Closed Bug 133639 Opened 23 years ago Closed 20 years ago

fix npm.general's mail gateway

Categories

(mozilla.org :: Miscellaneous, task)

task
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: kerz, Assigned: endico)

Details

Attachments

(2 files)

Some is signing up npm.general's mail gateway address to hundreds of mailing lists. This is causing a huge amount of spam. It would seem the only way to stop it is to disable the gateway to npm.general.
Based on comments I've seen elsewhere, I assume you need to open a ticket with the Netscape IC Helpdesk for this, rather than in Bugzilla.
reassigning to oh-so-lucky-Dawn, who both monitors these things and has access to the AOL systems. to my mind, the amount of spam in most newsgroups and mailing lists is unacceptable. I appreciate AOL's contribution to our infrastructure immensely, but I'm astonished that AOL can't assist in developing some relief here. Eventually, we could think of moving our news and mail infrastructure. But that's a big job, I'd rather not do it, and it seems that AOL must have tools in place for this, if we can only find the reight person to help. mitchell
Assignee: mitchell → endico
Mitchell: "I appreciate AOL's contribution to our infrastructure immensely, but I'm astonished that AOL can't assist in developing some relief here." I don't think we have had right communications from mozilla.org to AOL in place for a while. Whining about things here in bugzilla won't echo very far beyond mozilla.org. That's why I'm pressing strongly for getting you more visibility so that problems like these can be solved. We need to drive these issues to some platform we can support and have project engagements done proper way.
Mitchell: "Eventually, we could think of moving our news and mail infrastructure." I have proposed multiple times to integrate mozilla.org to our existing Netscape.com mail infrastructure. Supporting mozilla.org's mail is difficult because it's separate solution.
Well I kinda like my mozilla stuff as mail... so how about changing the lists to function in this manner: 1. allow only newsgroup posts in a. possibly spam filter them but this is optional 2. allow only emails from subscribed participants in a. anything else should be either dropped to the floor with a bounce or b. sent in for moderation Personally I'd be happy with 1+2+2a and I think that would solve a lot of the issues we hit today. It should even solve the email tunnel setup (in this case that was the goober1800@yahoo.com address) as any emails going to it would be from a different email address and would therefore hit pt 2 and be dropped. This'll also kill any spam not coming in via the newsgroups (and a lot doesn't) and the bonus is is that it preserves most of the current functionality (what you don't get is the ability to post, via email, with a different address then what you've subscribed with - but that has the alternative of a newsgroup post when needed). What say ye?
This has all been discussed in bug 63735, which has been ignored for 15 months now. The obvious solution is to limit posting to people who have subscribed to any list (not necessarily the one they are sending to), including a new mozilla-postonly@mozilla.org list, which doesn't recieve mail, and will work for the news gateway. Note that I'm not sure why mozilla.org is one of the very few open source projects with its own public news hierarchy - if the only news server was news.mozilla.org, which didn't propogate to the rest of usenet, then we'd probably lose most of the 'ns4 doesn't work' mails too, while still letting people read via news. We would lose groups.google.com's archiving then, though, but we'd also lose the address harvesting. No, this isn't the only solution, and yes, it has disadvatages. I feel that those (and any solution to this can't be error free) are outweighed by the damage of the several hundred mailling lists npm.general is being subscribed to, and the tons of spam received per day. moderation doesn't work unless you find people to be moderators for every single group. But since I don't think theres any point in rehashing this argument for another 15 months in a new bug without anything being done, this bug should probably be marked as a dupe of 63735.
Sorry to morph this, but now n.p.m.ui is being spammed in the same manner. There must be a way to stop all of thise non-sense.
yes. this is highly annoying but its not spam. In this case, the people sending the mail think that we asked for it and the normal spam filtering methods aren't going to work. To get rid of the extra junk mail we need to wait for the sociopath who's doing this to stop (or possibly make him stop but i doubt that's possible) and then unsubscribe from these lists. I just disabled the mozilla-general mailing lists. Leaving it that way for a few days should: a) keep the alias from being subscribed to anything new since the address is now invalid. b) with any luck each of the mailing lists will send the list mail, notice that the address is invalid and automatically unsubscribe it. Also, someone could go through and unsubscribe us from the lists. This has already been done for a number of the lists. Oh, except i just noticed that the list isn't completely dead. its no longer sending mail off to everyone but it doesn't seem to be bouncing mail either. I'm now getting mail (as postmaster?) addressed to mozilla-general with the header line. This is stuff that's originating from smtp. X-Diagnostic: Non-existent mailinglist
I think this does qualify as spam. It's not SPAM from the sites to mozilla lists, but from the person who is subscribing so to say. We didn't solicit the emails from the person, so any emails that he produces aimed towards us are unsolicited and would qualify as SPAM IMHO.
