Bypassing the mailing list name restriction

Bypassing the mailing list name restriction

[Chris Faylor]

We have a user who is sending email to the cygwin mailing list like this:

To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>

Besides the fact that this illustrates a hole in our mailing list
checking, it also screws up anybody who wants to reply to him since the
quoted part can be thrown away and, although the message is still
forwarded through cygwin@hotpop.com, it now is rejected by check-for-listname.sh
since there is no actual mailing list in the header.

I'd like to modify check-for-listname.sh so that the above trick no longer
works.  Are there any objections to my doing this?

cgf

Re: Bypassing the mailing list name restriction

[Jeffrey A Law]

  In message < 20000821180216.A14361@cygnus.com >you write:
  > We have a user who is sending email to the cygwin mailing list like this:
  > 
  > To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>
  > 
  > Besides the fact that this illustrates a hole in our mailing list
  > checking, it also screws up anybody who wants to reply to him since the
  > quoted part can be thrown away and, although the message is still
  > forwarded through cygwin@hotpop.com, it now is rejected by check-for-listna
  > me.sh
  > since there is no actual mailing list in the header.
  > 
  > I'd like to modify check-for-listname.sh so that the above trick no longer
  > works.  Are there any objections to my doing this?
None from me.  Go for it.
jeff

Re: Bypassing the mailing list name restriction

[Jason Molenda]

On Mon, Aug 21, 2000 at 06:02:16PM -0400, Chris Faylor wrote:

> To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>

Weird.  The whole point of the To/Cc checks are that spammers won't
customize the headers for each mail note - they just throw out
static copies of their adverts.  This person is (obviously) sending
out dynamic spam mail, but is not bothering to put the list name
in the To: header.  Unless his goal is to trick people in to replying
to the @hotpop.com addr, I don't see what the point is.  (You can
probably get this acct shut down if hotpop.com is a free e-mail
site, but there's nothing to stop him for opening another for his
next spam)

> I'd like to modify check-for-listname.sh so that the above trick no longer
> works.  Are there any objections to my doing this?

FWIW, I'd be concerned about variations that some MUAs will use.
A quick browse of my mailbox shoes that the three most common are

  {To|Cc}: "ENGLISH_NAME" <ADDR>
  {To|Cc}: ENGLISH_NAME <ADDR>
  {To|Cc}: ADDR

With more addresses possible in each case, separated by commas.
Even with these variations, you can't just make the grep look for
the "<" and ">" chars or it'll lose on the third variation.  And
I'd be surprised if these are the only styles of addresses that
are being generated by all the odd software out there...


Jason

Re: Bypassing the mailing list name restriction

[Chris Faylor]

On Mon, Aug 21, 2000 at 03:44:56PM -0700, Jason Molenda wrote:
>On Mon, Aug 21, 2000 at 06:02:16PM -0400, Chris Faylor wrote:
>
>> To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>
>
>Weird.  The whole point of the To/Cc checks are that spammers won't
>customize the headers for each mail note - they just throw out
>static copies of their adverts.  This person is (obviously) sending
>out dynamic spam mail, but is not bothering to put the list name
>in the To: header.  Unless his goal is to trick people in to replying
>to the @hotpop.com addr, I don't see what the point is.  (You can
>probably get this acct shut down if hotpop.com is a free e-mail
>site, but there's nothing to stop him for opening another for his
>next spam)

This isn't a spammer.  It's actually a user.  He is using hotpop.com to
forward email to the cygwin mailing list because his real ISP is blocked.
He probably stumbled across this usage as a way around his problem but
it is causing problems for other mailing list users.

I'm going to speak to him about his use of cygwin@hotpop.com causing problems
for other users of the mailing list but I thought I should also close this
hole even if it is very unlikely that an actual spammer will ever use it.

>> I'd like to modify check-for-listname.sh so that the above trick no longer
>> works.  Are there any objections to my doing this?
>
>FWIW, I'd be concerned about variations that some MUAs will use.
>A quick browse of my mailbox shoes that the three most common are
>
>  {To|Cc}: "ENGLISH_NAME" <ADDR>
>  {To|Cc}: ENGLISH_NAME <ADDR>
>  {To|Cc}: ADDR
>
>With more addresses possible in each case, separated by commas.
>Even with these variations, you can't just make the grep look for
>the "<" and ">" chars or it'll lose on the third variation.  And
>I'd be surprised if these are the only styles of addresses that
>are being generated by all the odd software out there...

