Re: Email viruses

[Telsa Gwynne <hobbit aloss ukuu org uk>]

On Mon, Apr 05, 2004 at 03:13:44PM +0100 or thereabouts, Matthew Revell wrote:
> Hi,
> 
> I'm new to this list, so please excuse me if I'm asking an old question. 
> Is this list open to *anyone* to post to? There seems to be quite a few 
> virus laden posts.

I think it's a bit complicated. I think the list is a proper 
mailman list to which you need to be subscribe to post, using
the address in the footer message.

I think there is also an alias of docs at guess-the-site dot org 
which forwards straight to the mailing list proper without 
checking whether you're subscribed. This seemed like a good idea 
at the time. (Years back.)

I asked about removing this alias very recently -- last week or 
so, I think! -- and people pointed out that it's actually mentioned 
in the docs as a feedback address for users, so we can't just nuke 
it. (Curses!) 

So yes, if you know about that alias, it is effectively
open to anyone to post to. 

However, to make things worse, lots of the virus-laden emails 
purport to come from people who are indeed subscribed to the 
mailing list. But they're not. The headers are forged. 

I presume that mailman (which gnome.org runs in conjunction
with spamassassin) can't tell whether a post is genuinely 
from the subscriber or whether it is from a virus with a fake
header line. So it's letting them through.

And I'm not sure what can be done about that. We can't just
put everyone whose address has been faked by a virus onto a
"hold for moderation" setting. Because I suspect that would
be 90% of the mailing list membership. I'm getting loads of
those "Your mail had a virus" replies which are complete
rubbish, and I bet most other people here are too. You might
as well moderate the entire list, which would take hours of
someone's time :( 

Telsa