2002-11-07 10:16:07

by Majordomo

[permalink] [raw]
Subject: Majordomo results

--

>>>> auth 27467a8e subscribe linux-kernel [email protected]
Succeeded.


2002-11-07 10:22:18

by Ketil Froyn

[permalink] [raw]
Subject: Re: Majordomo results

On Thu, 7 Nov 2002, [email protected] wrote:

> --
>
> >>>> auth 27467a8e subscribe linux-kernel [email protected]
> Succeeded.

This could get interesting...

Ketil

2002-11-07 10:29:09

by Russell King

[permalink] [raw]
Subject: Re: Majordomo results

On Thu, Nov 07, 2002 at 11:26:19AM +0100, Ketil Froyn wrote:
> On Thu, 7 Nov 2002, [email protected] wrote:
> > >>>> auth 27467a8e subscribe linux-kernel [email protected]
> > Succeeded.
>
> This could get interesting...

No it won't. davem has put protection against such mail loops into
this version of majordomo. Its a real shame that people are so stupid
that they try this.

--
Russell King ([email protected]) The developer of ARM Linux
http://www.arm.linux.org.uk/personal/aboutme.html

2002-11-07 10:38:23

by Matti Aarnio

[permalink] [raw]
Subject: Re: Majordomo results

On Thu, Nov 07, 2002 at 10:35:45AM +0000, Russell King wrote:
> On Thu, Nov 07, 2002 at 11:26:19AM +0100, Ketil Froyn wrote:
> > On Thu, 7 Nov 2002, [email protected] wrote:
> > > >>>> auth 27467a8e subscribe linux-kernel [email protected]
> > > Succeeded.
> > This could get interesting...
>
> No it won't. davem has put protection against such mail loops into
> this version of majordomo. Its a real shame that people are so stupid
> that they try this.

It just generates looped messages that are bounced to the list owner.
Subscriber's message had these headers: (yes, we do log EVERYTHING
sent to Majordomo.. We don't log everything sent to the lists, though.
There are a number of archives for that.)

>From [email protected] Thu Nov 7 05:16:02 2002
Received: from h24-77-26-115.gv.shawcable.net ([24.77.26.115]:49803 "EHLO
completely") by vger.kernel.org with ESMTP id <S266438AbSKGKQC>;
Thu, 7 Nov 2002 05:16:02 -0500
Received: from ryan by completely with local (Exim 3.36 #1 (Debian))
id 189jo9-0004J3-00
for <[email protected]>; Thu, 07 Nov 2002 02:22:41 -0800
From: Foo Bar <[email protected]>
To: [email protected]
Date: Thu, 7 Nov 2002 02:22:41 -0800
User-Agent: KMail/1.4.7-cool
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[email protected]>
Sender: Ryan Cumming <[email protected]>
Return-Path: <[email protected]>


> Russell King ([email protected]) The developer of ARM Linux
> http://www.arm.linux.org.uk/personal/aboutme.html

/Matti Aarnio -- co-postmaster of vger.kernel.org

2002-11-07 11:35:34

by William Lee Irwin III

[permalink] [raw]
Subject: Re: Majordomo results

On Thu, Nov 07, 2002 at 10:35:45AM +0000, Russell King wrote:
>> No it won't. davem has put protection against such mail loops into
>> this version of majordomo. Its a real shame that people are so stupid
>> that they try this.

On Thu, Nov 07, 2002 at 12:44:55PM +0200, Matti Aarnio wrote:
> It just generates looped messages that are bounced to the list owner.
> Subscriber's message had these headers: (yes, we do log EVERYTHING
> sent to Majordomo.. We don't log everything sent to the lists, though.
> There are a number of archives for that.)

Could these DoS attempts get filtered somehow?


Thanks,
Bill

2002-11-07 12:06:52

by Matti Aarnio

[permalink] [raw]
Subject: Re: Majordomo results

On Thu, Nov 07, 2002 at 03:39:38AM -0800, William Lee Irwin III wrote:
> On Thu, Nov 07, 2002 at 12:44:55PM +0200, Matti Aarnio wrote:
> > It just generates looped messages that are bounced to the list owner.
> > Subscriber's message had these headers: (yes, we do log EVERYTHING
> > sent to Majordomo.. We don't log everything sent to the lists, though.
> > There are a number of archives for that.)
>
> Could these DoS attempts get filtered somehow?

Sorry, its me talking "majordomo" -- when a filter is triggered,
a "BOUNCE" is sent to the listowner(s) for their analysis and decission.

So yes, they are filtered already by way of a loop filter we have
introduced, because every now and then people use MTA/MUA softwares
that make a mistake at receiving a message and consider visible
"To:" and "Cc:" headers to carry relevant data for message routing..

Think a bit of this message; "To:" says "linux-kernel@vger", but
it will nevertheless be sent to thousands of recipients whose
addresses are not visible in these headers at all.
The Internet Email is routed and transported by SMTP-envelope data,
which in normal cases is not displayed in visible headers.
Things in these visible headers have at most incidental relationship
with actual message routing and destinations.

> Thanks,
> Bill

/Matti Aarnio

2002-11-07 15:47:44

by Rik van Riel

[permalink] [raw]
Subject: Re: Majordomo results

On Thu, 7 Nov 2002, William Lee Irwin III wrote:

> Could these DoS attempts get filtered somehow?

Come on, if Ryan Cumming wants to make an ass out of himself,
why shouldn't he be allowed to ? ;)

Rik
--
A: No.
Q: Should I include quotations after my reply?

http://www.surriel.com/ http://distro.conectiva.com/

2002-11-07 19:31:33

by Ian Soboroff

[permalink] [raw]
Subject: Re: Majordomo results

Rik van Riel <[email protected]> writes:

> On Thu, 7 Nov 2002, William Lee Irwin III wrote:
>
>> Could these DoS attempts get filtered somehow?
>
> Come on, if Ryan Cumming wants to make an ass out of himself,
> why shouldn't he be allowed to ? ;)

It might be an innocent fat-finger problem... I use a digestifying
mailing list gateway to get lkml and almost comitted this error
myself...

ian