[CLUE-Admin] A Spam Which Raises Questions

Tue Apr 20 06:28:08 MDT 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jed,

As a guy who gets the spam for every other mailman admin account, the only 
thing I have determined (from mailman) is to unset the admin email account 
variable.

The alternative is to setup spam assassin for our email delivery system.  This 
is the plan for the new server... sigh.

Jeff

On Monday 19 April 2004 5:18 pm, Jed S. Baer wrote:
> Hi Folks -- especially you gnarly mail admin types.
>
> I got this spam today, and a few things impress me as odd.
>
> [ snipping out lots of idle and incorrect speculation ]
>
> OTOH, thinking some more, it would have originally been sent to
> clue-dev-admin at clue.denver.co.us (I'm testing this now). But this still
> represents a similar problem. In this case, my question then becomes how
> to configure mailman to simply drop invalid admin interface requests. I
> looked through the config screens, but didn't see anything like that. I
> understand the idea behind forward such to the list admin, but that's just
> a micrososm of the overall spam problem and SMTP being "too trusting".
>
> Oops. Part of what I snipped out is that this gets through my ISP's spam
> filtering (I'm assuming) because I've setup "*@clue.denver.co.us" as an
> "accept" condition for the "From:" header (but I'm guessing their
> documentation is wrong, and it works for other headers as well).
>
> Further oops. I see that the admin interface address would be (?)
> clue-dev-request. So now I really wonder why mailman is processing this
> e-mail, or if it would be easy to have it not do so, and thus not add the
> "Sender:" header, which is what I'm guessing is giving it a free pass past
> my spam filtering. (I'm giving up, for this e-mail anyway, waiting for a
> response to my e-mail to clue-dev-request.)
>
> Yeah, I know, I could download the mailman docs and RTFM, but I'm hoping
> some has enough knowledge on-hand to just know what, if anything, might be
> done to help this situation out.
>
> TIA.
> jed
>
>
> Received: from clue.denver.co.us (unknown [216.38.207.181])
> 	by ma105.mailarmory.com (MailArmory) with ESMTP id 8A13735B1EA
> 	for <thag at frii.com>; Mon, 19 Apr 2004 13:58:06 -0600 (MDT)
> Received: from clue.denver.co.us (IDENT:mailman at localhost.localdomain
> [127.0.0.1])
> 	by clue.denver.co.us (8.9.3/8.9.3) with ESMTP id NAA20155
> 	for <webmaster at clue.techangle.com>; Mon, 19 Apr 2004 13:43:44 -0600
> Received: from 216.38.207.181 ([202.98.142.52])
> 	by clue.denver.co.us (8.9.3/8.9.3) with SMTP id LAA19666;
> 	Mon, 19 Apr 2004 11:33:15 -0600
> Received: from 48.76.182.96 by 219.145.130.118; Mon, 19 Apr 2004 12:36:29
> -0600
> Message-ID: <JZAHJHXOKGSKFLKKDCCMW at yahoo.com>
> From: "Tanner Decker" <tbogajr at msn.com>
> Reply-To: "Tanner Decker" <tbogajr at msn.com>
> To: clue-dev-admin at clue.denver.co.us
> Subject: Fw: shed while you sleeep..
> Date: Mon, 19 Apr 2004 14:41:29 -0400
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="--9972999042535956977"
> X-Webmail-Time: Mon, 19 Apr 2004 11:40:29 -0700
> Sender: clue-dev-owner at clue.denver.co.us
> Errors-To: clue-dev-owner at clue.denver.co.us
> X-BeenThere: clue-dev at clue.denver.co.us
> X-Mailman-Version: 2.0.13
> Precedence: bulk
> List-Help: <mailto:clue-dev-request at clue.denver.co.us?subject=help>
> List-Post: <mailto:clue-dev at clue.denver.co.us>
> List-Subscribe: <http://clue.denver.co.us/mailman/listinfo/clue-dev>,
> 	<mailto:clue-dev-request at clue.denver.co.us?subject=subscribe>
> List-Id: CLUE web site developers list. <clue-dev.clue.denver.co.us>
> List-Unsubscribe: <http://clue.denver.co.us/mailman/listinfo/clue-dev>,
> 	<mailto:clue-dev-request at clue.denver.co.us?subject=unsubscribe>
> List-Archive: <http://clue.denver.co.us/pipermail/clue-dev/>

- -- 
Colorado Linux Users and Enthusiasts (CLUE)
http://cluedenver.org/
Jeffery Cann, President

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAhRdm8E9qvtPugKYRArPwAJ4obf+D/k+USpd/6sZdXSibuR2DnQCaA+gr
4xv1Eex6i4zqIuA0pb5CyKw=
=PMMr
-----END PGP SIGNATURE-----