lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0609071726200.31500@turbotaz.ourhouse>
Date:	Thu, 7 Sep 2006 17:37:16 -0500 (CDT)
From:	Chase Venters <chase.venters@...entec.com>
To:	Krzysztof Halasa <khc@...waw.pl>
cc:	Chase Venters <chase.venters@...entec.com>, ellis@...nics.net,
	w@....eu (Willy Tarreau), linux-kernel@...r.kernel.org
Subject: Re: bogofilter ate 3/5

On Fri, 8 Sep 2006, Krzysztof Halasa wrote:

> Chase Venters <chase.venters@...entec.com> writes:
>
>> The problem with trying to stop forgery is that there is not yet a
>> foolproof or reasonably foolproof method of doing so.
>
> The first important point here is that vger rejects mail in SMTP
> DATA phase, thus making the forgery irrelevant WRT such bounces.
> Second, being on the list isn't enough for the message to go
> through, it has to pass the filters as everyone else.
>

Fair enough. The discussion drifted with the introduction of the SpamCop 
idea that bounce messages are evil. As you have shown, it is possible in 
many instances to refuse mail at the door; however, it's pretty unfeasible 
in many environments...

>
> Third, while I think "normal" autoresponders (vacation etc.)
> are perfectly reasonable (not in mailing list context of course),
> ones which by design respond mostly to forged addresses (do you
> think antivirus and antispam qualify?) are aimed at the wrong,
> innocent person.
>

Well, this is an interesting point applicable to my specific suggestion. 
You are right that such a script would generate a lot of misdirected mail. 
In my experience in dealing with this issue, it's usually e-mail viruses 
that spoof legitimate addresses: most of the spam I see comes from junk 
addresses at junk domains. So it's not like you're bugging a *human*.

In any case, this specific idea was just a brainstorm for how we could 
use X-Bogofilter: headers to allow LKML subscribers to make their own 
filtering decision about the messages. Another idea is to divert junk mail 
to a second list which is for people that want to be real sure they don't 
miss patches.

A third choice is obviously to leave the problem alone and let bogofilter 
eat our patches ;)

Whichever route is taken, though, it looks like we might have to switch 
away from Majordomo soon, because SpamCop and Stuart MacDonald are going 
to bring an end to programs that automatically respond to mail.

Thanks,
Chase
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