[prev in list] [next in list] [prev in thread] [next in thread] 

List:       perl5-porters
Subject:    Re: Moderation lag
From:       Eric Cholet <cholet () logilune ! com>
Date:       2005-10-30 19:03:50
Message-ID: 712574FF-0B26-4223-8C2D-0FFCAA960035 () logilune ! com
[Download RAW message or body]


Le 30 oct. 05 à 19:44, Tels a écrit :

> -----BEGIN PGP SIGNED MESSAGE-----
>
> Moin,
>
> On Sunday 30 October 2005 17:21, John E. Malmberg wrote:
>
>> Tels wrote:
>>
>>>>> (If you have a more strict set of filter rules than just the  
>>>>> From:,
>>>>> you
>>>>> may look for a message-id ending in @bloodgate.com, and a
>>>>> X-pair-Authenticated: U.X.Y.Z line, too :)
>>>>>
>>>>
>>>> I don't have filters, that would defeat my role of being the human
>>>> filter of last resort. I just look at the messages contents and
>>>> discard the spam.
>>>>
>>
>> Spammers routinely spoof those types of tags and message IDs, so
>> exempting them from moderation would probably increase the amount of
>> spam that gets through.
>>
>
> I think I made that not clear:
>
> When you are auto-approved, any email with the correct From: get's
> automatically through. Thats what I guess it does, anyway.
>
> Since spammers routinely forge the From, right now any mail with a  
> forged
> From: would go through, but it shouldn't if it isn't really from me.
>
> I asked if the moderators can put in a more strict rule-set, like  
> checking
> for an additional approved-by and message ID signature. Yes, spammers
> forge these, but having them forge the right condition is more  
> unlikely
> than just relying on the From:.
>
> An even better solution would be to check the PGP signature.
>
> I have no idea what exactly the auto-approval mechanism checks,  
> though.

Unfortunately the only option I have available as a moderator is to  
allow an email address -- as far as I know: there maybe some ezmlm  
plugin or somesuch that could achieve what you suggest, but I am not  
aware of it. Although allowing posts based on the sender's address  
(whether subscribed or on the allow list) seems fragile, it has been  
working very well, we've seen only a few virus emails make it to the  
lists.

--
Eric Cholet
Any view of things that is not strange is false


["PGP.sig" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]