[SAC] [OSGeo] #2757: Possible postfix issues since osgeo6 upgrade

OSGeoTrac · May 3, 2022, 2:24pm

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Keywords:
---------------------------+---------------------------------------
Sicne the osgeo6 upgrade from stretch to buster, some people have been
complaining of

For some reason mailer-daemon is sending delivery notifications to mailing
lists (not all of them), as if the mailing list was a Sender
Mailer daemon is not on the list so owner sends it a notice of its message
being moderated

One example is geoforall-europe and treasurer.

Haven't checked yet to see what could be the issue here

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 3, 2022, 2:27pm

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------

Comment (by robe):

On closer glance I think it might be just sending to mailing list owners,
not mailing lists, so not as serious of an issue. neteler I think also
complained about this with grass.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 3, 2022, 3:15pm

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------

Comment (by strk):

The Delivery Status Notification is being sent FROM mailer-
daemon@osgeo6.osgeo.osuosl.org to the mailing list addresses. I've seen
this happening starting April 30, to these mailing lists:
- geoforall-northamerica@lists.osgeo.org
- geoforall-africa@lists.osgeo.org
- geoforall-europe@lists.osgeo.org
- geoforall-asiaaustralia@lists.osgeo.org
- geoforall-iberoamerica@lists.osgeo.org
- geoforall@lists.osgeo.org
- geoserver-security@lists.osgeo.org

On average, an email a day to each of the above mailing lists.

Since mailer-daemon@ is not a subscriber, for each mail the -owner@ for
the target mailing list replied to mailer-daemon@ with a "Your message to
... awaits moderator approval" response.

The response email does not contain the full detail of the original mail
(the one sent from mailer-daemon to mailing list) so further inspection is
not possible from where I stand at the moment.

The question is: WHY would mailer-daemon@ send a Delivery Status
Notification (with subject "Successful Mail Delivery Report") to a mailing
list? Was it a spoofed attempt by some hacker or did MTA receive an email
requesting status notification from the Mailman with mailing list address
as Sender ?

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757#comment:2>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 3, 2022, 5:10pm

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------

Comment (by neteler):

I got this which is new and unusual:

(perhaps a non-subscribed person trying to spam the list? "EMAIL ACCOUNT
CONFIRMATION AND UPGRADE." - but that would be dropped in the grass-*
lists anyway by mailman...

{{{
Delivered-To: neteler.osgeo@gmail.com
Received: by 2002:ab4:ab53:0:0:0:0:0 with SMTP id gj19csp7453175ecb;
         Tue, 3 May 2022 03:07:34 -0700 (PDT)
X-Google-Smtp-Source:
ABdhPJz/m3V4l8cNKjmFHob37eGQBjVskowM782G6b3zzelDALZ3jROc2HJTr5j9X00R0zuQZp46
X-Received: by 2002:a17:90a:e517:b0:1da:3d42:7fb8 with SMTP id
t23-20020a17090ae51700b001da3d427fb8mr3915271pjy.194.1651572454160;
         Tue, 03 May 2022 03:07:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651572454; cv=none;
         d=google.com; s=arc-20160816;
b=V/WtFjuholKCQhzrf7LrmsWAxIbqfne8CAZ9a6KHO3e1a+nLBiY4muGynzDeyQayts
7ZTZDFzYR8p6EV2HYSZKT1H5+Q9zzyU7u6mwEYFRg0gpPLbJTRieMsEtzJ5y9Pw/z/Ha
XPZfApL2NKHiRxyd0mdm/M5hUx8Q7UCY1+mVFfdMDaY15ydaxqdoDAAHaodJNgqnRBng
t4W64KBBA2mSXWnyQgor6JPV+OB6vs4rr5NRbwYEYqD2pfA3/F8ke/DJDU93KPHUaVMg
8KzoxbrC0yf5muyKlQc3T+FiSmVrCjbtbGWsAIEBFdXT7uvJp/Mchyp4Qg9vY27NW4KT
          CRLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
         h=sender:errors-to:message-id:mime-version:auto-
submitted:to:subject
          :from:date:delivered-to;
         bh=vJiQSBgmDbOsntgyYq7XGDR0jSI2C7Mwf5jGeOhLpNA=;
b=eYzpHliJmR6Ly7boue9Dnj1jgFcBiZmorcnvRbjhDXV0qJ4oEzGAxaQs6qNVRyL4tO
e4T1DwsPnuOBYJ1MaI8uPMdk04/way+5lozJiVIqX4HNLDtFm7LJaksIsN33lCWTd1Qu
HmUfPRR0lCngom3Y3ceiE/q9+Qo/0npu4ebh34EtAYXXQV6J8Q9MkpUUlQDBcEp1hdvK
bBmkuN+zEEbUqOzIxUL/FM5m41gv6TqwSJqj88YaAuEhjaSEaCJHBYGyzp1+1u/3fQ7R
LahmCEEOesTq1FWRPfjosG+RQeg0iAViJ8glH+US4qRFmQ8aBGWCZGdh+/UdJR+9akP2
          ZOWA==
ARC-Authentication-Results: i=1; mx.google.com;
        spf=pass (google.com: domain of mailman-bounces@lists.osgeo.org
designates 140.211.15.3 as permitted sender) smtp.mailfrom=mailman-
bounces@lists.osgeo.org
Return-Path: <mailman-bounces@lists.osgeo.org>
Received: from lists.osgeo.org (osgeo6.osgeo.osuosl.org. [140.211.15.3])
         by mx.google.com with ESMTPS id
oj8-20020a17090b4d8800b001d939ffed98si1720652pjb.97.2022.05.03.03.07.33
         for <neteler.osgeo@gmail.com>
         (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
         Tue, 03 May 2022 03:07:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of mailman-bounces@lists.osgeo.org
designates 140.211.15.3 as permitted sender) client-ip=140.211.15.3;
Authentication-Results: mx.google.com;
        spf=pass (google.com: domain of mailman-bounces@lists.osgeo.org
designates 140.211.15.3 as permitted sender) smtp.mailfrom=mailman-
bounces@lists.osgeo.org
Received: by lists.osgeo.org (Postfix)
         id 34DE66146828; Tue, 3 May 2022 03:07:32 -0700 (PDT)
Delivered-To: grass-admin@osgeo.org
Received: from osgeo6.osgeo.osuosl.org (localhost [127.0.0.1])
         by lists.osgeo.org (Postfix) with ESMTP id 32CF46129383
         for <grass-admin@osgeo.org>; Tue, 3 May 2022 03:07:32 -0700 (PDT)
Received: by lists.osgeo.org (Postfix)
  id 5C5596146828; Tue, 3 May 2022 03:07:31 -0700 (PDT)
Date: Tue, 3 May 2022 03:07:31 -0700 (PDT)
From: MAILER-DAEMON@osgeo6.osgeo.osuosl.org (Mail Delivery System)
Subject: Successful Mail Delivery Report
To: grass-user-owner@lists.osgeo.org
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
  boundary="9FE576129381.1651572451/lists.osgeo.org"
Message-Id: <20220503100731.5C5596146828@lists.osgeo.org>
Errors-To: mailman-bounces@lists.osgeo.org
Sender: "grass-user" <mailman-bounces@lists.osgeo.org>

