From: Digest To: "OS/2GenAu Digest" Date: Tue, 9 Jan 2007 00:00:45 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [os2genau_digest] No. 1415 Reply-To: X-List-Unsubscribe: www.os2site.com/list/ ************************************************** Monday 08 January 2007 Number 1415 ************************************************** Subjects for today 1 Re: Mystified : Peter Moylan 2 Epson 680 : Ed Durrant 3 CopyWipe - Free hard disk image/clone program : Robert Traynor (BobT)" 4 Re: rexx/enviroment problem ? : Ian Manners" 5 Re: Mystified : Alan Duval **= Email 1 ==========================** Date: Mon, 08 Jan 2007 00:35:50 +1100 From: Peter Moylan Subject: Re: Mystified Alan Duval wrote: > It would seem to me that spam could be stopped if one could nominate > the only sites that one would accept Email from. Maybe this is > possible and I am unaware of it. For the average user, who is fetching mail from his ISP using the POP3 protocol, the only viable option is to run each message through a spam checker as it's being downloaded from the ISP's mail server. Luckily spam checkers are by now widely available, e.g. I use Thunderbird which has a built-in spam checker. If your mail program doesn't have a built-in spam filter, there are still usually ways of invoking a separate filter program during the fetch. What you can NOT do with any sort of reliability is a simple test on the mail headers, e.g. looking at the "From:" header line. This is because just about any header can be faked, and spammers routinely fake everything they can. You can place a certain degree of trust in the "Received:" header lines, because these are inserted by the intermediate mail servers that the mail passed through on its path from the spammer to you. (These lines should be read in reverse order, i.e. the first "Received:" line was inserted by the last mail server, which will be a server belonging to your own ISP, and so on.) A spammer or spam factory can fake the last "Received:" line, or even the last few, but sooner or later the mail has to pass through a legitimate mail server which is accurately reporting the address of the previous server back in the delivery chain. Because header lines are routinely faked, most spam filters rely on some sort of content analysis. (Unfortunately, these are now being defeated by the trick of filling the message with genuine-looking random text, and putting the spam itself into a GIF attachment or something similar. My copy of Thunderbird has not yet learnt that nobody except spammers sends GIF attachments, but I'm hoping that the next release of Thunderbird will be wiser to this trick. One thing I used to do was to kill all mail that was in HTML form; but that blocked my sister, who has never learnt how to use "plain text". (It also blocked my employer, but that was less of a loss.)) Even when the filter works well, you still have the overhead of downloading the spam, because it can't be analysed until it has been received. All that you've gained is that the spam doesn't have to be read by human eyes. If you're running your own mail server then you have an extra piece of information, namely the IP address of the machine that's passing on the mail to you. The bad news is that this is usually the address of a non-spammer, because it will probably be the address of some innocent relay machine rather than the address of the original sender. In fact, for most people it will always be their ISP's address. Only if you're your own ISP, with the ability to receive mail from anywhere rather than via one upstream provider, can you take advantage of this extra knowledge. I've been planning to develop a Weasel filter - or even build the feature in to Weasel - that will analyse the "Received:" lines in such a way as to look at the upstream addresses rather than the immediate sender, for the case where the immediate sender is always someone trusted like your ISP, but as so often happens this is outranked by more urgent jobs on the priority list. In any case, once you have the IP address, how do you use it? If you use a pure "whitelist" approach, accepting only mail from known friends, you'll probably block the spam but you might also block that letter from a (non-Nigerian) lawyer telling you that you've just inherited a fortune from a previously unknown great-aunt. Quite a lot of my own genuine mail comes from people who are not already on my "friends" list. At the other extreme, a pure "blacklist" approach of blocking known spammers is imperfect because the spammers move around so much, and also because some spammers use innocent "victim" machines to relay their spam. Mind you, you can do reasonably well by subscribing to the services of serious blacklist maintainers who continually update their blacklists. One person I know uses a very complicated algorithm that builds a huge database of suspect IP addresses. It blocks a lot of spam, but it also blocks a lot of genuine mail. I can't e-mail him to tell him that because he has me accidentally blacklisted. This is just one example that goes to show that even the determined anti-spam experts are having trouble getting it right. -- Peter Moylan peter at ozebelg dot org peter.moylan at optusnet dot com dot au http://www.pmoylan dot org Please note the changed e-mail and web addresses. The domain eepjm.newcastle.edu.au no longer exists, and I can no longer receive mail at my newcastle.edu.au addresses. The optusnet address could disappear at any time. ---------------------------------------------------------------------------------- **= Email 2 ==========================** Date: Mon, 08 Jan 2007 06:43:50 +1100 From: Ed Durrant Subject: Epson 680 Hi all. Some of you know I've found the Epson Stylus Color 680 printer a reliable and effective printer on OS/2 for many years. I have repaired it several time and despite the fact that Epson have stopped making ink cartridges for, I have kept it going on aftermaket cartridges. Unfortunately after having a major paper jam at the weekend, I have to take it apart again only to find more black ink inside it than I thought a cartridge could hold. Cleaned all of this out and the rogue strip of paper that caused the jam and reassembled the printer but when I powered it on it made such a horrible noise and jammed. I then saw a very small cog on the floor that has obviously exited the printer during the ink cleaning phase. That was the final straw, it's really not worth trying to repair this nearly 10 year old (?) inkjet printer, it has more than served its time. so it's now been unceremoniously cast out into the rubbish. The point of this e-mail is that I have two unopened black cartridges (T017 equivalent) for this Epson 680 (also fit Epson 777 and 685) if anyone on this list has one of these printers and wants these two black cartridges, please send me your postal address off-list and I'll happily send these to you at no cost. I know how difficult these are to find I'd rather give them away that throw them away. Cheers/2 Ed. ---------------------------------------------------------------------------------- **= Email 3 ==========================** Date: Mon, 08 Jan 2007 10:47:36 +1000 From: "Robert Traynor (BobT)" Subject: CopyWipe - Free hard disk image/clone program Hi All, I had recently upgraded a hard drive to 500gb and I decided to try out a free program that will either copy one hard drive to another or wipe the contents of one drive. CopyWipe for DOS 1.14 or CopyWipe for Windows 1.14 is available from:- I chose to make up a BartPE WinXp cd and install CopyWipe on that. It is a bit ironic that I was able to copy (from Windows) the 300gb hard drive complete with eCS 1.1 partitions and Boot Manager to a new 500gb drive using a 1:1 sector option and eCS worked perfectly first time. Because it was a complete digital copy of the original 300gb drive, byte for byte with the exception of the blank approx 200gb at the end, eCS did not even loose a drive letter or hick up. I then used LVM to create a logical partion in the new free space and bith windows and eCS are continuing to work perfectly. YMMV, but it works for me. I have also tested the Dos version in VPC, running simulations and it too works ok. To ensure that it works for you, simply choose the "sector by sector" option when you use it. You must take care when using as it will not show you volume labels, just identifying drives by absolute terms, ie. drive 0, drive 1 etc. HTH, Regards, Robert Traynor (BobT). 8 January 2007 10:40 ,-._|\ Robert Traynor (BobT) / Oz \ email rtraynor.removeme at removeme.optusnet dot com dot au \_,--.x/ ---------------------------------------------------------------------------------- **= Email 4 ==========================** Date: Mon, 08 Jan 2007 21:17:02 +1100 (EDT) From: "Ian Manners" Subject: Re: rexx/enviroment problem ? Hi Peter >I was away when this discussion started, but a possible explanation has Hope you enjoyed your 'away' :-) >just occurred to me. If a program is running detached (i.e. as a daemon >without access to keyboard/screen/mouse) then any process that it starts >must also run detached. This is a consequence of the way environments >are inherited and I don't think there's any way to change it. This >means, for example, that if a Weasel filter needs to write to the screen >then Weasel cannot be run detached (or the filter will fail to run >properly). From vague memory, I think you are running one or both of >Weasel and ClamAV as detached processes. Only the ClamAV Demon is running detached, clamdscan.exe is then called by the filter which puts a call through to clamd.exe, which as its a demon speeds things up by a quantum leap. All output from ClamAV is turned off at the command line, and no bounce back messages go out. > From memory, I think that cmd.exe is able to run detached but that some >of its commands won't work in that case. My suspicion is that COPY will >fail in a detached process because COPY expects to write to the screen. >If my guess is correct, then the answer could be as simple as adding a >'>nul' to the end of the COPY command. So thats why I see the >nul in some rexx files. I'll try that to check soon but still odd that my clamfilt.cmd worked for a while until one update of clamav, then the copy command stopped working :-( It does fit the fault perfectly though, so will give the > nul a try simply due to curiosity. Cheers Ian Manners Tech Fossil (Often called a Dinosaur) - ancient animal that gets things done http://www.os2site dot com/ There is no Mafia. The world is flat. Chairman Bill is a genius. ---------------------------------------------------------------------------------- **= Email 5 ==========================** Date: Mon, 08 Jan 2007 22:28:46 +1100 From: Alan Duval Subject: Re: Mystified Hi Peter, Thanks for your detailed reply. Regards, Alan Duval ----------------------------------------------------------------------------------