From: Digest To: "OS/2GenAu Digest" Date: Fri, 28 Mar 2008 00:00:53 EST-10EDT,10,-1,0,7200,3,-1,0,7200,3600 Subject: [os2genau_digest] No. 1631 Reply-To: X-List-Unsubscribe: www.os2site.com/list/ ************************************************** Thursday 27 March 2008 Number 1631 ************************************************** Subjects for today 1 Re: Spam : Simon Lewis 2 Re: Spam : Peter Moylan 3 Re: Spam : Voytek Eymont" 4 Re: Spam : Voytek Eymont" 5 Re: Spam : Voytek Eymont" 6 Re: Spam : Peter Moylan **= Email 1 ==========================** Date: Wed, 26 Mar 2008 08:24:08 -0700 From: Simon Lewis Subject: Re: Spam Hi, Thank you for that info as I noticed it also. It's triggered another email problem. SBC, my DSL provider has responded to this "and the use of third party" (i. not Outlook) software by "changing the security settings." This requires the use of SSL, which in turn locks out my nonsupported Netscape Mail. Supposedly none of the port allocations has changed, but SSL stops Netscape from working. Anyone encountered this"? Simon Ian Manners wrote: >Hi Alan, > > > >>I have noticed that my email address has been used to send spam as it >>has appeared in at least 4 emails that have been blocked by spam >>filtering used by Westnet. Can I do anything about this apart from >>changing my email address? >> >> > > Ignore it, happens to everyone thats on a spammers list, the >current software simply randomly picks an email address from >the database and sticks it in the "Reply To:" or From: fields. > >Cheers >Ian Manners >http://www.os2site dot com/ > > > > > > [attachments have been removed] ---------------------------------------------------------------------------------- **= Email 2 ==========================** Date: Thu, 27 Mar 2008 22:29:58 +1100 From: Peter Moylan Subject: Re: Spam On 27/03/08 02:24, Simon Lewis wrote: > > Thank you for that info as I noticed it also. It's triggered another > email problem. SBC, my DSL provider has responded to this "and the > use of third party" (i. not Outlook) software by "changing the > security settings." This makes me seriously wonder about the competence of your ISP. Changing the security settings will not do anything to stop spammers from pretending to be you. Except, perhaps, in the case where the spammers are using the same ISP. In the latter case, the ISP has a problem that needs to be fixed. Not you. One piece of information that might be worth passing on to the ISP: the very best way to ensure that this problem does not recur in future is never to send mail to anyone who uses Outlook. Spammers love stealing the contents of Outlook address books. (I take every reasonable precaution against spammers getting hold of my address, but it's all ruined by the fact that I'm in my sister's address book.) If your ISP banned the use of Outlook, that would be a positive contribution to the war against spam. > This requires the use of SSL, which in turn locks out my nonsupported > Netscape Mail. Supposedly none of the port allocations has changed, > but SSL stops Netscape from working. Anyone encountered this"? You might have the ports set incorrectly. Without SSL, the standard mail ports are 110 for POP3 and 25 for SMTP. With SSL, you should use port 995 for POP and port 465 for SMTP. Some mail clients will change the port numbers automatically as soon as you specify the use of TLS. (Or SSL, for older mail clients.) Others don't, so it would be a good idea to check. But, you know, SSL is overkill for this sort of problem. Sure, it also encrypts the body of your mail, which is a good idea if you're having an affair with your boss's wife; but the spammers aren't looking at those bodies anyway. The main thing that needs protecting is your username and password, and CRAM-MD5 authentication should satisfy most ISPs. If they insist on SSL, they're seriously misunderstanding what security is about. Older versions of Netscape did not support CRAM-MD5; but Thunderbird does, so I'm guessing that the latest Netscape does too. One more point: SSL is obsolete. If you want that level of encryption, you should be using TLS instead. That's the modern replacement for SSL. There's a certain level of compatibility between SSL and TLS, but if you're using software that mentions SSL then you're probably using an out-of-date version. -- Peter Moylan peter at pmoylan dot org http://www.pmoylan dot org ---------------------------------------------------------------------------------- **= Email 3 ==========================** Date: Thu, 27 Mar 2008 23:03:40 +1100 (EST) From: "Voytek Eymont" Subject: Re: Spam > On 27/03/08 02:24, Simon Lewis wrote: > You might have the ports set incorrectly. Without SSL, the standard mail > ports are 110 for POP3 and 25 for SMTP. With SSL, you should use port 995 > for POP and port 465 for SMTP. Some mail clients will change the port > numbers automatically as soon as you specify the use of TLS. (Or SSL, for > older mail clients.) Others don't, so it would be a good idea to check. and IMAP on 143 and IMAP/TLS 993; and, SMTP can also be on 587 (which is what I use (but no longer recall why I chose 587 over 465)) services:submission 587/tcp msa # mail message submission services:submission 587/udp msa # mail message submission services:smtps 465/tcp # SMTP over SSL (TLS) Peter, do any OS/2 mail clients support IMAP/TLS ? POP/TLS ? SMTP/AUTH ? -- Voytek ---------------------------------------------------------------------------------- **= Email 4 ==========================** Date: Thu, 27 Mar 2008 23:08:54 +1100 (EST) From: "Voytek Eymont" Subject: Re: Spam > Peter, > do any OS/2 mail clients support IMAP/TLS ? POP/TLS ? SMTP/AUTH ? I guess Thunderbird does, but I don't think PMMail does -- Voytek ---------------------------------------------------------------------------------- **= Email 5 ==========================** Date: Thu, 27 Mar 2008 23:15:30 +1100 (EST) From: "Voytek Eymont" Subject: Re: Spam > On 27/03/08 02:24, Simon Lewis wrote: > But, you know, SSL is overkill for this sort of problem. Sure, it also > encrypts the body of your mail, which is a good idea if you're having an > affair with your boss's wife; but the spammers aren't looking at those > bodies anyway. The main thing that needs protecting is your username and > password, and CRAM-MD5 authentication should satisfy most ISPs. If they > insist on SSL, they're seriously misunderstanding what security is about. I use my Palm, sometimes over 'opportunistic WiFi' or GPRS, in such scenario, encryption is not a bad idea (not that my email has anything of great value to most folks); with SnapperMail I can retrieve POP/TLS or IMAP/TLS and send SMTP/TLS -- Voytek ---------------------------------------------------------------------------------- **= Email 6 ==========================** Date: Thu, 27 Mar 2008 23:31:28 +1100 From: Peter Moylan Subject: Re: Spam On 27/03/08 23:08, Voytek Eymont wrote: > > >> Peter, >> do any OS/2 mail clients support IMAP/TLS ? POP/TLS ? SMTP/AUTH ? > > I guess Thunderbird does, but I don't think PMMail does That's the answer I was going to give, but I must admit that it's a couple of years since I looked at any OS/2 mail client other than Thunderbird. At a certain point - after waiting almost forever for PMMail to get updated character set support - I decided that Thunderbird was the only client that had a chance of being upgraded to meet changing practices and standards. MR/2 ICE was still being supported at that stage, but it was a bit klunky even by comparison with a non-supported PMMail. It's possible that PMMail might move ahead in the race, since it's supported again. The reason why Thunderbird updates keep coming is that Innotek made it easy to port Windows versions of Mozilla software to OS/2. What happens when Thunderbird starts using Windows features that Innotek doesn't support, given that (as far as I know) Innotek is no longer updating their stuff? This makes me nervous, given that Windows has always been a moving target. -- Peter Moylan peter at pmoylan dot org http://www.pmoylan dot org ----------------------------------------------------------------------------------