Loading ...
Sorry, an error occurred while loading the content.

Re: Content filtering

Expand Messages
  • Antoine J. Mechelynck
    ... Unsubscribed posting to the list _is_ blocked. HTML posting is also blocked, even for subscribers. Alas, viruses can post to the list by spoofing the
    Message 1 of 12 , Feb 3 5:49 PM
    • 0 Attachment
      Anthony Gorecki wrote:
      > Hello,
      >
      > Would one of the list admins please be kind enough to either block
      > unsubscribed posting to the list (if it isn't already), or configure the mail
      > server's content filters to block out these viruses that are being sent
      > through the mailing list? I've received nothing but spam since I subscribed a
      > few days ago. Thanks.
      >
      >
      Unsubscribed posting to the list _is_ blocked. HTML posting is also
      blocked, even for subscribers. Alas, viruses can post to the list by
      spoofing the "From" address of a subscribed member on a plaintext email.

      Another hitch is that the people with admin privileges at Berlin U
      (foobar.math.fu-berlin.de, where the Vim mail robots live) apparently
      don't want to be bothered with list problems. (I guess they have more
      than enough to do without it.)

      Finally, if you say you received "nothing but spam" in several days,
      then maybe you subscribed to the wrong mailing list? I am subscribed to
      the Vim list (this one) and also to the vim-dev list, and if I have
      indeed received a few virus emails, they don't make up the totality,
      indeed not even a majority, of the list traffic that _I_ receive. I
      notice that their attachments are "defused" by my antivirus software
      (replaced by something in plaintext with the name "Deleted by Norton
      AntiVirus1.txt" IIRC) and I see it as an incitement to keep my virus
      definitions up-to-date.


      Best regards,
      Tony.
    • Antoine J. Mechelynck
      Anthony Gorecki wrote: [...] ... Oops, I thought your message came in on the vim@ list, but by checking back I see it didn t. The vim-dev list usually has
      Message 2 of 12 , Feb 3 6:23 PM
      • 0 Attachment
        Anthony Gorecki wrote:
        [...]
        > I've subscribed to the vim-dev list, being the one I sent the content
        > filtering message on, and your reply is the only message that's come through
        > from a human being. Looking at one of the VIM mailing list archives, it seems
        > to have been just a spam spurt over the last two days; I apparently
        > subscribed shortly after the last real message was sent by a user.

        Oops, I thought your message came in on the vim@ list, but by checking
        back I see it didn't. The vim-dev list usually has lower activity than
        the main list, though it has seen quite a lot of traffic lately in
        relation with the release of successive "snapshots" of Vim 7.0aa
        (alpha). If you get a lot of spam on that list and I don't, and if
        you're sure it came addressed to @... and transiting via
        foobar.math.fu-berlin.de, then the only explanation I can see is that my
        ISP is filtering my mail without my say-so (on my other account, which
        came with my DSL line which is "paid", I can set spam and/or virus
        filtering on or off; I set them off and use antispam and antivirus
        software here so I can have a look at what got tagged and possibly fish
        false positives out of it; but on this account which is "free" [except
        that the ISP is also the phone operator] I don't have those choices).

        N.B. I'm putting the list back on this mail's Cc so other interested
        parties can join in the discussion if they want to.


        Best regards,
        Tony.
      • Bram Moolenaar
        ... The list is already for subscribers only. But garbage gets through anyway. Setting up spam and virus filtering is quite a job. There were a few ideas,
        Message 3 of 12 , Feb 4 3:13 AM
        • 0 Attachment
          Anthony Gorecki wrote:

          > Would one of the list admins please be kind enough to either block
          > unsubscribed posting to the list (if it isn't already), or configure
          > the mail server's content filters to block out these viruses that are
          > being sent through the mailing list? I've received nothing but spam
          > since I subscribed a few days ago. Thanks.

          The list is already for subscribers only. But garbage gets through
          anyway.

          Setting up spam and virus filtering is quite a job. There were a few
          ideas, but it still hasn't happened. I'll look into it again.

          --
          How To Keep A Healthy Level Of Insanity:
          15. Five days in advance, tell your friends you can't attend their
          party because you're not in the mood.