someone said that npm.browser is getting it too. trying to figure out how to turn off posts from non-subscribers. Hopefully that will just be temporary until this crap stops. this makes the groups so much less useful.
Possibly my comment about removing ourselves from usenet was a bit excessive. It would remove the usenet spam, though... endico: If you're requring people be a subscriber to post, can you please set up a mozilla-postonly list so that people who read via nntp can still post?
I would've thought she meant that you have to be a subscriber to the mailing lists in order to post to the mailing lists. It's still a free for all on the news groups. (or am I wrong? I thought all the new crud was coming in via email...)
I have attached a form letter to be sent to abuse-mail@uu.net regarding this.
uu.net tracking number B-TSI-005323972 assigned to the issue. Refer to it in any communications with uu.net.
I want to make it so the only people who can send mail to our mozilla- mailing lists are people who are subscribed to the list. If you're posting through nntp then your post should be distributed to the mailing list subscribers no matter what. This change should affect only the newsgroup mirrors. It should not affect aliases such as drivers or staff. It should not affect mozilla-crypto-checkins or mozilla-patches. i've been using mozilla-mac, mozilla-mstone and mozilla-as to test with and am unsucessful at getting the lists to deny posts from people not subscribed to the lists (that is, from me) I've tried changing both rc.init and rc.custom. I accidently changed force-subscribe once and *that* worked so i know that i'm working with the right files. delete access create a hard link from dist to access in mozilla-mstone/rc.custom uncomment the "foreign_submit" line i've filed ticket HD0000000163382 on this issue. i think we're up to at least a dozen mailing lists being attacked like this.
I called abuse uunet (citing choess' ticket) and it seems like we catched the attacker while he was logged on. The support guy says that the attacker is a customer of another ISP (a reseller of uunet), so they can't block the account (for policy / legal reasons, I guess), but only cancel the *current* connection and tell the reseller about the violation. It will be up to them what they do. Of course, that's pretty useless. :-( At least the support guy said that they will save the infomation and give it out on court order. After all, it could count as Denial of Service attack and be a criminal offense.
it seems like uunet killed whatever script that guy was running. (probably on someone else's machine). the subscription messages seem to have stopped for a while. npm.general was the worst hit. npm.ui got subscription notices from two different places and a dozen or so got a bunch of notices from about.com. I added about.com to our access list so now we'll discard their mail. I'd like to delete this after slist is configured to no longer allow outside posts. I undid my changes to mozilla-mac/rc.init and mozilla-mac/rc.custom since it was no longer accepting mail from anyone. removing the mozilla-general alias caused a lot of problems so i added it back and emptied out the distribution list in case the alias is spammed again. The distribution list it is backed up in dist.bak. After I emptied out the list, publisher@magazine.zzn.com was added. this looks like a mailing list address so i deleted it.
i coudln't get list to disable foreign posts properly. (post from people not subscribed). i think what happened is that slist behaved correctly and didn't send the banned mail to mailing list subscribers but the mail was still getting posted to the news gateway because it doesn't use slist at all. as a workaround i have made most of the mailing lists read-only. if you mail to the list the mail only goes to mail subscribers, but not to the newsgroups. I made a few exceptions for some groups that require having people send mail to them, but i'm reluctant to list which ones. People with access to gila can figure it out.
> if you mail to the list the mail only goes to mail subscribers, but not > to the newsgroups. This situation gives posters the impression that their messages got through (to both list and newsgroup), while in fact it didn't. Maybe it's then better to disable the list posting completely.
i cant. that's broken and there's a ticket open on it.
Last time we discussed changing the mozilla mail/news setup to something easier to suppbe involved. This does not support community development, one of our core goals. I agree Bugzilla is not the place for this discussion. I suggest we move it to n.p.m.general. There we can also enjoy the massive amount of spam that haunts mozilla newsgroups. mitchell
The flooder also appears to be sending at least some spam to the newsgroups via the mail2news gateway at nym.alias.net; perhaps we should block that domain.
