Thread: This mail list and its policies
I had no idea that my address was being broadcast to the world via
comp.databases.postgresql.general I have no problem with having messages sent
to the list go to the group. I do have a problem with my address out there in
the free and clear. Shouldn't the initial subscription notice let new sub-
scribers know that their address will be broadcast over the planet?
What's the logic and/or justification for doing this? I can handle the spam
using the delete key but I really don't like the additional burden that it
puts on my ISP. I would have posted via usenet had I known about this policy.
As a matter of fact that's what I intend to do from now on. Well this
address was good for some time and now it's tainted. The list owner
should send out as part of the pre-subscription message a warning that
the address they use will show up on usenet and the www.
Things that should be done as a responsible list:
1. warning in the pre-subscription notice about broadcasting the address
2. option to hide the sender, from addresses and any other address except
pgsql-general@postgresql.org and any address that's in the body.
3. don't allow bcc to the list and don't forward messages to
info@postgresql.org to the list.
I wonder how many subscribers to the list know that their address is
"out there" now? I suppose many have found out recently.
expect <expect@ihubbell.com> writes:
> I do have a problem with my address out there in
> the free and clear.
Get a life (or at least a spam-blocker). What other lists can you
name that have the policies you think are "responsible"?
regards, tom lane
On Thu, Sep 18, 2003 at 20:59:53 -0700, expect <expect@ihubbell.com> wrote: > > I had no idea that my address was being broadcast to the world via > comp.databases.postgresql.general I have no problem with having messages sent > to the list go to the group. I do have a problem with my address out there in > the free and clear. Shouldn't the initial subscription notice let new sub- > scribers know that their address will be broadcast over the planet? Not really, as addresses on technical lists generally are available on the web archives. > What's the logic and/or justification for doing this? I can handle the spam > using the delete key but I really don't like the additional burden that it > puts on my ISP. I would have posted via usenet had I known about this policy. > As a matter of fact that's what I intend to do from now on. Well this > address was good for some time and now it's tainted. The list owner > should send out as part of the pre-subscription message a warning that > the address they use will show up on usenet and the www. To make it easier to communicate with people. > Things that should be done as a responsible list: One option for you is to use the list address in the from header when posting to the list. That will hide your address and not break replies. Most likely the list checks the envelope sender address to see whether or not the message needs moderator approval. So you should be able to have your messages go through right away if you keep the envelope sender address the same as your subscription address.
On Thu, 2003-09-18 at 23:25, Tom Lane wrote: > expect <expect@ihubbell.com> writes: [snip] > Get a life (or at least a spam-blocker). Even with spam blockers, the spam/virus still must be downloaded from the server, and if the person is on dial-up, that can be *most* painful: In the 24 hour period from yesterday noon to today noon, I received 209 "MS Update" viruses, each of which is 153KB. -- ----------------------------------------------------------------- Ron Johnson, Jr. ron.l.johnson@cox.net Jefferson, LA USA PETA - People Eating Tasty Animals
Ron Johnson wrote: > On Thu, 2003-09-18 at 23:25, Tom Lane wrote: > >>expect <expect@ihubbell.com> writes: > > [snip] > >>Get a life (or at least a spam-blocker). > > > Even with spam blockers, the spam/virus still must be downloaded > from the server, and if the person is on dial-up, that can be *most* > painful: > In the 24 hour period from yesterday noon to today noon, I received > 209 "MS Update" viruses, each of which is 153KB. > With a dial-up is better anyway download only the headers and delete it if is spam. Regards Gaetano Mendola
Hello,
Just run IMAP. That way all the mail stay one the server. Your
system will just grab the headers and you can delete as required.
Also you could installed something like spamassassin on the server (if
you ISP) will let you.
J
Gaetano Mendola wrote:
> Ron Johnson wrote:
>
>> On Thu, 2003-09-18 at 23:25, Tom Lane wrote:
>>
>>> expect <expect@ihubbell.com> writes:
>>
>>
>> [snip]
>>
>>> Get a life (or at least a spam-blocker).
>>
>>
>>
>> Even with spam blockers, the spam/virus still must be downloaded from
>> the server, and if the person is on dial-up, that can be *most*
>> painful:
>> In the 24 hour period from yesterday noon to today noon, I received
>> 209 "MS Update" viruses, each of which is 153KB.
>>
>
> With a dial-up is better anyway download only the headers and delete
> it if is spam.
>
>
> Regards
> Gaetano Mendola
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings
> Just run IMAP. That way all the mail stay one the server. Your > system will just grab the headers and you can delete as required. > Also you could installed something like spamassassin on the server (if > you ISP) will let you. IMAP does not necesarly keep the mail on the server and doesn't help much if I'm running an internal IMAP server anyway. Also, I DO run spamassassin here, and it is finding only perhaps 10-20% of the copies of the most recent worm. I think it sends out copies that are sufficiently different from each other that it bypasses all the checks, including a Bayesian filter. I'm also receiving more copies of it at an address that has NEVER been used for postgresql lists than at this address, so I don't really think 'harvesting' of addresses from this list or its usenet echo is a significant factor in the propagation of this mess. (That address got 120 copies of STEN since midnight, amounting to over 16 MB of mail.) I hope there is a special corner of hell reserved for spammers and an even worse corner reserved for virus/worm writers. -- Mike Nolan
nolan@celery.tssi.com writes:
> Also, I DO run spamassassin here, and it is finding only perhaps 10-20%
> of the copies of the most recent worm. I think it sends out copies that
> are sufficiently different from each other that it bypasses all the
> checks, including a Bayesian filter.
