Opened 4 years ago

Closed 3 years ago

#2152 closed task (worksforme)

Mailman: mass "Bounce action notification" ongoing

Reported by: neteler Owned by: sac@…
Priority: blocker Milestone: Sysadmin Contract 2018-I
Component: Systems Admin Keywords:
Cc:

Description

As the list admin of grass-user I current get hundreds of "Bounce action notification" emails.

Even for my own account I received 50min ago (server time: Apr 16 06:42:50 osgeo6):


---------- Forwarded message ----------
From:  <mailman@lists.osgeo.org>
Date: Mon, Apr 16, 2018 at 3:40 PM
Subject: Bounce action notification
To: grass-user-owner@lists.osgeo.org


This is a Mailman mailing list bounce action notice:

    List:       grass-user
    Member:     neteler@osgeo.org
    Action:     Subscription disabled.
    Reason:     Excessive or fatal bounces.

...

Your membership in the mailing list grass-user has been disabled due
to excessive bounces The last bounce received from you was dated
16-Apr-2018.  You will not get any more messages from this list until
you re-enable your membership.  You will receive 3 more reminders like
this before your membership in the list is deleted.

To re-enable your membership, you can simply respond to this message
(leaving the Subject: line intact), or visit the confirmation page at

    https://lists.osgeo.org/mailman/confirm/grass-user/949e86c4a1f8bfb....xxx

...

Quite weird. No idea how to check that on the list server... are we under attack?

Change History (9)

comment:1 Changed 4 years ago by neteler

Apparently more core developers are affected (the person is know to me):

---------- Forwarded message ----------
From: Anna  <xxxxx@gmail.com>
Date: Mon, Apr 16, 2018 at 4:46 PM
Subject: question about excessive bounces
To: grass-user-owner@lists.osgeo.org

Hi,

I got an email from grass-user-request@lists.osgeo.org that my
membership in mailing list grass-user has been disabled due to
excessive bounces, with the last bounce today, but I haven't sent any
message for couple weeks now. Could you provide me with more
information about that?

Thank you,

Was mailman differently configured recently?

comment:2 Changed 4 years ago by neteler

As per IRC chat with TemptorSent:

<TemptorSent> I think what's happening is that mailman is resending messages with the id of the sender, which is getting blocked because of DKIM/DMARC (yahoo.com.br is known for spammers), which is then causing a bounce to every recipient it tries sending to.

<TemptorSent> This may be an issue with the way mailman handles rewriting author lines.

<TemptorSent> The questionable domain showing up in the From or From: line are likely the trigger.

Example copied here for reference:

---------- Forwarded message ----------
From: Mail Delivery System <MAILER-DAEMON@osgeo6.osgeo.osuosl.org>
To: grass-user-bounces@lists.osgeo.org
Cc: 
Bcc: 
Date: Mon, 16 Apr 2018 06:33:04 -0700 (PDT)
Subject: Undelivered Mail Returned to Sender
This is the mail system at host lists.osgeo.org.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<neteler.osgeo@gmail.com> (expanded from <neteler@osgeo.org>): host
    gmail-smtp-in.l.google.com[74.125.197.26] said: 550-5.7.1 Unauthenticated
    email from yahoo.com.br is not accepted due to 550-5.7.1 domain's DMARC
    policy. Please contact the administrator of 550-5.7.1 yahoo.com.br domain
    if this was a legitimate mail. Please visit 550-5.7.1
    https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1
    DMARC initiative. e6si10463926pfn.174 - gsmtp (in reply to end of DATA
    command)

Final-Recipient: rfc822; neteler.osgeo@gmail.com
Original-Recipient: rfc822;neteler@osgeo.org
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 Unauthenticated email from yahoo.com.br is not
    accepted due to 550-5.7.1 domain's DMARC policy. Please contact the
    administrator of 550-5.7.1 yahoo.com.br domain if this was a legitimate
    mail. Please visit 550-5.7.1
    https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1
    DMARC initiative. e6si10463926pfn.174 - gsmtp

Triggering email (which does not contain any spam!):

https://lists.osgeo.org/pipermail/grass-user/2018-April/078097.html

comment:3 Changed 4 years ago by neteler

Found a script to enable delivery for all members or all those in a given domain or those named members whose delivery is disabled by bounce:

(Source: https://mail.python.org/pipermail/mailman-users/2011-August/072096.html)

https://fog.ccsf.edu/~msapiro/scripts/

--> reset_bounce.py

Please check if I can use it or not.

comment:4 Changed 4 years ago by neteler

(see also #2123 for an open "update mailman" ticket)

comment:5 in reply to:  3 Changed 4 years ago by neteler

Replying to neteler:

Found a script to enable delivery for all members or all those in a given domain or those named members whose delivery is disabled by bounce:

(Source: https://mail.python.org/pipermail/mailman-users/2011-August/072096.html)

https://fog.ccsf.edu/~msapiro/scripts/

--> reset_bounce.py

Please check if I can use it or not.

Installed as: /usr/lib/mailman/bin/reset_bounce.py

Seems to work:

# test run with myself:
withlist -r reset_bounce grass-user --user=neteler@osgeo.org --verbose
Importing reset_bounce...
Running reset_bounce.reset_bounce()...
Loading list grass-user (unlocked)
List grass-user: Reset 1 bouncing members.
Finalizing

Looks good. Now reset of all bounced members of the grass-user list:

withlist -r reset_bounce grass-user  --verbose
Importing reset_bounce...
Running reset_bounce.reset_bounce()...
Loading list grass-user (unlocked)
List grass-user: Reset 341 bouncing members.
Finalizing

Kudos to M. Sapiro (https://fog.ccsf.edu/~msapiro/scripts/)!

Question: how to avoid that this happens again?

comment:6 Changed 4 years ago by neteler

Here the original mail header (some entries anonymized):

Fetched with

mutt -f /var/lib/mailman/archives/private/grass-user.mbox/grass-user.mbox

Offending email header:

From xxxxxxxx@yahoo.com.br  Mon Apr 16 06:33:02 2018
Return-Path: <xxxxxxxx@yahoo.com.br>
Received: from yyyyyy.consmr.mail.ne1.yahoo.com
 (yyyyyy.consmr.mail.ne1.yahoo.com [66.163.188.zzz])
 by lists.osgeo.org (Postfix) with ESMTP id C15726146815
 for <grass-user@lists.osgeo.org>; Mon, 16 Apr 2018 06:33:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.br; s=s2048;
 t=1523885582; bh=bw4w4djnF5a7Ke6t0w86qFpl+h5Y1hyGJ+IiWnJtdk0=;
 h=Date:From:To:Subject:References:From:Subject;
 b=CJnHdzNF3LzyVXz7GoOjdcx2/J4RIxZRqE1eJxjj08MhCSUun+vt7S85zcetsjR8N3knTrHJkr2UiOur9GbsJ75pouVfTLFG5VAsTJhN8wOtQ/6UTijpO5mM9AspDJfcGwlsCixEeYg8kXd8F4+Uau9tuS5W
X-YMail-OSG: C7Q3YzAVM1ltzMvHh8Ljsp6IuJ_HSWp8hSipfddIfaRSq_JkmQUSzNITjKB2UJG
 R9xPj2uiF4WqJPOaQPpSApV48oblDBmfHNkh07q0o4y0ZYofFvFCBY.H.pT8YA5oJtbdIH1hUtSn
 0sp5aISAwXl7FsxN_roIAzU.2GSGOklh1JD7Rhzuou_sRDFQdRR1qod991JBZsmZ9LC9zdGVvQ44
 JznC8Y8lIWZBINlcUQzFPDRj6LWoow8qH0L4Sh33tCR3wgCQt53L6vrCJuJS6Tx1HGpekibk1Jvy
 H5IB0G7t4C8wBBsMUA9Xmj87OhGu3dI42ER6_T6C3VOpF3D06EXQVa1IY2wMlXjWPDCDCCBDhMrp
 ooAsQi4SMwWL6kF0aWM2peyH_zSTO591PhGxwTRlTDb7qdXEJn0rv0vynx.aN75ShGKhvcISPL1d
 bUnBHcwx_WhuqH2oaLBpbO2.evtXP_ZFly4dOTFWPtahkaqvJJ3bItCXHTkowRzXbgMSSGbA-
Received: from sonic.gate.mail.ne1.yahoo.com by
 wwwww.consmr.mail.ne1.yahoo.com with HTTP; Mon, 16 Apr 2018 13:33:02 +0000
Date: Mon, 16 Apr 2018 13:32:49 +0000 (UTC)
From: someone <xxxxxxxx@yahoo.com.br>
To: GRASS User List <grass-user@lists.osgeo.org>
Message-ID: <gggggggg.864439.1523885569147@mail.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_Part_ggggggg_122307701.1523885569146"
References: <ggggggg.864439.1523885569147.ref@mail.yahoo.com>
X-Mailer: WebService/1.1.11782 YMailNorrin Mozilla/5.0 (X11;
 Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko)
 Chrome/64.0.3282.119 Safari/537.36
Subject: [GRASS-user] g.region on different mapsets of the same location
X-BeenThere: grass-user@lists.osgeo.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: GRASS GIS user list <grass-user.lists.osgeo.org>
List-Unsubscribe: <https://lists.osgeo.org/mailman/options/grass-user>,
 <mailto:grass-user-request@lists.osgeo.org?subject=unsubscribe>
List-Archive: <http://lists.osgeo.org/pipermail/grass-user/>
List-Post: <mailto:grass-user@lists.osgeo.org>
List-Help: <mailto:grass-user-request@lists.osgeo.org?subject=help>
List-Subscribe: <https://lists.osgeo.org/mailman/listinfo/grass-user>,
 <mailto:grass-user-request@lists.osgeo.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Apr 2018 13:33:03 -0000
Status: RO

------=_Part_864438_122307701.1523885569146
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

[...]

comment:7 Changed 4 years ago by neteler

comment:8 Changed 3 years ago by robe

is this still an issue?

comment:9 Changed 3 years ago by neteler

Resolution: worksforme
Status: newclosed

Since then no more problems, closing.

Note: See TracTickets for help on using tickets.