Re: Limited DoS in mailman (requires non standard config)

[Mark Sapiro <mark () msapiro net>]

On 04/28/2015 10:04 AM, Kurt Seifried wrote:
> So I recently ran into a flaw in mailman where I had imported a text
> list of email addresses of people that wanted to sign up. It turns out
> one of the addresses was in the form "user () domain tld/random", not sure
> how that snuck in but anyways. When sending email to this list it fails
> due to that address being present:


What Mailman version is this?

I don't think any recent version would add that address to a list
regardless of how it was attempted to be added.


> from mailman posts log:
>
> Apr 28 16:46:23 2015 (29704) post to testing from testing-request@XXX,
> size=1786, message-id=<mailman.0.1430239582.16535.testing@XXX>, 1 failures
>
> from smtp-failure log:
>
> smtp-failure:Apr 28 16:46:44 2015 (29704) All recipients refused:
> {'kurt () seifried org/foo': (501, '5.1.3 Bad recipient address syntax')},
> msgid: <CAEo5KB7F3LNCv7Q09ppqBRgUZTaGizyRHx1WS81w8K7S8Yhk7A@YYY>


And I think the only address refused was the one kurt () seifried org/foo
address. The 'All recipients refused:' refers to all recipients in that
SMTP transaction, not necessarily every list member.

What does your MTA log say about this delivery? And what does Mailman's
'smtp' log say?

-- 
Mark Sapiro <mark () msapiro net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

Attachment: signature.asc
Description: OpenPGP digital signature