[CLUE-Admin] A Spam Which Raises Questions
Jed S. Baer
thag at frii.com
Mon Apr 19 17:18:54 MDT 2004
Hi Folks -- especially you gnarly mail admin types.
I got this spam today, and a few things impress me as odd.
[ snipping out lots of idle and incorrect speculation ]
OTOH, thinking some more, it would have originally been sent to
clue-dev-admin at clue.denver.co.us (I'm testing this now). But this still
represents a similar problem. In this case, my question then becomes how
to configure mailman to simply drop invalid admin interface requests. I
looked through the config screens, but didn't see anything like that. I
understand the idea behind forward such to the list admin, but that's just
a micrososm of the overall spam problem and SMTP being "too trusting".
Oops. Part of what I snipped out is that this gets through my ISP's spam
filtering (I'm assuming) because I've setup "*@clue.denver.co.us" as an
"accept" condition for the "From:" header (but I'm guessing their
documentation is wrong, and it works for other headers as well).
Further oops. I see that the admin interface address would be (?)
clue-dev-request. So now I really wonder why mailman is processing this
e-mail, or if it would be easy to have it not do so, and thus not add the
"Sender:" header, which is what I'm guessing is giving it a free pass past
my spam filtering. (I'm giving up, for this e-mail anyway, waiting for a
response to my e-mail to clue-dev-request.)
Yeah, I know, I could download the mailman docs and RTFM, but I'm hoping
some has enough knowledge on-hand to just know what, if anything, might be
done to help this situation out.
TIA.
jed
Received: from clue.denver.co.us (unknown [216.38.207.181])
by ma105.mailarmory.com (MailArmory) with ESMTP id 8A13735B1EA
for <thag at frii.com>; Mon, 19 Apr 2004 13:58:06 -0600 (MDT)
Received: from clue.denver.co.us (IDENT:mailman at localhost.localdomain
[127.0.0.1])
by clue.denver.co.us (8.9.3/8.9.3) with ESMTP id NAA20155
for <webmaster at clue.techangle.com>; Mon, 19 Apr 2004 13:43:44 -0600
Received: from 216.38.207.181 ([202.98.142.52])
by clue.denver.co.us (8.9.3/8.9.3) with SMTP id LAA19666;
Mon, 19 Apr 2004 11:33:15 -0600
Received: from 48.76.182.96 by 219.145.130.118; Mon, 19 Apr 2004 12:36:29
-0600
Message-ID: <JZAHJHXOKGSKFLKKDCCMW at yahoo.com>
From: "Tanner Decker" <tbogajr at msn.com>
Reply-To: "Tanner Decker" <tbogajr at msn.com>
To: clue-dev-admin at clue.denver.co.us
Subject: Fw: shed while you sleeep..
Date: Mon, 19 Apr 2004 14:41:29 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--9972999042535956977"
X-Webmail-Time: Mon, 19 Apr 2004 11:40:29 -0700
Sender: clue-dev-owner at clue.denver.co.us
Errors-To: clue-dev-owner at clue.denver.co.us
X-BeenThere: clue-dev at clue.denver.co.us
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Help: <mailto:clue-dev-request at clue.denver.co.us?subject=help>
List-Post: <mailto:clue-dev at clue.denver.co.us>
List-Subscribe: <http://clue.denver.co.us/mailman/listinfo/clue-dev>,
<mailto:clue-dev-request at clue.denver.co.us?subject=subscribe>
List-Id: CLUE web site developers list. <clue-dev.clue.denver.co.us>
List-Unsubscribe: <http://clue.denver.co.us/mailman/listinfo/clue-dev>,
<mailto:clue-dev-request at clue.denver.co.us?subject=unsubscribe>
List-Archive: <http://clue.denver.co.us/pipermail/clue-dev/>
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list