Closed
Bug 133639
Opened 23 years ago
Closed 20 years ago
fix npm.general's mail gateway
Categories
(mozilla.org :: Miscellaneous, task)
mozilla.org
Miscellaneous
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kerz, Assigned: endico)
Details
Attachments
(2 files)
942 bytes,
text/plain
|
Details | |
1.04 KB,
patch
|
Details | Diff | Splinter Review |
Some is signing up npm.general's mail gateway address to hundreds of mailing
lists. This is causing a huge amount of spam. It would seem the only way to
stop it is to disable the gateway to npm.general.
Comment 1•23 years ago
|
||
Based on comments I've seen elsewhere, I assume you need to open a ticket with
the Netscape IC Helpdesk for this, rather than in Bugzilla.
Comment 2•23 years ago
|
||
reassigning to oh-so-lucky-Dawn, who both monitors these things and has access
to the AOL systems.
to my mind, the amount of spam in most newsgroups and mailing lists is
unacceptable. I appreciate AOL's contribution to our infrastructure immensely,
but I'm astonished that AOL can't assist in developing some relief here.
Eventually, we could think of moving our news and mail infrastructure. But
that's a big job, I'd rather not do it, and it seems that AOL must have tools in
place for this, if we can only find the reight person to help.
mitchell
Assignee: mitchell → endico
Comment 3•23 years ago
|
||
Mitchell:
"I appreciate AOL's contribution to our infrastructure immensely,
but I'm astonished that AOL can't assist in developing some relief here."
I don't think we have had right communications from mozilla.org to AOL in place
for a while. Whining about things here in bugzilla won't echo very far beyond
mozilla.org. That's why I'm pressing strongly for getting you more visibility so
that problems like these can be solved. We need to drive these issues to some
platform we can support and have project engagements done proper way.
Comment 4•23 years ago
|
||
Mitchell: "Eventually, we could think of moving our news and mail infrastructure."
I have proposed multiple times to integrate mozilla.org to our existing
Netscape.com mail infrastructure. Supporting mozilla.org's mail is difficult
because it's separate solution.
Well I kinda like my mozilla stuff as mail... so how about changing the lists to
function in this manner:
1. allow only newsgroup posts in
a. possibly spam filter them but this is optional
2. allow only emails from subscribed participants in
a. anything else should be either dropped to the floor with a bounce or
b. sent in for moderation
Personally I'd be happy with 1+2+2a and I think that would solve a lot of the
issues we hit today.
It should even solve the email tunnel setup (in this case that was the
goober1800@yahoo.com address) as any emails going to it would be from a
different email address and would therefore hit pt 2 and be dropped.
This'll also kill any spam not coming in via the newsgroups (and a lot doesn't)
and the bonus is is that it preserves most of the current functionality (what
you don't get is the ability to post, via email, with a different address then
what you've subscribed with - but that has the alternative of a newsgroup post
when needed).
What say ye?
Comment 6•23 years ago
|
||
This has all been discussed in bug 63735, which has been ignored for 15 months now.
The obvious solution is to limit posting to people who have subscribed to any
list (not necessarily the one they are sending to), including a new
mozilla-postonly@mozilla.org list, which doesn't recieve mail, and will work for
the news gateway.
Note that I'm not sure why mozilla.org is one of the very few open source
projects with its own public news hierarchy - if the only news server was
news.mozilla.org, which didn't propogate to the rest of usenet, then we'd
probably lose most of the 'ns4 doesn't work' mails too, while still letting
people read via news. We would lose groups.google.com's archiving then, though,
but we'd also lose the address harvesting.
No, this isn't the only solution, and yes, it has disadvatages. I feel that
those (and any solution to this can't be error free) are outweighed by the
damage of the several hundred mailling lists npm.general is being subscribed to,
and the tons of spam received per day.
moderation doesn't work unless you find people to be moderators for every single
group.
But since I don't think theres any point in rehashing this argument for another
15 months in a new bug without anything being done, this bug should probably be
marked as a dupe of 63735.
