Re: [gentoo-dev] Delivery reports about your e-mail
On Wed, Aug 3, 2011 at 07:43, Michał Górny wrote: A good moderation would be to require PGP signatures as well but I guess many devs still don't do that. while ideal, but would be an annoyingly high barrier for less up-to-speed peeps, or for people using webmail -mike
Re: [gentoo-dev] Delivery reports about your e-mail
On Wed, 03 Aug 2011 07:27:23 +0200 Francisco Blas Izquierdo Riera (klondike) klond...@gentoo.org wrote: El 03/08/11 06:57, Robin H. Johnson escribió: On Wed, Aug 03, 2011 at 04:13:19AM +0200, Francisco Blas Izquierdo Riera (klondike) wrote: Come on they can't be serious... this won't work against Gentoo devs, will it? It is concerning that the spammer used a valid list subscriber. Crunching all attachments for validation or moderating everything to catch this is a lot of work. What about using an antispam filter reference for moderation. A properly configured antispam system should have detected a mail like that one as, at least, a possible virus. A good moderation would be to require PGP signatures as well but I guess many devs still don't do that. -- Best regards, Michał Górny signature.asc Description: PGP signature
Re: [gentoo-dev] Delivery reports about your e-mail
On Wed, Aug 3, 2011 at 7:43 AM, Michał Górny mgo...@gentoo.org wrote: On Wed, 03 Aug 2011 07:27:23 +0200 Francisco Blas Izquierdo Riera (klondike) klond...@gentoo.org wrote: El 03/08/11 06:57, Robin H. Johnson escribió: On Wed, Aug 03, 2011 at 04:13:19AM +0200, Francisco Blas Izquierdo Riera (klondike) wrote: Come on they can't be serious... this won't work against Gentoo devs, will it? It is concerning that the spammer used a valid list subscriber. Crunching all attachments for validation or moderating everything to catch this is a lot of work. What about using an antispam filter reference for moderation. A properly configured antispam system should have detected a mail like that one as, at least, a possible virus. A good moderation would be to require PGP signatures as well but I guess many devs still don't do that. This list is public, so not just developers need keys, but anyone who posts would need to sign their mails, and then put their public key on a keyserver, and then somehow let the mail server know where the public key is. lolwut? PS: Get decent spam fitlers ;) -A -- Best regards, Michał Górny
Re: [gentoo-dev] Delivery reports about your e-mail
El 03/08/11 03:31, c1p...@gentoo.org escribió: wi¹~BBº“‚ã°êØvܬ»\‡Š ôß(ÇW¨Ý‚é{Ò…Ä� ô2‡°¼ÛûÜîÙ‹–õ–~HwX~/؉ý†íE[¬£ÜœŸdd‰¶§ã±8ÒŠ6gîvs ã�X„òYFý5ù1çFØŸô L`Ce¤ÎA‘]²´e¼s§eµ©ùÍáÍmÉãZÄþ²cxZ:Õ•ƒÙFyÚ‘wû–a—š|×:¤b~ØüœÔ§X‰AQ¬bR\ž‡|ĉ3u±«Ÿ4æØ7‡˜øU\ö/°tÛnæKß¡^¸Åڌ٤ÚbT;3ºI7%$œÎÆc™Öšoåi ´òÆÞ²�{jdÆŠÍ9]‰¼)ŒÒµ†%ùÐJžQÜU™‰PÖÈÛ93°ö´‚*{vnEÝÝtý‚ª ‹º9¾tÎÂ3O)ØãÇÐ GTÆP?7YF³ËŠÞÛ†W.Kë{9uè·a#¨óëð[ä:Q5cõ $ñï†'I(œ~B÷0fô{íô¡iòâöÉiKYyرuÀ£:žO�«Ñ)ÒÃ5/ðJKDÒ™þ‚|ì�öóÝÀ0œQ–yPüdÏï‰ìºRg4X¨wVú«9,ëܲX‡¨�ëy(Ê« ÷ÀÝȪµ”OIH¨6? ’•‹)ú˜TCEò•mvƒôQ§Õ'ö)Äëpa^3ÓB,]iòZÑøq‘ý;�agvõn0GÍž{HUÍÁk˜^ˆ _·k©ÅdÒ´fÙÏM¯Y·9õŠÝßa[ ü×›¿ÁpØml –†Ž†F“Æ‚*ùêÔ_ǃEù¡Mt|·PdéfŸž^#£Ðצ‘ NÁ Ã8¿º4Ë4þÍÐ]ê6ð0ůÀÙÇ%é2òÔRrgg†6Û¤ :åf˱6RÂRgýwèÉ3÷_Gbp?