Re: [Zope] Spam-Bounces
On 17 Jan 2006, at 11:37, Tino Wildenhain wrote: Hi, I'm getting bounces of messages sent to zope@zope.org with aparently large binary attachments. Luckily they are too big to get thru automatically. Looks like spammers are around and faking identities. Is it possible to enhance the list software to check gpg keys of posts? What exactly would that do? Would you want to force everyone to use gpg keys? Sounds just a bit unrealistic. jens ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
On 1/17/06, Tino Wildenhain [EMAIL PROTECTED] wrote: I'm getting bounces of messages sent to zope@zope.org with aparently large binary attachments. Luckily they are too big to get thru automatically. The bounces themselves are fake perhaps? Why would you get bounces otherwise; you are not the sender nor registered as a mailman admin for the list. -- Martijn Pieters ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
Jens Vagelpohl schrieb: ... What exactly would that do? Would you want to force everyone to use gpg keys? Sounds just a bit unrealistic. Yes, I feared it. After all it was just an idea. Alternatively the ability to register trusted MTAs with an address could help and would be completely transparent for those who dont care. I guess its a lot of work either and I dont know the internals of Mailman good enough. ++Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
Martijn Pieters schrieb: On 1/17/06, Tino Wildenhain [EMAIL PROTECTED] wrote: Alternatively the ability to register trusted MTAs with an address could help and would be completely transparent for those who dont care. Unfortunately the nature of open source communities around a domain name is such that locking down the number of IP addresses that are authorized to send @zope.org mail is a bad idea. Maybe not so much for the @zope.org domain right now; the problem is more prominent with @python.org for example, but in the future things can and will be different. Actually my idea was to register email:authoritative-MTA And if a user does ot register his MTA with his email address, the check just cant be done and the email is handled as usual. But if there is an entry for an address it could be checked and the email denied in the mail from: phase. ++Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
On 1/17/06, Tino Wildenhain [EMAIL PROTECTED] wrote: Alternatively the ability to register trusted MTAs with an address could help and would be completely transparent for those who dont care. Unfortunately the nature of open source communities around a domain name is such that locking down the number of IP addresses that are authorized to send @zope.org mail is a bad idea. Maybe not so much for the @zope.org domain right now; the problem is more prominent with @python.org for example, but in the future things can and will be different. -- Martijn Pieters ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
IIRC, all of the zope mailing lists only accept mail from subscribers - so these are likely just someone spoofing the sender address. No reason to try and handle this on the list server side IMNSHO. Andrew On Tue, 2006-01-17 at 12:37 +0100, Tino Wildenhain wrote: Hi, I'm getting bounces of messages sent to zope@zope.org with aparently large binary attachments. Luckily they are too big to get thru automatically. Looks like spammers are around and faking identities. Is it possible to enhance the list software to check gpg keys of posts? Just an idea... ++Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
Andrew Sawyers schrieb: IIRC, all of the zope mailing lists only accept mail from subscribers - so these are likely just someone spoofing the sender address. No reason to try and handle this on the list server side IMNSHO. Of course they are. Thats the whole point :-) On which side do you think it can be handled instead? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
I'm a little confused, if that's the whole point, not sure what the point is. Perhaps I jumped the gun by replying :). I guess I would setup a local procmail rule or posfix rule to not accept mail with these attachments? If the mail is not going through the zope mailservers, I'm not sure how one would logically deal with this spoofing problem? One options is enforcing this with SPF records - we could get Mark to set this up on the zope.org side perhaps? Andrew On Tue, 2006-01-17 at 15:39 +0100, Tino Wildenhain wrote: Andrew Sawyers schrieb: IIRC, all of the zope mailing lists only accept mail from subscribers - so these are likely just someone spoofing the sender address. No reason to try and handle this on the list server side IMNSHO. Of course they are. Thats the whole point :-) On which side do you think it can be handled instead? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Spam-Bounces
Andrew Sawyers schrieb: I'm a little confused, if that's the whole point, not sure what the point is. Perhaps I jumped the gun by replying :). I guess I would setup a local procmail rule or posfix rule to not accept mail with these attachments? If the mail is not going through the zope mailservers, I'm not sure how one would logically deal with this spoofing problem? One options is enforcing this with SPF records - we could get Mark to set this up on the zope.org side perhaps? Well I certainly cannot setup procmail rules on every list members host ;) I cannot prevent somebody to send to the list faking my sender. But the idea was to enable the list manager soft to filter that if the member wants it. As long as there are large attachments, the bounce happens anyway but what if the spammers go below 100kb so the attachment rule isnt triggered anymore? ++Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
