Archive-Date: Wed, 7 Mar 2001 10:55:17 -0800 Message-ID: <3AA68408.2DB97B7D@montana.edu> Date: Wed, 07 Mar 2001 10:55:04 -0800 From: Allen Porter Reply-To: MX-List@MadGoat.com MIME-Version: 1.0 To: mx-list@madgoat.com Subject: List Security (or lack thereof) and POP Clients Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit As far as I can determine, the security for MX server lists is done by e-mail address. The increasing use of unauthenticated POP mail clients is really rendering this method useless. We just got spammed on a 10,000 member list with (only owner posting is permitted) by someone who simply used the owner's e-mail address in a POP client. Of course anyone can also spoof being the owner, and change the list membership, etc. What means can we take within MX to prevent this? The help of the community will be much appreciated! Allen Porter Montana State University ahporter@montana.edu ================================================================================ Archive-Date: Tue, 27 Mar 2001 08:59:39 -0800 Date: Tue, 27 Mar 2001 18:59:32 +0200 From: stoeri@iap.tuwien.ac.at Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <009F9A78.85C99CA6.1@iap.tuwien.ac.at> Subject: Sending MIME Attachments from as script Hello, We are using MX 5.1A on openVMS ALPHA 7.2-1. We want to send MIME attachments from a CGI script. As openVMS MAIL doesn't allow this, we are looking for alternatives. A short test shows, that this is possible with MX_SITE_IN. However, this requires two privileges (SYSPRV, SYSLCK) which I would not easily grant to a username running CGI scripts. I would therefore like to install MX_SITE_IN.EXE with privileges. This in turn requires an image with /NOTRACEBACK. My questions: 1) is it possible to produce this from the MX distribution? 2) are there any alternatives I have overlooked? Thanks in advance Herbert Stoeri +----------------------------------+----------------------------------+ | Herbert Stoeri | Phone: ++43(1)58801/13460 | | Institut fuer Allgemeine Physik | Fax: ++43(1)58801/13499 | | Technische Universitaet Wien | email: stoeri@iap.tuwien.ac.at | | Wiedner Hauptstrasse 8-10 | | | A-1040 Wien | http://www.iap.tuwien.ac.at/ | | Austria | | +----------------------------------+----------------------------------+ ================================================================================ Archive-Date: Tue, 27 Mar 2001 09:33:37 -0800 Date: Tue, 27 Mar 2001 20:30:42 +0300 From: rakesh@kuc01.kuniv.edu.kw Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: rakesh@kuc01.kuniv.edu.kw Message-ID: <009F9A85.423CE49E.343@kuc01.kuniv.edu.kw> Subject: RE: Sending MIME Attachments from as script This seems very intersting & useful. Why CGI script is needed here? Could we include MIME attachment with VMS mail? Thanks, RAKESH ================================================================================ Archive-Date: Tue, 27 Mar 2001 10:34:03 -0800 Message-ID: <000d01c0b6ed$68b04220$2c0110ac@sysmanhome> From: "Ruslan R. Laishev" Reply-To: MX-List@MadGoat.com To: References: <009F9A78.85C99CA6.1@iap.tuwien.ac.at> Subject: Re: Sending MIME Attachments from as script Date: Tue, 27 Mar 2001 22:40:33 +0400 Hi! Take a look to yaHMail: http://WWW.VSM.COM.AU/WASD/ ----- Original Message ----- From: To: Sent: 27 марта 2001 г. 20:59 Subject: Sending MIME Attachments from as script > Hello, > > We are using MX 5.1A on openVMS ALPHA 7.2-1. We want to send MIME > attachments from a CGI script. As openVMS MAIL doesn't allow this, we > are looking for alternatives. A short test shows, that this is possible > with MX_SITE_IN. However, this requires two privileges (SYSPRV, SYSLCK) > which I would not easily grant to a username running CGI scripts. I > would therefore like to install MX_SITE_IN.EXE