From owner-freebsd-security@FreeBSD.ORG Sun Apr 17 04:59:11 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A8A8D1065674 for ; Sun, 17 Apr 2011 04:59:11 +0000 (UTC) (envelope-from jonkman@emergingthreatspro.com) Received: from ev1.jonkmans.com (ev1.jonkmans.com [216.127.66.30]) by mx1.freebsd.org (Postfix) with ESMTP id 6E2288FC0A for ; Sun, 17 Apr 2011 04:59:11 +0000 (UTC) Received: (qmail 86358 invoked from network); 17 Apr 2011 00:33:02 -0400 Received: from 70-91-243-19-busname-illinois.hfc.comcastbusiness.net (HELO baton.emergingthreatspro.com) (70.91.243.19) by bleedingthreats.com with SMTP; 17 Apr 2011 00:33:02 -0400 Received: from [10.55.57.9] (unknown [10.55.57.9]) by baton.emergingthreatspro.com (Postfix) with ESMTP id E26891CC31; Sun, 17 Apr 2011 00:31:56 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: Matthew Jonkman In-Reply-To: <4DA96506.8040007@frasunek.com> Date: Sun, 17 Apr 2011 00:31:54 -0400 Content-Transfer-Encoding: quoted-printable Message-Id: <0AEE5018-64E8-49D0-A589-10D6ADDBDCDE@emergingthreatspro.com> References: <4DA95938.7050608@secnap.com> <4DA96137.5050100@frasunek.com> <4DA961F1.1040100@secnap.com> <4DA96506.8040007@frasunek.com> To: Przemyslaw Frasunek X-Mailer: Apple Mail (2.1084) X-Mailman-Approved-At: Sun, 17 Apr 2011 05:06:54 +0000 Cc: Michael Scheidell , Emerging Threats Signatures , freebsd-security@freebsd.org Subject: Re: [Emerging-Sigs] 193.138.118.3 ? lagoon.freebsd.lublin.pl /cache, freebsd, lublin, pl on TOR end point list? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2011 04:59:11 -0000 The update going out now shows it dropped out of the exit node list. = Thanks all! Matt On Apr 16, 2011, at 5:44 AM, Przemyslaw Frasunek wrote: >> I will try to track down what server is lookup up = cache.freebsd.lublin.pl and >> see why its doing that. >=20 > cache.freebsd.lublin.pl [193.138.118.6], now named ns2.nette.pl, is a = secondary > DNS for some high-traffic Polish domains, so probably that's the = reason, why > you're seeing such lookups. >=20 > _______________________________________________ > Emerging-sigs mailing list > Emerging-sigs@emergingthreats.net > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs >=20 > Support Emerging Threats! Subscribe to Emerging Threats Pro = http://www.emergingthreatspro.com > The ONLY place to get complete premium rulesets for Snort 2.4.0 = through Current! ---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 x110 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc From owner-freebsd-security@FreeBSD.ORG Tue Apr 19 17:20:06 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26C171065670 for ; Tue, 19 Apr 2011 17:20:06 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout018.mac.com (asmtpout018.mac.com [17.148.16.93]) by mx1.freebsd.org (Postfix) with ESMTP id 01BE08FC12 for ; Tue, 19 Apr 2011 17:20:05 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp018.mac.com (Oracle Communications Messaging Exchange Server 7u4-20.01 64bit (built Nov 21 2010)) with ESMTPSA id <0LJW00AN8TGYMQ20@asmtp018.mac.com> for freebsd-security@freebsd.org; Tue, 19 Apr 2011 10:19:47 -0700 (PDT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.2.15,1.0.148,0.0.0000 definitions=2011-04-19_05:2011-04-19, 2011-04-19, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1012030000 definitions=main-1104190059 From: Chuck Swiger Date: Tue, 19 Apr 2011 10:19:46 -0700 References: To: freebsd-security security Message-id: <425B4657-A217-404E-8BC2-74BF3039002C@mac.com> X-Mailer: Apple Mail (2.1084) Subject: Fwd: dhclient and CVE-2011-0997...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Apr 2011 17:20:06 -0000 Hi-- Are folks familiar with: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 http://www.isc.org/software/dhcp/advisories/cve-2011-0997 http://nakedsecurity.sophos.com/2011/04/07/flaw-in-iscs-dhclient-could-allow-remote-code-execution/ Checking http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/dhclient/dhclient.c, I don't see signs that it may have been updated. But, I also can't readily tell which version of dhclient FreeBSD actually has and how much it might have been changed from the ISC version. :-) Regards, -- -Chuck From owner-freebsd-security@FreeBSD.ORG Wed Apr 20 07:50:16 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5487A1065670 for ; Wed, 20 Apr 2011 07:50:16 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB988FC0A for ; Wed, 20 Apr 2011 07:50:15 +0000 (UTC) Received: from mr12941.univ-rennes1.fr (mr129041.cri.univ-rennes1.fr [129.20.129.41]) by smtp.lamaiziere.net (Postfix) with ESMTPA id 8BFA163307C; Wed, 20 Apr 2011 09:31:27 +0200 (CEST) Received: from mr12941 (localhost.localdomain [127.0.0.1]) by mr12941.univ-rennes1.fr (Postfix) with ESMTP id 3B79F7A0064; Wed, 20 Apr 2011 09:31:27 +0200 (CEST) Date: Wed, 20 Apr 2011 09:31:27 +0200 From: Patrick Lamaiziere To: freebsd-security@freebsd.org Message-ID: <20110420093127.3437c7bd@mr12941> In-Reply-To: <425B4657-A217-404E-8BC2-74BF3039002C@mac.com> References: <425B4657-A217-404E-8BC2-74BF3039002C@mac.com> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.22.0; i486-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: dhclient and CVE-2011-0997...