Yes, it would be nice if the list didn't relay this obvious cruft.
I'm s*bscribed to quite a few discussion lists, and php-general seems to be the ONLY one relaying these malware messages and the claims of virus filters.
It looks rather like php-general is operating as an open list, seeing as some of the addresses these messages are coming from clearly shouldn't already be s*bscribed to the list, and the malware responsible for most of it wouldn't actually perform a s*bscription.
At a minimum, I'd block the handful of known forgery addresses, plus block postmaster@ and mailer-daemon@ messages from reaching the list. Yea, bummer for the handful of people who use postmaster for their s*bscription address (which is contrary to the purpose of the postmaster address, so no loss there). I'd be quite happy if the list didn't accept attachments either, but that would probably be a bit much to ask.
The appropriate solution would be to configure lists.php.net and any other php.net mail hosts to use SMTP AUTH, and set them up with TLS certificates and trusted relationships among one another using TLS (this is easy to do, at least in sendmail - but php.net is running qmail...). After that is done, set php.net hosts up to REJECT messages claiming to be from php.net (proper AUTH or TLS will circumvent this rejection). End result: no more forgeries through the php.net servers.
--- Please DO NOT carbon me on list replies. I'll get my copy from the list. Founding member of the campaign against email bloat. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
