[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nigerian scam in debian-devel...

On Sat, Jun 29, 2002 at 02:06:24AM -0700, Ian Eure wrote:
> On Friday 28 June 2002 11:44 am, Duncan Findlay wrote:
> > On Fri, Jun 28, 2002 at 05:34:29PM +0100, Colin Watson wrote:
> > > On Fri, Jun 28, 2002 at 07:25:31PM +0300, Sami Haahtinen wrote:
> > > > On Fri, Jun 28, 2002 at 04:44:30PM +0200, Santiago Vila wrote:
> > > > > For the message I'm replying to, I get:
> > > > >
> > > > > X-Spam-Status: Yes, hits=6.7 required=5.0
> > > > > tests=FROM_ENDS_IN_NUMS,PLING,US_DOLLARS_3,US_DOLLARS,SUPERLONG_LINE,
> > > > >RCVD_IN_RFCI version=2.20
> > > > >
> > > > > which means we could eliminate even more spam if we used a more
> > > > > recent spamassassin version (for example, the one in woody).
> > > >
> > > > and enable razor support, which would eliminate even more spam.
> > >
> > > Razor has been known to catch things like Debian security advisories ...
> > > I'm not sure that using it on the Debian lists is a great idea.
> > > SpamAssassin is much less vulnerable to random people messing about with
> > > its idea of what is spam and what isn't.
> >
> > I would agree that it would be bad to use razor on mail sent _BY_ the
> > lists. But mail sent _TO_ the lists could be checked by Razor before
> > being distributed fairly safely.
> >
> What's the difference? Somebody (or some program) has to be responsible for 
> sending DSAs to -security before it's sent to the subscribers.
> 

I'm saying that the only way for razor to generate a false positive is
if someone that recieves the mail reports it to Razor.

Before mail is distributed to the lists, it is impossible for it to
have been reported to Razor. (Unless, of course, someone reported
their own mail before sending, but that would be pointless) After it
has been sent out to the list, any of the subscribers could have
reported it to Razor as spam, and then all other recipients would have
it flagged as spam accoring to razor.

So basically, the razor check has to be done before a mail is sent by
the list servers.

Security announcements are not flagged by razor as soon as their sent
out. As soon as they are recieved, someone could report it.

Basically razor (version 1) checks can be abused after a legitimate
mail has been sent to a large number of recipients. They can't be
wrong before it is sent to a large number of recipients.

-- 
Duncan Findlay


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: