[Noisebridge-discuss] BBB complaint report

[Andy Isaacson]

On Wed, Feb 29, 2012 at 12:52:53PM -0800, Andy Isaacson wrote:
> On Wed, Feb 29, 2012 at 10:27:53AM -0800, Daniel Pitts wrote:
> > How do these keep getting through? I thought this was a moderated
> > list. I understand one mistake, but I've gotten three from this
> > list.  This is clearly a scam and may contain malware to boot.
> 
> The ways of mailman are mysterious.  I'll take another look at the
> config tonight to see why these sometimes leak.  It's incredibly
> annoying that mailman doesn't log when a listadmin approves a posting.

It's still annoying, but it turns out that the reason was pretty
straightforward -- the phishing From address was listed in
accept_these_nonmembers rather than discard_these_nonmembers.

The Mailman UI for "drop this as spam and mark the sender as a bad
person" is *horrifying* -- you have to click two radio buttons and a
checkbox on an HTML form, and the second radio button defaults to "let
this person post in the future" even if you've ticked the "drop this
message on the floor" in the previous item.  So I'm guessing one of the
list admins (might even have been me!) dropped a previous spam, ticked
the checkbox, but missed clicking the "no this is a spammer not a
friend" radio button.

In any case, it's fixed now, and I've reviewed the other 239 addresses
in accept_these_nonmembers and don't think any other miscreants have
snuck in.  (Well, other than the miscreants we all know and love and
call co-members.)

-andy