[sudo-sys] *** SECURITY information for sudoroom.org ***

[Charley Sheets]

On Mon, 25 Apr 2016 18:37:39 -0700
yar <yardenack at gmail.com> wrote:

> A few of our legitimate users actually use +tags. Normalizing those
> wouldn't be very nice.

I should have been more clear. I don't mean normalize as in convert
foo+bar at gmail.com to foo at gmail.com, but rather when making a decision
such as "is this address already subscribed to this list?" or "is there
already a pending confirmation for this user on this list?" to treat
foo+bar at gmail.com as equivalent to foo+baz at gmail.com and
f.o.o at gmail.com, so that we don't end up sending 80 confirmation
messages to one user just because someone made up 80 +tags to create
the appearance of 80 different email addresses and 80 separate
subscription requests.

> When I was clearing out the queue, I used kind of a blunt hammer...
> 
> $ sudo grep -rl ubercoffeetime /var/spool/postfix/defer* | parallel -j
> 1 sudo rm -v
> 
> But that won't work as well anymore now that we're talking about it :D

My command line was pretty ugly, but it basically worked. Something
like this, repeated for multiple addresses:

rcsheets at sudoroom:/var/spool/postfix$ /usr/sbin/postqueue -p | grep -B2
newdramaalert | grep -E -A1 '^--$' | grep -vE '^--' | cut -d'!' -f1 |
xargs -n1 sudo /usr/sbin/postsuper -d


-- 
Charley Sheets
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://sudoroom.org/pipermail/sudo-sys/attachments/20160425/23e092de/attachment.sig>