[Outages-discussion] [outages] not quite an outage, more a hack, "Urgent: Threat actor in systems" emails from FBI infrastructure

Grant Taylor gtaylor at tnetconsulting.net
Sat Nov 13 19:08:14 EST 2021


On 11/13/21 11:13 AM, Glenn McGurrin wrote:
> I can confirm that, I'm not sure what exactly the issue was, but my mail 
> server kept generating a temporary error when sending to puck.nether.net 
> with a read timeout.  Other mail before and after all is flowing well 
> including one to nanog (aka another major mailing list, not just other 
> user mailboxes), so it doesn't seem to be an issue purely on my end, 
> though clearly other messages are working on the list, so it's not 
> purely on the list's end.

It sort of hints at a timing issue to me.  Possibly the sending end 
expects a response within a time frame and wasn't getting it, so it 
assumed that the send failed.  Conversely the receiving end possibly 
took slightly too long to respond affirmatively and continued to handle 
the mail.

> I'm happy to cooperate in tracking down the bug that seems to be 
> affecting the link between my server and the list, I actually had to 
> manually kill the message to stop it from repeating more when I saw the 
> multiple copies on my end (and I'll be monitoring this message to kill 
> it if needed).

I'd be sort of inclined to think that this was a transient error.  Wait 
and see if it happens again, or can be reproduced before spending too 
much effort on it.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/pipermail/outages-discussion/attachments/20211113/43654ac7/attachment.p7s>


More information about the Outages-discussion mailing list