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 07:50:16 -0000 Le Tue, 19 Apr 2011 10:19:46 -0700, Chuck Swiger a écrit : > Hi-- > > Are folks familiar with: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 > http://www.isc.org/software/dhcp/advisories/cve-2011-0997 > http://nakedsecurity.sophos.com/2011/04/07/flaw-in-iscs-dhclient-could-allow-remote-code-execution/ > > Checking > http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/dhclient/dhclient.c, I > don't see signs that it may have been updated. But, I also can't > readily tell which version of dhclient FreeBSD actually has and how > much it might have been changed from the ISC version. :-) FreeBSD uses the OpenBSD dhclient, not the ISC one. Regards. From owner-freebsd-security@FreeBSD.ORG Wed Apr 20 18:57:42 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA94D106564A for ; Wed, 20 Apr 2011 18:57:42 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id 851E18FC1E for ; Wed, 20 Apr 2011 18:57:42 +0000 (UTC) Received: by yie12 with SMTP id 12so380190yie.13 for ; Wed, 20 Apr 2011 11:57:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=1ROBl6JzpO16gMxu4CxVBE84llG1OWriBgv+AODBdbY=; b=Z2ws52hd5NtD9SivgpyHfcvVOwvp7lBfkVGuWu30VS1an6j+jjxS6OdCh7qTZ8z/ik MW6pCEgKRWMuRz5/E/z71SVv9oc2gWt9b9THU8Nb/cPLTAtxVpK7Bnk/VevZ8CiHko/z 12sy43LgWIPDzw+N6CcDkRXDBb8OcPkHfmroE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=cYHOAHCwoA4vJ0DzotLxTFh48ckCeOZInWCjpg7ieAZM4ym0pDMH3qzXch6DddU7sL cKA+rpgnT7NqWCrfEHkxGQp58V7QJyzGFNcs/xLTKHe2Ktm9YKbrtKt2ednP6eRoAgLU iC4lJkulgGPyuutiGKYwn6GnAHB5zbarZ/vFs= MIME-Version: 1.0 Received: by 10.150.229.3 with SMTP id b3mr6339818ybh.302.1303325861772; Wed, 20 Apr 2011 11:57:41 -0700 (PDT) Received: by 10.100.57.9 with HTTP; Wed, 20 Apr 2011 11:57:41 -0700 (PDT) In-Reply-To: <20110420093127.3437c7bd@mr12941> References: <425B4657-A217-404E-8BC2-74BF3039002C@mac.com> <20110420093127.3437c7bd@mr12941> Date: Wed, 20 Apr 2011 14:57:41 -0400 Message-ID: From: Robert Simmons To: Patrick Lamaiziere Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-security@freebsd.org Subject: Re: dhclient and CVE-2011-0997...? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 18:57:42 -0000 On Wed, Apr 20, 2011 at 3:31 AM, Patrick Lamaiziere wrote: > FreeBSD uses the OpenBSD dhclient, not the ISC one. Correct me if I'm wrong, but the OpenBSD dhclient is a modified version of the ISC one. At least that is what the first few comments that contain ISC's license at the top if the source code file seem to say: " * Copyright (c) 1995, 1996, 1997, 1998, 1999 * The Internet Software Consortium. All rights reserved." Is the most recent bug in dhclient one of the ones that was fixed in OpenBSD 7 years ago the way many security bugs are? Rob From owner-freebsd-security@FreeBSD.ORG Wed Apr 20 21:10:42 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D2D57106566B for ; Wed, 20 Apr 2011 21:10:42 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id 946778FC2B for ; Wed, 20 Apr 2011 21:10:42 +0000 (UTC) Received: by yie12 with SMTP id 12so425455yie.13 for ; Wed, 20 Apr 2011 14:10:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=oM6p9MKzMSjlzIp4uUG5Rgj/esZrWUkliNQLNGsSrvc=; b=gU+p+wWKwVWrVoEH2QrcjwpwK+vJcV+JnnPh8c0a3camAgjrWEFm6lR6WWMw9Y4kIn MnchYartHiZdPjPeNOTM0c3e5dBDX2KTgCiLjqaXCdErD+p5S1E+cADdmQ1Y8xLei/Tr XryveydtSCjFqv+jALDPij4hqxep5L5X9phBw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=o7Q/baLXvDd7toQ+wGvzssIMGYWf+LZo7E0ONw6aClbqHMGgBHXaEI+aRL8hveg01Q wSLf1n8KopVCPe51HBEP+2uuf3YvQNPS7IsN2yfuNyE9bxQHSVSg6muWn4ArO+O9w8gC A/5pNsfmvVOE6MmPHDuE0oh+RVmyI0Re5G1v8= MIME-Version: 1.0 Received: by 10.101.12.5 with SMTP id p5mr4255675ani.39.1303333841766; Wed, 20 Apr 2011 14:10:41 -0700 (PDT) Received: by 10.100.57.9 with HTTP; Wed, 20 Apr 2011 14:10:41 -0700 (PDT) Date: Wed, 20 Apr 2011 17:10:41 -0400 Message-ID: From: Robert Simmons To: freebsd-security Content-Type: text/plain; charset=ISO-8859-1 Subject: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 21:10:42 -0000 Every time I send a message to this list, I get a bounced email reply from some Russian exchange server for email address xlino@bvpress.ru. Is there an admin or a moderator for this list that can remove that email address from the list? Rob From owner-freebsd-security@FreeBSD.ORG Wed Apr 20 21:11:18 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9611D1065675; Wed, 20 Apr 2011 21:11:18 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 833D28FC24; Wed, 20 Apr 2011 21:11:18 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p3KLBI2D027753; Wed, 20 Apr 2011 21:11:18 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p3KLBIPH027752; Wed, 20 Apr 2011 21:11:18 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 20 Apr 2011 21:11:18 GMT Message-Id: <201104202111.p3KLBIPH027752@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-11:01.mountd X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 21:11:18 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:01.mountd Security Advisory The FreeBSD Project Topic: Network ACL mishandling in mountd(8) Category: core Module: mountd Announced: 2011-04-20 Credits: Ruslan Ermilov Affects: All supported versions of FreeBSD Corrected: 2011-04-20 21:00:24 UTC (RELENG_7, 7.4-STABLE) 2011-04-20 21:00:24 UTC (RELENG_7_3, 7.3-RELEASE-p5) 2011-04-20 21:00:24 UTC (RELENG_7_4, 7.4-RELEASE-p1) 2011-04-20 21:00:24 UTC (RELENG_8, 8.2-STABLE) 2011-04-20 21:00:24 UTC (RELENG_8_1, 8.1-RELEASE-p3) 2011-04-20 21:00:24 UTC (RELENG_8_2, 8.2-RELEASE-p1) CVE Name: CVE-2011-1739 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The mountd(8) daemon services NFS mount requests from other client machines. When mountd is started, it loads the export host addresses and options into the kernel using the mount(2) system call. II. Problem Description While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. For example, specifying the ACL for an export as "-network 192.0.2.0/23" would result in a netmask of 255.255.127.0 being used instead of the correct netmask of 255.255.254.0. III. Impact When using a prefix length which is not multiple of 8, access would be granted to the wrong client systems. IV. Workaround For IPv4-only systems, using the -netmask option instead of CIDR notion for -network circumvents this bug. A firewall such as pf(4) can (and probably should) be used to restrict access to the NFS server. Systems not providing NFS service, or using a prefix length which is a multiple of 8 in all ACLs, are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_2, RELENG_8_1, RELENG_7_4, RELENG_7_3 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.3, 7.4, 8.1 and 8.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch # fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/usr.sbin/mountd # make obj && make depend && make && make install 3) To update your vulnerable system via a binary patch: Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE or 8.2-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/usr.sbin/mountd/mountd.c 1.94.2.3 RELENG_7_4 src/UPDATING 1.507.2.36.2.3 src/sys/conf/newvers.sh 1.72.2.18.2.6 src/usr.sbin/mountd/mountd.c 1.94.2.2.8.2 RELENG_7_3 src/UPDATING 1.507.2.34.2.7 src/sys/conf/newvers.sh 1.72.2.16.2.9 src/usr.sbin/mountd/mountd.c 1.94.2.2.6.2 RELENG_8 src/usr.sbin/mountd/mountd.c 1.105.2.3 RELENG_8_2 src/UPDATING 1.632.2.19.2.3 src/sys/conf/newvers.sh 1.83.2.12.2.6 src/usr.sbin/mountd/mountd.c 1.105.2.2.4.2 RELENG_8_1 src/UPDATING 1.632.2.14.2.6 src/sys/conf/newvers.sh 1.83.2.10.2.7 src/usr.sbin/mountd/mountd.c 1.105.2.2.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r220901 releng/7.3/ r220901 releng/7.4/ r220901 stable/8/ r220901 releng/8.1/ r220901 releng/8.2/ r220901 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1739 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEARECAAYFAk2vSjwACgkQFdaIBMps37J91ACfbj6PbStDVBISUx/jC8/3n0uS +oUAnj9TdPvwezLnrej/XMahWlHQHK1N =Hv1Y -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Apr 20 21:23:55 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F1F21065677 for ; Wed, 20 Apr 2011 21:23:55 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 22F1F8FC16 for ; Wed, 20 Apr 2011 21:23:55 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.74 (FreeBSD)) (envelope-from ) id 1QCesM-000O5H-64; Wed, 20 Apr 2011 17:23:54 -0400 Date: Wed, 20 Apr 2011 17:23:54 -0400 From: Gary Palmer To: Robert Simmons Message-ID: <20110420212354.GB73035@in-addr.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-security Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 21:23:55 -0000 On Wed, Apr 20, 2011 at 05:10:41PM -0400, Robert Simmons wrote: > Every time I send a message to this list, I get a bounced email reply > from some Russian exchange server for email address xlino@bvpress.ru. > Is there an admin or a moderator for this list that can remove that > email address from the list? I suggest forwarding an example of the bounce message to postmaster@freebsd.org Gotta love mail systems that ignore RFCs and bounce to the header sender rather than the envelope sender Regards, Gary From owner-freebsd-security@FreeBSD.ORG Wed Apr 20 22:07:12 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BA1E106566B for ; Wed, 20 Apr 2011 22:07:12 +0000 (UTC) (envelope-from pavel@zhovner.