Hmm. I've had no trouble filtering the actual worm (I filter using a
pattern that looks for the first few bytes of a base64-encoded Windows
executable file). The only copies that were getting as far as my spam
inbox were ones that had had the executable file removed by various
"helpful" filtering programs.
> I hope there is a special corner of hell reserved for spammers and an
> even worse corner reserved for virus/worm writers.
And "antivirus" writers whose work increases the noise level instead of
reducing it. They should know better than to bounce back complaint
messages to the From: line when they have recognized a worm that is
known to forge From:.
regards, tom lane
On Sat, Sep 20, 2003 at 11:46:11 -0500, nolan@celery.tssi.com wrote: > > I hope there is a special corner of hell reserved for spammers and an > even worse corner reserved for virus/worm writers. Don't you mean for people who use Lookout to read eamil?
On Thursday, Sept 18 Bruno Wolff said: >One option for you is to use the list address in the from header when >posting to the list. That will hide your address and not break >replies. Most likely the list checks the envelope sender address to see >whether or not the message needs moderator approval. So you should be >able to have your messages go through right away if you keep the envelope >sender address the same as your subscription address. Do you know of any eMail client that can be configured to do such a thing? If so, I'm instantly in love ... Or even better, an SMTP daemon that can be configured to do it in rewriting rules. I used to use Sendmail, but am now using Postfix. Suggestions welcome! -- Dean Gibson
On Sat, Sep 20, 2003 at 12:53:12 -0700, "Dean Gibson (DB Administrator)" <postgresql@ultimeth.com> wrote: > > On Thursday, Sept 18 Bruno Wolff said: > >One option for you is to use the list address in the from header when > >posting to the list. That will hide your address and not break > >replies. Most likely the list checks the envelope sender address to see > >whether or not the message needs moderator approval. So you should be > >able to have your messages go through right away if you keep the envelope > >sender address the same as your subscription address. > > Do you know of any eMail client that can be configured to do such a > thing? If so, I'm instantly in love ... You should be able to use send-hook in mutt to do this. You need to set up a default send-hook and one that checks for sending to each postgres list you are subscribed to. You can have it set the from address to the list for the various list cases and to your normal address the rest of the time. Probably the envelope sender address will come from your login name being appended to the host name without you doing anything more. > Or even better, an SMTP daemon that can be configured to do it in rewriting > rules. I used to use Sendmail, but am now using Postfix. Suggestions > welcome! That really isn't the right place to do it. Sendmail needed to do that because it was written in an era where email commonly had to move between different email networks and the messages needed to be reformatted as they moved from network to network. For the vast majority of the cases today, that doesn't need to happen. That is why recent MTAs don't mess with headers very much.
On Sat, 2003-09-20 at 11:04, Joshua D. Drake wrote: > Hello, > > Just run IMAP. That way all the mail stay one the server. Your > system will just grab the headers and you can delete as required. > Also you could installed something like spamassassin on the server (if > you ISP) will let you. Get BigISP to let me run an IMAP daemon on their servers? > Gaetano Mendola wrote: > > > Ron Johnson wrote: > > > >> On Thu, 2003-09-18 at 23:25, Tom Lane wrote: > >> > >>> expect <expect@ihubbell.com> writes: > >> > >> > >> [snip] > >> > >>> Get a life (or at least a spam-blocker). > >> > >> > >> > >> Even with spam blockers, the spam/virus still must be downloaded from > >> the server, and if the person is on dial-up, that can be *most* > >> painful: > >> In the 24 hour period from yesterday noon to today noon, I received > >> 209 "MS Update" viruses, each of which is 153KB. > >> > > > > With a dial-up is better anyway download only the headers and delete > > it if is spam. -- ----------------------------------------------------------------- Ron Johnson, Jr. ron.l.johnson@cox.net Jefferson, LA USA "Basically, I got on the plane with a bomb. Basically, I tried to ignite it. Basically, yeah, I intended to damage the plane." RICHARD REID, tried to blow up American Airlines Flight 63
Tom Lane wrote:
> nolan@celery.tssi.com writes:
> > Also, I DO run spamassassin here, and it is finding only perhaps 10-20%
> > of the copies of the most recent worm. I think it sends out copies that
> > are sufficiently different from each other that it bypasses all the
> > checks, including a Bayesian filter.
>
> Hmm. I've had no trouble filtering the actual worm (I filter using a
> pattern that looks for the first few bytes of a base64-encoded Windows
> executable file). The only copies that were getting as far as my spam
> inbox were ones that had had the executable file removed by various
> "helpful" filtering programs.
Rather than configuring my filter for every virus, I just block evil
attachments via procmail:
* ^(Content-Type: [^;]*;| )? *(file)?name="?[^"]*\.(exe|com|pif|scr|bat)"?$
One interesting modification I have is that once I recieve a virus
email, I block further emails from that host. Yea, it could block later
valid email, but preventing all those viruses from being downloaded
before being checked is worth it.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073