cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Noels <stev...@outerthought.org>
Subject Re: E-mail account disabling warning.
Date Wed, 03 Mar 2004 19:12:13 GMT
On 03 Mar 2004, at 17:23, Brian Behlendorf wrote:

> On Wed, 3 Mar 2004, Sam Ruby wrote:
>> Neither.  This email contained:
>>
>> Return-Path: <andrew@luminas.co.uk>
>> From: support@apache.org
>>
>> ... neither of which is subscribed to dev@cocoon.apache.org.
>>
>>  From what I have read, ezmlm uses a separate SMTP 'SENDER' field, 
>> which
>> isn't retained in the archive.  My bets are that this field contained
>> the value savs@luminas.co.uk.
>
> No.  Return-Path does capture the email address used by ezmlm to figure
> out if and when to send. As it turns out, "andrew@luminas.co.uk" is 
> able
> to post as he's in the "allow" database for that list.

That's what I was afraid of, since I happened to know Andrew uses 
*both* addresses (or has been using them), at the very least in private 
mails sent to me.

How can we defend ourselves from bots spamming the lists using 
subscribed or allowed addresses...? Or do we need to actively 
monitor/clean up stale entries in the allow list?

</Steven>
-- 
Steven Noels                            http://outerthought.org/
Outerthought - Open Source Java & XML            An Orixo Member
Read my weblog at            http://blogs.cocoondev.org/stevenn/
stevenn at outerthought.org                stevenn at apache.org


Mime
View raw message