cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: E-mail account disabling warning.
Date Wed, 03 Mar 2004 21:24:46 GMT
Steven Noels wrote:

> On 03 Mar 2004, at 17:23, Brian Behlendorf wrote:
> 
>> On Wed, 3 Mar 2004, Sam Ruby wrote:
>>
>>> Neither.  This email contained:
>>>
>>> Return-Path: <andrew@luminas.co.uk>
>>> From: support@apache.org
>>>
>>> ... neither of which is subscribed to dev@cocoon.apache.org.
>>>
>>>  From what I have read, ezmlm uses a separate SMTP 'SENDER' field, which
>>> isn't retained in the archive.  My bets are that this field contained
>>> the value savs@luminas.co.uk.
>>
>>
>> No.  Return-Path does capture the email address used by ezmlm to figure
>> out if and when to send. As it turns out, "andrew@luminas.co.uk" is able
>> to post as he's in the "allow" database for that list.
> 
> 
> That's what I was afraid of, since I happened to know Andrew uses *both* 
> addresses (or has been using them), at the very least in private mails 
> sent to me.
> 
> How can we defend ourselves from bots spamming the lists using 
> subscribed or allowed addresses...? 

the only way is to require everybody to sign their email. But enforcing 
this would be a serious PITA.

> Or do we need to actively 
> monitor/clean up stale entries in the allow list?

this doesn't really reduce the problem.

-- 
Stefano.


Mime
View raw message