[SAC] [OSGeo] #2152: Mailman: mass "Bounce action notification" ongoing

OSGeoTrac · April 16, 2018, 2:34pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+--------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Keywords:
---------------------------+--------------------------------------
As the list admin of grass-user I current get hundreds of "Bounce action
notification" emails.

Even for my own account I received 50min ago (server time: Apr 16 06:42:50
osgeo6):

{{{

---------- Forwarded message ----------
From: <mailman@lists.osgeo.org>
Date: Mon, Apr 16, 2018 at 3:40 PM
Subject: Bounce action notification
To: grass-user-owner@lists.osgeo.org

This is a Mailman mailing list bounce action notice:

     List: grass-user
     Member: neteler@osgeo.org
     Action: Subscription disabled.
     Reason: Excessive or fatal bounces.
}}}

...
{{{
Your membership in the mailing list grass-user has been disabled due
to excessive bounces The last bounce received from you was dated
16-Apr-2018. You will not get any more messages from this list until
you re-enable your membership. You will receive 3 more reminders like
this before your membership in the list is deleted.

To re-enable your membership, you can simply respond to this message
(leaving the Subject: line intact), or visit the confirmation page at

https://lists.osgeo.org/mailman/confirm/grass-
user/949e86c4a1f8bfb....xxx

...
}}}

Quite weird. No idea how to check that on the list server... are we under
attack?

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 16, 2018, 3:04pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+---------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by neteler):

Apparently more core developers are affected (the person is know to me):

{{{
---------- Forwarded message ----------
From: Anna <xxxxx@gmail.com>
Date: Mon, Apr 16, 2018 at 4:46 PM
Subject: question about excessive bounces
To: grass-user-owner@lists.osgeo.org

Hi,

I got an email from grass-user-request@lists.osgeo.org that my
membership in mailing list grass-user has been disabled due to
excessive bounces, with the last bounce today, but I haven't sent any
message for couple weeks now. Could you provide me with more
information about that?

Thank you,
}}}

Was mailman differently configured recently?

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 16, 2018, 3:50pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+---------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by neteler):

As per IRC chat with !TemptorSent:

<!TemptorSent> I think what's happening is that mailman is resending
messages with the id of the sender, which is getting blocked because of
DKIM/DMARC (yahoo.com.br is known for spammers), which is then causing a
bounce to every recipient it tries sending to.

<!TemptorSent> This may be an issue with the way mailman handles rewriting
author lines.

<!TemptorSent> The questionable domain showing up in the From or From:
line are likely the trigger.

Example copied here for reference:

{{{

---------- Forwarded message ----------
From: Mail Delivery System <MAILER-DAEMON@osgeo6.osgeo.osuosl.org>
To: grass-user-bounces@lists.osgeo.org
Cc:
Bcc:
Date: Mon, 16 Apr 2018 06:33:04 -0700 (PDT)
Subject: Undelivered Mail Returned to Sender
This is the mail system at host lists.osgeo.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<neteler.osgeo@gmail.com> (expanded from <neteler@osgeo.org>): host
     gmail-smtp-in.l.google.com[74.125.197.26] said: 550-5.7.1
Unauthenticated
     email from yahoo.com.br is not accepted due to 550-5.7.1 domain's
DMARC
     policy. Please contact the administrator of 550-5.7.1 yahoo.com.br
domain
     if this was a legitimate mail. Please visit 550-5.7.1
     https://support.google.com/mail/answer/2451690 to learn about the 550
5.7.1
     DMARC initiative. e6si10463926pfn.174 - gsmtp (in reply to end of DATA
     command)

Final-Recipient: rfc822; neteler.osgeo@gmail.com
Original-Recipient: rfc822;neteler@osgeo.org
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 Unauthenticated email from yahoo.com.br
is not
     accepted due to 550-5.7.1 domain's DMARC policy. Please contact the
     administrator of 550-5.7.1 yahoo.com.br domain if this was a
legitimate
     mail. Please visit 550-5.7.1
     https://support.google.com/mail/answer/2451690 to learn about the 550
5.7.1
     DMARC initiative. e6si10463926pfn.174 - gsmtp
}}}

Triggering email (which does not contain any spam!):

https://lists.osgeo.org/pipermail/grass-user/2018-April/078097.html

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 16, 2018, 4:02pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+---------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by neteler):

Found a script to enable delivery for all members or all those in a given
domain or those named members whose delivery is disabled by bounce:

(Source: https://mail.python.org/pipermail/mailman-
users/2011-August/072096.html)

https://fog.ccsf.edu/~msapiro/scripts/

--> reset_bounce.py

Please check if I can use it or not.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 16, 2018, 4:41pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+---------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by neteler):

(see also #2123 for an open "update mailman" ticket)

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152#comment:4>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 16, 2018, 8:21pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+---------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by neteler):

Replying to [comment:3 neteler]:
> Found a script to enable delivery for all members or all those in a
given domain or those named members whose delivery is disabled by bounce:
>
> (Source: https://mail.python.org/pipermail/mailman-
users/2011-August/072096.html)
>
> https://fog.ccsf.edu/~msapiro/scripts/
>
> --> reset_bounce.py
>
> Please check if I can use it or not.

