From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Faylor <cgf@cygnus.com>
To: Jason Molenda <jason@molenda.com>
Cc: overseers@sources.redhat.com
Subject: Re: Bypassing the mailing list name restriction
Date: Sat, 30 Dec 2000 06:08:00 -0000
Message-id: <20000821231731.A16521@cygnus.com>
References: <20000821180216.A14361@cygnus.com> <20000821154455.A1040@shell17.ba.best.com>
X-SW-Source: 2000/msg00987.html

On Mon, Aug 21, 2000 at 03:44:56PM -0700, Jason Molenda wrote:
>On Mon, Aug 21, 2000 at 06:02:16PM -0400, Chris Faylor wrote:
>
>> To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>
>
>Weird.  The whole point of the To/Cc checks are that spammers won't
>customize the headers for each mail note - they just throw out
>static copies of their adverts.  This person is (obviously) sending
>out dynamic spam mail, but is not bothering to put the list name
>in the To: header.  Unless his goal is to trick people in to replying
>to the @hotpop.com addr, I don't see what the point is.  (You can
>probably get this acct shut down if hotpop.com is a free e-mail
>site, but there's nothing to stop him for opening another for his
>next spam)

This isn't a spammer.  It's actually a user.  He is using hotpop.com to
forward email to the cygwin mailing list because his real ISP is blocked.
He probably stumbled across this usage as a way around his problem but
it is causing problems for other mailing list users.

I'm going to speak to him about his use of cygwin@hotpop.com causing problems
for other users of the mailing list but I thought I should also close this
hole even if it is very unlikely that an actual spammer will ever use it.

>> I'd like to modify check-for-listname.sh so that the above trick no longer
>> works.  Are there any objections to my doing this?
>
>FWIW, I'd be concerned about variations that some MUAs will use.
>A quick browse of my mailbox shoes that the three most common are
>
>  {To|Cc}: "ENGLISH_NAME" <ADDR>
>  {To|Cc}: ENGLISH_NAME <ADDR>
>  {To|Cc}: ADDR
>
>With more addresses possible in each case, separated by commas.
>Even with these variations, you can't just make the grep look for
>the "<" and ">" chars or it'll lose on the third variation.  And
>I'd be surprised if these are the only styles of addresses that
>are being generated by all the odd software out there...

I'm looking into parsing the To: address via some other means.  I thought
that procmail's "formail" program would do the right thing but it doesn't
break apart the addresses correctly.

I know that parsing this kind of address is tricky so I'll be werry werry
careful.

cgf

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Faylor <cgf@cygnus.com>
To: Jason Molenda <jason@molenda.com>
Cc: overseers@sources.redhat.com
Subject: Re: Bypassing the mailing list name restriction
Date: Mon, 21 Aug 2000 20:18:00 -0000
Message-ID: <20000821231731.A16521@cygnus.com>
References: <20000821180216.A14361@cygnus.com> <20000821154455.A1040@shell17.ba.best.com>
X-SW-Source: 2000-q3/msg00278.html
Message-ID: <20000821201800.BkPC2NxrGGlh6MsRt8nV_qrqidjN5mp1M-dH6Wc0Xkk@z>

On Mon, Aug 21, 2000 at 03:44:56PM -0700, Jason Molenda wrote:
>On Mon, Aug 21, 2000 at 06:02:16PM -0400, Chris Faylor wrote:
>
>> To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>
>
>Weird.  The whole point of the To/Cc checks are that spammers won't
>customize the headers for each mail note - they just throw out
>static copies of their adverts.  This person is (obviously) sending
>out dynamic spam mail, but is not bothering to put the list name
>in the To: header.  Unless his goal is to trick people in to replying
>to the @hotpop.com addr, I don't see what the point is.  (You can
>probably get this acct shut down if hotpop.com is a free e-mail
>site, but there's nothing to stop him for opening another for his
>next spam)

This isn't a spammer.  It's actually a user.  He is using hotpop.com to
forward email to the cygwin mailing list because his real ISP is blocked.
He probably stumbled across this usage as a way around his problem but
it is causing problems for other mailing list users.

I'm going to speak to him about his use of cygwin@hotpop.com causing problems
for other users of the mailing list but I thought I should also close this
hole even if it is very unlikely that an actual spammer will ever use it.

>> I'd like to modify check-for-listname.sh so that the above trick no longer
>> works.  Are there any objections to my doing this?
>
>FWIW, I'd be concerned about variations that some MUAs will use.
>A quick browse of my mailbox shoes that the three most common are
>
>  {To|Cc}: "ENGLISH_NAME" <ADDR>
>  {To|Cc}: ENGLISH_NAME <ADDR>
>  {To|Cc}: ADDR
>
>With more addresses possible in each case, separated by commas.
>Even with these variations, you can't just make the grep look for
>the "<" and ">" chars or it'll lose on the third variation.  And
>I'd be surprised if these are the only styles of addresses that
>are being generated by all the odd software out there...

I'm looking into parsing the To: address via some other means.  I thought
that procmail's "formail" program would do the right thing but it doesn't
break apart the addresses correctly.

I know that parsing this kind of address is tricky so I'll be werry werry
careful.

cgf