Comment 7•23 years ago
|
||
Sorry to morph this, but now n.p.m.ui is being spammed in the same manner.
There must be a way to stop all of thise non-sense.
Assignee | ||
Comment 8•23 years ago
|
||
yes. this is highly annoying but its not spam. In this case, the people
sending the mail think that we asked for it and the normal spam filtering
methods aren't going to work.
To get rid of the extra junk mail we need to wait for the sociopath
who's doing this to stop (or possibly make him stop but i doubt that's
possible) and then unsubscribe from these lists.
I just disabled the mozilla-general mailing lists. Leaving it that way
for a few days should:
a) keep the alias from being subscribed to anything new since the
address is now invalid.
b) with any luck each of the mailing lists will send the list mail, notice
that the address is invalid and automatically unsubscribe it.
Also, someone could go through and unsubscribe us from the lists. This
has already been done for a number of the lists.
Oh, except i just noticed that the list isn't completely dead. its no
longer sending mail off to everyone but it doesn't seem to be bouncing
mail either. I'm now getting mail (as postmaster?) addressed to
mozilla-general with the header line. This is stuff that's originating
from smtp.
X-Diagnostic: Non-existent mailinglist
Comment 9•23 years ago
|
||
I think this does qualify as spam.
It's not SPAM from the sites to mozilla lists, but from the person who is
subscribing so to say.
We didn't solicit the emails from the person, so any emails that he produces
aimed towards us are unsolicited and would qualify as SPAM IMHO.
Assignee | ||
Comment 10•23 years ago
|
||
someone said that npm.browser is getting it too. trying to figure out
how to turn off posts from non-subscribers. Hopefully that will just
be temporary until this crap stops. this makes the groups so much less
useful.
Comment 11•23 years ago
|
||
Possibly my comment about removing ourselves from usenet was a bit excessive. It
would remove the usenet spam, though...
endico: If you're requring people be a subscriber to post, can you please set up
a mozilla-postonly list so that people who read via nntp can still post?
Comment 12•23 years ago
|
||
I would've thought she meant that you have to be a subscriber to the mailing
lists in order to post to the mailing lists. It's still a free for all on the
news groups. (or am I wrong? I thought all the new crud was coming in via email...)
Comment 13•23 years ago
|
||
I have attached a form letter to be sent to abuse-mail@uu.net regarding this.
Comment 14•23 years ago
|
||
uu.net tracking number B-TSI-005323972 assigned to the issue. Refer to it in
any communications with uu.net.
Assignee | ||
Comment 15•23 years ago
|
||
I want to make it so the only people who can send mail to our
mozilla- mailing lists are people who are subscribed to the list.
If you're posting through nntp then your post should be distributed
to the mailing list subscribers no matter what. This change should
affect only the newsgroup mirrors. It should not affect aliases such
as drivers or staff. It should not affect mozilla-crypto-checkins
or mozilla-patches.
i've been using mozilla-mac, mozilla-mstone and mozilla-as to test with
and am unsucessful at getting the lists to deny posts from people not
subscribed to the lists (that is, from me) I've tried changing both rc.init
and rc.custom. I accidently changed force-subscribe once and *that* worked
so i know that i'm working with the right files.
delete access
create a hard link from dist to access
in mozilla-mstone/rc.custom uncomment the "foreign_submit" line
i've filed ticket HD0000000163382 on this issue.
i think we're up to at least a dozen mailing lists being attacked like
this.
Comment 16•23 years ago
|
||
I called abuse uunet (citing choess' ticket) and it seems like we catched the
attacker while he was logged on. The support guy says that the attacker is a
customer of another ISP (a reseller of uunet), so they can't block the account
(for policy / legal reasons, I guess), but only cancel the *current* connection
and tell the reseller about the violation. It will be up to them what they do.
Of course, that's pretty useless. :-( At least the support guy said that they
will save the infomation and give it out on court order. After all, it could
count as Denial of Service attack and be a criminal offense.
