From jrr45 at cornell.edu  Thu Jun 10 09:54:54 2010
From: jrr45 at cornell.edu (Justin Rodriguez)
Date: Thu, 10 Jun 2010 09:54:54 -0400
Subject: Spam
Message-ID: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>

Hi,

Could someone ban the user "Talk"? It's responsible for 500+ spam
entries since yesterday.  It might be worth deleting all of the
changes from the db to unclog the history.

Thank you,
Justin


From elb at pidgin.im  Thu Jun 10 10:50:11 2010
From: elb at pidgin.im (Ethan Blanton)
Date: Thu, 10 Jun 2010 10:50:11 -0400
Subject: Spam
In-Reply-To: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>
References: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>
Message-ID: <20100610145011.GA1874@colt>

Justin Rodriguez spake unto us the following wisdom:
> Could someone ban the user "Talk"? It's responsible for 500+ spam
> entries since yesterday.  It might be worth deleting all of the
> changes from the db to unclog the history.

It took me a minute to figure out that you're talking about the wiki.
I was digging through the mailing list archives trying to find spam.
:-P  We'll have someone look into that.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/discussion/attachments/20100610/5b570d41/attachment.pgp>

From jrr45 at cornell.edu  Thu Jun 10 12:35:27 2010
From: jrr45 at cornell.edu (Justin Rodriguez)
Date: Thu, 10 Jun 2010 12:35:27 -0400
Subject: Spam
In-Reply-To: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>
References: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>
Message-ID: <AANLkTilfnQrKroLiQPqcXV_ULORKbG6CQYM2umurTOY0@mail.gmail.com>

Hi,

Sorry I was looking at the wrong thing before.  The user isn't logged
in but their ip address is 173.212.250.90.

Thank you,
Justin

On Thu, Jun 10, 2010 at 9:54 AM, Justin Rodriguez <jrr45 at cornell.edu> wrote:
> Hi,
>
> Could someone ban the user "Talk"? It's responsible for 500+ spam
> entries since yesterday. ?It might be worth deleting all of the
> changes from the db to unclog the history.
>
> Thank you,
> Justin
>


From mark at kingant.net  Thu Jun 10 12:47:17 2010
From: mark at kingant.net (Mark Doliner)
Date: Thu, 10 Jun 2010 09:47:17 -0700
Subject: Spam
In-Reply-To: <AANLkTilfnQrKroLiQPqcXV_ULORKbG6CQYM2umurTOY0@mail.gmail.com>
References: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>
	<AANLkTilfnQrKroLiQPqcXV_ULORKbG6CQYM2umurTOY0@mail.gmail.com>
Message-ID: <AANLkTikwLZZOQNS6vRejJAYPnIGgnZDuO_sEZXOafBOu@mail.gmail.com>

I blocked that user and maybe a few others, and looked through recent
revisions and reverted spammy stuff.  It looked like someone else may
have been doing the same thing as me around the same time... sorry if
I stepped on any toes.

Please let us know if you see any more pages with spam.

And we should look into making our mediawiki install more resilient to
spam.  Do we require users to be logged in?  Can we?  Should we?  Are
there captcha plugins we can use or something?

--Mark

On Thu, Jun 10, 2010 at 9:35 AM, Justin Rodriguez <jrr45 at cornell.edu> wrote:
> Hi,
>
> Sorry I was looking at the wrong thing before. ?The user isn't logged
> in but their ip address is 173.212.250.90.
>
> Thank you,
> Justin
>
> On Thu, Jun 10, 2010 at 9:54 AM, Justin Rodriguez <jrr45 at cornell.edu> wrote:
>> Hi,
>>
>> Could someone ban the user "Talk"? It's responsible for 500+ spam
>> entries since yesterday. ?It might be worth deleting all of the
>> changes from the db to unclog the history.
>>
>> Thank you,
>> Justin


From rekkanoryo at pidgin.im  Thu Jun 10 19:27:19 2010
From: rekkanoryo at pidgin.im (John Bailey)
Date: Thu, 10 Jun 2010 19:27:19 -0400
Subject: Spam
In-Reply-To: <AANLkTikwLZZOQNS6vRejJAYPnIGgnZDuO_sEZXOafBOu@mail.gmail.com>
References: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>	<AANLkTilfnQrKroLiQPqcXV_ULORKbG6CQYM2umurTOY0@mail.gmail.com>
	<AANLkTikwLZZOQNS6vRejJAYPnIGgnZDuO_sEZXOafBOu@mail.gmail.com>
Message-ID: <4C1174D7.4000903@pidgin.im>

On 06/10/2010 12:47 PM, Mark Doliner wrote:
> And we should look into making our mediawiki install more resilient to
> spam.  Do we require users to be logged in?  Can we?  Should we?  Are
> there captcha plugins we can use or something?