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7EB258FC0C for ; Wed, 20 Apr 2011 22:07:12 +0000 (UTC) Received: by pzk27 with SMTP id 27so756569pzk.13 for ; Wed, 20 Apr 2011 15:07:12 -0700 (PDT) Received: by 10.142.158.19 with SMTP id g19mr1626953wfe.442.1303335687070; Wed, 20 Apr 2011 14:41:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.142.100.3 with HTTP; Wed, 20 Apr 2011 14:41:07 -0700 (PDT) X-Originating-IP: [93.188.36.113] In-Reply-To: References: From: =?UTF-8?B?0J/QsNCy0LXQuywg0JbQvtCy0L3QtdGA?= Date: Thu, 21 Apr 2011 00:41:07 +0300 Message-ID: To: Robert Simmons Content-Type: text/plain; charset=UTF-8 Cc: freebsd-security Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 22:07:12 -0000 I receive these mails too. Tomorrow I will call the phone listed in whois and try to resolve this issue. 2011/4/21 Robert Simmons : > Every time I send a message to this list, I get a bounced email reply > from some Russian exchange server for email address xlino@bvpress.ru. > Is there an admin or a moderator for this list that can remove that > email address from the list? > > Rob > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Wed Apr 20 22:55:14 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9F0B106564A for ; Wed, 20 Apr 2011 22:55:14 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 950898FC15 for ; Wed, 20 Apr 2011 22:55:14 +0000 (UTC) Received: by ywf7 with SMTP id 7so453683ywf.13 for ; Wed, 20 Apr 2011 15:55:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=+sH1b4si8Nqba1xx8I3Wg2KfeITul0jRCFOreSK/meI=; b=OiyKXfkShjly+Wf8VotCBmN5OookUGJ32ESDbsERh96IqGy3UdaiMfZAj7O76ELOQS dknh4haO5L3GqilUygYRRFDtOL09I+v7XXgPiQkUsAeP188k0qhWs/TRiumzy85OaR+h tUqjPkDAHQpOvrb8UdBivCt7kyNU0ZX9/pSHE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=ZP1kAXL8FR2qy+gmZWR1SvmH1N9Gy6yfwTyV/U9RJoWLh7Mx9zfMVJ4d2DS3rCWF0e 9t5vGktrnuqVp/uRrXc6BnPPhpG6zUTfM4SBSZATPkFrU2i8ksisZVQZoeVur2QMNEEI qUp9ZHE8Nv66vHyoBuWO5ficTGpvz2VJ2FUpM= MIME-Version: 1.0 Received: by 10.236.78.199 with SMTP id g47mr7378890yhe.290.1303340113721; Wed, 20 Apr 2011 15:55:13 -0700 (PDT) Received: by 10.100.57.9 with HTTP; Wed, 20 Apr 2011 15:55:13 -0700 (PDT) In-Reply-To: References: Date: Wed, 20 Apr 2011 18:55:13 -0400 Message-ID: From: Robert Simmons To: =?UTF-8?B?0J/QsNCy0LXQuywg0JbQvtCy0L3QtdGA?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2011 22:55:14 -0000 On Wed, Apr 20, 2011 at 5:41 PM, =D0=9F=D0=B0=D0=B2=D0=B5=D0=BB, =D0=96=D0= =BE=D0=B2=D0=BD=D0=B5=D1=80 wrote: > I receive these mails too. Tomorrow I will call the phone listed in > whois and try to resolve this issue. Thanks. I would call myself, but I don't live in Russia anymore, so it would be a long distance call. It looks like the number is somewhere in the Yamalo-Nenetsky Okrug: 8 3496 352446. It looks like there is another number associated with the bvgroup.ru domain in the Sverdlovskaya Oblast: 8 343 2682360 Rob From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 04:26:46 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5F4C106564A for ; Thu, 21 Apr 2011 04:26:46 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2F8008FC17 for ; Thu, 21 Apr 2011 04:26:45 +0000 (UTC) Received: by iyj12 with SMTP id 12so1576499iyj.13 for ; Wed, 20 Apr 2011 21:26:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=dNZWV+4HMtS0jIM94fuAQ+xAW+chfBOUzc80b2mG8Cw=; b=aOhUFD+m8wNHX0NqmZc5NKW3hUMprSciaE4tsOYxMZFk3D9U++BJIpMx6JX8nxdaPl UhHr/d3VZwr4qZObtORLK7l8RRqi9gH/8nofN35DHgyWoQqgrZOkjju+oKyBBGjDFadl 41+0ejqfBpYuGCwMFytYMnVqWlrtNk27mhO1M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=upTFGwlCXyGu9ULHr1asmUJeQoWq/fE03GI/9MqZU+MqqLGfo8VwFMyTEutiHtKHrm +dqy6YW9CkIlmcInG772JOPKi4/mmmUzBrkVhLR5ACfzYhTwYXH8p501eNnSRcn71c2O 8wp9c6FlxAoB7SaVzlJ+2P8EWC5S0Bpdl4Us8= Received: by 10.42.168.134 with SMTP id w6mr10702221icy.246.1303360003870; Wed, 20 Apr 2011 21:26:43 -0700 (PDT) Received: from DataIX.net (adsl-99-190-84-116.dsl.klmzmi.sbcglobal.net [99.190.84.116]) by mx.google.com with ESMTPS id xe15sm557288icb.20.2011.04.20.21.26.41 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 20 Apr 2011 21:26:42 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p3L4QdaB021315 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 21 Apr 2011 00:26:40 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p3L4QdcF021314; Thu, 21 Apr 2011 00:26:39 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Thu, 21 Apr 2011 00:26:39 -0400 From: "J. Hellenthal" To: Gary Palmer Message-ID: <20110421042639.GB91477@DataIX.net> References: <20110420212354.GB73035@in-addr.