|
Grex > Coop12 > #156: Make off-site e-mail and ftp a non-default priviledge | |
|
| Author |
Message |
russ
|
|
Make off-site e-mail and ftp a non-default priviledge
| 
Dec 4 12:29 UTC 2002 |
I propose that off-site e-mail and ftp access not be granted
to new accounts by default. Access would be given only if
the account was created from our dial-in ports, if the account
holder becomes a member, or by special request granted by staff
if our resources are adequate.
The purpose of this proposal is to get rid of our difficulties
with donkey users (ftp abuse), certain classes of vandals, and
reduce the load of e-mail processing. Any user with internet
access and a web browser can already go to Yahoo or Hotmail for
better e-mail service than we can provide anyway; the load we
are seeing threatens our ability to offer e-mail service at all.
Current accounts would not be affected.
|
| 70 responses total. |
scott
|
|
response 1 of 70:
|
Dec 4 13:46 UTC 2002 |
How are you defining "offsite" email?
|
cmcgee
|
|
response 2 of 70:
|
Dec 4 13:50 UTC 2002 |
I have 3 questions about this proposal:
1) is off-site email causing our slowness?
2)how does ftp affect our speed, since only inbound is allowed to these
folks anyway?
3) is this a problem that will be solved by nextgrex?
I am ib favor of this idea if the hypotheses it is based on are true. If
nextgrex will make this problem go away, then I'm in favor of it with a sunset
provision that says it expires in 8 months, or whatever seems a reasonable
estimate for getting nextgrex running.
|
cmcgee
|
|
response 3 of 70:
|
Dec 4 13:52 UTC 2002 |
ah, ok, Scott, I assumed off-site email was mail being forwarded to another
email address.
Is this really two different solutions? One for controlling email loads, and
another for controlling ftp loads?
|
mynxcat
|
|
response 4 of 70:
|
Dec 4 16:30 UTC 2002 |
Why should these privileges be afforded t oonly people who create accounts
through dial-in (That is what you meant, right? Or did I get it wrong). (Of
course I understand that they would be afforded to paying members and special
requests.
|
gull
|
|
response 5 of 70:
|
Dec 4 16:42 UTC 2002 |
I'd be willing to consider the ftp ban. I'm not in favor of the offsite
email ban. (For the purpose of this discussion, I'm assuming 'offsite
email' is 'email to or from another host'.)
Email was what brought me here originally, and what kept me here.
Conference participation came a little later, and having a stable email
address is what kept me from leaving Grex during periods when I
temporarily lost interest in the conferences.
Deciding to ban offsite email would also be a bit of a hardship for
people who rely on their Grex email addresses. When I was in college I
often used my Grex address on resumes and the like, because I knew my
college address would go away as soon as I graduated and because Grex
was sometimes easier to access from home. I wasn't a member at the
time, partly because I didn't have the spare cash then that I do now.
Part of Grex's mission is community service. I think email is high on
the list of useful services we provide.
|
keesan
|
|
response 6 of 70:
|
Dec 4 18:18 UTC 2002 |
I do not consider Yahoo mail to be in any way superior to Pine at grex. I
have not found any ISPs that offer UNIX shell accounts. I would like to
continue to offer people free UNIX email no matter where they live. Also how
is someone who usually dials in but happens to be out of town supposed to be
able to check their email at grex if they cannot telnet in and do so?
|
krj
|
|
response 7 of 70:
|
Dec 4 19:06 UTC 2002 |
Russ's proposal is similar to one I floated at the last Board meeting;
this would be a temporary measure to free up enough staff time to get
the nextGrex project done, just to stop the staff time being
spent on vandal attacks and the clueless.
Marcus' response, which I hope I am presenting
correctly, was that creating any such confinement of new users would
be in itself a significant development project requiring staff time.
The next step might be to suggest turning off newuser until nextGrex
can be done. It would be highly unpleasant, but offering slow and
deteriorating mail service is also going to be unpleasant.
Turning off newuser would require essentially no staff time.
Grex might need to think about which unpleasant alternative
is going to cause the least long-term damage to the community.
STeve and I were batting this subject around in the car today.
I'm wondering if the current spam situation is creating so much
pressure on Grex's mail service that even the planned nextGrex
system would be able to cope with it.
|
cross
|
|
response 8 of 70:
|
Dec 4 19:40 UTC 2002 |
Odds are your network link would die from SPAM before anything else
did, but a newer grex gives you the opportunity to throw away the hacked
together version of sendmail grex currently uses and go with something a
little more modern, like Postfix, that gives you some amount of SPAM
protection for free.