This is a MIME-encapsulated message.

--9FE576129381.1651572451/lists.osgeo.org
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host lists.osgeo.org.

Your message was successfully delivered to the destination(s)
listed below. If the message was delivered to mailbox you will
receive no further notifications. Otherwise you may still receive
notifications of mail delivery errors from other systems.

The mail system

<grass-user-owner@lists.osgeo.org>: delivery via mailman: delivered via
mailman
service

--9FE576129381.1651572451/lists.osgeo.org
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; lists.osgeo.org
X-Postfix-Queue-ID: 9FE576129381
X-Postfix-Sender: rfc822; grass-user-owner@lists.osgeo.org
Arrival-Date: Tue, 3 May 2022 03:07:30 -0700 (PDT)

Final-Recipient: rfc822; grass-user-owner@lists.osgeo.org
Original-Recipient: rfc822;grass-user-owner@lists.osgeo.org
Action: relayed
Status: 2.0.0
Diagnostic-Code: X-Postfix; delivery via mailman: delivered via mailman
service

--9FE576129381.1651572451/lists.osgeo.org
Content-Description: Message Headers
Content-Type: text/rfc822-headers

Return-Path: <grass-user-owner@lists.osgeo.org>
Received: from lists.osgeo.org (unknown [185.222.57.155])
         by lists.osgeo.org (Postfix) with ESMTP id 9FE576129381
         for <grass-user-owner@lists.osgeo.org>; Tue, 3 May 2022 03:07:30
-0700 (PDT)
From: Server Administrator<grass-user-owner@lists.osgeo.org>
To: grass-user-owner@lists.osgeo.org
Subject: EMAIL ACCOUNT CONFIRMATION AND UPGRADE.
Date: 3 May 2022 12:07:29 +0200
Message-ID: <20220503120729.96870BFAF8481322@lists.osgeo.org>
MIME-Version: 1.0
Content-Type: multipart/alternative;
         boundary="----=_NextPart_000_0012_D7065B83.843EA4FA"

--9FE576129381.1651572451/lists.osgeo.org--
}}}

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757#comment:3>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 5, 2022, 6:13am

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------

Comment (by robe):

I think these are all a result of the postfix upgrade.

I read this http://www.postfix.org/DSN_README.html which seems to be the
issue we are having.
We are running (3.4.14). But I'm not seeing in the upgrade transcript
what the version was before.

So I guess solution is to disable these in postfix config as detailed
here:

https://www.postfix.org/DSN_README.html#scope

I haven't read thru all of that to know the best course of action, but
I'll try to get to it in next day or so.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 5, 2022, 6:19am

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------

Comment (by robe):

I've gone ahead and made this change

{{{
/etc/postfix/main.cf:
smtpd_discard_ehlo_keywords = silent-discard, dsn
}}}

and ran

{{{
systemctl reload postfix
}}}

That will hopefully eradicate this and not impact our important ones.

I'll leave this open until we confirm these are not coming thru anymore.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757#comment:5>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 5, 2022, 12:21pm

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------

Comment (by Jeff McKenna):

Thanks @robe, I've been getting about 50 of these messages per day, at
least, and they suddenly stopped this morning at 2:07am Boston time.
Thanks for tackling this.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757#comment:6>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.

OSGeoTrac · May 5, 2022, 1:57pm

#2757: Possible postfix issues since osgeo6 upgrade
---------------------------+----------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2022-II
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+----------------------------------------
Changes (by robe):

* status: new => closed
* resolution: => fixed

Comment:

Thanks for the confirmation. So I'll go ahead and close this out. If
people are still having issues feel free to reopen.

--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2757#comment:7>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.