I'm looking into parsing the To: address via some other means.  I thought
that procmail's "formail" program would do the right thing but it doesn't
break apart the addresses correctly.

I know that parsing this kind of address is tricky so I'll be werry werry
careful.

cgf

Re: Bypassing the mailing list name restriction

[Jason Molenda]

On Mon, Aug 21, 2000 at 11:17:31PM -0400, Chris Faylor wrote:

> This isn't a spammer.  It's actually a user.  He is using hotpop.com to
> forward email to the cygwin mailing list because his real ISP is blocked.

Oh.

> He probably stumbled across this usage as a way around his problem but
> it is causing problems for other mailing list users.

I bet his envelope From_ addr is "cygwin@hotpop.com".  If you looked
at one of his messages in the ezmlm archive
(/qmail/lists-sourceware/cygwin/archive/NNN/NN), there's probably a header
which shows his From_ addr.

Once you've got that, you can just add it to the list of blacklisted users.

Or, as you noted, you could just ask him to stop. :-)

J

Re: Bypassing the mailing list name restriction

[Chris Faylor]

On Mon, Aug 21, 2000 at 08:32:04PM -0700, Jason Molenda wrote:
>On Mon, Aug 21, 2000 at 11:17:31PM -0400, Chris Faylor wrote:
>
>> This isn't a spammer.  It's actually a user.  He is using hotpop.com to
>> forward email to the cygwin mailing list because his real ISP is blocked.
>
>Oh.
>
>> He probably stumbled across this usage as a way around his problem but
>> it is causing problems for other mailing list users.
>
>I bet his envelope From_ addr is "cygwin@hotpop.com".  If you looked
>at one of his messages in the ezmlm archive
>(/qmail/lists-sourceware/cygwin/archive/NNN/NN), there's probably a header
>which shows his From_ addr.
>
>Once you've got that, you can just add it to the list of blacklisted users.
>
>Or, as you noted, you could just ask him to stop. :-)

Since he is one of my few cygwin contributors, I think I'll try the polite route
first.  :-)

cgf

Re: Bypassing the mailing list name restriction

[Chris Faylor]

On Mon, Aug 21, 2000 at 08:32:04PM -0700, Jason Molenda wrote:
>On Mon, Aug 21, 2000 at 11:17:31PM -0400, Chris Faylor wrote:
>
>> This isn't a spammer.  It's actually a user.  He is using hotpop.com to
>> forward email to the cygwin mailing list because his real ISP is blocked.
>
>Oh.
>
>> He probably stumbled across this usage as a way around his problem but
>> it is causing problems for other mailing list users.
>
>I bet his envelope From_ addr is "cygwin@hotpop.com".  If you looked
>at one of his messages in the ezmlm archive
>(/qmail/lists-sourceware/cygwin/archive/NNN/NN), there's probably a header
>which shows his From_ addr.
>
>Once you've got that, you can just add it to the list of blacklisted users.
>
>Or, as you noted, you could just ask him to stop. :-)

Since he is one of my few cygwin contributors, I think I'll try the polite route
first.  :-)

cgf

Re: Bypassing the mailing list name restriction

[Jeffrey A Law]

  In message < 20000821180216.A14361@cygnus.com >you write:
  > We have a user who is sending email to the cygwin mailing list like this:
  > 
  > To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>
  > 
  > Besides the fact that this illustrates a hole in our mailing list
  > checking, it also screws up anybody who wants to reply to him since the
  > quoted part can be thrown away and, although the message is still
  > forwarded through cygwin@hotpop.com, it now is rejected by check-for-listna
  > me.sh
  > since there is no actual mailing list in the header.
  > 
  > I'd like to modify check-for-listname.sh so that the above trick no longer
  > works.  Are there any objections to my doing this?
None from me.  Go for it.
jeff

Re: Bypassing the mailing list name restriction

[Jason Molenda]

On Mon, Aug 21, 2000 at 11:17:31PM -0400, Chris Faylor wrote:

> This isn't a spammer.  It's actually a user.  He is using hotpop.com to
> forward email to the cygwin mailing list because his real ISP is blocked.

Oh.

> He probably stumbled across this usage as a way around his problem but
> it is causing problems for other mailing list users.

