FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 12-02-2008, 09:29 AM
Bjørn Mork
 
Default Bug#457318: qmail and related packages in NEW

Gerrit Pape <pape@smarden.org> writes:

> Hi, I'm quite surprised how the inclusion of qmail and related packages
> into sid is handled, or rather not handled, by the ftpmasters.

I downloaded the netqmail source from http://dbn.smarden.org/sid/ and
looked briefly at it, to see if most of the well-known (some of the for
10+ years!) bugs have been fixed. Unfortunately, it doesn't seem so.
The Debian packaging included surprisingly few patches, and the fixes
I tested still applies to the Debian package. e.g:

bjorn@canardo:/usr/local/mydebs/tmp/netqmail-1.06$ patch -p0 --dry-run < ../patch-qmail-1.03-rfc2821.diff
patching file qmail-remote.c
bjorn@canardo:/usr/local/mydebs/tmp/netqmail-1.06$ patch -p0 --dry-run < ../patch-qmail-1.03-rfc1652.diff
patching file ./qmail-smtpd.c
Hunk #1 succeeded at 229 with fuzz 1.


To avoid having packages starting their Debian life with a long list of
serious and grave bugs, may I suggest that you take a look at
http://www.dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html [1]
and either include the patches or use the suggested workarounds?



Bjørn

[1] This page refers to http://home.pages.de/~mandree/qmail-bugs.html as
its canonical location but I'm currently unable to open the latter


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-04-2008, 08:03 AM
Gerrit Pape
 
Default Bug#457318: qmail and related packages in NEW

On Tue, Dec 02, 2008 at 11:29:13AM +0100, Bjørn Mork wrote:
> Gerrit Pape <pape@smarden.org> writes:
> > Hi, I'm quite surprised how the inclusion of qmail and related packages
> > into sid is handled, or rather not handled, by the ftpmasters.
>
> I downloaded the netqmail source from http://dbn.smarden.org/sid/ and
> looked briefly at it, to see if most of the well-known (some of the for
> 10+ years!) bugs have been fixed. Unfortunately, it doesn't seem so.
> The Debian packaging included surprisingly few patches, and the fixes
> I tested still applies to the Debian package. e.g:
>
> bjorn@canardo:/usr/local/mydebs/tmp/netqmail-1.06$ patch -p0 --dry-run < ../patch-qmail-1.03-rfc2821.diff
> patching file qmail-remote.c
> bjorn@canardo:/usr/local/mydebs/tmp/netqmail-1.06$ patch -p0 --dry-run < ../patch-qmail-1.03-rfc1652.diff
> patching file ./qmail-smtpd.c
> Hunk #1 succeeded at 229 with fuzz 1.

> To avoid having packages starting their Debian life with a long list of
> serious and grave bugs, may I suggest that you take a look at
> http://www.dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html [1]
> and either include the patches or use the suggested workarounds?

Sure, the two patches you mention might be considered for Debian.

However, I wonder how two issues can be called a 'long list', and how
these can be judged as severity grave or serious.

Right now, upstream doesn't completely agree with Andree's list of bugs.
Do you know how many people add accept_8bitmime to the default exim
configuration, and for what reason? Do you know why any highest
priority MX with the closest distance to the mail store should issue
temporary errors on incoming connections permanently, and whether this
is okay with the standards?

I've yet to be pointed to a grave or serious bug in the packages pending
in NEW, otherwise I see no reason why they shouldn't be processed and
pass NEW. I completely agree with this well written post

http://lists.debian.org/debian-devel/2008/12/msg00207.html

Regards, Gerrit.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-04-2008, 08:44 AM
Kalle Kivimaa
 
Default Bug#457318: qmail and related packages in NEW

Gerrit Pape <pape@smarden.org> writes:
> I've yet to be pointed to a grave or serious bug in the packages pending
> in NEW, otherwise I see no reason why they shouldn't be processed and
> pass NEW. I completely agree with this well written post

Does the package in NEW fix the well known backscatter spam issue? I
tried searching for the fix in the package but unfortunately failed.

If it doesn't, then IMO, at this day and age, a MTA sending
backscatter spam doesn't belong to Debian.