¾ª™vŸO÷«áþ‘-‡8YW%…çΨ(™Ó¯��²ÖÁ¡B'�#µ$)ÕÚ4Tõ¤Æƒf20WeÇP*׎ï�µëc?/J»§•©ô™ÙºÁ�kñŒ_Ä•Ñ`Ⱦ:�ÊãíÚK¬b4ýK®fŽ�� A²Ï{ç£,¼�8W$øª…?à6îØÒª^/U ^~SöEʸÅô‡µ×$;ß4›RI_Uã·1¡åb{æ_†…:–{Gþ}û*8Á]¼c†œ™ôãvoGµËËb�ˆ¼d�²äå ñÍpÅ)ÍCF—×år,G²”ÒÜbSœÁÔü9NöÒ³!^.ÎÙ8~è�c)N«`CN“ýΑ%\ Œƒ£® Û3¨a$Ú9è•Í T±¬�vàÝfíH}ýˆY˜[Å°a›ö‘8f oÇÈf©ïBeÏ—vgPþùøתd�2„}U?׊)°Š“ÏÐœR·†±¥Å ®µÍ©#{Ç¥¨!-,Ö•�WkL7-¬/Ä5˜Dw75´Å^�úšÀ�D æbyÅs/«†SÃF£SŸØÂ`kãB{Û ÷í—oO\øC¼µÅUö/ÙKÙ�²Ž%hðÏý%Úó‚°�à,ÓúNnŒ;‚«hAtžé¡PÒYRó¨œ{ Come on they can't be serious... this won't work against Gentoo devs, will it? signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Delivery reports about your e-mail
On Wed, Aug 03, 2011 at 04:13:19AM +0200, Francisco Blas Izquierdo Riera (klondike) wrote: Come on they can't be serious... this won't work against Gentoo devs, will it? It is concerning that the spammer used a valid list subscriber. Crunching all attachments for validation or moderating everything to catch this is a lot of work. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
Re: [gentoo-dev] Delivery reports about your e-mail
El 03/08/11 06:57, Robin H. Johnson escribió: On Wed, Aug 03, 2011 at 04:13:19AM +0200, Francisco Blas Izquierdo Riera (klondike) wrote: Come on they can't be serious... this won't work against Gentoo devs, will it? It is concerning that the spammer used a valid list subscriber. Crunching all attachments for validation or moderating everything to catch this is a lot of work. What about using an antispam filter reference for moderation. A properly configured antispam system should have detected a mail like that one as, at least, a possible virus. signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Delivery reports about your e-mail
On Wed, Aug 03, 2011 at 07:27:23AM +0200, Francisco Blas Izquierdo Riera (klondike) wrote: El 03/08/11 06:57, Robin H. Johnson escribió: On Wed, Aug 03, 2011 at 04:13:19AM +0200, Francisco Blas Izquierdo Riera (klondike) wrote: Come on they can't be serious... this won't work against Gentoo devs, will it? It is concerning that the spammer used a valid list subscriber. Crunching all attachments for validation or moderating everything to catch this is a lot of work. What about using an antispam filter reference for moderation. A properly configured antispam system should have detected a mail like that one as, at least, a possible virus. Sure, infra has planned similar for a long time now, but there's not enough manpower for it, mainly in the part of working out and documenting all of the last 5 years of Postfix configuration cruft so that we can port it to something else, specifically qpsmtpd for the SMTP inbound (as there are a bunch of checks specific to lists we'd like to do at SMTP time). -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85