I bet his envelope From_ addr is "cygwin@hotpop.com".  If you looked
at one of his messages in the ezmlm archive
(/qmail/lists-sourceware/cygwin/archive/NNN/NN), there's probably a header
which shows his From_ addr.

Once you've got that, you can just add it to the list of blacklisted users.

Or, as you noted, you could just ask him to stop. :-)

J

Re: Bypassing the mailing list name restriction

[Chris Faylor]

On Mon, Aug 21, 2000 at 03:44:56PM -0700, Jason Molenda wrote:
>On Mon, Aug 21, 2000 at 06:02:16PM -0400, Chris Faylor wrote:
>
>> To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>
>
>Weird.  The whole point of the To/Cc checks are that spammers won't
>customize the headers for each mail note - they just throw out
>static copies of their adverts.  This person is (obviously) sending
>out dynamic spam mail, but is not bothering to put the list name
>in the To: header.  Unless his goal is to trick people in to replying
>to the @hotpop.com addr, I don't see what the point is.  (You can
>probably get this acct shut down if hotpop.com is a free e-mail
>site, but there's nothing to stop him for opening another for his
>next spam)

This isn't a spammer.  It's actually a user.  He is using hotpop.com to
forward email to the cygwin mailing list because his real ISP is blocked.
He probably stumbled across this usage as a way around his problem but
it is causing problems for other mailing list users.

I'm going to speak to him about his use of cygwin@hotpop.com causing problems
for other users of the mailing list but I thought I should also close this
hole even if it is very unlikely that an actual spammer will ever use it.

>> I'd like to modify check-for-listname.sh so that the above trick no longer
>> works.  Are there any objections to my doing this?
>
>FWIW, I'd be concerned about variations that some MUAs will use.
>A quick browse of my mailbox shoes that the three most common are
>
>  {To|Cc}: "ENGLISH_NAME" <ADDR>
>  {To|Cc}: ENGLISH_NAME <ADDR>
>  {To|Cc}: ADDR
>
>With more addresses possible in each case, separated by commas.
>Even with these variations, you can't just make the grep look for
>the "<" and ">" chars or it'll lose on the third variation.  And
>I'd be surprised if these are the only styles of addresses that
>are being generated by all the odd software out there...

I'm looking into parsing the To: address via some other means.  I thought
that procmail's "formail" program would do the right thing but it doesn't
break apart the addresses correctly.

I know that parsing this kind of address is tricky so I'll be werry werry
careful.

cgf

Bypassing the mailing list name restriction

[Chris Faylor]

We have a user who is sending email to the cygwin mailing list like this:

To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>

Besides the fact that this illustrates a hole in our mailing list
checking, it also screws up anybody who wants to reply to him since the
quoted part can be thrown away and, although the message is still
forwarded through cygwin@hotpop.com, it now is rejected by check-for-listname.sh
since there is no actual mailing list in the header.

I'd like to modify check-for-listname.sh so that the above trick no longer
works.  Are there any objections to my doing this?

cgf

Re: Bypassing the mailing list name restriction

[Jason Molenda]

On Mon, Aug 21, 2000 at 06:02:16PM -0400, Chris Faylor wrote:

> To: "cygwin@sourceware.cygnus.com" <cygwin@hotpop.com>

Weird.  The whole point of the To/Cc checks are that spammers won't
customize the headers for each mail note - they just throw out
static copies of their adverts.  This person is (obviously) sending
out dynamic spam mail, but is not bothering to put the list name
in the To: header.  Unless his goal is to trick people in to replying
to the @hotpop.com addr, I don't see what the point is.  (You can
probably get this acct shut down if hotpop.com is a free e-mail
site, but there's nothing to stop him for opening another for his
next spam)

> I'd like to modify check-for-listname.sh so that the above trick no longer
> works.  Are there any objections to my doing this?

FWIW, I'd be concerned about variations that some MUAs will use.
A quick browse of my mailbox shoes that the three most common are

  {To|Cc}: "ENGLISH_NAME" <ADDR>
  {To|Cc}: ENGLISH_NAME <ADDR>
  {To|Cc}: ADDR

With more addresses possible in each case, separated by commas.
Even with these variations, you can't just make the grep look for
the "<" and ">" chars or it'll lose on the third variation.  And
I'd be surprised if these are the only styles of addresses that
are being generated by all the odd software out there...


Jason