I should note that the majority of spam I get now seems to be bounced
through cyberspace.org. Turning off that spigot would certainly improve
things.
|
polytarp
|
|
response 9 of 70:
|
Dec 4 20:32 UTC 2002 |
When NexGREX is created, you should still be ablyr to use OLDGrAx.
|
keesan
|
|
response 10 of 70:
|
Dec 4 21:01 UTC 2002 |
How about cancelling the email accounts of anyone who has not used them at
all, after a month? Would this eliminate some spam? Or you could ask
newusers when they sign up whether they want to have an email account, and
offer the option of adding one later if wanted, in the Change program.
Are there still many new users signing up who do use Grex email?
|
cross
|
|
response 11 of 70:
|
Dec 5 01:39 UTC 2002 |
I believe that idle users are already reaped, but that won't really cut
down on the spam problem. There are two issues, as far as I understand
things: 1) users who login to grex and use it as a platform to send spam
*from*, and 2) users who receive spam sent to them at (or, in my case,
through) grex.
For (1), it's fairly easy to identify and squash the offending users.
For (2), the problem is more complex, but solutions exist. Among them
is switching to a more modern mail transfer agent (list Postfix) that
already has a number of anti-spam features built in.
In terms of seperating user accounts from email accounts, that's not
really practical; they're more or less the same account now, and changing
that would be difficult.
|
russ
|
|
response 12 of 70:
|
Dec 5 13:00 UTC 2002 |
Re #1: Mail entering or leaving Grex is how I'd define it.
Re #2.1: Dunno, but mail gets delayed severely when the load average
gets above a certain point. The more mail is trying to come in,
the bigger the backlog gets.
Re #2.2: ftp is a favorite route for edonkey and downloading of vandal
tools. Forcing people to make a special request before they can get
ftp access would get rid of 99% of the vandals and their CPU load.
Re #4: Because people coming in through dial-in may well not have an
ISP or other TCP/IP access to sites such as Hotmail (unlike someone
coming in via the net). Such people should be served without question.
Re #5: Someone already relying on Grex would not be affected; this
would only apply to new accounts and could be waived by request.
(Why not Yahoo or Hotmail?)
|
mary
|
|
response 13 of 70:
|
Dec 5 13:40 UTC 2002 |
I do think it's time we look at what services Grex can offer. Offer to
reasonable standards, that is. The bottleneck seems to be staff time.
I'd like to hear from users how they'd prioritize their needs here but I
don't know how to reach those who are simply here for mail, or party, or
the shell access. Asking those who conference might give not give us an
accurate view of what we need to offer the majority.
But something has to give. We are so slow that I know I wouldn't take the
time to get to know the community if I found Grex today, new, on the web.
Which is how new folks are checking us out. If it wasn't for telnet I'd
find connecting intolerable. I suspect I'm not the only one who
feels this way but, again, it's hard to know for sure why folks
*aren't* here.
Mail is not dependable. It's okay for a backup or recreational use, but
not much else.
Open shell access is keeping staff up to their eyebrows with vandal issues
when their time could better be spent improving Grex.
Our present platform is antiquated, leaving staff crippled when it comes
to addressing mail and vandal problems.
And staff can't even seem to compromise and move forward in deciding which
platform to use. Sure, the longer we wait the cheaper the the new
computer will be. But meanwhile the system slowly withers, with fewer new
voices, dropping income, a smaller pool of staff available to help, and
hardware that is no longer meeting our needs.
But new computer prices are dropping. Yeah. So is our
bottom line.
I'm frustrated and a little worried about Grex's future.
|
gull
|
|
response 14 of 70:
|
Dec 5 14:18 UTC 2002 |
Re #7: Do we even know for sure that this is the reason email is being
delayed? Until we do, this is all premature.
Re #11: FWIW, deleting accounts doesn't reduce the amount of spam sent
to them very quickly. The mail server where I work still bounces spam
destined for accounts that were deleted over a year ago.
Re #12: Have you ever used Hotmail or Yahoo? They're less reliable than
Grex. Hotmail has had long downtime periods, and I've often seen *it*
time out mail connections. All of the web mail servies are also major
spam magnets in a way my Grex account isn't.
The people who have mentioned eDonkey as a problem should keep in mind
that it would be much easier to eliminate it by preventing users from
creating web pages. Since Grex doesn't allow images, the ability to
create web pages here is not terribly useful anyway.
|
keesan
|
|
response 15 of 70:
|
Dec 5 15:39 UTC 2002 |
I have a Yahoo account that I prefer not to use but it has never received
spam. Possibly because I never posted that address and it is a strange one.
I have a very useful web page at grex without images. It communicates facts
(resume, etc.). I have put together small webpages for other people using
grex as their only access to the web. You don't hear from them here because
they have not figured out how to do anything much besides email. None of them
wants to switch to Yahoo except occasionally to look at an attached image.
But they don't ftp anything anywhere.
