Spam in projects.openmoko mailinglist

DJDAS djdas at
Thu Jul 30 11:49:12 CEST 2009

arne anka ha scritto:
>> No, this seems a mail generated from the versioning system who alerts me
>> of a pending commit request not a common spamming message.
> ???
> nothing's easier than spoofing the sent-from. just because it says it is  
> sent from something-commits does in no way mean, it really is.

Sorry but which part of "the mail was sent from the versioning system" 
you didn't understand? :)
This is NOT spoofed but was sent form the projects server, please look 
at the headers:


Return-Path: <mailman-bounces at>
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on
X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_50,NO_REAL_NAME 
	autolearn=no version=3.1.5
Received: from ( [])
	by (8.13.7/8.13.4) with ESMTP id n6Q9RPQ1012478
	for <djdas at>; Sun, 26 Jul 2009 11:27:25 +0200
Received: from localhost ([]
	by with esmtp (Exim 4.63)
	(envelope-from <mailman-bounces at>)
	id 1MWOjP-0005b0-KI
	for djdas at; Thu, 30 Jul 2009 08:03:11 +0200
Received: from localhost ([]
	by with esmtp (Exim 4.63)
	(envelope-from <bluemoko-commits-bounces at>)
	id 1MWOjK-0005IK-SA for bluemoko-commits-owner at;
	Thu, 30 Jul 2009 08:03:06 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: 1 Bluemoko-commits moderator request(s) waiting
From: bluemoko-commits-bounces at
To: bluemoko-commits-owner at
Message-ID: <mailman.241.1248933784.3962.bluemoko-commits at>
Date: Thu, 30 Jul 2009 08:03:04 +0200
Precedence: bulk
X-BeenThere: bluemoko-commits at
X-Mailman-Version: 2.1.9
List-Id: cvs commits <>
X-List-Administrivia: yes
Sender: mailman-bounces at
Errors-To: mailman-bounces at
X-Virus-Scanned: ClamAV 0.88.4/9634/Thu Jul 30 05:03:31 2009 on
X-Virus-Status: Clean

>> It smells of security issue on the projects.openmoko site...
> still possible, if one take sthe password issue in account. but not from  
> the quotes of spam.
Maybe they were able to automatize the commit requests for all (o part 
of) the projects hosted in the site registering an account (or using an 
anonymous one if possible) that asks for commits and using the 
subject/notes field to add spamming messages...

More information about the community mailing list