We should definitely require users to be logged in if we don't already. I
thought we already had, as I needed to register quite some time ago so I could
edit pages.  Maybe this has changed with package upgrades and whatnot.  I'd
definitely like to see something where an e-mail address is required to be
supplied and verified on mediawiki as well as on trac, as well as any other
useful but not too invasive anti-spam measures we can get working.

John

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/discussion/attachments/20100610/9b812929/attachment.pgp>

From mark at kingant.net  Fri Jun 11 14:30:06 2010
From: mark at kingant.net (Mark Doliner)
Date: Fri, 11 Jun 2010 11:30:06 -0700
Subject: Spam
In-Reply-To: <4C1174D7.4000903@pidgin.im>
References: <AANLkTimPbS4zAm31OXOY1G0GPl3JxeujjEBXDRzbe1qN@mail.gmail.com>
	<AANLkTilfnQrKroLiQPqcXV_ULORKbG6CQYM2umurTOY0@mail.gmail.com>
	<AANLkTikwLZZOQNS6vRejJAYPnIGgnZDuO_sEZXOafBOu@mail.gmail.com>
	<4C1174D7.4000903@pidgin.im>
Message-ID: <AANLkTimEzrrDTkYTTosiZGkns4tqw08OJiqZv4zH60We@mail.gmail.com>

On Thu, Jun 10, 2010 at 4:27 PM, John Bailey <rekkanoryo at pidgin.im> wrote:
> On 06/10/2010 12:47 PM, Mark Doliner wrote:
>> And we should look into making our mediawiki install more resilient to
>> spam. ?Do we require users to be logged in? ?Can we? ?Should we? ?Are
>> there captcha plugins we can use or something?
>
> We should definitely require users to be logged in if we don't already. I
> thought we already had, as I needed to register quite some time ago so I could
> edit pages. ?Maybe this has changed with package upgrades and whatnot. ?I'd
> definitely like to see something where an e-mail address is required to be
> supplied and verified on mediawiki as well as on trac, as well as any other
> useful but not too invasive anti-spam measures we can get working.

Alright, I:
* Changed /etc/mediawiki/LocalSettings.php so that users must be
logged in to edit
* Changed /etc/mediawiki/LocalSettings.php so that users must have
confirmed their email address to edit
* apt-get installed mediawiki-extensions and "mwenext ConfirmEdit.php"
and "mwenext FancyCaptcha.php"  This requires users to answer a wimpy
little math question when creating a new account.  I kinda thought it
was supposed to have an image captcha.  I didn't configure it at all,
though, so maybe that's why it's showing the math captcha.
* Reverted the 40ish spam revisions since yesterday.  I hate people.

--Mark


From paul at darkrain42.org  Sun Jun 13 15:52:49 2010
From: paul at darkrain42.org (Paul Aurich)
Date: Sun, 13 Jun 2010 12:52:49 -0700
Subject: stricter postfix settings
Message-ID: <4C153711.7060806@darkrain42.org>

At John's suggestion, I'm bringing this up here.

It would be nice if the pidgin.im mail servers were a bit more
restrictive in what mail they accept.  In particular, my
(darkrain42.org) mail server is routinely rejecting a message or two
coming from bogus domains:

postfix/smtpd: NOQUEUE: reject: RCPT from rock.pidgin.im[74.63.8.88]:
450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
Domain not found; from=<apache at localhost.localdomain>
to=<paul at darkrain42.org> proto=ESMTP helo=<rock.pidgin.im>

This is the reject_unknown_sender_domain smtpd_sender_restrictions
option
(http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain),
which I think pidgin.im should add :).

There might be other things that could be added (greylisting or pinging
an RBL come to mind), but I don't feel as strongly about those.

Thanks,
~Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/discussion/attachments/20100613/be499dbc/attachment.pgp>

From elb at pidgin.im  Sun Jun 13 17:22:29 2010
From: elb at pidgin.im (Ethan Blanton)
Date: Sun, 13 Jun 2010 17:22:29 -0400
Subject: stricter postfix settings
In-Reply-To: <4C153711.7060806@darkrain42.org>
References: <4C153711.7060806@darkrain42.org>
Message-ID: <20100613212229.GB11024@colt>

Paul Aurich spake unto us the following wisdom:
> At John's suggestion, I'm bringing this up here.
> 
> It would be nice if the pidgin.im mail servers were a bit more
> restrictive in what mail they accept.  In particular, my
> (darkrain42.org) mail server is routinely rejecting a message or two
> coming from bogus domains:
>
> postfix/smtpd: NOQUEUE: reject: RCPT from rock.pidgin.im[74.63.8.88]:
> 450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
> Domain not found; from=<apache at localhost.localdomain>
> to=<paul at darkrain42.org> proto=ESMTP helo=<rock.pidgin.im>

We have traditionally handled such things with per-user spam filters
(spamprobe is available on rock, as is spamassassin; the latter can
check for this condition).  I could be convinced to add this
particular check to the default config, if there's general
concurrence.  I find it annoying, myself, but basically everyone has
to have their outgoing mail set up to spoof as necessary, anyway,
since so many servers set it.

