We've gotten hundreds of these in the past few days. Seems like a
possible reflection attack where a third party tries to subscribe a
bunch of peoples' SMS numbers to flood them with confirm emails. I
think I solved this by blocking {sms,txt}.att.net addresses from
joining all our lists, like this:
$ cat ~/setbanlist
mlist.ban_list.extend(['^.*(a)txt.att.net$', '^.*(a)mms.att.net$'])
$ for list in $(cd /var/lib/mailman/lists/; ls -1 .); do sudo -u list
/usr/lib/mailman/bin/config_list -i ~/setbanlist $list; done
---------- Forwarded message ----------
From: <mailman-bounces(a)lists.sudoroom.org>
Date: Thu, Sep 17, 2015 at 2:05 PM
Subject: Uncaught bounce notification
To: kopimism-owner(a)lists.sudoroom.org
The attached message was received as a bounce, but either the bounce
format was not recognized, or no member addresses could be extracted
from it. This mailing list has been configured to send all
unrecognized bounce messages to the list administrator(s).
For more information see:
https://sudoroom.org/lists/admin/kopimism/bounce
---------- Forwarded message ----------
From: postmaster(a)txt.att.net
To: kopimism-bounces(a)lists.sudoroom.org
Cc:
Date: Thu, 17 Sep 2015 17:05:17 -0400
Subject: Unable to deliver message.
This Message was undeliverable due to the following reason: the
subscriber has restricted e-mail to <2524063603(a)mms.att.net> Please
reply to <Postmaster(a)txt.att.com> if you feel this message to be in
error.
---------- Forwarded message ----------
From:
To:
Cc:
Date:
Subject:
X-Cloudmark-Analysis: v=2.1 cv=COG5A3bD c=1 sm=1 tr=0
a=ZBztKQGkLF0/oa+oqHGvRQ==:117 a=ZBztKQGkLF0/oa+oqHGvRQ==:17 a=yQttzFEoAAAA:8
a=IkcTkHD0fZMA:10 a=ff-B7xzCdYMA:10 a=HZJGGiqLAAAA:8 a=NAi6eCUdRxSACJAc2A8A:9
a=QEXdDO2ut3YA:10 a=2tg8LeLMCKAA:10
Reply-To: <kopimism-request(a)lists.sudoroom.org>
Received: from sudoroom.org (localhost [127.0.0.1])
by sudoroom.org (sudoroom.org) with ESMTP id 6EB4BC51E7
for <2524063603(a)mms.att.net>; Thu, 17 Sep 2015 14:05:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.sudoroom.org;
s=2015lsrmail; t=1442523916;
bh=V2CU0/Ow2AtF5wCp2S9Jg0/gHMqbPCpWkyjVxvZy0os=;
h=From:To:Subject:Reply-To:Date:List-Id:From;
b=UKDnKUqf8MbDX3hjti0F5VW3smcEgTP6ufYi8NmY/S/BLTdtZYnVF81KOLlwAmITS
MF+1re2vjeOCSEqsZMV/IbRcTyGl6aZWrooT4+YFd4xV1bqLBkxMM7/qGFkbPTQOAO
Mg5g3/jeHHuORnA8mpbYeOK1FZL8jbLRdUEVBEHU=
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
From: kopimism-request(a)lists.sudoroom.org
To: 2524063603(a)mms.att.net
Subject: confirm cd7f76f284b5301e946d2f49092129c1fc028ad5
Reply-To: kopimism-request(a)lists.sudoroom.org
Auto-Submitted: auto-generated
Message-ID: <mailman.0.1442523915.18507.kopimism(a)lists.sudoroom.org>
Date: Thu, 17 Sep 2015 14:05:15 -0700
Precedence: bulk
X-BeenThere: kopimism(a)lists.sudoroom.org
X-Mailman-Version: 2.1.18
List-Id: All information should be freely distributed and unrestricted
<kopimism.lists.sudoroom.org>
X-List-Administrivia: yes
Errors-To: kopimism-bounces(a)lists.sudoroom.org
Sender: "Kopimism" <kopimism-bounces(a)lists.sudoroom.org>
Jenny posted in the sudo meeting minutes that the humans app is "borked".
Not sure what this means yet, waiting for more details.
However, if anyone has any knowledge or reason why this may be the case,
please let me know.
Is anyone willing to look into it now or later (once we have more info?
// Matt
We're finally getting the new access points configured.
They all have the same SSID: peoplesopen.net
They are all on the mesh subnet: 100.64.0.0/10
In fact they will be on their own chunk of the mesh subnet: 100.64.64.0/22
In order to make that work without having to use VLANs, we installed a new
PCI card in the sudo mesh gateway which provides two additional gigabit
ethernet interfaces.
One of these interfaces (eth2) now has the IP 100.64.64.1 and it is giving
out IPs with DHCP from 100.64.64.50 and to the end of our local chunk of
mesh subnet.
The large gigabit ethernet switch we had been using for everything is now
being used for the 100.64.x.x subnet and the smaller gigabit switch on top
of it is now used for the 192.168.x.x subnet.
I'm calling it a night now but the plan is to link our local 100.64.x.x
subnet to the wider mesh with an auto-re-establishing tunnel from the sudo
gateway and to isolate the 100.64.x.x and 192.168.x.x subnets in such a way
that people on 192.168 can establish new connections to the mesh but the
mesh cannot establish new connections to 192.168. We can then simply hook
up any local services (like printers) to 192.168 and the wider mesh won't
use all our toner printing cat pictures.
We've only configured one of the wifi routers correctly so far (the one in
CCL) but copying the config is easy so the others will follows shortly.
The sudomesh access point in sudo room is still on 192.168
--
marc/juul