On Thu, Jan 31, 2013 at 1:46 PM, <porpen+git@xxxxxxxxx> wrote: > Hey folks, > > When I checked for false positives in my spam this morning, I spotted > an interesting malformed img link at the top of a spam message. > > {snip} >> <http://git.{snip}.n2.nabble.com/file/{snip}/t3.jpg> >> >> Employ a medal tiffany bracelet <{snip}> a is > {snip} > > So, apparently git-daemon's http features are being used by spammers. Not at all. You appear to be referring to the message from http://git.661346.n2.nabble.com/tiffany-bracelet-On-your-Significant-other-td7575440.html This isn't a running instance of git-daemon, it's a web front-end for the mailing list. It seems nabble allows image-attachments, and that's what you're seeing; an attached image to a spam-email that was sent to the git-mailing list through nabble. The message contains HTML to display the image, and the git mailing list rejects HTML messages. So the only ones who should be able to get these spam-emails are users who subscribe through nabble. If you subscribe through vger instead (http://vger.kernel.org/vger-lists.html#git), you should get less spam. > In most cases, spam filters will correctly identify this junk. > > I wonder if there is a better way... In my mental sandbox, git-daemon > http could have a set of deny/allow rules for incoming connection > client types. > e.g.: > > git: allow > git-http: allow > thunderbird: deny > outlook express: replace linked file with rickroll.jpg > > and so on.. An out-of-the-box install probably should default to > allow all to keep backward compatibility. > Git-daemon doesn't have an http-feature. You are probably thinking about git-http-backend, but that's an CGI; the http-daemon invoking it should already be able to filter connections. So, I don't think there's anything that needs to be done to be able to block spammers from git-servers. Blocking spammers from nabble is a different manner, and is something you'll have to take up with the nabble staff. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html