Ralph Angenendt
2009-Jan-29 00:07 UTC
[CentOS] Political Spam sent through several CentOS mailing lists
The CentOS team likes to offer an apology for the political spam mails which went through our mail servers earlier today. Due to the nature of mailing list software for public discussion groups, there aren't that many security measures which can be taken to check which mails are supposed to get through and which mails aren't. Total safety can only be had by a moderation of all lists - and that is not where we want to go. The spammer today faked the identity of a CentOS core developer and thus got through on all mailing lists. That these mails also got through the moderated centos-announce list was an oversight in the configuration of that list which has been fixed now. The CentOS team does not condone such behaviour and does not wish to support any political agenda through the mailing lists of the Project - in case you had wondered. Regards, Ralph Angenendt -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090129/d3c6480e/attachment-0003.sig>
Bill Campbell
2009-Jan-29 01:07 UTC
[CentOS] Political Spam sent through several CentOS mailing lists
On Thu, Jan 29, 2009, Ralph Angenendt wrote:>The CentOS team likes to offer an apology for the political spam mails >which went through our mail servers earlier today. > >Due to the nature of mailing list software for public discussion groups, >there aren't that many security measures which can be taken to check which >mails are supposed to get through and which mails aren't. Total safety can >only be had by a moderation of all lists - and that is not where we want >to go.We have set up Mailman to use the Spamassassin spamd program to check incoming messages before any other tests are done. This probably would not have done any good though for these messages as the were passed into my bulk mail folder here after our local Spamassassin checks so they had a score <= 4.00 which is my personal cutoff at which point they go into the spam folder. The Mailman lists we host are all subscriber-only, as I believe the CentOS lists are, but this doesn't do any good if the sender trivially forges the Sender and/or From: headers. Some spam is going to get through to a mailing list regardless of the anti-spam measures taken (I have accidentally approved spam that was forwarded to me for moderation). The only thing is to remember the short version of the Serenity Prayer -- ``sh*t happens''. Bill -- INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 If you want government to intervene domestically, you're a liberal. If you want government to intervene overseas, you're a conservative. If you want government to intervene everywhere, you're a moderate. If you don't want government to intervene anywhere, you're an extremist -- Joseph Sobran