted by many commercial spam filtering, the error >>rate of the most popular and free DNSbls is almost too low to be measured. >> >>It is far lower than the rate of human error, or from e-mail lost >>through various network and server failures on the Internet. >> >>Current state of the art for using something like the zen list from >>spamhaus has resulted in statistics from multiple sources of from about >>80 to over 90% of spam delivery attempts blocked and no false positives. >> > By their very nature DNSBLs block all mail whether legitimate or spam > coming from the blocked address. To some extent this is a good thing since > it means the legitimate users put pressure on any ISP getting itself on a > blacklist to clean up it's act. How can they do that when they haven't a clue why their message was rejected? I just asked the most knowledgable faculty memeber on these subjects that we have and he didn't have a clue what an RBL was. Most users are neither geeks nor sys admins. > However it does mean that legitimate mail from > those sources is blocked until the ISP has managed to get itself off the list. Which is one of my main points. How much business can you afford to miss out on? Wigthout even the knowledge that you lost it so there is no chance to try and mitigate the damage. And all through the actions and incompetence of someone you have no control over whatsoever. > > I think this is probably what Bill was referring to rather than implying that > blacklists like zen.spamhaus.org publish incorrect information (though since > the policies of different blacklists vary so much you need to be careful to > make sure that whichever ones you implement are correct for your systems and > users). Thank you. That is precisely what I meant. Using even the simplest of statistical inference, based on the number of people who have contacted me to mention problems getting an email thru and the number of emails traversing the INTERNET every day I would have to assume that the number of missed legitimate mesages is in the millions, every day. How much business can you afford to loose? > >>I have been monitoring forums where people complain about incorrect >>blocking of DNSbls very loudly for quite a few years now. >> >>In the past 5 years, I have seen 0 (zero) complaints about an incorrect >>listing on a spamhaus list. >> >>All the ones that I have seen about open relay and open proxy lists have >>turned out that there really was a severe problem on the mail server >>that the owner refused to admit or fix until they found almost no one >>accepting their e-mail. >> >>Even on the aggressive spamcop.net list, in the majority of the cases >>where someone complains about an incorrect listing, the investigation >>shows that criminals and spammers had more control of the mail server. >> >>In the past 10 years, I have had only two people claim that their >>attempt to e-mail me was blocked because they sent it from a mail server >>operating on a DHCP address. And in both cases, their ISPs had publicly >>readable TOS that stated that it was prohibited for those I.P. addresses >>to be running any servers. >> >>Because other large ISPs are starting to totally block other ISPs that >>allow zombies to send spam from their DHCP ranges, most residential ISPs >>are planning to implement port 25 blocking for those ranges. And in >>many cases such blocks are implemented with out notice to their >>customers in order to get a block removed or to prevent a block from >>being put in. >> >>> Realize, with my suggestion you can turn this whole thing around. >>> Once you have all your regular business on a trusted network you >>> can reverse the logic of your SPAM filtering. Start looking at >>> email that comes in from the unttrusted network (ie. The INTERNET) >>> with filters looking for keywords you want to see, like your product >>> name or somthing else that doesn't look like "Viagra". :-) And, >>> dump the rest. >> >>Keyword filtering even with Bayesian filtering has been shown to be >>totally ineffective at spam filtering at a global basis. Every system >>that I have seen implemented, has been totally ineffective at detecting >>the majority of spam, including ones that are easily detected because of >>header defects that are *NEVER* found in legitimate e-mail. >> >>The only content filtering that I have seen that is 100% accurate in >>detecting the presence of spam in a message is the URL lookup, where it >>checks to see if a URL resolves to an IP address in a conservative >>blocking list. And you only want to do that check if there is a header >>defect, the source is a public web-mailer, or the source is on an >>aggressive list like a multihop or an aggressive list like spamcop.net. >> >>Combining the URL check on the small percentage of spam that gets >>through a good selection of conservative blocking lists can get the spam >>leakage down to far less than 1 percent. Again with less risk of >>rejecting a real email than human error of just hit delete. >> >>The thing to remember is that anti-spam systems that are cause detected >>spam to be rejected have visible "error" rates, and overwhelmingly those >>cases are from severe problems with the sending system. >> >>Unfortunately what is far more visible than the success stories, mostly >>with open source and free products, is products in the commercial sector >>that do not work and are fundamentally flawed in their operation. >> >>Any system that does not issue SMTP rejects for detected spam is flawed, >>because it will have silent errors. >> >>Basically where I see the effort right now in the anti-spam community is >>a growing war against "backscatter" where mail servers are sending new >>bounce messages for detected spam and viruses instead of SMTP rejects. >>This war has been pushed because some of the low end and cheap >>commercial mail servers can not do spam and virus filtering properly, >>and at least one major "anti-spam/anti-virus" product comes out of the >>box configured to send a backscatter message to any thing it detects. >> >>That an anti-spam product even has that as an option, let alone a >>default, means that the author has no clue about how spam and viruses >>exploit weaknesses in the SMTP protocol, and you do not want to have >>such a thing touching your e-mail if you care about it. >> >>Many small networks have had their mail servers or other equipment >>overloaded from such backscatter, and it is very common for dial up >>users to find that they are losing legitimate e-mail because their mail >>quota was full of backscatter from a virus or spam. >> >>The social solution to the spam problem is to expose the bad practices >>in mail server operation for what they are and to refuse e-mail from >>those networks that permit such things to happen. >> >>And this is happening more with large networks and private blacklists >>than it is with public ones. But it is happening with both. >> >>I think that Hunter has posted here that the PMAS as a proxy server >>rejects the detected spam before it gets into the mail server. As I do >>not operate a mail server (It is prohibited by the class of service I >>have from my ISP) I have not actually tried the product. >> > Pretty much all mail systems reject blacklisted entries early on in the smtp > dialogue. However not all systems do when content scanning. > > PMAS in proxy server mode does do this - and I have asked Process to > update PMDF so that in the future PMAS working directly with PMDF can do the > same. However rejecting spam in that way only really works with the threshold > set fairly high - ie when you can be almost certain that it is definitely spam. > If you set the threshold too low then you get a fair amount of legitimate mail > rejected and the legitimate sender then is left wondering why you are labelling > him as a spammer and what he can do to change his mail to get it past your > "defective" filters. Unfortunately passing back enough information from > anti-spam products to let the sender really know why his mail was rejected > so that he can correct it is very difficult (if not impossible). > > So at the moment the best solution seems to be > > 1) Reject mail using DNSBLs during SMTP dialogue > 2) Reject mail with a high threshold spam score from an anti-spam product > during the SMTP dialogue if possible. > 3) Quarantine or tag and deliver more problematic spam (ie that scoring as spam > but with a lower threshold score). Or, develop a system that allows for the reversal of the logic so you can search for what you want and not for something you don't want which may be nearly infinite in comparison. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 13:44:22 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnghmF35551uU3@mid.individual.net> In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article , david20@alpha1.mdx.ac.uk writes: > >> By their very nature DNSBLs block all mail whether legitimate or spam >> coming from the blocked address. > > No, by their nature, DNSBLs only _list_ those IP addresses. What happens > next depends on the software at the recipient end _using_ the DNSbl: > > 1. MUA software at best can segregate email from the > listed IP address, making it available for possible > (but unlikely) review by the recipient. > > 2. MTA software _can_ do the above, but it can also do > the more reliable thing - REJECTing the email in the > SMTP dialog, so the sender of legitimate mail knows > it did not get through. Except that that rejection is probablyh meaningless to the originator of the mesage resulting in more traffic with no purpose. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 13:47:26 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dngneF35551uU4@mid.individual.net> In article , david20@alpha2.mdx.ac.uk writes: > In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: >>In article , david20@alpha1.mdx.ac.uk writes: >> >>> By their very nature DNSBLs block all mail whether legitimate or spam >>> coming from the blocked address. >> >>No, by their nature, DNSBLs only _list_ those IP addresses. What happens >>next depends on the software at the recipient end _using_ the DNSbl: >> >> 1. MUA software at best can segregate email from the >> listed IP address, making it available for possible >> (but unlikely) review by the recipient. >> >> 2. MTA software _can_ do the above, but it can also do >> the more reliable thing - REJECTing the email in the >> SMTP dialog, so the sender of legitimate mail knows >> it did not get through. >> >>Some broken software for MUA's tries to send a mail back to the >>originator saying the mail was not given to the recipients, but >>since most spammers falsify the "From:" header, the result is >>the broken software has generated new spam, sending a non-delivery >>report to an innocent bystander. > > > I was responding to > > " >>> And how much legitimate business have you lost because someone who >>> wanted to contact you had their email bounced because of an RBL for >>> reasons totally out of their control? It may stop some SPAM, but >>> it also stops some legitimate traffic. And you will never know you >>> lost that sale!! > " > which talks about lost legitimate mail because of bounces because of an RBL. > > I'm fully aware of how DNSBLs work but in the context the form of my reply > seemed appropriate. > > I'm sorry for using bad terminology. > > The point I was making is that the DNSBL just supplies the IP address and > hence any action taken is just based upon the fact that the email came from > that IP address. The MTA using the DNSBL cannot distinguish between legitimate > mail coming from that IP address and Spam mail coming from that IP address > without passing that mail message through some other check - such as a content > scanner. Hence once the address is listed because of some misuse then all > legitimate as well as spam mail from that address is affected until the > address is delisted. > To some extent this is a good thing since it means that the legitimate users > put pressure on any ISP getting itself on a blacklist to clean up it's act. > People here keep saying this but the fact is the legitimate user is not going to have clue what the rejection message means and will likely just delete it. And even if he does, his chances of getting the ISP to change its ways are pretty much nil. And, once again, the victim takes the brunt of the punishment. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 06:52:40 -0700 From: "Tom Linden" Subject: Re: PLUG: PMAS Message-ID: On Sun, 17 Jun 2007 01:05:55 -0700, P. Sture wrote: > In article <1378kfui13fk00@corp.supernews.com>, > Mark Daniel wrote: > >> Bill Gunshannon wrote: >> > In article , >> > helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to >> reply) >> > writes: >> > >> >>In article <1378bo75v2pl6a1@corp.supernews.com>, Mark Daniel >> >> writes: >> >> >> >> >> >>>And I thought the SPAM load was moderating (silly me). >> >>> >> >>>Looking for a specific e-mail I thought I should have received, I >> just >> >>>opened my PreciseMail Anti-SPAM quarrantined messages page to search >> for >> >>>it (without success). I don't do this often and haven't for a while >> >>>(obviously not since the last upgrade). Towards the top of the >> >>>2,967,263 byte report page is a (new to me) item "(Messages: 4605)". >> >>>That's four and one half thousand quarrantined SPAM in the past 14 >> days! >> >>> This is something like 328 per day!! >> >> >> >>That seems about average. I've resorted to using ZEN.SPAMHAUS.ORG as >> an >> >>RBL. That gets rid of the lion's share. >> > > > I've just started using that zen.spamhaus.org as well, and the spam on > my VMS system has dropped significantly as a result. > >> > So, how bad does it have to get before I can expect people to start >> > looking at my suggestion for a social solution rather than technical >> > solutions that may hide the problem but certainly don't reduce it or >> > the load it puts on the system? >> > >> > bill >> >> Isn't this a little like suggesting a social solution to the problem of >> crime :-) I'd guess that as long as there is profit to be made there >> will be such activities. >> >> I have a telephone answering machine primarily to screen tele-marketers. >> Best AU$50 I ever spent. But the marketers will continue to call as >> long as people respond to those calls (with interest, dollars, etc.) >> Those who wish to speak to me leave a message (or I pick-up). Not had a >> single message from a marketer or charity asking me to call them back. > > FWIW, I've discontinued my land line and survive with a cell phone at > the moment. That's obviously not an option for everyone, but it's been > effective for me. My snail-mail box is now under attack, but that's > still nowhere near as bad as it was in the UK a decade ago. > >> The solution surely will be technological, perhaps digital signatures >> and associated PKI, to reduce the effectiveness of general SPAMing thus >> reserving the activity for specialised crime rather than the general >> mugging we all endure now. > > My ISP has recently tightened things up, as a couple of months ago the > spam volume dropped. Unfortunately, I believe I lost some valid emails > as well :-( > > About 18 months ago they implemented SMTP authentication, but I don't > think they were enforcing it for quite a while. > > The latest development is that the appear to be enforcing the use of my > registered address in the From: field. Until recently, I could happily > cc a news group posting via email using the munged .nospam sending > address you see above, but now that fails unless I use my real address > (a bit more research needed here to confirm this theory). > > Not what I want to keep my real address munged for news groups, but a > pretty minor inconvenience if it really does stop zombies connected to > my ISP from spewing spam. > Why not be your own ISP? I am. My 'ISP' only provides me with a T1 pipe. So I run my own DNS and Mail, in fact, it runs on each node under loadbroker. You could do the same even with DSL. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ------------------------------ Date: Mon, 18 Jun 2007 13:56:04 GMT From: "John E. Malmberg" Subject: Re: PLUG: PMAS Message-ID: Bill Gunshannon wrote: > In article <46755c79$1@news.langstoeger.at>, > > But that just increases the likelihood of a false positive. I have > people who contact me who get bounces every once in a while. When > asked, I usually look at the logs to see why. You would be amazed > (well, maybe not) at the number of places, like comcast, that have > multiple MTA machines, which seem to get selected at randow when a > user sends an email, where one or two of them are RBLed. Result: > most messages go thru but every once in a while one gets rejected. > And I can assure you even when the retune messages says it was rejected > because of an RBL the user doesn't understand. All he knows is he > couldn't send email to that address. At that point, most users just > give up. I am curious at what filtering that you are using that is having such a high false positive rate. The state of the art that can be obtained with DNSbsl is > 80% with out a DHCP list, and well into the 90% in spam detection. The false positive rate with out a DHCP list is too low to measure, and below the rate of which e-mail gets lost from human/network/server issues. With a DHCP list, the risk of rejecting a good e-mail increases to about .001 percent. Again, more good mail probably gets lost for other reasons beyond the mail server operator or network administrators control. So what DNSbls are you using that generate these higher rates of false positives? The only time that I saw two of my former ISP's mailservers get put in a DNSbl, sample spams obtained from news.admin.net-abuse.email and spamcop.net (back when anyone could look that up), showed that one server was operating as an open relay, and the other at the same time appeared to be either an open proxy or completely owned by the spammer. The MAPS OPS list will also show sample spams if you are trying to find out the spam history of a I.P. address. And apparently two other very large ISPs also immediately put them in a local blocking list, based on postings on an internal news group. It took longer to get those blocks removed than from the DNSbls once the problem was fixed. These private blocks were noticed by the users more than the DNSbl listing was. (RBL amd DUL are a trademark of MAPS and they have taken legal action against blocking list operators and/or software vendors that use those terms as generic) > > But which is easier and more likely to succeed? Trying to guess a > "keyword" that appears in all this SPAM or searching for keywords > that are relevant to your business? No, that is a waste of CPU cycles. However almost all spam has a URL in it that will resolve to a I.P. address that has long been listed as totally controlled by the spammer. It is now almost impossible for a spammer to keep a website up long enough for a spam run on a dedicated hosting company unless that company is actively supporting spammers only. To get around that, spammers are trying to host web sites on systems infected with malware. AOL reacted to that first by rejecting all e-mails with only numbered IP address URLs in them, which forced the spammers to start buying domain names. The domain names can be changed, but they still usually resolve to a known controlled I.P. > In article , > david20@alpha2.mdx.ac.uk writes: >> >>> However if things are setup correctly the sender should get back a message >>> saying that they have been blocked because they are on that particular RBL. > > > And do you really think my father would have understood that message? :-) > I work in the Computer Science Department of University and I doubt that > half the faculty or one tenth of our students would. When it is done properly though, the mail message about the non-delivery is done by the server local to the sender. So if that message is not understandable, the reason for that usually lies with the ISP running the mail server. And that is the same ISP that the user needs to contact to get the problem resolved. And most of the mail servers that I have seen allow local customization of the bounce message they send to their internal network users. Very obvious when the local system messes up the edits. Unfortunately it is worse than Bill describes about the quality of the message. Many ISPs will suggest that the sender try rebooting their computer to resolve an issue, and most users are not aware of how competent their ISP is in these areas. I have seen Gmail file bounce messages from mail sent from it in the spam folder, where POP users will never see them. Now that is a prime example of broken software. Since a Gmail server generated the bounce from a reject it received from an authenticated user sending through it, it should never have a false positive. Other ISPs silently delete all bounce messages, and some mail servers do not pass through the reject code and text. -John wb8tyw@qsl.network Personal Opinion Only ------------------------------ Date: Mon, 18 Jun 2007 14:07:31 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <5dnge1F35551uU2@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > > By their very nature DNSBLs block all mail whether legitimate or spam > > coming from the blocked address. To some extent this is a good thing since > > it means the legitimate users put pressure on any ISP getting itself on a > > blacklist to clean up it's act. > > How can they do that when they haven't a clue why their message was > rejected? I just asked the most knowledgable faculty memeber on these > subjects that we have and he didn't have a clue what an RBL was. Most > users are neither geeks nor sys admins. If the person running the SMTP relay server I used didn't know what an RBL was, I would go elsewhere. ------------------------------ Date: Mon, 18 Jun 2007 14:08:11 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <5dnghmF35551uU3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > Except that that rejection is probablyh meaningless to the originator > of the mesage resulting in more traffic with no purpose. The rejection message could be a URL which points to an "RBLs for Dummies" website. ------------------------------ Date: 18 Jun 2007 14:09:36 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dni10F33r1bdU1@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dkqn3F350el9U5@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> And how much legitimate business have you lost because someone who >> wanted to contact you had their email bounced because of an RBL for >> reasons totally out of their control? It may stop some SPAM, but >> it also stops some legitimate traffic. And you will never know you >> lost that sale!! > > If you look at the reasons sites get listed in the RBL, you will see > that no-one doing legitimate business would send email from such a site. Are you saying that there were no legitimate users at Adelphia.net? Comcast.net? Even Google (who are apparently being rejected now) must have some legitimate users. I just did a quick scan of my maillogs since midnight. I see dozens of sites listed as being "Exploitable Servers". I don't know how to break this to people but that is frequently just the fault of an incompetent sys admin and the majority of real users at this sites are legitimate. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 14:22:40 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnipgF33r1bdU2@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dj0ihF34721fU2@mid.individual.net>, > bill@triangle.cs.uofs.edu (Bill Gunshannon) writes: > >> So, how bad does it have to get before I can expect people to start >> looking at my suggestion for a social solution rather than technical >> solutions that may hide the problem but certainly don't reduce it or >> the load it puts on the system? > > What is your social solution? > > My social solution is to send email only through trusted relay servers, > and only receive mail from the same. As soon as enough people start > doing this, then it won't be worth it to the spammers to spam. That's pretty much mine, but I take it a step further by proposing the formalization of the process with written and signed agreements and basing the trusted email network on something other than SMTP in order to eliminate the possibility of leakage. So, how do you establish your trust and how do your trusted servers guarantee no leakage? > > I think it is more than worth the trouble to pay a small fee to the > operator of the trusted server I send mail through in return for him > making sure that no spam is sent through it, making sure that my > recipients can receive mail from it, i.e. trust it. I agree!! > > Brad Templeton has an interesting idea which doesn't involve blocking > email from non-trusted addresses: delay it somewhat, enough to make > spamming not worth the effort but not enough to hurt legitimate mail: > > http://ideas.4brad.com/node/510 Now there's a name I haven't heard in ages. Maybe I should be talking to people like him about my idea. One advantage of my idea is that there is no installed delay and the overhead of the system would likely add no noticable additional delay to the handling of messages. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 14:27:07 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnj1qF33r1bdU3@mid.individual.net> In article , "P. Sture" writes: > In article , > JF Mezei wrote: > >> Mark Daniel wrote: >> > This suggests SPAMing not being attempted through the agent 'RCPT >> > to:<...>'ing from a dictionary of common local-part strings (which one >> > would think would be effort-intensive enough) but permuting strings >> > through all possibilities. Surely that would be entirely too expensive >> > merely to promote some softgels? >> >> >> Nop. You're not thinking like a spammer/criminal. >> >> If you cannot sent to annie@aol.com because AOL blocks you, what do you >> ? What do you do ? >> >> You create a message: >> >> MAIL_FROM: annie@aol.com >> RCPT_TO: random_junk@chocolate.com >> >> And if the receiving SMTP server does not immediatly verify the RCPT_TO >> (like VMS used to be, but thankfully fixed since TCPIP Serv. 5.4), then >> the receiving server accepts the message and will later send a bounce >> message to annie@aol.com. >> >> She gets to see a non delivery message with some cryptic gibberish >> username she probably things is some internal technical term and opens >> the attachement which contains the original message to see if it was >> something that she has sent. The act of opening that message sends money >> to the spammers. > > A variation on that is that someone technically literate receives an > accusation that they are sending out a virus. This makes them mad, so > they read the offending email, which of course contains the virus being > complained about - oops! > > Fortunately this technically literate dupe (i.e. me) had the presence of > mind to do this on a VMS system :-) Well, now that you mention it, I have heard manyh comments about people using the information in Reject: messages to get their ISP to straighten up and fly right. I had never considered it until this comment but I am pretty much the only one around here would would actually understand the info in a Reject: message. The Kicker is, I never read them. They are mostly virus infected or bogus in some other way. I get dozens of them every day. It looks like the only ones likely to read them are the people least likely to understand them So, I guess that shoots down that myth, too. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 09:47:04 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: PLUG: PMAS Message-ID: In article <5dnghmF35551uU3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > In article , > Kilgallen@SpamCop.net (Larry Kilgallen) writes: >> In article , david20@alpha1.mdx.ac.uk writes: >> >>> By their very nature DNSBLs block all mail whether legitimate or spam >>> coming from the blocked address. >> >> No, by their nature, DNSBLs only _list_ those IP addresses. What happens >> next depends on the software at the recipient end _using_ the DNSbl: >> >> 1. MUA software at best can segregate email from the >> listed IP address, making it available for possible >> (but unlikely) review by the recipient. >> >> 2. MTA software _can_ do the above, but it can also do >> the more reliable thing - REJECTing the email in the >> SMTP dialog, so the sender of legitimate mail knows >> it did not get through. > > Except that that rejection is probablyh meaningless to the originator > of the mesage resulting in more traffic with no purpose. Any legitimate originator will figure out that "something went wrong" with their email message. The degree to which they investigate will depend on how important it was to them that the message get through. ------------------------------ Date: 18 Jun 2007 09:51:11 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: PLUG: PMAS Message-ID: <80R3AqzfeC3y@eisner.encompasserve.org> In article <5dngneF35551uU4@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > In article , > david20@alpha2.mdx.ac.uk writes: >> The point I was making is that the DNSBL just supplies the IP address and >> hence any action taken is just based upon the fact that the email came from >> that IP address. The MTA using the DNSBL cannot distinguish between legitimate >> mail coming from that IP address and Spam mail coming from that IP address >> without passing that mail message through some other check - such as a content >> scanner. Hence once the address is listed because of some misuse then all >> legitimate as well as spam mail from that address is affected until the >> address is delisted. >> To some extent this is a good thing since it means that the legitimate users >> put pressure on any ISP getting itself on a blacklist to clean up it's act. >> > > People here keep saying this but the fact is the legitimate user is not > going to have clue what the rejection message means and will likely just > delete it. And even if he does, his chances of getting the ISP to change > its ways are pretty much nil. But if that message was truly important, there is noting about the DNSbl mechanism to keep the originator from reaching the recipient by telephone. If the message was important, the originator can use other mechanisms, but only if they have been informed that the message did not get through. ------------------------------ Date: Mon, 18 Jun 2007 07:54:47 -0700 From: DeanW Subject: Re: PLUG: PMAS Message-ID: <3f119ada0706180754k73dc90b8yba7e384fa45e6dff@mail.gmail.com> On 6/18/07, Phillip Helbig---remove CLOTHES to reply wrote: > In article > <3f119ada0706171352o747f7c10n4b67ab50262039b8@mail.gmail.com>, DeanW > writes: > > > 1) Delaying- the first time it sees a message from IP, from USER, to > > RECIPIENT, it returns a "temporary failure" and logs the triplet. If > > that triplet comes up again in < 5 minutes, it gets rejected again and > > logged as a spammer. If more than 5 minutes, then it's considered a > > valid sender, and logged as such; future messages are not delayed > > (unless it fails one of the subsequent spam checks). If it doesn't > > come back in 24 hours, the entry is purged. > > This is known as greylisting. Yes, it is frequently called greylisting. ASSP had already been using that term for something else, so to avoid confusion, ASSP calls it greylisting (at least for now). > > 2) Max errors: To defeat dictionary attacks, after 3 invalid > > recipients, the connection is dropped. > > Presumably from the same IP address within a certain time. For each connection. Frequently spammers conducting dictionary attacks will pile on as many RCPT TO: lines as they think they can get away with. Limiting the total number of recipients, and if you're on top of your email user base, severely restricting the allowed number of invalid users, can cut out a lot of spam. > > Those two block 87% of inbound spam before the message body even > > begins to be transmitted; RBLs and a Bayesian filter catch almost all > > the rest. Each user here sees 1-2 spam messages a day. I can live with > > it. > > Presumably, there is some overlap between your techniques and RBLs, i.e. > RBLs alone would block more than 13%. As I understand it, those checks/blocks occur before RBL checks, since they don't rely on waiting for an external service. Out of 2.5 million messages, 360k were valid, and that number is artificially inflated due to a number of high-volume lists I receive (Of which InfoVAX floats between #2 & #3). Of the ~2.15M spams, then, only 7k made it so far as to be shot down by an RBL check. -- Dean Woodward =o&o dean.woodward@gmail.com ------------------------------ Date: Mon, 18 Jun 2007 11:31:48 -0400 From: sol gongola Subject: Re: PLUG: PMAS Message-ID: Ron Johnson wrote: > On 06/17/07 03:05, P. Sture wrote: > [snip] >> >> My ISP has recently tightened things up, as a couple of months ago the >> spam volume dropped. Unfortunately, I believe I lost some valid emails >> as well :-( > > You mean they just *delete* emails they think are spam???? My ISP at > least sends them to the "Spam" folder where I can see them with web mail. > > But I guess people complaines, and now there is a configuration option > of putting "-- Spam --" in the subject line of emails they score as > spam. I now get all emails, and filter them into my own Spam folder > where I can quick-scan for false-negatives. > So, you haven't reduced your unwanted spam traffic on your network and you are still getting all the spam. Maybe it easier to to deal with them when they are all in the same folder. ------------------------------ Date: Mon, 18 Jun 2007 15:44:56 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <5dni10F33r1bdU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > I just did a quick scan of my maillogs since midnight. I see dozens of > sites listed as being "Exploitable Servers". I don't know how to break > this to people but that is frequently just the fault of an incompetent > sys admin and the majority of real users at this sites are legitimate. zen.spamhaus.org is a combination of 3 RBLs. If you like, you can use 2 of the three and not block the exploitable-servers list. Also, even if the majority of USERS at those sites are legitimate, that doesn't mean that they have to send email THROUGH or directly FROM the blocked address. These days, any serious ISP should offer a trusted server for clients to send email through, and if he is worth his salt this won't be blocked. If something is listed, there is a legitimate reason. As a result, many people will block it. Email from other people, even if it reaches you, will be blocked by these people. If you block it AND deliver them an error message they can understand, perhaps pointing them to a URL or whatever, then you are doing them a big service. Even if their email gets through to you, it won't be getting through to other sites. Again, if they send an email to the support address of their ISP with