Slashdot Mirror

See MIMEDefang... it'll let you do just what you want.

I know that Spam Assassin is a bit resource hungry, and isn't practical for large scale operations

Au contraire, if you're clever about it, SpamAssassin works great in large-scale operations. In conjunction with MIMEDefang, people use SpamAssassin to scan a lot of mail -- over 1 million messages/day in two sites I know of.

Certain service areas of Comcast use PPPoE for authentication rather than the commonplace DHCP for authentication. You can get Linux PPPoE software from Roaring Penguin.

My spam is all visible at the CanIt Spam Trap.

Login/password = demo/demo

I have two clients uing SBC/Yahoo DSL and Windows 95. It works just dandy with RAS PPPOE software. I also have a Linux gateway/firewall/proxy set up with Roaring Penguin. In both cases, I've had no issues once it's set up.

The hard part!?! Getting the login/pw.

I called and told them that the install disk had crashed, wouldn't run again, but the icons were on the desktop, and "Can you just give me a login and password?".

They eventually did, I punched it in, and everything's been fine ever since.

Did you bother to even look before going ahead with the "upgrade"?

I know it bothers a lot of people...but I mean come on..

MIMEDefang + MCaffee (enter favorite virus scanner here) + Spamassassin makes the spam and viruses pretty much go away.

And here is a great HOWto by Mickey Hill on making it all work together.

Legislation is not going to solve this problem, and only ties up our courts/government with drivel. As many people have mentioned, how is this going to work with international spammers? It's not. Just kill the spam.

expensive filtering software?
Mimedefang download
I don't like spammers, and don't agree with the methods they use, but more legislation is NOT the answer.

Silly question:

Whenever Hemos or CmdrTaco posts about a Windows virus, they always end with "yadda yadda 90% of my e-mail yadda...". How is it that you can run the #1 geek news site and still have e-mail viruses infaltrating your inbox? Is it that much trouble to install MIMEDefang? If you'd like, I'll offer up my services as a consultant to install virus scanning software on your e-mail server, since you two obviously can't figure it out, but I hope that isn't neccesary.

Use PPPoE if you are not tring to setup anonymous network access. But ether way have to put public access ethernet access on its own network maybe it could share with the network for your public access computers, but they should be on there own network from the libraries internal computers. Tell the Librarians it would be like letting anyone in the public come in and use there private desks whenever they wanted.
Use a linux box running PPPoE(PPP over Ehternet) that way you can track who was using what ip at what time. www.roaringpenguin.com has a commerial solution if you want to go that way, but you can do all the stuff your self.

with the phrase "So Microsoft's... excuse me, the AdTI's..."peppering the Roaring Penguin rebuttal, how are we (Open Source community) expected to be taken seriously? Grow up. This is like spelling Microsoft "Micro$oft". The weaknesses of the original document stand out fine enough on their own.

-yb

with the phrase "So Microsoft's... excuse me, the AdTI's..."peppering the Roaring Penguin rebuttal, how are we (Open Source community) expected to be taken seriously? Grow up. This is like spelling Microsoft "Micro$oft". The weaknesses of the original document stand out fine enough on their own.

-yb

It's interesting to note that Roaring Penguin's own CanIt license is considerably more restrictve than the GPL, despite the article's "Tough. Adapt or die" refrain for proprietary licensing.

I just had to write a response.

• MimeDefang
• OpenAntiVirus
• Spam Assasin
• Sendmail

For fun, see my graphs of Microsoft malware. :-)

For fun, see my graphs of Microsoft malware. :-)

MIMEDefang
stopped Klez cold at my clients' sites.

Ever since we stopped allowing people to receive executable attachments (thanks to MIMEdefang!), the virii have all but disappeared. There is no need to scan for virii on a mail server. Just get rid of executable attachments (there's a big list of them in MIMEdefang's example configuration). All these trojans use stupid Outlook auto-execute tricks/bugs/features to propagate. Executables shouldn't be sent as a direct attachment anyway. Either wrap it up in a zip file (the recipient has no excuse when he infects himself) or put it up on the ftp site and send a URL. This has got to be one of the basic elements of securing a network where Outlook users lurk - no executable attachments (picture Joan Crawford on a rampage).

MIMEdefang also gives us the ability to call Mail::Spamassassin from a sendmail Milter, something Spamassassin itself does not yet support. The latest version also supports the File::Scan module for writing virus scanners in perl.

I wrote an essay called The Subversion of Democracy.

I have a product which uses Ck; there are screen shots here.

