[ale] Help!! Ale is being abused
Jim Kinney
jim.kinney at gmail.com
Wed Jul 13 09:50:12 EDT 2022
Can you set up postfix to capture ALL outbound mail sent to ukkoknowles at usfamily.net
and redirect to a local account or /dev/null. Got another 15 last night. But the new ones are all originating within 3 minutes of the first one so it may still just be fall out.
It looks like the first 5 complaints are for a single email. Identical time stamp, smtp id, and esmtp id. The next four are also identical but from an email sent about 40 seconds later. Each in this batch have the same ids.
The new batch has the same sending time stamp so far, 20220711224723 but different smtp and esmtp ids.
On July 12, 2022 7:55:47 PM MST, Robert Tweedy <robert at robert-tweedy.com> wrote:
>Thanks Derek,
>
>I've made the changes & tested to confirm that the ale-request &
>ale-subscribe addresses no longer work.
>
>-Robert
>
>On 7/12/22 22:08, Derek Atkins wrote:
>> I know it won't break core functionality.
>> You could send the - request email to a person.
>> I think you need to deal with it in postfix.
>>
>> -derek
>> Sent using my mobile device. Please excuse any typos.
>>
>> On July 12, 2022 9:11:13 PM Robert Tweedy <robert at robert-tweedy.com>
>> wrote:
>>
>>> I feel like disabling the Mailman "-request" and "-subscribe"
>>> addresses would have unintended side effects, but it's technically a
>
>>> possibility; does anyone more familiar with GNU Mailman know if this
>is:
>>>
>>> 1. A bad idea/will severely break core Mailman functions
>>> (alternatively, how many people will start sending in complaints
>that
>>> their emails to "ale-request at ale.org" stopped working)?
>>> 2. An option that's available through Mailman's configuration files?
>
>>> Or would I need to modify the Postfix aliases to achieve this?
>>>
>>> -Robert
>>>
>>> On 7/12/22 20:40, Derek Atkins wrote:
>>>> Another option is to turn off handling of email-based subscription
>>>> requests and require going through the web interface?
>>>>
>>>> -derek
>>>>
>>>> On Tue, July 12, 2022 8:17 pm, Robert Tweedy via Ale wrote:
>>>>> I've gotten a basic Captcha configured now on Mailman's main
>sign-up
>>>>> pages (which is likely where the issue's coming from), so this
>will
>>>>> hopefully lessen the problem. I'm definitely open to any
>suggestions for
>>>>> improvement as well as donations of time to implement a better
>>>>> spam-filtering mechanism to prevent the server from responding to
>every
>>>>> incoming message it receives (ie. Mailman either needs to be
>smarter
>>>>> about what messages it replies to & what messages it just
>>>>> ignores/discards without a reply, or we need our spam filter to
>also
>>>>> work internally & keep Mailman from sending out spam on its own
>when
>>>>> someone/something abuses forms on the site that could generate an
>email).
>>>>>
>>>>> On 7/12/22 18:01, Jim Kinney via Ale wrote:
>>>>>> Started getting these notices/complaints today and each one is a
>$5
>>>>>> charge from my hosting provider. We're up to $35 so far today.
>>>>>>
>>>>>> I'm on work out of state and didn't travel with any personal gear
>and
>>>>>> Robert is also slammed. Can someone gently talk with the
>recipient and
>>>>>> ask if they can simply delete/block instead of complain.
>>>>>>
>>>>>> We are open to ideas. That email is already blocked.
>>>>>>
>>>>>>
>>>>>> <snip>
>>>>> _______________________________________________
>>>>> Ale mailing list
>>>>> Ale at ale.org
>>>>> https://mail.ale.org/mailman/listinfo/ale
>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>> http://mail.ale.org/mailman/listinfo
>>>>>
>>>
>>
--
Computers amplify human error
Super computers are really cool
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20220713/66f69b22/attachment.htm>
More information about the Ale
mailing list