[Mailman-Developers] Absentee list owners become suicide
mail-bombers
John A. Martin
jam at jamux.com
Mon Aug 18 11:51:53 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What defenses does Mailman have against suicide mail-bomber attacks?
The suicide mail-bomber has a number of list-owner addresses for which
the receiving MTAs take delivery and subsequently send a "Mail
Delivery Warning" mail message back to the list admin address which,
of course, Mailman sends on to the list owner addresses and so forth.
Pretty picture, no?
A real world example of this on a legacy mailman-2.0.13 installation
seems to have been triggered by a single "pending requests" mail
message with two list-owner recipient addresses, both bouncing by
means of non-standard mail messages. Eighteen to twenty hours later
Mailman and Postfix were muddling along happily enough with large
queues but building abnormally large log files. The Mailman qfiles
were increasing at the rate of 3-4 pairs per second.
Would it not be a good idea to rate-limit mail messages from the list
admin address to the list-owner address(es)? And eventually, to block
incoming admin mail?
For installations that have VERP, VERP all admin mail, do fairly
aggressive "bounce handling" on list-owner addresses, and, when all
such addresses are disabled, block receipt of all list mail?
Another problem I see frequently with absentee/negligent list owners
is large accumulations of pending mail and requests. I have reason to
suspect that many list owners direct their list-owner mail to
/dev/null (or whatever the Windows equivalent is, these seem to be
mostly Windows addicts). How about a monthly reminder for list owners
that requires a positive response within a parameterized time or the
list will be automatically disabled?
jam
-----BEGIN PGP SIGNATURE-----
iD8DBQE/QOfbUEvv1b/iXy8RAjv/AJ9Mx9hebEBzOVErXrjM8KLAEBc+EwCfaxjh
5bUmFss5Lvuzlcg0Rqrqqms=
=ZL/8
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list