--
* Sufficiently advanced magic is indistinguishable from technology (T.P) *
* PGP public key available @ http://www.iki.fi/killer *


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-04-2008, 09:05 AM
Florian Weimer
 
Default Bug#457318: qmail and related packages in NEW

* Gerrit Pape:

> Right now, upstream doesn't completely agree with Andree's list of
> bugs.

Out of curiosity, does netqmail fix at least the delayed bounce
problem?


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-05-2008, 08:28 PM
Gerrit Pape
 
Default Bug#457318: qmail and related packages in NEW

Hi,

On Thu, Dec 04, 2008 at 11:05:31AM +0100, Florian Weimer wrote:
> Out of curiosity, does netqmail fix at least the delayed bounce
> problem?

no, or maybe: not yet; they gave notice of including that, but nothing
happened yet

http://marc.info/?l=qmail&m=120275739720434&w=2

On Thu, Dec 04, 2008 at 11:44:41AM +0200, Kalle Kivimaa wrote:
> Gerrit Pape <pape@smarden.org> writes:
> > I've yet to be pointed to a grave or serious bug in the packages pending
> > in NEW, otherwise I see no reason why they shouldn't be processed and
> > pass NEW. I completely agree with this well written post
>
> Does the package in NEW fix the well known backscatter spam issue? I
> tried searching for the fix in the package but unfortunately failed.

Not the default install. The package includes a patch though, and
builds and provides additional smtpd and qmtpd replacements that reject
unknown addresses in the SMTP connection, they're trivial to enable. I
personally use mailfront instead of qmail-smtpd. mailfront, already
available in Debian/main, has this functionality and can also act
perfectly as a replacement.

> If it doesn't, then IMO, at this day and age, a MTA sending
> backscatter spam doesn't belong to Debian.

I understand that opinion, and almost share it, after all I've
configured my servers that way too. I'd prefer to have that changed
upstream in netqmail, but am not strictly opposed to making that change
for Debian explicitly.


Why 'almost share it'?

Rejecting in the SMTP connection also plays into the hands of spammers.
They have some resources available to blast out data of unsolicited
mails. Once an SMTP server rejects a recipient before DATA, the SMTP
client doesn't need to transmit the data, and can immediately switch to
another recipient, using the resources more efficiently. The more SMTP
servers reject on RCPT, the more moves the load to other SMTP servers.
So it might well be that those SMTP servers, that accept mail regardless
of the existence of the recipient mailbox, take load off your server's
spam processing, because they eat spammer's resources.

Concerning the delayed delivery notifications, there's an efficient way
to immediately reject those in the SMTP connection, see

http://lists.debian.org/debian-isp/2004/09/msg00080.html

Finally, just as not supporting VRFY, not rejecting in the SMTP
conversation makes it harder for the spammers to sort out bad recipient
addresses, and so to use their resources even more efficiently.

That not necessarily needs to be true; it's theory, but in my opinion
it's worth thinking about.

Regards, Gerrit.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-05-2008, 09:01 PM
Kalle Kivimaa
 
Default Bug#457318: qmail and related packages in NEW

Gerrit Pape <pape@smarden.org> writes:
> So it might well be that those SMTP servers, that accept mail regardless
> of the existence of the recipient mailbox, take load off your server's
> spam processing, because they eat spammer's resources.

I rather use a MTA that implements SMTP time delays to force the
spammer to slow down, thank you very much. I even endorse greylisting
(with a whitelist) nowadays, but you'll never see me endorsing QMail
until it is patched.

> Concerning the delayed delivery notifications, there's an efficient way
> to immediately reject those in the SMTP connection, see

I rather not force other mail admins to implement measurements to deal
with another MTA's stupidity.

--
* Sufficiently advanced magic is indistinguishable from technology (T.P) *
* PGP public key available @ http://www.iki.fi/killer *


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-06-2008, 11:33 AM
Stephen Gran
 
Default Bug#457318: qmail and related packages in NEW

This one time, at band camp, Gerrit Pape said:
> Finally, just as not supporting VRFY, not rejecting in the SMTP
> conversation makes it harder for the spammers to sort out bad recipient
> addresses, and so to use their resources even more efficiently.

That is so stunningly wrong an argument I can't even think of anything
to say. Are you sure you should be working with MTA software?
--
-----------------------------------------------------------------
| ,'`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
 

Thread Tools




All times are GMT. The time now is 10:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org