I do think that the VNC thing is a good idea, but I think it'd be better that it be a user-initiated program, I don't like the idea of having a constantly running daemon in winDoh!s/Mac/Linux/whatever that gives anyone access to the box. As far as the connectivity software there are a few issues here:

DSL users Here in Tx, SWB DSL users are required to run a program called "Enternet 300" which is a PPPoE driver pack for Windows. I personally can't stand it because it's all javascript. (ever wonder why the Enternetfolder program makes so much clicking? I know how to stop it.)Luckily this PPPoE pack has been integrated into almost every kind of broadband router out there so for most of us there is no need for Enternet300.Linux users are saved by using Roaring Penguin's PPPoE driver for Linux

Power Users> These usere already know how to do this stuff and don't use the CDs in the first place.. the CD's are fishtank fodder.

Newbies these people have a minimal grasp of the internet and of network connectivity and need their hands held while they connect for the first time. AOL is so popular because of the "One Icon Does All"(OIDA) and they are too ignorant to know better. (not intended as flame fodder either)

I don't know how many newbies I've had to almost slap their hand with a ruler to stop them from using AOL when thay have a T-3 at their disposal.

then you get the wonders of the computing community..

The Absoloute idiots, aka "the Cave people" These people NEED to he walked through every little setup and checkbox. These people feel lost when even the word "PPP" is mentioned. They don't know a modem from the microwave and constantly plague CCs with tech support questions.

I think that for the Idiots that the pre-packaged software is a good thing. It comes pre-configured (usually) and is already ready to set-up. They are looking for the OIDA soloution and call in when they can't get it.

I don't think it is important which software is packaged as long as the packaged software matches the person receiving it.

Just my .02c Sorry it's so long

I feel equally threatened here in Canada. Please see my web site for my comments.

For fun with MIME at the mail-server level, try MIME Defang. Reject, bounce, delete, or mange those .doc as desired.

Or if you prefer an Open Source, route there's always MIMEDefang...

By the time Windows 2000 becomes obsolete, Linux could gain enough popularity that people can avoid product activation altogether. Companies like Opera and Real are now supporting Linux shows that it's gaining momentum now, and the fact anti-virus companies are pretending Linux will soon become a virus target shows that Linux being on the desktop is very real.

I saw your post and wanted to reccomend a package for you (if you don't already know this...)

try rp-pppoe from roaring penguin software. handles SWB / PacBell ADSL logins no sweat, and runs well on slackware 8 with the 2.4 kernel. I don't have the pppoe gui wrapper set up yet, but who cares about a gui to start your DSL if it's always on anyway?

I am using SNET DSL. SNET is owned by SBC. They have been requiring PPPoE on all new accounts since last fall. They will require PPPoE on all accounts by spring next year. I pay an extra $15/month to have an account with a static IP. I use Roaring Penguin PPPoE on a Linux box (K6-2/500) which also does firewall and NAT for my LAN. The PPPoE connection stays up pretty much all the time. When it drops, it comes back up by itself. I don't have to program the static IP into the PPPoE config. When my pppd connects and authenticates with PAP, they always give the same IP address.

PPPoE probably sux with win9x. I haven't tried it myself, and I would recommend one of the Linksys routers anyway. I suspect that PPPoE with NT or Win2k is probably OK. With Linux, it is fine. The only downside I see is the extra 8 bytes/pkt protocol overhead.

I think that the reason they want PPPoE is the PAP authentication. You don't pay your bill, they shut you down by deactivating your account. I could be wrong, and I am sure someone will correct me if I am, but I beleive that automating account deactivation is easier with a PAP authenticated PPPoE account than with a DHCP account.

Another point. Isn't DHCP authenticated by MAC address? What if I need to swap my NIC card around or use a different machine as my router. Suppose I bring up a FreeBSD box that I want to drop in place of the current LInux router. The username/password with PAP identifies my connection more uniquely than the MAC address of one of my many NIC's.

WinPoet works with static IP addresses. It all depends on your ISP, and whether they associate your login with a static IP address (i.e. a good ISP) or just grab an IP from a pool (i.e. tightwad fucking loser money grubbing clueless ISP).

There are drivers for Macintosh, Linux, Solaris, and most of the windoze line. For *nux, I'd recommend Roaring Penguin which is just a simple protocol wrapper for existing PPP drivers. Instead of specifying a serial TTY port, use the pty option of pppd to pipe to a process. Simple. Discussion groups here. And IPSec shouldn't care about PPPoE, but I would suspect that typical (i.e. buggy as shit) windoze versions get confused by new device drivers.

