According to a report on the forum, the external service dbl.spamhaus.org is marking github.com as a spam site and the spam filter therefore rejects tickets/comments linking to PRs and such.

That's somewhat undesirable I would say 😅

I've looked around a bit and the antispam configuration options are both overwhelming but also pretty limited. I couldn't find a way to allowlist certain domains for example.

Curious if we know the origin of the SPAM that made it through a few hours ago. Have we made any changes to the configurations lately?

Curious if we know the origin of the SPAM that made it through a few hours ago. Have we made any changes to the configurations lately?

No configuration changes, but the timing of this latest spam wave is very suspiciously close to the deploying of d9356b4

Yeah that seems to line up.

Possibly this dependency? d9356b4#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552R9-R10

That's what I thought too at first, but that plugin seems to be installed correctly. It's that plugin that interacts with dbl.spamhaus.org for example, which seems to indicate it's working.

But Trac's plugin architecture can make it a bit hard to figure out exactly what's installed and activated, so who knows?

But Trac's plugin architecture can make it a bit hard to figure out exactly what's installed and activated, so who knows?

Well what do you know, one of the sub-plugins (tracspamfilter.filters.bayes) was missing a dependency and was silently being skipped. That probably explains the recent wave.

See linked PR above this comment