cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roger I Martin PhD" <hypernex...@hypernexinc.com>
Subject Re: E-mail account disabling warning.
Date Wed, 03 Mar 2004 21:52:31 GMT
Is there any digital signer anyone recommends? What is the procedure?  Can
it be set automatic or is it something to remember and do
everytime? -Thanks.
----- Original Message ----- 
From: "Stefano Mazzocchi" <stefano@apache.org>
To: <dev@cocoon.apache.org>
Cc: <apmail@apache.org>
Sent: Wednesday, March 03, 2004 4:24 PM
Subject: Re: E-mail account disabling warning.


> Steven Noels wrote:
>
> > On 03 Mar 2004, at 17:23, Brian Behlendorf wrote:
> >
> >> On Wed, 3 Mar 2004, Sam Ruby wrote:
> >>
> >>> Neither.  This email contained:
> >>>
> >>> Return-Path: <andrew@luminas.co.uk>
> >>> From: support@apache.org
> >>>
> >>> ... neither of which is subscribed to dev@cocoon.apache.org.
> >>>
> >>>  From what I have read, ezmlm uses a separate SMTP 'SENDER' field,
which
> >>> isn't retained in the archive.  My bets are that this field contained
> >>> the value savs@luminas.co.uk.
> >>
> >>
> >> No.  Return-Path does capture the email address used by ezmlm to figure
> >> out if and when to send. As it turns out, "andrew@luminas.co.uk" is
able
> >> to post as he's in the "allow" database for that list.
> >
> >
> > That's what I was afraid of, since I happened to know Andrew uses *both*
> > addresses (or has been using them), at the very least in private mails
> > sent to me.
> >
> > How can we defend ourselves from bots spamming the lists using
> > subscribed or allowed addresses...?
>
> the only way is to require everybody to sign their email. But enforcing
> this would be a serious PITA.
>
> > Or do we need to actively
> > monitor/clean up stale entries in the allow list?
>
> this doesn't really reduce the problem.
>
> -- 
> Stefano.
>
>



Mime
View raw message