https://bugs.koozali.org/show_bug.cgi?id=11771
--- Comment #14 from John Crisp <[email protected]> ---
It would seem that is is caused by incorrect network settings.
First thing is to remove any additional networks from the panel so they are
removed from the relayclient file.
I am not sure that you should use any publicly addressable network in the
panel, but as I have had nothing to do with this contrib I can't say for
certain.
You should also set your network ranges correctly eg Class C would be
192.168.0.0/24
However, I am not sure it is that easy to prevent the addition of a(
In reply to william from comment #13)
> (In reply to John Crisp from comment #2)
> > Ooooh that looks ugly. Need to close that off fast.
> >
> > This is one for JP to look at.
>
> Its been dire for me - the unwitting victim. Once it is fixed I will have to
> get our ip off all the blacklists. And it is not at all straightforward
> doing that with outlook/live/hotmail.
I am sure that JP is suitably remorseful and will look ASAP - he's currently
busy saving lives in hospital.
> I'm going to suggest a contrib that watches for breaches like this. In this
> present case of ours it wasn't an exposed password but if one were exposed
> the same could happen again.
It isn't a 'breach' - you inadvertently opened the server by setting the wrong
network/subnet mask. The server did nothing wrong. It just did what it was
told.
And as per below this would not be easy.
> Clearly there should be default setting to ensure that a mass mailing
> (defined in some simple way) is held for specific management approval, or
> rejection, before qmail sends it on its way. If a mass mailing was needed it
> could perhaps be identified and approved in advance by a one time token in
> the email.
That really isn't so easy. Prevention is better than cure.
Not sure there is a way to set a max send limit - even if you did they could
still drip feed it so you would not notice.
> A further major complication is that qmail/qpsmtpd insisted on trying to
> resend the rejected ones and now, by some mysterious process (I cannot find
> what is doing it), it is trying to notify the bounces to the target domains.
> I think I might have switched those off with the devnull option.
Install qmHandle - you can easily delete mails from the qmail queue.
https://wiki.koozali.org/Qmhandle_mail_queue_manager
> So yes John - it's been a major problem and will continue thus for several
> more days, perhaps weeks.
I'm really sorry. But I can throw my hands up and say I never touched a single
line of code here!
JP will undoubtedly on the case PDQ.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
