[sudo-sys] *** SECURITY information for sudoroom.org ***

[Charley Sheets]

On Mon, 25 Apr 2016 10:58:54 -0700
yar <yardenack at gmail.com> wrote:

> I added you to the sudo group, thank you!

Thanks!

> Curious what spam symptoms
> you're thinking of though. IME gmail only flags the actual spam being
> reflected by the sudo-info list, and otherwise treats our mail well.

I find it suspicious that we have list members with what appear to be
nonsense extensions to their gmail addresses, that are subscribed to
multiple lists. I suppose it's possible these are legitimate
extensions, but to me this seems like a sign that we haven't
sufficiently confirmed these addresses, and that we're thereby
participating in a mail bomb. For example, there are 72 variations of
ubercoffeetime+foo at gmail.com (with different values of foo) all in the
outbound queue right now.

I'd like to investigate how these addresses got added to the lists
they're on. I don't have much mailman experience, but I'm totally
willing to learn in order to figure this out.

For now I'm going to put all mail on hold that's currently destined for
these suspicious-looking addresses.
-- 
Charley Sheets
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://sudoroom.org/pipermail/sudo-sys/attachments/20160425/f3e7f0b5/attachment.sig>