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="R3G7APHDIzY6R/pk" Content-Disposition: inline In-Reply-To: <20110420212354.GB73035@in-addr.com> X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/0x89D8547E Cc: freebsd-security , Robert Simmons Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2011 04:26:46 -0000 --R3G7APHDIzY6R/pk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 20, 2011 at 05:23:54PM -0400, Gary Palmer wrote: >On Wed, Apr 20, 2011 at 05:10:41PM -0400, Robert Simmons wrote: >> Every time I send a message to this list, I get a bounced email reply >> from some Russian exchange server for email address xlino@bvpress.ru. >> Is there an admin or a moderator for this list that can remove that >> email address from the list? > >I suggest forwarding an example of the bounce message to >postmaster@freebsd.org > >Gotta love mail systems that ignore RFCs and bounce to the header=20 >sender rather than the envelope sender > >Regards, > >Gary > Ive forwarded messages about these to postmaster@ before for these douchebags(tm). seems nothing has ever been done about that. @naver.com @bvgroup.ru @bvpress.ru Have been blacklisted here since you can never read their OON bs. procmail++ gmail++ spamassassin++ ;) --=20 Regards, J. Hellenthal WWJD --R3G7APHDIzY6R/pk Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNr7H+AAoJEJBXh4mJ2FR+Y7gH/jqGlwRcdhBzUJR4QRR5OQ3S EdkkHPbnR05ZHCYn0uzlUHmNz3qSyrbxS0OGxjQRz1QI2hugA6DNlM+tWFpSMcWI iLELdfb3WXMiiCY1kOyihbxSrPKGNdsBaQ3WtaMX1rVkR1Hb7VJwvIMBiJHfn0fV W82sjcM3Rur86YA8ItgpDaAa3kKfQjTQsDxGFK95xME1XID+FRaLH3rGZJpOv9UD BWV1pRA+xefxOQFnSKo0Owr/d0nbObZ6/RU5+LrNHtfFcZED41bAlNdpJYq2lhAN mp4sR7O+kCG0CiZNXin4uwNTkFiL98bA5py+lIyNyXfnsVWu3ggbpRTaJSHoIlQ= =WKZs -----END PGP SIGNATURE----- --R3G7APHDIzY6R/pk-- From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 04:35:25 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0CC57106566C for ; Thu, 21 Apr 2011 04:35:25 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id BDA4E8FC1B for ; Thu, 21 Apr 2011 04:35:24 +0000 (UTC) Received: by yie12 with SMTP id 12so515352yie.13 for ; Wed, 20 Apr 2011 21:35:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=W/7sSPYoTbYi4cSsEO7GEo6X7u5MjWUrsUTMID4Bq74=; b=xC1YFQHzWsbx48mYRbl48MbW+F2CnIpcZz+hujeJ1d/iODH/Vh5EBD3wDdgDqtF0uj 3HfFPoIAcmOsNLIhS9BQWFEyTOvlBrqXU+BnMNPdB0ovQUuBV30DFbD1qp7SZiSuhME6 KHKYw6cipo0Q2UzOUqXCRo1ZOCV5sTQL6uHGo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ZHeALgLD25yZq2kcQN744y9i0kxTD8N7CYHc2mxl/lKSd1sK9KtwD2dzg//L8fay9F /oWDGjpdOs9TnWhErP/OO8ltrJNDCyq0ko87TKXmcsshgrZHR9L2vxMsHm0wCSKt2nh5 f/Va4sdzN1POrnSGMGgwQLzGrSQCUQuxCfP8w= MIME-Version: 1.0 Received: by 10.101.9.3 with SMTP id m3mr4513923ani.17.1303360523955; Wed, 20 Apr 2011 21:35:23 -0700 (PDT) Received: by 10.100.57.9 with HTTP; Wed, 20 Apr 2011 21:35:23 -0700 (PDT) In-Reply-To: <20110421042639.GB91477@DataIX.net> References: <20110420212354.GB73035@in-addr.com> <20110421042639.GB91477@DataIX.net> Date: Thu, 21 Apr 2011 00:35:23 -0400 Message-ID: From: Robert Simmons To: freebsd-security Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2011 04:35:25 -0000 On Thu, Apr 21, 2011 at 12:26 AM, J. Hellenthal wrote: > Ive forwarded messages about these to postmaster@ before for these > douchebags(tm). seems nothing has ever been done about that. I forwarded the message to postmaster@freebsd.org. Hopefully at least the offending email address can be removed from the freebsd-security mailing list. Rob From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 05:42:39 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFBF3106564A for ; Thu, 21 Apr 2011 05:42:38 +0000 (UTC) (envelope-from paulb@blazebox.homeip.net) Received: from vms173019pub.verizon.net (vms173019pub.verizon.net [206.46.173.19]) by mx1.freebsd.org (Postfix) with ESMTP id A44128FC16 for ; Thu, 21 Apr 2011 05:42:38 +0000 (UTC) Received: from mail.blazebox.homeip.net ([unknown] [96.232.11.240]) by vms173019.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0LJZ00FDUJQQ2NQ1@vms173019.mailsrvcs.net> for freebsd-security@freebsd.org; Wed, 20 Apr 2011 23:42:27 -0500 (CDT) Received: from blazebox.homeip.net (localhost [127.0.0.1]) by mail.blazebox.homeip.net (Postfix) with ESMTP id EEFF51D830F; Thu, 21 Apr 2011 00:42:25 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blazebox.homeip.net; s=myselector; t=1303360946; bh=dFVszimrpe9Uen9oxa40JP/N9gMLWMwu17NH1jkgrV4=; h=Subject:From:To:Cc:In-Reply-To:References:Content-Type:Date: Message-Id:Mime-Version; b=ReV2dq/9sE7LoKWLsiPrXiUMBHd+vL+TijxAs3qqBL5rCP+XQkuGmhctxNZKvnZfd /fAoq22CF8ZpWLeNgAznqyJ+6M6QZt8yEOSxEUoJNY2Vm9dt03pYn7V7kaxO0i3t0N 53CjyzreDy0TDDF+yFhSsBKIGRH0tw/wTEgYKc0s= X-Virus-Scanned: amavisd-new at blazebox.homeip.net Received: from mail.blazebox.homeip.net ([127.0.0.1]) by blazebox.homeip.net (blazebox.homeip.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bWZtFTqM7Mck; Thu, 21 Apr 2011 00:42:16 -0400 (EDT) Received: from [192.168.0.117] (blaze [192.168.0.117]) (using SSLv3 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.blazebox.homeip.net (Postfix) with ESMTPSA id 1459B1D7822; Thu, 21 Apr 2011 00:42:16 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blazebox.homeip.net; s=myselector; t=1303360936; bh=dFVszimrpe9Uen9oxa40JP/N9gMLWMwu17NH1jkgrV4=; h=Subject:From:To:Cc:In-Reply-To:References:Content-Type:Date: Message-Id:Mime-Version; b=Gi8pl1wHWz3fe0id3X0/zEvvMxYDdg875+gRWo9i7q8iuSB1fEzkE6yye54fqm1w4 CzKHpx5sbM8fpIp+cf+5uk4B34JHVeek7Pbt0IcQFCRJkmyR7kBe0Jyfe+bsLsCZzs rQf3voLUssXgBIzn4sd0Kb9ts3EPO55LfZ5UROAE= From: Paul Blazejowski To: Robert Simmons In-reply-to: References: <20110420212354.GB73035@in-addr.com> <20110421042639.GB91477@DataIX.net> Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-D18PdSRmYWU/BSwfLW40" Date: Thu, 21 Apr 2011 00:41:34 -0400 Message-id: <1303360894.3063.1.camel@blaze.homeip.net> MIME-version: 1.0 X-Mailer: Evolution 2.26.3 Dropline GNOME Cc: freebsd-security Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2011 05:42:39 -0000 --=-D18PdSRmYWU/BSwfLW40 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable doesn't mailman unsubscribe an email automatically after a couple of bounces? unless freebsd list is not configured to do so... On Thu, 2011-04-21 at 00:35 -0400, Robert Simmons wrote: > On Thu, Apr 21, 2011 at 12:26 AM, J. Hellenthal wrote: > > Ive forwarded messages about these to postmaster@ before for these > > douchebags(tm). seems nothing has ever been done about that. >=20 > I forwarded the message to postmaster@freebsd.org. Hopefully at least > the offending email address can be removed from the freebsd-security > mailing list. >=20 > Rob > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 --=-D18PdSRmYWU/BSwfLW40 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEABECAAYFAk2vtXcACgkQwu5Nmh3PsiMDbgCfbL+GsvB5G4bYh3PmNIpPjzRN JcIAmweLRRA93ZUEhqtuA1uGLgqsrsWE =LXcP -----END PGP SIGNATURE----- --=-D18PdSRmYWU/BSwfLW40-- From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 13:01:31 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA8451065673 for ; Thu, 21 Apr 2011 13:01:31 +0000 (UTC) (envelope-from roam@ringlet.net) Received: from praag.hoster.bg (praag.hoster.bg [77.77.142.10]) by mx1.freebsd.org (Postfix) with ESMTP id 3AD0F8FC2B for ; Thu, 21 Apr 2011 13:01:31 +0000 (UTC) Received: from middenheim.hoster.bg (middenheim.hoster.bg [77.77.142.11]) by praag.hoster.bg (Postfix) with ESMTP id 8D9E18CAE6 for ; Thu, 21 Apr 2011 15:34:56 +0300 (EEST) Received: from straylight.ringlet.net (unknown [95.111.66.80]) (Authenticated sender: roam@hoster.bg) by mail.hoster.bg (Postfix) with ESMTP id 01F555C06E for ; Thu, 21 Apr 2011 15:34:47 +0300 (EEST) Received: from roam (uid 1000) (envelope-from roam@ringlet.net) id 506764 by straylight.ringlet.net (DragonFly Mail Agent) Thu, 21 Apr 2011 15:34:47 +0300 Date: Thu, 21 Apr 2011 15:34:47 +0300 From: Peter Pentchev To: Paul Blazejowski Message-ID: <20110421123447.GD4543@straylight.ringlet.net> Mail-Followup-To: Paul Blazejowski , Robert Simmons , freebsd-security References: <20110420212354.GB73035@in-addr.com> <20110421042639.GB91477@DataIX.net> <1303360894.3063.1.camel@blaze.homeip.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU" Content-Disposition: inline In-Reply-To: <1303360894.3063.1.camel@blaze.homeip.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-MailScanner-ID: 01F555C06E.4A261 X-hoster-MailScanner: Found to be clean X-hoster-MailScanner-SpamCheck: not spam, SpamAssassin (cached, score=0.001, required 10, autolearn=disabled, UNPARSEABLE_RELAY 0.00) X-hoster-MailScanner-From: roam@ringlet.net X-hoster-MailScanner-To: freebsd-security@freebsd.org X-Spam-Status: No Cc: freebsd-security , Robert Simmons Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2011 13:01:31 -0000 --EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 21, 2011 at 12:41:34AM -0400, Paul Blazejowski wrote: > doesn't mailman unsubscribe an email automatically after a couple of > bounces? unless freebsd list is not configured to do so... That's only if the bounce message reaches mailman. In this case, the culprit is a mail bouncing agent (MBA? ;) which addresses the bounce to the original sender (the one from the From header) instead of *any* of the other possible addresses present in mailman-generated messages that would do the right thing. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org peter@packetscale.com PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I've heard that this sentence is a rumor. --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJNsCRhAAoJEGUe77AlJ98T3SYP/3cgF4CGWd47bxt6MDR4w7BA V8c6gWqi9+HylBdXGdERaGAshgl2IaqSLfJIwx+abCtke3YkGarviCHevG1Wmv5o 1cdCBg5p7xnr0dhIwZDJkK4ZPH9oZqAyGSk1/YCpWge2wU1VuCDJZa08iGk9XPNi Emx8J+nelG2oiDHmfGQ1ebOxaTXZyWG8GaIMGW2YwLllxUpLDj28kyAtBJL0HaKj nX72cgztpaJ8nfXM4XdVHW0Jmb4sqvtdvtBjazjOQhLLnbnjtAOcYeBpVdwtRkiU t7x675EaQbE4iEXOvqgPne4cXiiYGSVtUdK3NRExkASF/mLfKt3TG874oHorxTOe wtySCjVeiJKuqjrqtnQZ+vPVbdk9qvQ9dovADj2XDCFus9bHZsXNQWfNHWIZHUA2 GQnFbRpUmPjToLY0r2iU+fNkYw7hVfylZPIaiXTn+fx3hV/RKcprbWV/rLQa0VAE 4a25IFNRNjnjzh6HYDEFNmZsvAwWlGwBK3rFU8pJiSQfgEZ7D1V1Ihzz19g4qadb 1mS0M8Yf4YLzt8EV0kD7t4v28wXOQHVeE+HfVgQPQH77cwD00Pr9TsdOw1jhf35q jriSaQ8YJxt/UqwEezPxrDV1qCphq1cIb9/vhz4ZhB201mx5l/s0iE5qk/8cRl52 VliSMR7/2236q6UmsOBI =jlhh -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 14:50:31 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB4991065676 for ; Thu, 21 Apr 2011 14:50:31 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com [209.85.160.182]) by mx1.freebsd.org (Postfix) with ESMTP id 752328FC1B for ; Thu, 21 Apr 2011 14:50:31 +0000 (UTC) Received: by gyg13 with SMTP id 13so631495gyg.13 for ; Thu, 21 Apr 2011 07:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=8u2pPqYM5rQC8gfVGxggjoJurjvMzfev+ZPR3puYegU=; b=PuI4Y5PLefN6f5omB8rqebjFTItYBABVM3kctUXszigz6I7ueOV6KMs2RrGrNxQv6p rcCHkHGHTc0KxbIb8eL1JnlmnYrpOjnJUlQzm7i9j9j6j4LhdhdaHb869HmU2wn/mJqN H9mjLyoabvGFyrxbIvAAkNBISOY9Llr5s/gsQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=dboMuoSo4LUtc1INt2OLM6XzxkKN1JwrFPYop26FOfVUhsfxlRmSrT4ySraLH9XQ3d 3lv90bIVqE37I1GvmjjsZ9GkWUaRJvyZ3KTaMuZgc271RUtwHtH0/3ful8B9vwGaaNhR OT+4oKSyNTlY7ZS+yheeeD+x4kOMpA/jN7+Js= MIME-Version: 1.0 Received: by 10.101.12.5 with SMTP id p5mr35577ani.39.1303397430543; Thu, 21 Apr 2011 07:50:30 -0700 (PDT) Received: by 10.100.57.9 with HTTP; Thu, 21 Apr 2011 07:50:30 -0700 (PDT) In-Reply-To: References: Date: Thu, 21 Apr 2011 10:50:30 -0400 Message-ID: From: Robert Simmons To: =?UTF-8?B?0J/QsNCy0LXQuywg0JbQvtCy0L3QtdGA?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2011 14:50:31 -0000 On Wed, Apr 20, 2011 at 5:41 PM, =D0=9F=D0=B0=D0=B2=D0=B5=D0=BB, =D0=96=D0= =BE=D0=B2=D0=BD=D0=B5=D1=80 wrote: > I receive these mails too. Tomorrow I will call the phone listed in > whois and try to resolve this issue. I checked the reverse DNS for the IP that the response is coming from and I think I've got an even better phone number for you to call: person: Pavel Ljulchenko e-mail: y at tngs.ru phone: +79199550508 fax-no: +73452592808 I've sent an email about it to that address. Also, that number is a mobile number on MTS's network, so you may just get a person on the other end. I also sent this person an sms with MTS's free service here: http://www.mts.ru/messaging1/sendsms/ The problem with that is I remember my mobile would get lots of spam sms traffic and I would never read any sms that didn't come from a known number. Good luck! Rob From owner-freebsd-security@FreeBSD.ORG Thu Apr 21 17:04:26 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3AD3C106566B for ; Thu, 21 Apr 2011 17:04:26 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 09DE58FC1C for ; Thu, 21 Apr 2011 17:04:26 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.74 (FreeBSD)) (envelope-from ) id 1QCxIm-0000aw-8n; Thu, 21 Apr 2011 13:04:24 -0400 Date: Thu, 21 Apr 2011 13:04:24 -0400 From: Gary Palmer To: Paul Blazejowski , Robert Simmons , freebsd-security Message-ID: <20110421170424.GC73035@in-addr.com> References: <20110420212354.GB73035@in-addr.com> <20110421042639.GB91477@DataIX.net> <1303360894.3063.1.camel@blaze.homeip.net> <20110421123447.GD4543@straylight.ringlet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20110421123447.GD4543@straylight.ringlet.net> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2011 17:04:26 -0000 On Thu, Apr 21, 2011 at 03:34:47PM +0300, Peter Pentchev wrote: > On Thu, Apr 21, 2011 at 12:41:34AM -0400, Paul Blazejowski wrote: > > doesn't mailman unsubscribe an email automatically after a couple of > > bounces? unless freebsd list is not configured to do so... > > That's only if the bounce message reaches mailman. In this case, > the culprit is a mail bouncing agent (MBA? ;) which addresses > the bounce to the original sender (the one from the From header) > instead of *any* of the other possible addresses present in > mailman-generated