oss-sec mailing list archives

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:)

From: Dave Horsfall <dave () horsfall org>
Date: Thu, 30 Oct 2014 10:32:39 +1100 (EST)

On Wed, 29 Oct 2014, Michal Zalewski wrote:

(BUGTRAQ, too, although that list seems to be in a pretty bad shape 
these days and perhaps its days are numbered).


It could be because they're hosted at Security Focus, whose mailserver 
could best be described as erratic.  It doesn't like long banners or greet 
pauses (both anti-spammer defences) and retries frequently, as if that 
will make any difference.  I'm told that this is a "feature" of Qmail 
(along with its other antisocial habits).

Oddly enough, I do receive the occasional BugTraq message, so sometimes it 
works, hence my description of them being erratic.  For example, this one 
worked:

Received: from sf01smtp2.securityfocus.com (smtp.securityfocus.com [143.127.139.113])

yet these failed miserably:

Oct 30 09:46:20 aneurin sm-mta[79426]: s9TMhmHs079426: smtp.securityfocus.com [143.127.139.113] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to IPv4
Oct 30 09:46:30 aneurin sm-mta[79427]: s9TMhv1H079427: smtp.securityfocus.com [143.127.139.113] did not issue 
MAIL/EXPN/VRFY/ETRN during connection to IPv4

Feedback to list owner, abuse, and postmaster go implacably unanswered.

-- 
Dave Horsfall (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)

Current thread:

Re: Truly scary SSL 3.0 vuln to be revealed soon:, (continued)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
  - RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Walter Parker (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Brandon Whaley (Oct 15)
    - list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Oct 15)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
    - Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Nov 03)
    - Re: SSL POODLE (Truly scary SSL 3.0 vuln) gremlin (Oct 14)
    - Re: SSL POODLE (Truly scary SSL 3.0 vuln) Krassimir Tzvetanov (Oct 14)
    - Re: SSL POODLE Florian Weimer (Oct 15)
    - Re: SSL POODLE Hanno Böck (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
    - RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 15)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 14)
    - Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha (Oct 14)

(Thread continues...)