On Thu, Jan 29, 2009, Ralph Angenendt wrote:
The CentOS team likes to offer an apology for the political spam mails which went through our mail servers earlier today.
Due to the nature of mailing list software for public discussion groups, there aren't that many security measures which can be taken to check which mails are supposed to get through and which mails aren't. Total safety can only be had by a moderation of all lists - and that is not where we want to go.
We have set up Mailman to use the Spamassassin spamd program to check incoming messages before any other tests are done.
This probably would not have done any good though for these messages as the were passed into my bulk mail folder here after our local Spamassassin checks so they had a score <= 4.00 which is my personal cutoff at which point they go into the spam folder.
The Mailman lists we host are all subscriber-only, as I believe the CentOS lists are, but this doesn't do any good if the sender trivially forges the Sender and/or From: headers.
Some spam is going to get through to a mailing list regardless of the anti-spam measures taken (I have accidentally approved spam that was forwarded to me for moderation). The only thing is to remember the short version of the Serenity Prayer -- ``sh*t happens''.
Bill