          /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
          /// Sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
          \\\ Project leader for A-A-P -- http://www.A-A-P.org ///
          \\\ Buy LOTR 3 and help AIDS victims -- http://ICCF.nl/lotr.html ///
        • Eljay Love-Jensen
          Hi everyone, Another mailing list I m on rejects much virus-spam because it rejects posts... + from unregistered users (spoofed register user spam gets
          Message 4 of 12 , Feb 4 4:55 AM
          • 0 Attachment
            Hi everyone,

            Another mailing list I'm on rejects much virus-spam because it rejects posts...
            + from unregistered users (spoofed register user spam gets through)
            + HTML email
            + email with attachments
            + email over 100 lines long
            + first line keyword (a "password" that must be present on the first line
            of the body of the text-only post)

            It could reject all spam and all viruses if we used PKCS authentication /
            verification. But that technology is obtrusive (for both the sender and
            receiver) and not widely embraced by the user community nor by mail client
            software. If we went that route, the recipients of the mail (i.e., us)
            would prefer that the list software would strip out the authentication but
            only allow postings to the list that had the appropriate digital
            signature. [I'm not expecting this one any time soon.]

            The best solution is to make SMTP obsolete by coming up with a better, more
            secure (without any obtrusiveness), more trustworthy protocol that can
            vouchsafe / verify / authenticate the email authenticity. Alas, the
            problem appears harder than expected, at first blush, and/or SMTP is too
            deeply entrenched to be rooted out easily.

            HTH,
            --Eljay

            PS: the first line password is "Hi everyone,".
          • Steve Hall
            ... [...] ... [...] ... Interesting concept, except that it would be less obtrusive as the last line or word. -- Steve Hall [ digitect mindspring com ] My
            Message 5 of 12 , Feb 4 5:12 AM
            • 0 Attachment
              On Fri, 2005-02-04 at 06:55 -0600, Eljay Love-Jensen wrote:
              > Hi everyone,
              >
              > Another mailing list I'm on rejects much virus-spam because it
              > rejects posts...
              [...]
              > + first line keyword (a "password" that must be present on the first
              > line of the body of the text-only post)
              [...]
              > PS: the first line password is "Hi everyone,".

              Interesting concept, except that it would be less obtrusive as the
              last line or word.


              --
              Steve Hall [ digitect mindspring com ]

              My voice is my password.
            • Ciaran McCreesh
              On Fri, 04 Feb 2005 06:55:57 -0600 Eljay Love-Jensen ... Like patches or GPG/PGP signatures? ... Like inlined code examples? Don t think
              Message 6 of 12 , Feb 4 5:16 AM
              • 0 Attachment
                On Fri, 04 Feb 2005 06:55:57 -0600 Eljay Love-Jensen <eljay@...>
                wrote:
                | + email with attachments

                Like patches or GPG/PGP signatures?

                | + email over 100 lines long

                Like inlined code examples?

                Don't think either of those criteria would be suitable for this list.

                --
                Ciaran McCreesh : Gentoo Developer (Vim, Fluxbox, shell tools)
                Mail : ciaranm at gentoo.org
                Web : http://dev.gentoo.org/~ciaranm
              • Eljay Love-Jensen
                Hi Ciaran, LJ | + email with attachments ... Yes, including those. (Which is why I mentioned the point about PKCS authentication.) Patches would have to be
                Message 7 of 12 , Feb 4 5:29 AM
                • 0 Attachment
                  Hi Ciaran,

                  LJ>| + email with attachments

                  >Like patches or GPG/PGP signatures?

                  Yes, including those. (Which is why I mentioned the point about PKCS
                  authentication.)

                  Patches would have to be posted on one's website (that presumes we all have
                  websites) with a URL embedded in the email to the patch.

                  LJ>| + email over 100 lines long

                  >Like inlined code examples?

                  Yes. Lengthy inlined code examples would have to be posted on one's
                  website with a URL embedded in the email to the code example. This has the
                  unfortunate side-effect of link-rot for those URLs in the mailing list
                  archives.

                  >Don't think either of those criteria would be suitable for this list.

                  *shrug* They were filters on another list I'm on, which has worked very
                  well for keeping down the spam and viruses -- on that list.

                  Sincerely,
                  --Eljay
                • GI
                  That first line password is a neat idea :) However it might reject posts of people who quote previous messages and bottom post. How about if we all had to add
                  Message 8 of 12 , Feb 4 7:36 AM
                  • 0 Attachment
                    That first line password is a neat idea :) However it might reject posts
                    of people who quote previous messages and bottom post.

                    How about if we all had to add a custom header with a password?
                    Something like

                    x-vimdev-password: Help Uganda

                    Any message without this header field (and correct password) is
                    automatically rejected.

                    Mutt users can easily set up a hook to add custom headers to specific
                    addresses. I'm sure this is possible with other clients too. This should
                    block almost all viruses for a while. The only trouble is telling n00b's
                    to add this header before posting. Maybe a note on the webpage or
                    something similar (if this idea get's adopted).

