Regarding all the spam...
Lyngmo Ted
member?
If so, what would we lose by changing that?
Kind regards,
Ted Lyngmo
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Richard Levitte - VMS Whacker
ted.lyngmo> Is it possible to post messages to the mailing list
ted.lyngmo> without being a member?
Yes, openssl-users is completely open.
ted.lyngmo> If so, what would we lose by changing that?
Some people will have their responses go to
openss...@openssl.org. You will miss those replies.
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte \ Tunnlandsvägen 52 \ LeV...@stacken.kth.se
Redakteur@Stacken \ S-168 36 BROMMA \ T: +46-708-26 53 44
\ SWEDEN \
Procurator Odiosus Ex Infernis -- po...@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
Richard Levitte - VMS Whacker
ted.lyngmo> If so, what would we lose by changing that?
I think I misunderstood that question. I honestly don't know what we
would lose. Maybe a sense of openness.
Mads Toftum
>
> I think I misunderstood that question. I honestly don't know what we
> would lose. Maybe a sense of openness.
>
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
Richard Levitte - VMS Whacker
mads> On Tue, Feb 24, 2004 at 01:27:05PM +0100, Richard Levitte - VMS Whacker wrote:
mads> >
mads> > I think I misunderstood that question. I honestly don't know what we
mads> > would lose. Maybe a sense of openness.
mads> >
mads> get someone to moderate the list - problem solved.
*cough* you do know what you're talking about, right?
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte \ Tunnlandsvägen 52 \ LeV...@stacken.kth.se
Redakteur@Stacken \ S-168 36 BROMMA \ T: +46-708-26 53 44
\ SWEDEN \
Procurator Odiosus Ex Infernis -- po...@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
Lyngmo Ted
> Ted Lyngmo wrote:
> >
> > Is it possible to post messages to the mailing list without
> > being a member? If so, what would we lose by changing that?
>=20
> I honestly don't know what we would lose. Maybe a sense of
> openness.
True, but considering how easy it is to become a member, my suggestion =
is that posting to the list is made available for members only.
Kind regards,
Ted Lyngmo
Mads Toftum
> mads> get someone to moderate the list - problem solved.
>
> *cough* you do know what you're talking about, right?
>
I wouldn't suggest it if I didn't do the same for other lists already.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Richard Levitte - VMS Whacker
mads> On Tue, Feb 24, 2004 at 01:40:03PM +0100, Richard Levitte - VMS Whacker wrote:
mads> > mads> get someone to moderate the list - problem solved.
mads> >
mads> > *cough* you do know what you're talking about, right?
mads> >
mads> yes. Allow members to post and only non-members if moderated through -
mads> I wouldn't suggest it if I didn't do the same for other lists already.
Ah, that form. Sorry, got confused...
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte \ Tunnlandsvägen 52 \ LeV...@stacken.kth.se
Redakteur@Stacken \ S-168 36 BROMMA \ T: +46-708-26 53 44
\ SWEDEN \
Procurator Odiosus Ex Infernis -- po...@bofh.se
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
Rich Salz
> would lose. Maybe a sense of openness.
In the past -- at least, say, 2-3 years ago -- we had a couple of
anonymous posters who made very worthwhile contributions. Haven't
seen that recently. Also, it used to be in the spirit of crypto
open source (cypherpunkcs, etc) to allow anon posting because
of the whoele ethos thing.
Probably not worth supporting any more.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Ken - Xzone9 Productions
the SPAM in this group email...
The only way to moderate a group email list is to formalize the method
of how it is delivered. If interested people are asked to join as a
member, they can be turned off if proved to be malicious. Otherwise,
anyone can keep sending emails with bad intent in any email name from
yahoo, msn, etc. If they are forced to "sign-up" each time, they will
eventually go pick on another email group.
In addition, if enough interest is responding, I can post a Bulletin
Board for topics, and people can choose to go there instead of through
group email listings.
I otherwise agree that non-members need to become members to post.
Best Regards;
Ken Hackenberg
k...@xzone9.com
www.xzone9.com
AOL IM- khkenberg
(480) 726.8579
-----Original Message-----
From: owner-ope...@openssl.org
[mailto:owner-ope...@openssl.org] On Behalf Of Lyngmo Ted
Sent: Tuesday, February 24, 2004 5:41 AM
To: openss...@openssl.org
Subject: RE: Regarding all the spam...
Richard Levitte wrote:
> Ted Lyngmo wrote:
> >
> > Is it possible to post messages to the mailing list without being a
> > member? If so, what would we lose by changing that?
