[Mailman-Developers] Re: before next release: disable backscatter indefault installation
Mark Sapiro wrote: > On 11/6/22 14:36, mirabilos mirabilos wrote: > > So, when is this going to be fixed in Mailman 3? > Mailman does this. Mail to an invalid address does not get delivered to > Mailman because the invalid address is not in Mailman's generated Hmmh. This is part-ish of the problem. But in this specific case, the problem did persist even after disabling Mailman, and it could eventually be traced to a web frontend called modoboa putting its own, broken, configuration. So, this time, Mailman was not the culprit. > Also, beginning in Mailman 3.3.6, even in unusual configurations where > an MTA might deliver an invalid recipient to Mailman's LMTP runner, The > runner will reject the invalid RCPT TO during LMTP. See New Features > at > https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/NEWS.h... That’s good to hear! Thanks, //mirabilos ___ Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-le...@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3 Security Policy: https://wiki.list.org/x/QIA9
[Mailman-Developers] Re: before next release: disable backscatter indefault installation
On 11/6/22 14:36, mirabilos mirabilos wrote: So, when is this going to be fixed in Mailman 3? We have the end of 2022, and this bug from 2008 is still unfixed. I was able to generate backscatter to arbitrary addresses (Envelope-FROM) by sending (Envelope-RCPT) to an eMail address whose localpart is a nōn-existent list and whose domain is a server running Mailman 3 (stock from Debian). Thanks to this, the list server was just blacklisted by its provider, which is a very unfortunate situation. So, what can be done about this? Why can Mailman not just generate a list of valid addresses, which Postfix can then use? Ideally even via PostgreSQL to avoid the need for reloads (AIUI). Mailman does this. Mail to an invalid address does not get delivered to Mailman because the invalid address is not in Mailman's generated aliases for Postfix or recognized by the recommended mailman router for Exim. Why in your example did Postfix treat the RCPT TO that was not a valid list address differently than any other invalid address in RCPT TO? I.e. Postfix should be rejecting that RCPT TO at SMTP time with "unknown user" or some similar error. What did Postfix do in your case. Also, beginning in Mailman 3.3.6, even in unusual configurations where an MTA might deliver an invalid recipient to Mailman's LMTP runner, The runner will reject the invalid RCPT TO during LMTP. See `New Features` at https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/NEWS.html#news-3-3-6 -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan ___ Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-le...@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3 Security Policy: https://wiki.list.org/x/QIA9
[Mailman-Developers] Re: before next release: disable backscatter indefault installation
> Ian, I think that alternative is going to be Mailman 3 :). So, when is this going to be fixed in Mailman 3? We have the end of 2022, and this bug from 2008 is still unfixed. I was able to generate backscatter to arbitrary addresses (Envelope-FROM) by sending (Envelope-RCPT) to an eMail address whose localpart is a nōn-existent list and whose domain is a server running Mailman 3 (stock from Debian). Thanks to this, the list server was just blacklisted by its provider, which is a very unfortunate situation. So, what can be done about this? Why can Mailman not just generate a list of valid addresses, which Postfix can then use? Ideally even via PostgreSQL to avoid the need for reloads (AIUI). Thanks in advance, //mirabilos ___ Mailman-Developers mailing list -- mailman-developers@python.org To unsubscribe send an email to mailman-developers-le...@python.org https://mail.python.org/mailman3/lists/mailman-developers.python.org/ Mailman FAQ: https://wiki.list.org/x/AgA3 Security Policy: https://wiki.list.org/x/QIA9
