Re: [exim-dev] Administriva: Bugzilla spam

2016-11-25 Thread Phil Pennock 
On 2016-11-24 at 22:33 +, Nigel Metheringham wrote:
> We have had a few cases of someone deciding to spam bugzilla with spammy
> content bug reports.  Bugzilla is not very good at defending against
> these, and unfortunately Bugzilla feeds into the exim-dev list.
> 
> I have put some additional measures in place to block this, stripped the
> spam bugs, and removed the trust between the exim-dev list and bugzilla.

I didn't check here before responding to mail from maintainers and so in
addition to Nigel's actions: account creation in the Exim Bugzilla is
currently disabled.

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] Administriva: Bugzilla spam

2016-11-25 Thread Heiko Schlittermann 
Nigel Metheringham  (Fr 25 Nov 2016 11:44:55 CET):
> Sorry, I obviously wasn't being clear (then again, in hurry).
Thank you for the clarification. And the changes.
-- 
Heiko


signature.asc
Description: Digital signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] Administriva: Bugzilla spam

2016-11-25 Thread Nigel Metheringham 
Sorry, I obviously wasn't being clear (then again, in hurry).

Bugzilla sends its notification email to the exim-dev list, and got a
free pass on incoming filtering so that everything gets auto-approved
into the list.  I have removed the config that just let stuff through,
so it will now go through the moderation queue into the mail list.

That pushes some work back on to the moderators - myself and a few
others - but stops us firing spam out on the list.

I have made no changes to other email interfaces to bugzilla, although I
am not sure how well they were working.

Nigel.

> Heiko Schlittermann 
> 24 November 2016 at 22:44
>
> How should I understand this? Replies to bug report mails (originated
> from bugzilla) do not go into bugzilla anymore?
>
> (If I understood Jeremy right, the Spam came via form submissions, not
> via mail.)
>

-- 

[ Nigel Metheringham -- ni...@dotdot.it ] 
[ Ellipsis Intangible Technologies  ]
 


-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Re: [exim-dev] Administriva: Bugzilla spam

2016-11-24 Thread Heiko Schlittermann 
Nigel Metheringham  (Do 24 Nov 2016 23:33:08 CET):
> We have had a few cases of someone deciding to spam bugzilla with spammy
> content bug reports.  Bugzilla is not very good at defending against
> these, and unfortunately Bugzilla feeds into the exim-dev list.
> 
> I have put some additional measures in place to block this, stripped the
> spam bugs, and removed the trust between the exim-dev list and bugzilla.

How should I understand this?  Replies to bug report mails (originated
from bugzilla) do not go into bugzilla anymore?

(If I understood Jeremy right, the Spam came via form submissions, not
via mail.)

-- 
Heiko


signature.asc
Description: Digital signature
-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

[exim-dev] Administriva: Bugzilla spam

2016-11-24 Thread Nigel Metheringham 
We have had a few cases of someone deciding to spam bugzilla with spammy
content bug reports.  Bugzilla is not very good at defending against
these, and unfortunately Bugzilla feeds into the exim-dev list.

I have put some additional measures in place to block this, stripped the
spam bugs, and removed the trust between the exim-dev list and bugzilla.

Nigel.

-- 

[ Nigel Metheringham -- ni...@dotdot.it ] 
[ Ellipsis Intangible Technologies  ]
 



-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##