I just had new spam coming in, with IP address and immediately called uunet again. This time I spoke with somebody from "the Security team", who was a bit more helpful. I demanded that they cancel the account, but he convinced me (unless he was straight lying) that they cannot do that. He repeated what the previous guy said about the reseller and disclosure. We would need a court order. He also said that it is trivial for the attacker to sign up with a new ISP within a few minutes. Nevertheless, he said that they could e.g. look at the caller id of the modem call, so they can put him on a uunet-wide blacklist and block all calls from him, regardless of the uunet reseller. Unfortunately, the call we just catched had no caller id transmitted, so the likeliness of that being successful is small. The guy also said that he will (might?) look at the groups via google and see, what alse he can do about it. However, the infomation at google is no "proof" for him - he needs it mailed to the abuse address <abuse-mail@uu.net>. (Ironic, isn't it? Information I mail to them is trivial to forge, while they have tamperproof evidence right on their own Usenet server.) So, he advised me to mail the spam, with all headers, to their abuse address. The mail that has been distributed via the mailing lists is preferred, because the mail->news gateway strips some headers IIRC and the newer spam didn't land in the newsgroups. Mail each spam mail separately and do *not* cite the ticket number mentioned above. Just Forward as attachment and write a little test in the beginning, like the one below. The uunet guy said that we can forward them as much spam as our time permits. Sample text for abuse: Somebody is mailbombing the Mozilla <http://www.mozilla.org> mailing lists, by subscribing the list posting address to other mailing lists on other sites and vice versa, probably in an attempt that the lists bombard each other with posts and the user reaction to the spamming. This effects dozens of Mozilla mailing lists, and each of them is subscribed to dozens or hundreds of other lists. Some of the subscription confirmation messages contain the IP address, with timestamp, of the attacker. Please take action to stop this attack persistently.
Mär 27 08:03:31 <choess> For live incidents, please contact WorldCom Internet Abuse Investigations at 1-800-900-0241, option 2,3,1 24 hours a day. Here's a corrected sample text I used: Somebody is mailbombing the Mozilla <http://www.mozilla.org> mailing lists, by subscribing the list posting address to other mailing lists on other sites and vice versa, probably in an attempt that the lists bombard each other with posts and the user reaction to the spamming. Dozens of Mozilla mailing lists are targetted, and each of them is subscribed to dozens or hundreds of other lists. Some of the subscription confirmation messages contain the IP address, with timestamp, of the attacker. One of them attached, with headers. Please take action to stop this attack persistently.
marking this as fixed. The mailing list attack seems to be over and we're insulated from what vestiges of it still exist. AOL Oppsec was investigating the cause of this attack. Incoming mail from mailing list sites is blocked by our mx host and we're still blocking many many messages per day. Yesterday we blocked 95. In addition, the mailing lists now only accept posts from known people on a whitelist. The whitelist contains addresses of mailing list subscribers, bugzilla users, people who have posted to the newsgroups in the last month, and people who have made requests to be added. As a result, the signal/noise ratio has shot way up. Mailing list requests have gone away and nearly all spam is gone. On the down side, mailing list subscribers are missing out on a lot of messages from people who post via nntp. The whitelist only applies to messages sent to the mailing list. As a result, if you post your message via mail and you're not on the whitelist then neither mailing list subscribers nor newsgroup readers see your post. (as one would expect) However, if you post via nttp, then the post shows up on the news server no matter what, and its only mirrored to the mailing list if the sender is on the whitelist. this is resulting in mailing list subscribers missing a lot of valid posts that show up in the newsgroup, but not in the mailing list. I guess the answer here is to only apply the whitelist to messages that originate as mail and post all nntp messages no matter what. But that's not very straightforward so don't expect it to happen any time soon.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
> this is resulting in mailing list subscribers missing a lot of valid > posts that show up in the newsgroup, but not in the mailing list. This makes the mailing lists pretty useless.
Re-opening, and modifying the summary a bit. Silent dataloss is an extremely bad thing.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: Disable npm.general's mail gateway → fix npm.general's mail gateway
re my comment 26: Looking at .mail-news, I am not against a subscription only scheme, but it should apply to the news server as well, to prevent things like: Sebastian Spaeth (who I'd count as "developer" per the charter) <news://news.mozilla.org/3CD116A8.1010302@SSpaeth.de>: > As I do not bother about the mailing lists and am too lazy to register, at least my posts don't make it > through the mail gateway. I suspect others experience the same...
looking for r= from dmose This patch is in place on mozilla-performance-size-matters@mozilla.org. I'll set up the rest to use the new script after dmose's review. also check out /usr/local/bin/make-alldist.sh
Does anyone know what is going on with this?
This bug and the patches on it are about the slist mailing list server which we are no longer using, and MailMan (which we are currently using) seems to have sufficient guards in place to keep track of this appropriately (subscribers can post, non-subscribers get moderated).
Status: REOPENED → RESOLVED
Closed: 23 years ago20 years ago
Resolution: --- → WONTFIX
hmm, actually, let's do it this way...
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Fixed by upgrading to MailMan in September 2003.
Status: REOPENED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: