[BALUG-Admin] (forw) Message distribution: Authorization denied

Rick Moen rick@linuxmafia.com
Sat Apr 1 13:56:53 PDT 2017 

A few days ago, I said (here):

  Recently, someone subscribed each of the SVLUG mailing lists to a
  Sympa-software mailing list at a large mailing list site -- a rather
  bizarre thing to even attempt to do.  I deferred action while wondering
  WTF someone was doing, then predictably the next time I posted to
  svlug@lists.svlug.org received an offlist notice that my 'posting' to
  the _other_ remote mailing list was being held for approval (because I
  wasn't subscribed to the remote Sympa list, only
  'svlug@lists.svlug.org').

  This clearly was not a tolerable situation, so I removed all of those
  subscriptions.

  My guess is either mischief or some bizarre variety of user mishap.

Specifically, Sympa mailing list 'blocktogether@lists.riseup.net' got
entered as a subscriber to each of the Mailman mailing lists at
lists.svlug.org, a couple of weeks ago.  Because I missed one when
deleting those subscriptions, today I'm able to cite it as a specific
example.  (I just deleted that last one, too.)

According to https://lists.riseup.net/www/info/blocktogether, it's no
longer an active mailing list.  The successor mailing list,
https://lists.riseup.net/www/info/blocktogether-help, says 'Block
Together' is 'a Twitter API tool to help cope with harassment and abuse
on Twitter' -- basically a crowdsourced blocklist.

Perhaps this was part of a low-level effort to monkeywrench Block
Together by throwing other Internet traffic at it.

I'm a little mystified that the unknown agent was able to successfully
complete creation of those subscriptions, because of the three-way
handshake process required to acknowledge that a subscriber address
really wants to carry out that subscription.  That is, the only people
able to receive confirmation mail to 'blocktogether@lists.riseup.net'
are listadmins of that mailing list, who'd see the confirmation mail in
the held-messages queue.  Strange.

And I've seen some other signs lately that there may be holes in the
three-way handshake process for some local LUG mailing lists.  


----- Forwarded message from SYMPA <sympa@lists.riseup.net> -----

Date: Sat, 01 Apr 2017 13:02:10 +0000
From: SYMPA <sympa@lists.riseup.net>
To: mailman-owner-owner@lists.svlug.org
Subject: Message distribution: Authorization denied
X-Mailer: Sympa 6.1.22

Your message for list 'blocktogether' (attached below) was rejected.
You are not allowed to send this message for the following reason:

 Message distribution for this list is restricted to list moderators.


For further information, please contact blocktogether-request@lists.riseup.net






Return-Path: <mailman-owner-bounces+blocktogether=lists.riseup.net@lists.svlug.org>
X-Original-To: blocktogether@lists.riseup.net
Delivered-To: blocktogether@lists.riseup.net
Received: from mail.svlug.org (lists.svlug.org [71.19.144.13])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by whimbrel.riseup.net (Postfix) with ESMTPS id 53D9FFF8B3
	for <blocktogether@lists.riseup.net>;
	Sat,  1 Apr 2017 13:02:02 +0000 (UTC)
Received: from localhost ([127.0.0.1]:38865 helo=svlug.org)
	by mail.svlug.org with esmtp (Exim 4.44 #1) id 1cuIfC-0003gM-B7
	for <blocktogether@lists.riseup.net>; Sat, 01 Apr 2017 05:01:54 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Subject: lists.svlug.org mailing list memberships reminder
From: mailman-owner-owner@lists.svlug.org
To: blocktogether@lists.riseup.net
X-No-Archive: yes
Message-ID: <mailman.590.1491051603.12067.mailman-owner@lists.svlug.org>
Date: Sat, 01 Apr 2017 05:00:03 -0800
Precedence: bulk
X-BeenThere: mailman-owner@lists.svlug.org
X-Mailman-Version: 2.1.6b4
List-Id: <mailman-owner.lists.svlug.org>
X-List-Administrivia: yes
Sender: mailman-owner-bounces+blocktogether=lists.riseup.net@lists.svlug.org
Errors-To: mailman-owner-bounces+blocktogether=lists.riseup.net@lists.svlug.org

This is a reminder, sent out once a month, about your lists.svlug.org
mailing list memberships.  It includes your subscription info and how
to use it to change it or unsubscribe from a list.

You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.

In addition to the URL interfaces, you can also use email to make such
changes.  For more info, send a message to the '-request' address of
the list (for example, mailman-owner-request@lists.svlug.org)
containing just the word 'help' in the message body, and an email
message will be sent to you with instructions.

If you have questions, problems, comments, etc, send them to
mailman-owner-owner@lists.svlug.org.  Thanks!

Passwords for blocktogether@lists.riseup.net:

List                                     Password // URL
----                                     --------  
smaug@lists.svlug.org                    agoxduho  
http://lists.svlug.org/lists/options/smaug/blocktogether%40lists.riseup.net


----- End forwarded message -----

More information about the BALUG-Admin mailing list