Testing mail list
I'm receiving bogus bounce messages like this (which are malformed even, the
Subject isn't properly encoded). I'm not sure what list is generating them or
what address but if we can figure out who could we drop whoever it is from the
list please?
Gregory Stark wrote:
I'm receiving bogus bounce messages like this (which are malformed even, the
Subject isn't properly encoded). I'm not sure what list is generating them or
what address but if we can figure out who could we drop whoever it is from the
list please?------------------------------------------------------------------------
Subject:
Confirma��o de envio / Sending confirmation (captchaid:1324333124c3)
From:
<postmaster@infotecnica.com.br>The email message sent to dev@archonet.com requires a confirmation to
be delivered. Please, answer this email informing the characters that
you see in the image below
Receipt of messages like this is guaranteed an immediate entry in my
junk filter. Use of this braindead software is bad enough, but being so
clueless as not to whitelist a technical mailing list you subscribe to
is truly horrible.
cheers
andrew
"Andrew Dunstan" <andrew@dunslane.net> writes:
Receipt of messages like this is guaranteed an immediate entry in my junk
filter. Use of this braindead software is bad enough, but being so clueless as
not to whitelist a technical mailing list you subscribe to is truly horrible.
It's worse than that in this case. This is an *impressively* broken
configuration. What appears to be happening is that the mail server at this
university is looking at the To and From headers and treating it as a personal
email between those two addresses. It sends this captcha to the From header
claiming that the person in the To header is insisting on the captcha being
filled out. The first such bounce I looked at actually claimed it was on Tom's
behalf!
If I were the list maintainer here I would ban infotecnica.com.br addresses
from subscribing to any of our lists. Ideally with a message saying "as a
result of misconfigured mail software addreses from infotecnica.com.br are
banned from pgsql mailing lists. Please contact your postmaster to request
they fix the problems"
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's Slony Replication support!
On Wed, Dec 19, 2007 at 01:09:39PM +0000, Gregory Stark wrote:
If I were the list maintainer here I would ban infotecnica.com.br addresses
from subscribing to any of our lists. Ideally with a message saying "as a
result of misconfigured mail software addreses from infotecnica.com.br are
banned from pgsql mailing lists. Please contact your postmaster to request
they fix the problems"
Right. Problem is, I checked and I found no infotecnica.com.br
addresses subscribed to pgsql-hackers.
Are you sure it was mail from -hackers that caused the problem? I have
seen the bounce myself but never made much of it (even though I agreed
it was quite broken).
--
Alvaro Herrera http://www.amazon.com/gp/registry/DXLWNGRJD34J
La web junta la gente porque no importa que clase de mutante sexual seas,
tienes millones de posibles parejas. Pon "buscar gente que tengan sexo con
ciervos incendi�ndose", y el computador dir� "especifique el tipo de ciervo"
(Jason Alexander)
Alvaro Herrera wrote:
On Wed, Dec 19, 2007 at 01:09:39PM +0000, Gregory Stark wrote:
If I were the list maintainer here I would ban infotecnica.com.br addresses
from subscribing to any of our lists. Ideally with a message saying "as a
result of misconfigured mail software addreses from infotecnica.com.br are
banned from pgsql mailing lists. Please contact your postmaster to request
they fix the problems"Right. Problem is, I checked and I found no infotecnica.com.br
addresses subscribed to pgsql-hackers.Are you sure it was mail from -hackers that caused the problem? I have
seen the bounce myself but never made much of it (even though I agreed
it was quite broken).
It could be via some mail <-> news or list <-> list gateway.
cheers
andrew
Gregory Stark <stark@enterprisedb.com> writes:
It's worse than that in this case. This is an *impressively* broken
configuration.
Understatement of the week. The mail includes absolutely no evidence
about what message is allegedly being filtered. Are you sure that
this is really a filtering engine at all, and not just random spam
hoping to draw responses from careless people? I've heard of web
comment-spammers who try to get other people to decode captchas
for them this way.
Adding to my suspicion is that I don't recall having seen one of these
personally, and if it were really tied to posting on any of the PG
lists, I shoulda seen a lot ;-)
regards, tom lane
Tom Lane wrote:
Gregory Stark <stark@enterprisedb.com> writes:
It's worse than that in this case. This is an *impressively* broken
configuration.Understatement of the week. The mail includes absolutely no evidence
about what message is allegedly being filtered. Are you sure that
this is really a filtering engine at all, and not just random spam
hoping to draw responses from careless people? I've heard of web
comment-spammers who try to get other people to decode captchas
for them this way.Adding to my suspicion is that I don't recall having seen one of these
personally, and if it were really tied to posting on any of the PG
lists, I shoulda seen a lot ;-)
Yeah, I think it comes from pgsql-performance. I just got one
mentioning an address to which I had responded some minutes before.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
On Wed, Dec 19, 2007 at 11:15:37AM -0500, Tom Lane wrote:
hoping to draw responses from careless people? I've heard of web
comment-spammers who try to get other people to decode captchas
for them this way.
Yes. This is the latest spammer trick. They get people all over the globe
to decode the captchas. It's way easier than programming to decode the
captchas (which itself isn't that hard -- there are plenty of toolkits out
there that will decode such things for you).
A
I wrote:
Adding to my suspicion is that I don't recall having seen one of these
personally,
I take that back --- some digging in my mail logs shows that I have
gotten a few of these, but they went straight to /dev/null because
my spam filters thought they were a virus. Have you checked whether
that "gif" is really an image, rather than a bit of malware?
The mail-log trace of the last such attempt is pretty interesting too:
Dec 16 13:05:16 sss2 sm-mta[27362]: lBGI5G1g027362: infotecnica.com.br [201.35.247.5] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 16 13:05:16 sss2 sm-mta[27363]: lBGI5GFn027363: infotecnica.com.br [201.35.247.5] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 16 13:05:17 sss2 sm-mta[27365]: lBGI5HIe027365: infotecnica.com.br [201.35.247.5] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 16 13:05:52 sss2 sm-mta[27368]: lBGI5n2G027368: from=<root@infotecnica.com.br>, size=27892, class=0, nrcpts=1, msgid=<200712161805.lBGI59uu016307@infotecnica.com.b
r>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=infotecnica.com.br [201.35.247.5]
Dec 16 13:05:52 sss2 sm-mta[27369]: lBGI5n2G027368: to="|/usr/local/bin/procmail -tYf- || exit 75 #tgl", ctladdr=<tgl@sss.pgh.pa.us> (301/20), delay=00:00:02, xdelay=0
0:00:00, mailer=prog, pri=58095, dsn=2.0.0, stat=Sent
Since 11 December there are consistently three no-op connections before
anything actually happens, which adds a whole new layer of incompetence
that could be charged against whoever is running this, if it actually is
a mail server --- which I grow increasingly dubious of. I also see a
whole lot of connection attempts in the preceding months in which
nothing was *ever* sent, just "did not issue MAIL" reports in bursts of
three.
Looks like spamhaus.org was blocking them for portions of last month,
too, so other people have been unhappy about this as well.
Whoever these people are, I've seen enough; I'm off to add this IP
address to my local permanent blacklist.
regards, tom lane