[SAC] [OSGeo] #2597: Dangerous emails leaking into grass-web mailing list: mailman blocking fails

OSGeoTrac · May 6, 2021, 7:53am

#2597: Dangerous emails leaking into grass-web mailing list: mailman blocking
fails
---------------------------+-----------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone: Unplanned
Component: Systems Admin | Keywords: mailman
---------------------------+-----------------------
At time, dangerous emails are leaking into the moderated "grass-web"
mailing list, see https://lists.osgeo.org/pipermail/grass-
web/2021-May/date.html

While I had added <noreply@microsoftteams.uservoice.com> to the mailman
discard section ("Privacy" setting), filtering still fails as seen below.

Question: how to get rid of this rubbish? Can we do anything at low level?

In /var/log/mail.log there are entries like this:

{{{
May 2 17:44:15 osgeo6 postgrey[4517]: action=pass, reason=triplet found,
client_name=unknown, client_address=46.183.220.114,
sender=noreply@microsoftteams.uservoice.com, recipient=grass-
web@lists.osgeo.org
}}}

Garbage email example:

{{{
---------- Forwarded message ---------
From: Email ADMIN <noreply@microsoftteams.uservoice.com>
Date: Thu, May 6, 2021 at 3:24 AM
Subject: [GRASS-web] lists.osgeo.org : (6)Incoming messages are blocked on
your mail server.
To: <grass-web@lists.osgeo.org>

You have new held messages

Dear grass-web@lists.osgeo.org

Incoming messages are blocked on your mail server.
You have {6} blocked emails on your server waiting to deliver to grass-
web@lists.osgeo.org

Enable data to retrieve messages

Click Here To Enable Data

© 2003 - 2021 WebClient Services Limited.
_______________________________________________
grass-web mailing list
grass-web@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/grass-web
}}}

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2597>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 7, 2021, 6:13am

#2597: Dangerous emails leaking into grass-web mailing list: mailman blocking
fails
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: mailman |
---------------------------+------------------------

Comment (by neteler):

Since this is urgent, I have made the following change (edited
`KNOWN_SPAMMERS`) in

/usr/lib/mailman/Mailman/Defaults.py:

{{{
#####
# Spam avoidance defaults
#####

# This variable contains a list of 2-tuple of the format (header, regex)
which
# the Mailman/Handlers/SpamDetect.py module uses to match against the
current
# message. If the regex matches the given header in the current message,
then
# it is flagged as spam. header is case-insensitive and should not
include
# the trailing colon. regex is always matched with re.IGNORECASE.
#
# Note that the more searching done, the slower the whole process gets.
Spam
# detection is run against all messages coming to either the list, or the
# -owners address, unless the message is explicitly approved.
#KNOWN_SPAMMERS =

# MN 2021, see https://mail.python.org/pipermail/mailman-
users/2010-August/070027.html
KNOWN_SPAMMERS = [
('from', 'noreply at microsoftteams\.uservoice\.com'),
]
}}}

Now monitoring the mailman logs in

{{{
tail -f /var/log/mailman/post
}}}

and the list archive as well here: https://lists.osgeo.org/pipermail
/grass-web/2021-May/date.html

Hopefully we won't have bad side-effects!

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2597#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · March 6, 2022, 4:12pm

#2597: Dangerous emails leaking into grass-web mailing list: mailman blocking
fails
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: new
Priority: critical | Milestone: Unplanned
Component: Systems Admin | Resolution:
Keywords: mailman |
---------------------------+------------------------

Comment (by robe):

@neteler is this still an issue?

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2597#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · March 6, 2022, 5:38pm

#2597: Dangerous emails leaking into grass-web mailing list: mailman blocking
fails
---------------------------+------------------------
Reporter: neteler | Owner: sac@…
Type: task | Status: closed
Priority: critical | Milestone: Unplanned
Component: Systems Admin | Resolution: fixed
Keywords: mailman |
---------------------------+------------------------
Changes (by neteler):

* status: new => closed
* resolution: => fixed

Comment:

No bad side-effects reported, looks good as the cruft disappeared.
Closing.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2597#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.