I had a relevant issue with a subscriber to one of my lists. I sent a message to the
account, and it generated an 'out of office until' message-classic vacation program.
This address is subscribed to one of my lists, and I grew concerned.
When I wrote the Email post time module for TinyList, I knew of such things asd
autoreply program wars, and included several headers to help break them- and testing FOR
them. Well, now I was concerned. So late that night, I intentionally created a (now
deceased) testlist, and crosscoupled it with another (still existing) testing list- and
posted a message, insuring first that they were subscribed to one another. I did this
while logged in with a ssh program to the server so I could kill anything that
desperately needed an early grave.
Although my initial message was processed on the first list fine, it did not appear on
the second list- nor anything else. I then posted one to the second list, and nothing
else came out on it or the first list. Although withought a doubt they were addressing
one another, and subcrribed to one another, NOTHING HAPPENED. Both lists worked, both
were subscribed one to the other, and neither would accept posts from the other. The
header testing and rejecting was breaking an intentionally built list loop reliably.
Now I would NOT reccomend such a drastic test to anyone else, as it has such a wonderful
chance at crashing a server in jig time. But I thought the report of such a risky
experiment would be of intrest to this thread.
Does the new majordomo do such header filtering and rejecting?
Daniel Liston wrote:
> It is local policy here, that anyone creating this kind of loop
> be removed and blacklisted from subscribing to any of our lists
> for a period of one year. Idle threat, considering how easy it
> is to get and use a different address, but our point gets made.
>
> Considering the query may not have even been from a subscriber,
> this could be considered a weak DOS attack on your system. You
> might consider leaving the user or their domain listed in your
> access.db file.
>
> Take a look at your majordomo.cf file. Down at the bottom is a
> majordomo_dont_reply variable that does what it's name says. You
> might also want to consider a global_taboo_headers expression to
> bounce null senders to the majordomo-owner without being responded
> to. Using your own example, the expression would look like this;
>
> /^Return-Path: <>/i
>
> I would really like to study a sample of the 3000 messages before
> I could offer anything better. Are they all identical, with the
> exception of date/time stamps?
>
> Dan Liston
>
> susan barnes wrote:
>
>> Greetings,
>>
>> Last night one of our majordomos got caught in a kind of mailloop,
>> when someone tried to query majordomo using a sending address serviced
>> by an autoresponder.
>>
>> Each Email hitting said account would trigger one of these
>> We-will-answer-your-email-later messages, which caused majordomo to
>> send its helpfile once again, which would trigger....
>>
>> 3000 Mails and 30 MB later I stopped the loop using the Mailservers
>> AccessDB.
>>
>>
>> We use Majordomo 1.94.5 and sendmail 8.12.9/8.12.8
>>
>>
>> I am wondering if there is anything to avoid this situation?
>>
>> Things I thought about:
>>
>> Giving majordomos outgoing administrative mails a reply-to header
>> pointing to majordomo-owner(I do not like that, for quite a few
>> mailinglists are open+confirmed and half of the confirmation mails
>> will then go to majordomo-owner)
>>
>> Incorporate another sanity-check, so mails with
>> Return-Path: <>
>> in their headers, do not get processed.
>>
>> It would be nice if majordomo could act similar to a (wellbehaved)
>> vacation, sending out a Maximum of X messages to a single recipient
>> and resetting the counter every hour or so.
>>
>> (All this should only affect the majordomo results mails, not the list
>> traffic)
>>
>>
>> Ideas anyone?
>>
>> Thank you for your input.
>>
>>
>> Susan Barnes
>>
>>
>> Susan Barnes <S.Barnes@rrz.uni-koeln.de>
>> Zentrum fuer Angewandte Informatik - Universitaetsweiter Service RRZK
>> Universitaet zu Koeln / Cologne University - Tel:0221-478-5594
>
>
>
>
--
end
Cheers!
Kirk D Bailey
think
http://www.howlermonkey.net/ +-----+ http://www.tinylist.org/
http://www.listville.net/ | BOX | http://www.sacredelectron.org/
+-----+
"Thou art free"-ERIS think 'Got a light?'-Promethieus
Fnord.
References:
|
|
