Re: Close list
This useless thread generated more traffic than I've seen in spam in the last couple of months. (And if you add the traffic from the last couple of times we had this *same discussion*...) I'd like to propose that we blacklist people who propose solutions to deal with non-existant spam problems on debian lists. -- Mike Stone
Re: Close list
[EMAIL PROTECTED] (Hamish Moffatt) wrote on 25.12.00 in [EMAIL PROTECTED]: On Sat, Dec 23, 2000 at 08:43:51PM -0500, Joseph Carter wrote: I have a comment: NO WAY IN HELL. The day that we start rejecting DUL posts is the day that several people leave the project, me included. How many ISPs these days route mail worth a damn? :-) Joseph you make it too easy. You never did tell us why you can't arrange a proper smarthost, such as a debian.org machine with an ssh tunnel. Just tested that. ssh to master, telnet to localhost smtp, it was quite willing to relay mail with a non-local envelope. (And left enough clues in the header to track who did that just in case it ever becomes necessary.) Now if someone was to send much mail that way, I expect checking with the admins in advance might be a good idea, but for low volume (and for contents where the association with Debian in the mail headers won't be a problem) this seems like an easy way to do it. For automated usage, I expect one would prefer something like netcat to telnet, though :-) MfG Kai
Re: Close list
[EMAIL PROTECTED] (Miles Bader) wrote on 24.12.00 in [EMAIL PROTECTED]: Hamish Moffatt [EMAIL PROTECTED] writes: flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war GNU mailing lists (supposedly) use RBL, but in a mode where `spam' isn't deleted, but rather just gets a header added saying `this message is considered suspicious'. That allows individual recipients to do as they see fit. Yes, they use Exim on Debian to do that. I recently investigated a filtered-out mail from some GNU mailing list at work and noticed that it had gone through maybe half a dozen systems, every single one running Exim on Debian (it got the header because it was sent directly from a dialup). Currently I ignore these headers for mailing lists since I've had several mailing lists temporarily come from hosts listed in one of these things. The most embarassing case was the list working on the next release of the mail standards (RFC 821/822); the mailing list host (an uni) was a wide- open relay for months (We need that for our faculty or some such nonsense). MfG Kai
Re: Close list
On Tue, Dec 26, 2000 at 11:36:00AM +0200, Kai Henningsen wrote: Just tested that. ssh to master, telnet to localhost smtp, it was quite willing to relay mail with a non-local envelope. (And left enough clues in the header to track who did that just in case it ever becomes necessary.) Now if someone was to send much mail that way, I expect checking with the admins in advance might be a good idea, but for low volume (and for contents where the association with Debian in the mail headers won't be a problem) this seems like an easy way to do it. For automated usage, I expect one would prefer something like netcat to telnet, though :-) Or better, ssh port forwarding. Simpler, more reliable, and encryption as a bonus. ssh -L localport:localhost:25 somewhere.debian.org sleep a_while and while ssh is connected, connect to localport on the client side to be forwarded to port 25 on localhost at the server side. -- - mdz
Re: Close list
Here is a (somewhat?) constructive idea regarding the spam. i would like to point everyone to sugarplum: (http://www.devin.com/sugarplum/) quote from README file: sugarplum is a spam-bot database poisoner utility. The specific usage of a spam poisoner is to provide a spammer's email spider with bad data -- ideally lowering the database's usefulness so much that the database must be reverted, discarded or manually edited. while this will not stop directed spam, nor remove the lists from databases it is already in, it might just decrease it's entrance to new databases, and/or protect list users from having their email addresses being harvested. yes, i know it's not much, but it's something alright. serious commentary welcome. flames will be forwarded to /dev/null. Coutal -- .sig file pending Cheers Cout
Re: Close list
Here is a (somewhat?) constructive idea regarding the spam. i would like to point everyone to sugarplum: (http://www.devin.com/sugarplum/) quote from README file: [snip]ac I'd suggest putting a lot of IFRAME tag which include the document generated by sugerplum which occuplies only a minimal space, but the drawback is that loading time would be much much larger. -- Cagito, ego sum.
