On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
+100
Please, I beg to the moderator: ban out this forever, and send attention to the other list victims too.
2010/11/29 Patrick O'Callaghan pocallaghan@gmail.com:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
On Mon, 29 Nov 2010 05:29:50 -0600 Patrick O'Callaghan pocallaghan@gmail.com wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
except that he/she may have nothing to do with the post....perhaps we need a moderated list?
ranjan
On 11/29/10, Ranjan Maitra maitra@iastate.edu wrote:
except that he/she may have nothing to do with the post....perhaps we need a moderated list?
Because this happens once every three months? Is this really such a big deal?
Andras
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
On Monday 29 November 2010 12:49:27 Jerry Feldman wrote:
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
That wouldn't be so easy. If the e-mail account has been hijacked, the hijacker has probably changed the password already, and the user doesn't have access to his account anymore. He can ask for help from yahoo, but they are usually unwilling to do anything unless the user can prove his identity and that the account has actually been hijacked. They also typically refuse to give help unless the user has a paid support account with yahoo.
I don't know about aol and gmail, but I doubt they are any different from yahoo in this respect. So unless the user has been paying for e-mail services to yahoo (and really, why would he ever do that?! ;-) ), he is unlikely to retreive his password any time soon...
Best, :-) Marko
On 11/29/2010 08:48 AM, Marko Vojinovic wrote:
On Monday 29 November 2010 12:49:27 Jerry Feldman wrote:
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
That wouldn't be so easy. If the e-mail account has been hijacked, the hijacker has probably changed the password already, and the user doesn't have access to his account anymore. He can ask for help from yahoo, but they are usually unwilling to do anything unless the user can prove his identity and that the account has actually been hijacked. They also typically refuse to give help unless the user has a paid support account with yahoo.
I don't know about aol and gmail, but I doubt they are any different from yahoo in this respect. So unless the user has been paying for e-mail services to yahoo (and really, why would he ever do that?! ;-) ), he is unlikely to retreive his password any time soon...
It is my experience with the several users I know whose accounts were hacked, it was by script and the passwords were not changed. A simple changing of the passwords stopped the SPAM. However, you are absolutely correct if the hacker actually changed the password.
On 11/29/2010 04:49 AM, Jerry Feldman wrote:
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
I agree on the basis of at least one friend of mine who all of a sudden started sending out spam by the thousands. I asked him to change his yahoo password, and the spam stopped.
On Mon, 2010-11-29 at 07:49 -0500, Jerry Feldman wrote:
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
If the user is a genuine member of the list, by now they should have noticed the crap being sent in their name and done something about it.
If they aren't, why do we care about banning them?
Even if they are genuine and for some reason haven't noticed the problem, banning them only means they'll get a reject from Mailman, whereupon they have the opportunity of appealing to the list admin.
poc
Patrick O'Callaghan wrote:
If the user is a genuine member of the list, by now they should have noticed the crap being sent in their name and done something about it.
If they aren't, why do we care about banning them?
Even if they are genuine and for some reason haven't noticed the problem, banning them only means they'll get a reject from Mailman, whereupon they have the opportunity of appealing to the list admin.
This issue is already resolved. No need to further clutter the list discussing it. ;)
Thanks to those who brought it up to the list moderators as well. That helped ensure we didn't miss the original spam that got through.
On 11/29/2010 10:45 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 07:49 -0500, Jerry Feldman wrote:
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
If the user is a genuine member of the list, by now they should have noticed the crap being sent in their name and done something about it.
If they aren't, why do we care about banning them?
Even if they are genuine and for some reason haven't noticed the problem, banning them only means they'll get a reject from Mailman, whereupon they have the opportunity of appealing to the list admin.
We shouldn't. The user should be unsubscribed from the list, certainly, removing any user who violates list policy either knowingly or unknowingly should be removed. Banning a person from the list would require listadmin approval to rejoin. It just requires more work for the listadmin.
On Mon, 2010-11-29 at 14:12 -0500, Jerry Feldman wrote:
On 11/29/2010 10:45 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 07:49 -0500, Jerry Feldman wrote:
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
If the user is a genuine member of the list, by now they should have noticed the crap being sent in their name and done something about it.
