Quarter Life Crisis
The world according to Sven-S. Porst
« Moebius • Main • Stealing »
Comments
Comment by Douglas Stetner:
¶
I have a couple problems with this entry.
1) How would you like your system to have as many viruses and trojans as Windows? The permissions on a UNIX system are there to keep the system secure, which they do quite admirably.
Maybe you need to look more closely at what you are trying to achieve and see how you can do it less painfully.
2) The snippet below from RFC 2821 clearly states that an SMTP service must support the postmaster address. If earthlingsoft is not going to comply with the open standard, is that Sourceforge’s fault?:
================== 4.5.1 Minimum Implementation
In order to make SMTP workable, the following minimum implementation is required for all receivers. The following commands MUST be supported to conform to this specification:
EHLO HELO MAIL RCPT DATA RSET NOOP QUIT VRFY
Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox “postmaster” as a case- insensitive local name.
Comment by ssp:
¶
Thanks for your comment, Douglas.
Re 1) I am aware of the security issue. Yet, I’ve used the Classic MacOS for years and never had a problem with my computer being taken over by evil software. Things the computer does when it finds insufficient permissions aren’t terribly smart. If I have file owned by myself in my own home folder, I see no reason why I shouldn’t be allowed to edit it. My computer, my folder, my file, my right to destroy it.
Re 2) I didn’t doubt that Sourceforge were technically right there. It looks like they actually have extra code that checks this before sending an e-mail to a domain. And that code refuses to send an e-mail although it’s perfectly possible. How anal is that? I Sourceforge were really serious about this problem, they should at least not accept e-mail addresses which they don’t send e-mail to anywhere in their system. But they happily do.
Of course I could just have a postmaster or ‘catch all’ account on our domain. Thus giving spammers more opportunities to send us e-mail. To remain sane I’d have to trash messages to that account right away as no legitimate message is going to arrive there anyway. And that’s just absurd.
Comment by Douglas Stetner:
¶
Well, if that is what you truly want, why not just enable root and log in as root and do what you want?
As well, they are probably using something like http://www.rfc-ignorant.org/ which says
“rfc-ignorant.org is the clearinghouse for sites who think that the rules of the internet don’t apply to them”
As said on their site, no-one can force you to comply to RFCs, but people are free to choose not to communicate with you if you chose not to follow them. If you chose not to have a mailbox (or slot or receptacle), or not to have a number on your house, would you expect to get postal mail? You may, but then again you may not….
Comment by ssp:
¶
I agree that using a root user would solve the problem in an equally splendid way. You guessed correctly that this is not what I ‘really’ want, though. Why should I need to notice the fact that things as permissions or ‘root’ users exist at all as a simple user? If there are to be permissions (and at least for networked/multi-user machines I don’t see how you’d do without) they and the software running with them should at least be implemented in a way that doesn’t hurt the user.
Besides, I don’t see why my computer should make me any troubles accessing my files in my folder. The computer’s behaviour suggests I need to change things while I like to think that it’s the machine’s job to do handle these things reasonably. It’s there to help me not to create new problems.
As far as RFCs are concerned – believe it or not, I haven’t read all of the RFCs that affect my life. And neither have I checked whether the software I use complies to them. As far as that e-mail thing is concerned I feel perfectly innocent. If there were something as an essential e-mail account I’d expect my provider to set it up for me or for things to fail so badly that the problem is apparent. Instead, there is a single domain for which that problem is relevant.
In addition, being good zealots, the sourceforge people don’t seem to be interested in getting people to set up these addresses. If they were, surely they’d tell me right away that there is a problem with my domain and they won’t send e-mail to it for ideological reasons when I first try to use it on their site. They’d also offer advice on how to adjust things to please them along with an explanation or at least a link showing why this is a good thing™. But they aren’t. They simply accept all the input and let me wondering why I never received any registration confirmation. (I only found out about what the real problem is by accident much later.)
Of course Sourceforge as a private company (or whatever they are) can choose whom they don’t want to deal with without need for justification. They just happen to be a bit more public and there are people, including myself, who didn’t exactly choose to use their site. I’d think that a certain kind of responsibility comes with that kind of position.
