[TriLUG] OT: winmail.dat

Magnus chrish at trilug.org
Thu Jun 26 08:15:18 EDT 2003 

On Thursday, June 26, 2003, at 07:11 AM, Jim Ray wrote:

> what was the security problem with winmail.dat?  a buddy of mine that
> works for microsoft is interested in correcting the problem.
>
> also, i looked at the trilug.org web site and pulled up one of my posts
> with winmail.dat.  it looked like a bunch of garbage.  any way to get
> the message back, or is it toast?
[snip]
>                 i don't really know what winmail.dat is; however, this
>                 one guy really got his panties in a wad over it and
>                 cited security reasons.


Jim,

If you're referring to my original complaint, you are (to put it 
kindly) prone to exaggeration, overreaction and outright fabrication.  
I've copied your Microsoft buddy because you've been spoon feeding him 
some tall tails.

What I *really* said was:
> Jim could you please have a look at:
> http://support.microsoft.com/support/kb/articles/Q241/5/38.ASP
> http://support.microsoft.com/support/kb/articles/Q138/0/53.ASP
> http://www.microsoft.com/TechNet/exchange/2505ch10.asp
>
> Microsoft doesn't even want winmail.dat attachments going out to the 
> Internet (let alone the majority of people on a Linux mailing list), 
> and it can be disabled by the sender.  The purpose of these 
> attachments is entirely for internal email use where all recipients 
> are known to be using Outlook.
>
> I'm posting to the list for the benefit of the archives in case 
> someone else starts sending these winmail.dat attachments to the list.

(Don't take my word for it; this is in the archives)

And my other earlier more subtle response to your attachments was:
> On Thursday, May 1, 2003, at 01:20 PM, Jim Ray wrote:
>
>> but but but i don't like spam...
> [snip]
>> <winmail.dat>
>
> Or unwelcome file attachments for that matter.  :-(


It was not expressed or implied that this was a security problem.  You 
made this up.


And the winmail.dat is not only attached when Mac users check their 
mail;  an attachment is an attachment, and everyone will get it (it 
shows up in mutt & pine both, as well as Mail.app).  Even your 
Microsoft buddy should know that.  His employer published every one of 
those three white papers I linked to with regards to shutting these 
things off and not sending them to external recipients.

Jim, maybe you should just bite the bullet and hire a consultant that 
understands Windows systems to get that little problem of yours fixed 
up. Maybe you can also read up on PGP signatures, and realize that they 
are useful while winmail.dat is not.  There is probably a basic class 
somewhere you can take to get up to speed, or maybe hire someone who 
knows their way around how to use email to show you around.

(As for amulnick at microsoft.com, I'm sorry if Jim fed you a line of crap 
and if you trusted his word  & ate it.  Really.  I'm just a humble UNIX 
guy and even I figured out how to fix my Exchange server to not do this 
when I had one under my care.  Why this small problem has turned into 
such a big deal boggles the mind.)

--

C. Magnus Hedemark
http://trilug.org/~chrish
PGP Key fingerprint = 984D 9A88 3D60 016F BE01 1506 60FB 85E1 9ABD 96F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030626/c78407b2/attachment.pgp>

More information about the TriLUG mailing list