Spam in projects.openmoko mailinglist

Sander openmoko at humilis.net
Thu Jul 30 11:57:56 CEST 2009 

DJDAS wrote (ao):
> arne anka ha scritto:
> >> No, this seems a mail generated from the versioning system who alerts me
> >> of a pending commit request not a common spamming message.
> >>     
> >
> > ???
> > nothing's easier than spoofing the sent-from. just because it says it is  
> > sent from something-commits does in no way mean, it really is.
> >   
> 
> Sorry but which part of "the mail was sent from the versioning system" 
> you didn't understand? :)
> This is NOT spoofed but was sent form the projects server, please look 
> at the headers:

These headers and this email are from the process that manages the
'moderator request(s) waiting' queue.

My guess would be that a spammer spams the mailaddress which receives
the commits, and that mailman refuses to send the spam to the members of
the commit list due to the spammer being a non-member.

	With kind regards, Sander

> ----------------------------------------------------------------------
> 
> Return-Path: <mailman-bounces at projects.openmoko.org>
> X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on djdas.djdas.net
> X-Spam-Level: 
> X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_50,NO_REAL_NAME 
> 	autolearn=no version=3.1.5
> Received: from projects.openmoko.org (projects.openmoko.org [88.198.93.218])
> 	by djdas.djdas.net (8.13.7/8.13.4) with ESMTP id n6Q9RPQ1012478
> 	for <djdas at djdas.net>; Sun, 26 Jul 2009 11:27:25 +0200
> Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
> 	by projects.openmoko.org with esmtp (Exim 4.63)
> 	(envelope-from <mailman-bounces at projects.openmoko.org>)
> 	id 1MWOjP-0005b0-KI
> 	for djdas at users.projects.openmoko.org; Thu, 30 Jul 2009 08:03:11 +0200
> Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
> 	by projects.openmoko.org with esmtp (Exim 4.63)
> 	(envelope-from <bluemoko-commits-bounces at projects.openmoko.org>)
> 	id 1MWOjK-0005IK-SA for bluemoko-commits-owner at projects.openmoko.org;
> 	Thu, 30 Jul 2009 08:03:06 +0200
> MIME-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Content-Transfer-Encoding: 7bit
> Subject: 1 Bluemoko-commits moderator request(s) waiting
> From: bluemoko-commits-bounces at projects.openmoko.org
> To: bluemoko-commits-owner at projects.openmoko.org
> Message-ID: <mailman.241.1248933784.3962.bluemoko-commits at projects.openmoko.org>
> Date: Thu, 30 Jul 2009 08:03:04 +0200
> Precedence: bulk
> X-BeenThere: bluemoko-commits at projects.openmoko.org
> X-Mailman-Version: 2.1.9
> List-Id: cvs commits <bluemoko-commits.projects.openmoko.org>
> X-List-Administrivia: yes
> Sender: mailman-bounces at projects.openmoko.org
> Errors-To: mailman-bounces at projects.openmoko.org
> X-Virus-Scanned: ClamAV 0.88.4/9634/Thu Jul 30 05:03:31 2009 on djdas.djdas.net
> X-Virus-Status: Clean
> 
> ----------------------------------------------------------------------
> >   
> >> It smells of security issue on the projects.openmoko site...
> >>     
> >
> > still possible, if one take sthe password issue in account. but not from  
> > the quotes of spam.
> >
> >   
> Maybe they were able to automatize the commit requests for all (o part 
> of) the projects hosted in the site registering an account (or using an 
> anonymous one if possible) that asks for commits and using the 
> subject/notes field to add spamming messages...

-- 
Humilis IT Services and Solutions
http://www.humilis.net

More information about the community mailing list