The CentOS team likes to offer an apology for the political spam mails which went through our mail servers earlier today.
Due to the nature of mailing list software for public discussion groups, there aren't that many security measures which can be taken to check which mails are supposed to get through and which mails aren't. Total safety can only be had by a moderation of all lists - and that is not where we want to go.
The spammer today faked the identity of a CentOS core developer and thus got through on all mailing lists.
That these mails also got through the moderated centos-announce list was an oversight in the configuration of that list which has been fixed now.
The CentOS team does not condone such behaviour and does not wish to support any political agenda through the mailing lists of the Project - in case you had wondered.
Regards,
Ralph Angenendt
On Thu, Jan 29, 2009, Ralph Angenendt wrote:
The CentOS team likes to offer an apology for the political spam mails which went through our mail servers earlier today.
Due to the nature of mailing list software for public discussion groups, there aren't that many security measures which can be taken to check which mails are supposed to get through and which mails aren't. Total safety can only be had by a moderation of all lists - and that is not where we want to go.
We have set up Mailman to use the Spamassassin spamd program to check incoming messages before any other tests are done.
This probably would not have done any good though for these messages as the were passed into my bulk mail folder here after our local Spamassassin checks so they had a score <= 4.00 which is my personal cutoff at which point they go into the spam folder.
The Mailman lists we host are all subscriber-only, as I believe the CentOS lists are, but this doesn't do any good if the sender trivially forges the Sender and/or From: headers.
Some spam is going to get through to a mailing list regardless of the anti-spam measures taken (I have accidentally approved spam that was forwarded to me for moderation). The only thing is to remember the short version of the Serenity Prayer -- ``sh*t happens''.
Bill
On Wed, 28 Jan 2009 17:07:44 -0800 Bill Campbell centos@celestial.com wrote:
Some spam is going to get through to a mailing list regardless of the anti-spam measures taken (I have accidentally approved spam that was forwarded to me for moderation). The only thing is to remember the short version of the Serenity Prayer -- ``sh*t happens''.
Or you can use my newly patented device:
Press the Delete key
On Wed, Jan 28, 2009, centos@911networks.com wrote:
On Wed, 28 Jan 2009 17:07:44 -0800 Bill Campbell centos@celestial.com wrote:
Some spam is going to get through to a mailing list regardless of the anti-spam measures taken (I have accidentally approved spam that was forwarded to me for moderation). The only thing is to remember the short version of the Serenity Prayer -- ``sh*t happens''.
Or you can use my newly patented device:
Press the Delete key
Actually I press the ``S'' key which is a mutt macro that saves the message in a Maildir folder which is then send to the Spamassassin sa-learn program to update my bayesian filters. I get lots of spam to my totally unfiltered role folders for mail to support, postmaster, and abuse, all of which goes to feed sa-learn.
Bill
-
Bill Campbell -
centos@911networks.com -
Ralph Angenendt