Re: Close list
On Sun, Dec 24, 2000 at 12:10:29PM +0200, Gil Bahat wrote: Here is a (somewhat?) constructive idea regarding the spam. i would like to point everyone to sugarplum: (http://www.devin.com/sugarplum/) quote from README file: Cool program! Might be a good way to discourage spammers from harvesting the Debian mailing list archives and BTS. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Close list
On Sat, Dec 23, 2000 at 08:43:51PM -0500, Joseph Carter wrote: I have a comment: NO WAY IN HELL. The day that we start rejecting DUL posts is the day that several people leave the project, me included. How many ISPs these days route mail worth a damn? :-) Joseph you make it too easy. You never did tell us why you can't arrange a proper smarthost, such as a debian.org machine with an ssh tunnel. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Close list
On Sun, Dec 24, 2000 at 10:18:55AM +0900, Miles Bader wrote: flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war GNU mailing lists (supposedly) use RBL, but in a mode where `spam' isn't deleted, but rather just gets a header added saying `this message is considered suspicious'. That allows individual recipients to do as they see fit. That seems like it would be useful, and I fail to see how anyone could object to it... It has been said in a related thread on a mailing list that shall not be named :) that making a DNS lookup for hosts carrying the blacklists on each delivery would slow it down. It has also been said that this isn't hard to work around, though. FWIW I like the X-RBL-Warning headers. -- Digital Electronic Being Intended for Assassination and Nullification
Re: Close list
On Sun, Dec 24, 2000 at 05:53:36PM +0100, Josip Rodin wrote: It has been said in a related thread on a mailing list that shall not be named :) that making a DNS lookup for hosts carrying the blacklists on each delivery would slow it down. It has also been said that this isn't hard to work around, though. It's not generally that bad - generally not even noticable when compared to all the other delays one is likely to encounter. FWIW I like the X-RBL-Warning headers. Spam to the Debian mailing lists tends to be especially annoying since the spammers always seem to hit each and every mailing list (or at least, a large number of them), which makes each spam much more noticable. -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/
Re: Close list
On Sun, Dec 24, 2000 at 09:13:36PM +, Mark Brown wrote: Spam to the Debian mailing lists tends to be especially annoying since the spammers always seem to hit each and every mailing list (or at least, a large number of them), which makes each spam much more noticable. Oh yeah. If only there was some way of automatic killing of such spams, sent to more than X (say, 5) mailing lists... something that would remember the last X-1 mails from the same domain name (or whatever) and kill off the remaining attempts. -- Digital Electronic Being Intended for Assassination and Nullification
Re: Close list
On Sun, Dec 24, 2000 at 10:38:50PM +0100, Josip Rodin wrote: Oh yeah. If only there was some way of automatic killing of such spams, sent to more than X (say, 5) mailing lists... something that would remember the last X-1 mails from the same domain name (or whatever) and kill off the remaining attempts. Without killing all the messages crossposted to all the port lists (andu usually one or two others). :-) -- Mark Brown mailto:[EMAIL PROTECTED] (Trying to avoid grumpiness) http://www.tardis.ed.ac.uk/~broonie/ EUFShttp://www.eusa.ed.ac.uk/societies/filmsoc/
Re: Close list
On 12/24/2000 13:13, Mark Brown at [EMAIL PROTECTED] wrote: Spam to the Debian mailing lists tends to be especially annoying since the spammers always seem to hit each and every mailing list (or at least, a large number of them), which makes each spam much more noticable. The GIMP-user and GIMP-Dev lists suffer the same problem. I've seen very little SPAM on the Debian lists I'm on, but the GIMP lists see it all the time which is annoying! Anyway.. -- Carl B. Constantine ([EMAIL PROTECTED])Phone: 250.953.2650 Open Source Solutions Inc. Fax: 250.953.2659 4252 Commerce Circle, Victoria, BC. V8Z 4M2 http://www.os-s.com/ I feel like a genocidal maniac when emacs asks me if I want to kill 10789 characters.