PPPoE is pretty common all across Europe. This is because we have monopoly telcos (just like SBC, but with even less ethics) who refuse to allow wireline access to customers. So they aggregate all the DSL connections into Broadband Access Servers, and feed the resulting IP stream to the ISPs based on the CHAP logon. This allows a resemblance of competition, while still taking their cut of the profits. And it allows the telcos to promote their own services ahead of all competitors, and of course their provisioning software works only on their own ISPs systems, and all competitors have to constantly update and hopefully not lose too many customers because the provisioning protocol changes every Monday morning *cough*FraudTelecom*cough*BilgeCom*cough*. [rantmode=off]

If the article is correct about only allowing dynamically assigned IPs, they you are fuckt. Take the article with a grain of salt, because there are enough other factual errors I think the author pulled a bunch of facts out of his ass. If SBC behaves like telcos in Europe, they'll just pass the PPPoE stream to the ISP, and if the ISP wants to offer static IP addresses, no problem. Over here, some give static IPs for no extra cost, others charge as much as US$100 per month on top of the ISP fee.

the AC

--

Look here.

Hey..I have the alcatel 1000 and am using hellsouth with thier pppoe crud. I used to have thier bridged service which was sweet but since they switched to pppoe life has been miserable. Anyways, look up the Roaring Penguin PPPoE client and use it instead of the one hellsouth provides. My nix box has one nic going to the alcatel1000 and one to a 8 port hub. Aside from hellsouths shitty/inconsistent connect (read:great for a few days at a time then things get ugly for a few days) the roaring penguin client does a great job. You don't need to sell the alcatel... it works great with pppoe and is not as problematic as the other 'options' i have seen them provide plus you can config it (via its own internal ip/web interface) really easy.

Check out Roaring Penguin PPPOE for a piece-of-cake PPPoE solution. Took me about 2 minutes under linux, while doing the test install in win98 took about 30 minutes...

Yeah. Most of the people I know in Toronto and Ottawa who are on either Shaw@Home or Rogers@Home are very happy with their service. Friends in Niagara Falls NY on Adelphia's unidirectional cable system love that, too, even piped into their LAN. It's worth noting that one of those friends actually works as a sales rep for Bell Atlantic DSL.

Okay. Well, I've never had cable internet service.

My decision went as follows:

• Price. Cable is $50/mo if you don't subscribe to cable TV.
• Quality. Bell Canada's Sympatico HSE service is considered to be absolute junk, at $40/mo. (I use Bell long distance, so I don't have to pay the $10/mo grab.)
• Server-Friendly? I wanted the option of a static IP, with an ISP that didn't care if I wanted to run a webserver in my home. Neither @Home or Symatico HSE offered that. And then, I lucked into something...

• dsl.ca is a division of Velocet. They offer their DSL service only in Toronto at the moment. $34.95/mo + $5/mo modem rental (okay, no cheaper than Sympatico). But for an extra $5/mo, they'll rent a static IP. Installation went like a million bucks. PPPoE is the only downside, but even so, Roaring Penguin's PPPoE solution is great.

  Many people complain about the stability of DSL connections. I have no concerns:

  2:37pm up 20 days, 14:21, 1 user, load average: 0.13, 0.03, 0.01
  55 processes: 54 sleeping, 1 running, 0 zombie, 0 stopped
  CPU states: 0.7% user, 1.3% system, 0.0% nice, 97.8% idle
  

  My PPPoE-based DSL connection is started up when my computer starts up. Most of that CPU load is actually top, then there's a bit from the PPPoE client. Even with all 5 computers on my home LAN streaming Real Video from the Big Brother website, the PPPoE client never gets about 2.5% or so CPU useage. (Pentium 133 with 32 megs RAM.)

  If you're in Toronto, look into dsl.ca if you want a cable/Sympatico alternative. I love these guys.

I think your information is out-of-date and/or misleading. I've had no problems with Roaring Penguin's free PPPoE implementation for linux

I have DSL form swbell. I'm mostly satisfied but i couldn't figure out why i wasn't getting an address form dhcp. People in neighboring towns that had dsl just used dhcp and went.

Well sbc now uses PPPoE (ppp over ethernet). I'm using rp-pppoe from Roaring Penguin. This is under Linux.

Pacbell, eh ?

They have oversold the 408-650 area codes over by 5000 subscribers +/- 1000, and guess what they keep on advertising!!

I'm running on a pacbell DSL circuit right now in the 408 luckily. However, when the install techs came out here to do their 30 dollar an hour overtime hocus-pocus for 6 hours they still could not even manage to install the PPPOE adapter on a Win98 box, and I will not play with windows 98 and it's perverted routing to fix it. Running fine on mandrake 7.0 with Roaring Penguin's wonderous little PPPOE client.

I have read that PPPoE support is supposed to be in the kernel, although I don't know how well it will work or what hardware it will support. In the meantime however, you can use the PPPoE drivers from Roaring Penguin. I have Bell Atlantic DSL, and it works great.

segfault@bellatlantic.net