Assignee | ||
Comment 17•23 years ago
|
||
it seems like uunet killed whatever script that guy was running. (probably on
someone else's machine). the subscription messages seem to have stopped for a
while. npm.general was the worst hit. npm.ui got subscription notices from
two different places and a dozen or so got a bunch of notices from about.com.
I added about.com to our access list so now we'll discard their mail. I'd like
to delete this after slist is configured to no longer allow outside posts.
I undid my changes to mozilla-mac/rc.init and mozilla-mac/rc.custom since it
was no longer accepting mail from anyone.
removing the mozilla-general alias caused a lot of problems so i added it
back and emptied out the distribution list in case the alias is spammed
again. The distribution list it is backed up in dist.bak. After I emptied
out the list, publisher@magazine.zzn.com was added. this looks like a
mailing list address so i deleted it.
Assignee | ||
Comment 18•23 years ago
|
||
i coudln't get list to disable foreign posts properly. (post from people
not subscribed). i think what happened is that slist behaved correctly
and didn't send the banned mail to mailing list subscribers but the
mail was still getting posted to the news gateway because it doesn't
use slist at all.
as a workaround i have made most of the mailing lists read-only. if
you mail to the list the mail only goes to mail subscribers, but not
to the newsgroups. I made a few exceptions for some groups that require
having people send mail to them, but i'm reluctant to list which ones.
People with access to gila can figure it out.
Comment 19•23 years ago
|
||
> if you mail to the list the mail only goes to mail subscribers, but not
> to the newsgroups.
This situation gives posters the impression that their messages got through (to
both list and newsgroup), while in fact it didn't. Maybe it's then better to
disable the list posting completely.
Assignee | ||
Comment 20•23 years ago
|
||
i cant. that's broken and there's a ticket open on it.
Comment 21•23 years ago
|
||
Last time we discussed changing the mozilla mail/news setup to something easier
to suppbe involved. This does not support community development, one of our
core goals.
I agree Bugzilla is not the place for this discussion. I suggest we move it to
n.p.m.general. There we can also enjoy the massive amount of spam that haunts
mozilla newsgroups.
mitchell
Comment 22•23 years ago
|
||
The flooder also appears to be sending at least some spam to the newsgroups via
the mail2news gateway at nym.alias.net; perhaps we should block that domain.
Comment 23•23 years ago
|
||
I just had new spam coming in, with IP address and immediately called uunet
again. This time I spoke with somebody from "the Security team", who was a bit
more helpful. I demanded that they cancel the account, but he convinced me
(unless he was straight lying) that they cannot do that. He repeated what the
previous guy said about the reseller and disclosure. We would need a court
order. He also said that it is trivial for the attacker to sign up with a new
ISP within a few minutes. Nevertheless, he said that they could e.g. look at the
caller id of the modem call, so they can put him on a uunet-wide blacklist and
block all calls from him, regardless of the uunet reseller. Unfortunately, the
call we just catched had no caller id transmitted, so the likeliness of that
being successful is small.
The guy also said that he will (might?) look at the groups via google and see,
what alse he can do about it. However, the infomation at google is no "proof"
for him - he needs it mailed to the abuse address <abuse-mail@uu.net>. (Ironic,
isn't it? Information I mail to them is trivial to forge, while they have
tamperproof evidence right on their own Usenet server.)
So, he advised me to mail the spam, with all headers, to their abuse address.
The mail that has been distributed via the mailing lists is preferred, because
the mail->news gateway strips some headers IIRC and the newer spam didn't land
in the newsgroups. Mail each spam mail separately and do *not* cite the ticket
number mentioned above. Just Forward as attachment and write a little test in
the beginning, like the one below. The uunet guy said that we can forward them
as much spam as our time permits.
Sample text for abuse:
Somebody is mailbombing the Mozilla <http://www.mozilla.org> mailing lists, by
subscribing the list posting address to other mailing lists on other sites and
vice versa, probably in an attempt that the lists bombard each other with posts
and the user reaction to the spamming. This effects dozens of Mozilla mailing
lists, and each of them is subscribed to dozens or hundreds of other lists. Some
of the subscription confirmation messages contain the IP address, with
timestamp, of the attacker. Please take action to stop this attack persistently.
Comment 24•23 years ago
|
||
Mär 27 08:03:31 <choess> For live incidents, please contact WorldCom Internet
Abuse Investigations at 1-800-900-0241, option 2,3,1 24 hours a day.
Here's a corrected sample text I used:
Somebody is mailbombing the Mozilla <http://www.mozilla.org> mailing lists, by
subscribing the list posting address to other mailing lists on other sites and
vice versa, probably in an attempt that the lists bombard each other with posts
and the user reaction to the spamming. Dozens of Mozilla mailing lists are
targetted, and each of them is subscribed to dozens or hundreds of other lists.
Some of the subscription confirmation messages contain the IP address, with
timestamp, of the attacker. One of them attached, with headers. Please take
action to stop this attack persistently.
Assignee | ||
Comment 25•23 years ago
|
||
marking this as fixed. The mailing list attack seems to be over
and we're insulated from what vestiges of it still exist. AOL
Oppsec was investigating the cause of this attack. Incoming mail
from mailing list sites is blocked by our mx host and we're
still blocking many many messages per day. Yesterday we blocked 95.
In addition, the mailing lists now only accept posts from known
people on a whitelist. The whitelist contains addresses of mailing
list subscribers, bugzilla users, people who have posted to the
newsgroups in the last month, and people who have made requests
to be added.
As a result, the signal/noise ratio has shot way up. Mailing list
requests have gone away and nearly all spam is gone. On the down
side, mailing list subscribers are missing out on a lot of messages
from people who post via nntp.
The whitelist only applies to messages sent to the mailing list.
As a result, if you post your message via mail and you're not on
the whitelist then neither mailing list subscribers nor newsgroup
readers see your post. (as one would expect) However, if you post
via nttp, then the post shows up on the news server no matter what,
and its only mirrored to the mailing list if the sender is on the
whitelist.
this is resulting in mailing list subscribers missing a lot of valid
posts that show up in the newsgroup, but not in the mailing list.
I guess the answer here is to only apply the whitelist to messages
that originate as mail and post all nntp messages no matter what.
But that's not very straightforward so don't expect it to happen
any time soon.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 26•23 years ago
|
||
> this is resulting in mailing list subscribers missing a lot of valid
> posts that show up in the newsgroup, but not in the mailing list.
This makes the mailing lists pretty useless.
Comment 27•23 years ago
|
||
Re-opening, and modifying the summary a bit. Silent dataloss is an extremely
bad thing.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: Disable npm.general's mail gateway → fix npm.general's mail gateway
Comment 28•23 years ago
|
||
re my comment 26: Looking at .mail-news, I am not against a subscription only
scheme, but it should apply to the news server as well, to prevent things like:
Sebastian Spaeth (who I'd count as "developer" per the charter)
<news://news.mozilla.org/3CD116A8.1010302@SSpaeth.de>:
> As I do not bother about the mailing lists and am too lazy to register, at
least my posts don't make it
> through the mail gateway. I suspect others experience the same...
Assignee | ||
Comment 29•23 years ago
|
||
looking for r= from dmose
This patch is in place on mozilla-performance-size-matters@mozilla.org. I'll
set up the rest to use the new script after dmose's review.
also check out /usr/local/bin/make-alldist.sh
Comment 30•21 years ago
|
||
Does anyone know what is going on with this?
Comment 31•20 years ago
|
||
This bug and the patches on it are about the slist mailing list server which we
are no longer using, and MailMan (which we are currently using) seems to have
sufficient guards in place to keep track of this appropriately (subscribers can
post, non-subscribers get moderated).
Status: REOPENED → RESOLVED
Closed: 23 years ago → 20 years ago
Resolution: --- → WONTFIX
Comment 32•20 years ago
|
||
hmm, actually, let's do it this way...
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Comment 33•20 years ago
|
||
Fixed by upgrading to MailMan in September 2003.
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•