Re: Close list
On Fri, Dec 22, 2000 at 07:52:21PM -0800, Carl B. Constantine wrote: No one should be allowed to post to ANY mail list that is NOT subscribed to that list! It's pretty common place on these lists, so I don't think we're about to stop it. Sorry. flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Close list
On 12/23/2000 15:10, Hamish Moffatt at [EMAIL PROTECTED] wrote: flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war I think that would be a good compromise position. Any chance we can implement that at least? It would go a long way to accomplish both goals: disallow spammers allow posts from outside those subscribed Comments? -- Carl B. Constantine ([EMAIL PROTECTED])Phone: 250.953.2650 Open Source Solutions Inc. Fax: 250.953.2659 4252 Commerce Circle, Victoria, BC. V8Z 4M2 http://www.os-s.com/ I feel like a genocidal maniac when emacs asks me if I want to kill 10789 characters.
Re: Close list
Quoting Carl B. Constantine ([EMAIL PROTECTED]): flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war disallow spammers allow posts from outside those subscribed We already allow spammers: The Debian Linux mailing lists accept commercial advertising for payment. We offer a fee waiver if you can show us the canceled check for a $1000 (U.S.) or more donation to Software in the Public Interest (SPI). One donation per advertisement, please. If you don't wish to donate, simply post your advertisement to the list, and the operator of the mailing lists will bill you $1999 (U.S). The list operator will donate this amount, minus the expense of collecting it, to SPI. As someone in an earlier thread 'challenged' me, i wouldn't mind taking care of this for the Debian mailing lists i'm on. I am not a listmaster, so I don't know if i'm allowed to do the billing 'n' stuff. I still think it's a better idea to 'filter' the spam by a closed list, and a couple of people who moderate off-the-list messages, but according to the amount of commentary i recieved back on that, people seem to disagree with it :) Is it a good idea if i do this ? Can i do this ? Can i do this while not being in the US (as most spammers seem to be from the US) ? What do we do with non-paying spammers ? Greets, Robert -- | [EMAIL PROTECTED] - Cistron Internet Services - www.cistron.nl| | php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security | | My statements are mine, and not necessarily cistron's. | Reality is a cop-out for people who can't handle drugs.
Re: Close list
Hamish Moffatt [EMAIL PROTECTED] writes: flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war GNU mailing lists (supposedly) use RBL, but in a mode where `spam' isn't deleted, but rather just gets a header added saying `this message is considered suspicious'. That allows individual recipients to do as they see fit. That seems like it would be useful, and I fail to see how anyone could object to it... -Miles -- Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come. --Nietzsche
Re: Close list
On Sun, Dec 24, 2000 at 10:18:55AM +0900, Miles Bader wrote: Hamish Moffatt [EMAIL PROTECTED] writes: flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war GNU mailing lists (supposedly) use RBL, but in a mode where `spam' isn't deleted, but rather just gets a header added saying `this message is considered suspicious'. That allows individual recipients to do as they see fit. That seems like it would be useful, and I fail to see how anyone could object to it... I agree. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Close list
On Sat, Dec 23, 2000 at 04:02:34PM -0800, Carl B. Constantine wrote: flame war Now maybe if we were using the RBL, DUL, and RSS lists... :-) /flame war I think that would be a good compromise position. Any chance we can implement that at least? It would go a long way to accomplish both goals: disallow spammers allow posts from outside those subscribed Comments? I have a comment: NO WAY IN HELL. The day that we start rejecting DUL posts is the day that several people leave the project, me included. How many ISPs these days route mail worth a damn? The RBL is a reasonable list and is a last resort anyway. RSS is a concern, but I would accept it if the majority of people felt it was necessary. The DUL is just going to hurt Debian. I'm still on at least one mailing list that I _CANNOT_ even unsub from because mail is filtered before it ever gets to the requester. Needless to say, I have considered taking drastic action regarding this stupidity. For the record, I'm talking about the GGI Project's ggi-develop list, which I used to follow. -- Joseph Carter [EMAIL PROTECTED] GnuPG key 1024D/DCF9DAB3 Debian GNU/Linux (http://www.debian.org/) 20F6 2261 F185 7A3E 79FC The QuakeForge Project (http://quakeforge.net/) 44F9 8FF7 D7A3 DCF9 DAB3 There is no snooze button on a cat who wants breakfast.
