Mailman 2.1.24 Recurring Pending Requests
Some time ago, spam received from a faked address.
Admin email received 8am each morning listing the pending posts from non-members.
Go in and:
- select 'Reject' on each post
- add the faked sender to the block from subscribing filter
- submit all data
Mailman reports "There are no pending requests."
Tomorrow the same thing happens reporting the same historic date of the non-member post.
- Have checked mailserver logs; not being received daily
- Have added fake addresses to upstream anti-spam blacklist
So, narrowing-down, seems Mailman has groundhog day syndrome?
On 1/1/21 1:55 AM, jackson@encompasserve.org wrote:
Admin email received 8am each morning listing the pending posts from non-members.
Go in and:
- select 'Reject' on each post
- add the faked sender to the block from subscribing filter
- submit all data
Mailman reports "There are no pending requests."
Tomorrow the same thing happens reporting the same historic date of the non-member post.
See the FAQ article at <https://wiki.list.org/x/8683538>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Fri, 1 Jan 2021, Mark Sapiro wrote:
On 1/1/21 1:55 AM, jackson@encompasserve.org wrote:
Admin email received 8am each morning listing the pending posts from non-members.
Mailman reports "There are no pending requests."
Tomorrow the same thing happens reporting the same historic date of the non-member post.
See the FAQ article at <https://wiki.list.org/x/8683538>.
The list was indeed migrated from one instance to another.
Surely the requests need to be cleared-out of the instance doing the email reporting.
On both, Mailman reports "There are no pending requests."
The following day, another email and recurrence of the same dated requests recur needing to be discarded.
Sure, removing the cron jobs would stop the attend-to emails but can't be the root cause since each morning those same old spams would be there needing to be discarded (again).
On 1/1/21 11:48 AM, jackson@encompasserve.org wrote:
The list was indeed migrated from one instance to another.
Surely the requests need to be cleared-out of the instance doing the email reporting.
On both, Mailman reports "There are no pending requests."
The following day, another email and recurrence of the same dated requests recur needing to be discarded.
Then neither of those instances is the one sending the notices. You need to look at the chain of Received: headers in the notice to find the IP of the server that is originating them. Then you have to find all the Mailman installations on that server to see which one has the list with the pending request.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Fri, 1 Jan 2021, Mark Sapiro wrote:
On 1/1/21 11:48 AM, jackson@encompasserve.org wrote:
Then neither of those instances is the one sending the notices. You need to look at the chain of Received: headers in the notice to find the IP of the server that is originating them. Then you have to find all the Mailman installations on that server to see which one has the list with the pending request.
There's only a single Mailman installation on each of the instances.
True, 'A' is sending the email but 'B' has them held in the web UI.
At the risk of exhausting everyone's patience...
What I'm still struggling with is why tomorrow, 'A' will email (I'll go in on web admin on 'A' there'll be nothing there). I go in on admin on 'B' the exact ones reported in the 'A's email will be there, I'll discard them, 'B' will then say none pending, then tomorrow the cycle repeats.
On 1/1/2021 1:43 PM, jackson@encompasserve.org wrote:
There's only a single Mailman installation on each of the instances.
True, 'A' is sending the email but 'B' has them held in the web UI.
You're not sharing a mailman directory between two instances, are you? Or, are there some mail forwards that make the mail -look- like it from A?
z!
It was a helpful suggestion.
Pipermail archiving directory hierarchy is out on NAS and is shared however long-ago changes whould have broken archiving. A non-member held post wouldn't be archived but thinking along the same lines I had wondered about nightly NAS backup/restore. System files are not shared and not under any nightly schedule.
Thanks.
On 1/1/21 1:43 PM, jackson@encompasserve.org wrote:
What I'm still struggling with is why tomorrow, 'A' will email (I'll go in on web admin on 'A' there'll be nothing there). I go in on admin on 'B' the exact ones reported in the 'A's email will be there, I'll discard them, 'B' will then say none pending, then tomorrow the cycle repeats.
Please send me one of these email notices off list. I need to see all the headers from the raw message source. I'll see what I can see from that.
I do have an issue understanding what's happening. If you get a notice about pending requests and go to "B" and the requests are there and you delete them, how is it that they reappear on "B"? That's the part I don't understand.
I suspect part of this is DNS issues possibly combined with action URLs in web forms containing a host name which doesn't point to the current host. I.e., you go to http://B/mailman/admindb/LIST and the action URL for the "submit" button actually points to "A".
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Fri, 1 Jan 2021, Mark Sapiro wrote:
On 1/1/21 1:43 PM, jackson@encompasserve.org wrote:
What I'm still struggling with is...
Please send me one of these email notices off list. I need to see all the headers from the raw message source. I'll see what I can see from that.
Thanks very much, doing so by pm...
I do have an issue understanding what's happening. If you get a notice about pending requests and go to "B" and the requests are there and you delete them, how is it that they reappear on "B"? That's the part I don't understand.
I suspect part of this is DNS issues possibly combined with action URLs in web forms containing a host name which doesn't point to the current host. I.e., you go to http://B/mailman/admindb/LIST and the action URL for the "submit" button actually points to "A".
I did migrate the list from one instance to another years ago. In diagnosing the recent spamming, I did find an error: Mail was still being sent to the old instance. I corrected on 13th December.
Each morning I get attend-to pending requests for two spams, on on either side of directing mail to the correct instance.
So this is increasingly beginning to sound like inconsistent DNS aliases or /etc/host hostname or alias references.
According to the headers, the attend-to emails are being sent by the old instance, 'A'.
The recipient of the emails is the list administrator on the new instance, 'B'.
'B' forwards to the mail host 'C' which delivers to the instance on which I read mail (which happens to be 'A').
Going-in on 'B', nothing is pending there.
Going-in on 'A', I clear them. Tomorrow, they reappear with exactly the same submission dates; one before I corrected the inbound mail routing and one after.
Am I confused? Boy am I confused!
On 1/2/21 11:56 AM, jackson@encompasserve.org wrote:
Going-in on 'A', I clear them. Tomorrow, they reappear with exactly the same submission dates; one before I corrected the inbound mail routing and one after.
When you go to the admindb interface on "A", view the source of the page. On the source of the page you should see a FORM tag with an action=URL and method="POST". Is the host in the action=URL something that resolves to "A" or does it go to "B"?
Also, when you clear them on "A" if you look in the address bar of the resultant "There are no pending requests ..." page did that page come from "A" or "B"?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Sat, 2 Jan 2021, Mark Sapiro wrote:
On 1/2/21 11:56 AM, jackson@encompasserve.org wrote:
When you go to the admindb interface on "A", view the source of the page. On the source of the page you should see a FORM tag with an action=URL and method="POST". Is the host in the action=URL something that resolves to "A" or does it go to "B"?
Having made just the one change to a temporary copy of the filled pending requests form on 'A', changing the submission to 'A' there were two give-aways:-
This time "Database Updated..." appeared at the top left of the "There are no pending requests" confirmation response page.
I did *not* have to give a password again between originally accessing the attending-to pending requests page and having submitted the form.
The need to login again after having submitted the form, and the absence of "Database Updated..." in the "There are no pending requests" should have been a dead give-away that:
This is an example of Mailman having been migrated from A to B
A is displaying post-migration pages so form submits go to B
Inbound mail continued to be routed to A post-migration
After inbound mail was routed to B, mail is still in A's DB
To purge mail still in A's DB the submission needs to go to A
Thank you.
participants (3)
-
Carl Zwanzig -
jackson@encompasserve.org -
Mark Sapiro