[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-discuss] address@hidden spammer
|
From: |
jb-gnumlists |
|
Subject: |
Re: [Qemu-discuss] address@hidden spammer |
|
Date: |
Sat, 21 Jul 2012 21:19:21 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0 |
(I have cc-ed the relevant server administrators, as they seem to be
unaware of the situation).
On 20-07-2012 23:36, anatoly techtonik wrote:
On Fri, Jun 29, 2012 at 9:19 PM, Akihiko Ota <address@hidden> wrote:
P.S.
I send this mail to address@hidden yesterday, but I got
return mail with error message from address@hidden
Have you got my mail?
Hi. Affirmative.
Can somebody unsubscribe this Majordomo guy at vger.kernel.org?
address@hidden is not a guy, it is the subscribe/unsubscribe
address of another mailing list set (specifically, the mailing lists for
the Linux kernel project).
It appears that there is a major bug in the mailing list software
running on lists.gnu.org:
The mechanism used for subscription confirmation mail (embedding the
confirmation cookie in the mail header "From" and "Reply-To" headers)
causes other, older, mail robots (including Majordomo) to automatically
confirm themselves as subscribed.
This creates a major problem with dueling mail robots and an ongoing
risk of malicious subscription requests for mail robot addresses.
I strongly suggest that the lists.gnu.org administrators take the
following corrective actions, in order of urgency:
1. Search the subscription lists for all subscriptions of "address@hidden"
and other mail robots, and manually unsubscribe the lot. Repeat as
necessary until after action 2 has been completed.
2. Reconfigure the software on lists.gnu.org to include the
confirmation cookie in the subject line or the first line of the
confirmation mail, as other mail robots have already been designed not
to reply with those properties intact. For instance both Majordomo and
most "vacation" style programs completely replace the subject line and
either do not preserve the body or prefixes it with enough noise not to
satisfy most well written checks for inclusion of a subscription
confirmation cookie (majordomo puts a "--" line (NOT a "-- " line)
before the mangled first lines of the mail).
As for the vger.kernel.org administrators:
I suggest you check your majordomo error logs to look for foreign list
traffic hitting the address@hidden administration address, and unsubscribe
the majordomo address from those foreign lists. This should not affect
gateway merging of mail lists, web mail interfaces (such as gmame etc.),
as those would be set to send list traffic to the list submission
addresses not the address@hidden address. Also don't be alarmed if you
see automatic systems from places such as gmame and groups.google.com
hitting majordomo with well formed commands as part of their effort to
keep their lists of mailing lists in sync with your own
creation/deletion of lists.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded