lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4047E7A4.7040701@newparticles.com>
From: nehring at newparticles.com (L Nehring)
Subject: Re: Regarding all the spam...

(openssl-users) This is way off-topic, so let me apologize in advance.

Here's some of my own email numbers to give a piece of my perspective of 
the talk about spam on the openssl list and why I just don't see a real 
problem.....

I run a pair of email servers on a very small domain that serves about 
10 live users.
I received a total of 21204 emails in the past month for the domain.   
In that time frame, I quarantined 1626 messages containing viruses, 3671 
messages were rejected, 1267 messages bounced, and 1431 messages were 
marked as spam.

Maybe my threshold for pain is higher  than normal, but if I were to get 
just 24 or even less than 50 rejected|spam|virus messages per day, I 
would be checking my email servers for misconfiguration or compromise.   
Doesn't matter where the bad messages actually come from anymore, since 
it's becoming a given that the 'mail from:' address is invalid or spoofed.

I can't imagine that a change that restricts who might post to the 
openssl list would have any noticeable effect on email in my little 
domain or anywhere else.

It might be better to petition the antivirus vendors to remove the 
arcane/useless bounce notification feature (that has become a serious 
source of spam).  If a person didn't know they sent a virus, they 
probably aren't going to know what to do if they're notified about it.  
I they did know they sent a virus, then they aren't going to care...   
More likely however, is that the person didn't send any original virus 
message at all and was just unlucky enough to have their address spoofed 
so that they would end up with a mysterious bounce message.     
.....this could be exploited in a similar manner to an ICMP smurf attack 
- if you want to mail-bomb somebody just mass mail a virus-laden email 
with the from address of your target.  Doesn't matter what the virus is 
or what it does as long as it's detected and triggers an automatic 
response.   Probably works better if the mass mailing includes mail 
lists in increase the amount of AV notices sent to the target.   

Again, I apologize again for being off-topic.  I'll copy this post over 
the the Full-disclosure list to let the thread continue there.


Scott Lamb wrote:

>
> On Mar 2, 2004, at 8:37 PM, Joseph Bruni wrote:
>
>> I don't know about that. During the latest Windows exploit virus 
>> blast (when are they going to fix their stuff?) I kept getting bombed 
>> by AV bounces aimed at openssl-users-l. Not to mention that the list 
>> was DOWN during that time as well. A good number of my posts just got 
>> timed out by my legitimate SMTP relay.
>>
>>
>> On Mar 2, 2004, at 2:15 PM, L Nehring wrote:
>>
>>> Have we now crossed the threshold where there are more off-topic 
>>> messages discussing spam than spam messages themselves?
>>>
>>> There just doesn't seem to be a real need to take any action at all 
>>> given the small number of UCE or antivirus bounce messages.
>>
>
> To put some concrete numbers on this, my mail logs note rejecting 24 
> messages MAIL FROM: <owner-mmx-openssl-users@....engelschall.com> in 
> the past month, and I have 14 more in my junk folder. So no, we most 
> certainly have not crossed that threshold.
>
> Scott
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@...nssl.org
> Automated List Manager                           majordomo@...nssl.org



Powered by blists - more mailing lists