[sudo-sys] *** SECURITY information for sudoroom.org ***

[yar]

On Mon, Apr 25, 2016 at 4:48 PM, Charley Sheets <rcsheets at acm.org> wrote:
> I find it suspicious that we have list members with what appear to be
> nonsense extensions to their gmail addresses, that are subscribed to
> multiple lists. I suppose it's possible these are legitimate
> extensions, but to me this seems like a sign that we haven't
> sufficiently confirmed these addresses, and that we're thereby
> participating in a mail bomb. For example, there are 72 variations of
> ubercoffeetime+foo at gmail.com (with different values of foo) all in the
> outbound queue right now.
>
> I'd like to investigate how these addresses got added to the lists
> they're on. I don't have much mailman experience, but I'm totally
> willing to learn in order to figure this out.
>
> For now I'm going to put all mail on hold that's currently destined for
> these suspicious-looking addresses.

Ah, yes I remember those mails from a few weeks ago. Those (and
similar) addresses are not actually subscribed to any mailing lists.
When I looked at it, the outbound queue was full of bogus mailman
confirmation emails. So I think mailman is working properly. It will
need to be a postfix filter if we want to avoid reflecting that stuff.
We could also block them from joining lists to avoid wasted cycles,
but that would have to be per-list.