                    :)

                    GI

                    --
                    Alternative definitions of terms from Math Lectures:
                    HINT: The hardest of several possible ways to do a proof.
                  • Antoine J. Mechelynck
                    ... Some other clients, maybe. All others, even all other widely-used ones, definitely not. I know it s anathema to mention Outlook Express in front of mutt
                    Message 9 of 12 , Feb 4 8:08 AM
                    • 0 Attachment
                      GI wrote:
                      > That first line password is a neat idea :) However it might reject posts
                      > of people who quote previous messages and bottom post.
                      >
                      > How about if we all had to add a custom header with a password?
                      > Something like
                      >
                      > x-vimdev-password: Help Uganda
                      >
                      > Any message without this header field (and correct password) is
                      > automatically rejected.
                      >
                      > Mutt users can easily set up a hook to add custom headers to specific
                      > addresses. I'm sure this is possible with other clients too. This should
                      > block almost all viruses for a while. The only trouble is telling n00b's
                      > to add this header before posting. Maybe a note on the webpage or
                      > something similar (if this idea get's adopted).
                      >
                      > :)
                      >
                      > GI
                      >
                      Some other clients, maybe. All others, even all other widely-used ones,
                      definitely not. I know it's anathema to mention Outlook Express in front
                      of mutt users, but AFAIK its users can add _no_ custom headers to its
                      emails. About Mozilla Thunderbird (which I'm now using), I'm less sure;
                      but I would need directions about how to go about it. Since there are
                      many different mail clients out there, and since not all Vim users are
                      computer nerds, such a measure would require adding as many pages of
                      directions to the Vim-online "mailing lists" page as there are mail
                      clients with different methods of adding custom headers. I wouldn't
                      advise it.

                      Best regards,
                      Tony.
                    • Gautam Iyer
                      ... Oops. I guess I ve only used mutt ... ! You re right, it would probably be a nightmare for Outlook Express users. On the plus side, I ve not recieved spam
                      Message 10 of 12 , Feb 4 11:54 AM
                      • 0 Attachment
                        On Fri, Feb 04, 2005 at 05:08:29PM +0100, Antoine J. Mechelynck wrote:

                        >
                        > GI wrote:
                        >
                        > > How about if we all had to add a custom header with a password?
                        > > Something like
                        > >
                        > > x-vimdev-password: Help Uganda
                        > >
                        > > Any message without this header field (and correct password) is
                        > > automatically rejected.
                        > >
                        > > Mutt users can easily set up a hook to add custom headers to specific
                        > > addresses. I'm sure this is possible with other clients too. This should
                        > > block almost all viruses for a while. The only trouble is telling n00b's
                        > > to add this header before posting. Maybe a note on the webpage or
                        > > something similar (if this idea get's adopted).
                        >
                        > Some other clients, maybe. All others, even all other widely-used ones,
                        > definitely not. I know it's anathema to mention Outlook Express in front
                        > of mutt users, but AFAIK its users can add _no_ custom headers to its
                        > emails. About Mozilla Thunderbird (which I'm now using), I'm less sure;
                        > but I would need directions about how to go about it. Since there are
                        > many different mail clients out there, and since not all Vim users are
                        > computer nerds, such a measure would require adding as many pages of
                        > directions to the Vim-online "mailing lists" page as there are mail
                        > clients with different methods of adding custom headers. I wouldn't
                        > advise it.

                        Oops. I guess I've only used mutt ... ! You're right, it would probably
                        be a nightmare for Outlook Express users.

                        On the plus side, I've not recieved spam on the vim-dev list for a
                        while. Maybe it get's caught by my spam filter here though ... :)

                        GI

                        --
                        Twenty Ways To Maintain A Healthy Level of Insanity
                        6. In the memo field of all your checks, write "For Sexual Favors"
                      • Anthony Gorecki
                        ... One more to add to the list, which I ve found to be helpful: - Messages that have more than 3/5th their total length as quoted text. This will cut down on
                        Message 11 of 12 , Feb 4 5:59 PM
                        • 0 Attachment
                          On Friday, February 04, 2005 4:55 am, you wrote:
                          > Another mailing list I'm on rejects much virus-spam because it rejects
                          > posts... + from unregistered users (spoofed register user spam gets
                          > through) + HTML email
                          > + email with attachments
                          > + email over 100 lines long
                          > + first line keyword (a "password" that must be present on the first line
                          > of the body of the text-only post)

                          One more to add to the list, which I've found to be helpful:
                          - Messages that have more than 3/5th their total length as quoted text.

                          This will cut down on the quote spam from those who carelessly hit the reply
                          button and quote an entire message before their reply.


                          --
                          Anthony Gorecki
                          Ectro-Linux Foundation
                        Your message has been successfully submitted and would be delivered to recipients shortly.