the error message, if the ISP can't respond properly, they aren't worth staying with. The end-user doesn't have to understand the technical details, he just has to realise there is a problem which his ISP can solve. ------------------------------ Date: Mon, 18 Jun 2007 15:48:01 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <5dnipgF33r1bdU2@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > > My social solution is to send email only through trusted relay servers, > > and only receive mail from the same. As soon as enough people start > > doing this, then it won't be worth it to the spammers to spam. > > That's pretty much mine, but I take it a step further by proposing > the formalization of the process with written and signed agreements > and basing the trusted email network on something other than SMTP > in order to eliminate the possibility of leakage. > > So, how do you establish your trust and how do your trusted servers > guarantee no leakage? Trusted servers are those not in an RBL. :-) The person running the SMTP relay server I use gets money from his customers to run it. Thus, it is in his own interest to make sure it is spam-free. Thus, any user who sends too much email within a given time gets blocked until the problem is resolved. If he gets blacklisted, the guilty person has to pay. > > Brad Templeton has an interesting idea which doesn't involve blocking > > email from non-trusted addresses: delay it somewhat, enough to make > > spamming not worth the effort but not enough to hurt legitimate mail: > > > > http://ideas.4brad.com/node/510 > > Now there's a name I haven't heard in ages. Maybe I should be talking > to people like him about my idea. His blog as quite active. ------------------------------ Date: Mon, 18 Jun 2007 15:50:24 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <3f119ada0706180754k73dc90b8yba7e384fa45e6dff@mail.gmail.com>, DeanW writes: > > > 1) Delaying- the first time it sees a message from IP, from USER, to > > > RECIPIENT, it returns a "temporary failure" and logs the triplet. If > > > that triplet comes up again in < 5 minutes, it gets rejected again and > > > logged as a spammer. If more than 5 minutes, then it's considered a > > > valid sender, and logged as such; future messages are not delayed > > > (unless it fails one of the subsequent spam checks). If it doesn't > > > come back in 24 hours, the entry is purged. > > > > This is known as greylisting. > > Yes, it is frequently called greylisting. ASSP had already been using > that term for something else, so to avoid confusion, ASSP calls it > greylisting (at least for now). ??? > > Presumably, there is some overlap between your techniques and RBLs, i.e. > > RBLs alone would block more than 13%. > > As I understand it, those checks/blocks occur before RBL checks, since > they don't rely on waiting for an external service. Right, I mean that if they WERE TO BE checked, many would be listed. ------------------------------ Date: 18 Jun 2007 16:04:55 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnop7F35gc3pU1@mid.individual.net> In article , "John E. Malmberg" writes: > Bill Gunshannon wrote: >> In article <46755c79$1@news.langstoeger.at>, >> >> But that just increases the likelihood of a false positive. I have >> people who contact me who get bounces every once in a while. When >> asked, I usually look at the logs to see why. You would be amazed >> (well, maybe not) at the number of places, like comcast, that have >> multiple MTA machines, which seem to get selected at randow when a >> user sends an email, where one or two of them are RBLed. Result: >> most messages go thru but every once in a while one gets rejected. >> And I can assure you even when the retune messages says it was rejected >> because of an RBL the user doesn't understand. All he knows is he >> couldn't send email to that address. At that point, most users just >> give up. > > I am curious at what filtering that you are using that is having such a > high false positive rate. The state of the art that can be obtained > with DNSbsl is > 80% with out a DHCP list, and well into the 90% in spam > detection. The false positive rate with out a DHCP list is too low to > measure, and below the rate of which e-mail gets lost from > human/network/server issues. With a DHCP list, the risk of rejecting a > good e-mail increases to about .001 percent. Again, more good mail > probably gets lost for other reasons beyond the mail server operator or > network administrators control. > > So what DNSbls are you using that generate these higher rates of false > positives? Maybe we are using the term "false positive" in different ways. Based on the fact that using BL's of pretty much any type I am familiar with reults in denying the message before seeing any of it, how do oyu know it wasn't a legitimate message as opposed to SPAM (which is my definition of a "false positive".) I am not sying that the DNSbls have bad data, I am saying that everyone using a site that gets on a bl is not necessarily a SPAMMER. > > The only time that I saw two of my former ISP's mailservers get put in a > DNSbl, sample spams obtained from news.admin.net-abuse.email and > spamcop.net (back when anyone could look that up), showed that one > server was operating as an open relay, and the other at the same time > appeared to be either an open proxy or completely owned by the spammer. > The MAPS OPS list will also show sample spams if you are trying to find > out the spam history of a I.P. address. I have recently seen both Comcast and Google mail servers get rejected. In the past I have seen Adelphia. There were others, but I can't remember names off the top fo my head. > > And apparently two other very large ISPs also immediately put them in a > local blocking list, based on postings on an internal news group. It > took longer to get those blocks removed than from the DNSbls once the > problem was fixed. These private blocks were noticed by the users more > than the DNSbl listing was. > > (RBL amd DUL are a trademark of MAPS and they have taken legal action > against blocking list operators and/or software vendors that use those > terms as generic) > >> >> But which is easier and more likely to succeed? Trying to guess a >> "keyword" that appears in all this SPAM or searching for keywords >> that are relevant to your business? > > No, that is a waste of CPU cycles. However almost all spam has a URL in > it that will resolve to a I.P. address that has long been listed as > totally controlled by the spammer. > > It is now almost impossible for a spammer to keep a website up long > enough for a spam run on a dedicated hosting company unless that company > is actively supporting spammers only. To get around that, spammers are > trying to host web sites on systems infected with malware. Which takes us back to the "trusted server" concept. Instead of trying to guess who not to accept email from establish relationships with people (or rather with a network) with which you are willing to accept email. > > AOL reacted to that first by rejecting all e-mails with only numbered IP > address URLs in them, which forced the spammers to start buying domain > names. The domain names can be changed, but they still usually resolve > to a known controlled I.P. > >> In article , >> david20@alpha2.mdx.ac.uk writes: > >>> >>>> However if things are setup correctly the sender should get back a message >>>> saying that they have been blocked because they are on that particular RBL. >> >> >> And do you really think my father would have understood that message? :-) >> I work in the Computer Science Department of University and I doubt that >> half the faculty or one tenth of our students would. > > When it is done properly though, the mail message about the non-delivery > is done by the server local to the sender. So if that message is not > understandable, the reason for that usually lies with the ISP running > the mail server. And that is the same ISP that the user needs to > contact to get the problem resolved. No, it isn;t the message, it's the concept. Real people don't know what an RBL is. I know, I asked. And what's more, although I hadn't really thought about it before, I, personally, never read all the Reject: messages I get cause 99% of them are bogus and some I have tested for and found them to contain viruses. > > And most of the mail servers that I have seen allow local customization > of the bounce message they send to their internal network users. > Very obvious when the local system messes up the edits. > > Unfortunately it is worse than Bill describes about the quality of the > message. > > Many ISPs will suggest that the sender try rebooting their computer to > resolve an issue, and most users are not aware of how competent their > ISP is in these areas. I think you probably meant "incompetent"!! :-) > > I have seen Gmail file bounce messages from mail sent from it in the > spam folder, where POP users will never see them. Now that is a prime > example of broken software. Since a Gmail server generated the bounce > from a reject it received from an authenticated user sending through it, > it should never have a false positive. > > Other ISPs silently delete all bounce messages, and some mail servers do > not pass through the reject code and text. Based on what I see at this end, I can understand doing this. Like so much of what we used to use in the past these have been turned into just another method of abuse. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 16:07:37 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnou8F35gc3pU2@mid.individual.net> In article , Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article <5dnghmF35551uU3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >> In article , >> Kilgallen@SpamCop.net (Larry Kilgallen) writes: >>> In article , david20@alpha1.mdx.ac.uk writes: >>> >>>> By their very nature DNSBLs block all mail whether legitimate or spam >>>> coming from the blocked address. >>> >>> No, by their nature, DNSBLs only _list_ those IP addresses. What happens >>> next depends on the software at the recipient end _using_ the DNSbl: >>> >>> 1. MUA software at best can segregate email from the >>> listed IP address, making it available for possible >>> (but unlikely) review by the recipient. >>> >>> 2. MTA software _can_ do the above, but it can also do >>> the more reliable thing - REJECTing the email in the >>> SMTP dialog, so the sender of legitimate mail knows >>> it did not get through. >> >> Except that that rejection is probablyh meaningless to the originator >> of the mesage resulting in more traffic with no purpose. > > Any legitimate originator will figure out that "something went wrong" > with their email message. The degree to which they investigate will > depend on how important it was to them that the message get through. You give the average user more credit than I would. And I work with people very day who one would thnk were more computer savvy than the average. As I said in another message, I asked the most savvy faculty member in the CS departmetn and he didn't have a clue what an RBL was. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 16:09:38 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnp22F35gc3pU3@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dnghmF35551uU3@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> Except that that rejection is probablyh meaningless to the originator >> of the mesage resulting in more traffic with no purpose. > > The rejection message could be a URL which points to an "RBLs for > Dummies" website. And you would just happily trust this URL and visit it with your totally unprotected Windows box? No wonder there are so many zombied machines on the net. I won't even open a Reject: message because I know what the payload in the majority of them are. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 16:13:59 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnpa6F35gc3pU4@mid.individual.net> In article <80R3AqzfeC3y@eisner.encompasserve.org>, Kilgallen@SpamCop.net (Larry Kilgallen) writes: > In article <5dngneF35551uU4@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >> In article , >> david20@alpha2.mdx.ac.uk writes: > >>> The point I was making is that the DNSBL just supplies the IP address and >>> hence any action taken is just based upon the fact that the email came from >>> that IP address. The MTA using the DNSBL cannot distinguish between legitimate >>> mail coming from that IP address and Spam mail coming from that IP address >>> without passing that mail message through some other check - such as a content >>> scanner. Hence once the address is listed because of some misuse then all >>> legitimate as well as spam mail from that address is affected until the >>> address is delisted. >>> To some extent this is a good thing since it means that the legitimate users >>> put pressure on any ISP getting itself on a blacklist to clean up it's act. >>> >> >> People here keep saying this but the fact is the legitimate user is not >> going to have clue what the rejection message means and will likely just >> delete it. And even if he does, his chances of getting the ISP to change >> its ways are pretty much nil. > > But if that message was truly important, there is noting about > the DNSbl mechanism to keep the originator from reaching the > recipient by telephone. If the message was important, the > originator can use other mechanisms, but only if they have > been informed that the message did not get through. You are assuming it is important to the originator. I am more concerned with the destination. If I need to buy a computer and I can't get through to the first guy on the list, there are dozens more I can visit. In the long run, it is not all that important to me where I spend my money. How important is it to you as the seller? And I can come up with many more examples of how this badly broken system is affecting some people's ability to do business. Sadly, it is usually the more competent businesses whor are trying to do things right who are bearing the brunt of the burden. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 16:18:35 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnpiqF35gc3pU5@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dnge1F35551uU2@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> > By their very nature DNSBLs block all mail whether legitimate or spam >> > coming from the blocked address. To some extent this is a good thing since >> > it means the legitimate users put pressure on any ISP getting itself on a >> > blacklist to clean up it's act. >> >> How can they do that when they haven't a clue why their message was >> rejected? I just asked the most knowledgable faculty memeber on these >> subjects that we have and he didn't have a clue what an RBL was. Most >> users are neither geeks nor sys admins. > > If the person running the SMTP relay server I used didn't know what an > RBL was, I would go elsewhere. Believe it or not, this is one of the upsides to my idea. It would, hopefully, spawn some new businesses specifically to provide "clean" email sites. But the reality today is that probably 90% of the current MTA servers are run by clueless sys admins. Let's look at it in the simplest of terms. If you were the Email Server Sys Admin at an ISP would you not be beatin g on your bosses desk telling him that they needed to block port 25 for all internal addresses other than yours? I would!! bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 16:29:28 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: PLUG: PMAS Message-ID: In article <5dnftrF35551uU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >In article , > "John E. Malmberg" writes: >> Bill Gunshannon wrote: >>> In article , >>> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >>> >>>>In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill >>>>Gunshannon) writes: >>>> >>>> >>>>>So, what is the technological solution? >>>> >>>>ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of >>>>version 5.4). >>> >>> >>> And how much legitimate business have you lost because someone who >>> wanted to contact you had their email bounced because of an RBL for >>> reasons totally out of their control? It may stop some SPAM, but >>> it also stops some legitimate traffic. And you will never know you >>> lost that sale!! >> >> With the current state of art of spam filtering, the real state of the >> art, not the one promoted by many commercial spam filtering, the error >> rate of the most popular and free DNSbls is almost too low to be measured. > >You are joking, right? I have a number of people I exchange emails >with who get false positives all the time. As I think I stated in >another message recently, some of the big name ISP's have some of >their MTA machines listed causing totally random (int he view of the >user) rejections. Just last week I had someone from the PDP-11 list >email me and ask why his first message got through, his second did >not and then his third did. Reason: The first and third were sent >through Gmail the second through google (don't they run Gmail?). The >one through google was rejected because of their being RBLed. And >this was an experienced IT guy who has been doing this stuff for at >least as long as I have. > >Oh, and as another data point. I just asked the most knowledgable >(network/TCPIP wise) faculty member here and he didn't have a clue >what an RBL was and if he had received a bounce claiming it as the >reason he said it would have meant