[openssl-users] Spam

Johann v. Preußen jvp at forthepolls.org
Wed Apr 20 00:55:58 UTC 2016 

i have posted my thoughts on unacceptable list access previously and it sank to 
the level of a frequent poster denigrating other users since they took exception 
to his self-professed role of protecting list admins in order "to avoid the list 
admins following bad advice from people" who might have differing opinions from 
his own. hopefully, that will not happen here.

in re the recent Brazilian Portuguese (note the 'R$' symbol for ISO BRL rather 
than Euro) spam: what was wrong with that posting that should have been caught:

  * the IP of origin 52.165.41.104 is an MS delegation without rDNS and --
    obviously -- no SPF/TXT RR and
  * the claimed domain 'cloudapp.net' does not exist in whois (not a 100%
    indication of non-existence) or DNS (a 100% 'reject' indicator).

i have not used mailman for some time, but these two (2) simple errors would 
have been blocked by normal 'postscreen' checks and should never have gotten as 
far as mailman in any case. checking the EHLO format is in the µs range and a 
DNS check should take < 100ms. thus, these types of errors could be quickly and 
easily eliminated with a '521' without any RBL or list-serve processing at all.

the wider problem case is how non-subscribers are given two-way access to the 
list that exposes so much subscriber info (name, professional affiliation, email 
addr, ...) to whomever. i cannot fathom why the list does not make use of 
aliases so that each subscriber can control what they want to make public via 
their alias profile.

Thank you,

Johann v. Preußen


On 2016.Apr.19 16:40, Oliver Niebuhr wrote:
> Am 20.04.2016 um 01:05 schrieb Scott Neugroschl:
>> Can the spam filters on the listserv be updated?   Got two today in
>> Spanish and Portuguese for monetary scams.  Anyone else getting these?
>>
>>   
>>
>> ---
>>
>> Scott Neugroschl | XYPRO Technology Corporation
>>
>> 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805
>> 583-2874|Fax 805 583-0124 |
> Morning.
>
> Yeah I got those too. I think like everyone else who subscribed to that
> List and has no specific Filters set up :)
>
> I am an Admin for some Mailman Lists myself - there is no way to block
> everything with 100 Percent efficency - except if you disallow
> non-members to send Message to $List.
>
> It always depends on the local Mailing List Policy.
>
> Greetings
> Oliver
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160419/162e293d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3825 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160419/162e293d/attachment.bin>

More information about the openssl-users mailing list