[ale] Help!! Ale is being abused

Jerald Sheets questy at gmail.com
Wed Jul 13 10:30:16 EDT 2022 

Ok, Ive reached out to the origination email address, and it turns out it’s a service address for “Chatechesis of the Good Shepherd” in Scottsdale, AZ.  Looks like their mail address got harvested, and someone is trying to hit our list from that.  I called them to discuss with their IT (or whomever is doing the companies) to try and stop it. Pointed out we’re a non-profit just like they are, etc. etc.  I’ll keep everyone posted as to their reply (if any).  Primarily, getting them to stop the complaints.



Jerald Sheets
questy at gmail.com



> On Jul 13, 2022, at 9:50 AM, Jim Kinney via Ale <ale at ale.org> wrote:
> 
> Can you set up postfix to capture ALL outbound mail sent to ukkoknowles at usfamily.net
> and redirect to a local account or /dev/null. Got another 15 last night. But the new ones are all originating within 3 minutes of the first one so it may still just be fall out.
> 
> It looks like the first 5 complaints are for a single email. Identical time stamp, smtp id, and esmtp id. The next four are also identical but from an email sent about 40 seconds later. Each in this batch have the same ids.
> 
> The new batch has the same sending time stamp so far, 20220711224723 but different smtp and esmtp ids.
> 
> On July 12, 2022 7:55:47 PM MST, Robert Tweedy <robert at robert-tweedy.com> wrote:
> Thanks Derek,
> 
> I've made the changes & tested to confirm that the ale-request & ale-subscribe addresses no longer work.
> 
> -Robert
> 
> On 7/12/22 22:08, Derek Atkins wrote:
>> I know it won't break core functionality.
>> You could send the - request email to a person.
>> I think you need to deal with it in postfix.
>> 
>> -derek
>> Sent using my mobile device. Please excuse any typos.
>> 
>> On July 12, 2022 9:11:13 PM Robert Tweedy <robert at robert-tweedy.com> <mailto:robert at robert-tweedy.com> wrote:
>> 
>>> I feel like disabling the Mailman "-request" and "-subscribe" addresses would have unintended side effects, but it's technically a possibility; does anyone more familiar with GNU Mailman know if this is:
>>> 
>>> 1. A bad idea/will severely break core Mailman functions (alternatively, how many people will start sending in complaints that their emails to "ale-request at ale.org" <mailto:ale-request at ale.org> stopped working)?
>>> 2. An option that's available through Mailman's configuration files? Or would I need to modify the Postfix aliases to achieve this?
>>> 
>>> -Robert
>>> 
>>> On 7/12/22 20:40, Derek Atkins wrote:
>>>> Another option is to turn off handling of email-based subscription
>>>> requests and require going through the web interface?
>>>> 
>>>> -derek
>>>> 
>>>> On Tue, July 12, 2022 8:17 pm, Robert Tweedy via Ale wrote:
>>>>> I've gotten a basic Captcha configured now on Mailman's main sign-up
>>>>> pages (which is likely where the issue's coming from), so this will
>>>>> hopefully lessen the problem. I'm definitely open to any suggestions for
>>>>> improvement as well as donations of time to implement a better
>>>>> spam-filtering mechanism to prevent the server from responding to every
>>>>> incoming message it receives (ie. Mailman either needs to be smarter
>>>>> about what messages it replies to & what messages it just
>>>>> ignores/discards without a reply, or we need our spam filter to also
>>>>> work internally & keep Mailman from sending out spam on its own when
>>>>> someone/something abuses forms on the site that could generate an email).
>>>>> 
>>>>> On 7/12/22 18:01, Jim Kinney via Ale wrote:
>>>>>> Started getting these notices/complaints today and each one is a $5
>>>>>> charge from my hosting provider. We're up to $35 so far today.
>>>>>> 
>>>>>> I'm on work out of state and didn't travel with any personal gear and
>>>>>> Robert is also slammed. Can someone gently talk with the recipient and
>>>>>> ask if they can simply delete/block instead of complain.
>>>>>> 
>>>>>> We are open to ideas. That email is already blocked.
>>>>>> 
>>>>>> 
>>>>>> <snip>
>>>>> _______________________________________________
>>>>> Ale mailing list
>>>>> Ale at ale.org <mailto:Ale at ale.org>
>>>>> https://mail.ale.org/mailman/listinfo/ale <https://mail.ale.org/mailman/listinfo/ale>
>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>> http://mail.ale.org/mailman/listinfo <http://mail.ale.org/mailman/listinfo>
>>>>> 
>>> 
>> 
>> 
> 
> 
> --
> Computers amplify human error
> Super computers are really cool
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20220713/129b13ad/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.ale.org/pipermail/ale/attachments/20220713/129b13ad/attachment.sig>

More information about the Ale mailing list