Re: Close list
Carl B. Constantine wrote: I'm getting tired of getting spam through mail lists I subscribe to that have an open post policy. Can we please close the debian-devel and other such lists that should be closed. I don't think trademark domains is doing anything for debian development. This is ill-advised proposal #403021; check the list archives for flamewar #403021b; the conclusion is always: no. -- see shy jo
Re: Close list
Carl B. Constantine [EMAIL PROTECTED] writes: I'm getting tired of getting spam through mail lists I subscribe to that have an open post policy. Can we please close the debian-devel and other such lists that should be closed. I don't think trademark domains is doing anything for debian development. Before you go starting another flame war, did you go back and look through the list history for 'closed list' et similae? Maybe you could do that, and respond to the concerns raised in *those* flame wars... -- David N. Welton Personal: http://www.efn.org/~davidw/ Free Software: http://people.debian.org/~davidw/ Apache Tcl: http://tcl.apache.org
Re: Close list
Carl B. Constantine [EMAIL PROTECTED] writes: I'm getting tired of getting spam through mail lists I subscribe to that have an open post policy. Can we please close the debian-devel and other such lists that should be closed. I don't think trademark domains is doing anything for debian development. No, lets not. Right now I'm subscribed to debian-devel, but often in the past I've read it occasionally in the archives, and sent mail as I thought appropriate. I know there are other people who do this. The fact is that the spam level on debian-devel right now is in the noise (it's certainly exceeded by the volume of pointless and/or downright stupid posts). -Miles -- Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come. --Nietzsche
Re: Close list
On 12/22/2000 19:44, Miles Bader at [EMAIL PROTECTED] wrote: No, lets not. Right now I'm subscribed to debian-devel, but often in the past I've read it occasionally in the archives, and sent mail as I thought appropriate. I know there are other people who do this. The fact is that the spam level on debian-devel right now is in the noise (it's certainly exceeded by the volume of pointless and/or downright stupid posts). Yo ppl, it's not hard to archive a closed list, most list software supports archive directly. Sheesh! You make it sound like it's the end of the world for crying out loud. Give me a break! No one should be allowed to post to ANY mail list that is NOT subscribed to that list! all we need is for more idiot spammers to harvest the address and spam ad infinitum. Then maybe you'll change your minds. *sigh* Back to regularly scheduled Debian/woody discussion. -- Carl B. Constantine ([EMAIL PROTECTED])Phone: 250.953.2650 Open Source Solutions Inc. Fax: 250.953.2659 4252 Commerce Circle, Victoria, BC. V8Z 4M2 http://www.os-s.com/ I feel like a genocidal maniac when emacs asks me if I want to kill 10789 characters.
Re: Close list
Carl B. Constantine [EMAIL PROTECTED] writes: Yo ppl, it's not hard to archive a closed list, most list software supports archive directly. Sheesh! You make it sound like it's the end of the world for crying out loud. Give me a break! I was complaining about not being able to post to the list when I wasn't subscribed. No one should be allowed to post to ANY mail list that is NOT subscribed to that list! Why? all we need is for more idiot spammers to harvest the address and spam ad infinitum. Then maybe you'll change your minds. Well, so far this hasn't happened. Until it _does_ happen, there's absolutely no reason to restrict posting to the list. -Miles -- Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come. --Nietzsche
Re: Close list
This discussion is being taken off list to avoid yet another flame war (not my intention to start another flamewar). -- Carl B. Constantine ([EMAIL PROTECTED])Phone: 250.953.2650 Open Source Solutions Inc. Fax: 250.953.2659 4252 Commerce Circle, Victoria, BC. V8Z 4M2 http://www.os-s.com/ I feel like a genocidal maniac when emacs asks me if I want to kill 10789 characters.