messages that would do the right thing. RFCs say bounces have to go to the envelope sender. MailMan correctly changes the envelope sender of mail to freebsd-security to owner-freebsd-security@freebsd.org so that it can see the NDRs (non-delivery reports). However some broken software boucnes to the From address in the header. Since the From address in the header is *not* MailMan it cannot auto-unsubscribe the bouncing user. If the bouncing users MTA/MUA doesn't follow specifications there isn't a lot MailMan can do Anyway, back to your scheduled discussion of FreeBSD security issues Gary From owner-freebsd-security@FreeBSD.ORG Fri Apr 22 10:20:12 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A4AE3106564A; Fri, 22 Apr 2011 10:20:12 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 491CE8FC12; Fri, 22 Apr 2011 10:20:12 +0000 (UTC) Received: by iyj12 with SMTP id 12so555137iyj.13 for ; Fri, 22 Apr 2011 03:20:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=uqiTb1kV0Q2Y+AtKTOqraSvHHk4dZewa3HUqfrvZk8k=; b=IfVLn7nAFnuRjFEwnUVBr2mQ3aDE8lZpoGBxDLW1RED+ENEUH+tFLoi6JydsoFZc6v IziCxFY1Dix/4OYVaJOKTXv3lOsNOTIzEmGoUgTq6zE6nKgCjNkJ5H1IWzMmzr7KLdHa xUHj73WTaUyLxePvwIUARAM0+S0YLXPLzmthM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=bllABdI+6lJlb6IWxODxQwi2xch03rnNymiAYlRNF8BI420iD5/l68P5ggXbN+XD6R +wmFdGa3ExGHi1mrV+vp4I2wPDqeyBpd5/eg3YEV5sMtnCgF4k2jfns0XOGiGIKtk2ZZ DmHb9lOZNPIQtbvDOOV6ZxmEKv5xX+9ZjUnXc= Received: by 10.42.218.4 with SMTP id ho4mr1173715icb.344.1303467611628; Fri, 22 Apr 2011 03:20:11 -0700 (PDT) Received: from DataIX.net (adsl-99-190-84-116.dsl.klmzmi.sbcglobal.net [99.190.84.116]) by mx.google.com with ESMTPS id i20sm1083774iby.48.2011.04.22.03.20.08 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Apr 2011 03:20:09 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p3MAK6aN014181 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 22 Apr 2011 06:20:06 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p3MAK5ks014180; Fri, 22 Apr 2011 06:20:05 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Fri, 22 Apr 2011 06:20:05 -0400 From: "J. Hellenthal" To: Gary Palmer Message-ID: <20110422102005.GA12433@DataIX.net> References: <20110420212354.GB73035@in-addr.com> <20110421042639.GB91477@DataIX.net> <1303360894.3063.1.camel@blaze.homeip.net> <20110421123447.GD4543@straylight.ringlet.net> <20110421170424.GC73035@in-addr.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx" Content-Disposition: inline In-Reply-To: <20110421170424.GC73035@in-addr.com> X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/0x89D8547E Cc: freebsd-security , Robert Simmons Subject: Re: bad email address X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2011 10:20:12 -0000 --dDRMvlgZJXvWKvBx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 21, 2011 at 01:04:24PM -0400, Gary Palmer wrote: >On Thu, Apr 21, 2011 at 03:34:47PM +0300, Peter Pentchev wrote: >> On Thu, Apr 21, 2011 at 12:41:34AM -0400, Paul Blazejowski wrote: >> > doesn't mailman unsubscribe an email automatically after a couple of >> > bounces? unless freebsd list is not configured to do so... >>=20 >> That's only if the bounce message reaches mailman. In this case, >> the culprit is a mail bouncing agent (MBA? ;) which addresses >> the bounce to the original sender (the one from the From header) >> instead of *any* of the other possible addresses present in >> mailman-generated messages that would do the right thing. > >RFCs say bounces have to go to the envelope sender. MailMan correctly >changes the envelope sender of mail to freebsd-security to >owner-freebsd-security@freebsd.org so that it can see the NDRs (non-delive= ry >reports). However some broken software boucnes to the From address in >the header. Since the From address in the header is *not* MailMan it cann= ot >auto-unsubscribe the bouncing user. > >If the bouncing users MTA/MUA doesn't follow specifications there isn't >a lot MailMan can do > Yes and then repeated report after report mailman blah blah postmaster more blah blah user repeatedly offending blah blah moderator removes offending domain until the its fixed blah blah... Sometime in the near future... ;) --=20 Regards, J. Hellenthal WWJD --dDRMvlgZJXvWKvBx Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNsVZUAAoJEJBXh4mJ2FR+NEEH/3XgWQyVg8ErqeZ0jwVhWlEv HabXw/hQ4NtUlLhQrD4Gk5OtDMyee75l3VKHwsQVb2a+Y/6LI1dP7xpjysuhXjWU sLDmrYRJYbVyRnrVjmRWtJsrRlSJ6g46ZRpWaVE8sWEJ80LFj9MggRNQdaBVAi7V jGO1aNNXZmV4VSGQYy4y/o8UVtlYeUTqiotn5Ebzfls/WBgUQjSo1B9ry8sG7HlW 9zZf/nmyHTnZrRggr/lAgRBLi+2dwYTH4s0l4S5Gxx6OKTvqvBCMADbkqcymszHG 8uHX1reSdGaIZYI4+8MoeLCVyoaOOD0QTg6vepn4bEcneFi7OP50WzaY+h0dLHc= =cHXP -----END PGP SIGNATURE----- --dDRMvlgZJXvWKvBx--