Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On Wed, 2012-10-24 at 11:57 +0900, Stephen J. Turnbull wrote: > Lindsay Haisley writes: > > > Take a look at . > > I just tried their sample. I'd rather face a CAPTCHA! And their > twitter feed reads like spam -- same comments, same apparent author, > different avatar

Re: [Mailman-Users] Too many recipients

Rodrigo Abrantes Antunes writes: > Searching google I found that this error isn't related to the number of > users in the list, it occurs because the total number of addresses in the > To: and Cc: headers of the post equals or exceeds > max_num_recipients. The operational issues have already

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Kalbfleisch, Gary writes: > Note that for the majority of what I have seen in this attack it > is the return email messages that the exploiters desire. Yes, this is the most important point for Mailman developers, in fact. Thank you for reiterating it. > I have seen some evidence that these

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Lindsay Haisley writes: > Take a look at . I just tried their sample. I'd rather face a CAPTCHA! And their twitter feed reads like spam -- same comments, same apparent author, different avatar. Not a great start if they want to captcha my lists! ;-) Seriously, I ca

Re: [Mailman-Users] Too many recipients

Mark Sapiro wrote: > >The 828 recipients was the entire list, but the list is chunked into >pieces of *at most* SMTP_MAX_RCPTS (default 500) and each chunk is >sent as a separate SMTP transaction. Further, the chunks ar separated >by top level domain such that all .com addresses are in their (set o

Re: [Mailman-Users] Too many recipients

Lindsay Haisley wrote: > >Mark, Brad, etc. I have a question here. Rodrigo says that in his >Mailman smtp log, a SMTP transaction to contas for 828 recipients was >"completed in 1.705 seconds" > >Mailman also reports a _temporary_ failure of 450 addresses. Because >this is a 4xx class error, can

Re: [Mailman-Users] Too many recipients

* Lindsay Haisley : > IMHO, a restart of postfix would probably be in order, too. I know that > many settings in my mail server, courier MTA, require a restart of the > server after changing them in order for them to take effect. postfix reload suffices. -- Ralf Hildebrandt C

Re: [Mailman-Users] Too many recipients

On Tue, 2012-10-23 at 13:45 -0700, Mark Sapiro wrote: > On 10/23/2012 1:21 PM, Rodrigo Abrantes Antunes wrote: > > > > I've set SMTP_MAX_RCPTS to 250 in mailman and smtpd_recipient_limit to 300 > > in postfix and I'm still getting these errors. > > Did you restart Mailman IMHO, a restart of postf

Re: [Mailman-Users] Too many recipients

On Tue, 2012-10-23 at 18:21 -0200, Rodrigo Abrantes Antunes wrote: > I didn't set any loop, the list's e-mail obviously isn't a list member, > what I said is that when you want to send and email to the list you put > the list's email in the "To:" field and that's the only recipient when I'm > sendi

Re: [Mailman-Users] Too many recipients

On 10/23/2012 1:21 PM, Rodrigo Abrantes Antunes wrote: > > I've set SMTP_MAX_RCPTS to 250 in mailman and smtpd_recipient_limit to 300 > in postfix and I'm still getting these errors. Did you restart Mailman after setting SMTP_MAX_RCPTS = 250 in mm_cfg.py? -- Mark Sapiro The highway i

Re: [Mailman-Users] Too many recipients

Citando Lindsay Haisley : On Mon, 2012-10-22 at 13:46 -0200, Rodrigo Abrantes Antunes wrote: > Any ideas? The behavior of Mailman with respect to the number of recipients specified in any single SMTP transaction is controlled by SMTP_MAX_RCPTS, which should be less than the max number of

Re: [Mailman-Users] Too many recipients

Citando Lindsay Haisley : Hi, when I try to send an e-mail to my list (only one recipient, the list itself), I get these: Aren't you creating a loop here?  Why are you putting the list itself on the list as its only recipient?  This appears to me to be an invitation for an endless loop.

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On Oct 23, 2012, at 9:28 AM, "Kalbfleisch, Gary" wrote: > As a result of this activity I have changed all lists so that confirmation is > required for all subscriptions, and only list owners can view the list of > subscribers. The confirmations don't actually solve the email bombing > problem

Re: [Mailman-Users] Too many recipients

Rodrigo Abrantes Antunes wrote: >Hi, when I try to send an e-mail to my list (only one recipient, the list >itself), I get these: > > In mailman's smtp logs: > Oct 22 13:26:17 2012 (22940) smtp to contas for 828 recips, >completed in 1.705 seconds > > In mailman's post logs: > Oct 22 13:26:17

Re: [Mailman-Users] Too many recipients

On Mon, 2012-10-22 at 13:46 -0200, Rodrigo Abrantes Antunes wrote: > Any ideas? > The behavior of Mailman with respect to the number of recipients specified in any single SMTP transaction is controlled by SMTP_MAX_RCPTS, which should be less than the max number of recipients allowed by the SMTP

Re: [Mailman-Users] Too many recipients

> Hi, when I try to send an e-mail to my list (only one recipient, the list > itself), I get these: Aren't you creating a loop here? Why are you putting the list itself on the list as its only recipient? This appears to me to be an invitation for an endless loop. -- Lindsay Haisley | "Re

Re: [Mailman-Users] Too many recipients

Am I understanding correctly that the list itself is a member of the list? Sounds like an email loop to me. What are you trying to do? -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax > -Origi

Re: [Mailman-Users] Too many recipients

Citando Rodrigo Abrantes Antunes : Hi, when I try to send an e-mail to my list (only one recipient, the list itself), I get these: In mailman's smtp logs: Oct 22 13:26:17 2012 (22940) smtp to contas for 828 recips, completed in 1.705 seconds In mailman's post logs: Oct 22 13

[Mailman-Users] Too many recipients

Hi, when I try to send an e-mail to my list (only one recipient, the list itself), I get these: In mailman's smtp logs: Oct 22 13:26:17 2012 (22940) smtp to contas for 828 recips, completed in 1.705 seconds In mailman's post logs: Oct 22 13:26:17 2012 (22940) post to contas from xxx@, s

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On Oct 23, 2012, at 8:41 AM, jdd wrote: > that said there are some real human paid to catch web site, and against that > no luck :-( There's an old axiom in the security business that no defense can stop a sufficiently motivated attacker with sufficient resources. The US Secret Service knows

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Note that for the majority of what I have seen in this attack it is the return email messages that the exploiters desire. I have seen some subscriptions actually get through but I have not seen them exploited in any way other than to add to the flood of emails to the subscriber. I have seen

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

Le 23/10/2012 17:17, Carl Zwanzig a écrit : I've used a similar method for help email to places like yahoo. At the bottom of the text I ask "Please tell me your favorite color so I know I'm working with a real person." Seems to work. yes I also have "public" passwd on a wiki. By the way the p

Re: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests

On 10/22/2012 11:55 PM, Ralf Hildebrandt wrote: I recently got 30 new comments on my blog, all of which were spam. And of course I'm using a CAPTCHA there. So Brad's point is probably valid. I don't like captcha's either, and one of their problems is that they're so easy to see programatically