If they aren't, why do we care about banning them?
Even if they are genuine and for some reason haven't noticed the problem, banning them only means they'll get a reject from Mailman, whereupon they have the opportunity of appealing to the list admin.
We shouldn't. The user should be unsubscribed from the list, certainly, removing any user who violates list policy either knowingly or unknowingly should be removed.
Are you *quite* sure about that? The only policy as such is contained in the list guidelines, which are regularly violated with impunity (and those of us who complain are often subjected to name-calling for our pains), but getting medieval with any and all violators is unlikely to lead to a more congenial list on the whole.
Banning a person from the list would require listadmin approval to rejoin. It just requires more work for the listadmin.
Maybe. Presumably spammers wouldn't bother arguing with the admin, but they probably wouldn't bother resubscribing either.
poc
Actually, btw, I wrote to "Globe Trotter" and s/he was quite taken aback because s/he said that s/he had unsubscribed from the list some time ago. S/He also said that s/he would follow my suggestion and change his/her password. But, I was thinking, what is the guarantee that the "fake" poster e-mailed using his/her password. Is it that difficult to spoof an e-mail address and post pretending from there?
I think the Fedora list may allow posts from unsubscribed individuals. Perhaps these people could be made to go through a moderated process?
S/He was very apologetic to me and, by extension, to others on the list.
Ranjan
On Mon, 29 Nov 2010 16:38:18 -0600 Patrick O'Callaghan pocallaghan@gmail.com wrote:
On Mon, 2010-11-29 at 14:12 -0500, Jerry Feldman wrote:
On 11/29/2010 10:45 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 07:49 -0500, Jerry Feldman wrote:
On 11/29/2010 06:29 AM, Patrick O'Callaghan wrote:
On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
The problem here is that the user's yahoo password has been hacked. I have seen this exact same thing with other yahoo, gmail and aol addresses. The user needs to change his/her yahoo password to clear this up.
If the user is a genuine member of the list, by now they should have noticed the crap being sent in their name and done something about it.
If they aren't, why do we care about banning them?
Even if they are genuine and for some reason haven't noticed the problem, banning them only means they'll get a reject from Mailman, whereupon they have the opportunity of appealing to the list admin.
We shouldn't. The user should be unsubscribed from the list, certainly, removing any user who violates list policy either knowingly or unknowingly should be removed.
Are you *quite* sure about that? The only policy as such is contained in the list guidelines, which are regularly violated with impunity (and those of us who complain are often subjected to name-calling for our pains), but getting medieval with any and all violators is unlikely to lead to a more congenial list on the whole.
Banning a person from the list would require listadmin approval to rejoin. It just requires more work for the listadmin.
Maybe. Presumably spammers wouldn't bother arguing with the admin, but they probably wouldn't bother resubscribing either.
poc
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
On Mon, 2010-11-29 at 19:17 -0600, Ranjan Maitra wrote:
Is it that difficult to spoof an e-mail address and post pretending from there?
It's trivial. That's how spammers work. No passwords are necessary.
I think the Fedora list may allow posts from unsubscribed individuals. Perhaps these people could be made to go through a moderated process?
According to the list admin page, only subscribed members can post.
poc
I think the Fedora list may allow posts from unsubscribed individuals. Perhaps these people could be made to go through a moderated process?
According to the list admin page, only subscribed members can post.
Which is actually a meaningless distinction because email headers are not secure.
Alan
On Mon, 2010-11-29 at 19:17 -0600, Ranjan Maitra wrote:
Is it that difficult to spoof an e-mail address and post pretending from there?
The current email systems don't have any way to enforce correct identification of a sender. So you can write (almost) whatever you like in the "from" address header. It may have to be potentially valid, depending on the checks done by a mail server, but they only check that the address is well-formed, not whether it's actually correct.
There are some ISPs who write their member's ID into the headers of all their mail as it goes through their SMTP server, but that's not really a regular feature of email, and it can be faked by someone else who's ISP doesn't do that.
