Issue #10929: Remove spam from perl-devel list - fedora-infrastructure

fedora-infrastructure

#10929 Remove spam from perl-devel list

Closed: Will Not/Can Not fix a year ago by smooge. Opened 2 years ago by ppisar.

perl-devel list received two spam messages:

https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org/message/MYYIVOUQNI6TXTDIIQDJT6SVP4SLDPAL/
https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org/message/QSL2FLZ2Q6E4HC4WHUBNBLCDUHO5NOEB/

Please remove.

Again the cause is a blanket approval for fedoraproject.org sender's domain in Fedora's Hyperkity instance.

smooge commented 2 years ago

This list is set to

Default action to take when a non-member posts to thelistHold for moderation

so it should have checked to see if the person was subscribed. I don't see anywhere that says it will accept any email from fedoraproject.org but that may be being blind.

smooge commented 2 years ago

I have removed the spam from the list. There is definitely a config issue going on to accepting these emails as what I saw in the logs was:

Oct  7 04:05:01 smtp-mm-osuosl01 postfix/smtpd[10303]: connect from mail-pl1-f194.google.com[209.85.214.194]
Oct  7 04:05:01 smtp-mm-osuosl01 postfix/smtpd[10303]: Trusted TLS connection established from mail-pl1-f194.google.com[209.85.214.194]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Oct  7 04:05:01 smtp-mm-osuosl01 postfix/smtpd[10303]: ED1BF2142F57: client=mail-pl1-f194.google.com[209.85.214.194]
Oct  7 04:05:02 smtp-mm-osuosl01 postfix/cleanup[21978]: ED1BF2142F57: message-id=<633fa531.170a0220.6504c.2aa7.GMR@mx.google.com>
Oct  7 04:05:02 smtp-mm-osuosl01 postfix/qmgr[1331]: ED1BF2142F57: from=<>, size=15154, nrcpt=1 (queue active)
Oct  7 04:05:02 smtp-mm-osuosl01 postfix/smtp[23742]: ED1BF2142F57: to=<perl-devel-bounces@lists.fedoraproject.org>, relay=mailman01.vpn.fedoraproject.org[192.168.1.118]:25, delay=0.53, delays=0.05/0/0.26/0.23, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4C988770626DB)
Oct  7 04:05:02 smtp-mm-osuosl01 postfix/qmgr[1331]: ED1BF2142F57: removed
Oct  7 04:05:34 smtp-mm-osuosl01 postfix/smtpd[10303]: disconnect from mail-pl1-f194.google.com[209.85.214.194]

That should have been either discarded or held so my initial guess was that the person had an account in the system as gmail.com which passed. However if there is a general acceptance going on in the system that would also do it.

smooge commented 2 years ago

So going from the logs, I am wondering if there is a bug in mailman3 for the perl list. I looked at the configs for perl-devel and it says DISCARD. However the action it accomplished was:

Oct 07 09:52:00 2022 (1466) ACCEPT: <20221007025149.DDF68DFD82A6AC12@bentrone.com> {'member_moderation_action': 'accept', 'to_list': True, 'envsender': 'noreply@lists.fedoraproject.org', 'listid': 'perl-devel.lists.fedoraproject.org', 'rule_hits': ['nonmember-moderation'], 'version': 3, 'moderation_sender': 'dropbox@fedoraproject.org', 'rule_misses': ['dmarc-mitigation', 'no-senders', 'approved', 'emergency', 'loop', 'banned-address', 'member-moderation', 'header-match-config-1', 'header-match-config-2', 'header-match-config-3', 'header-match-perl-devel.lists.fedoraproject.org-0', 'header-match-perl-devel.lists.fedoraproject.org-1'], 'moderation_reasons': [('The sender is in the nonmember {} list', 'accept')], 'received_time': datetime.datetime(2022, 10, 7, 9, 51, 56, 326717), 'original_size': 4907, '_parsemsg': False, 'lang': 'en'}
Oct 07 09:52:10 2022 (1468) HyperKitty archived message <20221007025149.DDF68DFD82A6AC12@bentrone.com> to https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org/message/QSL2FLZ2Q6E4HC4WHUBNBLCDUHO5NOEB/

Other lists rejected or discarded it correctly.

