lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4047E7A4.7040701@newparticles.com> From: nehring at newparticles.com (L Nehring) Subject: Re: Regarding all the spam... (openssl-users) This is way off-topic, so let me apologize in advance. Here's some of my own email numbers to give a piece of my perspective of the talk about spam on the openssl list and why I just don't see a real problem..... I run a pair of email servers on a very small domain that serves about 10 live users. I received a total of 21204 emails in the past month for the domain. In that time frame, I quarantined 1626 messages containing viruses, 3671 messages were rejected, 1267 messages bounced, and 1431 messages were marked as spam. Maybe my threshold for pain is higher than normal, but if I were to get just 24 or even less than 50 rejected|spam|virus messages per day, I would be checking my email servers for misconfiguration or compromise. Doesn't matter where the bad messages actually come from anymore, since it's becoming a given that the 'mail from:' address is invalid or spoofed. I can't imagine that a change that restricts who might post to the openssl list would have any noticeable effect on email in my little domain or anywhere else. It might be better to petition the antivirus vendors to remove the arcane/useless bounce notification feature (that has become a serious source of spam). If a person didn't know they sent a virus, they probably aren't going to know what to do if they're notified about it. I they did know they sent a virus, then they aren't going to care... More likely however, is that the person didn't send any original virus message at all and was just unlucky enough to have their address spoofed so that they would end up with a mysterious bounce message. .....this could be exploited in a similar manner to an ICMP smurf attack - if you want to mail-bomb somebody just mass mail a virus-laden email with the from address of your target. Doesn't matter what the virus is or what it does as long as it's detected and triggers an automatic response. Probably works better if the mass mailing includes mail lists in increase the amount of AV notices sent to the target. Again, I apologize again for being off-topic. I'll copy this post over the the Full-disclosure list to let the thread continue there. Scott Lamb wrote: > > On Mar 2, 2004, at 8:37 PM, Joseph Bruni wrote: > >> I don't know about that. During the latest Windows exploit virus >> blast (when are they going to fix their stuff?) I kept getting bombed >> by AV bounces aimed at openssl-users-l. Not to mention that the list >> was DOWN during that time as well. A good number of my posts just got >> timed out by my legitimate SMTP relay. >> >> >> On Mar 2, 2004, at 2:15 PM, L Nehring wrote: >> >>> Have we now crossed the threshold where there are more off-topic >>> messages discussing spam than spam messages themselves? >>> >>> There just doesn't seem to be a real need to take any action at all >>> given the small number of UCE or antivirus bounce messages. >> > > To put some concrete numbers on this, my mail logs note rejecting 24 > messages MAIL FROM: <owner-mmx-openssl-users@....engelschall.com> in > the past month, and I have 14 more in my junk folder. So no, we most > certainly have not crossed that threshold. > > Scott > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@...nssl.org > Automated List Manager majordomo@...nssl.org
Powered by blists - more mailing lists