with privileges. This in > turn requires an image with /NOTRACEBACK. > > My questions: > 1) is it possible to produce this from the MX distribution? > 2) are there any alternatives I have overlooked? > > Thanks in advance > > Herbert Stoeri > > +----------------------------------+----------------------------------+ > | Herbert Stoeri | Phone: ++43(1)58801/13460 | > | Institut fuer Allgemeine Physik | Fax: ++43(1)58801/13499 | > | Technische Universitaet Wien | email: stoeri@iap.tuwien.ac.at | > | Wiedner Hauptstrasse 8-10 | | > | A-1040 Wien | http://www.iap.tuwien.ac.at/ | > | Austria | | > +----------------------------------+----------------------------------+ > ================================================================================ Archive-Date: Wed, 28 Mar 2001 01:31:23 -0800 Date: Wed, 28 Mar 2001 11:31:17 +0200 From: "GWDVMS::MOELLER" Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com, stoeri@iap.tuwien.ac.at CC: Subject: RE: Sending MIME Attachments from as script Message-ID: Herbert Stoeri asks: >[...] > I would therefore like to install MX_SITE_IN.EXE with privileges. This in > turn requires an image with /NOTRACEBACK. >[...] Get SET_EXE.COM (ASCII!) from FTP.GWDG.DE in directory /pub/vms - it allows you to clear (or set) the /TRACE and /DEBUG bits of a VMS (both VAX and Alpha) executable. HTH, Wolfgang J. Moeller, Tel. +49 551 201-1516/-1510, moeller@gwdvms.dnet.gwdg.de GWDG, D-37077 Goettingen, F.R.Germany | Disclaimer: No claim intended! http://www.gwdg.de/~moeller/ ---- ---- ================================================================================ Archive-Date: Thu, 29 Mar 2001 08:21:22 -0800 Date: Thu, 29 Mar 2001 18:21:15 +0200 From: stoeri@iap.tuwien.ac.at Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <009F9C05.8114A491.1@iap.tuwien.ac.at> Subject: RE: Sending MIME Attachments from as script The problem is solved. Thanks for the responses. There were actually two suggestions: 1) look at yahMAIL http://WWW.VSM.COM.AU/WASD/ This is avery nice web-mailer for openVMS. It tricks VMS-MAIL into sending MIME-attachments correctly, which could be copied. 2) use SET_EXE.COM from ftp://FTP.GWDG.DE/pub/vms to turn off the trace bit in an VMS-image. Actually, we used approach 2 to turn off the trace bit in MX_SITE_IN.EXE and installed the image with SYSPRV and SYSLCK privileges. Obviously, this modified image is protected against unauthorized use by an ACL. Thus MX_SITE_IN.EXE can be used by an authorized, but otherwise not privileged user to send fully RFC... compatible mails including MIME attachments. Herbert Stoeri >Hello, > >We are using MX 5.1A on openVMS ALPHA 7.2-1. We want to send MIME >attachments from a CGI script. As openVMS MAIL doesn't allow this, we >are looking for alternatives. A short test shows, that this is possible >with MX_SITE_IN. However, this requires two privileges (SYSPRV, SYSLCK) >which I would not easily grant to a username running CGI scripts. I >would therefore like to install MX_SITE_IN.EXE with privileges. This in >turn requires an image with /NOTRACEBACK. > >My questions: >1) is it possible to produce this from the MX distribution? >2) are there any alternatives I have overlooked? +----------------------------------+----------------------------------+ | Herbert Stoeri | Phone: ++43(1)58801/13460 | | Institut fuer Allgemeine Physik | Fax: ++43(1)58801/13499 | | Technische Universitaet Wien | email: stoeri@iap.tuwien.ac.at | | Wiedner Hauptstrasse 8-10 | | | A-1040 Wien | http://www.iap.tuwien.ac.at/ | | Austria | | +----------------------------------+----------------------------------+ ================================================================================ Archive-Date: Thu, 29 Mar 2001 09:18:20 -0800 Date: Thu, 29 Mar 2001 20:15:26 +0300 