The only way a list server could enforce that the real subscriber posted, would be to insist that all posts be signed with an encryption key that's known to the server. That might be a good idea with some mailing lists for people who aren't trying to resolve a problem with their computer, but a bad idea for a list where not-so-tech-savvy people come looking for help.
I think the Fedora list may allow posts from unsubscribed individuals.
It doesn't. Those of us with multiple email accounts who've accidentally sent a post using the wrong address can attest that the message doesn't get through.
On 11/30/2010 06:48 AM, Tim wrote:
On Mon, 2010-11-29 at 19:17 -0600, Ranjan Maitra wrote:
Is it that difficult to spoof an e-mail address and post pretending from there?
The current email systems don't have any way to enforce correct identification of a sender. So you can write (almost) whatever you like in the "from" address header. It may have to be potentially valid, depending on the checks done by a mail server, but they only check that the address is well-formed, not whether it's actually correct.
Mailers do actually have a way - DKIM does exactly that - so if we required DKIM that would help.
Pros: * Obvious
Cons: * would limit posters to DKIM compliant mail (like gmail and yahoo and those that turn it on). Not sure how much of a limitation this is?
* Some work to turn this on.
* the fedora-xxx mailers probably would also need to use DKIM
* the list server would need to made DKIM compliant (would seem to be rude to require DKIM but not have list be DKIM compliant after all !!)
* Resources - would there be interest enough and resources to do this.
I believe it is a worthy goal ... LKML passes through a lot more spam from what I see - which may suggest that the fedora list registration process to post does add frictions for spammers in practice.
gene/
On Tue, 2010-11-30 at 07:44 -0500, Genes MailLists wrote:
I believe it is a worthy goal ... LKML passes through a lot more spam from what I see - which may suggest that the fedora list registration process to post does add frictions for spammers in practice.
There seems to be a contradiction here between "it would be a worthy goal" and "list registration ... does add friction ... in practice". IMHO the fact that we get so little spam indicates that it wouldn't be worth the hassle to enforce DKIM, at least not in current conditions.
poc
On 11/30/2010 10:38 AM, Patrick O'Callaghan wrote:
There seems to be a contradiction here between "it would be a worthy goal" and "list registration ... does add friction ... in practice". IMHO the fact that we get so little spam indicates that it wouldn't be worth the hassle to enforce DKIM, at least not in current conditions.
poc
Yep - there are pros and cons .. :-)
I believe we should all be using DKIM and that would include list managers - that is a worthy goal to make email better as a matter of principle .. that said ..
on the other hand, from a practical perceptive ... it may not be worth the effort today - in spite of it being a worthy goal.
On Tue, Nov 30, 2010 at 22:18:54 +1030, Tim ignored_mailbox@yahoo.com.au wrote:
The current email systems don't have any way to enforce correct identification of a sender. So you can write (almost) whatever you like in the "from" address header. It may have to be potentially valid, depending on the checks done by a mail server, but they only check that the address is well-formed, not whether it's actually correct.
Mailman checks the envelope sender address. That may have been what you were referring to above (as a from line gets inserted in mbox formatted messages), but can be confused with the from header in a message. The envelope sender and recipient addresses are actually independent of the headers in message, though in typical use they will be derived from the headers of th original message.
--- On Mon, 11/29/10, Patrick O'Callaghan pocallaghan@gmail.com wrote:
From: Patrick O'Callaghan pocallaghan@gmail.com Subject: To: users@lists.fedoraproject.org Date: Monday, November 29, 2010, 3:29 AM On Mon, 2010-11-29 at 02:12 -0800, Globe Trotter wrote:
Isn't it time to ban this idiot?
poc
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Isn't it time also to stop sending mails addressed to fedora-list@redhat.com over here too?
Should these be sent to /dev/null? instead of being redirected over here?
Thanks,
Antonio
-
Alan Cox -
Andras Simon -
Antonio Olivares -
Bruno Wolff III -
Genes MailLists -
Globe Trotter -
JD -
Jerry Feldman -
Marko Vojinovic -
Patrick O'Callaghan -
Ranjan Maitra -
Tim -
Todd Zullinger -
Zoltan Hoppar