Tom Dickson (bombcar@bombcar.com) wrote:> >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Here is the issue, and why the Samba list is basically unable to do >anything: > >If you send a message to the Samba list, it gets resent to everyone on >the list. This message will contain a FROM: line, showing an email address.Which should be <samba@lists.samba.org> like the other mailing lists do.> > Snip some good stuff.Bob -- Assured Computing When you need to be sure. bob@assuredcomp.com www.assuredcomp.com Voice - 541-868-0331 FAX - 541-463-1627 Eugene, Oregon
But there's no way for it to filter the data server-side, so my server account still fills up, I still have to deal with the large transfers for each mail, etc. That's not a solution, it's barely a fix. Terry -----Original Message----- From: Tom Dickson <bombcar@bombcar.com> Sent: Oct 15, 2003 6:27 AM To: Samba Mailing List <samba@lists.samba.org> Subject: Re: [OT] [Samba] SPAM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is the issue, and why the Samba list is basically unable to do anything: If you send a message to the Samba list, it gets resent to everyone on the list. This message will contain a FROM: line, showing an email address. There are people on this list who have virus ridden machines. They get your message, and the virus reads the FROM: line, and sends off a virus to you. The virus goes directly to you; not through the Samba list. The only solution is to completely destroy the FROM and REPLY lines in all your emails; an ugly solution. If you really don't like the virus spam, may I recommend www.mozilla.com ? It's mail filtering works great for me, and all my little virus splats go right into the junk folder. If you really really insist on using Microsoft software and don't want to ever see a virus spam, then post to the group from a one-time hotmail account, and read the replies in the list archives. (http://lists.samba.org) Note that the list archive very rarely has any of this virus spam in it. The only other solution is to LART every clueless user out there; but this is unlikely to work: sysadmins have been trying for 20 years with no results. - -Tom beers@xs4all.nl wrote: |>>-----Original Message----- |>>From: Ray Simard [mailto:ray.simard@sylvan-glade.com] |> |>>The most effective step to reduce this is to restrict posting to |>>subscribed list members. | | | This will stop spammers sending to list, but also will hurt people | incidently asking questions, without being subscribed. Depending on | policy. The occasional spam arriving via the list is neligable as compared | to my daily dose of 300+ spams. It will hurt people using the archive as a | means to see replies w/o being subscribed. Hurt much, effect little. | | |>I've never seen a virus arrive *through* the list. I think what people |>are |>complaining about is viruses being sent to them directly. | | | yeah, the complaint is: when subscribing to SAMBA, the email adres used | will get spam and virusses at once. Quite possibly by the publication of | the list onto usenet with the real adres still visible. The spam is | understandeble, the virusses also, since the introduction of spamming | virusses. | | The resolution could be to block the email addy from the senders to the | list, when forwarding, but this would hamper ligitimate usage, such as | replying to sender. (perhaps the follow up discussion isnt SAMBA related) | | This is of course totally upto the VOLUNTEERS running this list, if you do | not like it, feel free to start a SAMBASTOPSPAM list orso. | | Threatening to sue VOLUNTEERS over such a silly thing will get you the | mocking of every Dutchmen I know, and leads me to believe the complainer | was pissed, and should get sober, or the complainer is an American Layer. | I hope the former, I think the latter. Or he plays one on the internet | anyways. | | If the complainer was to post onto usenet, and subsequently would get a | spammie, who would he then sue? Al Gore? | | Last but not least, can everybody on this list please reply to this spam | discussion, my mailbox isnt yet full, and this list is like, low on | traffic. | | Richard van Beers -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jS8qRliD/69byygRAnpwAJ96NBKBCIlrmqPt8zoVtukOARfZzgCdG8LP eY1c47W00UFD7U5JMWgMBmk=qe3J -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
I've been watching this thread with amusement. On one side, I see people with calm collected reasoning explaining how email works, how lists work, etc. and on the other side, I see rash, overzealous people who A.) don't want to admit that they have been doing something that most intelligent users know they shouldn't (use a critical email address for list subscriptions) regardless of past success of failure (Russian roulette is a fun game, until you win . . .), and B.) seem to want to yell at someone other than themselves to vent their frustration at winning the roulette game. I also run my own mail server with antiviral filtering on it, and can look up the daily virus volume if anyone is interested. I have a strong understanding of how these email worms (technically, these are worms, not viruses) work and can pretty much guarantee that the Swen worm (the one currently blasting email addresses) does NOT read newsgroups looking for email addresses. Outlook, however, will add email addresses from newsgroup postings to the address book (depending on configuration). The worm will then post itself to any news servers configured on the infected computer, email itself to every email address it finds in the address book and inbox (and probably other email folders) on the computer, and send itself to any IRC contacts stored on the computer. If the worm finds Kazaa installed, it will send itself out through Kazaa as well. It will also search all mapped network drives for Windows Startup folders and drops a copy of itself in any startup folders it finds. It will also try to trick the user into supplying login information for the user's email account. If it succeeds, it will scan the inbox for additional email addresses and delete any copies of itself that it sent. This information is not needed for propagation since the worm has its own SMTP engine (mail server, for those who don't recognize the correct terms) and will have already sent out at least one copy of itself to every email address it found. Changes to the way this list is handled would reduce the usability of this list. I, for one, would rather delete 1000+ copies of a virus a day for a few months (the average life cycle of these worms) than reduce the usability of such a useful list (usefulness is subjective, if you consider the price too high, don't use it) by any degree. Also, I have examined the headers of several of the copies of the Swen worm and not one of them has originated from the IP's of the samba.org servers. This, admittedly, is not a perfect test as there have been far more copies than I have actually looked at, though so far, all of the copies I have examined have come from dynamic IP ranges (generally, dialup or home broadband), not through regular servers. It would seem then, that the list itself is safe, and only by damaging usability could we reduce (reduce, mind, not eliminate) this temporary inconvenience. Sounds rather like cutting off my nose to spite my face, not a course of action I would recommend. :) Just my (rather stretched) two cents. Erik Soderquist <snip>
Additional note: I like the idea of using a Hotmail account for lists, the rampant propagation of email worms is the fault of poor design by Microsoft, let Microsoft deal with the wasted bandwidth. I don't have to view/download any emails I don't want to on hotmail. :) my two more cents? Erik Soderquist
Maybe Matching Threads
- Swen virus and spam appears to be coming from Samba list
- How to tell if option "with-acl-support" is compiledinSolaris smbd?
- Re: samba Digest, Vol 9, Issue 41
- can I use CentOS as a antivirus / spam filter / HTTP AV gateway?
- subcripts on data frames (PR#9885)