Grex is much faster (10-20X?) than when I first started using it as my only
email address and it is always faster than Yahoo for me. Even with graphics
turned off, Yahoo takes forever to even start loading.
Can you simply place a limit on the size of things people ftp to grex when
they are not members? Or would that not even help?
|
cmcgee
|
|
response 16 of 70:
|
Dec 5 16:51 UTC 2002 |
I too was one of the locals who came for dial-in email and stayed for
conferencing.
I would hate to see us limit nonmember emails. Can staff give us any clues
abot how much of our slowness problem is because of illegal ftp attempts,
intensive email use from off-shore users, spam from within Grex, spam directed
at Grex, etc?
|
other
|
|
response 17 of 70:
|
Dec 5 17:24 UTC 2002 |
Those numbers would be really useful in deflecting some well-intentioned
ideas which would not likely have the desired effect.
|
slynne
|
|
response 18 of 70:
|
Dec 5 17:45 UTC 2002 |
While I have never used grex as my primary email, I have known people
who have done just that. Is there a way to limit the amount of email
people can send/receive in one day? This might help if it is a few
heavy users who are clogging the system.
|
gull
|
|
response 19 of 70:
|
Dec 5 21:48 UTC 2002 |
The problem is even if you start rejecting email for that user, you
still have the overhead of handling the email connection. In fact,
depending on how you reject it, you may incite the remote system to try
several more times before giving up, making the problem worse.
|
slynne
|
|
response 20 of 70:
|
Dec 5 22:30 UTC 2002 |
Ah.
Is the problem mostly with people sending mail or receiving mail? Maybe
we could limit just the amount a person can send?
|
keesan
|
|
response 21 of 70:
|
Dec 5 23:36 UTC 2002 |
I send and receive as many as 50 emails a day and would hate to be limited.
I might hate it enough to join mnet instead. Most of my incoming mail is not
spam. (Most recently it is from freeware authors for whom I am doing free
translations, in the spirit of grex.)
|
jep
|
|
response 22 of 70:
|
Dec 6 03:50 UTC 2002 |
M-Net is *much* faster and has a *much* better Internet connection than
Grex, which is part of why I have my e-mail here forwarded over there.
There's also more disk space on M-Net. However, it has more down time
than Grex. That doesn't bother me since I don't have time-critical e-
mail sent to either system.
I expect Grex would have a lot less performance problems, and be a lot
less affected by heavy usage, if it were on faster, cheaper hardware.
I find it kind of frustrating that the discussion to consider moving
off early 90s hardware has been going on for probably 3 years, if not
longer.
If it were my choice -- and maybe it is in part, I'm a member -- I'd
much rather move to Intel-based hardware that can handle the load more
capably, instead of cut services to match the hardware we've got now.
Any decision in which I participate will have that as an important
consideration.
I'm not very comfortable with split levels of service, whether it's for
contributors, users on basis of seniority, or any other basis. If ftp
access, for one example, is to be turned off for some users, I'd prefer
it be turned off for everyone except the staff. Maybe they could grant
exceptions for some people who need their Grex access for a particular
reason.
I believe that "temporary" emergency measures can pretty easily become
permanent, so I'm as strongly opposed to temporary split access as I am
to permanent split access.
If the real staff are getting bogged down by repetitive tasks that
could be taught to other people, might it not be a worthwhile idea to
explore bringing in a few other people?
I, for example, am fairly knowledgeable about Unix, though I'm not on
the level of such people as Marcus and STeve. I can't donate a huge
amount of time to Grex, but possibly could help out on some things. I
don't know what any of those things are, but much of the staff know me
and could probably evaluate what I could do.
Maybe the staff don't want me, specifically, as I carry some baggage
from my M-Net days. (I'm not offended.) However, there are other Unix
capable people around who could probably be approached. Dan Cross is
one who comes quickly to mind.
For that matter, I don't believe every staff-occupied task requires all
that much Unix knowledge or background. I'm just throwing out a couple
of names, I haven't talked to anyone, but harness sindi/jdiegert and
really a lot of work could get done.
I *think* the last new staffer was i, who's been on the job for what, 5
or 6 years now? Isn't there *some* way to bring ourselves to bring
*some* new people into the mix from time to time?
|
gull
|
|
response 23 of 70:
|
Dec 6 14:14 UTC 2002 |
I agree with #22.
As far as staff tasks go, I think a lot of the issue isn't that the
tasks require much UNIX knowledge. Cleaning up eggdrops and things like
that actually require only minimal UNIX skills. What they do require is
trust, and a lot of it, because you're going through other people's
files. The potential for abuse is huge. I suspect that's the main
barrier to delegation.
|
aruba
|
|
response 24 of 70:
|
Dec 6 15:48 UTC 2002 |
jep's #22 seems very sensible to me, too.
|