From: rakesh@kuc01.kuniv.edu.kw Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: rakesh@kuc01.kuniv.edu.kw Message-ID: <009F9C15.7492CF6A.202@kuc01.kuniv.edu.kw> Subject: RE: Sending MIME Attachments from as script Thanks for very useful information. Can you please give some more information on what ACLs you have set up on the image. Best regards, RAKESH ================================================================================ Archive-Date: Thu, 29 Mar 2001 13:45:29 -0800 Date: Thu, 29 Mar 2001 23:45:21 +0200 From: stoeri@iap.tuwien.ac.at Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <009F9C32.C8388258.15@iap.tuwien.ac.at> Subject: RE[2]: Sending MIME Attachments from as script 1) I created an identifier MX_USE_SITE_IN in UAF UAF>ADD/IDENTIFIER MX_USE_SITE_IN 2) I added the following ACE (line) to the image MX_EXE:MX_SITE IN in EDIT/ACL: (identifier= MX_USE_SITE_IN,access=execute) 3) In UAF, the identifier is granted to the UIC's permitted to use the feature. UAF>GRANT/IDENTIFIER MX_USE_SITE_IN Best regards Herbert >Thanks for very useful information. Can you please give some more information >on what ACLs you have set up on the image. Best regards, RAKESH +----------------------------------+----------------------------------+ | Herbert Stoeri | Phone: ++43(1)58801/13460 | | Institut fuer Allgemeine Physik | Fax: ++43(1)58801/13499 | | Technische Universitaet Wien | email: stoeri@iap.tuwien.ac.at | | Wiedner Hauptstrasse 8-10 | | | A-1040 Wien | http://www.iap.tuwien.ac.at/ | | Austria | | +----------------------------------+----------------------------------+ ================================================================================ Archive-Date: Thu, 29 Mar 2001 21:14:42 -0800 Date: Fri, 30 Mar 2001 08:11:48 +0300 From: rakesh@kuc01.kuniv.edu.kw Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: rakesh@kuc01.kuniv.edu.kw Message-ID: <009F9C79.8808D77C.82@kuc01.kuniv.edu.kw> Subject: RE: RE[2]: Sending MIME Attachments from as script Thanks. From this set up it seems that not all users on machine are allowed to use this feature & you grant permission to users individually? Can there be any other setup through which all users are allowed to use the feature with out compromising the security of the system? Thanks again & best regards, RAKESH ================================================================================ Archive-Date: Fri, 30 Mar 2001 06:53:42 -0800 Date: Fri, 30 Mar 2001 16:53:33 +0200 From: stoeri@iap.tuwien.ac.at Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <009F9CC2.6B471D7A.17@iap.tuwien.ac.at> Subject: RE[2]: RE[2]: Sending MIME Attachments from as script >Thanks. From this set up it seems that not all users on machine are >allowed to use this feature & you grant permission to users individually? Normal users send mail from their PC's via SMTP( using e.g. Netscape, Outlook, Eudora...) This feature is only for a script managing large scale mailings to the participants of a conference. >Can there be any other setup through which all users are allowed to use >the feature with out compromising the security of the system? That's an interesting question. It depends on the internal workings of MX_SITE_IN.EXE. I play it safe Best regards Herbert > >Thanks again & best regards, RAKESH +----------------------------------+----------------------------------+ | Herbert Stoeri | Phone: ++43(1)58801/13460 | | Institut fuer Allgemeine Physik | Fax: ++43(1)58801/13499 | | Technische Universitaet Wien | email: stoeri@iap.tuwien.ac.at | | Wiedner Hauptstrasse 8-10 | | | A-1040 Wien | http://www.iap.tuwien.ac.at/ | | Austria | | +----------------------------------+----------------------------------+ ================================================================================ Archive-Date: Fri, 30 Mar 2001 09:01:39 -0800 Date: Fri, 30 Mar 2001 19:58:45 +0300 From: rakesh@kuc01.kuniv.edu.kw Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: rakesh@kuc01.kuniv.edu.kw Message-ID: <009F9CDC.4A842841.618@kuc01.kuniv.edu.kw> Subject: RE: RE[2]: RE[2]: Sending MIME Attachments from as script Thanks. Many times I receive text mails as Base64 MIME format. To read these mails under VMS, I extract the mail in a file, remove unwanted headers etc leaving only MIME encoded portion & use MIME decoding program which converts it into text format. Is there any other direct way to read these mails under VMS (not on POP client)? Best regards, RAKESH ================================================================================ Archive-Date: Fri, 30 Mar 2001 09:30:07 -0800 Date: Fri, 30 Mar 2001 11:30:01 -0500 From: Rick Dyson Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: dyson@iowasp.physics.uiowa.edu Message-ID: <009F9C95.38E03604.30@iowasp.physics.uiowa.edu> Subject: RE: RE[2]: RE[2]: Sending MIME Attachments from as script MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="iso-8859-1" > From: MX%"MX-List@MadGoat.com" 30-MAR-2001 11:01:58.08 > Subj: RE: RE[2]: RE[2]: Sending MIME Attachments from as script > Thanks. > > Many times I receive text mails as Base64 MIME format. To read these mails > under VMS, I extract the mail in a file, remove unwanted headers etc leaving > only MIME encoded portion & use MIME decoding program which converts it into > text format. Is there any other direct way to read these mails under VMS (not > on POP client)? > > Best regards, RAKESH Netscape for OpenVMS (v3.03) has a mail client that does POP3 if you are running a POP3 server. You can use it to read your MIME e-mail directly from your NEWMAIL folder. It will at least handle the MIME attachment part. You will probably still end up with MS junk that you have to move to a PC to view, but that is probably easier then the way you did it before. I have lots of the decoder programs on OpenVMS and found they were hit and miss for decoding and the above method is much more seemless for admins *AND* low-end users. :) Also, on the PC, the WinZIP program is great for taking a text file extracted with VMS mail (or anything else) and digging into it and decoding the MIME parts. It sort of treats the file like an "archive" and just "uncompresses" it for you. It does UUEncode, BinHex and Base64 easily. Since the final attachment is probably a MS-based application file anyway, it can be convient to do it all on the PC after exracting the VMS mail to a "*.mim" file. Regards, Rick -- Richard L. Dyson rick-dyson@UIowa.EDU It (removing script hosting) is probably the next best way to protect your PC. The best fix is to de-install Windows and install Linux. --Mikko Hypponen, manager of anti-virus research at security software supplier F-Secure. ================================================================================ Archive-Date: Fri, 30 Mar 2001 12:11:19 -0800 Date: Fri, 30 Mar 2001 14:11:53 -0600 From: system@niuhep.physics.niu.edu Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com Message-ID: <009F9CAB.D5BFA35C.10@niuhep.physics.niu.edu> Subject: RE: RE[2]: RE[2]: Sending MIME Attachments from as script http://alder.cc.kcl.ac.uk/pine-vms/ ================================================================================ Archive-Date: Fri, 30 Mar 2001 23:54:01 -0800 Date: Sat, 31 Mar 2001 10:51:06 +0300 From: rakesh@kuc01.kuniv.edu.kw Reply-To: MX-List@MadGoat.com To: MX-List@MadGoat.com CC: rakesh@kuc01.kuniv.edu.kw Message-ID: <009F9D58.F3C2100D.13@kuc01.kuniv.edu.kw> Subject: RE: RE[2]: RE[2]: Sending MIME Attachments from as script Thanks a lot for very valuable information. Best regards, RAKESH