From: Digest <deadmail>
To: "OS/2GenAu Digest"<deadmail>
Date: Fri, 28 Mar 2008 00:00:53 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600
Subject: [os2genau_digest] No. 1631
Reply-To: <deadmail>
X-List-Unsubscribe: www.os2site.com/list/

**************************************************
Thursday 27 March 2008
 Number  1631
**************************************************

Subjects for today
 
1  Re:  Spam : Simon Lewis <zermatt at attglobal dot net>
2  Re:  Spam : Peter Moylan <peter at pmoylan dot org>
3  Re:  Spam : Voytek Eymont" <voytek at sbt dot net dot au>
4  Re:  Spam : Voytek Eymont" <voytek at sbt dot net dot au>
5  Re:  Spam : Voytek Eymont" <voytek at sbt dot net dot au>
6  Re:  Spam : Peter Moylan <peter at pmoylan dot org>

**= Email   1 ==========================**

Date:  Wed, 26 Mar 2008 08:24:08 -0700
From:  Simon Lewis <zermatt at attglobal dot net>
Subject:  Re:  Spam

Hi,

Thank you for that info as I noticed it also. It's triggered another 
email problem. SBC, my DSL provider has responded to this "and the use 
of third party" (i. not Outlook) software by "changing the security 
settings."

This requires the use of SSL, which in turn locks out my nonsupported 
Netscape Mail. Supposedly none of the port allocations has changed, but 
SSL stops Netscape from working. Anyone encountered this"?

Simon

Ian Manners wrote:

>Hi Alan,
>
>  
>
>>I have noticed that my email address has been used to send spam as it 
>>has appeared in at least 4 emails that have been blocked by spam 
>>filtering used by Westnet. Can I do anything about this apart from 
>>changing my email address?
>>    
>>
>
> Ignore it, happens to everyone thats on a spammers list, the
>current software simply randomly picks an email address from
>the database and sticks it in the "Reply To:" or From: fields.
>
>Cheers
>Ian Manners
>http://www.os2site dot com/
>
>

> 

>
>  
>


[attachments have been removed]
----------------------------------------------------------------------------------
 

**= Email   2 ==========================**

Date:  Thu, 27 Mar 2008 22:29:58 +1100
From:  Peter Moylan <peter at pmoylan dot org>
Subject:  Re:  Spam

On 27/03/08 02:24, Simon Lewis wrote:
> 
> Thank you for that info as I noticed it also. It's triggered another
>  email problem. SBC, my DSL provider has responded to this "and the
> use of third party" (i. not Outlook) software by "changing the
> security settings."

This makes me seriously wonder about the competence of your ISP.
Changing the security settings will not do anything to stop spammers
from pretending to be you. Except, perhaps, in the case where the
spammers are using the same ISP. In the latter case, the ISP has a
problem that needs to be fixed. Not you.

One piece of information that might be worth passing on to the ISP: the
very best way to ensure that this problem does not recur in future is
never to send mail to anyone who uses Outlook. Spammers love stealing
the contents of Outlook address books. (I take every reasonable
precaution against spammers getting hold of my address, but it's all
ruined by the fact that I'm in my sister's address book.) If your ISP
banned the use of Outlook, that would be a positive contribution to the
war against spam.

> This requires the use of SSL, which in turn locks out my nonsupported
>  Netscape Mail. Supposedly none of the port allocations has changed,
> but SSL stops Netscape from working. Anyone encountered this"?

You might have the ports set incorrectly. Without SSL, the standard mail
ports are 110 for POP3 and 25 for SMTP. With SSL, you should use port
995 for POP and port 465 for SMTP. Some mail clients will change the
port numbers automatically as soon as you specify the use of TLS. (Or
SSL, for older mail clients.) Others don't, so it would be a good idea
to check.

But, you know, SSL is overkill for this sort of problem. Sure, it also
encrypts the body of your mail, which is a good idea if you're having an
affair with your boss's wife; but the spammers aren't looking at those
bodies anyway. The main thing that needs protecting is your username and
password, and CRAM-MD5 authentication should satisfy most ISPs. If they
insist on SSL, they're seriously misunderstanding what security is about.

Older versions of Netscape did not support CRAM-MD5; but Thunderbird
does, so I'm guessing that the latest Netscape does too.

One more point: SSL is obsolete. If you want that level of encryption,
you should be using TLS instead. That's the modern replacement for SSL.
There's a certain level of compatibility between SSL and TLS, but if
you're using software that mentions SSL then you're probably using an
out-of-date version.

