[sudo-sys] *** SECURITY information for sudoroom.org ***
Charley Sheets
rcsheets at acm.org
Mon Apr 25 17:31:33 PDT 2016
On Mon, 25 Apr 2016 17:10:57 -0700
yar <yardenack at gmail.com> wrote:
> Ah, yes I remember those mails from a few weeks ago. Those (and
> similar) addresses are not actually subscribed to any mailing lists.
> When I looked at it, the outbound queue was full of bogus mailman
> confirmation emails. So I think mailman is working properly. It will
> need to be a postfix filter if we want to avoid reflecting that stuff.
> We could also block them from joining lists to avoid wasted cycles,
> but that would have to be per-list.
Yeah, I can confirm that now. Lots of confirmation attempts.
I'm removing them as I find them, at this point just because there
seems to be no reason to keep them around. Another thing we could do,
but I'm not sure it's worth the effort, is to normalize
username+tag at gmail.com to username at gmail.com in order to avoid sending
duplicate confirmation emails to what's *actually* the same address.
There are more normalizations that could be done to reduce noise, such
as removing dots from gmail usernames (username at gmail.com is equivalent
to u.ser.name at gmail.com, etc.)
It's something I've thought about before, but never solved. Maybe
someone else has solved it. Anyway, I guess we're not a source of
spam... just unwanted subscription confirmations.
--
Charley Sheets
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://sudoroom.org/pipermail/sudo-sys/attachments/20160425/3f775ea9/attachment.sig>
More information about the sudo-sys
mailing list