On Do, Sep 14 2023 at 07:58:53 -0400, Carlos E. R. <carlos.e.r@opensuse.org> wrote:
Hi,
On the Spanish mail list, I added a header check. All mail which have user-agent=HyperKitty on https://lists.opensuse.org/ are now moderated.
Reason is that the list has got recently (September) a dozen or more English language spam, all coming via that interface, from "non members" apparently. Somehow spammers found a hole and they are exploiting it.
Would you be able to compile a list of addresses of the spammers? I would like to see if maybe removing some login provider would let us avoid this situation. The last attempt I can see came from google login and a gmail address, which are well known for being simple for spammers to set up. That being said, it's not like SUSE Community Accounts are any harder to set up anyway.
Interesting thing is, the first hit provoked a reply from the spammer, sent to users-es-owner@lists.opensuse.org. It is possible that they interpret the rejection post as a "reply to our spam" that triggers a "reply to customer" automatically.
If that is so, I may eventually have to silently reject or delete all email from hiperkitty. It would then be preferable to simply close the page, in order to not confuse possible good faith posters.
Feel free to suggest that as a feature to hyperkitty upstream, we don't really have a way to do that right now. LCP [Jake] https://lcp.world/