We can get rid of SPAM MAIL!
Hello, In the case of ham mail delivered from this ML, the X-MailFrom: field in the header of the email is like this; X-MailFrom: SRS0=nTug=NN=gmail.com=knurpht.opensuse@opensuse.org But the X-MailFrom: field in all spam mails are, X-MailFrom: rebelssasha@gmail.com Now, I can say goodbye to spammers as a procmail user with this script; :0 H * 9876543210^0 ^Return-Path:.*users-bounces@lists.opensuse.org * 9876543210^0 ^Return-Path:.*users-bounces@opensuse.org { :0 H * 9876543210^0 ^X-MailFrom:.*@opensuse.org mh/Linux/suse-en/. :0 /dev/null } Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "Distinguish between what is meaningful to me and what is meaningless, and forget what is meaningless to me. This is where individuality comes into play. This is a function that computer cannot perform." -- Shigehiko Toyama (in Japanes) --
Hello, In the Message; Subject : We can get rid of SPAM MAIL! Message-ID : <87le39xupe.wl-nomiya@lake.dti.ne.jp> Date & Time: Thu, 13 Jun 2024 14:44:45 +0900 [MN] == Masaru Nomiya <nomiya@lake.dti.ne.jp> has written: MN> Hello, MN> In the case of ham mail delivered from this ML, the X-MailFrom: field MN> in the header of the email is like this; MN> X-MailFrom: SRS0=nTug=NN=gmail.com=knurpht.opensuse@opensuse.org MN> But the X-MailFrom: field in all spam mails are, MN> X-MailFrom: rebelssasha@gmail.com MN> Now, I can say goodbye to spammers as a procmail user with this script; MN> 0 H MN> * 9876543210^0 ^Return-Path:.*users-bounces@lists.opensuse.org MN> * 9876543210^0 ^Return-Path:.*users-bounces@opensuse.org MN> { MN> * 9876543210^0 ^X-MailFrom:.*@opensuse.org MN> mh/Linux/suse-en/. MN> /dev/null MN> } In factory ML and buldservice ML, there exist ham mails with X-MailFrom: bar@gmail.com. So, I changed the script as follows; 0 H * 9876543210^0 ^Return-Path:.*users-bounces@lists.opensuse.org * 9876543210^0 ^Return-Path:.*users-bounces@opensuse.org { :0 H * 9876543210^0 ^X-MailFrom:.*@opensuse.org mh/Linux/suse-en/. :0 unsure/. } Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "A bachelor’s degree still holds prestige as a ticket to the middle class, but its value has received increasing scrutiny. In the last several years, rising tuition and student loan debt have led more Americans to reconsider an investment in postsecondary education." -- Washington Post --
Masaru, et al -- ...and then Masaru Nomiya said... % % In factory ML and buldservice ML, there exist ham mails with % X-MailFrom: bar@gmail.com. % So, I changed the script as follows; ... % % :0 % unsure/. % } Yes, that's a better answer. Sadly, the best you can do is "we can isolate hyperkitty-interface posters". That may be enough for you even if it doesn't solve the general problem (which I agree is messy). But YAY to find something that works at least enough. It's a start :-) % % Best Regards. % % --- % ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com HAND :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt
On 2024-06-13 18:37, David T-G wrote:
Masaru, et al --
...and then Masaru Nomiya said... % % In factory ML and buldservice ML, there exist ham mails with % X-MailFrom:bar@gmail.com. % So, I changed the script as follows; ... % % :0 % unsure/. % }
Yes, that's a better answer. Sadly, the best you can do is "we can isolate hyperkitty-interface posters". That may be enough for you even if it doesn't solve the general problem (which I agree is messy).
But YAY to find something that works at least enough. It's a start :-)
You simply have to flag on two strings: User-Agent: HyperKitty onhttps://lists.opensuse.org/ From: *@gmail.com The current wave of spammers match on both. But there are also honest users which match the same criteria. I could post here easily, on this thread, and match. -- Cheers / Saludos, Carlos E. R. (from Elessar, using openSUSE Leap 15.5)
Hello, In the Message; Subject : Re: We can get rid of SPAM MAIL! Message-ID : <673374ba-3a2d-4a24-b1de-4ec7270088c8@gmx.es> Date & Time: Thu, 13 Jun 2024 19:24:17 +0200 [CER] == "Carlos E. R. via openSUSE Users" <users@lists.opensuse.org> has written: CER> On 2024-06-13 18:37, David T-G wrote: DTG> > Masaru, et al -- DTG> > DTG> > ...and then Masaru Nomiya said... DTG> > % DTG> > % In factory ML and buldservice ML, there exist ham mails with DTG> > % X-MailFrom:bar@gmail.com. DTG> > % So, I changed the script as follows; DTG> > ... DTG> > % DTG> > % :0 DTG> > % unsure/. DTG> > % } DTG> > DTG> > Yes, that's a better answer. Sadly, the best you can do is "we can DTG> > isolate hyperkitty-interface posters". That may be enough for you even DTG> > if it doesn't solve the general problem (which I agree is messy). DTG> > DTG> > But YAY to find something that works at least enough. It's a start :-) CER> You simply have to flag on two strings: CER> User-Agent: HyperKitty onhttps://lists.opensuse.org/ CER> From: *@gmail.com CER> The current wave of spammers match on both. But there are also honest users CER> which match the same criteria. I could post here easily, on this thread, and CER> match. [...] I write precisely because there is a misunderstanding. Mailman (3.3.9), the mail management software used by openSUSE, is operated by appending the Mail From information received from the smtp server to the X-MailFrom field.The feature is very useful. Incidentally, mails delivered from Mailman (2.1.9), which is owned by ffmpeg ML, do not have an X-MailFrom field, because the RFC does not mandate the setting of the X-MailFrom field. The X-MailFrom field indicates the sign up information of the mail contributor. Mail from registrants to this site will have the information starting with SRS0 and ending with subscribed user's address, and mail posted via HyperKitty will have the contributor's address. This may be a response to the fact that openSUSE allows submissions from HyperKitty (ffmpeg does not). Therefore, the first thing to suspect spam is when a personal address is set in the X-MailFrom field. Unfortunately, we cannot immediately delete a mail just because it is a personal address. Some of the regular contributors to this ML use HyperKitty from time to time, and there are also regular contributors to the factory ML and buildservice ML who post via HyperKitty using non-openSUSE accounts. As David also points out, the only method we can adopt is to "quarantine anything suspicious". But I am convinced that it is advantageous enough for me. However, I can only say that for the time being..... Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ " Hassabis says that no one really knows for sure that AI will become a major danger. But he is certain that if progress continues at its current pace, there isn’t much time to develop safeguards. "I can see the kinds of things we're building into the Gemini series right, and we have no reason to believe that they won't work," he says." -- "Google DeepMind's CEO Says Its Next Algorithm Will Eclipse ChatGPT" --
Not correct. This email will be flagged as spam by your filter and probably you will not see it. Yet I am Carlos aka robin.listas
Hello, In the Message; Subject : Re: We can get rid of SPAM MAIL! Message-ID : <171827984732.26080.2165871017464382362@mailman3.infra.opensuse.org> Date & Time: Thu, 13 Jun 2024 11:57:27 -0000 [CER] == "Carlos Robinson" <robin.listas@telefonica.net> has written: CER> Not correct. This email will be flagged as spam by your filter CER> and probably you will not see it. No, I can check it in the unsure folder. With such a script, I can block spam mails. Yes, it's a total spam grabber!! CER> Yet I am Carlos aka robin.listas How did you add X-MailFrom field, which is not specified in the RFC? Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "Loyalty cards are a symbol of "spending" not "saving"... I saved 20,000 yen a month when I stopped "act of collecting points"" -- Shihomi Shimomura --
On 2024-06-13 14:12, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: We can get rid of SPAM MAIL! Message-ID : <171827984732.26080.2165871017464382362@mailman3.infra.opensuse.org> Date & Time: Thu, 13 Jun 2024 11:57:27 -0000
[CER] == "Carlos Robinson" <robin.listas@telefonica.net> has written:
CER> Not correct. This email will be flagged as spam by your filter CER> and probably you will not see it.
No, I can check it in the unsure folder. With such a script, I can block spam mails.
Yes, it's a total spam grabber!!
CER> Yet I am Carlos aka robin.listas
How did you add X-MailFrom field, which is not specified in the RFC?
