arne anka ha scritto:
>> No, this seems a mail generated from the versioning system who alerts me
>> of a pending commit request not a common spamming message.
>>
>
> ???
> nothing's easier than spoofing the sent-from. just because it says it is
> sent from something-commits does in no way mean, it really is.
>
Sorry but which part of "the mail was sent from the versioning system"
you didn't understand? :)
This is NOT spoofed but was sent form the projects server, please look
at the headers:
----------------------------------------------------------------------
Return-Path: <mailman-boun...@projects.openmoko.org>
X-Spam-Checker-Version: SpamAssassin 3.1.5 (2006-08-29) on djdas.djdas.net
X-Spam-Level:
X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_50,NO_REAL_NAME
autolearn=no version=3.1.5
Received: from projects.openmoko.org (projects.openmoko.org [88.198.93.218])
by djdas.djdas.net (8.13.7/8.13.4) with ESMTP id n6Q9RPQ1012478
for <dj...@djdas.net>; Sun, 26 Jul 2009 11:27:25 +0200
Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
by projects.openmoko.org with esmtp (Exim 4.63)
(envelope-from <mailman-boun...@projects.openmoko.org>)
id 1MWOjP-0005b0-KI
for dj...@users.projects.openmoko.org; Thu, 30 Jul 2009 08:03:11 +0200
Received: from localhost ([127.0.0.1] helo=projects.openmoko.org)
by projects.openmoko.org with esmtp (Exim 4.63)
(envelope-from <bluemoko-commits-boun...@projects.openmoko.org>)
id 1MWOjK-0005IK-SA for bluemoko-commits-ow...@projects.openmoko.org;
Thu, 30 Jul 2009 08:03:06 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: 1 Bluemoko-commits moderator request(s) waiting
From: bluemoko-commits-boun...@projects.openmoko.org
To: bluemoko-commits-ow...@projects.openmoko.org
Message-ID: <mailman.241.1248933784.3962.bluemoko-comm...@projects.openmoko.org>
Date: Thu, 30 Jul 2009 08:03:04 +0200
Precedence: bulk
X-BeenThere: bluemoko-comm...@projects.openmoko.org
X-Mailman-Version: 2.1.9
List-Id: cvs commits <bluemoko-commits.projects.openmoko.org>
X-List-Administrivia: yes
Sender: mailman-boun...@projects.openmoko.org
Errors-To: mailman-boun...@projects.openmoko.org
X-Virus-Scanned: ClamAV 0.88.4/9634/Thu Jul 30 05:03:31 2009 on djdas.djdas.net
X-Virus-Status: Clean
----------------------------------------------------------------------
>
>> It smells of security issue on the projects.openmoko site...
>>
>
> still possible, if one take sthe password issue in account. but not from
> the quotes of spam.
>
>
Maybe they were able to automatize the commit requests for all (o part
of) the projects hosted in the site registering an account (or using an
anonymous one if possible) that asks for commits and using the
subject/notes field to add spamming messages...
_______________________________________________
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community
