On 2024-05-29 11:02, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: email spam coming from HyperKitty Message-ID : <e4b8df81-7ce9-4edb-a9e5-98513c9c06f2@telefonica.net> Date & Time: Wed, 29 May 2024 09:46:47 +0200
[CER] == "Carlos E. R." <robin.listas@telefonica.net> has written:
[...] CER> Google is notorious for not fighting spam, they allow anyone to CER> register.
I too am a victim of the infamous Google!
That is, Google issued aliases for my google account to two different people (at different times), and their emails were delivered to me according to Gmail's rules, which caused me a lot of trouble.
More on the contrary, in this February, my account was issued to a third party. The person who was suspicious that the mail was not being delivered sent a test mail with another address as Bcc. I received her email, contacted with her at the other address, and she recognized the issue and it was solved.
When I told my colleagues in the community, none of them believed that the duplicate account had been issued, so I showed them the actual e-mail and they were all surprised. Yes, it's impossible, but Google did it three times.
Surprising!
I should just stop using gmail, but I can't because of the relationship I've had with them.....
It is mandatory with the Android phone.
[..] CER> For the moment, we have to prohibit entering hiperkitty with a CER> gmail auth, or putting those users under automatic moderation. [...]
I can't figure this out.
In Japan, there are more and more sites that let user log in with user's Google account, but when user try, it shows not only the Google account, but also the Facebook account and four other possible login options.
Is this another Hyperkitty specification?
I thought it was a site management policy...
I tried to test this, but I am logged in, and log-out doesn't work. So, talking from memory. When you try to post an email here using hiperkitty, you can identify yourself using the opensuse ID, or some other methods, one of which is a gmail login. This is the method that spammers are using, they login with a gmail identity. The mailman interface for admins or moderators (Postorious) allows us to create a header filter. If an email matches the criteria, and action is activated. Thus, in the Spanish mail list I have enabled the filter "if user-agent is hiperkitty, then hold for moderation". This works there because there are no people using hiperkitty to post, except spammers. Here in this list it is not possible to do the same, because there are several people using hiperkitty. Thus a solution could be to hold for moderation mails with that user agent header, AND the from address being gmail. Unfortunately, Postorious doesn't allow such an "and" criteria (or I have not seen how; there is no documentation). So what I propose is disabling completely the gmail auth on hiperkitty, but I have no idea if this is possible at all. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)