-- 
Peter Moylan                          peter at pmoylan dot org
                                       http://www.pmoylan dot org
----------------------------------------------------------------------------------
 

**= Email   3 ==========================**

Date:  Thu, 27 Mar 2008 23:03:40 +1100 (EST)
From:  "Voytek Eymont" <voytek at sbt dot net dot au>
Subject:  Re:  Spam


<quote who="Peter Moylan">
> On 27/03/08 02:24, Simon Lewis wrote:

> You might have the ports set incorrectly. Without SSL, the standard mail
> ports are 110 for POP3 and 25 for SMTP. With SSL, you should use port 995
> for POP and port 465 for SMTP. Some mail clients will change the port
> numbers automatically as soon as you specify the use of TLS. (Or SSL, for
> older mail clients.) Others don't, so it would be a good idea to check.

and IMAP on 143 and IMAP/TLS 993;
and, SMTP can also be on 587 (which is what I use (but no longer recall
why I chose 587 over 465))

services:submission     587/tcp         msa             # mail message
submission
services:submission     587/udp         msa             # mail message
submission
services:smtps          465/tcp                         # SMTP over SSL (TLS)

Peter,
do any OS/2 mail clients support IMAP/TLS ? POP/TLS ? SMTP/AUTH ?


-- 
Voytek

----------------------------------------------------------------------------------
 
**= Email   4 ==========================**

Date:  Thu, 27 Mar 2008 23:08:54 +1100 (EST)
From:  "Voytek Eymont" <voytek at sbt dot net dot au>
Subject:  Re:  Spam


<quote who="Voytek Eymont">

> Peter,
> do any OS/2 mail clients support IMAP/TLS ? POP/TLS ? SMTP/AUTH ?

I guess Thunderbird does, but I don't think PMMail does


-- 
Voytek

----------------------------------------------------------------------------------
 
**= Email   5 ==========================**

Date:  Thu, 27 Mar 2008 23:15:30 +1100 (EST)
From:  "Voytek Eymont" <voytek at sbt dot net dot au>
Subject:  Re:  Spam


<quote who="Peter Moylan">
> On 27/03/08 02:24, Simon Lewis wrote:

> But, you know, SSL is overkill for this sort of problem. Sure, it also
> encrypts the body of your mail, which is a good idea if you're having an
> affair with your boss's wife; but the spammers aren't looking at those
> bodies anyway. The main thing that needs protecting is your username and
> password, and CRAM-MD5 authentication should satisfy most ISPs. If they
> insist on SSL, they're seriously misunderstanding what security is about.

I use my Palm, sometimes over 'opportunistic WiFi' or GPRS, in such
scenario, encryption is not a bad idea (not that my email has anything of
great value to most folks); with SnapperMail I can retrieve POP/TLS or
IMAP/TLS and send SMTP/TLS


-- 
Voytek

----------------------------------------------------------------------------------
 
**= Email   6 ==========================**

Date:  Thu, 27 Mar 2008 23:31:28 +1100
From:  Peter Moylan <peter at pmoylan dot org>
Subject:  Re:  Spam

On 27/03/08 23:08, Voytek Eymont wrote:
> <quote who="Voytek Eymont">
> 
>> Peter,
>> do any OS/2 mail clients support IMAP/TLS ? POP/TLS ? SMTP/AUTH ?
> 
> I guess Thunderbird does, but I don't think PMMail does

That's the answer I was going to give, but I must admit that it's a
couple of years since I looked at any OS/2 mail client other than
Thunderbird. At a certain point - after waiting almost forever for
PMMail to get updated character set support - I decided that Thunderbird
was the only client that had a chance of being upgraded to meet changing
practices and standards. MR/2 ICE was still being supported at that
stage, but it was a bit klunky even by comparison with a non-supported
PMMail.

It's possible that PMMail might move ahead in the race, since it's
supported again. The reason why Thunderbird updates keep coming is that
Innotek made it easy to port Windows versions of Mozilla software to
OS/2. What happens when Thunderbird starts using Windows features that
Innotek doesn't support, given that (as far as I know) Innotek is no
longer updating their stuff? This makes me nervous, given that Windows
has always been a moving target.

-- 
Peter Moylan                          peter at pmoylan dot org
                                       http://www.pmoylan dot org
----------------------------------------------------------------------------------
 