nothing to him. Tell me again >how these messages are going to get normal users to get their ISP's >to fix the problem!! > The bounce messages from DNSBLs usually include explanatory text which is obtained from the DNS blocklists TXT records for the IP address. However I tend to replace this with my own explanatory text such as 72.52.73.200 is on the SBL list - See Which includes the IP address being objected to, Name of the DNSBL and crucially a link to an explanatory web-page. I would hope that your knowledgable faculty member would be able to follow a web link. >> >> It is far lower than the rate of human error, or from e-mail lost >> through various network and server failures on the Internet. > >Somehow, I doubt that. Short of leaving the net for more than a week, >how does email get lost through mnetwork or server failures? > >> >> Current state of the art for using something like the zen list from >> spamhaus has resulted in statistics from multiple sources of from about >> 80 to over 90% of spam delivery attempts blocked and no false positives. > >When your mail server refuses to talk to an incoming server because >of a DNSBL how can you possibly know that wasn't a legitimate contact >attempt? You never see the message. I have many attempts that are >broken a the contact point before any of the SMPTP dialogue beyond >HELO have taken place. > >> >> I have been monitoring forums where people complain about incorrect >> blocking of DNSbls very loudly for quite a few years now. > >But the majority won't complain because only geeks know what it is. > >> >> In the past 5 years, I have seen 0 (zero) complaints about an incorrect >> listing on a spamhaus list. > >Just because a site sends spam and gets listed on spamhaus doesn't mean >that the same site never sends legitimate email. I have already reported >that comcast has servers blocked by DNSBL/RBL sites. Are you saying that >there is never a chance that a legitimate message might come from comcast? > >> >> All the ones that I have seen about open relay and open proxy lists have >> turned out that there really was a severe problem on the mail server >> that the owner refused to admit or fix until they found almost no one >> accepting their e-mail. > >And int he meantime, how much legitimate email did you reject? How much >potential business did you loose? > >> >> Even on the aggressive spamcop.net list, in the majority of the cases >> where someone complains about an incorrect listing, the investigation >> shows that criminals and spammers had more control of the mail server. > >And that means there is never a legitimate user lost in the shuffle? > >> >> In the past 10 years, I have had only two people claim that their >> attempt to e-mail me was blocked because they sent it from a mail server >> operating on a DHCP address. And in both cases, their ISPs had publicly >> readable TOS that stated that it was prohibited for those I.P. addresses >> to be running any servers. > >And, of course, they could block port 25 and the problem wouldn't exist >because the guy running the server would probably notice that his MTA >couldn't talk to anyone. But, believe it or not, there are a lot more >than just DHCPed servers being blocked. Comcast, Google, Adelphia and >the list grows bigger everyday. And, as I have already pointed out, >relying ont he user to understand why his email doesn't get thru is >guaranteed to fail. In most cases, he will merely go looking for someone >else to do business with and you loose that potential customer. And, >once again the victim takes the punishment. > >> >> Because other large ISPs are starting to totally block other ISPs that >> allow zombies to send spam from their DHCP ranges, most residential ISPs >> are planning to implement port 25 blocking for those ranges. And in >> many cases such blocks are implemented with out notice to their >> customers in order to get a block removed or to prevent a block from >> being put in. > >That's nice to hear, but I would bet it is still a very small percentage >(and very likely, only in the US!) > >> >>> Realize, with my suggestion you can turn this whole thing around. >>> Once you have all your regular business on a trusted network you >>> can reverse the logic of your SPAM filtering. Start looking at >>> email that comes in from the unttrusted network (ie. The INTERNET) >>> with filters looking for keywords you want to see, like your product >>> name or somthing else that doesn't look like "Viagra". :-) And, >>> dump the rest. >> >> Keyword filtering even with Bayesian filtering has been shown to be >> totally ineffective at spam filtering at a global basis. Every system >> that I have seen implemented, has been totally ineffective at detecting >> the majority of spam, including ones that are easily detected because of >> header defects that are *NEVER* found in legitimate e-mail. > >Which is why I recommend a system that allows reversing of the logic. >Bayesian requires that there be something common in the SPAMs on which >to filter that can be "learned". It didn't take long for the SPAMers >to find a way to defeat that. All they have to do is load up their >mesages with lot's of random real words and Bayesian filters are beaten. >But if you use positive filtering looking for keywords unique to your >business what are the chances the SPAMers can dupicate that? And a false >poisitive int his case would mean that a SPAM gets thru and not that you >miss an opportunity. Manually scanning the SPAMs that get thru would >likely be no problem in the long run. > >> >> The only content filtering that I have seen that is 100% accurate in >> detecting the presence of spam in a message is the URL lookup, where it >> checks to see if a URL resolves to an IP address in a conservative >> blocking list. And you only want to do that check if there is a header >> defect, the source is a public web-mailer, or the source is on an >> aggressive list like a multihop or an aggressive list like spamcop.net. > >Again, that's the reason why we need to come up with a system that reverses >the logic. Search for what you want and reject all the rest rather than >trying to search for something un-searchable. > If you are going to do that then it can't be based on content scanning. How long do you think it would take spammers to cotton on and include all the words and phrases that you are keyed to accept mail on. The current system of looking for words and phrases which spammers use to sell their product and rejecting based on that at least makes the spammers work to get their message across. David Webb Security team leader CCSS Middlesex University >> >> Combining the URL check on the small percentage of spam that gets >> through a good selection of conservative blocking lists can get the spam >> leakage down to far less than 1 percent. Again with less risk of >> rejecting a real email than human error of just hit delete. >> >> The thing to remember is that anti-spam systems that are cause detected >> spam to be rejected have visible "error" rates, and overwhelmingly those >> cases are from severe problems with the sending system. >> >> Unfortunately what is far more visible than the success stories, mostly >> with open source and free products, is products in the commercial sector >> that do not work and are fundamentally flawed in their operation. >> >> Any system that does not issue SMTP rejects for detected spam is flawed, >> because it will have silent errors. >> >> Basically where I see the effort right now in the anti-spam community is >> a growing war against "backscatter" where mail servers are sending new >> bounce messages for detected spam and viruses instead of SMTP rejects. >> This war has been pushed because some of the low end and cheap >> commercial mail servers can not do spam and virus filtering properly, >> and at least one major "anti-spam/anti-virus" product comes out of the >> box configured to send a backscatter message to any thing it detects. >> >> That an anti-spam product even has that as an option, let alone a >> default, means that the author has no clue about how spam and viruses >> exploit weaknesses in the SMTP protocol, and you do not want to have >> such a thing touching your e-mail if you care about it. >> >> Many small networks have had their mail servers or other equipment >> overloaded from such backscatter, and it is very common for dial up >> users to find that they are losing legitimate e-mail because their mail >> quota was full of backscatter from a virus or spam. >> >> The social solution to the spam problem is to expose the bad practices >> in mail server operation for what they are and to refuse e-mail from >> those networks that permit such things to happen. > >But by refusing email from entire networks you are once again risking >driving legitimate business away. Which is why I am trying to propose/ >develop a positive rather than a negative solution. The trick is to do >what it takes to increase positives rather than trying to live with >increased negatives. It is going to be more work on competent sys >admins at first, but that workload will decrease over time (a short >time I would expect) and it will decrease workload in other areas >almost immediately. Not to mention the ability to decrease over all >loading ont he network and server resources which, give the current >levels of SPAM and the direction this is moving today, has to be a >major plus. > >> >> And this is happening more with large networks and private blacklists >> than it is with public ones. But it is happening with both. >> >> I think that Hunter has posted here that the PMAS as a proxy server >> rejects the detected spam before it gets into the mail server. As I do >> not operate a mail server (It is prohibited by the class of service I >> have from my ISP) I have not actually tried the product. > > >But this once again brings up the question that if you reject the message >totally unseen, how do you know you did not reject a legitimate message? >How much business can you afford to turn away? > >bill > >-- >Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves >bill@cs.scranton.edu | and a sheep voting on what's for dinner. >University of Scranton | >Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 16:42:49 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnr09F32rpkjU1@mid.individual.net> In article , "Tom Linden" writes: > On Sun, 17 Jun 2007 02:14:38 -0700, Phillip Helbig---remove CLOTHES to > reply wrote: > >> In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill >> Gunshannon) writes: >> >>> So, what is the technological solution? >> >> ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of >> version 5.4). >> > I have following in MX, and I get very little SPAM > > RBL domains to check: > BL.SPAMCOP.NET > CBL.ABUSEAT.ORG > DNSBL.NJABL.ORG > OPM.BLITZED.ORG > RELAYS.VISI.COM Yes, but here is the big question and take your time and think about this for at least a few minutes. At what point in the conversation does the system reject the mail and break the connection? During the DATA? After the RCPT TO:? After the MAIL FROM:? I have looked at mine. It usually makes its determination by the time of the HELO, before it knows who the sender, recipient or any of the body of the message is. If this is the case, how do you know it is not rejecting what could be legitimate attempts to communicate with you? How much business can you afford to miss? And all because your potential customer signed up with a lousy ISP. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 16:50:56 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnrfgF32rpkjU2@mid.individual.net> In article , "Tom Linden" writes: > On Sun, 17 Jun 2007 01:05:55 -0700, P. Sture > wrote: > >> In article <1378kfui13fk00@corp.supernews.com>, >> Mark Daniel wrote: >> >>> Bill Gunshannon wrote: >>> > In article , >>> > helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to >>> reply) >>> > writes: >>> > >>> >>In article <1378bo75v2pl6a1@corp.supernews.com>, Mark Daniel >>> >> writes: >>> >> >>> >> >>> >>>And I thought the SPAM load was moderating (silly me). >>> >>> >>> >>>Looking for a specific e-mail I thought I should have received, I >>> just >>> >>>opened my PreciseMail Anti-SPAM quarrantined messages page to search >>> for >>> >>>it (without success). I don't do this often and haven't for a while >>> >>>(obviously not since the last upgrade). Towards the top of the >>> >>>2,967,263 byte report page is a (new to me) item "(Messages: 4605)". >>> >>>That's four and one half thousand quarrantined SPAM in the past 14 >>> days! >>> >>> This is something like 328 per day!! >>> >> >>> >>That seems about average. I've resorted to using ZEN.SPAMHAUS.ORG as >>> an >>> >>RBL. That gets rid of the lion's share. >>> > >> >> I've just started using that zen.spamhaus.org as well, and the spam on >> my VMS system has dropped significantly as a result. >> >>> > So, how bad does it have to get before I can expect people to start >>> > looking at my suggestion for a social solution rather than technical >>> > solutions that may hide the problem but certainly don't reduce it or >>> > the load it puts on the system? >>> > >>> > bill >>> >>> Isn't this a little like suggesting a social solution to the problem of >>> crime :-) I'd guess that as long as there is profit to be made there >>> will be such activities. >>> >>> I have a telephone answering machine primarily to screen tele-marketers. >>> Best AU$50 I ever spent. But the marketers will continue to call as >>> long as people respond to those calls (with interest, dollars, etc.) >>> Those who wish to speak to me leave a message (or I pick-up). Not had a >>> single message from a marketer or charity asking me to call them back. >> >> FWIW, I've discontinued my land line and survive with a cell phone at >> the moment. That's obviously not an option for everyone, but it's been >> effective for me. My snail-mail box is now under attack, but that's >> still nowhere near as bad as it was in the UK a decade ago. >> >>> The solution surely will be technological, perhaps digital signatures >>> and associated PKI, to reduce the effectiveness of general SPAMing thus >>> reserving the activity for specialised crime rather than the general >>> mugging we all endure now. >> >> My ISP has recently tightened things up, as a couple of months ago the >> spam volume dropped. Unfortunately, I believe I lost some valid emails >> as well :-( >> >> About 18 months ago they implemented SMTP authentication, but I don't >> think they were enforcing it for quite a while. >> >> The latest development is that the appear to be enforcing the use of my >> registered address in the From: field. Until recently, I could happily >> cc a news group posting via email using the munged .nospam sending >> address you see above, but now that fails unless I use my real address >> (a bit more research needed here to confirm this theory). >> >> Not what I want to keep my real address munged for news groups, but a >> pretty minor inconvenience if it really does stop zombies connected to >> my ISP from spewing spam. >> > Why not be your own ISP? I am. My 'ISP' only provides me with a T1 pipe. > So I run my own DNS and Mail, in fact, it runs on each node under > loadbroker. > You could do the same even with DSL. How does your running your own ISP fix the email for the guy who wants to do business with you but his ISP is BLed? he will end out taking his business to someone who runs as shoddy an email system as his own. Talk about the mediocre winning the battle. But, let me throw this out for consideration. You don't have to answer publicly, just give it some thought. How many customers do you have? Wouldn't it be better for all concerned if you could establish a trust relationship such that you could know with 100% certainty that all of their emails to you and all of yours to them would get thru? If you knew that all of your existing customers had a guaranteed pipe into your system wouldn't filtering for new potential customers be easier than trying to filter for SPAM? Keywords: PLI PL/I PL1 PL/1 PL-I PL-1 PLM SPL "Subset G" How much SPAM is likely to match that? bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 16:52:54 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <5dnop7F35gc3pU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > No, it isn;t the message, it's the concept. Real people don't know what > an RBL is. I know, I asked. But a real person should be able to decipher this: The email you sent to user@foo.bar couldn't be delivered because, correctly or not, email from the address you sent it from is being blocked by some people because they have reason to believe it is a source of Spam. Please see http://www.foo.bar/ for more information. You should contact the support address of your ISP to solve the problem. ------------------------------ Date: Mon, 18 Jun 2007 16:54:38 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <5dnp22F35gc3pU3@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > In article , > helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > > In article <5dnghmF35551uU3@mid.individual.net>, bill@cs.uofs.edu (Bill > > Gunshannon) writes: > > > >> Except that that rejection is probablyh meaningless to the originator > >> of the mesage resulting in more traffic with no purpose. > > > > The rejection message could be a URL which points to an "RBLs for > > Dummies" website. > > And you would just happily trust this URL and visit it with your totally > unprotected Windows box? No wonder there are so many zombied