Date   

moderated Re: #activitylog #directadd - Full email message showing un in the activity log?

Tom Vail
 

On Thu, Aug 23, 2018 at 12:01 PM, J_Catlady wrote:
Another idea would be to have a dedicated "direct add" page, just like there's now an "invite" page, and log the messages only there in both cases.
I think having everything logged in one place, with the option of the amount of detail displayed, is a better option.

Peace,
Tom


moderated Re: #activitylog #directadd - Full email message showing un in the activity log?

 

Hi All,

On Thu, Aug 23, 2018 at 11:55 AM, Tom Vail <tom@...> wrote:

If that is true, I BEG you to at least make it an option to include the message in the log,  We use the log daily and send out an extensive direct add message.  This change makes the log just about unusable, at least for us.


I've changed it so that it only displays the first couple of lines of the message. Please let me know if that works for you.

Thanks,
Mark 


moderated Re: #activitylog #directadd - Full email message showing un in the activity log?

 

Another idea would be to have a dedicated "direct add" page, just like there's now an "invite" page, and log the messages only there in both cases.


On Thu, Aug 23, 2018 at 11:55 AM Tom Vail <tom@...> wrote:
Mark,

If that is true, I BEG you to at least make it an option to include the message in the log,  We use the log daily and send out an extensive direct add message.  This change makes the log just about unusable, at least for us.

PLEASE include an option for a "one line log entries" or "detailed log entries" (maybe at the top of the page).

Thanks for your consideration.

Peace,
Tom


--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated Re: #activitylog #directadd - Full email message showing un in the activity log?

Tom Vail
 

Mark,

If that is true, I BEG you to at least make it an option to include the message in the log,  We use the log daily and send out an extensive direct add message.  This change makes the log just about unusable, at least for us.

PLEASE include an option for a "one line log entries" or "detailed log entries" (maybe at the top of the page).

Thanks for your consideration.

Peace,
Tom


moderated Re: #activitylog #directadd - Full email message showing un in the activity log?

 

Could be because a few days ago I asked Mark for direct-add messages to be logged, just as invite messages are, for consistency.
--
J

 

Messages are the sole opinion of the author, especially the fishy ones.

I wish I could shut up, but I can't, and I won't. - Desmond Tutu


moderated #activitylog #directadd - Full email message showing un in the activity log?

Tom Vail
 

All of a sudden we have the full email message showing up in the activity log when we do a direct add.  This is what it looks like:



Did the same thing a few days ago and got this one liner:


I don't think I made any changes which would affect this area.

Suggestions?

And now that I have them, is there a way to delete an item from the activity log?

Peace,
Tom Vail


moderated Re: Virus scanning

Walter Underwood
 

On Aug 23, 2018, at 10:27 AM, Mark Fletcher <markf@corp.groups.io> wrote:

Honestly not sure what, if anything, to do with SPF and DKIM. Seeing plenty of valid emails with bad DKIM sigs, for example.

It might be worth talking to the folk at FastMail. They are pretty active in the mail security standards. I use them for my mail.


wunder
Walter Underwood
wunder@...
http://observer.wunderwood.org/  (my blog)


moderated Re: Virus scanning

 

On Wed, Aug 22, 2018 at 11:08 PM, Shal Farley <shals2nd@...> wrote:

> I haven't done anything with SPF and DKIM data yet.

One step at a time. Though I might have expected these before content scanning. But I may have a skewed view of their relative difficulty and effectiveness (eg: these don't apply to uploads).

Honestly not sure what, if anything, to do with SPF and DKIM. Seeing plenty of valid emails with bad DKIM sigs, for example.


Mark 


moderated Re: Virus scanning

Jim Higgins
 

Received from Mark Fletcher at 8/23/2018 05:09 AM UTC:

Ok, so new group option for dealing with spam: either moderate or reject, with reject being the default. Rejected messages will be logged in the activity log. If I reject a message, should it bounce back to the sender, or should I blackhole it?

Don't bounce! REJECT during the SMTP transaction if possible. And if not possible, then just blackhole it.


If a message in the archives is flagged as having a virus or phishing attack, should I put a banner on the page saying so? (and should I go back through the archives doing scans)?

For viruses I'd prefer deletion. Given a settable option I'd choose deletion and take the tiny chance it's a false positive rather then set myself up to second guess the scanner. Scans for phishing based on keywords in message bodies are less reliable so a banner might be the thing for that.

Yes on scanning existing files/images (binaries) for viruses. Not sure scanning archived message text would provide much added benefit, but if you have the CPU horsepower, it can't hurt.


The fact that many/most groups don't accept messages from non-subscribers acts as a natural prevention for a lot of this crap.