Oct 07 09:52:20 2022 (1466) DISCARD: <20221007025150.B980F0D33DB944D2@bentrone.com> {'member_moderation_action': 'discard', 'to_list': True, 'envsender': 'noreply@lists.fedoraproject.org', 'listid': 'secondary.lists.fedoraproject.org', 'rule_hits': ['nonmember-moderation'], 'version': 3, 'moderation_sender': 'dropbox@fedoraproject.org', 'rule_misses': ['dmarc-mitigation', 'no-senders', 'approved', 'emergency', 'loop', 'banned-address', 'member-moderation', 'header-match-config-1', 'header-match-config-2', 'header-match-config-3', 'header-match-secondary.lists.fedoraproject.org-0'], 'moderation_reasons': ['The message is not from a list member'], 'received_time': datetime.datetime(2022, 10, 7, 9, 52, 4, 728255), 'original_size': 4898, '_parsemsg': False, 'lang': 'en'}

ppisar commented 2 years ago

Thanks for removing the messages and looking into the problem.

When I was moderating perl-devel (not the case of these two messages), I noticed that messages sent from an unsubscribed address but from a Fedora domain effectively bypassed moderation queue. I thought it was some list server-global settings. But when you say this does not happen for other lists, I cannot explain it in any way than a bug in the server code.

smooge commented 2 years ago

The only differences I can see between the list secondary where this 'worked' and perl-devel where it didn't were:

secondary is set to no. perl-devel is set to yes

Filter contentYes No
Should Mailman filter the content of list traffic according to the settings below?

secondary is set to discard, perl is set to hold

Default action to take when a non-member posts to thelist
Hold for moderation 
Reject (with notification) 
Discard (no notification) 
Accept immediately (bypass other rules)
 Default processing
When a post from a non-member is received, the message's sender is matched against the list of explicitly accepted, held, rejected (bounced), and discarded addresses. If no match is found, then this action is taken.

Edited 2 years ago by smooge

smooge commented 2 years ago

Looking at the other lists that work. I think it may be that filter-content switch which is breaking things. I can set it to No and we can see if that 'fixes' things.

ppisar commented 2 years ago

You can try it. But then we will have the list full of HTML.

smooge commented 2 years ago

I checked 2 other lists which did not work and they did not have that change. At this point I am thinking there must be a bug in mailman3 we are running that is allowing this through.

Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: low-gain, medium-trouble, ops

2 years ago

ppisar commented 2 years ago

A new spam: https://lists.fedoraproject.org/archives/list/perl-devel@lists.fedoraproject.org/message/TZWMH4XTTPWP763O2PK5HF4Z2LPFWDNJ/

kevin commented a year ago

That spam was cleaned up apparently.

Do we think we have the underlying case fixed? Or is there more to try and do here?

smooge commented a year ago

Yeah I did the clean. I have no idea why the underlying cause is happening. What I can see through the logs is that the email comes in and mailman is just letting it go through its filters without any stops. I don't see anything in the headers or other rules so I am guessing it is either a bug in our ancient version of mailman3 or a hidden setting in our ancient version of mailman3. I am going to close this CANT FIX until we upgrade mailman3

Metadata Update from @smooge:
- Issue close_status updated to: Will Not/Can Not fix
- Issue status updated to: Closed (was: Open)

a year ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

Waiting on Assignee

Boards 1

ops Status: Backlog

fedora-infrastructure

Source Code

#10929 Remove spam from perl-devel list Closed: Will Not/Can Not fix a year ago by smooge. Opened 2 years ago by ppisar.

Metadata

low-gain ops medium-trouble

Boards 1

#10929 Remove spam from perl-devel list

Closed: Will Not/Can Not fix a year ago by smooge. Opened 2 years ago by ppisar.