Hello. I'm just a regular Debian user, but please reconsider doing something about the distribution of bug reporters' email addresses, at least through the web interface.
It has gotten so bad that the turnaround between reporting a bug through 'reportbug' with a brand new email-address and receiving spam is now less than 5 hours: (reporting the bug) Jul 19 16:07:39 chaos postfix/qmgr[9820]: E0F89EAC19B: from=<[EMAIL PROTECTED]>, size=2443, nrcpt=2 (queue active) Jul 19 16:07:42 chaos postfix/smtp[12686]: E0F89EAC19B: to=<[EMAIL PROTECTED]>, relay=bugs.debian.org[140.211.166.43]:25, delay=5.7, delays=1.9/0.68/2.4/0.68, dsn=2.0.0, status=sent (250 OK id=1IBWfO-0007x1-DK) (being spammed. also note that they are spamming another account I used a couple of days ago for another bug, which I had to close) Jul 19 20:59:49 chaos postfix/smtpd[13768]: connect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:49 chaos postfix/smtpd[13769]: connect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/smtpd[13769]: NOQUEUE: reject: RCPT from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230]: 554 5.7.1 <[EMAIL PROTECTED]>: Recipient address rejected: This address is no longer in service due to excessive incoming spam. Try [EMAIL PROTECTED]; from=<[EMAIL PROTECTED]> to= <[EMAIL PROTECTED]> proto=SMTP helo=<growthstockguru.com> Jul 19 20:59:50 chaos postfix/smtpd[13768]: 40A95EAC114: client=pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/smtpd[13769]: lost connection after RCPT from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/smtpd[13769]: disconnect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:50 chaos postfix/cleanup[13772]: 40A95EAC114: message-id=<[EMAIL PROTECTED]> Jul 19 20:59:51 chaos postfix/qmgr[9820]: 40A95EAC114: from=<[EMAIL PROTECTED]>, size=22098, nrcpt=1 (queue active) Jul 19 20:59:51 chaos postfix/smtpd[13768]: disconnect from pool-71-185-3-230.phlapa.east.verizon.net[71.185.3.230] Jul 19 20:59:51 chaos postfix/local[13773]: 40A95EAC114: to=<......................>, orig_to=<[EMAIL PROTECTED]>, relay=local, delay=1.9, delays=1.5/0.19/ 0/0.25, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") It is fairly obvious that someone is aggressively and automatically sourcing spam targets from your bug tracker. Even with RBLs, spamassassin etc. it's becoming difficult to protect against spam due to the way "modern" spam mails are formatted. Of course nothing will prevent a dedicated attacker from writing a bot, but simple random munging of the HTML sounds like a cheap way to at least slow them down a bit. Thanks in advance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