That and also some groups don't accept attachments... and are plain text only. I've NEVER seen spam or viruses - or even phishing attempts - in plain text email with no attachments.


I don't accept smtp connections from IP addresses that don't have reverse DNS records. I use a few blocklists as well, for all connections to the site, not just email. I haven't done anything with SPF and DKIM data yet.

This is very good to know.

Jim H


moderated Re: Virus scanning

Gerald Boutin <groupsio@...>
 

On Thu, Aug 23, 2018 at 11:19 AM, JohnF wrote:
I would lean toward dropping rather than bouncing spam/malware/phishing, just because the system on the other end might misclassify groups.io as the source of the malware.

If you do bounce it for malware, whatever triggered the malware alert (attachment or link to dangerous site) should be stripped from the bounce message to avoid this.

JohnF

I am 100% in favor of reject and not bouncing.

If you want more info - read on here: http://www.dontbouncespam.org/

--
Gerald


moderated Re: Virus scanning

 

I would lean toward dropping rather than bouncing spam/malware/phishing, just because the system on the other end might misclassify groups.io as the source of the malware.

If you do bounce it for malware, whatever triggered the malware alert (attachment or link to dangerous site) should be stripped from the bounce message to avoid this.

JohnF


moderated Re: Virus scanning

Sharon Villines
 

Rejecting is annoying, but aggressively scrubbing malware from multipliers like groups.io is good policy in my book. Moderators should hesitate and consider carefully a decision to take the "moderate" option. Letting a malevolent email loose on your group could destroy it. Look at the annoyance of automatic rejection as a price a small price paid for the convenience and pleasure you get from membership in a groups.io group.
How likely is it that a clean message will be identified as infected? We aren’t talking about spam which is identified on the basis of words used, etc. Right?

If the messages are being scanned for malware, is it safe to allow attachments? I have a large public list on which we have rejected attachments for years. Since my personal malware software finds viruses in my non-list email regularly, it certainly is still getting through whatever other email systems see it.

Sharon
----
Sharon Villines
TakomaDC@Groups.io
"Neighbors Talking to Neighbors”
Takoma Park DC and MD


moderated Re: Virus scanning

 

Hi Mark,

If I reject a message, should it bounce back to the sender,
or should I blackhole it?
Reject (5xx) during inbound SMTP-session.

If a message in the archives is flagged as having a virus or phishing
attack, should I put a banner on the page saying so? (and should I go back
through the archives doing scans)?
At least give moderators the option to silence false positives which are inevitable, especially about phishing.

--
Lena


moderated Re: Virus scanning

 

Dave,

Will there be an option to disable spam checking?
Keep in mind this isn't about simple spam. This is about content which may be malware-infected or a phishing attempt. Detecting these specific things is likely to be much less prone to false positives than a generic spam filter.

Shal


moderated Re: Virus scanning

 

Mark,

If I reject a message, should it bounce back to the sender, or should
I blackhole it?
Given that the sender passed a reverse-DNS I'd say it is safe to bounce it back. Chances are the message was sent by a compromised account at an otherwise legit service. (And maybe the rejection lets them know they've got a problem user?).

If a message in the archives is flagged as having a virus or phishing
attack, should I put a banner on the page saying so?
On the whole I'd say "yes".

The counter-argument is that if the group's mods accepted the message then they might not appreciate having the (presumed false-positive) marking on the message. But I think that the members deserve to know that there was at least some doubt about this content.

(and should I go back through the archives doing scans)?
Optional, but probably a good idea. The question is what you'd do besides mark them. I think adding entries for them to the Activity log may be sufficient (for mods to go find them if they want).

I haven't done anything with SPF and DKIM data yet.
One step at a time. Though I might have expected these before content scanning. But I may have a skewed view of their relative difficulty and effectiveness (eg: these don't apply to uploads).

Shal


moderated Re: Virus scanning

Dave Sergeant
 

I take it this has not been implemented yet Mark, I see no options for
dealing with spam other than the existing ones under 'spam control' for
which in our case 'restricted membership' is the only relevant one.

Will there be an option to disable spam checking? I strongly feel there
should due to false positives, especially in private groups which
rarely have spam issues. I only look in the activity log rarely and
only if I have issues, 'moderation' of posts is an unwelcome extra
burden which I would really not want to do. Our groups just don't
suffer from spam, I would not really want false positives to get in the
way of an otherwise excellently running service.

Dave

On 22 Aug 2018 at 22:09, Mark Fletcher wrote:

Ok, so new group option for dealing with spam: either moderate or
reject, with reject being the default. Rejected messages will be logged
in the activity log. If I reject a message, should it bounce back to the
sender, or should I blackhole it?

http://davesergeant.com


moderated Re: Virus scanning

 

On Tue, Aug 21, 2018 at 9:42 PM, Shal Farley <shals2nd@...> wrote:

I don't think I would go as far as Lena suggests, and moderate them without that being a group option; I'm concerned that few group moderators would have the knowledge to make a safe decision for their group. A choice between "moderate" or "reject" might be useful, with "reject" the default.


