Re: Lots of (easily recognisible) spam sent to the BTS today

To: debian-devel@lists.debian.org, Debian bug tracking system administrator <owner@bugs.debian.org>
Cc: Kevin Mark <kevin.mark@verizon.net>
Subject: Re: Lots of (easily recognisible) spam sent to the BTS today
From: Don Armstrong <don@donarmstrong.com>
Date: Fri, 20 Oct 2006 17:22:38 -0700
Message-id: <[🔎] 20061021002238.GR13589@archimedes.ucr.edu>
Mail-followup-to: debian-devel@lists.debian.org, Debian bug tracking system administrator <owner@bugs.debian.org>, Kevin Mark <kevin.mark@verizon.net>
In-reply-to: <[🔎] 20061020231020.GA26413@localhost>
References: <[🔎] 20061020220558.GC19340@javifsp.no-ip.org> <[🔎] 20061020231020.GA26413@localhost>

On Fri, 20 Oct 2006, Kevin Mark wrote:
> On Sat, Oct 21, 2006 at 12:05:58AM +0200, Javier Fernández-Sanguino Peña wrote:
> > I'm not sure if anybody else is seeing this but I have seen (just today) 28
> > spam messages sent to the BTS. I've received them because they were all sent
> 
> I've seen BTS spam before and ask the list admins about it.
> 
> > to (at least) the 'www.debian.org' pseudo-package, and I have reported all of
> > them in the BTS' spam interface [1]
> > 
> > They also seem to share common carachteristics:
> > 
> > a) Subject fits the regexp: ".* note|letter|message\. You .* read\."
> > b) The MTA it claims to be: "X-Mailer: Microsoft Office Outlook, Build 11.0.*"
> 
> I've seen this X-Mailer Header used with recent spam. Is this a 'real'
> used mailer, if not, it maybe an easy regex to stop this spam.

Yes... this regex has already been added.
 
> > c) The first two lines of the body fit these regexps:
> > 
> > The great .* are .*\.
> > The increase is up to 70%.*
> > 
> > I'm pretty sure this spam has probably found a place in many other BTS
> > entries, I was just wondering if the BTS admins have noticed and placed
> > appropiate measures in place (I'm sure they have, but just in case).
> > #101772, #102186, #101772, #101870, #180196, #180118
> 
> Does BTS mail have identifiable header and/or body characteristics
> to determine what is legitimate? Does all mail to the bts come from:
> debian.org mailers, reportbugs or some identifable sources that
> would make legitimate email identifable?

The messages which do have such identifiable characterestics already
have them in place; messages sent to nnn-done@ and nnn@ have no such
requirements, though.

In general, just clicking on the report spam links are good enough; in
cases like this where large amounts of spam have been crafted which
beat the extant rules, Blars Blarson (and to a lesser degree the other
BTS admins, including myself) generally rapidly notice it and deal
appropriately. [When we haven't, just send a note to owner@b.d.o and
someone will deal with it.]


Don Armstrong

-- 
Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and
the Ugly).
 -- Matt Welsh

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to:

References:
- Lots of (easily recognisible) spam sent to the BTS today
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Lots of (easily recognisible) spam sent to the BTS today
  - From: Kevin Mark <kevin.mark@verizon.net>

Prev by Date: Re: Bug mass filling
Next by Date: Re: Bug mass filling
Previous by thread: Re: Lots of (easily recognisible) spam sent to the BTS today
Next by thread: Re: Lots of (easily recognisible) spam sent to the BTS today
Index(es):
- Date
- Thread