machines > on the net. I won't even open a Reject: message because I know what the > payload in the majority of them are. Personally, I read email only on VMS with VMS MAIL. :-) Any Windows user who doesn't realise why his email is getting blocked by an RBL probably has no qualms about accessing a URL from his PC. ------------------------------ Date: Mon, 18 Jun 2007 16:57:36 +0000 (UTC) From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) Subject: Re: PLUG: PMAS Message-ID: In article <5dnr09F32rpkjU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > > RBL domains to check: > > BL.SPAMCOP.NET > > CBL.ABUSEAT.ORG > > DNSBL.NJABL.ORG > > OPM.BLITZED.ORG > > RELAYS.VISI.COM > > Yes, but here is the big question and take your time and think about > this for at least a few minutes. > > At what point in the conversation does the system reject the mail > and break the connection? During the DATA? After the RCPT TO:? > After the MAIL FROM:? I have looked at mine. It usually makes > its determination by the time of the HELO, before it knows who > the sender, recipient or any of the body of the message is. If > this is the case, how do you know it is not rejecting what could > be legitimate attempts to communicate with you? How much business > can you afford to miss? And all because your potential customer > signed up with a lousy ISP. Yes, as soon as it is clear what IP address it is coming from, it gets rejected. Again, if I'm blocking him, so are lots of other people, so an explanatory message helps everyone. ------------------------------ Date: 18 Jun 2007 17:14:47 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnss7F32rpkjU4@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dnop7F35gc3pU1@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> No, it isn;t the message, it's the concept. Real people don't know what >> an RBL is. I know, I asked. > Well, let's see, I will look at this as a dumb user. > But a real person should be able to decipher this: > > The email you sent to user@foo.bar couldn't be delivered because, > correctly or not, email from the address you sent it from is being > blocked by some people because they have reason to believe it is a > source of Spam. What, it has my address and you have just accused me of being the source of spam. And I know I don't send any. > Please see http://www.foo.bar/ for more information. And now you have two possible cases. One, the person is suspicious enough not to visit some random web site they get pointed at or Two, they are gullible enough that their machine has already been zombied by visiting the random web sites they get pointed at. > You should contact the support address of your ISP to solve the > problem. Support says, "Re-boot your PC." They don;t have a clue what it means either. Welcome to the real world. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 17:21:33 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnt8tF32rpkjU5@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dnp22F35gc3pU3@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> In article , >> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >> > In article <5dnghmF35551uU3@mid.individual.net>, bill@cs.uofs.edu (Bill >> > Gunshannon) writes: >> > >> >> Except that that rejection is probablyh meaningless to the originator >> >> of the mesage resulting in more traffic with no purpose. >> > >> > The rejection message could be a URL which points to an "RBLs for >> > Dummies" website. >> >> And you would just happily trust this URL and visit it with your totally >> unprotected Windows box? No wonder there are so many zombied machines >> on the net. I won't even open a Reject: message because I know what the >> payload in the majority of them are. > > Personally, I read email only on VMS with VMS MAIL. :-) Which, sadly, is why so many of the comments here regarding what is a very serious and growing problem make so little sense. You have a solution, but one that is unrealistic in the case of 99.9% of INTERNET users. > Any Windows > user who doesn't realise why his email is getting blocked by an RBL > probably has no qualms about accessing a URL from his PC. Which, as I said, easily explains all the zombied PC's out there. I just looked at the most recent Reject: I have recieved and it contains a virus. And it came from my local email server (well, that's what the headers say and we all know how good the average user is at determining real and forged headers.) bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 17:33:42 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dntvmF35idjiU1@mid.individual.net> In article , david20@alpha2.mdx.ac.uk writes: > In article <5dnftrF35551uU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >>In article , >> "John E. Malmberg" writes: >>> Bill Gunshannon wrote: >>>> In article , >>>> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >>>> >>>>>In article <5djfl4F3575eiU1@mid.individual.net>, bill@cs.uofs.edu (Bill >>>>>Gunshannon) writes: >>>>> >>>>> >>>>>>So, what is the technological solution? >>>>> >>>>>ZEN.SPAMHOUSE.ORG. It's an RBL. And it works fine with HP TCPIP (as of >>>>>version 5.4). >>>> >>>> >>>> And how much legitimate business have you lost because someone who >>>> wanted to contact you had their email bounced because of an RBL for >>>> reasons totally out of their control? It may stop some SPAM, but >>>> it also stops some legitimate traffic. And you will never know you >>>> lost that sale!! >>> >>> With the current state of art of spam filtering, the real state of the >>> art, not the one promoted by many commercial spam filtering, the error >>> rate of the most popular and free DNSbls is almost too low to be measured. >> >>You are joking, right? I have a number of people I exchange emails >>with who get false positives all the time. As I think I stated in >>another message recently, some of the big name ISP's have some of >>their MTA machines listed causing totally random (int he view of the >>user) rejections. Just last week I had someone from the PDP-11 list >>email me and ask why his first message got through, his second did >>not and then his third did. Reason: The first and third were sent >>through Gmail the second through google (don't they run Gmail?). The >>one through google was rejected because of their being RBLed. And >>this was an experienced IT guy who has been doing this stuff for at >>least as long as I have. >> >>Oh, and as another data point. I just asked the most knowledgable >>(network/TCPIP wise) faculty member here and he didn't have a clue >>what an RBL was and if he had received a bounce claiming it as the >>reason he said it would have meant nothing to him. Tell me again >>how these messages are going to get normal users to get their ISP's >>to fix the problem!! >> > The bounce messages from DNSBLs usually include explanatory text which is > obtained from the DNS blocklists TXT records for the IP address. > However I tend to replace this with my own explanatory text such as > > 72.52.73.200 is on the SBL list - See > > > Which includes the IP address being objected to, Name of the DNSBL and > crucially a link to an explanatory web-page. Which would mean absolutely nothing as they don't know what SBL means or who "spamhaus" is. ANd an IP address that also means absolutley nothing to the average user. I'm a geek. I have all those IP addresses in my head. My users don't even know what their own IP address is. heck, don't you watch TV and the movies. The average user doen't even know what a valid IP address looks like (I have seen addresses like 555.934.278.433 on both TV and the movies.) > > I would hope that your knowledgable faculty member would be able to follow a > web link. And I would hope they were knowledgable enough to not visit some web site they were pointed at by a totally untrusted and untrustable entity. >>> >>> It is far lower than the rate of human error, or from e-mail lost >>> through various network and server failures on the Internet. >> >>Somehow, I doubt that. Short of leaving the net for more than a week, >>how does email get lost through mnetwork or server failures? >> >>> >>> Current state of the art for using something like the zen list from >>> spamhaus has resulted in statistics from multiple sources of from about >>> 80 to over 90% of spam delivery attempts blocked and no false positives. >> >>When your mail server refuses to talk to an incoming server because >>of a DNSBL how can you possibly know that wasn't a legitimate contact >>attempt? You never see the message. I have many attempts that are >>broken a the contact point before any of the SMPTP dialogue beyond >>HELO have taken place. >> >>> >>> I have been monitoring forums where people complain about incorrect >>> blocking of DNSbls very loudly for quite a few years now. >> >>But the majority won't complain because only geeks know what it is. >> >>> >>> In the past 5 years, I have seen 0 (zero) complaints about an incorrect >>> listing on a spamhaus list. >> >>Just because a site sends spam and gets listed on spamhaus doesn't mean >>that the same site never sends legitimate email. I have already reported >>that comcast has servers blocked by DNSBL/RBL sites. Are you saying that >>there is never a chance that a legitimate message might come from comcast? >> >>> >>> All the ones that I have seen about open relay and open proxy lists have >>> turned out that there really was a severe problem on the mail server >>> that the owner refused to admit or fix until they found almost no one >>> accepting their e-mail. >> >>And int he meantime, how much legitimate email did you reject? How much >>potential business did you loose? >> >>> >>> Even on the aggressive spamcop.net list, in the majority of the cases >>> where someone complains about an incorrect listing, the investigation >>> shows that criminals and spammers had more control of the mail server. >> >>And that means there is never a legitimate user lost in the shuffle? >> >>> >>> In the past 10 years, I have had only two people claim that their >>> attempt to e-mail me was blocked because they sent it from a mail server >>> operating on a DHCP address. And in both cases, their ISPs had publicly >>> readable TOS that stated that it was prohibited for those I.P. addresses >>> to be running any servers. >> >>And, of course, they could block port 25 and the problem wouldn't exist >>because the guy running the server would probably notice that his MTA >>couldn't talk to anyone. But, believe it or not, there are a lot more >>than just DHCPed servers being blocked. Comcast, Google, Adelphia and >>the list grows bigger everyday. And, as I have already pointed out, >>relying ont he user to understand why his email doesn't get thru is >>guaranteed to fail. In most cases, he will merely go looking for someone >>else to do business with and you loose that potential customer. And, >>once again the victim takes the punishment. >> >>> >>> Because other large ISPs are starting to totally block other ISPs that >>> allow zombies to send spam from their DHCP ranges, most residential ISPs >>> are planning to implement port 25 blocking for those ranges. And in >>> many cases such blocks are implemented with out notice to their >>> customers in order to get a block removed or to prevent a block from >>> being put in. >> >>That's nice to hear, but I would bet it is still a very small percentage >>(and very likely, only in the US!) >> >>> >>>> Realize, with my suggestion you can turn this whole thing around. >>>> Once you have all your regular business on a trusted network you >>>> can reverse the logic of your SPAM filtering. Start looking at >>>> email that comes in from the unttrusted network (ie. The INTERNET) >>>> with filters looking for keywords you want to see, like your product >>>> name or somthing else that doesn't look like "Viagra". :-) And, >>>> dump the rest. >>> >>> Keyword filtering even with Bayesian filtering has been shown to be >>> totally ineffective at spam filtering at a global basis. Every system >>> that I have seen implemented, has been totally ineffective at detecting >>> the majority of spam, including ones that are easily detected because of >>> header defects that are *NEVER* found in legitimate e-mail. >> >>Which is why I recommend a system that allows reversing of the logic. >>Bayesian requires that there be something common in the SPAMs on which >>to filter that can be "learned". It didn't take long for the SPAMers >>to find a way to defeat that. All they have to do is load up their >>mesages with lot's of random real words and Bayesian filters are beaten. >>But if you use positive filtering looking for keywords unique to your >>business what are the chances the SPAMers can dupicate that? And a false >>poisitive int his case would mean that a SPAM gets thru and not that you >>miss an opportunity. Manually scanning the SPAMs that get thru would >>likely be no problem in the long run. >> >>> >>> The only content filtering that I have seen that is 100% accurate in >>> detecting the presence of spam in a message is the URL lookup, where it >>> checks to see if a URL resolves to an IP address in a conservative >>> blocking list. And you only want to do that check if there is a header >>> defect, the source is a public web-mailer, or the source is on an >>> aggressive list like a multihop or an aggressive list like spamcop.net. >> >>Again, that's the reason why we need to come up with a system that reverses >>the logic. Search for what you want and reject all the rest rather than >>trying to search for something un-searchable. >> > If you are going to do that then it can't be based on content scanning. How > long do you think it would take spammers to cotton on and include all the words > and phrases that you are keyed to accept mail on. The current system is being beaten because all they have to do is include randow words from the dictionary. In order to beat reverse filtering they would have to generate custome messages for every single target with specific words rathe than random words in it. How would they determine that a SPAM to Kednos would need words with stuff like PLI or PL1 but that a SPAM to Island would not? > The current system of > looking for words and phrases which spammers use to sell their product and > rejecting based on that at least makes the spammers work to get their message > across. How many different ways can they put someting that the human eye recognizes as "Viagra"? Ihave seen some rather inventive methods used. And, most of it is defeated by including lots of randow garbage words that force the "score" down so they get through anyway. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 17:42:32 +0000 (UTC) From: david20@alpha2.mdx.ac.uk Subject: Re: PLUG: PMAS Message-ID: In article <5dnpiqF35gc3pU5@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: >In article , > helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: >> In article <5dnge1F35551uU2@mid.individual.net>, bill@cs.uofs.edu (Bill >> Gunshannon) writes: >> >>> > By their very nature DNSBLs block all mail whether legitimate or spam >>> > coming from the blocked address. To some extent this is a good thing since >>> > it means the legitimate users put pressure on any ISP getting itself on a >>> > blacklist to clean up it's act. >>> >>> How can they do that when they haven't a clue why their message was >>> rejected? I just asked the most knowledgable faculty memeber on these >>> subjects that we have and he didn't have a clue what an RBL was. Most >>> users are neither geeks nor sys admins. >> >> If the person running the SMTP relay server I used didn't know what an >> RBL was, I would go elsewhere. > >Believe it or not, this is one of the upsides to my idea. It would, >hopefully, spawn some new businesses specifically to provide "clean" >email sites. But the reality today is that probably 90% of the current >MTA servers are run by clueless sys admins. Let's look at it in the >simplest of terms. If you were the Email Server Sys Admin at an ISP >would you not be beatin g on your bosses desk telling him that they >needed to block port 25 for all internal addresses other than yours? >I would!! > Whitelists already exist see http://www.bondedsender.org/senderscorecertified/index.php Somehow I don't see membership of them ever being large enough to rid us of spam. David Webb Security team leader CCSS Middlesex University >bill > >-- >Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves >bill@cs.scranton.edu | and a sheep voting on what's for dinner. >University of Scranton | >Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 17:53:05 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: PLUG: PMAS Message-ID: <5dnv41F35idjiU2@mid.individual.net> In article , helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes: > In article <5dni10F33r1bdU1@mid.individual.net>, bill@cs.uofs.edu (Bill > Gunshannon) writes: > >> I just did a quick scan of my maillogs since midnight. I see dozens of >> sites listed as being "Exploitable Servers". I don't know how to break >> this to people but that is frequently just the fault of an incompetent >> sys admin and the majority of real users at this sites are legitimate. > > zen.spamhaus.org is a combination of 3 RBLs. If you like, you can use 2 > of the three and not block the exploitable-servers list. > > Also, even if the majority of USERS at those sites are legitimate, that > doesn't mean that they have to send email THROUGH or directly FROM the > blocked address. These days, any serious ISP should offer a trusted > server for clients to send email through, and if he is worth his salt > this won't be blocked. See, there you go talking like a geek or a sys admin again. The average user of the INTERNET thinks this stuff is more magic than Harry Potter. He doesn't know about "trusted servers" or "blocked addresses". He clicks on his email client and it either works or it doesn't. In many cases, he doesn't even know if it did or didn't. He just assumes it did. > > If something is listed, there is a legitimate reason. As a result, many > people will block it. Email from other people, even if it reaches you, > will be blocked by these people. If you block it AND deliver them an > error message they can understand, perhaps pointing them to a URL or > whatever, then you are doing them a big service. Even if their email > gets through to you, it won't be getting through to other sites. But you are assuming they have a clue how any of this works. They don't and most don't want to. No more than they know how their phone calls get routed or care. They are using a home appliance. These are "12:00 o'clock flashers". People who can't even program VCR or think that tray that pops out of the front of their computer is a cup holder. > > Again, if they send an email to the support address of their ISP with > the error message, if the ISP can't respond properly, they aren't worth > staying with. And, assuming the user could fathom this, unless he lives in a major city, what are his options? Most of the areas around here are still serviced by one and only one ISP. Many areas are still dial-up with no prospect for DSL or Cable in the foreseeable future (if ever!) > The end-user doesn't have to understand the technical > details, he just has to realise there is a problem which his ISP can > solve. He has to understand them enough to know there is a problem with a possible solution. Sadly, in my dealings with the techies at a number of the local ISP's (including a major national telecommunications company) even they don't. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 12:54:27 -0500 From: wb8tyw@qsl.network (John E. Malmberg) Subject: Re: PLUG: PMAS Message-ID: In article <5dnr09F32rpkjU1@mid.individual.net>, bill@cs.uofs.edu (Bill Gunshannon) writes: > In article , > "Tom Linden" writes: >> I have following in MX, and I get very little SPAM >> >> RBL domains to check: >> BL.SPAMCOP.NET The bl.spamcop.net is agressive and will cause real e-mails to be rejected, particularly from residential ISPs from multi-hop exploits and from public free web mailers that are still accepting e-mail from known compromised computers. That one is better to use with just scoring. >> CBL.ABUSEAT.ORG >> DNSBL.NJABL.ORG Most of the content of the above two will be picked up by using xbl.spamhaus.org in one lookup. The difference is that the spamhaus removes the DHCP listings. The sbl-xbl.spamhaus.org is usually used instead of the above now, along with a DHCP zone. Spamhaus.org is now supplying zen.spamhaus.org which should completely replace the above two to make your queries even faster. The zen list contains: pbl.spamhaus.org - I.P. address ranges known not to have mail servers. Mostly compiled from ISPs voluntarily listing them. xbl.spamhaus.org - Known zombied computers it really is: cbl.abuseat.org - Spamtraps with backscatter filtered out. dnsbl.njabl.org - Known compromised computers (dhcp zone removed) sbl.spamhaus.org - Knowned to be controlled by one or more spammers directly. >> OPM.BLITZED.ORG This one has been dead for quite a while. They had a server failure and have not been able to replace it. >> RELAYS.VISI.COM I have not heard of any one else admitting to that one. I have seen the dynablock.njabl.org and dul.dnsbl.sorbs.net used for blocking DHCP addresses. Of them the dul.dnsbl.sorbs.net seems to be the most complete and up to date. You can expect a small amount of real e-mail rejected from using a DHCP list. The amount will be extremely small compared to the total volume of real email that you get from other sources. Over 50% of all spam delivery attempts comes from known DHCP ranges. Of the spam that gets through to me, at least 10% of it comes from obvious DHCP ranges that are not yet listed. > Yes, but here is the big question and take your time and think about > this for at least a few minutes. > > At what point in the conversation does the system reject the mail > and break the connection? During the DATA? After the RCPT TO:? > After the MAIL FROM:? What I have seen is the first line is ACL lists in the router, when the spam delivery attempts reach enough of a threshold that it is wasteful to even let the mail server reject the message. The second line is the DNSbls that reject at the HELO, followed by rDNS verification and sanity checks. I have seen many postings and letters from postmasters that process the volume of spam later would force them to buy a significantly more expensive bandwidth package from their supplier. > I have looked at mine. It usually makes > its determination by the time of the HELO, before it knows who > the sender, recipient or any of the body of the message is. If > this is the case, how do you know it is not rejecting what could > be legitimate attempts to communicate with you? How do you know how many of those attempts were lost from other causes such as server malfunctions, network errors, or accidentally deleted by the human that was intended to read them? The same way that you know about the amount of real e-mail rejected by a DNSbl. The difference is that it is usually faster and easier to find and fix the problem when an SMTP reject is used. > How much business > can you afford to miss? And all because your potential customer > signed up with a lousy ISP. How much business can you afford to lose because your server is too clogged with spam to handle legitimate e-mail? How many fraudulant orders can a business be expected to get from known compromised computers V.S. how many legitimate orders? I see the most complaints about lost real e-mails from servers that primarily do their spam filtering after accepting the message through SMTP. Just from personal experience and from watching others, the evidence that I see is that the typical user or business is more likely to lose significant legitimate e-mail if their spam is sorted after the body of all the messages spam and real gets into the server. These users/businesses are also more likely to have mail server downtime in those cases, and the mail server and network need to have about 90% more bandwidth and storage capacity than it would otherwise need. -John wb8tyw@qsl.network Personal Opinion Only ------------------------------ Date: 18 Jun 2007 08:09:14 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Proof that, at least once, DEC had a marketing budget Message-ID: <0b8DhQ5yuE1o@eisner.encompasserve.org> In article , Ron Johnson writes: > > http://computerworld.com.edgesuite.net/digital_mainframe_11981.jpg > Note that they weren't marketing VMS. ------------------------------ Date: Mon, 18 Jun 2007 12:38:16 -0400 From: Chuck Aaron Subject: Question about TCPIP$ftp - copy taking a long time Message-ID: Does anyone have an idea as to why a small file might be taking so long to copy? The client is logging into the system from outside and then ftp/copying files into the system for updates. The files are numerous but very small. Thanks. ------------------------------ Date: 18 Jun 2007 12:10:52 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: Question about TCPIP$ftp - copy taking a long time Message-ID: In article , Chuck Aaron writes: > Does anyone have an idea as to why a small file might be > taking so long to copy? The client is logging into the system > from outside and then ftp/copying files into the system for > updates. The files are numerous but very small. If the files are sufficiently numberous and the version of VMS sufficiently old the directory size may be exceeding the cache. Otherwise, you may have a slow link somewhere in the connection. Please see the FAQ for how to post the information we need in order toanswer your question completely. ------------------------------ Date: Mon, 18 Jun 2007 12:40:21 +0200 From: Michael Kraemer Subject: Re: Question for the Group Message-ID: AEF schrieb: > > Because VMS systems have higher margins. Overall HP margin is 8%. BCS' margin is not much larger, about 8.8%. So either VMS does not contribute significantly to BCS' results or its margins are not that much larger than the average. > Suppose that HP replaced all > its customers' Windows systems with VMS systems. This would cause a > big increase in profits, no? Maybe, theoretically. But VMS systems can't do what Windows system can do on the desktop. > This would have the added advantage of > not having to deal with MS or Linux. With Linux they wouldn't have the burden to develop an own OS. > And HP would have a hold on the > customers. And the customers would greatly benefit from a very > superior operating system. What horrors am I missing in this scenario? > > And how much extra effort would it really take? Just take a reasonable > fraction of VMS's profits to do some marketing and see what happens. > Would it kill anyone to do so? I simply don't believe in the omnipotence of "marketing", not if it would go against the trend. I remotely remember IBMs OS/2 campaign against Windows 3.1 in the early 1990s. Their product was good, the advertisement cool, they got a few retailers on board, but the trade press and the majority of users (and maybe even part of IBM) were against it, and by the time Windoze 95 came along, all was history. What do you want to advertise ? Any cool groundbreaking apps since 1998 ? The biggest news would be the completion of yet another port, this time to a mediocre CPU. > So why don't they just drop everything else and re-brand themselves as > INKS R US? They could rewrite their motto: The hell with invent. Ink > it up! I wouldn't be surprised if it happened. HP is no longer the high tech IT company it used to be. > >>As far as the potential goes: I think (as does probably HP) >>you vastly overestimate that, the hey-days of VMS are long gone. > > > Again you repeat the self-defeating logic: "Why fix something that's > broken?" Well, you don't fix something that's not broken!!! Maybe because it's so broken that fixing isn't worthwhile ? Even if it has been deliberately damaged, accusations won't change the end results. > So if VMS is so lame, why doesn't HP sell it? In fact, why don't they > sell the entire BCS division if it's such tiny a portion of HP's > revenues or profits? (I don't really know how big BCS is in HP, so > maybe ignore this last statement. Correction welcome.) Just look at the numbers publicly available at openvms.org. I was surprised myself how low a profile serious computing has in today's HP. BCS is indeed so tiny they could sell it with little result on their bottom line. At least that's what the numbers tell me. And this interpretation includes HP-UX as much as VMS. > >>The few companies who still believe VMS is indispensable for their >>IT will buy it anyway, without marketing. > > > That's EXACTLY why VMS needs marketing: To be sold to people who may > not find it "indispensable", but to whom VMS would still be a better > choice. ... Hey, VMS is always the better choice, no? :-) No it isn't. I mean I know well that discussing here about the merits of VMS vs say, *X, is about as fruitless as discussing with Boob whether god exists or not. But the majority of customers do not have that much use for the few features VMS might still have advantages. Again, what do you want to advertise ? Security ? OK, the average guy would think: yet another server OS which claims to be better than the rest. Yawn. Uptime ? With today's *X boxes you can get easily uptimes measured in years. And why buy into VMS' arcane clustering when a simple mainstream HA solution does the job as well ? Few businesses need 24x365 uptime. > Back in 2000 I interviewed at Prudential. They said they were looking > for a VMS sys admin but that their VMS systems were going to be > decommissioned in a year or two as they switch to some Unix solution. > They give one reason as Oracle insisting they run on one particular > version of VMS. I think there were other reasons. Anyway, if DEC/ > Compaq/HP hadn't killed the Alpha and had actively promoted VMS they'd > still probably be using it. By resuming promotion and increasing > support, HP can win new VMS customers like Prudential. If this company has decided to leave VMS for a variety of reasons simple marketing wouldn't win them back. > And it would > help sell more Itanium systems! > > >>Its (almost) just like IBM treat their "legacy" iSeries/zSeries business. > > IBM seems to put a lot more into their operations control systems than > other companies. This also reflects my experience using IBM computers > at the New York Blood Center in 1994. well, I never worked with AS/400, but did so with S/390 about a decade ago. What I meant is that IBM seems to try to keep them alive, but they do not try to fight an uphill battle to restore them to their original glory. I think they know very well that they will dwindle away over time. I might agree with you that HP (and DEC before) weren't the smartest when they were cannibalizing their VMS business in favor of their Unix offerings. I never heard an IBM rep say: through away your AS/400s and by RS/6000s instead. ------------------------------ Date: Mon, 18 Jun 2007 13:24:50 +0200 From: "P. Sture" Subject: Re: Question for the Group Message-ID: In article , Michael Kraemer wrote: > I remotely remember IBMs OS/2 campaign against Windows 3.1 > in the early 1990s. Their product was good, the advertisement > cool, they got a few retailers on board, but the trade press > and the majority of users (and maybe even part of IBM) were > against it, and by the time Windoze 95 came along, > all was history. But in those days, a lot of people were trying to get away from Big Blue. I vaguely remember a lot of resistance to the MCA architecture which came with PS/2s. The PS/2 running Windows 3.1 which sat on my desk (largely unused) in the mid 1990s was a leftover from an earlier OS/2 project which hadn't worked out. Those PS/2s had actually cost more _each_ than I had sprung for a Microvax a few years earlier. -- Paul Sture ------------------------------ Date: 18 Jun 2007 11:45:27 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Question for the Group Message-ID: <5dn9inF33k1s4U2@mid.individual.net> In article <1182136373.566444.243110@g4g2000hsf.googlegroups.com>, AEF writes: > On Jun 13, 4:46 am, Michael Kraemer wrote: >> AEF schrieb: > [...] >> > Again you're justifying letting the patient die by saying, "Look, the >> > patient is dying. Let's go home." It's the POTENTIAL profits. High- >> > margin profits. >> >> > History has proved that companies are willing to spend more for VMS if >> > it weren't allowed to languish as it is. Would it kill HP to try? >> > Would the shareholders revolt if profits from VMS increased? Doesn't >> > it make sense to market your high-margin products? >> >> Well, I'm not in HPs shoes and I have no business >> in defending their actions, I just find their strategy comprehensible. >> Why should they put extra effort on such a tiny fraction of their business ? > > Because VMS systems have higher margins. Suppose that HP replaced all > its customers' Windows systems with VMS systems. That wold be a mighty big supposition as it is impossible. > This would cause a > big increase in profits, no? This would have the added advantage of > not having to deal with MS or Linux. And HP would have a hold on the > customers. And the customers would greatly benefit from a very > superior operating system. What horrors am I missing in this scenario? How about the fact that it can't be done and that the investment that wold be needed to do it would be astronomical with little cahnce to rrecoup the investment as your just not going to displace Windows. Other options exist today and they never get more than a tiny percent of the market dominated by Windows. > > And how much extra effort would it really take? Just take a reasonable > fraction of VMS's profits to do some marketing and see what happens. > Would it kill anyone to do so? It would take millions of dollars and god only knows how many man years to come up with equivalent software for VMS to displave Windows. > >> Even if VMS revenue was several times larger at the time of >> the Compaq takeover, it still was dwarfed by HPs ink ocean. > > So were its calculator revenues. Should they let their calculator > business whither away? I kinda thought they had. My latest calculator is a Casio and I really don't remember the last time I saw an HP calculator anywhere but in the junk drawer of desk at home (I have two of them, onde dating back to my high school days!) > > So why don't they just drop everything else and re-brand themselves as > INKS R US? They could rewrite their motto: The hell with invent. Ink > it up! Because they are making money the way the do it now. "If it ain't broke, don't fix it." And from their point of view it ain't. > >> As far as the potential goes: I think (as does probably HP) >> you vastly overestimate that, the hey-days of VMS are long gone. > > Again you repeat the self-defeating logic: "Why fix something that's > broken?" Well, you don't fix something that's not broken!!! > > So if VMS is so lame, why doesn't HP sell it? Cash cow. It is returning money on a basicly near zero investment. > In fact, why don't they > sell the entire BCS division if it's such tiny a portion of HP's > revenues or profits? (I don't really know how big BCS is in HP, so > maybe ignore this last statement. Correction welcome.) See above. :-) > >> The few companies who still believe VMS is indispensable for their >> IT will buy it anyway, without marketing. > > That's EXACTLY why VMS needs marketing: To be sold to people who may > not find it "indispensable", but to whom VMS would still be a better > choice. ... Hey, VMS is always the better choice, no? :-) Not when you make most of your money selling Windows boxes. > > Yet again you return with your self-defeating "Why fix something > that's broken?" logic. But it isn't broken in their view, only in ours. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: Mon, 18 Jun 2007 11:56:41 +0000 (UTC) From: m.kraemer@gsi.de (Michael Kraemer) Subject: Re: Question for the Group Message-ID: In article , "P. Sture" writes: > > But in those days, a lot of people were trying to get away from Big Blue. > > I vaguely remember a lot of resistance to the MCA architecture which > came with PS/2s. I don't think I can second that. IBM != PS/2, I don't even think that was a such a large portion of their business, it was just an attempt to recapture some of the PC market which didn't pan out in the end. OS/2 OTOH ran on quite a couple of commodity boxes, e.g. from Escom or Vobis, who wanted to get away from *M$* and found IBMs offering quite attractive. > The PS/2 running Windows 3.1 which sat on my desk (largely unused) in > the mid 1990s was a leftover from an earlier OS/2 project which hadn't > worked out. Those PS/2s had actually cost more _each_ than I had sprung > for a Microvax a few years earlier. But PS/2s were probably much faster. ------------------------------ Date: Mon, 18 Jun 2007 05:39:33 -0700 From: AEF Subject: Re: Question for the Group Message-ID: <1182170373.940695.261430@q69g2000hsb.googlegroups.com> On Jun 18, 6:40 am, Michael Kraemer wrote: > AEF schrieb: > > > > > Because VMS systems have higher margins. > > Overall HP margin is 8%. > BCS' margin is not much larger, about 8.8%. > So either VMS does not contribute significantly > to BCS' results or its margins are not that much larger > than the average. I thought VMS was a higher-margin product than that. Maybe not. I think it certainly used to be and people were willing to pay more for quality. > > Suppose that HP replaced all > > its customers' Windows systems with VMS systems. This would cause a > > big increase in profits, no? > > Maybe, theoretically. But VMS systems can't do what Windows system > can do on the desktop. I meant other than desktop. > > This would have the added advantage of > > not having to deal with MS or Linux. > > With Linux they wouldn't have the burden to develop > an own OS. > > > And HP would have a hold on the > > customers. And the customers would greatly benefit from a very > > superior operating system. What horrors am I missing in this scenario? > > > And how much extra effort would it really take? Just take a reasonable > > fraction of VMS's profits to do some marketing and see what happens. > > Would it kill anyone to do so? > > I simply don't believe in the omnipotence of "marketing", > not if it would go against the trend. Then how did Windows get to be so big? > I remotely remember IBMs OS/2 campaign against Windows 3.1 > in the early 1990s. Their product was good, the advertisement > cool, they got a few retailers on board, but the trade press > and the majority of users (and maybe even part of IBM) were > against it, and by the time Windoze 95 came along, > all was history. One failure doesn't prove anything. If Windows didn't succeed through marketing, then how did it succeed? Certainly not through techincal excellence! > > What do you want to advertise ? > Any cool groundbreaking apps since 1998 ? > The biggest news would be the completion of yet another port, > this time to a mediocre CPU. WTC success stories. Just general promotion to at least keep things from sliding further. There's some good promotional material on HP's Web site. Make a few ads from it. Nothing expensive. What would it hurt? > > > So why don't they just drop everything else and re-brand themselves as > > INKS R US? They could rewrite their motto: The hell with invent. Ink > > it up! > > I wouldn't be surprised if it happened. > HP is no longer the high tech IT company it used to be. > > > > >>As far as the potential goes: I think (as does probably HP) > >>you vastly overestimate that, the hey-days of VMS are long gone. > > > Again you repeat the self-defeating logic: "Why fix something that's > > broken?" Well, you don't fix something that's not broken!!! > > Maybe because it's so broken that fixing isn't worthwhile ? > Even if it has been deliberately damaged, > accusations won't change the end results. Well, you didn't say that before. > > > So if VMS is so lame, why doesn't HP sell it? In fact, why don't they > > sell the entire BCS division if it's such tiny a portion of HP's > > revenues or profits? (I don't really know how big BCS is in HP, so > > maybe ignore this last statement. Correction welcome.) > > Just look at the numbers publicly available at openvms.org. > I was surprised myself how low a profile serious computing has > in today's HP. > BCS is indeed so tiny they could sell it with little result > on their bottom line. At least that's what the numbers tell me. > And this interpretation includes HP-UX as much as VMS. > > > > >>The few companies who still believe VMS is indispensable for their > >>IT will buy it anyway, without marketing. > > > That's EXACTLY why VMS needs marketing: To be sold to people who may > > not find it "indispensable", but to whom VMS would still be a better > > choice. ... Hey, VMS is always the better choice, no? :-) > > No it isn't. I mean I know well that discussing here about the merits > of VMS vs say, *X, is about as fruitless as discussing with Boob > whether god exists or not. > But the majority of customers do not have that much use > for the few features VMS might still have advantages. > Again, what do you want to advertise ? > Security ? OK, the average guy would think: yet > another server OS which claims to be better than the rest. > Yawn. Others advertise security. Why not VMS? Why not back it up with something? What would it hurt? > Uptime ? With today's *X boxes you can get easily uptimes > measured in years. And why buy into VMS' arcane clustering > when a simple mainstream HA solution does the job as well ? > Few businesses need 24x365 uptime. But they need security and quality. I'm not convinced VMS's clustering is so bad. > > > Back in 2000 I interviewed at Prudential. They said they were looking > > for a VMS sys admin but that their VMS systems were going to be > > decommissioned in a year or two as they switch to some Unix solution. > > They give one reason as Oracle insisting they run on one particular > > version of VMS. I think there were other reasons. Anyway, if DEC/ > > Compaq/HP hadn't killed the Alpha and had actively promoted VMS they'd > > still probably be using it. By resuming promotion and increasing > > support, HP can win new VMS customers like Prudential. > > If this company has decided to leave VMS for a variety of reasons > simple marketing wouldn't win them back. But it might keep others from jumping ship. > > > And it would > > help sell more Itanium systems! > > >>Its (almost) just like IBM treat their "legacy" iSeries/zSeries business. > > > IBM seems to put a lot more into their operations control systems than > > other companies. This also reflects my experience using IBM computers > > at the New York Blood Center in 1994. > > well, I never worked with AS/400, > but did so with S/390 about a decade ago. > What I meant is that IBM seems to try to keep them alive, > but they do not try to fight an uphill battle to restore > them to their original glory. I think they know very well that > they will dwindle away over time. > > I might agree with you that HP (and DEC before) weren't > the smartest when they were cannibalizing their VMS business > in favor of their Unix offerings. I never heard an IBM rep > say: through away your AS/400s and by RS/6000s instead. AEF ------------------------------ Date: Mon, 18 Jun 2007 05:43:24 -0700 From: AEF Subject: Re: Question for the Group Message-ID: <1182170604.972712.141840@k79g2000hse.googlegroups.com> On Jun 18, 7:45 am, b...@cs.uofs.edu (Bill Gunshannon) wrote: > In article <1182136373.566444.243...@g4g2000hsf.googlegroups.com>, > AEF writes: > > > > > > > On Jun 13, 4:46 am, Michael Kraemer wrote: > >> AEF schrieb: > > [...] > >> > Again you're justifying letting the patient die by saying, "Look, the > >> > patient is dying. Let's go home." It's the POTENTIAL profits. High- > >> > margin profits. > > >> > History has proved that companies are willing to spend more for VMS if > >> > it weren't allowed to languish as it is. Would it kill HP to try? > >> > Would the shareholders revolt if profits from VMS increased? Doesn't > >> > it make sense to market your high-margin products? > > >> Well, I'm not in HPs shoes and I have no business > >> in defending their actions, I just find their strategy comprehensible. > >> Why should they put extra effort on such a tiny fraction of their business ? > > > Because VMS systems have higher margins. Suppose that HP replaced all > > its customers' Windows systems with VMS systems. > > That wold be a mighty big supposition as it is impossible. > > > This would cause a > > big increase in profits, no? This would have the added advantage of > > not having to deal with MS or Linux. And HP would have a hold on the > > customers. And the customers would greatly benefit from a very > > superior operating system. What horrors am I missing in this scenario? > > How about the fact that it can't be done and that the investment that > wold be needed to do it would be astronomical with little cahnce to > rrecoup the investment as your just not going to displace Windows. > Other options exist today and they never get more than a tiny percent > of the market dominated by Windows. So do what you can! > > And how much extra effort would it really take? Just take a reasonable > > fraction of VMS's profits to do some marketing and see what happens. > > Would it kill anyone to do so? > > It would take millions of dollars and god only knows how many man years > to come up with equivalent software for VMS to displave Windows. So start small. You don't have to completely displace Windows to just try to increase sales a little. It's not an all-or-nothing thing. > >> Even if VMS revenue was several times larger at the time of > >> the Compaq takeover, it still was dwarfed by HPs ink ocean. > > > So were its calculator revenues. Should they let their calculator > > business whither away? > > I kinda thought they had. My latest calculator is a Casio and I really > don't remember the last time I saw an HP calculator anywhere but in the > junk drawer of desk at home (I have two of them, onde dating back to my > high school days!) Hmmm. I haven't checked recently. > > So why don't they just drop everything else and re-brand themselves as > > INKS R US? They could rewrite their motto: The hell with invent. Ink > > it up! > > Because they are making money the way the do it now. "If it ain't broke, > don't fix it." And from their point of view it ain't. That doesn't mean they can't do better. > >> As far as the potential goes: I think (as does probably HP) > >> you vastly overestimate that, the hey-days of VMS are long gone. > > > Again you repeat the self-defeating logic: "Why fix something that's > > broken?" Well, you don't fix something that's not broken!!! > > > So if VMS is so lame, why doesn't HP sell it? > > Cash cow. It is returning money on a basicly near zero investment. Well, all the more reason to do at least a little advertising to keep the cash coming! Would it kill anyone to try? > > > In fact, why don't they > > sell the entire BCS division if it's such tiny a portion of HP's > > revenues or profits? (I don't really know how big BCS is in HP, so > > maybe ignore this last statement. Correction welcome.) > > See above. :-) > > >> The few companies who still believe VMS is indispensable for their > >> IT will buy it anyway, without marketing. > > > That's EXACTLY why VMS needs marketing: To be sold to people who may > > not find it "indispensable", but to whom VMS would still be a better > > choice. ... Hey, VMS is always the better choice, no? :-) > > Not when you make most of your money selling Windows boxes. But couldn't you make MORE money selling VMS? > > > Yet again you return with your self-defeating "Why fix something > > that's broken?" logic. > > But it isn't broken in their view, only in ours. Can't argue with that! > > bill > > -- > Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves > b...@cs.scranton.edu | and a sheep voting on what's for dinner. > University of Scranton | > Scranton, Pennsylvania | #include - Hide quoted text - > > - Show quoted text - AEF ------------------------------ Date: Mon, 18 Jun 2007 07:07:50 -0700 From: "Tom Linden" Subject: Re: Question for the Group Message-ID: On Mon, 18 Jun 2007 03:40:21 -0700, Michael Kraemer wrote: > AEF schrieb: > Because VMS systems have higher margins. Overall HP margin is 8%. > BCS' margin is not much larger, about 8.8%. The VMS portion if separately broken out would be about 20% > So either VMS does not contribute significantly > to BCS' results or its margins are not that much larger > than the average. > -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ------------------------------ Date: Mon, 18 Jun 2007 14:45:13 +0000 (UTC) From: m.kraemer@gsi.de (Michael Kraemer) Subject: Re: Question for the Group Message-ID: In article <1182170373.940695.261430@q69g2000hsb.googlegroups.com>, AEF writes: > > I thought VMS was a higher-margin product than that. Maybe not. I > think it certainly used to be and people were willing to pay more for > quality. I don't know either, since the numbers at openvms.org aren't further specified and I"m not inclined to wade through HPs entire business report. > > One failure doesn't prove anything. If Windows didn't succeed through > marketing, then how did it succeed? Certainly not through techincal > excellence! Sure it was also marketing, but Windoze, as buggy as it may be, gave the masses what they wanted, some toy they could play games, edit their letters and (later) surf the internet. That those boxes crashed 10 times a day didn't matter much, apparently. It was second rank. > WTC success stories. And how often should I assume WTC-like events will happen ? > Just general promotion to at least keep things > from sliding further. There's some good promotional material on HP's > Web site. Make a few ads from it. Nothing expensive. What would it > hurt? Well, I agree, some "we're still there" message wouldn't hurt. I seem to remember IBM ads for their legacy systems carrying a similar message, every now and then. But beating the big marketing drum without real new stuff behind would be a waste of money. > Others advertise security. Why not VMS? Why not back it up with > something? What would it hurt? Nothing, but would it help ? Everybody claims to be "secure" these days. Now if VMS would have some security certificate from NSA or whoever issues such things, putting them five notches above the usual Unix crowd, that would be something to brag about. OTOH, "security" these days means to organize your IT so that it has minimum cross section to the evil internet, rather than the choice of a particular OS. Raise a firewall, hide business critical systems and important databases etc. > > But they need security and quality. I'm not convinced VMS's clustering > is so bad. I wouldn't say it's bad, but the vast majority of sites apart from the usual suspect won't need it that desperately. So it would not be the great differentiator. A vehicle on 6 wheels might be great off-road, but isn't such an advantage if one just drives down-town for shopping (apart from trying to impress people, but thats neither economical nor ecological) ------------------------------ Date: 18 Jun 2007 15:33:34 GMT From: bill@cs.uofs.edu (Bill Gunshannon) Subject: Re: Question for the Group Message-ID: <5dnmudF34qmc8U1@mid.individual.net> In article <1182170604.972712.141840@k79g2000hse.googlegroups.com>, AEF writes: > On Jun 18, 7:45 am, b...@cs.uofs.edu (Bill Gunshannon) wrote: >> In article <1182136373.566444.243...@g4g2000hsf.googlegroups.com>, >> AEF writes: >> >> >> >> >> >> > On Jun 13, 4:46 am, Michael Kraemer wrote: >> >> AEF schrieb: >> > [...] >> >> > Again you're justifying letting the patient die by saying, "Look, the >> >> > patient is dying. Let's go home." It's the POTENTIAL profits. High- >> >> > margin profits. >> >> >> > History has proved that companies are willing to spend more for VMS if >> >> > it weren't allowed to languish as it is. Would it kill HP to try? >> >> > Would the shareholders revolt if profits from VMS increased? Doesn't >> >> > it make sense to market your high-margin products? >> >> >> Well, I'm not in HPs shoes and I have no business >> >> in defending their actions, I just find their strategy comprehensible. >> >> Why should they put extra effort on such a tiny fraction of their business ? >> >> > Because VMS systems have higher margins. Suppose that HP replaced all >> > its customers' Windows systems with VMS systems. >> >> That wold be a mighty big supposition as it is impossible. >> >> > This would cause a >> > big increase in profits, no? This would have the added advantage of >> > not having to deal with MS or Linux. And HP would have a hold on the >> > customers. And the customers would greatly benefit from a very >> > superior operating system. What horrors am I missing in this scenario? >> >> How about the fact that it can't be done and that the investment that >> wold be needed to do it would be astronomical with little cahnce to >> rrecoup the investment as your just not going to displace Windows. >> Other options exist today and they never get more than a tiny percent >> of the market dominated by Windows. > > So do what you can! I and others have. In the end, we lost. It's not is our hands and the one in who's hands it is just plain doesn't care. > >> > And how much extra effort would it really take? Just take a reasonable >> > fraction of VMS's profits to do some marketing and see what happens. >> > Would it kill anyone to do so? >> >> It would take millions of dollars and god only knows how many man years >> to come up with equivalent software for VMS to displave Windows. > > So start small. You don't have to completely displace Windows to just > try to increase sales a little. It's not an all-or-nothing thing. If you start small then the money will just appear to run down the toilet with no return and the spigot will be shut back off real fast. > >> >> Even if VMS revenue was several times larger at the time of >> >> the Compaq takeover, it still was dwarfed by HPs ink ocean. >> >> > So were its calculator revenues. Should they let their calculator >> > business whither away? >> >> I kinda thought they had. My latest calculator is a Casio and I really >> don't remember the last time I saw an HP calculator anywhere but in the >> junk drawer of desk at home (I have two of them, onde dating back to my >> high school days!) > > Hmmm. I haven't checked recently. > >> > So why don't they just drop everything else and re-brand themselves as >> > INKS R US? They could rewrite their motto: The hell with invent. Ink >> > it up! >> >> Because they are making money the way the do it now. "If it ain't broke, >> don't fix it." And from their point of view it ain't. > > That doesn't mean they can't do better. But "they" don't see any reason to do at all. > >> >> As far as the potential goes: I think (as does probably HP) >> >> you vastly overestimate that, the hey-days of VMS are long gone. >> >> > Again you repeat the self-defeating logic: "Why fix something that's >> > broken?" Well, you don't fix something that's not broken!!! >> >> > So if VMS is so lame, why doesn't HP sell it? >> >> Cash cow. It is returning money on a basicly near zero investment. > > Well, all the more reason to do at least a little advertising to keep > the cash coming! Would it kill anyone to try? I think you miss the point of a cash cow. You milk it all you can while not putting a dime in the slot. And when it goes dry you send it to the slaughter house. > >> >> > In fact, why don't they >> > sell the entire BCS division if it's such tiny a portion of HP's >> > revenues or profits? (I don't really know how big BCS is in HP, so >> > maybe ignore this last statement. Correction welcome.) >> >> See above. :-) >> >> >> The few companies who still believe VMS is indispensable for their >> >> IT will buy it anyway, without marketing. >> >> > That's EXACTLY why VMS needs marketing: To be sold to people who may >> > not find it "indispensable", but to whom VMS would still be a better >> > choice. ... Hey, VMS is always the better choice, no? :-) >> >> Not when you make most of your money selling Windows boxes. > > But couldn't you make MORE money selling VMS? Not necessarily. Depends on what it costs and how it compares to what you get back. It could end up costing money. And HP seems unwilling to take that risk. >> >> > Yet again you return with your self-defeating "Why fix something >> > that's broken?" logic. >> >> But it isn't broken in their view, only in ours. > > Can't argue with that! Your points are interesting but, unfortunately, you are once again preaching to the choir. The people who control the situation are never going to see this and, right or wrong, it is going to have no influence ont heir decisions regarding the future of VMS. bill -- Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves bill@cs.scranton.edu | and a sheep voting on what's for dinner. University of Scranton | Scranton, Pennsylvania | #include ------------------------------ Date: 18 Jun 2007 07:43:56 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: VMS analogue of FBSD and linux hier(7) man pages Message-ID: In article , Rich Alderson writes: > > To most non-VMS/non-Tops-20 people, speaking of a hierarchical filesystem > implies a single system-wise filesystem root, a la Multics. Nonesense. You speak as if no one has ever seen MS-DOS, or Windows. ------------------------------ Date: 18 Jun 2007 09:56:14 -0500 From: Kilgallen@SpamCop.net (Larry Kilgallen) Subject: Re: VMS analogue of FBSD and linux hier(7) man pages Message-ID: <$HI6sTXwj6Xv@eisner.encompasserve.org> In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes: > In article , Rich Alderson writes: >> >> To most non-VMS/non-Tops-20 people, speaking of a hierarchical filesystem >> implies a single system-wise filesystem root, a la Multics. > > Nonesense. You speak as if no one has ever seen MS-DOS, or Windows. Or MacOS 7.5, 8.* and 9.*. ------------------------------ Date: Mon, 18 Jun 2007 09:31:38 -0400 From: Chuck Aaron Subject: VMS set Audit/disable command Message-ID: What is the command to disable login, logfailures, and file access below please? Thanks. CHUCK> show audit System security alarms currently enabled for: Audit: illformed Breakin: dialup,local,remote,network,detached Login: network Logfailure: batch,dialup,local,remote,network,subprocess,detached,server FILE access: Failure: read,write,execute,delete,control DEVICE access: Failure: read,write,physical,logical,control VOLUME access: Failure: read,write,create,delete,control ------------------------------ Date: Mon, 18 Jun 2007 13:51:26 -0000 From: IanMiller Subject: Re: VMS set Audit/disable command Message-ID: <1182174686.642488.82500@q69g2000hsb.googlegroups.com> $ SET AUDIT/ALARM/DISABLE=(LOGIN,LOGFAILURE, ACCESS) ------------------------------ Date: Mon, 18 Jun 2007 09:55:02 -0400 From: Chuck Aaron Subject: Re: VMS set Audit/disable command Message-ID: SYSTEM> SET AUDIT/ALARM/DISABLE=(LOGIN,LOGFAILURE,ACCESS) %DCL-W-VALREQ, missing qualifier or keyword value - supply all required values \LOGIN\ SYSTEM> IanMiller wrote: > $ SET AUDIT/ALARM/DISABLE=(LOGIN,LOGFAILURE, ACCESS) > > ------------------------------ Date: Mon, 18 Jun 2007 13:59:10 -0000 From: IanMiller Subject: Re: VMS set Audit/disable command Message-ID: <1182175150.088462.130910@w5g2000hsg.googlegroups.com> SET AUDIT/ALARM/DISABLE=(LOGIN=ALL,LOGFAILURE, ACCESS) ------------------------------ Date: Mon, 18 Jun 2007 10:00:49 -0400 From: Chuck Aaron Subject: Re: VMS set Audit/disable command Message-ID: Thanks Ian. IanMiller wrote: > SET AUDIT/ALARM/DISABLE=(LOGIN=ALL,LOGFAILURE, ACCESS) > > > ------------------------------ Date: 18 Jun 2007 12:08:35 -0500 From: koehler@eisner.nospam.encompasserve.org (Bob Koehler) Subject: Re: VMS set Audit/disable command Message-ID: In article , Chuck Aaron writes: > What is the command to disable login, logfailures, and file access below > please? > > Thanks. Varies according to the major version of VMS. ------------------------------ Date: Mon, 18 Jun 2007 09:39:52 GMT From: "John Wallace" Subject: Why is SMTP still relevant? Message-ID: "Ron Johnson" wrote in message news:p50di.582903$2Q1.250900@newsfe16.lga... > On 06/16/07 20:04, Bill Gunshannon wrote: > [snip] > > > > So, what is the technological solution? > > Hardened operating systems and some sort of email-account > pre-registration with organizations that issue web-of-trust PGP/GPG > digital signatures. Every user would need to think of a strong > passphrase before being allowed to send email. All emails would > have to be signed. Using computers and the internet would become > *much* more complicated and usage would plummet. > > Computers would then only be used by geeks and other sundry > propeller-heads and technophiles. Life will be good again! > > -- > Ron Johnson, Jr. > Jefferson LA USA > > Give a man a fish, and he eats for a day. > Hit him with a fish, and he goes away for good! (long post, sorry) You just (almost) described some of the attributes of an X.400 standards-based secure email system, at least as I used to understand them some considerable time ago. Apart from the complexity bit of course; internal complexity does not necessarily have to be exposed to the user or (mostly) to the administrator (VMS is a prime example). X.400 email systems have been around since the mid 1980s. When they were first around, X.400 email systems were impressively complex, unlike SMTP, and they weren't widely used, primarily they lived in telcos and large corporates, even though the design of an X.400 system meant that a mail came from who it said it was from, and that it hadn't been tampered with in transit, and that a delivery receipt meant something. [Within the usual confidence levels of cryptography-based stuff anyway]. Basic SMTP is somewhat older than X.400 - SMTP dates from the era of the teletype, the acoustic coupler, and the 32kword address space, and is necessarily correspondingly simple. Once upon a time, this was an advantage. Today, SMTP's architectural simplicity is a huge weakness - an SMTP engine i s trivially simple, it fits in the payload of a virus or other malicious download, and is often delivered that way to poorly-protected Window boxes to form massive botnets used for spamming. Meanwhile faster computers and PCs (with 32bit address space) and 56k modems (not to mention broadband) long ago eliminated the need for SMTP-type simplicity in an email transport agent, but as yet I've seen no one willing to admit that SMTP is no longer fit for purpose (in fact I've seen little discussion of the idea). Instead, industry people seemingly prefer to suggest all kinds of SMTP-based band-aids which might one day provide the same level of functionality, integrity, and security as X.400 did decades ago (and, in certain particularly security-conscious circles, still does afaik). Anyone care to enlighten me as to why a "paradigm shift" (ouch) to X.400 isn't the answer and band-aids are? I do realise that such a shift wouldn't take place overnight and that interoperability tools would be needed (which is fine, they existed years ago). I also realise there is a whole SMTP-dependent ecosystem out there, from mailserver vendors to band-aid vendors to ISPs to spammers and more, whose interests will not be best served if the underlying mail system suddenly loses the vulnerabilities on which their commercial activities depend, and there are staff who won't want their SMTP skills to become irrelevant, but is this really the main reason SMTP survives well beyond its "use by" date? There's also the "not invented here" factor, X.400 didn't come from the Internerd/RFC community, it came from those nasty telco folks, but twenty-odd years later doesn't the reality look like the telcos may have been the ones going the right way, maybe they were just a bit before the cheap computing power (and bandwidth) was available? Feel free to extend the discussion as to where X.500 directory services might fit (y'know, making sure that your email to John Smith went to the *right* John Smith). And what the mail-related role of a real Internet *service* Provider might be in this brave new world (rather than today's connectivity providers with a few servers reluctantly added as an afterhought). You could even consider whether such a world might have a role for a highly secure, highly reliable, highly scalable OS and application set which might be a suitable platform for mail servers capable of reliably supporting user communities of anything from dozens of users all the way to hundreds of thousands of users (maybe more). Could be an opportunity there for someone (but they'd perhaps have to risk upsetting the existing SMTP-dependent ecosystem...). Folks have (mostly) given up on RSX11 and even on MS-DOS, for understandable reasons. Isn't it time SMTP went the same way? Discuss John ------------------------------ Date: Mon, 18 Jun 2007 09:10:18 -0500 From: Ron Johnson Subject: Re: Why is SMTP still relevant? Message-ID: On 06/18/07 04:39, John Wallace wrote: > "Ron Johnson" wrote in message > news:p50di.582903$2Q1.250900@newsfe16.lga... >> On 06/16/07 20:04, Bill Gunshannon wrote: >> [snip] >>> So, what is the technological solution? >> Hardened operating systems and some sort of email-account >> pre-registration with organizations that issue web-of-trust PGP/GPG >> digital signatures. Every user would need to think of a strong >> passphrase before being allowed to send email. All emails would >> have to be signed. Using computers and the internet would become >> *much* more complicated and usage would plummet. >> >> Computers would then only be used by geeks and other sundry >> propeller-heads and technophiles. Life will be good again! >> >> -- >> Ron Johnson, Jr. >> Jefferson LA USA >> >> Give a man a fish, and he eats for a day. >> Hit him with a fish, and he goes away for good! > > (long post, sorry) > > You just (almost) described some of the attributes of an X.400 > standards-based secure email system, at least as I used to understand them > some considerable time ago. Apart from the complexity bit of course; > internal complexity does not necessarily have to be exposed to the user or > (mostly) to the administrator (VMS is a prime example). > [snip] > > Anyone care to enlighten me as to why a "paradigm shift" (ouch) to X.400 > isn't the answer and band-aids are? I do realise that such a shift wouldn't > take place overnight and that interoperability tools would be needed (which > is fine, they existed years ago). I also realise there is a whole > SMTP-dependent ecosystem out there, from mailserver vendors to band-aid > vendors to ISPs to spammers and more, whose interests will not be best > served if the underlying mail system suddenly loses the vulnerabilities on > which their commercial activities depend, and there are staff who won't want > their SMTP skills to become irrelevant, but is this really the main reason > SMTP survives well beyond its "use by" date? There's also the "not invented > here" factor, X.400 didn't come from the Internerd/RFC community, it came > from those nasty telco folks, but twenty-odd years later doesn't the reality > look like the telcos may have been the ones going the right way, maybe they > were just a bit before the cheap computing power (and bandwidth) was > available? Installed base. There are a *lot* of SMTP servers out there. -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! ------------------------------ Date: Mon, 18 Jun 2007 11:17:45 -0400 From: "FredK" Subject: Re: Why is SMTP still relevant? Message-ID: "Ron Johnson" wrote in message news:fnwdi.147873$NK5.83353@newsfe23.lga... > -- > Ron Johnson, Jr. > Jefferson LA USA > > Give a man a fish, and he eats for a day. > Hit him with a fish, and he goes away for good! Nice. But I prefer the following Pratchett-ism... Give a man a fire and he's warm for the day. But set fire to him and he's warm for the rest of his life. ------------------------------ Date: Mon, 18 Jun 2007 12:34:17 -0400 From: Steve Thompson Subject: Re: Why is SMTP still relevant? Message-ID: On Mon, 18 Jun 2007, FredK wrote: > "Ron Johnson" wrote in message > news:fnwdi.147873$NK5.83353@newsfe23.lga... >> Give a man a fish, and he eats for a day. >> Hit him with a fish, and he goes away for good! > Nice. But I prefer the following Pratchett-ism... > > Give a man a fire and he's warm for the day. But set fire to him and he's > warm for the rest of his life. Clever. But anyway, if you hit a man with a fish, he only goes away for a little while. Then he comes back with a bigger fish. Steve ------------------------------ Date: Mon, 18 Jun 2007 11:35:33 -0500 From: Ron Johnson Subject: Re: Why is SMTP still relevant? Message-ID: On 06/18/07 11:34, Steve Thompson wrote: > On Mon, 18 Jun 2007, FredK wrote: > >> "Ron Johnson" wrote in message >> news:fnwdi.147873$NK5.83353@newsfe23.lga... >>> Give a man a fish, and he eats for a day. >>> Hit him with a fish, and he goes away for good! >> Nice. But I prefer the following Pratchett-ism... >> >> Give a man a fire and he's warm for the day. But set fire to him and he's >> warm for the rest of his life. > > Clever. But anyway, if you hit a man with a fish, he only goes away for > a little while. Then he comes back with a bigger fish. Not if you hit him first with the big fish and crack his skull!!! -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! ------------------------------ Date: Mon, 18 Jun 2007 13:10:21 -0400 From: Steve Thompson Subject: Re: Why is SMTP still relevant? Message-ID: On Mon, 18 Jun 2007, Ron Johnson wrote: > On 06/18/07 11:34, Steve Thompson wrote: >> Clever. But anyway, if you hit a man with a fish, he only goes away for a >> little while. Then he comes back with a bigger fish. > > Not if you hit him first with the big fish and crack his skull!!! Ah Ron, you are a wise man. You keep the biggest fish on hand, just in case. Steve ------------------------------ End of INFO-VAX 2007.330 ************************