[ale] Help!! Ale is being abused

Jim Kinney jim.kinney at gmail.com
Wed Jul 13 10:56:46 EDT 2022 

Big thanks!!

On July 13, 2022 7:30:16 AM MST, Jerald Sheets via Ale <ale at ale.org> wrote:
>
>Ok, Ive reached out to the origination email address, and it turns out
>it’s a service address for “Chatechesis of the Good Shepherd” in
>Scottsdale, AZ.  Looks like their mail address got harvested, and
>someone is trying to hit our list from that.  I called them to discuss
>with their IT (or whomever is doing the companies) to try and stop it.
>Pointed out we’re a non-profit just like they are, etc. etc.  I’ll keep
>everyone posted as to their reply (if any).  Primarily, getting them to
>stop the complaints.
>
>
>
>Jerald Sheets
>questy at gmail.com
>
>
>
>> On Jul 13, 2022, at 9:50 AM, Jim Kinney via Ale <ale at ale.org> wrote:
>> 
>> Can you set up postfix to capture ALL outbound mail sent to
>ukkoknowles at usfamily.net
>> and redirect to a local account or /dev/null. Got another 15 last
>night. But the new ones are all originating within 3 minutes of the
>first one so it may still just be fall out.
>> 
>> It looks like the first 5 complaints are for a single email.
>Identical time stamp, smtp id, and esmtp id. The next four are also
>identical but from an email sent about 40 seconds later. Each in this
>batch have the same ids.
>> 
>> The new batch has the same sending time stamp so far, 20220711224723
>but different smtp and esmtp ids.
>> 
>> On July 12, 2022 7:55:47 PM MST, Robert Tweedy
><robert at robert-tweedy.com> wrote:
>> Thanks Derek,
>> 
>> I've made the changes & tested to confirm that the ale-request &
>ale-subscribe addresses no longer work.
>> 
>> -Robert
>> 
>> On 7/12/22 22:08, Derek Atkins wrote:
>>> I know it won't break core functionality.
>>> You could send the - request email to a person.
>>> I think you need to deal with it in postfix.
>>> 
>>> -derek
>>> Sent using my mobile device. Please excuse any typos.
>>> 
>>> On July 12, 2022 9:11:13 PM Robert Tweedy <robert at robert-tweedy.com>
><mailto:robert at robert-tweedy.com> wrote:
>>> 
>>>> I feel like disabling the Mailman "-request" and "-subscribe"
>addresses would have unintended side effects, but it's technically a
>possibility; does anyone more familiar with GNU Mailman know if this
>is:
>>>> 
>>>> 1. A bad idea/will severely break core Mailman functions
>(alternatively, how many people will start sending in complaints that
>their emails to "ale-request at ale.org" <mailto:ale-request at ale.org>
>stopped working)?
>>>> 2. An option that's available through Mailman's configuration
>files? Or would I need to modify the Postfix aliases to achieve this?
>>>> 
>>>> -Robert
>>>> 
>>>> On 7/12/22 20:40, Derek Atkins wrote:
>>>>> Another option is to turn off handling of email-based subscription
>>>>> requests and require going through the web interface?
>>>>> 
>>>>> -derek
>>>>> 
>>>>> On Tue, July 12, 2022 8:17 pm, Robert Tweedy via Ale wrote:
>>>>>> I've gotten a basic Captcha configured now on Mailman's main
>sign-up
>>>>>> pages (which is likely where the issue's coming from), so this
>will
>>>>>> hopefully lessen the problem. I'm definitely open to any
>suggestions for
>>>>>> improvement as well as donations of time to implement a better
>>>>>> spam-filtering mechanism to prevent the server from responding to
>every
>>>>>> incoming message it receives (ie. Mailman either needs to be
>smarter
>>>>>> about what messages it replies to & what messages it just
>>>>>> ignores/discards without a reply, or we need our spam filter to
>also
>>>>>> work internally & keep Mailman from sending out spam on its own
>when
>>>>>> someone/something abuses forms on the site that could generate an
>email).
>>>>>> 
>>>>>> On 7/12/22 18:01, Jim Kinney via Ale wrote:
>>>>>>> Started getting these notices/complaints today and each one is a
>$5
>>>>>>> charge from my hosting provider. We're up to $35 so far today.
>>>>>>> 
>>>>>>> I'm on work out of state and didn't travel with any personal
>gear and
>>>>>>> Robert is also slammed. Can someone gently talk with the
>recipient and
>>>>>>> ask if they can simply delete/block instead of complain.
>>>>>>> 
>>>>>>> We are open to ideas. That email is already blocked.
>>>>>>> 
>>>>>>> 
>>>>>>> <snip>
>>>>>> _______________________________________________
>>>>>> Ale mailing list
>>>>>> Ale at ale.org <mailto:Ale at ale.org>
>>>>>> https://mail.ale.org/mailman/listinfo/ale
><https://mail.ale.org/mailman/listinfo/ale>
>>>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>>>> http://mail.ale.org/mailman/listinfo
><http://mail.ale.org/mailman/listinfo>
>>>>>> 
>>>> 
>>> 
>>> 
>> 
>> 
>> --
>> Computers amplify human error
>> Super computers are really cool
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo

-- 
Computers amplify human error
Super computers are really cool
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20220713/78bfcbd8/attachment.htm>

More information about the Ale mailing list