> This is the reject_unknown_sender_domain smtpd_sender_restrictions
> option
> (http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain),
> which I think pidgin.im should add :).
> 
> There might be other things that could be added (greylisting or pinging
> an RBL come to mind), but I don't feel as strongly about those.

I am personally opposed to both of these.  Greylisting slows down
legitimate emails by a potentially long time (if mail servers are set
conservatively, as they should be, it can reasonably be several
hours).  As far as RBLs ... there are RBLs and then there are RBLs.
I'd prefer to leave this up to the individual user's spam filters.
I'll push back on both greylisting and RBLs, but I am ultimately only
one voice.

Ethan

-- 
The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/pipermail/discussion/attachments/20100613/ce549245/attachment.pgp>

From lschiere at pidgin.im  Sun Jun 13 17:36:54 2010
From: lschiere at pidgin.im (Luke Schierer)
Date: Sun, 13 Jun 2010 17:36:54 -0400
Subject: stricter postfix settings
In-Reply-To: <20100613212229.GB11024@colt>
References: <4C153711.7060806@darkrain42.org> <20100613212229.GB11024@colt>
Message-ID: <A27150B8-256F-4123-9DF3-7D72094CC18A@pidgin.im>


On Jun 13, 2010, at 17:22 EDT, Ethan Blanton wrote:

> Paul Aurich spake unto us the following wisdom:
>> At John's suggestion, I'm bringing this up here.
>> 
>> It would be nice if the pidgin.im mail servers were a bit more
>> restrictive in what mail they accept.  In particular, my
>> (darkrain42.org) mail server is routinely rejecting a message or two
>> coming from bogus domains:
>> 
>> postfix/smtpd: NOQUEUE: reject: RCPT from rock.pidgin.im[74.63.8.88]:
>> 450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
>> Domain not found; from=<apache at localhost.localdomain>
>> to=<paul at darkrain42.org> proto=ESMTP helo=<rock.pidgin.im>
> 
> We have traditionally handled such things with per-user spam filters
> (spamprobe is available on rock, as is spamassassin; the latter can
> check for this condition).  I could be convinced to add this
> particular check to the default config, if there's general
> concurrence.  I find it annoying, myself, but basically everyone has
> to have their outgoing mail set up to spoof as necessary, anyway,
> since so many servers set it.
> 
>> This is the reject_unknown_sender_domain smtpd_sender_restrictions
>> option
>> (http://www.postfix.org/postconf.5.html#reject_unknown_sender_domain),
>> which I think pidgin.im should add :).
>> 
>> There might be other things that could be added (greylisting or pinging
>> an RBL come to mind), but I don't feel as strongly about those.
> 
> I am personally opposed to both of these.  Greylisting slows down
> legitimate emails by a potentially long time (if mail servers are set
> conservatively, as they should be, it can reasonably be several
> hours).  As far as RBLs ... there are RBLs and then there are RBLs.
> I'd prefer to leave this up to the individual user's spam filters.
> I'll push back on both greylisting and RBLs, but I am ultimately only
> one voice.
> 
> Ethan

at different times I have had greylisting in place.  It helps *alot*.  But I've turned it off each time due to complaints.

I am against RBLs.  I have had a lot of trouble with my own servers being put on RBLs along with entire /24s that I happen to be on.  They are an unmitigated pain in the neck, and I will not support them by being a user of them.

Luke


From paul at darkrain42.org  Sun Jun 13 23:54:20 2010
From: paul at darkrain42.org (Paul Aurich)
Date: Sun, 13 Jun 2010 20:54:20 -0700
Subject: stricter postfix settings
In-Reply-To: <20100613212229.GB11024@colt>
References: <4C153711.7060806@darkrain42.org> <20100613212229.GB11024@colt>
Message-ID: <4C15A7EC.1030705@darkrain42.org>

On 2010-06-13 14:22, Ethan Blanton wrote:
> Paul Aurich spake unto us the following wisdom:
>> At John's suggestion, I'm bringing this up here.
>>
>> It would be nice if the pidgin.im mail servers were a bit more
>> restrictive in what mail they accept.  In particular, my
>> (darkrain42.org) mail server is routinely rejecting a message or two
>> coming from bogus domains:
>>
>> postfix/smtpd: NOQUEUE: reject: RCPT from rock.pidgin.im[74.63.8.88]:
>> 450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
>> Domain not found; from=<apache at localhost.localdomain>
>> to=<paul at darkrain42.org> proto=ESMTP helo=<rock.pidgin.im>
> 
> We have traditionally handled such things with per-user spam filters
> (spamprobe is available on rock, as is spamassassin; the latter can
> check for this condition).  I could be convinced to add this
> particular check to the default config, if there's general
> concurrence.  I find it annoying, myself, but basically everyone has
> to have their outgoing mail set up to spoof as necessary, anyway,
> since so many servers set it.

A [growing] number of people (myself included) with mail aliases don't
have accounts, so we can't set up spam filters.  (I also suspect a
.forward would use a valid sender address, though I don't think I've
looked.)  I might be the only one who compulsively reads all my logcheck
emails, though.

>> There might be other things that could be added (greylisting or pinging
>> an RBL come to mind), but I don't feel as strongly about those.
> 
> I am personally opposed to both of these.  Greylisting slows down
> legitimate emails by a potentially long time (if mail servers are set
> conservatively, as they should be, it can reasonably be several
> hours).  As far as RBLs ... there are RBLs and then there are RBLs.
> I'd prefer to leave this up to the individual user's spam filters.
> I'll push back on both greylisting and RBLs, but I am ultimately only
> one voice.

I figure that's the general sentiment on both (and I don't think any
spam forwarded via pidgin.im reaches my inbox, so I don't care much).  I
thought I'd mention them just in case. :)

~Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/discussion/attachments/20100613/cdbdf16b/attachment.pgp>

From lschiere at pidgin.im  Sun Jun 13 23:57:32 2010
From: lschiere at pidgin.im (Luke Schierer)
Date: Sun, 13 Jun 2010 23:57:32 -0400
Subject: stricter postfix settings
In-Reply-To: <4C15A7EC.1030705@darkrain42.org>
References: <4C153711.7060806@darkrain42.org> <20100613212229.GB11024@colt>
	<4C15A7EC.1030705@darkrain42.org>
Message-ID: <FE170878-55C2-4C2E-89AB-FCAA918C0C0D@pidgin.im>

any person who's name is in the about box as a developer is eligible for an account.  If you lack one, email me and I can set you up.

Luke

On Jun 13, 2010, at 23:54 EDT, Paul Aurich wrote:

> On 2010-06-13 14:22, Ethan Blanton wrote:
>> Paul Aurich spake unto us the following wisdom:
>>> At John's suggestion, I'm bringing this up here.
>>> 
>>> It would be nice if the pidgin.im mail servers were a bit more
>>> restrictive in what mail they accept.  In particular, my
>>> (darkrain42.org) mail server is routinely rejecting a message or two
>>> coming from bogus domains:
>>> 
>>> postfix/smtpd: NOQUEUE: reject: RCPT from rock.pidgin.im[74.63.8.88]:
>>> 450 4.1.8 <apache at localhost.localdomain>: Sender address rejected:
>>> Domain not found; from=<apache at localhost.localdomain>
>>> to=<paul at darkrain42.org> proto=ESMTP helo=<rock.pidgin.im>
>> 
>> We have traditionally handled such things with per-user spam filters
>> (spamprobe is available on rock, as is spamassassin; the latter can
>> check for this condition).  I could be convinced to add this
>> particular check to the default config, if there's general
>> concurrence.  I find it annoying, myself, but basically everyone has
>> to have their outgoing mail set up to spoof as necessary, anyway,
>> since so many servers set it.
> 
> A [growing] number of people (myself included) with mail aliases don't
> have accounts, so we can't set up spam filters.  (I also suspect a
> .forward would use a valid sender address, though I don't think I've
> looked.)  I might be the only one who compulsively reads all my logcheck
> emails, though.
> 
>>> There might be other things that could be added (greylisting or pinging
>>> an RBL come to mind), but I don't feel as strongly about those.
>> 
>> I am personally opposed to both of these.  Greylisting slows down
>> legitimate emails by a potentially long time (if mail servers are set
>> conservatively, as they should be, it can reasonably be several
>> hours).  As far as RBLs ... there are RBLs and then there are RBLs.
>> I'd prefer to leave this up to the individual user's spam filters.
>> I'll push back on both greylisting and RBLs, but I am ultimately only
>> one voice.
> 
> I figure that's the general sentiment on both (and I don't think any
> spam forwarded via pidgin.im reaches my inbox, so I don't care much).  I
> thought I'd mention them just in case. :)
> 
> ~Paul
> 
> _______________________________________________
> Discussion mailing list
> Discussion at imfreedom.org
> http://pidgin.im/cgi-bin/mailman/listinfo/discussion