>
> I honestly don't know what we would lose. Maybe a sense of openness.
True, but considering how easy it is to become a member, my suggestion
is that posting to the list is made available for members only.
Kind regards,
Ted Lyngmo
Robin Lynn Frank
> > I think I misunderstood that question. I honestly don't know what we
> > would lose. Maybe a sense of openness.
>
> anonymous posters who made very worthwhile contributions. Haven't
> seen that recently. Also, it used to be in the spirit of crypto
> open source (cypherpunkcs, etc) to allow anon posting because
> of the whoele ethos thing.
>
> Probably not worth supporting any more.
>
Most of the so-called spam I see on this list is backscatter from stupidly
configured AV software that either bounces virus laden mail or sends
notifications to forged addresses.
There is no excuse for the mail server this list is on, not dealing with that.
Discarding or quarantining virus laden mail and discarding those idiotic AV
notices isn NOT rocket science.
--
Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC
Email acceptance policy: http://paradigm-omega.com/email_policy.php
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Confidential or privileged information unintentionally sent us will
be listed on EBAY as soon as possible Paypal is accepted.
Ben Laurie
>>I think I misunderstood that question. I honestly don't know what we
>>would lose. Maybe a sense of openness.
>
>
> In the past -- at least, say, 2-3 years ago -- we had a couple of
> anonymous posters who made very worthwhile contributions. Haven't
> seen that recently. Also, it used to be in the spirit of crypto
> open source (cypherpunkcs, etc) to allow anon posting because
> of the whoele ethos thing.
>
> Probably not worth supporting any more.
I disagree.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
Boyle Owen
> From: Ben Laurie [mailto:b...@algroup.co.uk]
>=20
> I disagree.
I've lost the thread... You want to limit posting to subscribers only or
you don't?
BTW, the mod_ssl list has been swamped by some spammer. Would this list
be immune to these posts (the spammer is craftily spoofing the From
field..)
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20
>=20
> --=20
> http://www.apache-ssl.org/ben.html http://www.thebunker.net/
>=20
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20
Rich Salz
> Probably not worth supporting any more.
Ben Laurie wrote:
> I disagree.
Ben's voice carries way more weight than mine :) I stand down...
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________
Scott Lamb
On Feb 24, 2004, at 9:55 AM, Rich Salz wrote:
>> I think I misunderstood that question. I honestly don't know what we
>> would lose. Maybe a sense of openness.
>
> In the past -- at least, say, 2-3 years ago -- we had a couple of
> anonymous posters who made very worthwhile contributions. Haven't
> seen that recently. Also, it used to be in the spirit of crypto
> open source (cypherpunkcs, etc) to allow anon posting because
> of the whoele ethos thing.
I think there's a huge distinction to be made between disallowing
anonymous posting and disallowing non-moderated posting by non-members.
You can easily register a hotmail account or whatever and join the
mailing list anonymously. In fact, anonymity has _nothing_ to do with
whether you are a member of the mailing list or not.
Scott
Vadim Fedukovich
>
> On Feb 24, 2004, at 9:55 AM, Rich Salz wrote:
>
> >> I think I misunderstood that question. I honestly don't know what we
> >> would lose. Maybe a sense of openness.
> >
> > In the past -- at least, say, 2-3 years ago -- we had a couple of
> > anonymous posters who made very worthwhile contributions. Haven't
> > seen that recently. Also, it used to be in the spirit of crypto
> > open source (cypherpunkcs, etc) to allow anon posting because
> > of the whoele ethos thing.
>
> I think there's a huge distinction to be made between disallowing
> anonymous posting and disallowing non-moderated posting by non-members.
> You can easily register a hotmail account or whatever and join the
> mailing list anonymously. In fact, anonymity has _nothing_ to do with
> whether you are a member of the mailing list or not.
a hotmail account might be considered a handy tool but it hardly could be
regarded as anonymous.
Please take a look at mixmaster.sf.net (the tool)
and network of remailers running around. There was mixmaster protocol
ietf draft published recently
It is not quite clear whether there's a chance to both accept mail from
remailers and kill the junk
regards,
Vadim
Scott Lamb
> a hotmail account might be considered a handy tool but it hardly could be
> regarded as anonymous.
>
> Please take a look at mixmaster.sf.net (the tool)
> and network of remailers running around. There was mixmaster protocol
> ietf draft published recently
That was the "or whatever". ;) You can be as thorough as you like, but
registering a random hotmail account and perhaps sending mail from a
public place is frequently good enough. (I personally don't see the need
for perfect anonymity when posting questions about an API, even a
security-related one.)