I simply used hiperkitty. <https://lists.opensuse.org/archives/list/users@lists.opensuse.org/thread/KU23BXYYWQULWQQEPQIZKG4CM6MJP5JV/> Do you see the <reply> link in blue? Try it. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Hello, In the Message; Subject : Re: We can get rid of SPAM MAIL! Message-ID : <7341d498-754c-44b7-87d6-cac5957df1d9@telefonica.net> Date & Time: Thu, 13 Jun 2024 14:18:22 +0200 [CER] == "Carlos E. R." <robin.listas@telefonica.net> has written: CER> On 2024-06-13 14:12, Masaru Nomiya wrote: [...] MN> > How did you add X-MailFrom field, which is not specified in the RFC? CER> I simply used hiperkitty. I figured it out after I sent the email. I also found out that spammers can do whatever they want thanks to your mail. CER> <https://lists.opensuse.org/archives/list/users@lists.opensuse.org/thread/KU23BXYYWQULWQQEPQIZKG4CM6MJP5JV/> CER> Do you see the <reply> link in blue? Try it. I don't understand what you are trying to say. First of all, when I followed the above link, all I got was a ban message. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "A bachelor’s degree still holds prestige as a ticket to the middle class, but its value has received increasing scrutiny. In the last several years, rising tuition and student loan debt have led more Americans to reconsider an investment in postsecondary education." -- Washington Post --
On 2024-06-13 07:44, Masaru Nomiya wrote:
Hello,
In the case of ham mail delivered from this ML, the X-MailFrom: field in the header of the email is like this;
X-MailFrom: SRS0=nTug=NN=gmail.com=knurpht.opensuse@opensuse.org
But the X-MailFrom: field in all spam mails are,
X-MailFrom: rebelssasha@gmail.com
No, there are some good people posting with that type of header. It is created by the HyperKitty interface on https://lists.opensuse.org/ And the return path is the same type. These are people that do not use a mail program to post, but the hiperkitty mail front at: <https://lists.opensuse.org/archives/list/users@lists.opensuse.org/> and click on "+start new thread" or hit "reply" at an existing post. There is NO filter that will work, because there are good posters here that use that interface, besides the spammers. I just sent a reply to you using hyperkitty that you will not see. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On Thu, 13 Jun 2024 13:59:13 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-06-13 07:44, Masaru Nomiya wrote:
Hello,
In the case of ham mail delivered from this ML, the X-MailFrom: field in the header of the email is like this;
X-MailFrom: SRS0=nTug=NN=gmail.com=knurpht.opensuse@opensuse.org
But the X-MailFrom: field in all spam mails are,
X-MailFrom: rebelssasha@gmail.com
No, there are some good people posting with that type of header. It is created by the HyperKitty interface on https://lists.opensuse.org/
And the return path is the same type.
These are people that do not use a mail program to post, but the hiperkitty mail front at:
<https://lists.opensuse.org/archives/list/users@lists.opensuse.org/>
and click on "+start new thread" or hit "reply" at an existing post.
There is NO filter that will work, because there are good posters here that use that interface, besides the spammers.
I just sent a reply to you using hyperkitty that you will not see.
On https://en.opensuse.org/openSUSE:Mailing_lists_subscription it says: "Why only subscribers may post an answer? "The lists are high frequented mailinglists with many subscribers. We want to prevent crosspostings and automaticly advertising (Spam). Messages from non-subscribers are blocked or moderated / reviewed before they get posted." So why are spam posts via HyperKitty permitted?
On 2024-06-14 10:47, Dave Howorth wrote:
On Thu, 13 Jun 2024 13:59:13 +0200 "Carlos E. R." <> wrote:
These are people that do not use a mail program to post, but the hiperkitty mail front at:
<https://lists.opensuse.org/archives/list/users@lists.opensuse.org/>
and click on "+start new thread" or hit "reply" at an existing post.
There is NO filter that will work, because there are good posters here that use that interface, besides the spammers.
I just sent a reply to you using hyperkitty that you will not see.
On https://en.opensuse.org/openSUSE:Mailing_lists_subscription it says:
"Why only subscribers may post an answer? "The lists are high frequented mailinglists with many subscribers. We want to prevent crosspostings and automaticly advertising (Spam). Messages from non-subscribers are blocked or moderated / reviewed before they get posted."
So why are spam posts via HyperKitty permitted?
Because the text has been forgotten and not updated. Hiperkitty is intentional. A documentation bug, feel free to report it :-) -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Hello, In the Message; Subject : Re: We can get rid of SPAM MAIL! Message-ID : <7e3f8fc8-530d-403a-9a15-926328f9522d@telefonica.net> Date & Time: Fri, 14 Jun 2024 11:12:40 +0200 [CER] == "Carlos E. R." <robin.listas@telefonica.net> has written: [...] CER> >> I just sent a reply to you using hyperkitty that you will not see. DH> > On https://en.opensuse.org/openSUSE:Mailing_lists_subscription it says: DH> > "Why only subscribers may post an answer? DH> > "The lists are high frequented mailinglists with many subscribers. We DH> > want to prevent crosspostings and automaticly advertising (Spam). DH> > Messages from non-subscribers are blocked or moderated / reviewed DH> > before they get posted." DH> > So why are spam posts via HyperKitty permitted? CER> Because the text has been forgotten and not updated. Why can you say so? CER> Hiperkitty is intentional. As far as I know, only alsa-devel ML allows posting emails via HyperKitty (but, alsa-user ML does not permit). So why international? CER> A documentation bug, feel free to report it :-) Why can you say so?, again. Dave's question is quite reasonable. That is, openSUSE will forward any postings from users registered in the ML network with the X-MailFrom: address of the registered submitter, rewriting the sender address to indicate the legitimate bounce destination of the mail. In contrast, for submissions from HyperKitty, openSUSE just forward them, with no guarantees attached, and the spammers just use this mechanism. Isn't this method of operation unresonable? Are there any openSUSE specific circumstances that allow submissions from HyperKitty, I wonder? Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "The Pidahan, a minority tribe living deep in the Amazon, have no words for the past or future, and live in the "now" in every moment." -- Toyoki Sakai (in Japanese) --
On 2024-06-14 13:15, Masaru Nomiya wrote:
Hello,
In the Message;
Subject : Re: We can get rid of SPAM MAIL! Message-ID : <7e3f8fc8-530d-403a-9a15-926328f9522d@telefonica.net> Date & Time: Fri, 14 Jun 2024 11:12:40 +0200
[CER] == "Carlos E. R." <robin.listas@telefonica.net> has written:
[...] CER> >> I just sent a reply to you using hyperkitty that you will not see.
DH> > On https://en.opensuse.org/openSUSE:Mailing_lists_subscription it says:
DH> > "Why only subscribers may post an answer? DH> > "The lists are high frequented mailinglists with many subscribers. We DH> > want to prevent crosspostings and automaticly advertising (Spam). DH> > Messages from non-subscribers are blocked or moderated / reviewed DH> > before they get posted."
DH> > So why are spam posts via HyperKitty permitted?
CER> Because the text has been forgotten and not updated.
Why can you say so?
CER> Hiperkitty is intentional.
As far as I know, only alsa-devel ML allows posting emails via HyperKitty (but, alsa-user ML does not permit).
So why international?
CER> A documentation bug, feel free to report it :-)
Why can you say so?, again.
Dave's question is quite reasonable.
That is, openSUSE will forward any postings from users registered in the ML network with the X-MailFrom: address of the registered submitter, rewriting the sender address to indicate the legitimate bounce destination of the mail.
In contrast, for submissions from HyperKitty, openSUSE just forward them, with no guarantees attached, and the spammers just use this mechanism.
Isn't this method of operation unresonable?
Are there any openSUSE specific circumstances that allow submissions from HyperKitty, I wonder?
It was thought that it would ease newcommers to post on the mail lists. Ease the barriers. And this is true. It is also a feature of the version of mailman that was used. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Hello, Sorry for late reply. In the Message; Subject : Re: We can get rid of SPAM MAIL! Message-ID : <6d16fc24-9629-4027-98ba-fdf6eea799c2@telefonica.net> Date & Time: Fri, 14 Jun 2024 13:53:38 +0200 [CER] == "Carlos E. R." <robin.listas@telefonica.net> has written: [...] CER> > Are there any openSUSE specific circumstances that allow submissions CER> > from HyperKitty, I wonder? CER> It was thought that it would ease newcommers to post on the mail CER> lists. Ease the barriers. CER> And this is true. CER> It is also a feature of the version of mailman that was used. I won't go into details, but I think it means that openSUSE stopped putting someone in charge around May 22. We can't blame it for this, though..... Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: m.nomiya+suse @ gmail.com ┃\/彡 ┗━━┛ "A bachelor’s degree still holds prestige as a ticket to the middle class, but its value has received increasing scrutiny. In the last several years, rising tuition and student loan debt have led more Americans to reconsider an investment in postsecondary education." -- Washington Post --
participants (6)
-
Carlos E. R. -
Carlos E. R. -
Carlos Robinson
-
Dave Howorth -
David T-G -
Masaru Nomiya