Good Morning,
We currently have reports from three list owners about Spam bypassing Editors. All the editors report that no one authorized to confirm messages actually confirmed those spam messages the configuration of these lists are as follows:
1.
* Send= Editor,Hold,Confirm,All
* Review= Owner
* Errors-to= Owner
* Notify= Yes
* Ack= Yes
* Reply-to= Sender
2.
* Subscription= By_Owner
* Review= Owner
* Send= Editor,Hold
* Editor= [log in to unmask]
* Reply-to= Sender
* Errors-to= Owner
* Notify= Yes
* Ack= No
3. The third one is a super list with keyword files, so I do not what its Editor settings are yet. I think this what they are:
* -- Edited lists keywords: these headers are used in all moderated CAES Extension lists
*
* Send= Editor,Hold
* Editor= [log in to unmask] ( Teri Berryman )
* Editor= [log in to unmask] ( Adele Shiver )
* Editor= [log in to unmask] ( Chris Adcock )
* Editor= [log in to unmask] ( Brenda Rodgers )
* Moderator= All,[log in to unmask]
* Moderator= [log in to unmask]
* Moderator= [log in to unmask]
* Moderator= [log in to unmask]
List # 1 has had 3 spam message go through since yesterday and the Owner/Editor swears he did not confirm anything. He is running a computer with Windows Defender and he uses Mozilla Thunderbird for mail processing. He did note that Thunderbird updated to a new version very recently.
List # 2 - I have not heard back from the List Owner/Editor yet.
List # 3 - The technical rep verified that none of the listed editors or moderators approved the Spam message. They use some version of Outlook.
As soon as I get with one of our Linux Admins, I will go through yesterday's log and today's log to see what I can find out.
I checked with our Security Office and none of the security products used verifies URLs in emails.
Thank you,
Lewis
Lewis Noles
Information Technology Professional
EITS
Computer Services Annex
101 Cedar ST
Athens GA 30602
[log in to unmask]
706-542-6729
EITS Helpdesk: 706-542-3106
http://itsupport.uga.edu/
-----Original Message-----
From: LISTSERV Site Administrators' Forum [mailto:[log in to unmask]] On Behalf Of LSTSRV-L automatic digest system
Sent: Wednesday, May 10, 2017 12:01 AM
To: [log in to unmask]
Subject: LSTSRV-L Digest - 4 May 2017 to 9 May 2017 (#2017-20)
There are 4 messages totaling 150 lines in this issue.
Topics of the day:
1. Posts getting past EDITOR? (4)
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
----------------------------------------------------------------------
Date: Tue, 9 May 2017 20:10:12 +0000
From: F J Kelley <[log in to unmask]>
Subject: Posts getting past EDITOR?
Has anyone had reports of posts (spam/phishes) going to lists where SEND= EDITOR is set? I have had two reports; in each case I am willing to believe the Editors did not inadvertently allow the post (though I admit that is the most likely reason). My concern would be the spammers have found a way around the setting. Right now it is just a nagging suspicion (fear). ...
--Joe
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
------------------------------
Date: Tue, 9 May 2017 16:19:37 -0400
From: Pete Weiss <[log in to unmask]>
Subject: Re: Posts getting past EDITOR?
Just to be sure, did you check the list definitions for OWNER= and EDITOR= vs. the FROM: or SENDER: ?
Ditto for the
Q listname FOR poster@address
to see if they are SET to EDITOR
On 5/9/2017 16:10, F J Kelley wrote:
> Has anyone had reports of posts (spam/phishes) going to lists where SEND= EDITOR is set? I have had two reports; in each case I am willing to believe the Editors did not inadvertently allow the post (though I admit that is the most likely reason). My concern would be the spammers have found a way around the setting. Right now it is just a nagging suspicion (fear).
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
------------------------------
Date: Tue, 9 May 2017 20:29:39 +0000
From: "Plowinske, Michael" <[log in to unmask]>
Subject: Re: Posts getting past EDITOR?
We had a similar issue where our SPAM filtering software was "probing" links in the approval required email being sent to our list moderators.
The service that verified the links in the emails were causing LISTSERV to "OK" the message to get sent out to the list.
We needed to whitelist our LISTSERV domain with the SPAM provider to turn off these probes.
> -----Original Message-----
> From: LISTSERV Site Administrators' Forum
> [mailto:[log in to unmask]] On Behalf Of Pete Weiss
> Sent: Tuesday, May 09, 2017 4:20 PM
> To: [log in to unmask]
> Subject: Re: Posts getting past EDITOR?
>
> Just to be sure, did you check the list definitions for OWNER= and EDITOR= vs. the FROM: or SENDER: ?
> Ditto for the
>
> Q listname FOR poster@address
>
> to see if they are SET to EDITOR
>
> On 5/9/2017 16:10, F J Kelley wrote:
> > Has anyone had reports of posts (spam/phishes) going to lists where
> > SEND= EDITOR is set? I have had
> two reports; in each case I am willing to believe the Editors did not
> inadvertently allow the post (though I admit that is the most likely
> reason). My concern would be the spammers have found a way around the setting. Right now it is just a nagging suspicion (fear).
>
> ############################
>
> To unsubscribe from the LSTSRV-L list:
> write to: mailto:[log in to unmask]
> or click the following link:
> http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
------------------------------
Date: Tue, 9 May 2017 17:42:01 -0400
From: Valdis Kletnieks <[log in to unmask]>
Subject: Re: Posts getting past EDITOR?
On Tue, 09 May 2017 20:29:39 -0000, "Plowinske, Michael" said:
> We had a similar issue where our SPAM filtering software was "probing"
> links in the approval required email being sent to our list
> moderators. The service that verified the links in the emails were
> causing LISTSERV to "OK" the message to get sent out to the list.
This sort of problem is why RFC8058 exists:
8058 Signaling One-Click Functionality for List Email Headers. J. Levine,
T. Herkula. January 2017. (Format: TXT=18219 bytes) (Status:
PROPOSED STANDARD) (DOI: 10.17487/RFC8058)
Abstract
This document describes a method for signaling a one-click function
for the List-Unsubscribe email header field. The need for this
arises out of the actuality that mail software sometimes fetches URLs
in mail header fields, and thereby accidentally triggers
unsubscriptions in the case of the List-Unsubscribe header field.
Which unfortunately only covers RFC2369 List-Unsubscribe: headers, and doesn't cover other URLs in the headers, or in the body of the mail.
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
------------------------------
End of LSTSRV-L Digest - 4 May 2017 to 9 May 2017 (#2017-20)
************************************************************
############################
To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1
|
