Re: Debbugs and spam
On Fri, 2005-01-14 at 13:01 +1000, Anthony Towns wrote:
> Hey all,
> Looks like we've gotten to the point where we get so much spam that
> spamscan can't cope with it as fast as it's coming in. I think we need
> to start doing stuff about that; but that implies changing the way the
> BTS behaves; eg, not accepting mail that's not authenticated in some
> way, and not showing the full contents of bug reports to web browsers
> that aren't authenticated in some way.
> Certainly I prefer that to the alternatives, which seem to be randomly
> dropping huge chunks of mail and discouraging users from submitting
> bugs, or just plain closing down the BTS; but no doubt lots of people
> will be utterly disgusted by the idea...
My impression of the problem is that you have a lot of valid addresses
that result in massive spam runs with very similar mail. That problem is
much worse than what's hitting lists.debian.org, as the number of valid
email addresses there is a few orders of magnitude smaller.
If this is what is happening, a possible solution would probably be to
blacklist IPs that post over $foo messages in a certain time period. We
can apply a few rules to make sure that valid users aren't blocked.
-whitelisting some known-good posters who post regularly,
-not counting GPG-signed messages towards the total,
-not counting messages with In-Reply-To and References headers that
match message-ids already associated with the bug.
and so on.
If the spam runs on bugs.debian.org are similar to what hits
murphy.debian.org, then banning IPs for a period of time ~48 hours would
be quite effective.