Spam in projects.openmoko mailinglist

DJDAS djdas at djdas.net
Thu Jul 30 11:49:12 CEST 2009 

arne anka ha scritto:
>> No, this seems a mail generated from the versioning system who alerts me
>> of a pending commit request not a common spamming message.
>>     
>
> ???
> nothing's easier than spoofing the sent-from. just because it says it is  
> sent from something-commits does in no way mean, it really is.
>   

Sorry but which part of "the mail was sent from the versioning system" 
you didn't understand? :)
This is NOT spoofed but was sent form the projects server, please look 
at the headers:

----------------------------------------------------------------------

Return-Path: <mailman-bounces at projects.openmoko.org>
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on djdas.djdas.net
X-Spam-Level: 
X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_50,NO_REAL_NAME 
	autolearn=no version=3.1.5
Received: from projects.openmoko.org (projects.openmoko.org [88.198.93.218])
	by djdas.djdas.net (8.13.7/8.13.4) with ESMTP id n6Q9RPQ1012478
	for <djdas at djdas.net>; Sun, 26 Jul 2009 11:27:25 +0200
Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
	by projects.openmoko.org with esmtp (Exim 4.63)
	(envelope-from <mailman-bounces at projects.openmoko.org>)
	id 1MWOjP-0005b0-KI
	for djdas at users.projects.openmoko.org; Thu, 30 Jul 2009 08:03:11 +0200
Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
	by projects.openmoko.org with esmtp (Exim 4.63)
	(envelope-from <bluemoko-commits-bounces at projects.openmoko.org>)
	id 1MWOjK-0005IK-SA for bluemoko-commits-owner at projects.openmoko.org;
	Thu, 30 Jul 2009 08:03:06 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: 1 Bluemoko-commits moderator request(s) waiting
From: bluemoko-commits-bounces at projects.openmoko.org
To: bluemoko-commits-owner at projects.openmoko.org
Message-ID: <mailman.241.1248933784.3962.bluemoko-commits at projects.openmoko.org>
Date: Thu, 30 Jul 2009 08:03:04 +0200
Precedence: bulk
X-BeenThere: bluemoko-commits at projects.openmoko.org
X-Mailman-Version: 2.1.9
List-Id: cvs commits <bluemoko-commits.projects.openmoko.org>
X-List-Administrivia: yes
Sender: mailman-bounces at projects.openmoko.org
Errors-To: mailman-bounces at projects.openmoko.org
X-Virus-Scanned: ClamAV 0.88.4/9634/Thu Jul 30 05:03:31 2009 on djdas.djdas.net
X-Virus-Status: Clean

----------------------------------------------------------------------
>   
>> It smells of security issue on the projects.openmoko site...
>>     
>
> still possible, if one take sthe password issue in account. but not from  
> the quotes of spam.
>
>   
Maybe they were able to automatize the commit requests for all (o part 
of) the projects hosted in the site registering an account (or using an 
anonymous one if possible) that asks for commits and using the 
subject/notes field to add spamming messages...

More information about the community mailing list