Finally, I find the postal example you give very interesting (though not in a directly related way). I was immediately reminded of the difference between the proper postal service and parcel services by this. When getting mail vial the proper postal service, it’s chances of arriving are very good. Mail is delivered by the same person with good local knowledge. It will arrive even when the address is incomplete or wrong as these people know the region and are dedicated to their job – which is delivering mails, no more and no less. Parcel services, on the other hand, are known to regularly not find houses (even those with perfectly obvious numbers) and lack the background to compensate for the odd typo or bad handwriting in addresses.
I don’t know why there should be a ‘postmaster’ mailbox, but if the aim is to contact the site owners, anyone with legitimate interest in that will be able to find a way of doing that easily.
Comment by d.w.:
¶
“Postmaster” is explicitly written into the spec, but I would expect that your hosting provider would have set an alias up for it when they set up your domain.
I can see both sides of this: from a user standpoint, you shouldn’t need to know anything about it, but as a mail server operator, it’s precisely the sort of detail people insist you have nailed down before they’ll consider dealing with you. In a world full of spammers who blissfully ignore the rules for their own gain, a lot of mail server admis have decided that the simplest thing to do is to route around anyone who doesn’t play by the rules, which are codified.
Comment by ssp:
¶
Dave, which other sites ‘route around’ us because of this?
And doesn’t having a fixed address available for every domain make the spammers’ life easier rather than harder?
Comment by d.w.:
¶
Any ISPs who are using that “rfc-ignorant” site to decide whether to drop incoming messages will not see your mail. If a large ISP subscribes to the service (I don’t know if any do), you could potentially be talking about a lot of people.
As for using the presence or absence of “postmaster” as a bozo filter, I think the thinking is that a domain that isn’t diligent about following the RFCs is probably not so diligent about other things, like shutting down open relays. Once again, a user can be ignorant about the RFCs, but a mail administrator really shouldn’t be. It’s expected that the guy driving the tanker truck full of petrol should know more about the rules of the road than the kid in the Volvo.
Comment by d.w.:
¶
Addendum: and if you’re worried about Postmaster being a spam magnet, of the 558 messages in my Junk folder right now, 0 of them were sent to the postmaster address of my domain. Spammers realize that humans don’t read that mailbox, usually.
Comment by ssp:
¶
With more and more people running their own domains, who is the postmaster, though? Is it our provider or us? We can set up e-mail addresses after all.
You experience with the address doesn’t sound too bad, though. (We did activate the ‘catch all’ feature on our site once, though, and were drowned in spam subsequently.)
And I still don’t understand the point of that e-mail address if ‘humans don’t read that mailbox, usually’. What kind of messages arrive there?
Hm, perhaps I could set up the postmaster address and forward it to Sourceforge? ;)
Comment by d.w.:
¶
RFC 1648:
Operating a reliable, large-scale electronic mail (email) network requires cooperation between many mail managers and system administrators. As noted in RFC 822, often mail or system managers need to be able to contact a responsible person at a remote host without knowing any specific user name or address at that host. For that reason, both RFC 822 and the Internet Host Requirements require that the address “postmaster” be supported at every Internet > host.
RFC 822:
This standard specifies a single, reserved mailbox address (local-part) which is to be valid at each site. Mail sent to that address is to be routed to a person responsible for the site’s mail system or to a person with responsibility for general site operation.
It’s worth noting that RFC 822 was ratified in 1982, which means it predates the modern concept of an ISP by at least a half-dozen years. RFC 2822 supersedes RFC 822, but doesn’t do anything to negate the “postmaster” requirement.
Until the IETF drops or supersedes the requirement (and having seen the sausage-making process up-close-and-personal wrt. Atom, I’d call that NotBloodyLikely), it’s the law of the electronic land.
As for when the postmaster address is actually useful, it’s pretty handy if you’re making a change to your configuration as bounces and things of that nature go there — it can be a “canary in a coalmine” for you if, say, your DNS information has become somehow mucked up or the new server-side spam filter you just installed is doing its job too well…
