[Outages-discussion] Spam from Dymaxion?

Grant Taylor gtaylor at tnetconsulting.net
Wed Jul 3 18:08:34 EDT 2019 

On 7/3/19 2:51 PM, Jimmy Hess wrote:
> I would suggest having  some kind of post rate limit, as in...  3 Posts 
> per Sender  E-mail Address per Hour,   or something like that,

I think you could also check to see if an incoming message is a reply to 
a previously outgoing message via the References: and / or In-Reply-To: 
header.  As long as the incoming message references a previously sent 
message

I'm not sure how to keep the state on that.  I think it would be 
purported sender and referenced Message-ID:

As long as the incoming message's tuple of From: and References: / 
In-Reply-To: headers haven't been seen more than X number of times in Y 
minutes, you are probably safe to let it through.

I even think that using a null for the References: / In-Reply-To: header 
would have caught Dymaxion yesterday.

> bounce any messages above that limit,

Why bounce instead of moderating?

> then if some random ticket system does get through: at least it will 
> not be able to flood and respond to itself on the same mailing list.

Well, no more than the moderation cut off.

> Small quota: adequate to report an outage or send information, but since 
> the list is not for discussion,  no legit reason should be able to exist 
> for a single poster to ever be sending a "bunch" of posts to outages@ 
> in a short timeframe.
> 
> The automated posts could then be "dealt with" as a non-emergency, 
> since they would quickly shut themselves off by hitting rate limit.
> 
> I suppose remains unimplemented for mailman 
> https://gitlab.com/mailman/mailman/issues/119
> 
> But could likely be enforced at a SMTP service software policy layer, 
> for example  an exim script or postfix policyd  Sender Quota.

Perhaps.

Though, I think it would be nicer to be able to have messages go into 
Mailman and leverage it's moderation support instead of rejecting (or 
worse, accepting and dropping) messages at SMTP time.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20190703/e335e85b/attachment.p7s>

More information about the Outages-discussion mailing list