I don't see why using an anonymous remailer for greater protection would
be any different - IIRC they support creating a consistent pseudonym and
sending and receiving many mails to/from it.
> It is not quite clear whether there's a chance to both accept mail from
> remailers and kill the junk
I think just simply requiring people to be list members before posting
would be enough to make a big impact.
This would completely stop the "you sent us a virus" messages that Robin
Lynn Frank mentioned. Anti-virus software is not going to subscribe to
the mailing list first; if its makers had realized these messages would
be sent to mailing lists, they wouldn't be sending them at all.
And while spammers _could_ subscribe to mailing lists before sending a
bunch of spam, they typically don't, based on my experiences with other
lists.
>
> regards,
> Vadim
Thanks,
Scott
L Nehring
messages discussing spam than spam messages themselves?
There just doesn't seem to be a real need to take any action at all
given the small number of UCE or antivirus bounce messages.
r,
Lance
Patrick Coleman
> I think just simply requiring people to be list members before posting
> would be enough to make a big impact.
You dont necessarily have to force people to become members. Just
ensure that all anonymous posts are be moderated, and the problem
is solved. The spam, viruses and anonymous posts get redirected to
one administrators inbox, who agrees to put up with them, and legit
anonymous posts are allowed into the list from there. Everyone is
happy. I've set this up for a couple of lists I manage after problems with
spam, and it works well.
I do agree with Lance, though, about the irony of the fact that we're
generating more mail discussing this than the spammers themselves :)
-Patrick
--
RedHerring: Linux wiki support and tutorials
http://covox.sepwich.com/linux
CECID: The CEnsorship CIrcumvention Device
http://cecid.sf.net
Joseph Bruni
(when are they going to fix their stuff?) I kept getting bombed by AV
bounces aimed at openssl-users-l. Not to mention that the list was DOWN
during that time as well. A good number of my posts just got timed out
by my legitimate SMTP relay.
On Mar 2, 2004, at 2:15 PM, L Nehring wrote:
> Have we now crossed the threshold where there are more off-topic
> messages discussing spam than spam messages themselves?
>
> There just doesn't seem to be a real need to take any action at all
> given the small number of UCE or antivirus bounce messages.
______________________________________________________________________
Ben Laurie
>>-----Original Message-----
>>From: Ben Laurie [mailto:b...@algroup.co.uk]
>>
>>I disagree.
>
>
> I've lost the thread... You want to limit posting to subscribers only or
> you don't?
I don't.
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
Scott Lamb
On Mar 2, 2004, at 8:37 PM, Joseph Bruni wrote:
> I don't know about that. During the latest Windows exploit virus blast
> (when are they going to fix their stuff?) I kept getting bombed by AV
> bounces aimed at openssl-users-l. Not to mention that the list was
> DOWN during that time as well. A good number of my posts just got
> timed out by my legitimate SMTP relay.
>
>
> On Mar 2, 2004, at 2:15 PM, L Nehring wrote:
>
>> Have we now crossed the threshold where there are more off-topic
>> messages discussing spam than spam messages themselves?
>>
>> There just doesn't seem to be a real need to take any action at all
>> given the small number of UCE or antivirus bounce messages.
To put some concrete numbers on this, my mail logs note rejecting 24
messages MAIL FROM: <owner-mmx-o...@mmx.engelschall.com> in
the past month, and I have 14 more in my junk folder. So no, we most
certainly have not crossed that threshold.
Scott
Boyle Owen
> From: Scott Lamb [mailto:sl...@slamb.org]
The spammer who zapped the mod_ssl list (see
http://marc.theaimsgroup.com/?l=3Dapache-modssl&r=3D1&b=3D200403&w=3D2) =
has now
moved onto this list (see content-free mail apparently from rse...)
Can someone with admin powers block these spams?
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.=20
>=20
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
>=20
Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe. =
This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
est
un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
boursi=E8re du
Groupe SWX.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.=20
Richard Koenning
>>-----Original Message-----
>>From: Scott Lamb [mailto:sl...@slamb.org]
>
>
> The spammer who zapped the mod_ssl list (see
> http://marc.theaimsgroup.com/?l=apache-modssl&r=1&b=200403&w=2) has now
> moved onto this list (see content-free mail apparently from rse...)
>
> Can someone with admin powers block these spams?
This is no spam, but, according to our mail virus scanner, a worm named
WORM_NETSKY.B. Btw, how can a content-free mail be spam? ;-)
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH