Spam in projects.openmoko mailinglist
Sander
openmoko at humilis.net
Thu Jul 30 11:57:56 CEST 2009
DJDAS wrote (ao):
> arne anka ha scritto:
> >> No, this seems a mail generated from the versioning system who alerts me
> >> of a pending commit request not a common spamming message.
> >>
> >
> > ???
> > nothing's easier than spoofing the sent-from. just because it says it is
> > sent from something-commits does in no way mean, it really is.
> >
>
> Sorry but which part of "the mail was sent from the versioning system"
> you didn't understand? :)
> This is NOT spoofed but was sent form the projects server, please look
> at the headers:
These headers and this email are from the process that manages the
'moderator request(s) waiting' queue.
My guess would be that a spammer spams the mailaddress which receives
the commits, and that mailman refuses to send the spam to the members of
the commit list due to the spammer being a non-member.
With kind regards, Sander
> ----------------------------------------------------------------------
>
> Return-Path: <mailman-bounces at projects.openmoko.org>
> X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on djdas.djdas.net
> X-Spam-Level:
> X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_50,NO_REAL_NAME
> autolearn=no version=3.1.5
> Received: from projects.openmoko.org (projects.openmoko.org [88.198.93.218])
> by djdas.djdas.net (8.13.7/8.13.4) with ESMTP id n6Q9RPQ1012478
> for <djdas at djdas.net>; Sun, 26 Jul 2009 11:27:25 +0200
> Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
> by projects.openmoko.org with esmtp (Exim 4.63)
> (envelope-from <mailman-bounces at projects.openmoko.org>)
> id 1MWOjP-0005b0-KI
> for djdas at users.projects.openmoko.org; Thu, 30 Jul 2009 08:03:11 +0200
> Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
> by projects.openmoko.org with esmtp (Exim 4.63)
> (envelope-from <bluemoko-commits-bounces at projects.openmoko.org>)
> id 1MWOjK-0005IK-SA for bluemoko-commits-owner at projects.openmoko.org;
> Thu, 30 Jul 2009 08:03:06 +0200
> MIME-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> Subject: 1 Bluemoko-commits moderator request(s) waiting
> From: bluemoko-commits-bounces at projects.openmoko.org
> To: bluemoko-commits-owner at projects.openmoko.org
> Message-ID: <mailman.241.1248933784.3962.bluemoko-commits at projects.openmoko.org>
> Date: Thu, 30 Jul 2009 08:03:04 +0200
> Precedence: bulk
> X-BeenThere: bluemoko-commits at projects.openmoko.org
> X-Mailman-Version: 2.1.9
> List-Id: cvs commits <bluemoko-commits.projects.openmoko.org>
> X-List-Administrivia: yes
> Sender: mailman-bounces at projects.openmoko.org
> Errors-To: mailman-bounces at projects.openmoko.org
> X-Virus-Scanned: ClamAV 0.88.4/9634/Thu Jul 30 05:03:31 2009 on djdas.djdas.net
> X-Virus-Status: Clean
>
> ----------------------------------------------------------------------
> >
> >> It smells of security issue on the projects.openmoko site...
> >>
> >
> > still possible, if one take sthe password issue in account. but not from
> > the quotes of spam.
> >
> >
> Maybe they were able to automatize the commit requests for all (o part
> of) the projects hosted in the site registering an account (or using an
> anonymous one if possible) that asks for commits and using the
> subject/notes field to add spamming messages...
--
Humilis IT Services and Solutions
http://www.humilis.net
More information about the community
mailing list