Ok, so new group option for dealing with spam: either moderate or reject, with reject being the default. Rejected messages will be logged in the activity log. If I reject a message, should it bounce back to the sender, or should I blackhole it?

If a message in the archives is flagged as having a virus or phishing attack, should I put a banner on the page saying so? (and should I go back through the archives doing scans)?

 
By the way, I assume none of the above applies to the boatloads of absolute junk from invalid sources (malware-infected PCs and the like) that I presume you've been dropping all along. Those deserve the black hole treatment.

The fact that many/most groups don't accept messages from non-subscribers acts as a natural prevention for a lot of this crap. I don't accept smtp connections from IP addresses that don't have reverse DNS records. I use a few blocklists as well, for all connections to the site, not just email. I haven't done anything with SPF and DKIM data yet.

Thanks,
Mark

 


moderated Re: Virus scanning

Marv Waschke
 

On Tue, Aug 21, 2018 at 09:42 PM, Shal Farley wrote:
I don't think I would go as far as Lena suggests, and moderate them without that being a group option; I'm concerned that few group moderators would have the knowledge to make a safe decision for their group. A choice between "moderate" or "reject" might be useful, with "reject" the default.
Agree with Shal on this. An email reflector like groups.io, is a multiplier-- it turns a single email into many emails. Cybercriminals love this. Send out a malevolent email to a single address and, depending on the size of the group, the poison goes to hundreds or thousands of potential victims. And those victims are predisposed to swallow the poison because it comes from a familiar source that they intentionally subscribed to. Even better if the email spoofs the name of a prominent member. This is a hacker's dream setup. These criminals are not nice people. Give them a chance and they will hurt you.

Rejecting is annoying, but aggressively scrubbing malware from multipliers like groups.io is good policy in my book. Moderators should hesitate and  consider carefully a decision to take the "moderate" option. Letting a malevolent email loose on your group could destroy it. Look at the annoyance of automatic rejection as a price a small price paid for the convenience and pleasure you get from membership in a groups.io group.

Best, Marv


moderated Re: Virus scanning

 

Mark,

> My default implementation would be to turn it on so that it blocks all
> emails, files and photos that it finds has a virus or phishing
> attempt.
> Do you see any reason to not do it this way?

"Block" = "Drop" or "Reject"?

Drop is a very severe action, and I'm not entirely sure it should be done even with non-subscribers. With subscribers at the least I'd recommend "reject" (and add to the Activity log).

As Jim and some others, I was thinking maybe have a group option to put those from subscribers in the pending queue, prominently marked as containing potentially harmful content. This would serve the small fraction of groups who might be studying such things, or might be sharing harmless executable files that trigger a false positive.

I'm sympathetic because once long ago forwarding a message to abuse@... or spam@... was a common way certain senders requested that non-users (of their service) should report "bad" messages coming from their service. But I had an ISP that blocked suspicious messages outbound by me, so I couldn't send the requested report.

I don't think I would go as far as Lena suggests, and moderate them without that being a group option; I'm concerned that few group moderators would have the knowledge to make a safe decision for their group. A choice between "moderate" or "reject" might be useful, with "reject" the default.

By the way, I assume none of the above applies to the boatloads of absolute junk from invalid sources (malware-infected PCs and the like) that I presume you've been dropping all along. Those deserve the black hole treatment.

Shal


moderated Re: Virus scanning

Jim Higgins
 

I don't expect scanning to change anything here for me since my groups use plain text and no attachments in the first place.

Actions? Perhaps DROP ALL and DROP ATTACHMENT ONLY should be available... as well as maybe some sort of "Quarantine for Review/Moderation by Group Owner" option.

Notification? Notify Owner, Notify Sender, Notify Both seem like decent options. Notify Owner (or both) seems to go hand in hand with an action of "Quarantine for Review..." (above).

Jim H



Received from Mark Fletcher at 8/21/2018 03:24 AM UTC:

Hi All,

I've been testing virus/phishing scanning the last few weeks and I'm pretty confident that it's catching what it should. In testing, it's scanning all emails, all uploaded files and photos. And right now, if the sender is not a subscriber, it drops any emails it finds has a virus or phishing attack.

My default implementation would be to turn it on so that it blocks all emails, files and photos that it finds has a virus or phishing attempt. Do you see any reason to not do it this way?

The scanner I'm using is here: <http://www.clamav.net/>http://www.clamav.net/

Thanks, Mark