Hi infra, the attached mail arrived at gentoo-announce-moderators at 17 Sep 2007 15:25:24 +0000, and it was delivered at Mon, 17 Sep 2007 19:36:15 +0000 (UTC). As you can see, it's a forwarded mail and it has not been sent by me. Now the GLSA appears twice on gmane for example. If there is a possibility to bypass the filter it is a problem. Could you check what happened with that mail? or did someone incorrectly moderated it while he souldn't? thanks
Created attachment 131172 [details] buggy mail
1. Who is jwarren@logicalsoft.net? 2. Who approved the second moderation request? I have CC'd _every_ moderator of the announce list here, because I want an answer. Look at this portion of the mail headers. There is a mail loop pointing back at gentoo-announce. Received: from cmlapp401.van.ca.siteprotect.com (cmlapp401.van.ca.siteprotect.com [204.174.223.177]) by smtp.gentoo.org (Postfix) with ESMTP id AECE2650C9 for <gentoo-announce@gentoo.org>; Mon, 17 Sep 2007 15:25:08 +0000 (UTC) Received: by cmlapp401.van.ca.siteprotect.com (Postfix, from userid 25000) id 1A0476DDE1; Mon, 17 Sep 2007 08:25:03 -0700 (PDT) Received: from outgoing.securityfocus.com (outgoing.securityfocus.com [205.206.231.27]) by cmlapp401.van.ca.siteprotect.com (Postfix) with ESMTP id 4CBC06E1FE for <jwarren@logicalsoft.com>; Mon, 17 Sep 2007 08:24:59 -0700 (PDT) Received: from outgoing.securityfocus.com by outgoing.securityfocus.com via smtpd (for cmlapp401.van.ca.siteprotect.com [204.174.223.177]) with ESMTP; Mon, 17 Sep 2007 08:17:48 -0700 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 44C0C237012; Mon, 17 Sep 2007 08:53:43 -0600 (MDT)
I would be the guilty party.
I moderated it incorrectly.
These mail loops via bugtraq or full-disclosure are not uncommon, happens at least once nearly each time a GLSA is sent.
I have added the following statement to the mlmmj ACL: deny ^Received: .*securityfocus.com Are there any other header regexes that we should explicit block the mail on? Note that the only reason the mails are making it thru, is that the lists don't mangle the From address, which allows it to get to the pending moderation stage.
(In reply to comment #6) > I have added the following statement to the mlmmj ACL: > deny ^Received: .*securityfocus.com > > Are there any other header regexes that we should explicit block the mail on? > Note that the only reason the mails are making it thru, is that the lists don't > mangle the From address, which allows it to get to the pending moderation > stage. > Good idea ("Received: from outgoing.securityfocus.com" would be sufficient) Please also add: "Received: from lists.grok.org.uk" and then we could close that bug i think.
deny ^Received: .*lists.grok.org.uk done. Give me a shout if you see more duplicate incoming mails from mail loops.