Installed as:
/usr/lib/mailman/bin/reset_bounce.py

Seems to work:

{{{
# test run with myself:
withlist -r reset_bounce grass-user --user=neteler@osgeo.org --verbose
Importing reset_bounce...
Running reset_bounce.reset_bounce()...
Loading list grass-user (unlocked)
List grass-user: Reset 1 bouncing members.
Finalizing
}}}

Looks good. Now reset of all bounced members of the grass-user list:

{{{
withlist -r reset_bounce grass-user --verbose
Importing reset_bounce...
Running reset_bounce.reset_bounce()...
Loading list grass-user (unlocked)
List grass-user: Reset 341 bouncing members.
Finalizing
}}}

Kudos to M. Sapiro (https://fog.ccsf.edu/~msapiro/scripts/)!

Question: how to avoid that this happens again?

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152#comment:5>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 16, 2018, 8:45pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+---------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by neteler):

Here the original mail header (some entries anonymized):

Fetched with

{{{
mutt -f /var/lib/mailman/archives/private/grass-user.mbox/grass-user.mbox
}}}

Offending email header:
{{{
From xxxxxxxx@yahoo.com.br Mon Apr 16 06:33:02 2018
Return-Path: <xxxxxxxx@yahoo.com.br>
Received: from yyyyyy.consmr.mail.ne1.yahoo.com
  (yyyyyy.consmr.mail.ne1.yahoo.com [66.163.188.zzz])
  by lists.osgeo.org (Postfix) with ESMTP id C15726146815
  for <grass-user@lists.osgeo.org>; Mon, 16 Apr 2018 06:33:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.br;
s=s2048;
  t=1523885582; bh=bw4w4djnF5a7Ke6t0w86qFpl+h5Y1hyGJ+IiWnJtdk0=;
  h=Date:From:To:Subject:References:From:Subject;
b=CJnHdzNF3LzyVXz7GoOjdcx2/J4RIxZRqE1eJxjj08MhCSUun+vt7S85zcetsjR8N3knTrHJkr2UiOur9GbsJ75pouVfTLFG5VAsTJhN8wOtQ/6UTijpO5mM9AspDJfcGwlsCixEeYg8kXd8F4+Uau9tuS5W
X-YMail-OSG:
C7Q3YzAVM1ltzMvHh8Ljsp6IuJ_HSWp8hSipfddIfaRSq_JkmQUSzNITjKB2UJG
R9xPj2uiF4WqJPOaQPpSApV48oblDBmfHNkh07q0o4y0ZYofFvFCBY.H.pT8YA5oJtbdIH1hUtSn
0sp5aISAwXl7FsxN_roIAzU.2GSGOklh1JD7Rhzuou_sRDFQdRR1qod991JBZsmZ9LC9zdGVvQ44
JznC8Y8lIWZBINlcUQzFPDRj6LWoow8qH0L4Sh33tCR3wgCQt53L6vrCJuJS6Tx1HGpekibk1Jvy
H5IB0G7t4C8wBBsMUA9Xmj87OhGu3dI42ER6_T6C3VOpF3D06EXQVa1IY2wMlXjWPDCDCCBDhMrp
ooAsQi4SMwWL6kF0aWM2peyH_zSTO591PhGxwTRlTDb7qdXEJn0rv0vynx.aN75ShGKhvcISPL1d
  bUnBHcwx_WhuqH2oaLBpbO2.evtXP_ZFly4dOTFWPtahkaqvJJ3bItCXHTkowRzXbgMSSGbA-
Received: from sonic.gate.mail.ne1.yahoo.com by
  wwwww.consmr.mail.ne1.yahoo.com with HTTP; Mon, 16 Apr 2018 13:33:02
+0000
Date: Mon, 16 Apr 2018 13:32:49 +0000 (UTC)
From: someone <xxxxxxxx@yahoo.com.br>
To: GRASS User List <grass-user@lists.osgeo.org>
Message-ID: <gggggggg.864439.1523885569147@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
  boundary="----=_Part_ggggggg_122307701.1523885569146"
References: <ggggggg.864439.1523885569147.ref@mail.yahoo.com>
X-Mailer: WebService/1.1.11782 YMailNorrin Mozilla/5.0 (X11;
  Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
  Chrome/64.0.3282.119 Safari/537.36
Subject: [GRASS-user] g.region on different mapsets of the same location
X-BeenThere: grass-user@lists.osgeo.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: GRASS GIS user list <grass-user.lists.osgeo.org>
List-Unsubscribe: <https://lists.osgeo.org/mailman/options/grass-user>,
  <mailto:grass-user-request@lists.osgeo.org?subject=unsubscribe>
List-Archive: <http://lists.osgeo.org/pipermail/grass-user/>
List-Post: <mailto:grass-user@lists.osgeo.org>
List-Help: <mailto:grass-user-request@lists.osgeo.org?subject=help>
List-Subscribe: <https://lists.osgeo.org/mailman/listinfo/grass-user>,
  <mailto:grass-user-request@lists.osgeo.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 13:33:03 -0000
Status: RO

------=_Part_864438_122307701.1523885569146
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

[...]
}}}

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152#comment:6>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · April 16, 2018, 9:07pm

#2152: Mailman: mass "Bounce action notification" ongoing
---------------------------+---------------------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2018-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------

Comment (by neteler):

Some related pages:

  * [Mailman-Users] Striping out original DKIM header,
https://mail.python.org/pipermail/mailman-users/2011-October/072304.html
  * https://wiki.list.org/DEV/DMARC
  * "What can I do about members being unsubscribed by bounces of Yahoo
user's posts for DMARC policy reasons",
https://wiki.list.org/DOC/What%20can%20I%20do%20about%20members%20being%20unsubscribed%20by%20bounces%20of%20Yahoo%20user's%20posts%20for%20DMARC%20policy%20reasons%3F

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2152#comment:7>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.