We've gotten hundreds of these in the past few days. Seems like a
possible reflection attack where a third party tries to subscribe a
bunch of peoples' SMS numbers to flood them with confirm emails. I
think I solved this by blocking {sms,txt}.att.net addresses from
joining all our lists, like this:
$ cat ~/setbanlist
mlist.ban_list.extend(['^.*(a)txt.att.net$', '^.*(a)mms.att.net$'])
$ for list in $(cd /var/lib/mailman/lists/; ls -1 .); do sudo -u list
/usr/lib/mailman/bin/config_list -i ~/setbanlist $list; done
---------- Forwarded message ----------
From: <mailman-bounces(a)lists.sudoroom.org>
Date: Thu, Sep 17, 2015 at 2:05 PM
Subject: Uncaught bounce notification
To: kopimism-owner(a)lists.sudoroom.org
The attached message was received as a bounce, but either the bounce
format was not recognized, or no member addresses could be extracted
from it. This mailing list has been configured to send all
unrecognized bounce messages to the list administrator(s).
For more information see:
https://sudoroom.org/lists/admin/kopimism/bounce
---------- Forwarded message ----------
From: postmaster(a)txt.att.net
To: kopimism-bounces(a)lists.sudoroom.org
Cc:
Date: Thu, 17 Sep 2015 17:05:17 -0400
Subject: Unable to deliver message.
This Message was undeliverable due to the following reason: the
subscriber has restricted e-mail to <2524063603(a)mms.att.net> Please
reply to <Postmaster(a)txt.att.com> if you feel this message to be in
error.
---------- Forwarded message ----------
From:
To:
Cc:
Date:
Subject:
X-Cloudmark-Analysis: v=2.1 cv=COG5A3bD c=1 sm=1 tr=0
a=ZBztKQGkLF0/oa+oqHGvRQ==:117 a=ZBztKQGkLF0/oa+oqHGvRQ==:17 a=yQttzFEoAAAA:8
a=IkcTkHD0fZMA:10 a=ff-B7xzCdYMA:10 a=HZJGGiqLAAAA:8 a=NAi6eCUdRxSACJAc2A8A:9
a=QEXdDO2ut3YA:10 a=2tg8LeLMCKAA:10
Reply-To: <kopimism-request(a)lists.sudoroom.org>
Received: from sudoroom.org (localhost [127.0.0.1])
by sudoroom.org (sudoroom.org) with ESMTP id 6EB4BC51E7
for <2524063603(a)mms.att.net>; Thu, 17 Sep 2015 14:05:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.sudoroom.org;
s=2015lsrmail; t=1442523916;
bh=V2CU0/Ow2AtF5wCp2S9Jg0/gHMqbPCpWkyjVxvZy0os=;
h=From:To:Subject:Reply-To:Date:List-Id:From;
b=UKDnKUqf8MbDX3hjti0F5VW3smcEgTP6ufYi8NmY/S/BLTdtZYnVF81KOLlwAmITS
MF+1re2vjeOCSEqsZMV/IbRcTyGl6aZWrooT4+YFd4xV1bqLBkxMM7/qGFkbPTQOAO
Mg5g3/jeHHuORnA8mpbYeOK1FZL8jbLRdUEVBEHU=
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
From: kopimism-request(a)lists.sudoroom.org
To: 2524063603(a)mms.att.net
Subject: confirm cd7f76f284b5301e946d2f49092129c1fc028ad5
Reply-To: kopimism-request(a)lists.sudoroom.org
Auto-Submitted: auto-generated
Message-ID: <mailman.0.1442523915.18507.kopimism(a)lists.sudoroom.org>
Date: Thu, 17 Sep 2015 14:05:15 -0700
Precedence: bulk
X-BeenThere: kopimism(a)lists.sudoroom.org
X-Mailman-Version: 2.1.18
List-Id: All information should be freely distributed and unrestricted
<kopimism.lists.sudoroom.org>
X-List-Administrivia: yes
Errors-To: kopimism-bounces(a)lists.sudoroom.org
Sender: "Kopimism" <kopimism-bounces(a)lists.sudoroom.org>
Jenny posted in the sudo meeting minutes that the humans app is "borked".
Not sure what this means yet, waiting for more details.
However, if anyone has any knowledge or reason why this may be the case,
please let me know.
Is anyone willing to look into it now or later (once we have more info?
// Matt
